In various places it is useful to have an array of structures, but allow
it to grow. In some cases we work around it by setting maximum number of
entries, using a Kconfig option. In other places we use a linked list,
which does not provide for random access and can complicate the code.
Introduce a new data structure, which is a variable-sized list of structs
each of the same, pre-set size. It provides O(1) access and is reasonably
efficient at expanding linearly, since it doubles in size when it runs out
of space.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current implementation can return an extra result at the end when
the string ends with a space. Fix this by adding a special case.
Signed-off-by: Simon Glass <sjg@chromium.org>
The linux kernel has the list_count_nodes() API functions which is
used for counting nodes of a list. This has now been imported in
U-Boot as part of an earlier commit. Use this function and drop the
list_count_items().
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There is some potential security issue resolved by upgrading to v70.0.0
here and the latest is now v70.3.0.
Reported-by: GitHub dependabot
Suggested-by: Sebastian Kropatsch <seb-dev@mail.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Rasmus Villemoes <rasmus.villemoes@prevas.dk> says:
This is a followup to the patches that landed in 2024.01 and nearly
made sure that source files for producing .dtbo files use the .dtso
extension. In the same release, a few new .dts files snuck in, and
there was also some test code involving .dtbo -> .dtbo.S -> .dtbo.o I
didn't really know how to handle at the time. This should finish the
job, bring us in sync with linux (at least in this respect), and drop
the .dts -> .dtbo build rule.
Add a unit test for testing the Android bootmethod.
This requires another mmc image (mmc7) to contain the following partitions:
- misc: contains the Bootloader Control Block (BCB)
- boot_a: contains a fake generic kernel image
- vendor_boot_a: contains a fake vendor_boot image
Also add BOOTMETH_ANDROID as a dependency on sandbox so that we can test
this with:
$ ./test/py/test.py --bd sandbox --build -k test_ut # build the mmc7.img
$ ./test/py/test.py --bd sandbox --build -k bootflow_android
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Reviewed-by: Guillaume La Roque <glaroque@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Distinguish more clearly between source files meant for producing .dtb
from those meant for producing .dtbo.
Note that in the linux tree, all device tree overlay sources have been
renamed to .dtso, and the .dts->.dtbo rule is gone since v6.5 (commit
81d362732bac). So this is also a step towards staying closer to linux
with respect to both Kbuild and device tree sources, and eventually
eliminating all .dts -> .dtbo instances.
This also matches the documentation update done in commit 4fb7e570d6.
Cc: Masahisa Kojima <kojima.masahisa@socionext.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Distinguish more clearly between source files meant for producing .dtb
from those meant for producing .dtbo.
In this case, the files are really meant to be compiled to .dtbo ->
.dtbo.S -> .dtbo.o that get embedded in the image, which means that
the begin/end symbols generated by the makefile rule changes to
__dtbo_ rather than __dtb, so the consuming .c file needs updating,
but this should not result in any functional change.
Note that in the linux tree, all device tree overlay sources have been
renamed to .dtso, and the .dts->.dtbo rule is gone since v6.5 (commit
81d362732bac). So this is also a step towards staying closer to linux
with respect to both Kbuild and device tree sources.
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
A security issue exists with zipp before v3.19.1, and the current
release is now v3.19.2. While the change in versions numbers is large, a
manual inspection of the changelog shows that it's not as big as might
be implied.
Reported-by: GitHub dependabot
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The tests we currently have expect the firmware update to fail
when OsIndications is not set properly. However, we have a Kconfig flag
that explicitly ignores that variable. Adjust the tests accordingly
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The build option to support images of type 'IMAGE_FORMAT_LEGACY' is
CONFIG_LEGACY_IMAGE_FORMAT so update the pytest to check for the correct
option.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
On tests which require "tftpboot" we need to depend not on cmd_net but
rather cmd_tftpboot. And on tests which require cmd_pxe we do not need
to also depend on cmd_net as this should be handled already via Kconfig
logic.
Signed-off-by: Tom Rini <trini@konsulko.com>
The current test doesn't check anything about the output. If a bug
results in junk before the output, this is not currently detected.
Add a check for the first line being the one expected.
Signed-off-by: Simon Glass <sjg@chromium.org>
When a real board fails we don't want to decode the exception. Reserve
that behaviour for sandbox. Also avoid raising a new exception on
failure - just re-raise the existing one.
Signed-off-by: Simon Glass <sjg@chromium.org>
When a driver is not registered properly it is not clear which one it
is. Adjust test_dm_compat() to show this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tests for standard boot need disks to be set up, which can only be done
on sandbox, since adjusting disks on real hardware is not currently
supported. Mark the init function as sandbox-only.
Signed-off-by: Simon Glass <sjg@chromium.org>
The relocation offset can change in some initcall sequences. Handle
this and make sure it is used for all debugging statements in
init_run_list()
Update the trace test to match.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Caleb Connolly <caleb.connolly@linaro.org>
The dm_root_f field seems to be entirely write-only and hence
redundant, unless 'git grep' fails to find some access generated via
preprocessor token concatenation or similar.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
We should have a single place where we write the default value to the
creator revision field. If we ever will have any table created by another
tool, we can overwrite the value afterwards.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tim Harvey <tharvey@gateworks.com> says:
This series will automatically add /chosen/kaslr-seed to the dt if
DM_RNG is enabled
during the boot process.
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
is enabled as its implementation uses a different source of entropy
that is not yet implemented as DM_RNG. We also skip this if
MEASURED_BOOT is enabled as in that case any modifications to the
dt will cause measured boot to fail (although there are many other
places the dt is altered).
As this fdt node is added elsewhere create a library function and
use it to deduplicate code. We will provide a parameter to overwrite
the node if present.
For our automatic injection, we will use the first rng device and
not overwrite if already present with a non-zero value (which may
have been populated by an earlier boot stage). This way if a board
specific ft_board_setup() function wants to customize this behavior
it can call fdt_kaslrseed with a rng device index of its choosing and
set overwrite true.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
Now that kaslr-seed is automatically added to the chosen node if DM_RNG
is enabled, adjust the test to expect this.
Take care not to expect kaslr-seed for CONFIG_MEASURED_BOOT and
CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT as we do not add it for those.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Cc: Michal Simek <michal.simek@amd.com>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: Akash Gajjar <gajjar04akash@gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Devarsh Thakkar <devarsht@ti.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Chris Morgan <macromorgan@hotmail.com>
There are of course not a whole lot of examples in-tree yet, but
before they appear, let's make this API change: Instead of separately
allocating a 'struct cyclic_info', make the users embed such an
instance in their own structure, and make the convention that the
callback simply receives the 'struct cyclic_info *', from which the
clients can get their own data using the container_of() macro.
This has a number of advantages.
First, it means cyclic_register() simply cannot fail, simplifying the
code. The necessary storage will simply be allocated automatically
when the client's own structure is allocated (often via
uclass_priv_auto or similar).
Second, code for which CONFIG_CYCLIC is just an option can more easily
be written without #ifdefs, if we just provide an empty struct
cyclic_info {}. For example, the nested CONFIG_IS_ENABLED()s in
https://lore.kernel.org/u-boot/20240316201416.211480-1-marek.vasut+renesas@mailbox.org/
are mostly due to the existence of the 'struct cyclic_info *' member
being guarded by #ifdef CONFIG_CYCLIC.
And we do probably want to avoid the extra memory overhead of that
member when !CONFIG_CYCLIC. But that is automatic if, instead of a
'struct cyclic_info *', one simply embeds a 'struct cyclic_info',
which will have size 0 when !CONFIG_CYCLIC. Also, the no-op
cyclic_register() function can just unconditionally be called, and the
compiler will see that (1) the callback is referenced, so not emit a
warning for a maybe-unused function and (2) see that it can actually
never be reached, so not emit any code for it.
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Add tests for booting image using tftpboot/pxe boot commands, tftpboot
boot case loads the FIT image into DDR and boots using bootm command
whereas pxe boot cases downloads the pxe configuration file from the
TFTP server and interprets it to boot the images mentioned in the pxe
configurations file.
This test relies on boardenv_* containing configuration values including
the parameter 'pattern'. tftpboot/pxe boot cases boots the Linux till the
boot log pattern value is matched. For example, if the parameter
'pattern' is defined as 'login:', it will boot till login prompt.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Tested-by: Tom Rini <trini@konsulko.com>
Executing a u-boot command may raise an error or extra bad pattern,
beyond the default bad patterns. Providing a way to enable the console
output error check in test.
For example, description for OS boot test:
import re
check_type = 'kernel_boot_error'
check_pattern = re.compile('ERROR -2: can't get kernel image!')
with u_boot_console.enable_check(check_type, check_pattern):
u_boot_console.run_command('<boot command>')
Signed-off-by: Love Kumar <love.kumar@amd.com>
The issue described in https://github.com/psf/requests/pull/6655 has
been assigned as a security issue. While unlikely to be exploited in our
usage, update to the current release to fix it. Furthermore, upstream
has now moved on to v2.23.2 as the release to use which has all of the
issues resolved.
Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <trini@konsulko.com>
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".
This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
For pcr_read and pcr_extend commands allow the digest algorithm to be
specified by an additional argument. If not specified it will default to
SHA256 for backwards compatibility.
Additionally update test_tpm2.py for the changes in output in pcr_read
which now shows the algo and algo length in the output.
A follow-on to this could be to extend all PCR banks with the detected
algo when the <digest_algo> argument is 'auto'.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The following patch series adds support for version 2 of the FWU
metadata. The version 2 metadata structure is defined in the latest
revision of the FWU specification [1].
The earlier versions of these patches were migrating to a version 2
only support in U-Boot, similar to TF-A. However, based on feedback
from ST [2], this series has been updated to support both versions. A
platform would still be needed to enable one of the two versions of
metadata through a config symbol.
TF-A has code which reads the FWU metadata and boots the platform from
the active partition. TF-A has decided to migrate the FWU code to a
version 2 only support. These changes have been merged in upstream
TF-A.
These changes have been tested on the ST DK2 board, which uses the GPT
based partitioning scheme. Both V1 and V2 metadata versions have been
tested on the DK2 board.
These changes need to be tested on platforms with MTD partitioned
storage devices.
Make changes to the FWU metadata access tests corresponding to the
changes in the FWU metadata access code.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Move snprintf to stdio.h since it is needed by exteranl libraries.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d, reversing
changes made to 2ee6f3a5f7.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
Currently we have the option to tell the console code that we should
ignore the SPL banner. We also have an option to say that we can see it
a second time, and ignore it. However, some platforms such as TI AM64x
will have us see the SPL banner three times. Rather than add an
"spl3_skipped" option, rework the code. By default we expect to see the
banner once, but boards can specify seeing it as many times as they
expect to.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.
Signed-off-by: Marek Vasut <marex@denx.de>
The image is not unloaded if a security violation occurs.
If efi_set_load_options() fails, we do not free the memory allocated for
the optional data. We do not unload the image.
* Unload the image if a security violation occurs.
* Free load_options if efi_set_load_options() fails.
* Unload the image if efi_set_load_options() fails.
Fixes: 53f6a5aa86 ("efi_loader: Replace config option for initrd loading")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fix typos in test_eficonfig.py: %s/curren/current/
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
* The sandbox must not use an arbitrary file name bootsbox.efi but the
file name matching the host architecture to properly boot the respective
file. We already have an include which provides a macro with the name of
the EFI binary. Use it.
* The path to the EFI binary should be absolute.
* The path and the file name must be capitalized to conform to the UEFI
specification. This is important when reading from case sensitive
file systems.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The default sequence of boot methods is determined by alphabetical sorting
during linkage.
* efi_mgr must run before efi to be UEFI compliant
* pxe should run as last resort
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Currently, all the capsules for the sandbox platform are generated at
the time of running the capsule tests. To showcase generation of
capsules through binman, generate all raw(non FIT payload) capsules
needed for the sandbox platform as part of the build. This acts as an
illustrative example for generating capsules as part of a platform's
build.
Make corresponding change in the capsule test's configuration to get
these capsules from the build directory.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
