boot_get_fdt_fit_into_buffer() calls fdt_open_into() for both the
base FDT and overlay DTO blobs loaded from a FIT image.
Those blobs come from FIT payload data. In the overlay path,
fit_image_load() is called with FIT_LOAD_IGNORED, so the IH_TYPE_FLATDT
header check in fit_image_load() is skipped. This leaves fdt_open_into()
to consume header-derived offsets/sizes from unvalidated input.
Validate the full blob against the payload length first with
fdt_check_full(fdtsrcbuf, srclen), then proceed with fdt_totalsize() and
fdt_open_into(). This fixes Coverity CID 644638 (TAINTED_SCALAR).
Fixes: 5ebf0c55a23 ("image: fit: Apply overlays using aligned writable FDT copies")
Link: https://lore.kernel.org/all/20260223195109.GG3233182@bill-the-cat/
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Fix a segmentation fault caused by a null pointer access during root
partition checking. The function part_get_info() was falsely given null
for the disk_partition struct, which later resulted in accessing a null
pointer and thus undefined behavior.
Fixes: 5d7c080ae5dc ("bootstd: rauc: Don't check root part filesystem")
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
libfdt expects FDT/DTO blobs to be 8-byte aligned. When loading the
base FDT or overlays from a FIT, the mapped buffer may be unaligned,
which can break fdt_open_into() on strict-alignment architectures.
boot_get_fdt_fit() relocates the base FDT with boot_relocate_fdt()
before applying overlays. That uses the bootm memory map and can
overlap with the FIT buffer when the FIT is loaded into RAM,
corrupting data needed to load the kernel and ramdisk.
Allocate writable, 8-byte aligned copies of the base FDT and overlays
with memalign() and fdt_open_into(). Grow the base buffer as needed,
apply overlays to it and pack the final tree. Free each temporary
overlay copy after application and check fdt_pack() errors.
Fixes: 8fbcc0e0e839 ("boot: Assure FDT is always 8-byte aligned")
Fixes: 881f0b77dc8c ("image: apply FDTOs on FDT image node")
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Cc: Jamie Gibbons <Jamie.Gibbons@microchip.com>
Reviewed-by: Marek Vasut <marek.vasut@mailbox.org>
Print the actual error code in a couple of places in boot_get_fdt_fit().
These are FDT error codes, not errno, so printing the string is more
helpful than printing the numeric value.
The only caller of boot_get_fdt_fit() unconditionally replaces the
returned error code (fdt_noffset) with ENOENT so the actual error would
otherwise be lost.
Signed-off-by: David Lechner <dlechner@baylibre.com>
Show name of configuration node which was not found.
current state gives no hint if fit image is wrong or the requested name.
Could not find configuration node
load of <NULL> failed
After this patch we see name like this:
Could not find configuration node '#ov-test'
load of <NULL> failed
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Options which deal with memory locations and have a default value of 0x0
are dangerous, as that is often not a valid memory location. Rework
SPL_LOAD_FIT_ADDRESS as follows:
- Add SPL_HAS_LOAD_FIT_ADDRESS to guard prompting the question as the
case of loading a FIT image does not strictly require setting an
address and allows for a malloc()'d area to be used.
- For SPL_RAM_SUPPORT, select the new guard symbol if SPL_LOAD_FIT is
enabled because in that case an address must be provided.
- Update defconfigs for these new changes. Largely this means some
defconfigs need to enable SPL_HAS_LOAD_FIT_ADDRESS to maintain their
current status. In the case of sandbox, we also need to set
SPL_LOAD_FIT_ADDRESS to 0x0.
Signed-off-by: Tom Rini <trini@konsulko.com>
The bootm command can handle the compressed image, but current
code fails to boot from it.
## Loading kernel (any) from FIT Image at a8000000 ...
<snip>
Compression: gzip compressed
Data Start: 0xa80000d4
Data Size: 10114520 Bytes = 9.6 MiB
Architecture: AArch64
OS: EFI Firmware
Load Address: 0x90000000
<snip>
Uncompressing Kernel Image to 90000000
## Transferring control to EFI (at address a80000d4) ...
Booting <NULL>
Not a PE-COFF file
Loading image failed
To take care of the compressed image, the load address needs
to be passed instead of the original compressed image address.
Signed-off-by: Masahisa Kojima <kojima.masahisa@socionext.com>
Tested-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
u-boot-dfu-20260116
CI: https://source.denx.de/u-boot/custodians/u-boot-dfu/-/pipelines/29018
Android:
* Fix missing dependency for BOOTMETH_ANDROID
* Add bootconfig support
* Add 'get ramdisk' command to abootimg
DFU:
* Improve error handling in dfu_fill_entity()
USB Gadget:
* ci_udc: Ensure ci_ep->desc is valid before using it
* ci_udc: Add additional debug prints
While reading bootflow, memory was not released if an
error occurred.
Signed-off-by: Francois Berder <fberder@outlook.fr>
Acked-by: Martin Schwan <m.schwan@phytec.de>
Tested-by: Martin Schwan <m.schwan@phytec.de>
For android vendor boot image version 4 bootconfig is mandatory.[1]
In the android_image_get_ramdisk function, after copying both vendor and
boot ramdisks, we extract all androidboot.* entries from the kernel
command line. These entries are added to the bootconfig section.
We then update the sizes of the ramdisk and bootconfig.
Finally, all androidboot.* entries are removed from the kernel command
line.
[1] https://source.android.com/docs/core/architecture/partitions/vendor-boot-partitions#bootloader-support
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Guillaume La Roque (TI.com) <glaroque@baylibre.com>
Link: https://lore.kernel.org/r/20260112-bootconfig-v5-3-79b242159ac7@baylibre.com
[mkorpershoek: dropped irrelevant code comments]
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Use map_to_sysmem() to convert header pointers to physical addresses
in parse_hdr functions, and add proper map_sysmem()/unmap_sysmem()
calls in android_image_get_data() for sandbox compatibility.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Guillaume La Roque (TI.com) <glaroque@baylibre.com>
Link: https://lore.kernel.org/r/20260112-bootconfig-v5-2-79b242159ac7@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
To properly implement Android boot image v4, U-Boot must be able to
add additional entries to the bootconfig.
Add `add_bootconfig_parameters()` to do so.
This has been imported from Google's U-Boot source[1]
The variables/function names have been reworked to be
compliant with U-Boot's coding style.
[1] 7af0a0506d
Signed-off-by: Mattijs Korpershoek (TI.com) <mkorpershoek@kernel.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Signed-off-by: Guillaume La Roque (TI.com) <glaroque@baylibre.com>
Link: https://lore.kernel.org/r/20260112-bootconfig-v5-1-79b242159ac7@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
The code depends on set_avendor_bootimg_addr and set_abootimg_addr
functions which are only defined in cmd/abootimg.c, only built when
CMD_ABOOTIMG=y so let's add a dependency.
It should be "depends on" to be properly implemented, but we get a
circular dependency otherwise:
boot/Kconfig:566:error: recursive dependency detected!
boot/Kconfig:566: symbol BOOTMETH_ANDROID depends on CMD_ABOOTIMG
cmd/Kconfig:504: symbol CMD_ABOOTIMG depends on ANDROID_BOOT_IMAGE
boot/Kconfig:7: symbol ANDROID_BOOT_IMAGE is selected by BOOTMETH_ANDROID
so instead we do a select. It is safe because CMD_ABOOTIMG depends on
ANDROID_BOOT_IMAGE which we select here as well.
Fixes: 125d9f3306ea ("bootstd: Add a bootmeth for Android")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Link: https://lore.kernel.org/r/20251218-bootmeth_android-deps-v1-1-0113c804f951@cherry.de
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
This series from Andrew Davis <afd@ti.com> makes a number of the TI K3
CONFIG symbols have consistent values in SPL, as they are things
determined by the SoC and not the board design.
Link: https://lore.kernel.org/r/20251208190635.2044082-1-afd@ti.com
These are common for all K3 based boards. Add the common values as
defaults and remove from each board defconfig
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
In case the 'fdt_high' environment variable is set to ~0, warn users
about the dangers of the fdt_high usage. This will hopefully lead to
removal of most of the fdt_high ~0 usage over time.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
VPL_FIT_FULL_CHECK currently shares its description and help text with
FIT_FULL_CHECK which is quite confusing, so let's specify this applies
to VPL.
Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Anshul Dalal <anshuld@ti.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The prompt wrongly specifies this applies to SPL while this symbol is
for VPL, let's fix this oversight.
Fixes: 8dfbd798122b ("boot: Allow use of FIT in TPL and VPL")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Acked-by: Udit Kumar <u-kumar1@ti.com>
Reviewed-by: Anshul Dalal <anshuld@ti.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The prompt currently doesn't specify this applies to the SPL stage only,
so let's fix this oversight.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Anshul Dalal <anshuld@ti.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The prompt is missing the indication this applies for the SPL loading
a FIT image, and not any other stage.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: xypron.glpk@gmx.de
Reviewed-by: Udit Kumar <u-kumar1@ti.com>
Reviewed-by: Anshul Dalal <anshuld@ti.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
- meson_gx_mmc: reduce maximum frequency
- Add support for EFI capsule updates on all Amlogic boards
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPVPGJshWBf4d9CyLd9zb2sjISdEFAmlFKS4ACgkQd9zb2sjI
SdE1LRAA0L49BS4NnJw5jbhA4SJoyDc9YbTBJqHtPeNK37Mc/G+H9RDa1pK2SFMe
VJb8N9I+4UCuL0Qgg1OQLkj3zucRepgquc7SVPTVc0S3PWVAhOOpX6JfqoshavA2
BLi6eVz3HasOh3EH4gxkHLk+Uvg2EbzNb74U0MXWMRjCl2NHYuGyyMtDAFd8gsWr
vBXNIDJiOHz0l5YkZ/LVNq8NDkyRtwfVtHzmlpf8zsA4sYv70e2j7p++96dL3Kem
IkuEAkWDPZqpLR1putssQkuryVR7LjluiAid4IZzGQSfhdhtDDOPhcSDdO5huqWB
seqJfgnER2yT+ow1uqZII1ND9X5d2wOL/Kpx0feGaiiHcCkjOM4gnTnMZJMAl4d5
m4JRp56wwtcmJPxfArsWZaGmyuHfz7jFsSxANhIqDWsWrR3Mr4YQvJ+VqN1WR9ky
gM5Ok8L9Yhc9Fgm826ehkYoTUo20gPn2MvXjtLPXK7594gElmQslTH56dc87Jykv
OjjLLZvPZboasPIKkYkezh2HYsPqIE78VjM9Wq8yG3BZekMw+BxnUhNIxcq/kiGI
muTBfCvXEYZV4ojuEVHoOU2og5fUP8eDMz4sMiWejITmwo0qavBX3uPDR+fIWrmN
eM2zhlMqG86WHLh1oFG1xqptNMN9POaxM338QA7T8C2sIt3vdtw=
=sxXr
-----END PGP SIGNATURE-----
Merge tag 'u-boot-amlogic-next-20251219' of https://source.denx.de/u-boot/custodians/u-boot-amlogic into next
- Add u-boot SPL support for GX SoCs
- meson_gx_mmc: reduce maximum frequency
- Add support for EFI capsule updates on all Amlogic boards
This pull request brings together a set of fixes and enhancements across
the SoCFPGA platform family, with a focus on MMC/SPL robustness, EFI
boot enablement, and Agilex5 SD/eMMC support.
CI: https://source.denx.de/u-boot/custodians/u-boot-socfpga/-/pipelines/28776
Highlights:
*
SPL / MMC:
o
Fix Kconfig handling for
SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION_TYPE
o
Correct raw sector calculations and respect explicit sector values
when loading U-Boot from MMC in SPL
o
Adjust raw MMC loading logic for SoCFPGA platforms
*
EFI boot:
o
Permit EFI booting on SoCFPGA platforms
o
Disable mkeficapsule tool build for Arria 10 where unsupported
*
Agilex5:
o
Upgrade SDHCI controller from SD4HC to SD6HC
o
Enable MMC and Cadence SDHCI support in defconfig
o
Add dedicated eMMC device tree and defconfig for Agilex5 SoCDK
o
Revert incorrect GPIO configuration for SDIO_SEL
o
Refine U-Boot DT handling for SD and eMMC boot variants
*
SPI:
o
Allow disabling the DesignWare SPI driver in SPL via Kconfig
*
Board / configuration fixes:
o
Enable random MAC address generation for Cyclone V
o
Fix DE0-Nano-SoC boot configuration
o
Remove obsolete or conflicting options from multiple legacy
SoCFPGA defconfigs
Quentin Schulz <foss+uboot@0leil.net> says:
This does a bit of "cleanup" by reusing constants for some FIT
properties instead of having the same string in multiple places.
Additionally, this adds a new constant for the compatible property in
FIT configuration nodes[1] which is useful for FIT images with multiple
FIT configuration nodes to support multiple devices in the same blob.
U-Boot will try to figure out which node to select based on that
compatible[2].
However, if this property is missing (and the first blob in the fdt
property of the configuration node is uncompressed), the compatible from
the root node of the associated kernel FDT will be used for the
autoselection mechanism. For now, I only print the property if it
exists, but maybe it'd make sense to expose the fallback one if it's
missing. I guess we can implement that later on if desired.
[1] https://fitspec.osfw.foundation/#optional-properties compatible paragraph
[2] https://fitspec.osfw.foundation/#select-a-configuration-to-boot
Link: https://lore.kernel.org/r/20251203-fit-compat-v2-0-0fea56f23809@cherry.de
Fit conf node may have a compatible property[1] which stores the
compatible of the first blob in the fdt property of the node. This can
be used to automatically select the proper conf node based on the
compatible from the running U-Boot (matching the former's compatible
with the latter)[2].
This brings the ability to mkimage/dumpimage to print the compatibles of
the configuration node(s). U-Boot CLI commands such as iminfo also see
this addition to their output.
[1] https://fitspec.osfw.foundation/#optional-properties compatible paragraph
[2] https://fitspec.osfw.foundation/#select-a-configuration-to-boot
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Fit conf node may have a compatible property[1] which stores the root
compatible of the first blob in the fdt property of the node. This can
be used to automatically select the proper conf node based on the
compatible from the running U-Boot (matching the former's compatible
with the latter)[2].
This adds (and uses) this constant for FIT node parsing.
Note that this property may also appear in fpga image nodes[3] but that
isn't done in this commit.
[1] https://fitspec.osfw.foundation/#optional-properties compatible paragraph
[2] https://fitspec.osfw.foundation/#select-a-configuration-to-boot
[3] https://fitspec.osfw.foundation/#images-node 2.3.2 Conditionally mandatory property
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Some properties have their string represented in include/image.h via
constants, so let's use those constants instead of using a hardcoded
string.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
The BootROM in Rockchip SoCs will enter maskrom mode when boot firmware
cannot be found in nand/spi/mmc storage.
In maskrom mode the USB OTG port can accept one of two custom commands.
Initially a 0x471 command to load TPL into SRAM. After TPL has been
executed and it has returned back-to-BROM, a 0x472 command to load SPL
into start of DRAM.
Add two binman images that can be used to RAM boot from maskrom mode:
- u-boot-rockchip-usb471.bin that contains TPL to init DRAM.
- u-boot-rockchip-usb472.bin that contains SPL and the normal FIT
payload with i.e. U-Boot proper, TF-A and FDT.
A config fragment rockchip-ramboot.config can be used to enable building
of these two binman images, e.g.:
make generic-rk3588_defconfig rockchip-ramboot.config
These binman images can be used with the proprietary rkbin boot_merger
tool to create a special loader image that can be used with tools such
as rkdeveloptool or rockusb tools to RAM boot from maskrom, e.g.:
Create loader image:
$ ../rkbin/tools/boot_merger ./RK3588MINIALL.ini
Boot from maskrom:
$ rkdeveloptool db u-boot-rockchip-rk3588-loader.bin
or
$ rockusb download-boot u-boot-rockchip-rk3588-loader.bin
Another option that does not require use of proprietary tools is using
open source tools such as rkflashtool or rkusbboot that can load the
binman images directly without any need to first create a special loader
image to RAM boot from maskrom, e.g.:
$ rkflashtool l < u-boot-rockchip-usb471.bin
$ rkflashtool L < u-boot-rockchip-usb472.bin
or
$ rkusbboot u-boot-rockchip-usb471.bin u-boot-rockchip-usb472.bin
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Tested-by: Arnaud Patard <arnaud.patard@collabora.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Add support for creating an Amlogic Boot Image that pass CHK in BL1 on
Amlogic AArch64 SoCs.
Images can optionally be signed for secure boot scenario, however
creation of signed images has not been implemented.
Example of how to use it:
# Create an amlogic boot image
tools/mkimage -T amlimage -n gxbb -d u-boot-spl.bin u-boot-amlogic.bin
# List boot image header information
tools/mkimage -l u-boot-amlogic.bin
# Extract amlogic boot image payload
tools/dumpimage -T amlimage -o bl2-payload.bin u-boot-amlogic.bin
Or with binman using something like:
binman {
u-boot-amlogic {
filename = "u-boot-amlogic.bin";
pad-byte = <0xff>;
mkimage {
filename = "bl2.bin";
args = "-n", "gxbb", "-T", "amlimage";
u-boot-spl {
};
};
};
};
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
[Ferass: check digest type in _print_header, version in _verify_image]
Signed-off-by: Ferass El Hafidi <funderscore@postmarketos.org>
Link: https://patch.msgid.link/20251126-spl-gx-v5-1-6cbffb2451ca@postmarketos.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
If noffset is negative, do not pass it to fit_get_name() and then further to
libfdt, this will crash sandbox with SIGSEGV because libfdt can not handle
negative node offsets without full tree check, which U-Boot inhibits to keep
size lower.
Instead, always check noffset before use, and if the return value indicates
failure, exit right away.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Newer versions of libfdt strictly check whether the FDT blob
passed to them is at 8-byte aligned offset, if it is not, then
the library fails checks with -FDT_ERR_ALIGNMENT . Currently,
android_image_print_dtb_contents() passed FDT directly mapped
from abootimg to libfdt, and this FDT is not always aligned to
8-byte offset. Specifically, the FDTs are somewhat packed in
the abootimg, therefore if the first FDT blob is e.g. 0xfd bytes
long, then the next FDT blob ends up at 0xfd offset, which is
not 8-byte aligned.
Fix this by first extracting the header into 8-byte aligned buffer,
checking only the header for validity, and then by copying the
entire FDT into newly allocated 8-byte aligned buffer. While this
is not efficient, it is the correct way to handle DTs, which must
be at 8-byte aligned offsets. Mitigate the inefficiency for the
common case by checking whether the DT might be 8-byte aligned and
if it is, map it directly.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Link: https://lore.kernel.org/r/20251119193311.127633-1-marek.vasut+renesas@mailbox.org
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
With the changes in commit 8fbcc0e0e839 ("boot: Assure FDT is always at
8-byte aligned address") to call memalign(...) we now always call
memalign(...) rather than malloc(...) when allocating a buffer that may
contain a device tree. However, memalign(...) is not portable among all
of the host OSes we support. The C11 standard does require that
aligned_alloc(...) exist and it takes the same parameters as
memalign(...) does. Change this file to call aligned_alloc rather than
memalign, and for the non-USE_HOSTCC case define that function back to
memalign.
Fixes: 8fbcc0e0e839 ("boot: Assure FDT is always at 8-byte aligned address")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Heiko Schocher <hs@nabladev.com> says:
Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and described
at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02
TPMv2 defines hash algo sm3_256, which is currently
not supported and prevented TPMv2 chip with newer
firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C
u-boot=> tpm2 init
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
u-boot=>
Implement sm3 hash, so we can fix this problem.
Link: https://lore.kernel.org/r/20251118043042.27726-1-hs@nabladev.com
The Linux kernel can discover SMBIOS tables through two primary methods:
1. Via EFI tables, when using EFI boot;
2. Via the 'smbios3-entrypoint' property in the /chosen node of the
device tree.
When U-Boot boots a Linux kernel using a non-EFI command ("bootm",
"bootz", or "booti"), the kernel relies on the device tree to detect
the hardware. If SMBIOS tables are available in U-Boot, they should
be passed to the kernel via this device tree property.
This patch modifies boot_fdt_prepare(), to inject the SMBIOSv3 table
address into the device tree if there is a table generated by U-boot.
The "board_fdt_chosen_smbios" is weak in order to leave the possibilty
for specific boards to select custom SMBIOS addresses.
The changes in this patch are added in the context of supporting this
device tree property in linux kernel:
https://lkml.org/lkml/2025/10/24/1393
Device tree schema was updated to include the "smbios3-entrypoint" node
in pull request: https://github.com/devicetree-org/dt-schema/pull/177
Signed-off-by: Adriana Nicolae <adriana@arista.com>
The fitImage may contain FDT at 4-byte aligned address, because alignment
of DT tags is 4 bytes. However, libfdt and also Linux expects DT to be at
8-byte aligned address. Make sure that the DTs embedded in fitImages are
always used from 8-byte aligned addresses. In case the DT is decompressed,
make sure the target buffer is 8-byte aligned. In case the DT is only
loaded, make sure the target buffer is 8-byte aligned too.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Partitions can be become unusable due to power cuts or failed updates.
Use the bootmeth RAUC if partitions for at least one slot exist. The
bootmeth can then select the working slot.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Tested-by: Martin Schwan <m.schwan@phytec.de>
Only check if the root partition exists when scanning for the slots
partitions and not if the filesystem can be accessed. It is not needed
to access the filesystem of the root partition as it might not be
supported by u-boot or be encrypted.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Tested-by: Martin Schwan <m.schwan@phytec.de>
Fix two memory allocation bugs in label_boot_extension():
1. When label->fdtdir is not set, overlay_dir was used without any
memory allocation.
2. When label->fdtdir is set, the allocation size was incorrect,
using 'len' (just the fdtdir length) instead of 'dir_len' (which
includes the trailing slash and null terminator).
Resolve both issues by moving the memory allocation and string
formatting outside the conditional block, resulting in clearer code
flow and correct sizing in all cases.
Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html
Addresses-Coverity-ID: 638558 Memory - illegal accesses (UNINIT)
Fixes: 935109cd9e97 ("boot: pxe_utils: Add extension board devicetree overlay support")
Signed-off-by: Kory Maincent (TI.com) <kory.maincent@bootlin.com>
Tested-by: Surkov Kirill <fanra3.tk@gmail.com>
Size of array buf was incorrect due to sizeof returning the
size of an integer (typically 32 bits) instead of a u64 type
(64 bits). Hence, buf array was shorter than expected.
Signed-off-by: Francois Berder <fberder@outlook.fr>
Reviewed-by: Simon Glass <sjg@chromium.org>
Quentin Schulz <foss+uboot@0leil.net> says:
While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.
Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.
Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.
Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.
Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.
It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
It's defined a bit later in the same file, so let's remove the
duplicated entry.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This padding has nothing to do with FIT except that we can make use of
it when verifying the FIT signatures.
This padding can also be used to verify the signature "manually" e.g. by
calling rsa_verify_hash() directly with an embedded public key.
Additionally, this padding is only useful if RSA (and specifically
RSA_VERIFY) is enabled otherwise it's not used.
The only other place it's used is in rsa-sign.c which is only built for
the host tools and handled by TOOLS_FIT_RSASSA_PSS symbol instead, so no
need to care for that one.
Finally, the FIT_SIGNATURE dependency also wasn't enough because it only
implies RSA_VERIFY, meaning it can be disabled and still have
FIT_RSASSA_PSS enabled.
So add a dependency on RSA_VERIFY and reword the input prompt.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
