We currently set the firmware image type to ESRT_FW_TYPE_UNKNOWN.
The spec defines the following:
ESRT_FW_TYPE_UNKNOWN 0x00000000
ESRT_FW_TYPE_SYSTEMFIRMWARE 0x00000001
ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002
ESRT_FW_TYPE_UEFIDRIVER 0x00000003
Since we don't support updating DEVICEFIRMWARE or UEFIDRIVER types,
let's switch over to SYSTEMFIRMWARE which seems more appropriate.
Suggested-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fix two typos in the sandbox docs.
Signed-off-by: Lukas Zirpel <lukas@zirpel.de>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value)
Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
After the malloc of tmp_files and before its value is recorded an early
exit will need to free tmp_files to prevent leaking that memory.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add more bootloading details for E850-96 board. New sections cover next
topics:
- Hardware configuration of the boot device
- Flashing and updating the software (multiple methods)
- Booting with Standard Boot (multiple methods)
- EFI System Partition structure for E850-96
- Loadable firmware (LDFW) note
- Ethernet and USB Host Support
That documents all recently enabled U-Boot features for E850-96, which
can hopefully make U-Boot more useful for the users and developers of
this platform.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Our pytest package was pinned to a release from 2021. The minimum
compatible with labgrid v25.0.x is pytest 7.0.0. Update to the current
relase which is currently 8.4.2
Signed-off-by: Tom Rini <trini@konsulko.com>
The EFI secure boot tests install a security data base.
Other EFI tests assume that secure boot is not enabled.
Add the missing tear-down at the end of each secboot test sequence.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Tom Rini <trini@konsulko.com>
With commit c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512
bytes") logic was added to detect the VIRTIO_BLK_F_BLK_SIZE capability and
to copy the block size reported by QEMU to the block device descriptor.
The logical block size can be set when invoking QEMU:
-drive if=none,file=4096.img,format=raw,id=vda \
-device virtio-blk-device,drive=vda,physical_block_size=4096,logical_block_size=4096
In U-Boot the logical block size is shown by command `virtio info`:
=> virtio info
Device 0: QEMU VirtIO Block Device
Type: Hard Disk
Capacity: 1024.0 MB = 1.0 GB (262144 x 4096)
There where two flaws which together hid that the logic was incorrect:
* VIRTIO_BLK_F_BLK_SIZE was missing in the driver capabilities and the bit
was filtered out.
* The result of the call to virtio_has_feature() was negated.
The problem became apparent when using ARM FVP as emulator which does not set
VIRTIO_BLK_F_BLK_SIZE.
Fixes: c85b8071e7d3 ("virtio: blk: support block sizes exceeding 512 bytes")
Reported-by: Debbie Horsfall <debbie.horsfall@arm.com>
Tested-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Falcon mode uses falcon_image_file from the env during mmc fs boot, but
external env can be compromised. Therefore disable access to external
env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
Signed-off-by: Anshul Dalal <anshuld@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The pointer resp is declared but never assigned a value but is then
dereferenced. Fix this by assigning the pointer to the message buffer.
This issue was found by Smatch.
Reviewed-by: Udit Kumar <u-kumar1@ti.com>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Nishanth Menon <nm@ti.com>
Tested-by: Anshul Dalal <anshuld@ti.com>
In ti_sci_get_response the check for message sequence will return ret
on a fail but ret will be 0 at that point. Instead return -EINVAL.
Also change dev_dbg call to dev_err to be consistent with other error
detection code in the same function.
This issue was found by Smatch.
Reviewed-by: Udit Kumar <u-kumar1@ti.com>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Nishanth Menon <nm@ti.com>
Tested-by: Anshul Dalal <anshuld@ti.com>
temp is assigned the pointer returned by malloc which is used without a
NULL check and then never freed. Add a NULL check and ensure temp is
freed on all return paths.
This issue was found by Smatch.
Reviewed-by: Udit Kumar <u-kumar1@ti.com>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Nishanth Menon <nm@ti.com>
Tested-by: Anshul Dalal <anshuld@ti.com>
The cv1800b_clk_setfield function returns void, but was doing "return
writel(...);" and while seemingly having a void function return a void
function is not a warning, when readl is a macro this problem is shown.
Correct the code to instead simply call writel.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Yao Zi <ziyao@disroot.org>
This reverts commit a681cfecb4346107212f377e2075f6eb1bdc6a2b.
It has been reported that the commit causes boot regression for SPL on
StarFive VisionFive 2 or compatible boards. Inspecting the code, I did
spot one logic error for deciding whether Zaamo or Zalrsc is used, and
it's still unclear what exactly causes the regression, let's revert it
for now.
Reported-by: E Shattow <e@freeshell.de>
Link: https://lore.kernel.org/u-boot/1871663e-b918-4351-9e9e-97f9a4c73733@freeshell.de/
Signed-off-by: Yao Zi <ziyao@disroot.org>
Acked-by: E Shattow <e@freeshell.de>
Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
The WDT_DAVINCI driver is not safe to compile on 64bit platforms such as
allyesconfig on a 64bit host. Tighten the dependencies here to the
platforms which could use it today.
Signed-off-by: Tom Rini <trini@konsulko.com>
A few watchdog drivers cannot build without access to some platform
specific header files. Express those requirements in Kconfig as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Roese <stefan.roese@mailbox.org>
Mikhail Kshevetskiy <mikhail.kshevetskiy@iopsys.eu> says:
The commit 726404a66c773 ("airoha: rework RAM size handling to support
multiple RAM size") is not good enougth. It results in pacnic during
determining of memory size amount.
This patch series partly fix and partly revert the above commit.
Unfortunately for now we have no a good way to determine the an7581
memory size.
Link: https://lore.kernel.org/r/20251008070903.370974-1-mikhail.kshevetskiy@iopsys.eu
Introduce a new version of the Keystone-II "ddr" command for testing the
inline ECC support in the DDRSS bridge available on K3 devices. The ECC
hardware support in K3's DDRSS and the test method differ substantially
from what we support in the K2 variant of the command. This K3 DDRSS
command currently supports only single controller testing.
The ECC error injection procedure follows these steps:
1) Flush and disable the data cache.
2) Disable the protected ECC Rx range.
3) Flip a bit in the address.
4) Restore the range to original.
5) Read the modified value (corrected).
6) Re-enable the data cache.
This will cause the 1-bit ECC error count to increase while the read
will return the corrected value.
The K3 version of the command extends the syntax for the "ecc_err"
argument by also introducing an argument for range which specifies which
range (0, 1, 2) the address is located in.
Multi-bit ECC errors are uncorrectable and will lead to a synchronous
abort.
Signed-off-by: Georgi Vlaev <g-vlaev@ti.com>
Signed-off-by: Santhosh Kumar K <s-k6@ti.com>
[n-francis@ti.com: Add J7 and multiple-region support, simplify logic]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Udit Kumar <u-kumar1@ti.com>
This partly fix commit 726404a66c773 ("airoha: rework RAM size handling
to support multiple RAM size")
The function get_effective_memsize() do not see non-global defines
of CFG_MAX_MEM_MAPPED, so the effective memory size will not be changed.
Fix the issue by putting definition of CFG_MAX_MEM_MAPPED to the proper
place.
Fixes: 726404a66c773 ("airoha: rework RAM size handling to support multiple RAM size")
Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@iopsys.eu>
expo and cedit tests depend on the host having the SDL library.
Build these tests only if VIDEO_SANDBOX_SDL config is enabled.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable CONFIG_OF_UPSTREAM to receive automatic
device tree updates for the Verdin AM62P.
Remove the now-obsolete device tree files:
- k3-am62p-verdin.dtsi
- k3-am62p-verdin-dev.dtsi
- k3-am62p-verdin-wifi.dtsi
- k3-am62p5-verdin-wifi-dev.dts
Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
In ut_report() there is a null check for stats but stats was already
dereferenced on the line before and is again dereferenced later in the
same function. Also the two places where ut_report() is called from will
have initialised the parameter so there is no chance that stats will be
null. So to prevent static analysis complaining of a use before check
just remove the check.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
We will want to use this same logic in another place within iter_inc(),
so split it out into its own function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a few comments about global bootmeths and first_glob_method
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Make all drive names defined with U_BOOT_DRIVER unique
TEE changes:
Rework things such that sandbox will also traverse the optee directory
when SANDBOX_TEE is enabled, but only build one of the optee-specific
files when OPTEE is enabled.
EFI changes:
Up to now we were relying on the file extension to accept and load
an image over HTTP. We expected images to be either .iso or .img.
By wiring up internal existing functions we can try to mount any
file extension and reject it only if mounting fails.
part_driver_lookup_type
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmjt/7cACgkQgS8AYozs
+qJjFhAAuiReQHpldIqw0zPkzW26zF4KRNKzkSqGiiAEJZthZcwRsdn1Xid9BhTh
bd47K5OXoPdP9mLL8xmPSYbxnLPCSrrbeMZO/jIivqrvYdA4ub6Mobn8siCeq5+G
ONvnVPjgcZ3LDywsoDXHqta6sMh0gTeH4h5qiUQiM7sNGYz1gdx+8zOfTOpcwk9U
771CoO1o86HKc0+WPJYkTD86ymGEbDLpcaKiL46UCpuFLAwdJ3l/fJHXwLCuxjnj
pPwJ5AOOFtQVdKF32lQQdywoJvNKcrRdAgWFLUGNizRERQ6qZK1ov8IMpyRHZFpE
FvVUF+2l8hFTYCbEKBC/RMlOeHp5ceE+GcVXYjmUIxqMRp7SldqQ3/WANkTKuvcb
fIjYRAFwcqwHG7AuObD/ew+XMwjnNHDKvpuLxkKgj1wX0xmNcX97QmmKz2sPCS/D
ZFEcI9bCkfyhcIGs0WBfZpQTIABrStblSQxG1XK7aYMmnJdzLFo6vXINAa+MFU6e
rA4Pu+OmLyO6rdTuj0HRlXX832nvyVUkyY2d3CyEpcpat2IWwvVJWgCePW2wZo3E
NawhpOuqLnehzhuRG3/5LeMsGLegQq7ak0/zV6egsl6Is08cKJIvzq7qndxJ/8Ez
Ox2sKE3B2crhx3UTs+5XnBF8H8WRKCZW+/D0LSd5knMzo3UwPMo=
=6iJS
-----END PGP SIGNATURE-----
Merge tag 'mix-next-14102025' of https://source.denx.de/u-boot/custodians/u-boot-tpm
TPM changes:
Make all drive names defined with U_BOOT_DRIVER unique
TEE changes:
Rework things such that sandbox will also traverse the optee directory
when SANDBOX_TEE is enabled, but only build one of the optee-specific
files when OPTEE is enabled.
EFI changes:
Up to now we were relying on the file extension to accept and load
an image over HTTP. We expected images to be either .iso or .img.
By wiring up internal existing functions we can try to mount any
file extension and reject it only if mounting fails.
part_driver_lookup_type
Align erase and write on erase block boundary in line with how read was
aligned in commit 622b5d35613 ("cmd: sf: Handle unaligned 'update' start
offset").
Fixes: 622b5d35613 ("cmd: sf: Handle unaligned 'update' start offset")
Signed-off-by: Viorel Suman <viorel.suman@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Tested-by: Marek Vasut <marek.vasut+renesas@mailbox.org> # R-Car V4H
Remove cdns,is-dma DT property handling. Property is not the part of DT
binding and it is also hardcoded to value 1 in all DTs that's why remove it
because none is also testing value 0.
If there is any use case when this configuration should be supported this
patch can be reverted.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/6205c6585589b423692b6ed063506b4c51c04c77.1760006086.git.michal.simek@amd.com
All instances of the U_BOOT_DRIVER must use a unique name or they will
lead to link time failures due to name space conflicts when both are
present. In this case the driver was reusing the tpm_tis_i2c name.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The intention of how this Makefile was written was to allow for sandbox
to build and test drivers still while otherwise requiring OPTEE to be
enabled. This however didn't work quite right in practice as sandbox
could enable some drivers which would then fail to link. Rework things
such that sandbox will also traverse the optee directory when
SANDBOX_TEE is enabled, but only build one of the optee-specific files
when OPTEE is enabled.
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Enhances the process for identifying disk images within the EFI boot
manager. Utilize part_driver_lookup_type() to verify the validity of a
downloaded file as a disk image, rather than depending on file
extensions.
part_driver_lookup_type() is now used in the prepare_loaded_image()
function in the EFI boot manager to detect partitions on a block device
created from a downloaded image. This allows the boot manager to boot
from any disk image that can be recognized by a partition driver, not
just ISO and IMG images.
Update prepare_loaded_image() to create the ramdisk block device
internally, obtain the blk_desc and use part_driver_lookup_type() to
detect a valid partition table.
In try_load_from_uri_path(), try prepare_loaded_image() first to detect
disk images, and fall back to PE-COFF detection only if that fails.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Make part_driver_lookup_type non-static so it can be used outside
part.c. This allows external callers to determine the appropriate
partition driver for a block device, enabling more flexible handling of
partition types.
Add a prototype and kernel-doc comment in part.h to document the
function contract. Provide a stub inline implementation returning NULL
when partition support is disabled, ensuring build consistency across
configurations.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
A "Synchronous Abort" CPU exception happens on an attempt to run the
"bootflow info" command for a global boot method (e.g. efi_mgr):
=> bootflow select 0
=> bootflow info
"Synchronous Abort" handler, esr 0x96000006, far 0x8
It happens because do_bootflow_info() tries to dereference bflow->dev,
which is NULL in case of efi_mgr. Add the corresponding check to prevent
this NULL pointer dereference and make "bootflow info" command work
properly for global boot methods.
Fixes: 2d653f686b6d ("bootstd: Add a bootflow command")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Due to how we implement the logic for selecting what should/shouldn't be
built in a given phase it becomes extremely cumbersome to make these
phases link when configured by "allyesconfig". As a starting point for
being able to enable "allyesconfig" and expand our static coverage,
disable all other phases in this case.
Future work can be done to enable other phases as time and interest
permit.
Signed-off-by: Tom Rini <trini@konsulko.com>
Given how these options are used in the code, it doesn't make sense to
enable them for COMPILE_TEST. Make them depend on !COMPILE_TEST.
Signed-off-by: Tom Rini <trini@konsulko.com>
The REMAKE_ELF flag is something that should be selected by the
platforms which need it, and not prompted for. Start by making this
depend on !COMPILE_TEST.
Signed-off-by: Tom Rini <trini@konsulko.com>
Today, only a few platforms enable SPL_LOAD_FIT_FULL, and all enable
SPL_LOAD_FIT. As can be seen in usage, the FULL symbol is a superset of
the first symbol, not an alternative. Update Kconfig entries based on
this and simplify the only code which checks for either being set.
Signed-off-by: Tom Rini <trini@konsulko.com>
We can only enable Falcon Mode (aka SPL_OS) on architectures which
implement certain hooks. Express these dependencies in Kconfig.
Signed-off-by: Tom Rini <trini@konsulko.com>
Andreas Pretzsch <apr@cn-eng.de> says:
For the RAUC bootmethod, newly introduced in U-Boot 2025.10, both code
and documentation contain some incorrect (maybe outdated) statements,
so they do not reflect the real behaviour.
This series corrects both the docs and one log_info in the code, to now
reflect the real flow. Beside being visible in the code, all of it was
tested on a real machine.
Despite the very late time in RC cycle, I suggest inclusion before release
of U-Boot 2025.10, as the current statements are simply incorrect. Also I
do not see any risk in these non-functional changes.
Thanks to Martin Schwan for the review and esp. the initial code!
Link: https://lore.kernel.org/r/20251002162506.3908711-1-apr@cn-eng.de
The documentation of bootmeth rauc in some aspects does not reflect the
real program flow. Specifically the reset of boot tries in case of "no
more slots found" is incorrect (it won't change BOOT_ORDER).
Also the search sequence for boot scripts was mixed and incomplete.
Fix these points in the documentation.
Explain the initial setup of any missing BOOT_ORDER and BOOT_x_LEFT
environment variables, and inform about BOOT_x_LEFT decrementing.
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
Reviewed-by: Martin Schwan <m.schwan@phytec.de>
If there is no more active slot found in find_active_slot(), like when
all slots in BOOT_ORDER have a count of 0, the counters are reset to their
default value CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES. The BOOT_ORDER is _not_
changed, which is logically correct (especially for the case when there is
only one (active) slot set, e.g. BOOT_ORDER only contains 'B', probably due
to RAUC option prevent-late-fallback being set). Resetting the counters of
inactive slots also does not harm here, and is fine as a generic solution.
But the log_info statement in this scenario
INFO: Resetting boot order and all slot tries
is incorrect. Change this to
INFO: Resetting all slot tries to 3
with the 3 being inserted by CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES.
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
Reviewed-by: Martin Schwan <m.schwan@phytec.de>
Correct the memory and IO mbus windows size increments in mvebu_pcie_bind.
Currently, pcie1 controller resource_size(&mem) and resource_size(&io)
checks result in a failure. This is because mem.end and io.end must be
incremented at the end of pcie0 windows assignment.
Signed-off-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <stefan.roese@mailbox.org>
