For pcr_read and pcr_extend commands allow the digest algorithm to be
specified by an additional argument. If not specified it will default to
SHA256 for backwards compatibility.
Additionally update test_tpm2.py for the changes in output in pcr_read
which now shows the algo and algo length in the output.
A follow-on to this could be to extend all PCR banks with the detected
algo when the <digest_algo> argument is 'auto'.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
replace tpm2_supported_algorithms with an array of structures
relating algorithm names, to TCG id's, digest length and mask values.
While at it fix the tpm2_algorithm_to_mask to return the proper value.
Cc: Eddie James <eajames@linux.ibm.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of displaying what looks like an error message if a
gpio-reset dt prop is missing for a TPM display a warning that
having a gpio reset on a TPM should not be used for a secure production
device.
TCG TIS spec [1] says:
"The TPM_Init (LRESET#/SPI_RST#) signal MUST be connected to the
platform CPU Reset signal such that it complies with the requirements
specified in section 1.2.7 HOST Platform Reset in the PC Client
Implementation Specification for Conventional BIOS."
The reasoning is that you should not be able to toggle a GPIO and reset
the TPM without resetting the CPU as well because if an attacker can
break into your OS via an OS level security flaw they can then reset the
TPM via GPIO and replay the measurements required to unseal keys
that you have otherwise protected.
Additionally restructure the code for improved readability allowing for
removal of the init label.
Before:
- board with no reset gpio
u-boot=> tpm init && tpm info
tpm_tis_spi_probe: missing reset GPIO
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
- board with a reset gpio
u-boot=> tpm init && tpm info
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
After:
- board with no reset gpio
u-boot=> tpm init && tpm info
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
- board with a reset gpio
u-boot=> tpm init && tpm info
tpm@1: TPM gpio reset should not be used on secure production devices
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_03212013.pdf
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The Indiedroid Nova is a Rockchip RK3588S based SBC from Indiedroid.
Specifications:
Rockchip RK3588S SoC
4x ARM Cortex-A76, 4x ARM Cortex-A55
4/8/16GB memory LPDDR4x
Mali G610MC4 GPU
Optional eMMC
2x USB 2.0, 2x USB 3.0, 1x USB 3.0 C port with DP Alt
1x MIPI-CSI Port (4-lane or 2x 2-lane)
1x MIPI-DSI 4-lane connector
1x Micro HDMI 2.1 output, 1x DP 1.4 output
Gigabit Ethernet
Realtek RTL8821CS WiFi
4 pin debug UART connector
40 pin GPIO header
Size: 85mm x 56mm (Raspberry Pi Form Factor)
Kernel commit:
3900160e164b ("arm64: dts: rockchip: Add Indiedroid Nova board")
Signed-off-by: Chris Morgan <macromorgan@hotmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
The Powkiddy X55 is a Rockchip RK3566 based handheld gaming device.
UART, ADC, eMMC, and SDMMC are tested to work in U-Boot and this
successfully boots mainline Linux.
Kernel commit:
e99adc97e21a ("arm64: dts: rockchip: Add Powkiddy X55")
Signed-off-by: Chris Morgan <macromorgan@hotmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The following patch series adds support for version 2 of the FWU
metadata. The version 2 metadata structure is defined in the latest
revision of the FWU specification [1].
The earlier versions of these patches were migrating to a version 2
only support in U-Boot, similar to TF-A. However, based on feedback
from ST [2], this series has been updated to support both versions. A
platform would still be needed to enable one of the two versions of
metadata through a config symbol.
TF-A has code which reads the FWU metadata and boots the platform from
the active partition. TF-A has decided to migrate the FWU code to a
version 2 only support. These changes have been merged in upstream
TF-A.
These changes have been tested on the ST DK2 board, which uses the GPT
based partitioning scheme. Both V1 and V2 metadata versions have been
tested on the DK2 board.
These changes need to be tested on platforms with MTD partitioned
storage devices.
Now that support for FWU metadata version 2 has been added, the
feature can be enabled on platforms which had enabled it. A new config
symbol for selecting the metadata version for the platform is also
being added.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Add an entry for the FWU Multi Bank Update feature.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The FWU Update Agent in U-Boot supports both versions of the FWU
metadata. Make changes in the documentation to reflect this.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Make changes to the FWU metadata access tests corresponding to the
changes in the FWU metadata access code.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The version 2 of the FWU metadata allows for appending opaque vendor
specific data to the metadata structure. Add support for appending
this data to the metadata. The vendor specific data needs to be
provided through a file, passed through a command-line parameter. Make
corresponding changes to the tool's manpage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Add support for generating the FWU metadata version 2. The tool now
requires the version to be provided as a command-line option. Make
corresponding changes to the tool's manpage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Add support for displaying data specific to FWU metadata version
2. Because the size of the v2 metadata structure is read from the
structure itself, allocate memory for the metadata structure by first
getting the size of the structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Make changes to the functions used for generating the DFU's alt
variable so that the FWU image information is obtained from the common
version agnostic structure instead of reading the metadata.
While here, also update the name of the field used for storing the
image GUID in the FWU metadata.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Information about FWU images on MTD partitions is now stored with the
corresponding driver instead of a global variable. Get this
information from the driver.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The third argument passed to the function gen_image_alt_info() is not
used and is superfluous. Remove this unused argument from the function
call.
Fixes: 4898679e190 (FWU: Add FWU metadata access driver for MTD storage regions)
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Support has been added for version 2 of the FWU metadata
structure. Add config symbols to enable either of the two versions.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Transition the platform to either Trial State or Regular State on a
successful update. Do this by calling the fwu_state_machine_updates()
API function.
For version 1 of the FWU metadata, the transition to Trial State is
done by starting the Trial State counter, while for version 2, in
addition to the counter, the bank_state field of the FWU metadata is
also updated to Valid.
For transitioning the platform to Regular State, no action is needed
with version 1 of the FWU metadata structure, while for version 2, the
bank_state field is set to Accepted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
With addition of support for version 2 of the FWU metadata structure,
the metadata information is collected into a version agnostic
structure. Make changes to the FWU functions so that the information
that was earlier obtained by reading the metadata structure is now
obtained through this version agnostic structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Support is being added in U-Boot for version 2 of the FWU
metadata. Support for this version is to co-exist with version 1
support. To achieve this, a common, version agnostic structure has
been added to keep information provided by the FWU metadata
structure.
Add API's to handle the version specific FWU metadata fields. The
version agnostic structure gets initialized at boot by reading the FWU
metadata. Updates to the FWU metadata result in the API's getting
called to populate the version specific fields of the strucure, before
the metadata gets written to the storage media.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The FWU specification now has two versions of the FWU metadata
structure, and both are to be supported. Introduce a version agnostic
structure for storing information about the FWU updatable images. This
allows for a split of common version agnostic FWU code and version
specific code.
The version specific code is then responsible for arranging the data
as per the corresponding metadata structure before it gets written to
the metadata partitions.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Add support for version 2 of the FWU metadata structure. The top level
structure is kept separate through a config symbol. Most of the
fields, primarily used for providing information on updatable images
are common across the two versions.
Also change a few existing structure members used for image
identification to reflect the fact that these are GUIDs, and not
UUIDs.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The FWU metadata access driver for MTD partitioned devices currently
uses a statically allocated array for storing the updatable image
information. This array depends on the number of banks and images per
bank. With migration of the FWU metadata to version 2, these
parameters are now obtained at runtime from the metadata.
Make changes to the FWU metadata access driver for MTD devices to
allocate memory for the image information dynamically in the driver's
probe function, after having obtained the number of banks and images
per bank by reading the metadata. Move the image information as part
of the driver's private structure, instead of using a global variable.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
In version 2 of the metadata structure, the size of the structure
cannot be determined statically at build time. The structure is now
broken into the top level structure which contains a field indicating
the total size of the structure.
Add a size parameter to the metadata access API functions to indicate
the number of bytes to be accessed. This is then used to either read
the entire structure, or only the top level structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
The fwrite call returns the number of bytes transferred as part of the
write only when the size parameter is 1. Pass the size parameter to
the library call as 1 so that the correct number of bytes transferred
are returned.
Fixes: fdd56bfd3ad ("tools: Add mkfwumdata tool for FWU metadata image")
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Support is to be added in the following commits for the FWU metadata
version 2. Disable the FWU feature on platforms that enable it for the
V2 addition work.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/20834
- Allow signing i.MX8M flash.bin via binman, which is a much more
elegant solution that using scripts.
- Improve i.MX8M HAB documentation.
- Increase PHY auto-negotiation timeout to 20s on MX8Menlo
- Add bmode support for the MX53 Menlo board.
- Update Update iMX8MM Menlo board configuration
For CST to find the certificates and keys for signing, some keys and
certs need to be copied into the u-boot build directory.
Signed-off-by: Claudius Heine <ch@denx.de>
By removing the "boot" directory in the "m53menlo/boot/fitImage" path,
we simplify the TFTP server directory layout a bit. This also requires a
change to the mmcload command as it (mis-)uses the same variable as the
TFTP boot.
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Marek Vasut <marex@denx.de>
The board can do primary/secondary boot switching, enable the bmode command.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Synchronize Toradex Verdin iMX8MM based MX8Menlo board configuration
with Toradex Verdin iMX8MM and enable convenience commands like cat,
hexdump, xxd.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
The ethernet PHY on MX8Menlo board takes a while to come out of
reset, increase the auto-negotiation timeout to prevent it from
timing out in case the ethernet is used right after the board was
reset.
Signed-off-by: Marek Vasut <marex@denx.de>
Update documentation and use nxp_imx8mcst binman etype for signing
of flash.bin instead of previous horrible shell scripting.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
In case CONFIG_IMX_HAB is enabled, extend the binman image description for
all of i.MX8M{Q,M,N,P} with CST wrapper node. This way, if CONFIG_IMX_HAB
is enabled, binman will be automatically used to sign SPL and fitImage.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add binman_imx_spl and binman_imx_fit labels to nxp-imx8mimage {} and fit {}
nodes respectively, so they can be referened in board DTs no matter how deep
in the top level binman image description they are. Update current board DTs
to use those labels.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add new binman etype which allows signing both the SPL and fitImage sections
of i.MX8M flash.bin using CST. There are multiple DT properties which govern
the signing process, nxp,loader-address is the only mandatory one which sets
the SPL signature start address without the imx8mimage header, this should be
SPL text base. The key material can be configured using optional DT properties
nxp,srk-table, nxp,csf-crt, nxp,img-crt, all of which default the key material
names generated by CST tool scripts. The nxp,unlock property can be used to
unlock CAAM access in SPL section.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
U-Boot proper pre-reloc is currently running out of memory and it is
thus impossible to boot into U-Boot CLI.
Fix this by migrating to the common bss and stack addresses for PX30,
which drastically increases the size of the pre-reloc allocation pool (8
times bigger now). The memory layout in SPL and U-Boot proper now
match the other SoCs' using ROCKCHIP_COMMON_STACK_ADDR.
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
See commit 008ba0d56d00 ("rockchip: Add common default bss and stack
addresses") for memory layout. This migrates PX30 to use the new layout,
except for TPL. Indeed, PX30 is extremely limited in SRAM, so we need to
be extra careful about what goes into the TPL and how much we can
allocate there, so let's keep the current value for
TPL_SYS_MALLOC_F_LEN (already present in the PX30-specific Kconfig, from
an earlier commit).
This will allow us to use the same memory layout on one more Rockchip
SoC, which is always a nice thing. Additionally, this will make it
easier to fix U-Boot proper pre-reloc running out of memory on PX30 in a
subsequent commit.
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
This is the kind of setting that typically doesn't need to be changed
between boards based on the same SoC, so let's make it the default in
PX30 Kconfig so we don't have to care about it in the defconfig if we
don't want to.
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
All parts expect the SPLL to run at 702MHz. In U-Boot it's the SPLL_HZ
declaring this rate and in the kernel it's a fixed clock definition.
While everything is expecting 702MHz, the SPLL is not running that
frequency when coming from the bootrom though, instead it's running
at 351MHz and the vendor-u-boot just sets it to the expected frequency.
The SPLL itself is located inside the secure-BUSCRU and in theory
accessible as an SCMI clock, though this requires an unknown amount
of cooperation from trusted-firmware to set at a later stage, though
during the SPL stage we can still access the relevant CRU directly.
The SPLL is for example necessary for the DSI controllers to produce
output.
As the SPLL is "just" another rk3588 pll, just set the desired rate
directly during the SPL stage.
Tested on rk3588-rock5b and rk3588-tiger by reading back the PLL rate
and also observing working DSI output with this change.
Fixes: 6737771600d4 ("rockchip: rk3588: Add support for sdmmc clocks in SPL")
Suggested-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko.stuebner@cherry.de>
Cc: Jonas Karlman <jonas@kwiboo.se>
Cc: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Migrate RV1126 boards that exists in Linux v6.8 to use OF_UPSTREAM.
Following targets is migrated to use OF_UPSTREAM:
- rv1126-edgeble-neu2 : Board is an industrial form factor
IO board.
- sonoff-ihost-rv1126 : Gateway device designed to provide a
Smart Home Hub.
Cc: Tim Lunn <tim@feathertop.org>
Cc: Jagan Teki <jagan@edgeble.ai>
Reviewed-By: Tim Lunn <tim@feathertop.org>
Tested-By: Tim Lunn <tim@feathertop.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Signed-off-by: Anand Moon <anand@edgeble.ai>
Signed-off-by: Anand Moon <linux.amoon@gmail.com>
After the conversion of RV1108 to OF_UPSTREAM,
include/dt-bindings/clock/rv1108-cru.h is no longer needed because
there is dts/upstream/include/dt-bindings/clock/rv1108-cru.h from
upstream Linux.
Remove the unneeded rv1108-cru.h file.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Raymond Mao <raymond.mao@linaro.org> says:
This patch set is picked from the previously posted serie:
"[RFC] Integrate MbedTLS v3.6 LTS with U-Boot"
They are not directly related to MbedTLS integration, but the
prerequisite for a few clean-up, refactoring and minor fixes.
For V2, the linker script patch is dropped and added one patch
to move the snprintf to stdio.h
Move snprintf to stdio.h since it is needed by exteranl libraries.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use of typedef is beneficial for porting with other crypto libs
without changing the API callers.
Secondly, it is for the code consistency with other digest libs.
SHA1, SHA256 and SHA512 are all using typedef for their context.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
