From: Ahmad Fatoum
This simple test checks that the security policies were added and that a
number of options that we expect to be there indeed change as expected.
Signed-off-by: Ahmad Fatoum
---
test/arm/virt32_secure_defconfig.yaml | 1 +
test/py/test_policies.py | 48 +
Add initial scaffolding for a block device mapper which is intended to
be compatible with the corresponding subsystem in Linux.
This is the foundation of several higher level abstractions, for
example:
- LVM: Linux Volume manager. Dynamically allocates logical volumes
from one or more storage d
USB gadget might be considered dangerous in secure environments, so add
a security policy for it.
Signed-off-by: Sascha Hauer
---
Sconfig| 1 +
common/usbgadget.c | 26 ++
drivers/usb/gadget/Sconfig | 11 +++
dr
From: Ahmad Fatoum
Signed-off-by: Ahmad Fatoum
Signed-off-by: Chali Anis
---
efi/Kconfig| 4 +
efi/payload/Kconfig| 4 +
efi/payload/Makefile | 2 +
efi/payload/handover.c | 195 +++
efi/payload/image.c| 228 ++
From: Ahmad Fatoum
Security policies will normally be selected after consulting efuses,
secure boot status from the EEPROM or unlock tokens.
For easier experimentation in QEMU, allow setting the security policy
via the command line arguments, e.g.:
pytest --bootarg barebox.security.policy=loc
From: Ahmad Fatoum
To make it easier to experiment with security policies, add four example
configurations, two via the build system and two "externally".
Signed-off-by: Ahmad Fatoum
---
arch/arm/configs/virt32_secure_defconfig | 1 +
common/boards/qemu-virt/Makefile
From: Ahmad Fatoum
Regular config options apply build-wide. Security config options will
be enabled depending on the policy that's currently active.
To allow using an SCONFIG_ prefix for the latter, introduce
KCONFIG_CONFIG_ to affect this.
Signed-off-by: Ahmad Fatoum
---
scripts/kconfig/Make
From: Ahmad Fatoum
To allow runtime unlocking of a device via security policies, add a new
SCONFIG_BOOT_UNSIGNED_IMAGES option and consult it.
Signed-off-by: Ahmad Fatoum
---
common/Sconfig | 15 +++
common/bootm.c | 26 +-
2 files changed, 40 insertions(+),
From: Chali Anis
Add the ability to install an initrd media protocol from an initrd file
or a fitImage, support both the initrd media protocol or installing the
initramfs directly to efi like what linux do.
Signed-off-by: Chali Anis
---
efi/guid.c| 7 +++
efi/payload/efi-init
With the upcoming device-mapper selftest, enabling CONFIG_DISK and
CONFIG_DM_BLK pushed the resulting relocation table over the 0x8000
default.
Given that the target hardware is QEMU, RAM is unlikely to be a scarce
resource. Therefore, go for the maximum allowed to avoid being back
here again when
On Wed, 10 Sep 2025 13:59:56 +0200, Sascha Hauer wrote:
> On AM625 the DEVSTAT register for specifying the reboot mode is at
> 0x4330, not at 0x43010030.
>
>
Applied, thanks!
[1/1] ARM: k3: am625: fix syscon-reboot-mode
https://git.pengutronix.de/cgit/barebox/commit/?id=73cff276e999
On 9/17/25 4:02 PM, Sascha Hauer wrote:
> On Tue, Sep 16, 2025 at 11:38:48AM +0200, Ahmad Fatoum wrote:
>> Hello Sascha,
>>
>> On 9/16/25 11:32 AM, Sascha Hauer wrote:
>>> Several drivers in the tree use an enum for the chip type casted to int
>>> as driver_data. This comes with the problem that de
On Sun, 14 Sep 2025 15:25:31 -0400, chalian...@gmail.com wrote:
> The entry single is used in x86, this memory allocation need to be set to
> data since it is used to initialise the malloc memory. set all this region
> to loader code could represent a security issue since we autorise memory
> exe
Use the efi malloc fallback on all efi based systems.
Signed-off-by: Chali Anis
---
arch/arm/configs/efi_v8_defconfig | 1 +
arch/x86/configs/efi_defconfig| 1 +
efi/payload/Kconfig | 5 +++--
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/arm/configs/efi_v
14 matches
Mail list logo
