bootstd: android: Add missing NULL in the avb partition list
When booting an Android build with AVB enabled, it's still possible to
deactivate the check for development purposes if the bootloader state is
UNLOCKED.
This is very useful for development and can be done at flashing time via:
$ fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
However, with bootmeth_android, we cannot boot this way:
Scanning bootdev 'mmc@fa10000.bootdev':
0 android ready mmc 0 mmc@fa10000.bootdev.whole
** Booting bootflow 'mmc@fa10000.bootdev.whole' with android
avb_vbmeta_image.c:188: ERROR: Hash does not match!
avb_slot_verify.c:732: ERROR: vbmeta_a: Error verifying vbmeta image: HASH_MISMATCH
get_partition: can't find partition '_a'
avb_slot_verify.c:496: ERROR: _a: Error determining partition size.
Verification failed, reason: I/O error occurred while trying to load data
Boot failed (err=-5)
No more bootdevs
From the logs we can see that avb tries to read a partition named '_a'.
It's doing so because the last element of requested_partitions implicitly is
'\0', but the doc explicitly request it to be NULL instead.
Add NULL as last element to requested_partitions to avoid this problem.
Aaron Kling [Mon, 13 Jan 2025 09:11:45 +0000 (10:11 +0100)]
boot: android: Check kcmdline's for NULL in android_image_get_kernel()
kcmdline and kcmdline_extra strings can be NULL. In that case, we still
read the content from 0x00000 and pass that to the kernel, which is
completely wrong.
Fix android_image_get_kernel() to check for NULL before checking if
they are empty strings.
Fixes: 53a0ddb6d3be ("boot: android: fix extra command line support") Signed-off-by: Aaron Kling <webgeek1234@gmail.com> Reviewed-by: Nicolas Belin <nbelin@baylibre.com> Reviewed-by: Julien Masson <jmasson@baylibre.com> Tested-by: Sam Day <me@samcday.com> Link: https://lore.kernel.org/r/20250113-kcmdline-extra-fix-v1-1-03cc9c039159@baylibre.com Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Simon Glass [Sat, 11 Jan 2025 00:00:29 +0000 (17:00 -0700)]
dm: core: Provide ofnode_find_subnode_unit()
The ofnode_find_subnode() function currently processes things two
different ways, so the treatment of unit addresses differs depending on
whether OF_LIVE is enabled or not.
Add a new version which uses the ofnode API and add a test to check that
unit addresses can be matched correctly. Leave the old function in place
for the !OF_LIVE case, to avoid a code-size increase, e.g. on
firefly-rk3288
Simon Glass [Sat, 11 Jan 2025 00:00:25 +0000 (17:00 -0700)]
efi_loader: Avoid mapping the ACPI tables twice
The add_u_boot_and_runtime() function paints with a broad brush,
considering all of the memory from the top of U-Boot stack to
gd->ram_top as EFI_RUNTIME_SERVICES_CODE
This is fine, but we need to make sure we don't add a separate entry for
any ACPI tables in this region (which happens when bloblist is used for
tables). Otherwise the memory map looks strange and we get a test
failure on qemu-x86 (only) for the 'virtual address map' test.
Simon Glass [Sat, 11 Jan 2025 00:00:24 +0000 (17:00 -0700)]
x86: Align the SMBIOS table to a 4K boundary
This isn't strictly needed, but with UPL we use the reserved-memory
nodes to indicate where the SMBIOS table is. Tianocore requires 4KB
alignment on these regions, so it is easier to adjust the alignment
to match.
Simon Glass [Sat, 11 Jan 2025 00:00:17 +0000 (17:00 -0700)]
emulation: Use bloblist to hold tables
QEMU can have its own internal ACPI and SMBIOS tables. At present U-Boot
copies out the SMBIOS tables but points directly to the ACPI ones.
The ACPI tables are not aligned on a 4KB boundary, which means that UPL
cannot use them directly, since it uses a reserved-memory node for the
tables and that it assumed (by EDK2) to be 4KB-aligned.
On x86, QEMU provides the tables in a mapped memory region and U-Boot
makes use of these directly, thus making it difficult to use any common
code.
Adjust the logic to fit within the existing table-generation code. Use a
bloblist always and ensure that the ACPI tables is placed in an aligned
region. Set a size of 8K for QEMU. This does not actually put all the
tables in one place, for QEMU, since it currently adds a pointer to the
tables in QFW.
On ARM, enable bloblist so that SMBIOS tables can be added to the
bloblist.
Simon Glass [Sat, 11 Jan 2025 00:00:16 +0000 (17:00 -0700)]
emulation: fdt: Relax condition for OF_HAS_PRIOR_STAGE
QEMU always gets its devicetree from the OF_BOARD mechanism so we should
not depend on !BLOBLIST here.
It's not clear why we need to have any relationship with BLOBLIST so
let's remove the entire condition.
Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: 2b71470628c dts: OF_HAS_PRIOR_STAGE should depend on !BLOBLIST Reviewed-by: Tom Rini <trini@konsulko.com>
Simon Glass [Sat, 11 Jan 2025 00:00:13 +0000 (17:00 -0700)]
boot: Rename fit_image_get_data_and_size()
This function is really just getting the data. The size comes along for
the ride. In fact this function is only reliable way to obtain the data
for an image in a FIT, since the FIT may use external data.
Simon Glass [Sat, 11 Jan 2025 00:00:10 +0000 (17:00 -0700)]
ofnode: Indicate when out of space in a few places
Update ofnode_add_subnode() and ofnode_add_prop() to return a suitable
error when space is exhausted in the FDT. This makes it easier to see
what is going wrong.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
Simon Glass [Sat, 11 Jan 2025 00:00:09 +0000 (17:00 -0700)]
ofnode: Use 4K for a default tree-size
At some point it would be nice to have the ofnode API automatically
expand the tree as required, to accommodate new nodes. For now, expand
the default size so that UPL can be supported.
Simon Glass [Sat, 11 Jan 2025 00:00:00 +0000 (17:00 -0700)]
bloblist: Make BLOBLIST_ALLOC the default
We want to encourage people to use an allocated bloblist since it is
more flexible than a fixed one. Make this the default, being sure not to
change existing users.
The unit tests require BLOBLIST_FIXED so add a dependency in the
Makefile to avoid build errors.
All sandbox builds require BLOBLIST_FIXED so make that the default for
sandbox.
* Fixed boot regression due to broken memory parsing
* Enable HW RNG and KASLR on all platforms
* Add support for Snapdragon X1 Elite hardware (clk/pinctrl)
* Add support for QCS9100 ride automotive development platform (clk/ufs)
* Add support for PCIe on SM8550, SM8650 and X1E
* Implement software debounce for PMIC buttons
Additionally, some minor improvements to "ufetch" have been pulled in:
* Show CPU architecture (arm/mips/etc)
* Make CONFIG_BLK optional
* Fix 32-bit support
Tom Rini [Wed, 22 Jan 2025 15:48:24 +0000 (09:48 -0600)]
Merge patch series "vbe: Series part F"
Simon Glass <sjg@chromium.org> says:
This includes various patches towards implementing the VBE abrec
bootmeth in U-Boot. It mostly focuses on introducing a relocating
SPL-loader so that VBE can run in the limited amount of SRAM available
on many devices.
Another minor new feature is support in VBE for specifying the image
phase when loading from a FIT. This allows a single FIT to include
images for several boot phases, thus simplifying image-creation.
One lingering niggle in this series is that it has a different code path
for sandbox, since it does not support the relocating jump. It should be
possible to resolve this with additional work, but I have not attempted
this so far.
For v2, I have split the first patch into 5 pieces, to make it easier to
see the code-size impact, plus added a few tweaks to reduce code size.
Again, only MMC is supported so far.
Looking ahead, series G will have some more plumbing and H some rk3399
pieces. That should be enough to complete these feature.
Here is a run in my lab, with the VBE ABrec bootmeth. You can see that
VPL runs before memory is set up. SPL sets up memory and can be upgraded
in the field reliably.
$ ub-int vbe
Building U-Boot in sourcedir for rk3399-generic
Bootstrapping U-Boot from dir /tmp/b/rk3399-generic
Writing U-Boot using method rockchip
U-Boot TPL 2025.01-rc3-00345-gdfbdbf1eb56c-dirty (Jan 08 2025 - 10:47:58)
Trying to boot from vbe_abrec
load: Firefly-RK3399 Board
Using 'config-3' configuration
Trying 'image-vpl' firmware subimage
Using 'config-3' configuration
Trying 'fdt-3' fdt subimage
U-Boot VPL 2025.01-rc3-00345-gdfbdbf1eb56c-dirty (Jan 08 2025 - 10:47:58)
Trying to boot from vbe_abrec
load: Firefly-RK3399 Board
Starting with empty state
VBE: Firmware pick A at 800000
Using 'config-3' configuration
Trying 'spl' firmware subimage
Using 'config-3' configuration
Trying 'fdt-3' fdt subimage
Channel 0: DDR3, 800MHz
BW=32 Col=10 Bk=8 CS0 Row=15 CS1 Row=15 CS=2 Die BW=16 Size=2048MB
Channel 1: DDR3, 800MHz
BW=32 Col=10 Bk=8 CS0 Row=15 CS1 Row=15 CS=2 Die BW=16 Size=2048MB
256B stride
U-Boot SPL 2025.01-rc3-00345-gdfbdbf1eb56c-dirty (Jan 08 2025 - 10:47:58 -0700)
Trying to boot from vbe_abrec
load: Firefly-RK3399 Board
VBE: Firmware pick A at 900000
load_simple_fit: Skip load 'atf-5': image size is 0!
Relocating bloblist ff8eff00 to 100000: done
ns16550_serial serial@ff1a0000: pinctrl_select_state_full: uclass_get_device_by_phandle_id: err=-19
starting USB...
Bus usb@fe380000: USB EHCI 1.00
Bus usb@fe3a0000: USB OHCI 1.0
Bus usb@fe3c0000: USB EHCI 1.00
Bus usb@fe3e0000: USB OHCI 1.0
Bus usb@fe900000: Register 2000140 NbrPorts 2
Starting the controller
USB XHCI 1.10
scanning bus usb@fe380000 for devices... 1 USB Device(s) found
scanning bus usb@fe3a0000 for devices... 1 USB Device(s) found
scanning bus usb@fe3c0000 for devices... 2 USB Device(s) found
scanning bus usb@fe3e0000 for devices... 1 USB Device(s) found
scanning bus usb@fe900000 for devices... 1 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
Hit any key to stop autoboot: 0
Chanho Park [Wed, 15 Jan 2025 15:31:48 +0000 (00:31 +0900)]
vexpress64: Fix bootargs when building without NET
When building without DHCP/PXE configurations (NET disabled),
compilation errors may occur due to mismatched bootargs.
Ensure bootargs related to DHCP/PXE are not enabled if the
corresponding commands are disabled.
Ronald Wahl [Wed, 11 Dec 2024 20:51:04 +0000 (21:51 +0100)]
spi: cadence-quadspi: fix potential malfunction after ~49 days uptime
The get_timer function returns an unsigned long which may be calculated
from the ARM system counter. This counter is reset only on a cold reset.
U-boot divides this counter down to a 1000 Hz counter that will cross
the 32bit barrier after a bit more than 49 days. Assigning the value to
an unsigned int will truncate it on 64bit systems.
Passing this truncated value back to the get_timer function will return
a very large value that is certainly larger than the timeout and so will
go down the error path and besides stopping U-Boot will lead to messages
like
"SPI: QSPI is still busy after poll for 5000 ms."
Signed-off-by: Ronald Wahl <ronald.wahl@legrand.com> Cc: Vignesh R <vigneshr@ti.com> Cc: Pratyush Yadav <p.yadav@ti.com> Reviewed-by: Vignesh Raghavendra <vigneshr@ti.com>
Alexander Dahl [Wed, 15 Jan 2025 16:16:21 +0000 (17:16 +0100)]
Revert "mem: spi-mem: add declaration for spi_mem_default_supports_op"
We have a duplicate declaration of spi_mem_default_supports_op() which
was added twice, first with commit af6266c1c27a ("mem: spi-mem: add
declaration for spi_mem_default_supports_op") for v2021.04, and again
with commit 2299076e34f8 ("spi: spi-mem: export
spi_mem_default_supports_op()") for v2021.07.
The first commit is reverted here, because the second better matches the
definition and has a better place in the declaration order.
Note: Linux declares this in a different section of spi-mem.h which is
disabled in U-Boot through `#ifndef __UBOOT__`.
Alexander Dahl [Wed, 15 Jan 2025 16:16:20 +0000 (17:16 +0100)]
spi: atmel: Really drop atmel_spi.h
First try dropping this was with commit 37434db29be4 ("spi: atmel: Drop
atmel_spi.h") back in 2018 which was reverted not much later with commit 5270df283676 ("Revert "spi: atmel: Drop atmel_spi.h"").
Second try dropping this was in 2020 with commit beeb34ac0cc6 ("spi:
atmel: Drop atmel_spi.h"), but that only moved all the definitions into
the source file and did not remove the header file.
Currently all of the definitions in the header file are (still)
contained in the source file, and the header file is include nowhere.
Fixes: beeb34ac0cc6 ("spi: atmel: Drop atmel_spi.h") Signed-off-by: Alexander Dahl <ada@thorsis.com>
Simon Glass [Thu, 16 Jan 2025 01:27:22 +0000 (18:27 -0700)]
vbe: Support loading SPL images
VBE needs to load different images from a FIT depending on the xPL phase
in use. The IH_PHASE value is used to select the image to load.
Add the required logic to handle this. For compatibility with the
SPL-loader driver, fill out a struct spl_image_info with the details
needed to boot the next phase.
This is good enough for VBE-simple but ABrec will need the full set of
bootstd features. So add a USE_BOOTMETH define to control this.
Simon Glass [Thu, 16 Jan 2025 01:27:20 +0000 (18:27 -0700)]
spl: Plumb in the relocating loader
This is fairly easy to use. The SPL loader sets up some fields in the
spl_image_info struct and calls spl_reloc_prepare(). When SPL is ready
to do the jump it must call spl_reloc_jump() instead of jump_to_image().
Simon Glass [Thu, 16 Jan 2025 01:27:19 +0000 (18:27 -0700)]
spl: Add support for a relocating jump to the next phase
When one xPL phase wants to jump to the next, the next phase must be
loaded into its required address. This means that the TEXT_BASE for the
two phases must be different and there cannot be any memory overlap
between the code used by the two phases. It also can mean that phases
need to be moved around to accommodate any size growth.
Having two xPL phases in SRAM at the same time can be tricky if SRAM
is limited, which it often is. It would be better if the second phase
could be loaded somewhere else, then decompressed into place over the
top of the first phase.
Introduce a relocating jump for xPL to support this. This selects a
suitable place to load the (typically compressed) next phase, copies
some decompression code out of the first phase, then jumps to this code
to decompress and start the next phase.
This feature makes it much easier to support Verified Boot for Embedded
(VBE) on RK3399 boards, which have 192KB of SRAM.
Simon Glass [Thu, 16 Jan 2025 01:27:11 +0000 (18:27 -0700)]
vbe: Allocate space for the FIT header
It is convenient to use TEXT_BASE as a place to hold the FIT header, but
this does not work in VPL, since SDRAM is not inited yet.
Allocate the memory instead. Ensure the size is aligned to the media
block-size so that it can be read in directly. Improve the
error-checking for blk_read() and add some more debugging.
Keep the existing TEXT_BASE mechanism in sandbox to avoid an
'Exec format error' when trying to run the image.
Simon Glass [Thu, 16 Jan 2025 01:27:06 +0000 (18:27 -0700)]
vbe: Convert some checks to assertions
VBE is currently quite careful with function arguments because it is
used in VPL which cannot be updated after manufacture. Bugs can cause
security holes.
Unfortunately this adds to code size.
In several cases we are reading values from a devicetree which is part
of U-Boot (or at least VPL) and so known to be good. Also, in several
places, getting bad values does not matter.
So change a few checks to assert() to reduce code size.
Sam Day [Wed, 22 Jan 2025 10:26:59 +0000 (10:26 +0000)]
mach-snapdragon: pass fdt to qcom_parse_memory
commit fc37a73e6679 ("fdt: Swap the signature for
board_fdt_blob_setup()") introduced a subtle change to the Snapdragon
implementation, removing the assignment to gd->fdt_blob partway through
the function.
This breaks qcom_parse_memory() which was also called during
board_fdt_blob_setup().
The underlying issue here is that qcom_parse_memory is using the of_ api
to traverse a devicetree, which relies on the fdt_blob in global data.
Rather than relying on this subtle behaviour, explicitly pass the FDT
that should be consulted for a /memory node.
Using the OF API is typically preferable because it's easier to read,
but using the lower level fdt_ methods instead here doesn't add too much
complexity, I think.
Finally, a minor tweak was made to board_fdt_blob_setup to use the
passed fdt blob pointer instead of gd->fdt_blob, which removes the last
of the references to global data in this area.
J. Neuschäfer [Wed, 11 Dec 2024 22:25:27 +0000 (23:25 +0100)]
cmd: ufetch: Show CPU architecture under "CPU"
When looking at ufetch output it isn't immediately obvious which CPU
architecture the presented board has. This patch therefore adds the
CPU architecture string (for example "powerpc") to the "CPU:" line.
The new format is:
J. Neuschäfer [Wed, 11 Dec 2024 22:25:26 +0000 (23:25 +0100)]
cmd: Allow building ufetch without CONFIG_BLK
The ufetch command is still quite useful on systems without block
device support; remove the CONFIG_BLK dependency and make sure the code
compiles/works with and without CONFIG_BLK.
J. Neuschäfer [Wed, 11 Dec 2024 22:25:25 +0000 (23:25 +0100)]
cmd: ufetch: Fix type mismatch on 32-bit
On 32-bit architectures, LAST_LINE (_LAST_LINE - 1UL) is 64 bits long,
but size_t (from ARRAY_SIZE(...)) is 32 bits. This results in a warning
because the max() macro expects the same type on both sides:
cmd/ufetch.c: In function ‘do_ufetch’:
include/linux/kernel.h:179:24: warning: comparison of distinct pointer types lacks a cast [-Wcompare-distinct-pointer-types]
179 | (void) (&_max1 == &_max2); \
| ^~
cmd/ufetch.c:92:25: note: in expansion of macro ‘max’
92 | int num_lines = max(LAST_LINE + 1, ARRAY_SIZE(logo_lines));
| ^~~
Neil Armstrong [Mon, 25 Nov 2024 09:46:17 +0000 (10:46 +0100)]
pci: Add support for Qualcomm PCIe controller
Add support for the PCIe busses on Qualcomm platforms,
by using the pcie_dw_common infrastructure.
The driver is based on the Linux driver but only supporting
the "1_9_0" and compatible platforms like:
- sa8540p
- sc7280
- sc8180x
- sc8280xp
- sdm845
- sdx55
- sm8150
- sm8250
- sm8350
- sm8450
- sm8550
- sm8650
- x1e80100
But it has only been tested on:
- sc7280
- sm8550
- sm8650
- x1e80100
It supports setting the IOMMU SID table for supported platforms.
Add PCIe config space capability search function specific for
the host controller, which are bridges *to* PCI devices but
are not PCI devices themselves.
Neil Armstrong [Mon, 25 Nov 2024 17:12:56 +0000 (18:12 +0100)]
rng: msm: add support for newer Qualcomm hwrandom IPs
On recent Qualcomm SoCs, the hardware random generator
is initialized and handled by the firmware because shared
between different Execution Environments (EE), thus the
initialization step should be skipped.
Also support the newer "TRNG" found on SM8550 and newer
SoCs that has inbuilt NIST SP800 90B compliant entropic source.
Tengfei Fan [Fri, 10 Jan 2025 05:08:12 +0000 (10:38 +0530)]
arm64: dts: qcom: qcs9100: Add support for the QCS9100 Ride and Ride Rev3 boards
Add device tree support for the QCS9100 Ride and Ride Rev3 boards. The
QCS9100 is a variant of the SA8775p, and they are fully compatible with
each other. The QCS9100 Ride/Ride Rev3 board is essentially the same as
the SA8775p Ride/Ride Rev3 board, with the QCS9100 SoC mounted instead
of the SA8775p.
Patrice Chotard [Tue, 14 Jan 2025 13:28:13 +0000 (14:28 +0100)]
cyclic: Fix rollover every 72 min on 32 bits platforms
On 32 bits platforms, timer_get_us() returns an unsigned long which
is a 32 bits. timer_get_us() wraps around every 72 minutes
(2 ^ 32 / 1000000 =~ 4295 sec =~ 72 min).
So the test "if time_after_eq64(now, cyclic->next_call)" is no more
true when cyclic->next_call becomes above 32 bits max value (4294967295).
At this point after 72 min, no more cyclic function are
executed included watchdog one.
Instead of using timer_get_us(), use get_timer_us() which returns a
uint64_t, this allows a rollover every 584942 years.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com> Reviewed-by: Stefan Roese <sr@denx.de>
projects / thirdparty / u-boot.git / log
