net:
- airoha: improvements
- Tighten a few more driver dependencies
- designware: fix bitbang init error
- phy: Make driver overloading get_phy_id depend on !COMPILE_TEST
- phy: add paged PHY register accessors
- make dhcp_run() common for NET and NET_LWIP
- dwc_eth_ops: Correct check for FDT_64BIT
- mediatek: mt7988: various fixup + MDIO detach
- phy: aquantia: switch to use phy_get_ofnode(), fix bindings typo
net-legacy:
- bootp: Prevent buffer overflow to avoid leaking the RAM content
- tftp: make TFTP ports unconditionally configurable
misc:
- uthreads: Make use of CONFIG_IS_ENABLED consistently
Tom Rini [Fri, 10 Oct 2025 17:36:33 +0000 (11:36 -0600)]
net: phy: Make driver overloading get_phy_id depend on !COMPILE_TEST
With commit 597fe041a85f ("net/phy: enable get_phy_id redefinable") we
made get_phy_id a public but weak function, so that PHY drivers that had
required non-standard ways of getting the PHY ID could be supported.
However, overloading a weak function multiple times is (rightly) a link
error. At this point, we have two PHYs which make use of this feature,
so make both of them only available when COMPILE_TEST is unset, as part
of being able to support "allyesconfig" in the future.
Paul HENRYS [Thu, 9 Oct 2025 15:43:28 +0000 (17:43 +0200)]
net: bootp: Prevent buffer overflow to avoid leaking the RAM content
CVE-2024-42040 describes a possible buffer overflow when calling
bootp_process_vendor() in bootp_handler() since the total length
of the packet is passed to bootp_process_vendor() without being
reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
The packet length is also checked against its minimum size to avoid
reading data from struct bootp_hdr outside of the packet length.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Lucien.Jheng [Mon, 6 Oct 2025 12:49:15 +0000 (20:49 +0800)]
net: phy: add paged PHY register accessors
Synchronize paged PHY helpers with Linux v6.17.
Add support for PHY devices that use paged register access by
implementing the following functions:
- phy_save_page(): Save current page number
- phy_select_page(): Switch to a specific page and return previous page
- phy_restore_page(): Restore previously saved page
Also adds read_page and write_page callbacks to the phy_driver
structure to enable driver-specific page handling.
These helpers allow safe access to paged PHY registers by ensuring
proper page selection and restoration,
even in error conditions, which will be used by the Airoha PHY driver.
net: airoha: increase the number of rx network buffers
According to commit 997786bbf473 ("drivers/net/airoha_eth: fix stalling
in package receiving") the minimal possible value of SYS_RX_ETH_BUFFER
is 4. Unfortunately it's too small for reliable ping.
Observations shows that SYS_RX_ETH_BUFFER must be at least 8.
The commit 997786bbf473 ("drivers/net/airoha_eth: fix stalling in package
receiving") can be improved. Instead of returning previous descriptor
it's possible:
* do nothing in even descriptor case
* return 2 descriptor to the queue (current and previous) in the odd
descriptor case.
This patch:
* implements above approach
* remove logic not required within new approach
* adds note that PKTBUFSRX must be even and larger than 7
for reliable driver operations
There are currently two implementations of dhcp_run(): one in cmd/net.c
for NET and one in net/lwip/dhcp.c for NET_LWIP. There is no
justification for that. Therefore, move the NET version into
net/net-common.c to be used by both stacks, and drop the NET_LWIP
version which by the way does not look totally correct.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Suggested-by: Tom Rini <trini@konsulko.com> Acked-by: Benjamin Hahn <B.Hahn@phytec.de>
net: mediatek: move MT7531 MMIO MDIO to dedicated driver
In preparation for support of MDIO on AN7581, move the MT7531 MMIO logic
to a dedicated driver and permit usage of the mdio read/write function
to the mtk_eth driver.
This only affect MT7988 that can use MMIO operation to access the Switch
register. The MT7988 code is updated to make use of the external driver.
This permits Airoha driver to make use of DM_MDIO to bind for the MT7531
driver that have the same exact register.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
net: mediatek: mt7988: free allocated MDIO bus on cleanup
Correctly free the MDIO Bus on calling cleanup function. While at it
also fix a copy-paste error and rename the cleanup function name to the
more specific name.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
net: mediatek: mt7988: restore PHY page on PHY setting exit
On exiting the phy_setting function for MT7988, the PHY page is never
restored to Page 0. This can cause all kind of problem with reading the
status of the PHY at runtime.
Correctly restore PHY page on exiting the PHY setting function.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tom Rini [Thu, 25 Sep 2025 20:44:14 +0000 (14:44 -0600)]
net: Tighten more driver dependencies
In this case, the mediatek network drivers cannot build outside of
ARCH_MEDIATEK or ARCH_MTMIPS, and so express this requirement in Kconfig
as well. In the case of DWC_ETH_XGMAC / DWC_ETH_XGMAC_SOCFPGA, the file
controlled by the DWC_ETH_XGMAC option references a socfpga-specific
array defined in the file controlled by DWC_ETH_XGMAC_SOCFPGA. Rework
these options in Kconfig to handle this dependency.
Tom Rini [Thu, 25 Sep 2025 20:44:12 +0000 (14:44 -0600)]
net: Add SYS_FAULT_MII_ADDR to Kconfig
The support found under SYS_FAULT_ECHO_LINK_DOWN requires that the
SYS_FAULT_MII_ADDR symbol also be set. This wasn't previously found in
Kconfig, so add it now.
Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tom Rini [Thu, 25 Sep 2025 20:44:11 +0000 (14:44 -0600)]
arm: socfpga: Tighten a few more driver dependencies
Some drivers which depend on SoCFPGA specific headers had not had
appropriate dependencies list in Kconfig. Add ARCH_SOCFPGA or
TARGET_SOCFPGA_SOC64 where appropriate.
Tom Rini [Wed, 1 Oct 2025 20:30:50 +0000 (14:30 -0600)]
uthreads: Make use of CONFIG_IS_ENABLED consistently
We do not yet support UTHREADS in xPL phases. However, we have the need
to dummy out certain functions so that xPL can build when full U-Boot
has UTHREADS enabled. Update the few places that need to use
CONFIG_IS_ENABLED so that we have the correct dummy in xPL.
Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Alvin Šipraga [Thu, 2 Oct 2025 09:43:36 +0000 (11:43 +0200)]
tftp: make TFTP ports unconditionally configurable
A few lines of code being guarded by the CONFIG_TFTP_PORT option seems
an unnecessary restriction on the TFTP support provided by a vanilla
U-Boot image. In cases where the TFTP server cannot run as superuser -
and hence cannot run on the well-known port 69 - this quirk incurs a
full reconfiguration and rebuild of the bootloader only in order to
select the appropriate destination port.
Remove the CONFIG_TFTP_PORT option entirely and make the tftpdstp and
tftpsrcp variables always have an effect. Their being unset will mean
that U-Boot behaves the same as if CONFIG_TFTP_PORT was unset. Update
the documentation accordingly. And fix up the single board which was
originally enabling this option.
Jasper Orschulko [Fri, 10 May 2024 11:38:34 +0000 (13:38 +0200)]
env: Invert gd->env_valid for env_mmc_save
The A/B update strategy of the env's has a gap in the first 2 calls of saveenv.
The env's are stored twice on the first memory area if:
gd->env_valid == ENV_INVALID.
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK <-- !!!
u-boot=> saveenv
Saving Environment to MMC... Writing to redundant MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
This is the same issue as resolved in commit e589d5822cac ("env: spi:
Fix gd->env_valid for the first write")
Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[trini: Amend the commit message]
---
Changes in v2:
- Rebase to current master
- Amend the commit message to reference the SPI version of this fix,
which had significant follow-up discussion.
Tom Rini [Mon, 20 Oct 2025 19:55:08 +0000 (13:55 -0600)]
spl: Restore args file being default in falcon mode
When falcon mode is enabled and SPL_OS_BOOT_SECURE is not enabled,
restore the previous default behavior of having an args file be
expected. Platforms which are using a FIT image here and do not need
this can update at their convenience to disable this option now.
Fixes: b1a3ed068869 ("spl: make args file optional in falcon mode") Signed-off-by: Tom Rini <trini@konsulko.com>
Tom Rini [Mon, 20 Oct 2025 17:54:43 +0000 (11:54 -0600)]
Merge patch series "Add support for secure falcon mode: disable args file"
Anshul Dalal <anshuld@ti.com> says:
Continuing from the last series[1], this patch series addresses the requirement
to disable the args file in falcon mode.
The args file is used in falcon mode for loading the device-tree for the kernel.
However in secure falcon mode, the expected payload is a FIT containing a signed
device-tree and kernel image. Thus removing the need to load the extra args
file in the first place. Also, loading the extra file without any authentication
mechanism exposes an attack vector and should therefore be disabled to keep the
boot secure.
This patch set builds on the last few to first optionally allow for loading the
args file in non-secure falcon boot flow [1/3] and then disable them altogether
in the next patch [2/3] for secure falcon mode.
Anshul Dalal [Thu, 9 Oct 2025 11:58:45 +0000 (17:28 +0530)]
spl: set fdt address as spl_image arg in falcon mode
The arg field of `struct spl_image_info` is used by jump_to_image_linux
as the argument for the kernel in falcon mode.
Since commit 601cebc29d2a ("cmd: spl: Remove ATAG support from this
command"), fdt is the only valid argument for kernel in falcon mode.
However fdt was only being set as the argument in nor and xip boot
modes, this patch fixes it for all boot modes and removes the now
redundant code from spl_nor and spl_xip.
Anshul Dalal [Thu, 9 Oct 2025 11:58:44 +0000 (17:28 +0530)]
spl: prevent loading args file in secure falcon mode
The expected payload for the SPL in secure falcon mode is a fitImage
that contains the kernel image and the DT. This removes the need to load
an additional args file, which exposes an additional attack vector since
it can not be verified.
Therefore this patch disables loading of the arg file when
SPL_OS_BOOT_SECURE is set.
Reviewed-by: Tom Rini <trini@konsulko.com> Signed-off-by: Anshul Dalal <anshuld@ti.com>
Anshul Dalal [Thu, 9 Oct 2025 11:58:43 +0000 (17:28 +0530)]
spl: make args file optional in falcon mode
Falcon mode loads a kernel file and an args file which is the
device-tree. However in the case of kernel file being a FIT that
contains the device-tree within it, loading the args file is not
required.
Therefore, this patch introduces a new SPL_OS_BOOT_ARGS config options
that allows us to enable or disable loading of the args file in falcon
mode.
Tom Rini [Mon, 20 Oct 2025 16:17:54 +0000 (10:17 -0600)]
Merge patch series "Add support for secure falcon mode: disable fallback"
Anshul Dalal <anshuld@ti.com> says:
Continuing from the last series[1], this patch series addresses the requirement of
allowing no fallbacks in secure falcon mode.
To do this in a clean way, all the falcon mode logic for each boot media was
refactored to a corresponding *_load_image_os function whereas the regular
boot is implemented in *_load_image, this allows us to easily return early in
case the *_load_image_os function fails with secure mode enabled.
The series also introduces the new SPL_OS_BOOT_SECURE config symbol which
enables secure falcon boot flow.
The generic flow after the patch series looks as follows:
static int spl_<bootmedia>_load_image(...) {
if (CONFIG_IS_ENABLED(OS_BOOT)) {
Anshul Dalal [Fri, 17 Oct 2025 19:33:11 +0000 (01:03 +0530)]
spl: nand: refactor spl_nand_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_ubi_load_image to spl_ubi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:10 +0000 (01:03 +0530)]
spl: nor: refactor spl_nor_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_nor_load_image to spl_nor_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:09 +0000 (01:03 +0530)]
spl: spi: refactor spl_spi_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_spi_load_image to spl_spi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:08 +0000 (01:03 +0530)]
spl: ubi: refactor spl_ubi_load_image for falcon mode
This patch moves the falcon mode handling logic out of
spl_ubi_load_image to spl_ubi_load_image_os, this allows for cleaner
handling for fallback to U-Boot in case falcon mode fails.
Anshul Dalal [Fri, 17 Oct 2025 19:33:07 +0000 (01:03 +0530)]
spl: mmc: split spl_mmc_do_fs_boot into regular/os_boot
Currently the logic to handle falcon mode as well as the regular boot is
inside spl_mmc_do_fs_boot, this prevents us from cleanly extending
falcon mode functionality like toggleable fallback to U-Boot proper.
Therefore this patch splits the logic into spl_mmc_fs_load and
spl_mmc_fs_load_os to handle the regular boot and falcon mode use case.
Anshul Dalal [Fri, 17 Oct 2025 19:33:06 +0000 (01:03 +0530)]
spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol
This patch adds the new SPL_OS_BOOT_SECURE symbol that enables secure
boot flow in falcon mode. This symbol can be used to disable certain
inherently insecure options during falcon boot.
Reviewed-by: Tom Rini <trini@konsulko.com> Signed-off-by: Anshul Dalal <anshuld@ti.com>
Based on feedback other SOCs (for example Star64) are using driver in non
DMA mode which is causing issues that's why revert this patch.
cdns,is-dma should be removed differently.
Signed-off-by: Michal Simek <michal.simek@amd.com> Reported-by: E Shattow <e@freeshell.de>
* samsung: Extend E850-96 documentation to be comprehensive
* environment: fix links to Linux kernel documentation
* sandbox: fix typos
* document dmareset command
* ti: j722s_evm: drop outdated boot note
UEFI:
* Prevent leak of memory from tmp_files
* Correctly check if the HTTP protocol is found
* Use ESRT_FW_TYPE_SYSTEMFIRMWARE instead of ESRT_FW_TYPE_UNKNOWN
* dbginfodump: use guid definition
Others:
* lib/uuid: add support for efi debug image info table guid
Vincent Stehlé [Mon, 13 Oct 2025 14:21:09 +0000 (16:21 +0200)]
lib: uuid: add efi debug image info table guid
Add the EFI Debug Image Info Table GUID to the translation table used by
uuid_guid_get_str().
This allows to print a human readable table name with `efidebug tables'
instead of "(unknown)".
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Vincent Stehlé [Mon, 13 Oct 2025 14:21:08 +0000 (16:21 +0200)]
efi_loader: dbginfodump: use guid definition
Use the Debug Image Info Table GUID definition from efi_api.h instead or
redefining it locally.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: correctly check if the HTTP protocol is found
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value) Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable") Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sam Protsenko [Mon, 6 Oct 2025 23:25:38 +0000 (18:25 -0500)]
doc: samsung: Extend E850-96 documentation to be comprehensive
Add more bootloading details for E850-96 board. New sections cover next
topics:
- Hardware configuration of the boot device
- Flashing and updating the software (multiple methods)
- Booting with Standard Boot (multiple methods)
- EFI System Partition structure for E850-96
- Loadable firmware (LDFW) note
- Ethernet and USB Host Support
That documents all recently enabled U-Boot features for E850-96, which
can hopefully make U-Boot more useful for the users and developers of
this platform.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Andrew Goodbody [Thu, 2 Oct 2025 09:39:58 +0000 (10:39 +0100)]
fs: semihosting: Use correct variable for error check
After calling a function that can return an error, the test to detect
that error should use the return value not a different variable. Fix it.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Reviewed-by: Sean Anderson <sean.anderson@seco.com> Fixes: f676b45151c3 ("fs: Add semihosting filesystem")
As requirement of CR side, QSPI Flash usage via RPC driver shall
be disabled and leaving the control of this module to CR side.
Perform DT modification to disable the RPC SPI.
Signed-off-by: Nguyen Tran <nguyen.tran.pz@bp.renesas.com> Reviewed-by: Khanh Le <khanh.le.xr@renesas.com> Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
[Marek: Do not modify defconfig, modify the DT instead, this way
the RPC SPI can be enabled without recompiling the U-Boot
itself. Update commit message accordingly.]
Commit 63da3a795e86 ("ARM: dts: renesas: Drop R8A779H0 V4M DTs with OF_UPSTREAM counterparts")
removed unnecessary V4H DTs from arch/arm/dts , but in the process
also incorrectly dropped the -u-boot.dtsi U-Boot extras. Reinstate
those extras.
Due to DT file name change for the R8A779H0 V4M Gray Hawk, update
the r8a779h0-gray-hawk-u-boot.dtsi filename to newly matching
r8a779h0-gray-hawk-single-u-boot.dtsi .
Align r8a779h0-u-boot.dtsi with clean up commits 1487c34efa7b ("arm64: dts: renesas: Deduplicate extalr_clk bootph-all") dd8f57ed2f0b ("ARM: dts: renesas: Drop most of bootph-* tags")
Fixes: 63da3a795e86 ("ARM: dts: renesas: Drop R8A779H0 V4M DTs with OF_UPSTREAM counterparts") Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Sun, 7 Sep 2025 19:16:27 +0000 (21:16 +0200)]
serial: sh: Handle HSCIF RX FIFO overflow
The HSCIF RX FIFO may overflow when data are streaming from remote end
into the HSCIF while U-Boot is still starting up. In that case, HSFSR
bit RDF is set, but HSFDR field R is zero. This confuses .tstc callback
into considering RX FIFO to be empty, which leads to .getc to be never
invoked, even when user attempts to pass more input onto the command
line.
Fix this by considering the RDF flag in serial_rx_fifo_level(), which
is called from .tstc in case of no errors. If RDF flag is set, trigger
the .getc callback and let it clear the RX FIFO.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Thu, 18 Sep 2025 16:36:01 +0000 (18:36 +0200)]
arm64: renesas: r8a779g3: Reset PCIe before next stage on Retronix R-Car V4H Sparrow Hawk
Fully reset both PCIe controllers before booting the next stage on
Retronix R-Car V4H Sparrow Hawk board. This is necessary especially
in case U-Boot brought up the PCIe controllers, at which point the
next stage might be confused by the state of the PCIe controller.
The reset has to happen this late and not in the PCIe controller
driver, because the SRCR11 bits seem to affect both controllers.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Thu, 18 Sep 2025 16:36:00 +0000 (18:36 +0200)]
pci: pcie-rcar-gen4: Shut down controller on link down and remove
In case the link is down, or the controller driver is removed before
booting the next stage, shut down the PCIe link, put both the remote
PCIe device and the controller into reset, and disable clock. This
way, the hardware is not left active when not in use.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Patrice Chotard [Thu, 9 Oct 2025 13:08:33 +0000 (15:08 +0200)]
led: Update led_get_by_label()
During led_init() execution, led_get_label() returns either the label
property (which is an obsolete property [1]) or the LED's node name.
It can't be the function name as dev parameter is NULL.
Later, during led_post_bind() execution, for the same LED, the attributed
label by led_get_label() can be the function name, as led_get_label()
dev's parameter is set.
During call sequence led_boot_on() => led_boot_get() => led_get_by_label()
with label given in parameter (priv->boot_led_label which is either the
label or node's name set previously in led_init()) can be different to
to uc_plat->label and returns -ENODEV.
Update led_get_by_label() to allow to retrieve LED also by its node name.
U-Boot currently enables the UPLL during boot, which triggers a udelay()
call that depends on the system tick timer. Since no explicit tick source
is defined in the device tree, boot stalls on this board.
Define the "tick-timer" property under /chosen and point it to the PIT
node, ensuring U-Boot uses the PIT as the tick source.
Fixes: ac30d90f3367 ("clk: Ensure the parent clocks are enabled while reparenting") Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Remove default values for PMC PLL Analog Control Register(ACR) as the
values are specific for each SoC and PLL, so load them from PLL
characteristics structure
Tom Rini [Fri, 10 Oct 2025 22:09:00 +0000 (16:09 -0600)]
test/py: Update to a newer pytest release
Our pytest package was pinned to a release from 2021. The minimum
compatible with labgrid v25.0.x is pytest 7.0.0. Update to the current
relase which is currently 8.4.2
The EFI secure boot tests install a security data base.
Other EFI tests assume that secure boot is not enabled.
Add the missing tear-down at the end of each secboot test sequence.
Reported-by: Tom Rini <trini@konsulko.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Tom Rini <trini@konsulko.com>
With commit c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512
bytes") logic was added to detect the VIRTIO_BLK_F_BLK_SIZE capability and
to copy the block size reported by QEMU to the block device descriptor.
The logical block size can be set when invoking QEMU:
In U-Boot the logical block size is shown by command `virtio info`:
=> virtio info
Device 0: QEMU VirtIO Block Device
Type: Hard Disk
Capacity: 1024.0 MB = 1.0 GB (262144 x 4096)
There where two flaws which together hid that the logic was incorrect:
* VIRTIO_BLK_F_BLK_SIZE was missing in the driver capabilities and the bit
was filtered out.
* The result of the call to virtio_has_feature() was negated.
The problem became apparent when using ARM FVP as emulator which does not set
VIRTIO_BLK_F_BLK_SIZE.
Fixes: c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512 bytes") Reported-by: Debbie Horsfall <debbie.horsfall@arm.com> Tested-by: Andre Przywara <andre.przywara@arm.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Anshul Dalal [Thu, 9 Oct 2025 12:34:34 +0000 (18:04 +0530)]
env: Kconfig: disable external env in secure os boot
Falcon mode uses falcon_image_file from the env during mmc fs boot, but
external env can be compromised. Therefore disable access to external
env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
Signed-off-by: Anshul Dalal <anshuld@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Andrew Goodbody [Wed, 8 Oct 2025 09:23:36 +0000 (10:23 +0100)]
ti_sci: Provide error code on error exit
In ti_sci_get_response the check for message sequence will return ret
on a fail but ret will be 0 at that point. Instead return -EINVAL.
Also change dev_dbg call to dev_err to be consistent with other error
detection code in the same function.
Andrew Goodbody [Wed, 8 Oct 2025 09:23:35 +0000 (10:23 +0100)]
ti_sci: Prevent memory leak
temp is assigned the pointer returned by malloc which is used without a
NULL check and then never freed. Add a NULL check and ensure temp is
freed on all return paths.
Tom Rini [Wed, 1 Oct 2025 20:30:57 +0000 (14:30 -0600)]
clk: sophgo: Fix a warning about void returns value
The cv1800b_clk_setfield function returns void, but was doing "return
writel(...);" and while seemingly having a void function return a void
function is not a warning, when readl is a macro this problem is shown.
Correct the code to instead simply call writel.
Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Yao Zi <ziyao@disroot.org>
It has been reported that the commit causes boot regression for SPL on
StarFive VisionFive 2 or compatible boards. Inspecting the code, I did
spot one logic error for deciding whether Zaamo or Zalrsc is used, and
it's still unclear what exactly causes the regression, let's revert it
for now.
Tom Rini [Wed, 1 Oct 2025 20:30:39 +0000 (14:30 -0600)]
watchdog: Tighten dependencies on WDT_DAVINCI
The WDT_DAVINCI driver is not safe to compile on 64bit platforms such as
allyesconfig on a 64bit host. Tighten the dependencies here to the
platforms which could use it today.
The commit 726404a66c773 ("airoha: rework RAM size handling to support
multiple RAM size") is not good enougth. It results in pacnic during
determining of memory size amount.
This patch series partly fix and partly revert the above commit.
Unfortunately for now we have no a good way to determine the an7581
memory size.
Introduce a new version of the Keystone-II "ddr" command for testing the
inline ECC support in the DDRSS bridge available on K3 devices. The ECC
hardware support in K3's DDRSS and the test method differ substantially
from what we support in the K2 variant of the command. This K3 DDRSS
command currently supports only single controller testing.
The ECC error injection procedure follows these steps:
1) Flush and disable the data cache.
2) Disable the protected ECC Rx range.
3) Flip a bit in the address.
4) Restore the range to original.
5) Read the modified value (corrected).
6) Re-enable the data cache.
This will cause the 1-bit ECC error count to increase while the read
will return the corrected value.
The K3 version of the command extends the syntax for the "ecc_err"
argument by also introducing an argument for range which specifies which
range (0, 1, 2) the address is located in.
Multi-bit ECC errors are uncorrectable and will lead to a synchronous
abort.
Signed-off-by: Georgi Vlaev <g-vlaev@ti.com> Signed-off-by: Santhosh Kumar K <s-k6@ti.com>
[n-francis@ti.com: Add J7 and multiple-region support, simplify logic] Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Udit Kumar <u-kumar1@ti.com>
Andrew Goodbody [Mon, 6 Oct 2025 10:54:56 +0000 (11:54 +0100)]
test: Remove not needed null check
In ut_report() there is a null check for stats but stats was already
dereferenced on the line before and is again dereferenced later in the
same function. Also the two places where ut_report() is called from will
have initialised the parameter so there is no chance that stats will be
null. So to prevent static analysis complaining of a use before check
just remove the check.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Tom Rini [Tue, 14 Oct 2025 14:27:01 +0000 (08:27 -0600)]
Merge tag 'mix-next-14102025' of https://source.denx.de/u-boot/custodians/u-boot-tpm
TPM changes:
Make all drive names defined with U_BOOT_DRIVER unique
TEE changes:
Rework things such that sandbox will also traverse the optee directory
when SANDBOX_TEE is enabled, but only build one of the optee-specific
files when OPTEE is enabled.
EFI changes:
Up to now we were relying on the file extension to accept and load
an image over HTTP. We expected images to be either .iso or .img.
By wiring up internal existing functions we can try to mount any
file extension and reject it only if mounting fails.
part_driver_lookup_type
cmd: sf: align erase and write on erase block boundary
Align erase and write on erase block boundary in line with how read was
aligned in commit 622b5d35613 ("cmd: sf: Handle unaligned 'update' start
offset").
Fixes: 622b5d35613 ("cmd: sf: Handle unaligned 'update' start offset") Signed-off-by: Viorel Suman <viorel.suman@nxp.com> Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org> Tested-by: Marek Vasut <marek.vasut+renesas@mailbox.org> # R-Car V4H
Remove cdns,is-dma DT property handling. Property is not the part of DT
binding and it is also hardcoded to value 1 in all DTs that's why remove it
because none is also testing value 0.
If there is any use case when this configuration should be supported this
patch can be reverted.
Tom Rini [Thu, 25 Sep 2025 20:56:23 +0000 (14:56 -0600)]
tpm: Make U_BOOT_DRIVER entries unique
All instances of the U_BOOT_DRIVER must use a unique name or they will
lead to link time failures due to name space conflicts when both are
present. In this case the driver was reusing the tpm_tis_i2c name.
Tom Rini [Fri, 26 Sep 2025 15:31:44 +0000 (09:31 -0600)]
tee: Rework Makefile logic
The intention of how this Makefile was written was to allow for sandbox
to build and test drivers still while otherwise requiring OPTEE to be
enabled. This however didn't work quite right in practice as sandbox
could enable some drivers which would then fail to link. Rework things
such that sandbox will also traverse the optee directory when
SANDBOX_TEE is enabled, but only build one of the optee-specific files
when OPTEE is enabled.
Javier Tia [Thu, 9 Oct 2025 13:17:47 +0000 (07:17 -0600)]
efi_loader: Improve disk image detection in efi_bootmgr
Enhances the process for identifying disk images within the EFI boot
manager. Utilize part_driver_lookup_type() to verify the validity of a
downloaded file as a disk image, rather than depending on file
extensions.
part_driver_lookup_type() is now used in the prepare_loaded_image()
function in the EFI boot manager to detect partitions on a block device
created from a downloaded image. This allows the boot manager to boot
from any disk image that can be recognized by a partition driver, not
just ISO and IMG images.
Update prepare_loaded_image() to create the ramdisk block device
internally, obtain the blk_desc and use part_driver_lookup_type() to
detect a valid partition table.
In try_load_from_uri_path(), try prepare_loaded_image() first to detect
disk images, and fall back to PE-COFF detection only if that fails.
Signed-off-by: Javier Tia <javier.tia@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Javier Tia [Thu, 9 Oct 2025 13:17:46 +0000 (07:17 -0600)]
part: Export part_driver_lookup_type for external use
Make part_driver_lookup_type non-static so it can be used outside
part.c. This allows external callers to determine the appropriate
partition driver for a block device, enabling more flexible handling of
partition types.
Add a prototype and kernel-doc comment in part.h to document the
function contract. Provide a stub inline implementation returning NULL
when partition support is disabled, ensuring build consistency across
configurations.
Signed-off-by: Javier Tia <javier.tia@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Sam Protsenko [Fri, 3 Oct 2025 22:27:14 +0000 (17:27 -0500)]
bootstd: Fix bootflow info for efi_mgr
A "Synchronous Abort" CPU exception happens on an attempt to run the
"bootflow info" command for a global boot method (e.g. efi_mgr):
=> bootflow select 0
=> bootflow info
"Synchronous Abort" handler, esr 0x96000006, far 0x8
It happens because do_bootflow_info() tries to dereference bflow->dev,
which is NULL in case of efi_mgr. Add the corresponding check to prevent
this NULL pointer dereference and make "bootflow info" command work
properly for global boot methods.
Fixes: 2d653f686b6d ("bootstd: Add a bootflow command") Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Tom Rini [Fri, 3 Oct 2025 20:39:34 +0000 (14:39 -0600)]
global: Disable xPL phases when we have enabled COMPILE_TEST
Due to how we implement the logic for selecting what should/shouldn't be
built in a given phase it becomes extremely cumbersome to make these
phases link when configured by "allyesconfig". As a starting point for
being able to enable "allyesconfig" and expand our static coverage,
disable all other phases in this case.
Future work can be done to enable other phases as time and interest
permit.
projects / thirdparty / u-boot.git / log
