Simon Glass [Thu, 4 Jul 2013 20:26:09 +0000 (13:26 -0700)]
bootm: Require boot function only if it is about to be used
The original bootm code (before commit 35fc84f) did not check for a valid
boot function in the subcommand case, which was incorrect.
This check was introduced in all cases, but in fact we should only check
for the function when we need it. Otherwise in some cases the check fires
before the OS type is known.
Simon Glass [Thu, 4 Jul 2013 20:26:08 +0000 (13:26 -0700)]
bootm: Disable interrupts only when loading
With the move of the interrupt code to earlier in the sequence, we
exposed a problem where the interrupts are disabled at each bootm
stage. This is not correct - it should be done only once. Let's disable
interrupts in the LOAD stage. Put the code in a function for clarity.
Also, bootz lost its interrupt code altogether, so reinstate it.
Code for checking "splashpos" environment variable is
duplicated in drivers, move it to the common function.
Call this function also in the bmp display command to
consider "splashpos" settings.
Signed-off-by: Anatolij Gustschin <agust@denx.de> Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Tom Rini [Mon, 1 Jul 2013 13:09:23 +0000 (09:09 -0400)]
cmd_bootm.c: Correct check/return for unsupported sub-command
With the do_bootm_states re-organization, we have the call to any
potential sub-commands in a single spot. If one fails, we can then stop
right there and return to the caller. Prior to these calls we have
already ensured that ret is zero so we will not be returning this error
for some other case.
Signed-off-by: Tom Rini <trini@ti.com> Tested-by: Andreas Bießmann <andreas.devel@googlemail.com>
Some OS (like OS X) do not provide a generic readelf. We should enforce to use
the toochain provided readelf instead, to do so use $(CROSS_COMPILE)readelf.
Remove non portable usage of REG_NOERROR.
BSD (like OS X) variants of regex.h do not declare REG_NOERROR, even GNU
regex(3) does not mention REG_NOERROR, just remove it.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Acked-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Łukasz Majewski [Fri, 28 Jun 2013 16:41:50 +0000 (18:41 +0200)]
dfu:ext4:fix Fix DFU upload functionality
For the first eMMC read of data for upload, use the "large" dfu_buf (now
configurable) instead of usb request buffer allocated at composite layer
(which is 4KiB) [*].
For eMMC the whole file is read, which usually is larger than the buffer [*]
provided with usb request.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com> Cc: Tom Rini <trini@ti.com> Cc: Pantelis Antoniou <panto@antoniou-consulting.com> Cc: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de>
Commit 35fc84fa1ff51e15ecd3e464dac87eb105ffed30 broke bootm on avr32. It
requires to call do_bootm_linux() with flag set to BOOTM_STATE_OS_PREP before
calling it again with flag set to BOOTM_STATE_OS_GO.
Fix this by allowing flag set to BOOTM_STATE_OS_PREP, this however will
require a complete refactoring later on.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
[trini: Apply to m68k, microblaze, nds32, nios2, openrisc, sh and sparc] Signed-off-by: Tom Rini <trini@ti.com>
Piotr Wilczek [Wed, 5 Jun 2013 06:14:30 +0000 (08:14 +0200)]
lcd: align bmp header when uncopmressing image
When compressed image is loaded, it must be decompressed
to an aligned address + 2 to avoid unaligned access exception
on some ARM platforms.
Signed-off-by: Piotr Wilczek <p.wilczek@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> CC: Anatolij Gustschin <agust@denx.de> CC: Wolfgang Denk <wd@denx.de> Signed-off-by: Anatolij Gustschin <agust@denx.de>
Stephen Warren [Thu, 13 Jun 2013 23:13:11 +0000 (17:13 -0600)]
lcd: remove unaligned access in lcd_dt_simplefb_configure_node()
Some ARM compilers may emit code that makes unaligned accesses when
faced with constructs such as:
const char format[] = "r5g6b5";
Make this data static since it doesn't chagne; the compiler will simply
place it into the .rodata section directly, and avoid any unaligned run-
time initialization.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
reason is that in the "struct usb_composite_dev" the
"struct usb_device_descriptor desc;" is on an odd address,
and this struct gets accessed in
drivers/usb/gadget/composite.c device_qual()
Fix it, by align this var "struct desc" fix to an aligned
address.
Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Marek Vasut <marek.vasut@gmail.com> Cc: Samuel Egli <samuel.egli@siemens.com>
Heiko Schocher [Tue, 4 Jun 2013 09:19:50 +0000 (11:19 +0200)]
usb, g_dnl: make possibility to fixup the device_desc board specific
add a weak dummy function g_dnl_fixup to add the possibility to update
the device_desc board specific. Used on the upcoming siemens board
support, where idVendor and idProduct is stored in an eeprom.
Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Marek Vasut <marek.vasut@gmail.com> Cc: Lukasz Majewski <l.majewski@samsung.com> Cc: Kyungmin Park <kyungmin.park@samsung.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
Heiko Schocher [Tue, 25 Jun 2013 11:59:29 +0000 (13:59 +0200)]
usb, dfu gadget: switch to dfu mode in dfu_bind
- set in to_dfu_mode() f_dfu->dfu_state = DFU_STATE_dfuIDLE
as after every to_dfu_mode call this is done, so move
this into to_dfu_mode
- switch in dfu_bind() into dfu mode:
This fixes wrong "dfu-util -l" output, when calling
"dfu-util -l" after a board reset, without doing a
download before. See also discussion here:
Heiko Schocher [Wed, 12 Jun 2013 04:05:51 +0000 (06:05 +0200)]
dfu: make data buffer size configurable
Dfu transfer uses a buffer before writing data to the
raw storage device. Make the size (in bytes) of this buffer
configurable through environment variable "dfu_bufsiz".
Defaut value is configurable through CONFIG_SYS_DFU_DATA_BUF_SIZE
Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Pantelis Antoniou <panto@antoniou-consulting.com> Cc: Tom Rini <trini@ti.com> Cc: Lukasz Majewski <l.majewski@samsung.com> Cc: Kyungmin Park <kyungmin.park@samsung.com> Cc: Marek Vasut <marex@denx.de> Cc: Wolfgang Denk <wd@denx.de> Acked-by: Tom Rini <trini@ti.com>
Stefan Roese [Fri, 28 Jun 2013 08:02:03 +0000 (10:02 +0200)]
Fix bootm to work on powerpc again (compressed uImage)
Patch 35fc84fa1 [Refactor the bootm command to reduce code duplication]
breaks booting Linux (compressed uImage with fdt) on powerpc.
boot_jump_linux() mustn't be called before boot_prep_linux() and
boot_body_linux() have been called. So remove the superfluous call
to boot_jump_linux() in arch/powerpc/lib/bootm.c as its called later on
in this function.
Signed-off-by: Stefan Roese <sr@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@ti.com>
Simon Glass [Thu, 27 Jun 2013 17:43:18 +0000 (10:43 -0700)]
mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.
Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.
If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:
lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory
Simon Glass [Fri, 28 Jun 2013 07:46:12 +0000 (00:46 -0700)]
bootm: Disable interrupts before loading OS
This restores the ordering of interrupt disable to what it what before
commit 35fc84fa. It seems that on some archiectures (e.g. PowerPC) the
OS is loaded into an interrupt region, which can cause problems if
interrupts are still running.
Tested-by: Stefan Roese <sr@denx.de> Signed-off-by: Simon Glass <sjg@chromium.org>
Tom Rini [Fri, 28 Jun 2013 15:38:02 +0000 (11:38 -0400)]
cmd_bootm.c: Correct BOOTM_ERR_OVERLAP handling
With 35fc84fa1 [Refactor the bootm command to reduce code duplication]
we stopped checking the return value of bootm_load_os (unintentionally!)
and simply returned if we had a non-zero return value from the function.
This broke the valid case of a legacy image file of a single kernel
loaded into an overlapping memory area (the default way of booting
nearly all TI platforms).
The best way to fix this problem in the new code is to make
bootm_load_os be the one to see if we have a problem with this, and if
it's fatal return BOOTM_ERR_RESET and if it's not BOOTM_ERR_OVERLAP, so
that we can avoid calling lmb_reserve() but continue with booting. We
however still need to handle the other BOOTM_ERR values so re-work
do_bootm_states so that we have an error handler at the bottom we can
goto for problems from bootm_load_os, or problems from the other callers
(as the code was before). Add a comment to do_bootm_states noting the
existing restriction on negative return values.
Signed-off-by: Tom Rini <trini@ti.com>
---
Changes in v2:
- Rework so that only bootm_load_os and boot_selected_os head down into
the err case code, and other errors simply return back to the caller.
Fixes 'spl export'.
Tom Rini [Thu, 27 Jun 2013 13:55:39 +0000 (09:55 -0400)]
am335x_evm: Add missing ';' in findfdt
In a714321 we add a check at the end of findfdt to make sure we have
updated it from undefined and if not, warn the user. This however
forgot a ';' on the end of the previous last test.
Steve deRosier [Tue, 22 Jan 2013 21:05:35 +0000 (13:05 -0800)]
Fix MCF5235 SDRAM base address macro
SDRAMC_DARCn_BA() macro worked fine when the BA is 0x00000000 even
though the macro is incorrect. It causes the BA to be set incorrctly
for other base addresses. This patch fixes the macro so that base
addresses other than zero can be used with the MCF5235.
Signed-off-by: Steve deRosier <derosier@gmail.com>
Vincent Stehlé [Thu, 20 Jun 2013 16:14:22 +0000 (18:14 +0200)]
README: align default commands with code
Align the list of default commands mentioned in the configuration options
paragraph of the README with the actual definitions found in
include/config_cmd_default.h
Signed-off-by: Vincent Stehlé <vincent.stehle@freescale.com>
Sascha Silbe [Fri, 14 Jun 2013 11:07:25 +0000 (13:07 +0200)]
Fix block device accesses beyond 2TiB
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives.
For some obscure reason, the current U-Boot code uses lbaint_t for the
number of blocks to read (a rather optimistic estimation of how RAM
sizes will evolve), but not for the starting address. Trying to access
blocks beyond the 2TiB boundary will simply wrap around and read a
block within the 0..2TiB range.
We now use lbaint_t for block start addresses, too. This required
changes to all block drivers as the signature of block_read(),
block_write() and block_erase() in block_dev_desc_t changed.
Steven Stallion [Mon, 10 Jun 2013 08:00:09 +0000 (01:00 -0700)]
cmd_bootm: Add command line arguments to Plan 9
This patch introduces support for command line arguments to Plan 9.
Plan 9 generally dedicates a small region of kernel memory (known
as CONFADDR) for runtime configuration. A new environment variable
named confaddr was introduced to indicate this location when copying
arguments.
Signed-off-by: Steven Stallion <sstallion@gmail.com>
[trini: Adapt for Simon's changes about correcting argc, no need to bump
by 2 now] Signed-off-by: Tom Rini <trini@ti.com>
Simon Glass [Thu, 13 Jun 2013 22:10:11 +0000 (15:10 -0700)]
Add verified boot information and test
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.
The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.
Simon Glass [Thu, 13 Jun 2013 22:10:09 +0000 (15:10 -0700)]
image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Simon Glass [Thu, 13 Jun 2013 22:10:07 +0000 (15:10 -0700)]
mkimage: Add -r option to specify keys that must be verified
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
Simon Glass [Thu, 13 Jun 2013 22:10:06 +0000 (15:10 -0700)]
mkimage: Add -c option to specify a comment for key signing
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
Simon Glass [Thu, 13 Jun 2013 22:10:05 +0000 (15:10 -0700)]
mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
Simon Glass [Thu, 13 Jun 2013 22:10:04 +0000 (15:10 -0700)]
mkimage: Add -K to write public keys to an FDT blob
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
Simon Glass [Thu, 13 Jun 2013 22:10:02 +0000 (15:10 -0700)]
image: Add RSA support for image signing
RSA provides a public key encryption facility which is ideal for image
signing and verification.
Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.
This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.
Simon Glass [Thu, 13 Jun 2013 22:10:01 +0000 (15:10 -0700)]
image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Simon Glass [Tue, 11 Jun 2013 18:14:50 +0000 (11:14 -0700)]
exynos: Avoid function instrumentation for microsecond timer
For tracing to work it has to be able to access the microsecond timer
without causing a recursive call to the function entry/exit handlers.
Add attributes to the relevant functions to support this.
Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Tue, 11 Jun 2013 18:14:48 +0000 (11:14 -0700)]
Add a 'fake' go command to the bootm command
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.
Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.
Simon Glass [Tue, 11 Jun 2013 18:14:47 +0000 (11:14 -0700)]
Refactor the bootm command to reduce code duplication
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.
Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.
Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.
Simon Glass [Tue, 11 Jun 2013 18:14:46 +0000 (11:14 -0700)]
Clarify bootm OS arguments
At present the arguments to bootm are processed in a somewhat confusing
way. Sub-functions must know how many arguments their calling functions
have processed, and the OS boot function must also have this information.
Also it isn't obvious that 'bootm' and 'bootm start' provide arguments in
the same way.
Adjust the code so that arguments are removed from the list before calling
a sub-function. This means that all functions can know that argv[0] is the
first argument of which they need to take notice.
Simon Glass [Tue, 11 Jun 2013 18:14:42 +0000 (11:14 -0700)]
Add trace support to generic board
Add hooks for tracing to generic board, including:
- allow early tracing to start early as possible in U-Boot
- reserve memory for trace buffer
- copy early trace buffer to main trace buffer after relocation
- setup full tracing support after relocation
Simon Glass [Tue, 11 Jun 2013 18:14:39 +0000 (11:14 -0700)]
Add trace library
Add a library which supports tracing of execution using built-in gcc
features and a microsecond timer. This can be used to record a list of
function which are executed, along with a timestamp for each. Later
this information can be sent to the host for processing.
Simon Glass [Tue, 11 Jun 2013 18:14:33 +0000 (11:14 -0700)]
pci: Convert extern inline functions to static inline
I am not sure of the meaning of extern inline, but this gives errors
when building with function instrumenting enabled. Change these functions
to static inline.
Hung-ying Tyan [Wed, 15 May 2013 10:27:28 +0000 (18:27 +0800)]
cros: add cros_ec driver
This patch adds the cros_ec driver that implements the protocol for
communicating with Google's ChromeOS embedded controller.
Signed-off-by: Bernie Thompson <bhthompson@chromium.org> Signed-off-by: Bill Richardson <wfrichar@chromium.org> Signed-off-by: Che-Liang Chiou <clchiou@chromium.org> Signed-off-by: Doug Anderson <dianders@chromium.org> Signed-off-by: Gabe Black <gabeblack@chromium.org> Signed-off-by: Hung-ying Tyan <tyanh@chromium.org> Signed-off-by: Louis Yung-Chieh Lo <yjlou@chromium.org> Signed-off-by: Randall Spangler <rspangler@chromium.org> Signed-off-by: Sean Paul <seanpaul@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org>