Anshul Dalal [Wed, 18 Jun 2025 12:42:09 +0000 (18:12 +0530)]
mach-k3: add dynamic mmu fixups for SPL stage
On platforms with spl splash support i.e CONFIG_VIDEO=y, the top of DDR
is reserved for the framebuffer.
The size for the framebuffer is computed at runtime by video_reserve.
During the MMU configuration an entry corresponding to the framebuffer
should be dynamically created to properly map the required space for the
framebuffer.
Therefore this patch adds k3_spl_mem_map_init which adds the required
MMU entry by querying the gd after the framebuffer size has been
computed in spl_reserve_video_from_ram_top.
For non VIDEO=y platforms, the added k3_spl_mem_map_init function gets
optimized out of the final binary so overall, the spl size is not
impacted[1].
Anshul Dalal [Wed, 18 Jun 2025 12:42:08 +0000 (18:12 +0530)]
mach-k3: add runtime memory carveouts for MMU table
In u-boot we only provide a single MMU table for all k3 platforms,
this does not scale for devices with reserved memory outside the range
0x9e780000 - 0xa0000000 or for devices with < 2GiB of memory (eg
am62-SIP with 512MiB of RAM).
To properly configure the MMU on various k3 platforms, the
reserved-memory regions need to be queried at runtime from the
device-tree and the MMU table should be updated accordingly.
This patch adds the required fixups to the MMU table (during proper
U-boot stage) by marking the reserved regions as non cacheable and
keeping the remaining area as cacheable.
For the A-core SPL, the 128MiB region starting from SPL_TEXT_BASE
is marked as cacheable i.e 0x80080000 to 0x88080000.
The 128MiB size is chosen to allow for future use cases such as falcon
boot from the A-Core SPL which would require loading kernel image from
the SPL stage. This change also ensures the reserved memory regions that
all exist past 0x88080000 are non cacheable preventing speculative
accesses to those addresses.
Tom Rini [Fri, 27 Jun 2025 14:32:29 +0000 (08:32 -0600)]
Merge patch series "drivers: pci: pcie_dw_common: Add dw_pcie_link_set_max_link_width()"
This patch set from Marek Vasut <marek.vasut+renesas@mailbox.org>
introduces dw_pcie_link_set_max_link_width() similar to the Linux Kernel
and then migrates the current platform drivers to use it. Next it adds
support for Renesas R-Car Gen4 platforms and enables it on one.
Add R-Car Gen4 PCIe controller support for host mode.
This controller is based on Synopsys DesignWare PCIe. However, this
particular controller has a number of vendor-specific registers, and as
such, requires initialization code, including PHY firmware loading.
The PHY firmware loading is implemented in an entirely generic manner,
by calling a firmware loading script, which the user can configure in
a way they require. This provides the user with flexibility of loading
the PCIe firmware from whichever storage device they need to load it
from.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Tue, 17 Jun 2025 08:16:30 +0000 (10:16 +0200)]
pci: pcie_dw_rockchip: Use dw_pcie_link_set_max_link_width()
Use dw_pcie_link_set_max_link_width() instead of local implementation
of the same functionality. This does change the behavior slightly, as
the dw_pcie_link_set_max_link_width() implementation also programs the
LNKCAP register MLW, this should however be correct and is now aligned
with Linux kernel behavior.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Marek Vasut [Tue, 17 Jun 2025 08:16:28 +0000 (10:16 +0200)]
pci: pcie_dw_meson: Use dw_pcie_link_set_max_link_width()
Use dw_pcie_link_set_max_link_width() instead of local implementation
of the same functionality. This does change the behavior slightly, as
the dw_pcie_link_set_max_link_width() implementation also programs the
LNKCAP register MLW, this should however be correct and is now aligned
with Linux kernel behavior.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Add dw_pcie_link_set_max_link_width() implementation ported from Linux kernel
as of commit 89db0793c9f2 ("PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling").
This is common code which is already duplicated in multiple drivers.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Tom Rini [Thu, 26 Jun 2025 23:16:49 +0000 (17:16 -0600)]
Merge patch series "Add TI K3 PCIe Endpoint Controller support for AM64X"
Hrushikesh Salunke <h-salunke@ti.com> says:
This series adds support for the Endpoint mode on Cadence PCIe controller
on TI's K3 family of SoCs. The driver is an adaptation of the Linux
driver (drivers/pci/controller/cadence/pci-j721e.c) and has been
implemented specifically for Endpoint mode of operation on AM64X. A minor
set of changes will be sufficient to support other K3 SoCs as well.
This patch is tested on AM64X EVM. Following are the log corresponding
to this feature.
configs: am64x_evm_a53_defconfig: Enable configs for PCI Endpoint mode
TI's AM64x SoC has a single instance of PCIe Controller namely PCIe0
which is a Cadence PCIe Controller. To support PCI Endpoint
functionality with the PCIe0 instance of PCIe, enable the corresponding
configs.
pci_endpoint: Add TI K3 Cadence PCIe Endpoint Controller driver
Add support for Endpoint mode of operation in the Cadence PCIe
Controller present on TI's K3 SoCs. This driver is an adaptation of the
Linux kernel v6.15 driver (drivers/pci/controller/cadence/pci-j721e.c).
Anshul Dalal [Mon, 16 Jun 2025 08:04:30 +0000 (13:34 +0530)]
arm: Kconfig: enable LTO for ARCH_K3
CONFIG_LTO enables Link Time Optimizations that helps in reducing binary
size. The config has been validated on all K3 platforms so can be safely
enabled.
phy: cadence: torrent: add support for three or more links using 2 protocols
This is a port of the corresponding commit in the Linux kernel which
adds the same support for the Cadence Torrent driver[0]. The commit
message below is taken as-is from the Linux kernel commit being ported.
The Torrent SERDES can support at most two different protocols (PHY types).
This only mandates that the device-tree sub-nodes used to represent the
configuration should describe links with at-most two different protocols.
The existing implementation however imposes an artificial constraint that
allows only two links (device-tree sub-nodes). As long as at-most two
protocols are chosen, using more than two links to describe them in an
alternating configuration is still a valid configuration of the Torrent
SERDES.
A 3-Link 2-Protocol configuration of the 4-Lane SERDES can be:
Lane 0 => Protocol 1 => Link 1
Lane 1 => Protocol 1 => Link 1
Lane 2 => Protocol 2 => Link 2
Lane 3 => Protocol 1 => Link 3
A 4-Link 2-Protocol configuration of the 4-Lane SERDES can be:
Lane 0 => Protocol 1 => Link 1
Lane 1 => Protocol 2 => Link 2
Lane 2 => Protocol 1 => Link 3
Lane 3 => Protocol 2 => Link 4
牛 志宏 [Fri, 13 Jun 2025 01:45:28 +0000 (01:45 +0000)]
bootm: Pass SMP core ID and DTB address for ELF-formatted kernels
When booting RISC-V ELF-formatted kernel images (IH_TYPE_KERNEL + IH_OS_ELF),
explicitly pass SMP hart ID (via a0/argc) and DTB address (via a1/argv)
to comply with modern SMP-enabled kernels' boot protocol requirements.
See https://www.kernel.org/doc/html/latest/arch/riscv/boot.html#register-state
Tom Rini [Thu, 26 Jun 2025 19:45:43 +0000 (13:45 -0600)]
Merge patch series "sandbox: align LMB memory"
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> says:
To implement the EFI_SYSTEM_TABLE_POINTER we need 4 MiB aligned
memory.
On the sandbox LMB uses addresses relative to the start of a page aligned
RAM buffer allocated with mmap(). This leads to a mismatch of alignment
between EFI which uses pointers and LMB which uses phys_addr_t.
Ensure that the RAM buffer used for LMB is 4 MiB aligned.
Provide a unit test for efi_alloc_aligned_pages() verifying this alignment.
To implement the EFI_SYSTEM_TABLE_POINTER we need 4 MiB aligned
memory.
On the sandbox LMB uses addresses relative to the start of a page aligned
RAM buffer allocated with mmap(). This leads to a mismatch of alignment
between EFI which uses pointers and LMB which uses phys_addr_t.
Ensure that the RAM buffer used for LMB is 4 MiB aligned.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Rasmus Villemoes [Tue, 10 Jun 2025 12:27:48 +0000 (14:27 +0200)]
mkimage: do a rough estimate for the size needed for hashes/signatures
Background:
I have several customers that will be using a certain remote signing
service for signing their images, in order that the private keys are
never exposed outside that company's secure servers. This is done via
a pkcs#11 interface that talks to the remote signing server, and all
of that works quite well.
However, the way this particular signing service works is that one
must upfront create a "signing session", where one indicates which
keys one will use and, importantly, how many times each key will (may)
be used. Then, depending on the keys requested and the customer's
configuration, one or more humans must authorize that signing session
So for example, if official release keys are to be used, maybe two
different people from upper management must authorize, while if
development keys are requested, the developer himself can authorize
the session.
Once authorized, the requester receives a token that must then be used
for signing via one of the keys associated to that session.
I have that integrated in Yocto in a way that when a CI starts a BSP
build, it automatically works out which keys will be needed (e.g. one
for signing U-Boot, another for signing a kernel FIT image) based on
bitbake metadata, requests an appropriate signing session, and the
appropriate people are then notified and can then look at the details
of that CI pipeline and confirm that it is legitimate.
The problem:
The way mkimage does FIT image signing means that the remote server
can be asked to perform a signature an unbounded number of times, or
at least a number of times that cannot be determined upfront. This
means that currently, I need to artificially say that a kernel key
will be used, say, 10 times, even when only a single FIT image with
just one configuration node is created.
Part of the security model is that once the number of signings using a
given key has been depleted, the authorization token becomes useless
even if somehow leaked from the CI - and _if_ it is leaked/compromised
and abused before the CI has gotten around to do its signings, the
build will then fail with a clear indication of the
compromise. Clearly, having to specify a "high enough" expected use
count is counter to that part of the security model, because it will
inevitably leave some allowed uses behind.
While not perfect, we can give a reasonable estimate of an upper bound
on the necessary extra size by simply counting the number of hash and
signature nodes in the FIT image.
As indicated in the comments, one could probably make it even more
precise, and if there would ever be signatures larger than 512 bytes,
probably one would have to do that. But this works well enough in
practice for now, and is in fact an improvement in the normal case:
Currently, starting with size_inc of 0 is guaranteed to fail, so we
always enter the loop at least twice, even when not doing any signing
but merely filling hash values.
Just in case I've missed anything, keep the loop incrementing 1024
bytes at a time, and also, in case the estimate turns out to be over
64K, ensure that we do at least one attempt by changing to a do-while
loop.
With a little debug printf, creating a FIT image with three
configuration nodes previously resulted in
corresponding to 1+2+3+3 signatures requested (so while the loop count
is roughly linear in the number of config nodes, the number of
signings is quadratic).
Update a binman test case accordingly: With the previous behaviour,
mkimage would try size_inc=0 and then size_inc=1024 and then
succeed. With this patch, we first try, and succeed, with 4*128=512
due to the four hash nodes (and no signature nodes) in 161_fit.dts, so
the image ends up 512 bytes smaller.
Tom Rini [Thu, 26 Jun 2025 15:58:45 +0000 (09:58 -0600)]
Merge patch series "Propagate bootph-all and bootph-some-ram property to all supernodes"
Moteen Shah <m-shah@ti.com> says:
In the U-Boot pre-relocation stage, if the parent node lacks
bootph-all/bootph-some-ram property and the driver lacks a pre-reloc
flag, all of its subsequent subnodes gets skipped over from driver
binding—even if they have a bootph* property.
This series addresses the issue by scanning through all the nodes during
build time and propagating the applicable property to all of its supernode.
Moteen Shah [Fri, 16 May 2025 11:41:47 +0000 (17:11 +0530)]
tools: binman: control.py: Propagate bootph-all/bootph-some-ram properties to supernodes
As per bootph schema, bootph-* property in child node should be
implied in their parent, but this feature is not implemented in
the U-Boot proper stage (before relocation) resulting in devices
not being bound because of the missing bootph-all or bootph-some-ram
property in the parent node.
To mitigate this issue, add a function to scan through all the nodes
in the device-tree for bootph-all and bootph-some-ram properties. If
found, propagate it to all of its parent nodes up the hierarchy.
Signed-off-by: Moteen Shah <m-shah@ti.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Tom Rini [Thu, 26 Jun 2025 15:54:24 +0000 (09:54 -0600)]
Merge patch series "Fix handling of optional blobs in binman"
Yannic Moog <y.moog@phytec.de> says:
This series solves a contradiction regarding ext blobs packaged in
binman. When they are marked as optional, by default they are faked, two
messages are emitted. One says the image is not functional the other
says the image is still functional. Both concern the same binman
entry/blob.
Binman is set up to have fake external blobs in case they are missing.
This is regardless on whether they are optional or not.
The implementation does not allow different types of entries to override
the faking decision; at least there wouldn't be much sense in doing so.
Here is an example build output of a phycore-imx8mp:
BINMAN .binman_stamp
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin):
See the documentation for your board. You may need to build Open Portable
Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Image 'image' has faked optional external blobs and is still functional: tee.bin
OFCHK .config
The output stays to inform/warn the user, but in this case the tee-os
entry will not be present in the final image.
Yannic Moog [Fri, 13 Jun 2025 12:02:44 +0000 (14:02 +0200)]
binman: ftest: pass allow_fake_blob to _DoReadFileDtb
Some test cases don't use _DoTestFile directly which accepts
allow_fake_blobs. However, they specifically test functionality that
requires external blobs not to be faked. Extend the _DoReadFileDtb
signature to allow passing that option to _DoTestFile.
Also fix tests that require non-faked ext blobs.
By default, external blobs are faked. Some tests care only about more
basic functionality. In those cases no external blobs should be faked.
That would trigger a different (binman) case which is not in scope for
those particular tests.
Thus, disable faked blobs for those test cases.
Yannic Moog [Fri, 13 Jun 2025 12:02:43 +0000 (14:02 +0200)]
binman: add faked optional entry case in CheckForProblems
When having an entry that is marked as optional and is missing in the
final image, the following output is observed:
CFGS spl/u-boot-spl.cfgout
BINMAN .binman_stamp
Image 'image' has faked external blobs and is non-functional: tee.bin
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin):
See the documentation for your board. You may need to build Open Portable
Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid
make: *** [Makefile:1135: .binman_stamp] Error 103
To solve this contradictory messaging, when checking the faked blob
list, remove entries that are allowed to be missing. Instead add an
info message for faked optional blobs. Also reduce verbosity of the
optional image warning to an info message.
Yannic Moog [Fri, 13 Jun 2025 12:02:42 +0000 (14:02 +0200)]
binman: rework dropping absent entries from packaged image
When blobs are absent and are marked as optional, they can be safely
dropped from the binman tree. Use the drop_absent function for that.
Rename drop_absent to drop_absent_optional as we do not want to drop any
entries that are absent; they should be reported by binman as errors
when they are missing.
We also reorder the processing of the image the following:
- We call the CheckForProblems function before the image is built.
- We drop entries after we checked for problems with the image.
This is okay because CheckForProblems does not look at the file we have
written but rather queries the data structure (image) built with binman.
This also allows us to get all error and warning messages that we want
to report while avoiding putting missing optional entries in the final
image.
As only the blobs are dropped, the sections still remain in the
assembled image. Thus add them to the expected test case checks where
necessary.
In addition, a rework of testPackTeeOsOptional test case is necessary.
The test did not really do what it was supposed to. The description said
that optional binary is tested, but the binary is not marked as
optional. Further, the tee.elf file, when included in the image
properly, also shows up in the image data. This must be added as well.
As there is no global variable for the elf data, set the pathname to the
elf file that was created when setting up the test suite.
For the test case get the filename and read the contents, comparing them
to the contents of the created binman image.
Yannic Moog [Fri, 13 Jun 2025 12:02:41 +0000 (14:02 +0200)]
binman: mark optional missing blobs as absent
Optional blobs should mark themselves as absent to avoid being packed
into an image.
Extend the documentation of this behaviour. Although the documentation
implied this before, the "optional" property had not been explained
properly before.
The behaviour will change as now absent entries are no longer
packed into an image. The image map will also reflect this.
As a result, the CheckForProblems() function will no longer alert on
optional (blob) entries. This is because the missing optional images
were removed before CheckForProblems is called.
Adjust the testExtblobOptional test case to highlight that we are
testing not only an optional image but the image is missing as well. The
behaviour for these is different where the latter will not be packaged
into the image.
Yannic Moog [Fri, 13 Jun 2025 12:02:40 +0000 (14:02 +0200)]
binman: drop "faked" return value from check_fake_fname
check_fake_fname sets the faked member of the entry. Use that member
to get the faked status instead of a returned value indicating the same.
Add type annotations to the modified functions while at it.
Tom Rini [Thu, 26 Jun 2025 14:18:56 +0000 (08:18 -0600)]
Merge patch series "add a few entries into missing-blob-help"
Bryan Brattlof <bb@ti.com> says:
Now that TIFS and DM firmwares are marked as mandatory items for a
successful build[0] we should provide some more descriptive help text on
where to get the firmware in the event they are not found and add links
to more information about them.
We do need to expand the regex to allow the '.' dot in 'ti-fs-enc.bin'
so we can add it to the list which was the lesser number of lines
changed than renaming all these entries to 'tifs' or 'ti-fs' which the
current regex will match.
Tom Rini [Thu, 26 Jun 2025 14:17:22 +0000 (08:17 -0600)]
Merge patch series "net: consolidate PXE processor architecture type Kconfig"
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> says:
DHCP and DHCPv6 use the same value defined in
https://www.iana.org/assignments/dhcpv6-parameters#processor-architecture
to encode the processor architecture type. We should only use a single
Kconfig symbol for both protocols.
Furthermore we should make the value customizable. This allows for instance
to choose between "x86 BIOS" or "x64 UEFI".
As "x86 BIOS" is encoded as 0, we should not use this value to switch
off transmission of the DHCP option. Use 0xFF instead.
Tom Rini [Thu, 26 Jun 2025 14:13:03 +0000 (08:13 -0600)]
Merge patch series "mkimage: validate image references in FIT configurations"
Aristo Chen <jj251510319013@gmail.com> says:
This series introduces a validation step in mkimage to ensure that all image
names referenced under the /configurations node of a FIT source (ITS) are
actually defined under the /images node.
### Motivation
When using mkimage to build FIT images, it's easy to mistakenly reference
nonexistent image nodes in configurations (e.g., referencing a missing `fdt` or
`firmware` node). Such issues are often not caught until runtime in U-Boot.
This series aims to catch these errors early during FIT image creation by
validating the configuration references in mkimage itself.
Bryan Brattlof [Thu, 12 Jun 2025 11:38:54 +0000 (06:38 -0500)]
binmain: include ti-fs-enc.bin into missing-blob-help
Now that the TIFS firmware is marked as a mandatory component to a
successful build, provide some helpful descriptions to what it is and
links to more information about how to get this needed firmware.
Bryan Brattlof [Thu, 12 Jun 2025 11:38:52 +0000 (06:38 -0500)]
binman: add sysfw-inner-cert to missing-blob-help
Now that the inner certificate for TI's Foundation Security TIFS
firmware is mandatory to a successful build, provide some guidance on
what it is and links to the documentation on how to obtain the firmware
blobs.
Bryan Brattlof [Thu, 12 Jun 2025 11:38:51 +0000 (06:38 -0500)]
binman: add ti-dm entry to missing-blob-help
Now that ti-dm is marked as a mandatory component for a successful
build, adding some helping text about how to resolve a failed build will
be needed. Add some text around what ti-dm is and links to more
documentation on how to obtain the firmware binaries
net: consolidate PXE processor architecture type Kconfig
DHCP and DHCPv6 use the same value defined in
https://www.iana.org/assignments/dhcpv6-parameters#processor-architecture
to encode the processor architecture type. We should only use a single
Kconfig symbol for both protocols.
Furthermore we should make the value customizable. This allows for instance
to choose between "x86 BIOS" or "x64 UEFI".
As "x86 BIOS" is encoded as 0, we should not use this value to switch
off transmission of the DHCP option. Use 0xFF instead.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com>
Aristo Chen [Tue, 10 Jun 2025 07:41:21 +0000 (07:41 +0000)]
arm: dts: phycore-am62x: Add missing tifsstub image nodes for FIT loadables
The phycore-am62x build was broken due to mkimage reporting an undefined
'image "tifsstub-hs"' in the 'loadables' property of the FIT configuration.
This occurred because the `loadables` field referenced `tifsstub-hs`,
`tifsstub-fs`, and `tifsstub-gp`, but no corresponding nodes were defined
under /images.
This patch was inspired by commit 622f826bf025704cbcc4f39252d4a83129a9cabb
("arm: dts: phycore-am62x: Package TIFS Stub"). It resolves the issue by
adding proper Binman nodes for each TIFS variant (`tifsstub-hs`,
`tifsstub-fs`, and `tifsstub-gp`).
Aristo Chen [Tue, 10 Jun 2025 07:41:20 +0000 (07:41 +0000)]
test: py: add mkimage test for undefined image references in FIT configs
Add a test case to verify that mkimage correctly rejects a FIT source
that references a non-existent image from a configuration node.
This test introduces a minimal ITS that defines a valid kernel image
but references a missing "fdt" image under the /configurations section.
The test asserts that mkimage fails with a clear error message, as
introduced in the new validation logic.
This helps ensure the validation logic behaves correctly and prevents
regressions in future FIT enhancements.
Aristo Chen [Tue, 10 Jun 2025 07:41:19 +0000 (07:41 +0000)]
binman: test: Ensure all config references exist in /images node
Several binman FIT test device trees reference image nodes such as atf
and uboot in their /configurations sections, but those image nodes
were not actually defined in the /images node. This mismatch can lead
to validation errors when stricter consistency checks are introduced.
This patch adds minimal definitions for atf and uboot under the
/images node in all relevant test DTS files.
Aristo Chen [Tue, 10 Jun 2025 07:41:18 +0000 (07:41 +0000)]
tools: mkimage: validate image references in FIT configurations
When parsing a FIT image source (ITS), mkimage does not currently check
whether the image names referenced in the /configurations section (e.g.
"kernel", "fdt", "ramdisk", "loadables") actually exist in the /images
node.
This patch introduces a validation step during FIT import that iterates
over each configuration and verifies that all referenced image names are
defined under /images. If a missing image is detected, an appropriate
error is reported and mkimage exits with FDT_ERR_NOTFOUND.
This ensures that configuration integrity is validated at build time.
Aristo Chen [Tue, 10 Jun 2025 07:41:17 +0000 (07:41 +0000)]
tools: mkimage: propagate error codes from fit_handle_file()
The fit_handle_file() function previously returned a hardcoded -1 on
error. This change updates the logic to return the actual error code
stored in `ret`, allowing for error propagation.
This improves debuggability and enables downstream callers to
distinguish different failure causes, such as FDT_ERR_NOTFOUND or
other errors.
Tom Rini [Mon, 9 Jun 2025 16:10:11 +0000 (10:10 -0600)]
Gitlab: Allow running sandbox test.py jobs on more hosts
With a test investigation of how long each of our current build machines
can take to run the sandbox test.py job, we can see that the longest
running hosts are any of the arm64 machines. In some cases this may be a
matter of overall system load, but in others it's hard to say. The
challenge with these tests is that the run itself is single threaded and
covers a large number of tests. There may be gains made in looking in to
optimizing some individual tests. For now however we will likely gain
the most by removing potential bottle necks here and allow any amd64 or
arm64 host to run the test instead of trying to ensure they only run on
one of the few "fast" machines.
Jamin Lin [Fri, 6 Jun 2025 07:34:21 +0000 (15:34 +0800)]
lib: ecdsa: Add support for loading ECDSA public key from FDT
This patch adds support for parsing ECDSA public keys from the device tree
blob (FDT) under the `/signature` node. The public key is expected to be
defined using:
The implementation introduces:
- struct ecdsa_public_key to hold parsed key fields
- fdt_get_key() to parse the curve and coordinates from the FDT
- read_key_from_fdt() to convert the parsed values into an OpenSSL EC_KEY
- load_key_from_fdt() to support loading keys using required_keynode,
keyname hint, or fallback to scanning all subnodes under "/signature".
If "info->fdt_blob" is provided, the key is loaded from the FDT. Otherwise,
the code falls back to loading a PEM-formatted key from file as before.
This allows for ECDSA signature verification where the public key is
embedded in the FIT image device tree, useful for systems that require
signature validation without external files.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Bryan Brattlof [Mon, 2 Jun 2025 21:56:52 +0000 (16:56 -0500)]
binman: openssl: disable JTAG access by default
Typically boards operating in production environments will not be
monitored and so will not need JTAG access unlocked. Disable the debug
extension by default (set debugType = 0) unless we add the 'debug'
property in the binman configs.
Acked-by: Andrew Davis <afd@ti.com> Signed-off-by: Bryan Brattlof <bb@ti.com>
Tom Rini [Wed, 25 Jun 2025 15:57:01 +0000 (09:57 -0600)]
Merge patch series "lmb: use a single API for all allocations"
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The LMB module has a bunch for API's which are used for allocating
memory. There are a couple of API's for requesting memory, and two
more for reserving regions of memory. Replace these different API's
with a single one, lmb_alloc_mem(). The type of allocation to be made
is specified through one of the parameters to the function.
Additionally, the two API's for reserving regions of memory,
lmb_reserve() and lmb_alloc_addr() are the same with one
difference. One can reserve any memory region with lmb_reserve(),
while lmb_alloc_addr() actually checks that the memory region being
requested is part of the LMB memory map. Reserving memory that is not
part of the LMB memory map is pretty futile -- the allocation
functions do not allocate memory which has not been added to the LMB
memory map.
This series also removes the functionality allowing for reserving
memory regions outside the LMB memory map. Any request for reserving a
region of memory outside the LMB memory map now returns an -EINVAL
error.
Certain places in the common code using the LMB API's were not
checking the return value of the functions. Checks have been added for
them. There are some calls being made from the architecture/platform
specific code which too do not check the return value. Those have been
kept the same, as I do not have the platform with me to check if it
causes any issues on those platforms.
In addition, there is a patch which refactors code in
lmb_overlaps_region() and lmb_can_reserve_region() so that both
functionalities can be put in a single function, lmb_overlap_checks().
Finally, a new patch has been added which checks the return value of
the lmb allocation function before copying the device-tree to the
allocated address.
Sughosh Ganu [Tue, 17 Jun 2025 10:43:46 +0000 (16:13 +0530)]
doc: add lmb documentation
The LMB module has undergone significant changes in the recent
past. Add a document which briefly describes what the LMB module does,
and the changes that have been made to it's design since the 2025.01
release.
Sughosh Ganu [Tue, 17 Jun 2025 10:43:45 +0000 (16:13 +0530)]
mach-snapdragon: add a check before copying FDT to fdt_addr_r
The board_late_init() function allocates memory for a bunch of
environment variables, including fdt_addr_r. The device-tree then gets
copied to the memory pointed to by fdt_addr_r. However, the memory
allocation request can fail, in which case the address that is being
written to would not be allocated. Add a check that the memory
allocation has succeeded before copying the device-tree.
Sughosh Ganu [Tue, 17 Jun 2025 10:43:44 +0000 (16:13 +0530)]
lmb: use a single function to check for allocation and reservation requests
The functions that handle allocation requests check if a region of
memory overlaps with a used region. This is done through
lmb_overlaps_region(). Similar checks are done for reservation
requests made to the LMB module, where the caller asks specifically
for a particular region of memory. These checks are being done through
lmb_can_reserve_region().
There are subtle differences in the checking needed for allocation
requests, as against reservation requests. In the former, it is only
needed to be checked if a region is overlapping with an existing
used region, and return as soon as an overlap is found. For
reservation request checks, because U-Boot allows for re-use of in-use
regions with a particular memory attribute, this check has to iterate
through all the regions that might overlap with the requested region,
and then check that the necessary conditions are met to allow for the
overlap.
Combine these two checks in a single function, lmb_overlap_checks() as
both lmb_overlaps_region() and lmb_can_reserve_region() are pretty
similar otherwise.
Sughosh Ganu [Tue, 17 Jun 2025 10:43:41 +0000 (16:13 +0530)]
lmb: replace the lmb_alloc() and lmb_alloc_base() API's
There currently are two API's for requesting memory from the LMB
module, lmb_alloc() and lmb_alloc_base(). The function which does the
actual allocation is the same. Use the earlier introduced API
lmb_alloc_mem() for both types of allocation requests.
Sughosh Ganu [Tue, 17 Jun 2025 10:43:40 +0000 (16:13 +0530)]
lmb: replace lmb_reserve() and lmb_alloc_addr() API's
There currently are multiple allocation API's in the LMB module. There
are a couple of API's for allocating memory(lmb_alloc() and
lmb_alloc_base()), and then there are two for requesting a reservation
for a particular memory region (lmb_reserve() and
lmb_alloc_addr()). Introduce a single API lmb_alloc_mem() which will
cater to all types of allocation requests and replace lmb_reserve()
and lmb_alloc_addr() with the new API.
Moreover, the lmb_reserve() API is pretty similar to the
lmb_alloc_addr() API, with the one difference being that the
lmb_reserve() API allows for reserving any address passed to it --
the address need not be part of the LMB memory map. The
lmb_alloc_addr() does check that the address being requested is
actually part of the LMB memory map.
There is no need to support reserving memory regions which are outside
the LMB memory map. Remove the lmb_reserve() API functionality and use
the functionality provided by lmb_alloc_addr() instead. The
lmb_alloc_addr() will check if the requested address is part of the
LMB memory map and return an error if not.
Tom Rini [Wed, 25 Jun 2025 14:07:16 +0000 (08:07 -0600)]
Merge branch 'next' of https://source.denx.de/u-boot/custodians/u-boot-sunxi into next
This concludes support for the Allwinner A133 SoC, the biggest chunk of
which is the DRAM init code. Also includes support for a devboard using
this SoC, the DT of which got added to the kernel only recently. The
same is true for another H618 devboard, so add the respective devconfig
as well.
Gitlab CI passed, and I booted that briefly on those two boards.
Tom Rini [Tue, 24 Jun 2025 01:51:27 +0000 (19:51 -0600)]
Merge tag 'qcom-next-23Jun-1' of https://source.denx.de/u-boot/custodians/u-boot-snapdragon into next
This PR introduces 3 new platforms, two from the new Dragonwing IQx
series (QCS615 and QCS8300) as well as the IPQ5424.
Additionally:
* Support for booting downstream Android boot images on some phones is
added
* Capsule update support is expanded to be more generic, determining
which partition U-Boot was flashed to automatically and supporting
many more boards.
* Minor capsule update bugs are fixed
* A watchdog driver is added and gets timeout support
* Autoboot now requires pressing "space" specifically to stop booting as
a workaround for some boards getting rogue key presses which would
cause autoboot to fail
* Documentation is added for the Dragonwing boards
* The RB1/2 now use USB gadget mode rather than host
* A bug is fixed where GPIO reads could return incorrect values
We can now correctly identify which partition U-Boot is flashed to
between uefi, xbl, and boot (including A/B support) so enable capsule
update support for all boards.
Calling scsi_scan() results in all the block devices (and EFI block
devices) being destroyed and re-created. This breaks the EFI filesystem
drivers during capsule update.
Remove the call, since boards really should be calling scsi_scan()
themselves during board_init().
mach-snapdragon: CapsuleUpdate: support all boot methods
Expand capsule update support to correctly identify which partition
U-Boot is flashed to (between xbl, uefi, and boot including A/B
variants).
Use qcom_boot_source to determine if we were chainloaded from ABL,
meaning U-Boot is on the boot partition, otherwise we assume uefi if
it's available, finally leaving the xbl partition.
Set a different fw_name based on the target partition to prevent GUID
collisions, since a board may support U-Boot flashed to boot or XBL we
need to differentiate them since the U-Boot binary must be built
differently.
Keep track of whether we were loaded via ABL or if U-Boot is running as
a first-stage bootloader.
For now we set this based on if we have a valid external FDT or not,
since it isn't possible to chainload U-Boot from ABL without there being
an external FDT.
This will be used to inform the capsule update logic which partition
U-Boot is flashed to.
Aswin Murugan [Tue, 10 Jun 2025 09:37:32 +0000 (15:07 +0530)]
board: qualcomm: Add MAINTAINERS entries for Dragonwing platforms
Added MAINTAINERS entries for the Qualcomm Dragonwing platforms, following
the discussion in the referenced thread.
https://lore.kernel.org/u-boot/20250603192206.GK1382132@bill-the-cat/
In order to unzipped kernel from androidboot img, extra memory for
loadaddr is needed. So once fastboot is enabled fastboot memory also
share with loadaddr.
That can balance with memory constrain soc and android usecase.
Some androidboot image have invalid kernel/ramdisk load addr,
force to ignore those value and use loadaddr instead.
There is a concern on exposing the whole memory to image loading is
dangerous. Also, since it's not always possible to change the load
addr by repacking the boot.img (mainly due to AVB signature mismatch),
we need a way to use kernel_addr_r and ramdisk_addr_r.
Casey Connolly [Wed, 4 Jun 2025 11:34:45 +0000 (13:34 +0200)]
board: qualcomm: add a MAINTAINERS file
Add a MAINTAINERS file for assigning maintainership of a particular
Qualcomm platform or board (if board specific files exist). It is
intended to supplement the treewide ARM SNAPDRAGON maintainers with
folks who have a more specific interest.
Add an initial entry for the QCS6490 platform which powers the RB3 Gen 2 board.
Sumit Garg [Fri, 16 May 2025 13:08:54 +0000 (18:38 +0530)]
mach-snapdragon: of_fixup: Drop USB dr_mode override for RB1/2
The default DIP switch configuration on RB1/2 is to enable flashing
support via USB type-c port either using QDL or fastboot. It's just
cumbersome to get the host mode working in U-Boot via DIP switch toggle
when you need the flashing capability using the type-c port.
So instead lets enable fastboot in U-Boot for RB1/2 boards which is
more useful in the default board DIP switch configuration. This let's
us to drop dr_mode DT fixup.
Aswin Murugan [Thu, 8 May 2025 11:36:46 +0000 (17:06 +0530)]
gpio: msm_gpio: return correct value for gpio read
In the current implementation, the GPIO read operation considers
both the input and outbut bits (bits 0 and 1). It should only consider
the state of input bit, i.e bit 0. To address this, mask input bit
alone and read it.
Andre Przywara [Sun, 25 Aug 2024 23:31:42 +0000 (00:31 +0100)]
sunxi: H616: add support for YuzukiHD Chameleon board
The Chameleon board is an OpenHardware devboard made by YuzukiTsuru,
featuring an Allwinner H616 SoC. The form factor resembles the Raspberry
Pi Model A boards, though it differs significantly in its features.
Apart from the usual peripherals of those kind of boards (SD card, eMMC,
WiFi, HDMI), it features four USB-C 2.0 ports.
Add a defconfig for the board, the DRAM parameters have been extracted
from the firmware shipped with the board.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Fri, 7 Mar 2025 00:57:12 +0000 (00:57 +0000)]
arm64: dts: allwinner: h616: add YuzukiHD Chameleon support
The Chameleon board is an OpenHardware devboard made by YuzukiTsuru.
The form factor resembles the Raspberry Pi Model A boards, though it
differs significantly in its features:
- Allwinner H618 SoC (4 * Arm Cortex-A53 cores, 1MB L2 cache, 1.4 GHz)
- between 512MiB and 2GiB DDR3 DRAM
- up to 128 GiB eMMC flash
- AXP313a PMIC
- 100 Mbit/s Ethernet pins on a header
- XR829 WIFI+Bluetooth chip
- 4 * USB 2.0 USB-C ports
- microSD card slot
- 3.5mm A/V port
Add the devicetree describing the board's peripherals and their
connections.
Andre Przywara [Mon, 5 May 2025 16:47:29 +0000 (17:47 +0100)]
arm64: dts: allwinner: a100: add Liontron H-A133L board support
The H-A133L board is an industrial development board made by Liontron.
It contains a number of dedicated JST connectors, to connect external
peripherals. It features:
- Allwinner A133 SoC (4 * Arm Cortex-A53 cores at up to 1.6 GHz)
- 1 GiB, 2 GiB or 4 GiB of LPDDR4 DRAM
- between 16 and 128 GiB eMMC flash
- AXP707 PMIC (compatible to AXP803)
- 100 Mbit/s RJ45 Ethernet socket, using an JLSemi JL1101 PHY
- XR829 WIFI+Bluetooth chip
- 2 * USB 2.0 USB-A ports, plus three sets of USB pins on connectors
(connected via a USB hub connected to USB1 on the SoC)
- microSD card slot
- 3.5mm A/V port
- 12V power supply
- connectors for an LVDS or MIPI-DSI panel
Add the devicetree describing the board's peripherals and their
connections.
Despite being a devboard, the manufacturer does not publish a schematic
(I asked), so the PMIC rail assignments were bases on BSP dumps,
educated guesses and some experimentation. Dropping the always-on
property from any of the rails carrying it will make the board hang as
soon as the kernel turns off unused regulators.
projects / thirdparty / u-boot.git / log
