Simon Glass [Wed, 15 Oct 2025 15:44:09 +0000 (16:44 +0100)]
boot: Support rescanning the global bootmeths
Add the logic to scan through the global bootmeths for every new
bootdev, in preparation for allowing global bootmeths to select where in
the hunter ordering they go.
Use a new bootmeth_glob_allowed() function to check if a bootmeth is
allowed, ensuring that each can run at most once.
For now this has no actual effect, since the global bootmeths are
unconditionally processed at the start, with iter->methods_done being
updated to include all of them. Therefore when scanning again, no
unprocessed global bootmeths will be found.
Simon Glass [Wed, 15 Oct 2025 15:44:07 +0000 (16:44 +0100)]
boot: Add a flag for whether there are global bootmeths
The current 'doing_global' refers to being in the state of processing
global bootmeths. Since global bootmeths are currently used once at the
start, it becomes false once the last global bootmeth has been used.
In preparation for allowing bootmeths to run at other points in the
bootstd interation, add a new 'have_global' flag which tracks whether
there are any global bootmeths in the method_order[] list. It is set up
when iteration starts. Unlike doing_global which resets back to false
after the global bootmeths have been handled, once have_global is set to
true, it remains true for the entire iteration process. This provides a
quick check as to whether global-bootmeth processing is needed.
Simon Glass [Wed, 15 Oct 2025 15:44:06 +0000 (16:44 +0100)]
boot: Update first_glob_method when dropping a bootmeth
For now we only support dropping non-global bootmeths from the
iteration. Update first_glob_method in that case and add a few checks
that things are correct.
Simon Glass [Wed, 15 Oct 2025 15:44:04 +0000 (16:44 +0100)]
boot: Try all bootmeths on the final partition
At present, normally when one bootmeth fails on a partition, we move on
and try the next bootmeth. However, this was not the case for the final
partition due to a bug. Rework the logic so that all partitions are
treated the same.
Tom Rini [Wed, 22 Oct 2025 18:23:48 +0000 (12:23 -0600)]
Merge patch series "Add support for dynamic MMU configuration"
Anshul Dalal <anshuld@ti.com> says:
In U-Boot, TI only provides a single memory map for all k3 platforms, this
does not scale for devices where atf and optee lie outside the range 0x80000000
- 0x80080000 and 0x9e780000 - 0xa0000000 respectively.
There are also issues for devices with < 2GiB of memory (eg am62SiP with 512MiB
of RAM) as the maximum size for the first DRAM bank is hardcoded to 2GiB in the
current memory map. Furthermore the second DRAM bank is mapped even for devices
that only have a single bank.
Therefore this patch set adds the required functionality to create the MMU table
at runtime based on the device-tree.
The patch set has been build tested on all effected platforms but boot-tested
only on TI's K3 EVMs, the beagleplay and phytec's phycore-am6* platforms.
The following effected boards have not been boot tested:
- verdin-am62
- iot2050
Anshul Dalal [Fri, 17 Oct 2025 13:15:32 +0000 (18:45 +0530)]
mach-k3: add carveouts for TFA and optee
K3 platforms have reserved memory regions for TFA and OPTEE which should
be unmapped for U-Boot. While other "no-map" memory regions like the
memory pools for remote cores should not be unmapped to allow U-Boot to
load firmware during remoteproc.
Therefore this patch adds the necessary fdt fixups to properly set the
load address for TFA/OPTEE and unmaps both by mmu_unmap_reserved_mem.
Anshul Dalal [Fri, 17 Oct 2025 13:15:31 +0000 (18:45 +0530)]
mach-k3: add reserved memory fixups for next boot stage
The boot flow in K3 platforms requires the subsequent boot stages to be
aware of the memory reserved for previous boot binaries. In the regular
boot sequence of:
Both A-core SPL and U-Boot should be made aware of the memory reserved
for ATF and OP-TEE from their device-tree. Currently this information is
absent.
Therefore this patch adds the reserved-memory regions as part of
spl_perform_arch_fixups for the next stage's DT. This is called during
both R5 and A-core SPL which fixes up the DT for their respective next
stages: A-core SPL and U-Boot proper.
Anshul Dalal [Fri, 17 Oct 2025 13:15:30 +0000 (18:45 +0530)]
spl: split spl_board_fixups to arch/board specific
The current spl_board_fixups API allows for modification of spl_image
before the SPL jumps to it. This can be used to modify the DT for the
next boot stage, however the current API only allows either the machine
arch or the board to use it.
This limits the utility of the API as there might be certain fixups that
should be applied to all boards sharing the same machine architecture
with others being board specific.
For TI's K3 specifically, this prevents us from performing architecture
level fixups since a lot of TI boards are already making use of the
spl_board_fixups API.
Therefore this patch splits the API into two to allow both board and the
architecture specific fixups. The order is kept as arch then board to
give board specific fixups the precedence.
Anshul Dalal [Fri, 17 Oct 2025 13:15:29 +0000 (18:45 +0530)]
arm: armv8: mmu: add mmu_unmap_reserved_mem
For armv8, U-Boot uses a static map defined as 'mem_map' for configuring
the MMU's page tables, done by mmu_setup.
Though this works well for simpler platforms, it makes creating runtime
carveouts by modifying the static array at runtime exceedingly complex
like in mach-snapdragon/board.c.
Creation of such carveouts are much better handled by APIs such as
mmu_change_region_attr once the page tables are configured. Usually such
carveouts are configured via the device-tree's reserved-memory node
which provides the address and size for the carveout.
Therefore this patch adds mmu_unmap_reserved_mem which acts as a wrapper
over mmu_change_region_attr, helping unmap a reserved-memory region.
Anshul Dalal [Fri, 17 Oct 2025 13:15:27 +0000 (18:45 +0530)]
arm: armv8: mmu: add mem_map_from_dram_banks
For armv8, U-Boot uses a static map defined as 'mem_map' for configuring
the MMU as part of mmu_setup.
But since the exact configuration of memory banks might not be known at
build time, many platforms such as imx9, versal2 etc. utilize
gd->bd->bi_dram to configure the static map at runtime.
Therefore this patch adds a new API mem_map_from_dram_banks that
modifies the static map in a similar way. Allowing the caller to map all
dram banks by just passing the index to last entry in their mem_map and
it's length.
Anshul Dalal [Fri, 17 Oct 2025 13:15:26 +0000 (18:45 +0530)]
arm: armv8: invalidate dcache entries on dcache_enable
In dcache_enable, currently the dcache entries are only invalidated when
the MMU is not enabled. This causes issues when dcache_enable is called
with the MMU already configured, in such cases the existing dcache
entries are not flushed which might result in un-expected behavior.
This patch invalidates the cache entries on every call of dcache_enable
before enabling dcache (by setting CR_C). This makes dcache_enable
behave similar to icache_enable as well.
Anshul Dalal [Fri, 17 Oct 2025 13:15:25 +0000 (18:45 +0530)]
arm: armv8: mmu: export mmu_setup
The mmu_setup function configures the page tables based on the board
supplied mem_map struct array. It is called implicitly as part of
dcache_enable but this limits us to only be able to use APIs such as
mmu_change_region_attr only after caches are enabled.
This might lead to speculative accesses before we can unmap a region
that is marked as cacheable in the static memory map.
Therefore this patch exports the mmu_setup function in mmu.h allowing
users to have more control over when the mmu is configured.
For K3 specifically this allows for the following configuration sequence
as part of enable_caches:
Anshul Dalal [Fri, 17 Oct 2025 13:15:24 +0000 (18:45 +0530)]
mach-k3: use custom enable_cache
U-Boot's provided enable_caches enforces the following sequence:
icache_enable -> mmu_setup (as part of dcache_enable) -> dcache_enable
Whereas for K3 devices, we would like to add entries to the provided
static array (k3_mem_map) as per gd->bd->bi_dram and then call mmu_setup
to configure the MMU but also create carveouts for TFA/TEE before we
enable caches to prevent speculative accesses to the region. Thus the
following desired sequence:
Anshul Dalal [Fri, 17 Oct 2025 13:15:23 +0000 (18:45 +0530)]
mach-k3: use minimal memory map for all K3
The K3 family of SoCs encompasses a wide variety of devices with varying
DDR configurations and memory carveout requirements, the current static
memory map provides basic support for TI EVMs but does not scale well
for newer platforms (such as AM62SiP with 512MiB of RAM).
Therefore this patch replaces the existing memory map with a minimal
one, that could be more easily modified at runtime.
net:
- airoha: improvements
- Tighten a few more driver dependencies
- designware: fix bitbang init error
- phy: Make driver overloading get_phy_id depend on !COMPILE_TEST
- phy: add paged PHY register accessors
- make dhcp_run() common for NET and NET_LWIP
- dwc_eth_ops: Correct check for FDT_64BIT
- mediatek: mt7988: various fixup + MDIO detach
- phy: aquantia: switch to use phy_get_ofnode(), fix bindings typo
net-legacy:
- bootp: Prevent buffer overflow to avoid leaking the RAM content
- tftp: make TFTP ports unconditionally configurable
misc:
- uthreads: Make use of CONFIG_IS_ENABLED consistently
Tom Rini [Fri, 10 Oct 2025 17:36:33 +0000 (11:36 -0600)]
net: phy: Make driver overloading get_phy_id depend on !COMPILE_TEST
With commit 597fe041a85f ("net/phy: enable get_phy_id redefinable") we
made get_phy_id a public but weak function, so that PHY drivers that had
required non-standard ways of getting the PHY ID could be supported.
However, overloading a weak function multiple times is (rightly) a link
error. At this point, we have two PHYs which make use of this feature,
so make both of them only available when COMPILE_TEST is unset, as part
of being able to support "allyesconfig" in the future.
Paul HENRYS [Thu, 9 Oct 2025 15:43:28 +0000 (17:43 +0200)]
net: bootp: Prevent buffer overflow to avoid leaking the RAM content
CVE-2024-42040 describes a possible buffer overflow when calling
bootp_process_vendor() in bootp_handler() since the total length
of the packet is passed to bootp_process_vendor() without being
reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
The packet length is also checked against its minimum size to avoid
reading data from struct bootp_hdr outside of the packet length.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Lucien.Jheng [Mon, 6 Oct 2025 12:49:15 +0000 (20:49 +0800)]
net: phy: add paged PHY register accessors
Synchronize paged PHY helpers with Linux v6.17.
Add support for PHY devices that use paged register access by
implementing the following functions:
- phy_save_page(): Save current page number
- phy_select_page(): Switch to a specific page and return previous page
- phy_restore_page(): Restore previously saved page
Also adds read_page and write_page callbacks to the phy_driver
structure to enable driver-specific page handling.
These helpers allow safe access to paged PHY registers by ensuring
proper page selection and restoration,
even in error conditions, which will be used by the Airoha PHY driver.
net: airoha: increase the number of rx network buffers
According to commit 997786bbf473 ("drivers/net/airoha_eth: fix stalling
in package receiving") the minimal possible value of SYS_RX_ETH_BUFFER
is 4. Unfortunately it's too small for reliable ping.
Observations shows that SYS_RX_ETH_BUFFER must be at least 8.
The commit 997786bbf473 ("drivers/net/airoha_eth: fix stalling in package
receiving") can be improved. Instead of returning previous descriptor
it's possible:
* do nothing in even descriptor case
* return 2 descriptor to the queue (current and previous) in the odd
descriptor case.
This patch:
* implements above approach
* remove logic not required within new approach
* adds note that PKTBUFSRX must be even and larger than 7
for reliable driver operations
There are currently two implementations of dhcp_run(): one in cmd/net.c
for NET and one in net/lwip/dhcp.c for NET_LWIP. There is no
justification for that. Therefore, move the NET version into
net/net-common.c to be used by both stacks, and drop the NET_LWIP
version which by the way does not look totally correct.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Suggested-by: Tom Rini <trini@konsulko.com> Acked-by: Benjamin Hahn <B.Hahn@phytec.de>
net: mediatek: move MT7531 MMIO MDIO to dedicated driver
In preparation for support of MDIO on AN7581, move the MT7531 MMIO logic
to a dedicated driver and permit usage of the mdio read/write function
to the mtk_eth driver.
This only affect MT7988 that can use MMIO operation to access the Switch
register. The MT7988 code is updated to make use of the external driver.
This permits Airoha driver to make use of DM_MDIO to bind for the MT7531
driver that have the same exact register.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
net: mediatek: mt7988: free allocated MDIO bus on cleanup
Correctly free the MDIO Bus on calling cleanup function. While at it
also fix a copy-paste error and rename the cleanup function name to the
more specific name.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
net: mediatek: mt7988: restore PHY page on PHY setting exit
On exiting the phy_setting function for MT7988, the PHY page is never
restored to Page 0. This can cause all kind of problem with reading the
status of the PHY at runtime.
Correctly restore PHY page on exiting the PHY setting function.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tom Rini [Thu, 25 Sep 2025 20:44:14 +0000 (14:44 -0600)]
net: Tighten more driver dependencies
In this case, the mediatek network drivers cannot build outside of
ARCH_MEDIATEK or ARCH_MTMIPS, and so express this requirement in Kconfig
as well. In the case of DWC_ETH_XGMAC / DWC_ETH_XGMAC_SOCFPGA, the file
controlled by the DWC_ETH_XGMAC option references a socfpga-specific
array defined in the file controlled by DWC_ETH_XGMAC_SOCFPGA. Rework
these options in Kconfig to handle this dependency.
Tom Rini [Thu, 25 Sep 2025 20:44:12 +0000 (14:44 -0600)]
net: Add SYS_FAULT_MII_ADDR to Kconfig
The support found under SYS_FAULT_ECHO_LINK_DOWN requires that the
SYS_FAULT_MII_ADDR symbol also be set. This wasn't previously found in
Kconfig, so add it now.
Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tom Rini [Thu, 25 Sep 2025 20:44:11 +0000 (14:44 -0600)]
arm: socfpga: Tighten a few more driver dependencies
Some drivers which depend on SoCFPGA specific headers had not had
appropriate dependencies list in Kconfig. Add ARCH_SOCFPGA or
TARGET_SOCFPGA_SOC64 where appropriate.
Tom Rini [Wed, 1 Oct 2025 20:30:50 +0000 (14:30 -0600)]
uthreads: Make use of CONFIG_IS_ENABLED consistently
We do not yet support UTHREADS in xPL phases. However, we have the need
to dummy out certain functions so that xPL can build when full U-Boot
has UTHREADS enabled. Update the few places that need to use
CONFIG_IS_ENABLED so that we have the correct dummy in xPL.
Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Alvin Å ipraga [Thu, 2 Oct 2025 09:43:36 +0000 (11:43 +0200)]
tftp: make TFTP ports unconditionally configurable
A few lines of code being guarded by the CONFIG_TFTP_PORT option seems
an unnecessary restriction on the TFTP support provided by a vanilla
U-Boot image. In cases where the TFTP server cannot run as superuser -
and hence cannot run on the well-known port 69 - this quirk incurs a
full reconfiguration and rebuild of the bootloader only in order to
select the appropriate destination port.
Remove the CONFIG_TFTP_PORT option entirely and make the tftpdstp and
tftpsrcp variables always have an effect. Their being unset will mean
that U-Boot behaves the same as if CONFIG_TFTP_PORT was unset. Update
the documentation accordingly. And fix up the single board which was
originally enabling this option.
Signed-off-by: Alvin Å ipraga <alvin@pqrs.dk> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Jasper Orschulko [Fri, 10 May 2024 11:38:34 +0000 (13:38 +0200)]
env: Invert gd->env_valid for env_mmc_save
The A/B update strategy of the env's has a gap in the first 2 calls of saveenv.
The env's are stored twice on the first memory area if:
gd->env_valid == ENV_INVALID.
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK <-- !!!
u-boot=> saveenv
Saving Environment to MMC... Writing to redundant MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
This is the same issue as resolved in commit e589d5822cac ("env: spi:
Fix gd->env_valid for the first write")
Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[trini: Amend the commit message]
---
Changes in v2:
- Rebase to current master
- Amend the commit message to reference the SPI version of this fix,
which had significant follow-up discussion.
Tom Rini [Mon, 20 Oct 2025 19:55:08 +0000 (13:55 -0600)]
spl: Restore args file being default in falcon mode
When falcon mode is enabled and SPL_OS_BOOT_SECURE is not enabled,
restore the previous default behavior of having an args file be
expected. Platforms which are using a FIT image here and do not need
this can update at their convenience to disable this option now.
Fixes: b1a3ed068869 ("spl: make args file optional in falcon mode") Signed-off-by: Tom Rini <trini@konsulko.com>
Tom Rini [Mon, 20 Oct 2025 17:54:43 +0000 (11:54 -0600)]
Merge patch series "Add support for secure falcon mode: disable args file"
Anshul Dalal <anshuld@ti.com> says:
Continuing from the last series[1], this patch series addresses the requirement
to disable the args file in falcon mode.
The args file is used in falcon mode for loading the device-tree for the kernel.
However in secure falcon mode, the expected payload is a FIT containing a signed
device-tree and kernel image. Thus removing the need to load the extra args
file in the first place. Also, loading the extra file without any authentication
mechanism exposes an attack vector and should therefore be disabled to keep the
boot secure.
This patch set builds on the last few to first optionally allow for loading the
args file in non-secure falcon boot flow [1/3] and then disable them altogether
in the next patch [2/3] for secure falcon mode.
Anshul Dalal [Thu, 9 Oct 2025 11:58:45 +0000 (17:28 +0530)]
spl: set fdt address as spl_image arg in falcon mode
The arg field of `struct spl_image_info` is used by jump_to_image_linux
as the argument for the kernel in falcon mode.
Since commit 601cebc29d2a ("cmd: spl: Remove ATAG support from this
command"), fdt is the only valid argument for kernel in falcon mode.
However fdt was only being set as the argument in nor and xip boot
modes, this patch fixes it for all boot modes and removes the now
redundant code from spl_nor and spl_xip.
Anshul Dalal [Thu, 9 Oct 2025 11:58:44 +0000 (17:28 +0530)]
spl: prevent loading args file in secure falcon mode
The expected payload for the SPL in secure falcon mode is a fitImage
that contains the kernel image and the DT. This removes the need to load
an additional args file, which exposes an additional attack vector since
it can not be verified.
Therefore this patch disables loading of the arg file when
SPL_OS_BOOT_SECURE is set.
Reviewed-by: Tom Rini <trini@konsulko.com> Signed-off-by: Anshul Dalal <anshuld@ti.com>
Anshul Dalal [Thu, 9 Oct 2025 11:58:43 +0000 (17:28 +0530)]
spl: make args file optional in falcon mode
Falcon mode loads a kernel file and an args file which is the
device-tree. However in the case of kernel file being a FIT that
contains the device-tree within it, loading the args file is not
required.
Therefore, this patch introduces a new SPL_OS_BOOT_ARGS config options
that allows us to enable or disable loading of the args file in falcon
mode.
Tom Rini [Mon, 20 Oct 2025 16:17:54 +0000 (10:17 -0600)]
Merge patch series "Add support for secure falcon mode: disable fallback"
Anshul Dalal <anshuld@ti.com> says:
Continuing from the last series[1], this patch series addresses the requirement of
allowing no fallbacks in secure falcon mode.
To do this in a clean way, all the falcon mode logic for each boot media was
refactored to a corresponding *_load_image_os function whereas the regular
boot is implemented in *_load_image, this allows us to easily return early in
case the *_load_image_os function fails with secure mode enabled.
The series also introduces the new SPL_OS_BOOT_SECURE config symbol which
enables secure falcon boot flow.
The generic flow after the patch series looks as follows:
static int spl_<bootmedia>_load_image(...) {
if (CONFIG_IS_ENABLED(OS_BOOT)) {
Anshul Dalal [Fri, 17 Oct 2025 19:33:11 +0000 (01:03 +0530)]
spl: nand: refactor spl_nand_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_ubi_load_image to spl_ubi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:10 +0000 (01:03 +0530)]
spl: nor: refactor spl_nor_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_nor_load_image to spl_nor_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:09 +0000 (01:03 +0530)]
spl: spi: refactor spl_spi_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_spi_load_image to spl_spi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:08 +0000 (01:03 +0530)]
spl: ubi: refactor spl_ubi_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_ubi_load_image to spl_ubi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:07 +0000 (01:03 +0530)]
spl: mmc: split spl_mmc_do_fs_boot into regular/os_boot
Currently the logic to handle falcon mode as well as the regular boot is
inside spl_mmc_do_fs_boot, this prevents us from cleanly extending
falcon mode functionality like toggleable fallback to U-Boot proper.
Therefore this patch splits the logic into spl_mmc_fs_load and
spl_mmc_fs_load_os to handle the regular boot and falcon mode use case.
Anshul Dalal [Fri, 17 Oct 2025 19:33:06 +0000 (01:03 +0530)]
spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol
This patch adds the new SPL_OS_BOOT_SECURE symbol that enables secure
boot flow in falcon mode. This symbol can be used to disable certain
inherently insecure options during falcon boot.
Reviewed-by: Tom Rini <trini@konsulko.com> Signed-off-by: Anshul Dalal <anshuld@ti.com>
Based on feedback other SOCs (for example Star64) are using driver in non
DMA mode which is causing issues that's why revert this patch.
cdns,is-dma should be removed differently.
Signed-off-by: Michal Simek <michal.simek@amd.com> Reported-by: E Shattow <e@freeshell.de>
* samsung: Extend E850-96 documentation to be comprehensive
* environment: fix links to Linux kernel documentation
* sandbox: fix typos
* document dmareset command
* ti: j722s_evm: drop outdated boot note
UEFI:
* Prevent leak of memory from tmp_files
* Correctly check if the HTTP protocol is found
* Use ESRT_FW_TYPE_SYSTEMFIRMWARE instead of ESRT_FW_TYPE_UNKNOWN
* dbginfodump: use guid definition
Others:
* lib/uuid: add support for efi debug image info table guid
efi_loader: correctly check if the HTTP protocol is found
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value) Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable") Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sam Protsenko [Mon, 6 Oct 2025 23:25:38 +0000 (18:25 -0500)]
doc: samsung: Extend E850-96 documentation to be comprehensive
Add more bootloading details for E850-96 board. New sections cover next
topics:
- Hardware configuration of the boot device
- Flashing and updating the software (multiple methods)
- Booting with Standard Boot (multiple methods)
- EFI System Partition structure for E850-96
- Loadable firmware (LDFW) note
- Ethernet and USB Host Support
That documents all recently enabled U-Boot features for E850-96, which
can hopefully make U-Boot more useful for the users and developers of
this platform.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Andrew Goodbody [Thu, 2 Oct 2025 09:39:58 +0000 (10:39 +0100)]
fs: semihosting: Use correct variable for error check
After calling a function that can return an error, the test to detect
that error should use the return value not a different variable. Fix it.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Reviewed-by: Sean Anderson <sean.anderson@seco.com> Fixes: f676b45151c3 ("fs: Add semihosting filesystem")
As requirement of CR side, QSPI Flash usage via RPC driver shall
be disabled and leaving the control of this module to CR side.
Perform DT modification to disable the RPC SPI.
Signed-off-by: Nguyen Tran <nguyen.tran.pz@bp.renesas.com> Reviewed-by: Khanh Le <khanh.le.xr@renesas.com> Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
[Marek: Do not modify defconfig, modify the DT instead, this way
the RPC SPI can be enabled without recompiling the U-Boot
itself. Update commit message accordingly.]
Commit 63da3a795e86 ("ARM: dts: renesas: Drop R8A779H0 V4M DTs with OF_UPSTREAM counterparts")
removed unnecessary V4H DTs from arch/arm/dts , but in the process
also incorrectly dropped the -u-boot.dtsi U-Boot extras. Reinstate
those extras.
Due to DT file name change for the R8A779H0 V4M Gray Hawk, update
the r8a779h0-gray-hawk-u-boot.dtsi filename to newly matching
r8a779h0-gray-hawk-single-u-boot.dtsi .
Align r8a779h0-u-boot.dtsi with clean up commits 1487c34efa7b ("arm64: dts: renesas: Deduplicate extalr_clk bootph-all") dd8f57ed2f0b ("ARM: dts: renesas: Drop most of bootph-* tags")
Fixes: 63da3a795e86 ("ARM: dts: renesas: Drop R8A779H0 V4M DTs with OF_UPSTREAM counterparts") Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Sun, 7 Sep 2025 19:16:27 +0000 (21:16 +0200)]
serial: sh: Handle HSCIF RX FIFO overflow
The HSCIF RX FIFO may overflow when data are streaming from remote end
into the HSCIF while U-Boot is still starting up. In that case, HSFSR
bit RDF is set, but HSFDR field R is zero. This confuses .tstc callback
into considering RX FIFO to be empty, which leads to .getc to be never
invoked, even when user attempts to pass more input onto the command
line.
Fix this by considering the RDF flag in serial_rx_fifo_level(), which
is called from .tstc in case of no errors. If RDF flag is set, trigger
the .getc callback and let it clear the RX FIFO.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Thu, 18 Sep 2025 16:36:01 +0000 (18:36 +0200)]
arm64: renesas: r8a779g3: Reset PCIe before next stage on Retronix R-Car V4H Sparrow Hawk
Fully reset both PCIe controllers before booting the next stage on
Retronix R-Car V4H Sparrow Hawk board. This is necessary especially
in case U-Boot brought up the PCIe controllers, at which point the
next stage might be confused by the state of the PCIe controller.
The reset has to happen this late and not in the PCIe controller
driver, because the SRCR11 bits seem to affect both controllers.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Thu, 18 Sep 2025 16:36:00 +0000 (18:36 +0200)]
pci: pcie-rcar-gen4: Shut down controller on link down and remove
In case the link is down, or the controller driver is removed before
booting the next stage, shut down the PCIe link, put both the remote
PCIe device and the controller into reset, and disable clock. This
way, the hardware is not left active when not in use.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Patrice Chotard [Thu, 9 Oct 2025 13:08:33 +0000 (15:08 +0200)]
led: Update led_get_by_label()
During led_init() execution, led_get_label() returns either the label
property (which is an obsolete property [1]) or the LED's node name.
It can't be the function name as dev parameter is NULL.
Later, during led_post_bind() execution, for the same LED, the attributed
label by led_get_label() can be the function name, as led_get_label()
dev's parameter is set.
During call sequence led_boot_on() => led_boot_get() => led_get_by_label()
with label given in parameter (priv->boot_led_label which is either the
label or node's name set previously in led_init()) can be different to
to uc_plat->label and returns -ENODEV.
Update led_get_by_label() to allow to retrieve LED also by its node name.
U-Boot currently enables the UPLL during boot, which triggers a udelay()
call that depends on the system tick timer. Since no explicit tick source
is defined in the device tree, boot stalls on this board.
Define the "tick-timer" property under /chosen and point it to the PIT
node, ensuring U-Boot uses the PIT as the tick source.
Fixes: ac30d90f3367 ("clk: Ensure the parent clocks are enabled while reparenting") Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Remove default values for PMC PLL Analog Control Register(ACR) as the
values are specific for each SoC and PLL, so load them from PLL
characteristics structure
Tom Rini [Fri, 10 Oct 2025 22:09:00 +0000 (16:09 -0600)]
test/py: Update to a newer pytest release
Our pytest package was pinned to a release from 2021. The minimum
compatible with labgrid v25.0.x is pytest 7.0.0. Update to the current
relase which is currently 8.4.2
The EFI secure boot tests install a security data base.
Other EFI tests assume that secure boot is not enabled.
Add the missing tear-down at the end of each secboot test sequence.
Reported-by: Tom Rini <trini@konsulko.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Tom Rini <trini@konsulko.com>
With commit c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512
bytes") logic was added to detect the VIRTIO_BLK_F_BLK_SIZE capability and
to copy the block size reported by QEMU to the block device descriptor.
The logical block size can be set when invoking QEMU:
In U-Boot the logical block size is shown by command `virtio info`:
=> virtio info
Device 0: QEMU VirtIO Block Device
Type: Hard Disk
Capacity: 1024.0 MB = 1.0 GB (262144 x 4096)
There where two flaws which together hid that the logic was incorrect:
* VIRTIO_BLK_F_BLK_SIZE was missing in the driver capabilities and the bit
was filtered out.
* The result of the call to virtio_has_feature() was negated.
The problem became apparent when using ARM FVP as emulator which does not set
VIRTIO_BLK_F_BLK_SIZE.
Fixes: c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512 bytes") Reported-by: Debbie Horsfall <debbie.horsfall@arm.com> Tested-by: Andre Przywara <andre.przywara@arm.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Anshul Dalal [Thu, 9 Oct 2025 12:34:34 +0000 (18:04 +0530)]
env: Kconfig: disable external env in secure os boot
Falcon mode uses falcon_image_file from the env during mmc fs boot, but
external env can be compromised. Therefore disable access to external
env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
Signed-off-by: Anshul Dalal <anshuld@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Andrew Goodbody [Wed, 8 Oct 2025 09:23:36 +0000 (10:23 +0100)]
ti_sci: Provide error code on error exit
In ti_sci_get_response the check for message sequence will return ret
on a fail but ret will be 0 at that point. Instead return -EINVAL.
Also change dev_dbg call to dev_err to be consistent with other error
detection code in the same function.
Andrew Goodbody [Wed, 8 Oct 2025 09:23:35 +0000 (10:23 +0100)]
ti_sci: Prevent memory leak
temp is assigned the pointer returned by malloc which is used without a
NULL check and then never freed. Add a NULL check and ensure temp is
freed on all return paths.
Tom Rini [Wed, 1 Oct 2025 20:30:57 +0000 (14:30 -0600)]
clk: sophgo: Fix a warning about void returns value
The cv1800b_clk_setfield function returns void, but was doing "return
writel(...);" and while seemingly having a void function return a void
function is not a warning, when readl is a macro this problem is shown.
Correct the code to instead simply call writel.
Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Yao Zi <ziyao@disroot.org>
It has been reported that the commit causes boot regression for SPL on
StarFive VisionFive 2 or compatible boards. Inspecting the code, I did
spot one logic error for deciding whether Zaamo or Zalrsc is used, and
it's still unclear what exactly causes the regression, let's revert it
for now.
Tom Rini [Wed, 1 Oct 2025 20:30:39 +0000 (14:30 -0600)]
watchdog: Tighten dependencies on WDT_DAVINCI
The WDT_DAVINCI driver is not safe to compile on 64bit platforms such as
allyesconfig on a 64bit host. Tighten the dependencies here to the
platforms which could use it today.
The commit 726404a66c773 ("airoha: rework RAM size handling to support
multiple RAM size") is not good enougth. It results in pacnic during
determining of memory size amount.
This patch series partly fix and partly revert the above commit.
Unfortunately for now we have no a good way to determine the an7581
memory size.
Introduce a new version of the Keystone-II "ddr" command for testing the
inline ECC support in the DDRSS bridge available on K3 devices. The ECC
hardware support in K3's DDRSS and the test method differ substantially
from what we support in the K2 variant of the command. This K3 DDRSS
command currently supports only single controller testing.
The ECC error injection procedure follows these steps:
1) Flush and disable the data cache.
2) Disable the protected ECC Rx range.
3) Flip a bit in the address.
4) Restore the range to original.
5) Read the modified value (corrected).
6) Re-enable the data cache.
This will cause the 1-bit ECC error count to increase while the read
will return the corrected value.
The K3 version of the command extends the syntax for the "ecc_err"
argument by also introducing an argument for range which specifies which
range (0, 1, 2) the address is located in.
Multi-bit ECC errors are uncorrectable and will lead to a synchronous
abort.
Signed-off-by: Georgi Vlaev <g-vlaev@ti.com> Signed-off-by: Santhosh Kumar K <s-k6@ti.com>
[n-francis@ti.com: Add J7 and multiple-region support, simplify logic] Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Udit Kumar <u-kumar1@ti.com>
projects / thirdparty / u-boot.git / log
