The ARM64 kernel Image size with LOCKDEP enabled is now around 80 MiB, which
makes it unbootable due to "Image too large: increase CONFIG_SYS_BOOTM_LEN".
Increase the image size limit to 128 MiB to future proof the limit.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
At this time there are still major Linux distributions which by default
boot using LEGACY_IMAGE_FORMAT type scripts. Add this option to
DISTRO_DEFAULTS to ensure these platforms can still boot.
Fixes: d780965927d4 ("Drop the special am335x_boneblack_vboot target")
Reported-by: Sascha Silbe <sascha-pgp@silbe.org>
Tested-By: Sascha Silbe <sascha-pgp@silbe.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Since the bootmeth "rauc" is not a global boot method, do not select the
corresponding BOOTMETH_GLOBAL option.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
This changes the default value to the most commonly used one among
existing defconfigs.
Signed-off-by: Martin Herren <sputnik@on-the-web.ch>
Acked-by: Michal Simek <michal.simek@amd.com> # xilinx_mbv
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
João Paulo Gonçalves <jpaulo.silvagoncalves@gmail.com> says:
In some use cases, board-specific device tree changes must not be overwritten
by system fixups. Although U-Boot provides ft_board_setup_ex() for this
purpose, it is currently only used on TI Keystone. This series makes
ft_board_setup_ex() a generic option, allowing its use by other architectures
and boards.
Additionally, considering that Toradex Verdin-AM62P hardware lifetime
guarantees are based on a 105°C junction temperature (while TI AM62Px supports
up to 125°C), this series implements necessary changes within TI K3 AM62P and
Toradex board code. These changes include exporting common fixup device Tree
functions used in TI K3 for board-code access and also fixup for AM62P thermal
zones to correctly reflect the number of CPU nodes according to the SoC part
number.
Link: https://lore.kernel.org/r/20250623-am62p-fdt-fixup-trip-points-v1-0-12355eb6a72f@toradex.com
In some use cases, board-specific device tree changes must not be
overwritten by system fixups. Although U-Boot provides
ft_board_setup_ex() for this purpose, it is currently only used on TI
Keystone. Make ft_board_setup_ex() to be a generic option, allowing its
use by other architectures/boards. To maintain backward compatibility,
enable it by default on TI Keystone.
Signed-off-by: João Paulo Gonçalves <joao.goncalves@toradex.com>
Some androidboot image have invalid kernel/ramdisk load addr,
force to ignore those value and use loadaddr instead.
There is a concern on exposing the whole memory to image loading is
dangerous. Also, since it's not always possible to change the load
addr by repacking the boot.img (mainly due to AVB signature mismatch),
we need a way to use kernel_addr_r and ramdisk_addr_r.
Suggested-by: Casey Connolly <casey.connolly@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Signed-off-by: George Chan <gchan9527@gmail.com>
Link: https://lore.kernel.org/r/20250518-android-boot-v3-1-02c8768e131f@gmail.com
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Marek Vasut <marek.vasut+renesas@mailbox.org> says:
Rename the environment related variables and add ENV_ prefix, so that
all configuration options which are related to environment would have
an CONFIG_ENV_ prefix. No functional change.
Link: https://lore.kernel.org/r/20250609192701.20260-1-marek.vasut+renesas@mailbox.org
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Also rename USE_DEFAULT_ENV_FILE to USE_ENV_DEFAULT_ENV_TEXT_FILE .
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Martin Schwan <m.schwan@phytec.de> says:
This series implements a new bootmeth for RAUC A/B systems. RAUC (Robust
Auto Update Controller) is a lightweight update client, providing "Safe
and Secure OTA Updates for Embedded Linux". See the following links for
more information about RAUC:
https://rauc.io/https://rauc.readthedocs.io/en/latest/
PHYTEC uses RAUC in its Yocto based distribution "Ampliphy" as the
default way of updating embedded devices based on PHYTEC hardware. So
far, the logic selecting the correct partitions and files to boot was
being implemented in the U-Boot environment. While this is a
straightforward way to do it, adding and supporting new platforms became
somewhat tedious and is platform-specific. The introduction of U-Boot's
"Standard Boot" provided a convincing alternative, promising a simpler
and more portable way of booting, even for RAUC systems. This led me to
implement a new bootmeth supporting RAUC A/B systems. Note, that this
new bootmeth is not proprietary to PHYTEC products and is designed to
work on other hardware with a RAUC A/B system, too.
The bootmeth currently only supports symmetric A/B partitioning layouts.
E.g. A/rescue is not (yet) supported. The partition indexes and default
slot tries can be specified via configuration options.
For now, the bootmeth_rauc uses a similar approach for loading the
Kernel and device tree as the bootmeth_script, in that it requires a FIT
containing a U-Boot script loading the desired distro. It could be
possible to support booting without a script and load the Kernel and DT
directly with this bootmeth, but I found the script method to be very
flexible for now, in letting the distro decide what to load.
The bootmeth_rauc was tested on a phyBOARD-Pollux i.MX8M Plus [1] with
BSP-Yocto-Ampliphy-i.MX8MP-PD24.1.2 [2].
Supported boot devices are currently only MMC devices, but it should be
possible to add SPI flashes in the future.
To test this patch stack with PHYTEC's phyBOARD-Pollux i.MX8M Plus
board, you need to adjust the boot files to include the boot.scr.uimg
containing the distro's boot script and set "optargs" to "${raucargs}"
in it. Also disable any legacyboot in the U-Boot environment and simply
boot with Standard Boot:
bootmeth order rauc
bootflow scan -lb
[1]: https://www.phytec.eu/en/produkte/single-board-computer/phyboard-pollux/
[2]: https://download.phytec.de/Software/Linux/BSP-Yocto-i.MX8MP/BSP-Yocto-Ampliphy-i.MX8MP-PD24.1.2/
Link: https://lore.kernel.org/r/20250604-wip-bootmeth-rauc-v3-0-f9fad913c57e@phytec.de
[trini: Don't enable by default]
Add a bootmeth driver which supports booting A/B system with RAUC as
their update client.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Tested-by: Wadim Egorov <w.egorov@phytec.de>
The bootstd code itself does not have any dependency on BLK in order to
build. However, in order to minimize size growth of non-migrated
platforms, change this from being "default y" to "default y if BLK".
This will make it easier to begin migration of platforms which do not
have any BLK-class device but do want to use bootstd.
Signed-off-by: Tom Rini <trini@konsulko.com>
BOOTSTAGE_RECORD_COUNT=30 is too small to record booting a FIT image
with EFI kernel, initrd, dtb as seen on the StarFive VisionFive 2
board.
Increase the default for BOOTSTAGE_RECORD_COUNT to 50.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Introduce a new config option: RETRY_BOOTCMD. When enabled this causes
hush shell to re-run "bootcmd" when the auto-boot counter times out.
Tested-by: Danila Tikhonov <danila@jiaxyga.com> # google-sunfish
Tested-by: Jens Reidel <adrian@mainlining.org> # xiaomi-davinci
Link: https://lore.kernel.org/r/20250331-qcom-phones-v4-2-f52e57d3b8c6@linaro.org
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
The option ONENAND_BOOT is never set, so remove it. The option
SYS_ONENAND_BOOT was never migrated to Kconfig and any platforms which
supported that have long been removed from the code, so remove the
reference there as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
So far only VBE-simple is implemented in U-Boot. This supports a single
image which can be updated in situ.
It is often necessary to support two images (A and B) so that the board
is not bricked if the update is interrupted or is bad.
In some cases, a non-updatable recovery image is desirable, so that the
board can be returned to a known-good state in the event of a serious
failure.
Introduce ABrec which provides these features. It supports three
independent images and the logic to select the desired one on boot.
While we are here, fix a debug message to indicate the function it
called. Provide a maintainers entry for VBE.
Note that fwupdated only supports VBE-simple so far, but supports for
ABrec will appear in time.
Signed-off-by: Simon Glass <sjg@chromium.org>
VBE uses a crc8 checksum to verify that the nvdata is valid, so make
sure it is available if VBE is enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
With VBE we want to use FIT in all phases of the boot. Add Kconfig
options to support this.
Disable the options for sandbox_vpl for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
This reverts commit 1fdf53ace13f745fe8ad4d2d4e79eed98088d555, reversing
changes made to e5aef1bbf11412eebd4c242b46adff5301353c30.
I had missed that this caused too much size growth on rcar3_salvator-x.
Signed-off-by: Tom Rini <trini@konsulko.com>
Simon Glass <sjg@chromium.org> says:
This includes various patches towards implementing the VBE abrec
bootmeth in U-Boot. It mostly focuses on SPL tweaks and adjusting what
fatures are available in VPL.
Link: https://lore.kernel.org/r/20241207172412.1124558-1-sjg@chromium.org
VBE uses a crc8 checksum to verify that the nvdata is valid, so make
sure it is available if VBE is enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
With VBE we want to use FIT in all phases of the boot. Add Kconfig
options to support this.
Disable the options for sandbox_vpl for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
The SPL_FIT_GENERATOR is long superseded by binman, drop SPL_FIT_GENERATOR
support as there are no more users.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/22109373594b6a5d1110be9420ccd8fbb93a61d3.1730452668.git.michal.simek@amd.com
Update android bootmeth to support non-A/B image.
Enable AB support only when ANDROID_AB is enabled.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Link: https://lore.kernel.org/r/20241126-adnroidv2-v4-2-11636106dc69@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
I enabled IMX_HAB on an imx8mp board, but even though I knew about the
implementation, I forgot that I had to provide a sane value for
SPL_LOAD_FIT_ADDRESS. The help text for IMX_HAB doesn't mention this
implicit requirement, and there's no build-time warning; the default
0x0 value just ends up being returned from
board_spl_fit_buffer_addr(), obviously resulting in a non-booting
board.
The existing imx8m* board configs that set a non-zero value currently
all use 0x44000000. The actual value doesn't matter too much, but 0 is
always wrong for imx8m platforms. So just use 0x44000000 as default
for those platforms.
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
The bootflow_menu.c code depends on e.g. scene_txt_set_font(),
which is only built when CONFIG_EXPO is enabled. Introduce new
Kconfig symbol BOOTSTD_MENU which depends on EXPO to prevent
triggering errors like these in case e.g. CONFIG_VIDEO=n :
"
boot/bootflow_menu.c:158:(.text+0x8851): undefined reference to `scene_txt_set_font'
"
Make the symbol depend on BOOTSTD_FULL as well to get rid of
the Makefile dependency workaround. Since BOOTSTD_FULL is not
available in SPL, do not define SPL variant of BOOTSTD_MENU.
Fix up bootflow test accordingly.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The fdt_simplefb.c APIs rely on video-uclass APIs and structures to
fill/update framebuffer information, so compile it only when VIDEO
Kconfig is enabled, as otherwise below warning can be seen if VIDEO
Kconfig is disabled:
"boot/fdt_simplefb.c:96:12: warning: fdt_simplefb_enable_existing_node
defined but not used [-Wunused-function]
96 | static int fdt_simplefb_enable_existing_node(void *blob)"
Reported-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
The SPL_FIT_SOURCE is long superseded by SPL_FIT_GENERATOR which
is long superseded by binman, drop SPL_FIT_SOURCE support as there
are no more users.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Prepare the introduction of the lwIP (lightweight IP) TCP/IP stack by
adding a new net/lwip/ directory and the NET_LWIP symbol. Network
support is either NO_NET, NET (legacy stack) or NET_LWIP. Subsequent
commits will introduce the lwIP code, re-work the NETDEVICE integration
and port some of the NET commands and features to lwIP.
SPL_NET cannot be enabled when NET_LWIP=y. SPL_NET pulls some symbols
that are part of NET (such as arp_init(), arp_timeout_check(),
arp_receive(), net_arp_wait_packet_ip()). lwIP support in SPL may be
added later.
Similarly, DFU_TFTP and FASTBOOT are not compatible with NET_LWIP
because of dependencies on net_loop(), tftp_timeout_ms,
tftp_timeout_count_max and other NET things. Let's add a dependency on
!NET_LWIP for now.
SANDBOX can select NET_LWIP but doing so will currently disable the eth
dm tests as well as the wget tests which have strong dependencies on the
NET code.
Other adjustments to Kconfig files are made to fix "unmet direct
dependencies detected" for USB_FUNCTION_SDP and CMD_FASTBOOT when
the default networking stack is set to NET_LWIP ("default NET_LWIP"
instead of "default NET" in Kconfig).
The networking stack is now a choice between NO_NET,
NET and NET_LWIP. Therefore '# CONFIG_NET is not set' should be
'CONFIG_NO_NET=y'. Adjust the defconfigs accordingly.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
:hile we had hoped to be able to remove these options finally, it was
missed that zynq still requires these currently.
This reverts commit 5b9261fb0b1ed087387f2036d279fd3f4bb20a61 and
commit 099b6df556c95f5d06864612e9199eab7ba50ed3.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
The SPL_FIT_GENERATOR is long superseded by binman, drop SPL_FIT_GENERATOR
support as there are no more users.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The SPL_FIT_SOURCE is long superseded by SPL_FIT_GENERATOR which
is long superseded by binman, drop SPL_FIT_SOURCE support as there
are no more users.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
The EFI_LOADER and EFI config options are randomly scattered under lib/
making it cumbersome to navigate and enable options, unless you really
know what you are doing. On top of that the existing options are in
random order instead of a logical one.
So let's move things around a bit and move them under boot/. Present a
generic UEFI entry where people can select Capsules, Protocols,
Services, and an option to compile U-Boot as an EFI for X86
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the basic code to create a handoff structure in SPL, so it can be
passed to the next phase. For now this is not plumbed in.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a 'upl' command to work with Universal Payload features. For now it
only supports reading and writing a handoff structure.
Signed-off-by: Simon Glass <sjg@chromium.org>
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for writing the handoff information from
a structure.
Signed-off-by: Simon Glass <sjg@chromium.org>
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for reading the handoff information into
a structure.
Signed-off-by: Simon Glass <sjg@chromium.org>
U-Boot is often used conjunction with QEMU to boot via EFI or syslinux.
Here the QFW boot method is not needed.
At least for qemu-riscv64_smode_defconfig the kernel parameter is used
to specify the U-Boot binary. Trying to run U-Boot as a kernel makes
no sense.
Provide Kconfig parameter CONFIG_BOOTMETH_QFW to decide if the QFW boot
method shall be provided.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
A valid memory location to stash bootstage information at will be
architecture dependent. Move the existing defaults to the main Kconfig
file for this option and set 0x0 as the default only for sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Android boot flow is a bit different than a regular Linux distro.
Android relies on multiple partitions in order to boot.
A typical boot flow would be:
1. Parse the Bootloader Control Block (BCB, misc partition)
2. If BCB requested bootonce-bootloader, start fastboot and wait.
3. If BCB requested recovery or normal android, run the following:
3.a. Get slot (A/B) from BCB
3.b. Run AVB (Android Verified Boot) on boot partitions
3.c. Load boot and vendor_boot partitions
3.d. Load device-tree, ramdisk and boot
The AOSP documentation has more details at [1], [2], [3]
This has been implemented via complex boot scripts such as [4].
However, these boot script are neither very maintainable nor generic.
Moreover, DISTRO_DEFAULTS is being deprecated [5].
Add a generic Android bootflow implementation for bootstd.
For this initial version, only boot image v4 is supported.
[1] https://source.android.com/docs/core/architecture/bootloader
[2] https://source.android.com/docs/core/architecture/partitions
[3] https://source.android.com/docs/core/architecture/partitions/generic-boot
[4] https://source.denx.de/u-boot/u-boot/-/blob/master/include/configs/meson64_android.h
[5] https://lore.kernel.org/r/all/20230914165615.1058529-17-sjg@chromium.org/
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Tested-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Marek Mojík <marek.mojik@nic.cz> says:
Hello all,
this is a continuation of previous work by Pali to add support for the
Turris 1.x board. As the patches were based on u-boot v2022.04, a
nontrivial rebasing was needed.
Some notes:
- Some options that are in SD defconfig are disabled in NOR defconfig
because over the years u-boot grew and the old NOR defconfig will not
fit into NOR memory.
- SD boot with RAM larger than 2GB will only allocate 2GB of RAM (We
were not able to fix this yet)
Add support for CZ.NIC Turris 1.x routers.
CZ.NIC Turris 1.0 (RTRS01) and 1.1 (RTRS02) are open source routers, they
have dual-core PowerPC Freescale P2020 CPU and are based on reference
Freescale P2020RDB-PC-A board design.
Hardware design is fully open source, all firmware and hardware design
files are available at Turris project website:
https://docs.turris.cz/hw/turris-1x/turris-1x/https://project.turris.cz/en/hardware.html
The P2020 BootROM can load U-Boot either from NOR flash or from SD card.
We add the new defconfigs, turris_1x_nor_defconfig, which configures
U-Boot for building the NOR image, and turris_1x_sdcard_defconfig, which
configures U-Boot for building an image suitable for SD card.
The defconfig for NOR image is stripped-down a - many config options
enabled in SD defconfig are disabled for NOR defconfig. This is because
U-Boot grew non-trivially in the last two years and it would not fit
into the space allocated for U-Boot in the NOR memory. In the future we
may try to use LTO to reduce the size of the code and enable more
options.
The design of CZ.NIC Turris 1.x routers is based on Freescale P2020RDB-PC-A
board, so some code from boards/freescale/p1_p2_rdb_pc is used and linked
into Turris 1.x board code.
Turris 1.x code in this patch uses modern distroboot and can boot Linux
kernel from various locations, including NAND, SD card, USB flash disks,
NVMe disks or SATA disks (connected to extra SATA/SCSI PCIe controllers).
Via distroboot is implemented also rescue NOR boot for factory recovery,
triggered by reset button, like on other existing Turris routers.
SD boot with RAM larger than 2GB will only allocate 2GB of RAM (We were
not able to fix this yet)
[ Because various CONFIG_ macros were migrated to Kconfig since the last
time this worked on upstream U-Boot (in 2022), a non-trivial rebasing
was needed and some issues were solved. ]
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Reviewed-by: Marek Behún <kabel@kernel.org>
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ /\t/' -i */Kconfig
Signed-off-by: Anand Moon <linux.amoon@gmail.com>
Simon reports that after enabling all algorithms on the TPM some boards
fail since they don't have enough storage to accommodate the ~5KB growth.
The choice of hash algorithms is determined by the platform and the TPM
configuration. Failing to cap a PCR in a bank which the platform left
active is a security vulnerability. It might allow unsealing of secrets
if an attacker can replay a good set of measurements into an unused bank.
If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
all supported hashing algorithms. We still want to allow users to add a
TPM and not enable measured boot via EFI or bootm though and at the same
time, control the compiled algorithms for size reasons.
So let's add a function tpm2_allow_extend() which checks the TPM active
PCRs banks against the one U-Boot was compiled with. We only allow
extending PCRs if the algorithms selected during build match the TPM
configuration.
It's worth noting that this is only added for TPM2.0, since TPM1.2 is
lacking a lot of code at the moment to read the available PCR banks.
We unconditionally enable SHA1 when a TPM is selected, which is the only
hashing algorithm v1.2 supports.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> # chromebook-link
