Hi all,
Is there something on my side needed to push this forward?
On Wed, Jun 19, 2024 at 12:41 AM Alex Shumsky wrote:
> Fix btrfs_read/read_and_truncate_page write out of bounds of destination
> buffer. Old behavior break bootstd malloc'd buffers of exact file size.
> Previously
Am 20.06.24 um 19:08 schrieb Tom Rini:
On Thu, Jun 20, 2024 at 07:03:26PM +0200, Alex Bee wrote:
Am 20.06.24 um 12:24 schrieb Quentin Schulz:
From: Quentin Schulz
No meaningful changes were made to this SoM since February 2021. Nobody
from Theobroma has booted anything recent
driver [0].
I'm planning to add a board which uses TPL/SPL soonish (when my rare spare
time allows).
Alex
[0] https://gitlab.freedesktop.org/frankbinns/linux-firmware/-/issues/1
Fix btrfs_read/read_and_truncate_page write out of bounds of destination
buffer. Old behavior break bootstd malloc'd buffers of exact file size.
Previously this OOB write have not been noticed because distroboot usually
read files into huge static memory areas.
Signed-off-by: Alex Shumsky
Fixes
Fix btrfs_read/read_and_truncate_page write out of bounds of destination
buffer. Old behavior break bootstd malloc'd buffers of exact file size.
Previously this OOB write have not been noticed because distroboot usually
read files into huge static memory areas.
Signed-off-by: Alex Shumsky
Am 22.05.24 um 18:20 schrieb Jonas Karlman:
On 2024-05-22 16:18, Alex Bee wrote:
Am 13.05.24 um 01:22 schrieb Jonas Karlman:
On 2024-05-13 00:34, Alex Bee wrote:
Am 12.05.24 um 23:37 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-12 21:49, Alex Bee wrote:
Am 11.05.24 um 20:47 schrieb Jonas
Am 13.05.24 um 01:22 schrieb Jonas Karlman:
On 2024-05-13 00:34, Alex Bee wrote:
Am 12.05.24 um 23:37 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-12 21:49, Alex Bee wrote:
Am 11.05.24 um 20:47 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-11 19:44, Alex Bee wrote:
Hi Jonas,
Am 11.05.24 um
Am 12.05.24 um 23:37 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-12 21:49, Alex Bee wrote:
Am 11.05.24 um 20:47 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-11 19:44, Alex Bee wrote:
Hi Jonas,
Am 11.05.24 um 13:28 schrieb Jonas Karlman:
This series add gpio request() and pinctrl
Am 11.05.24 um 20:47 schrieb Jonas Karlman:
Hi Alex,
On 2024-05-11 19:44, Alex Bee wrote:
Hi Jonas,
Am 11.05.24 um 13:28 schrieb Jonas Karlman:
This series add gpio request() and pinctrl gpio_request_enable() ops so
that a gpio requested pin automatically use gpio pinmux and U-Boot
behaves
if those SoCs already using
OF_UPSTREAM) and leave the -u-boot.dtsi-"hack" alone for now.
Alex
With the gpio and pinctrl ops implemented this series also remove a PCIe
reset-gpios related device lock-up workaround from board u-boot.dtsi.
PX30, RK3066, RK3188, RK356x and RK3588 ar
/*
> * This only happens if image is somehow faulty so we start
> --
Doesn't this change the logic? Previously if you didn't set
fastboot_bootcmd you'd fall into the bootm path (if CONFIG_BOOTM was
enabled), with this, if CONFIG_CMDLINE is enabled then you will never
hit the bootm path.
--
Alex Kiernan
ed as 0.
Signed-off-by: Alex Bee
---
This is currently an issue for Rockchip RK3188 and potentially also for RK3368:
The clock driver does not implement the request-op. Even if we would add it:
timer-uclass always picks the first clock and the DT bindings for Rockchip timer
requires us to
of a page and the page_offset + len is greater
than the page boundary (pagesize), the write operation
would overflow the current page and the behaviour can be
undefined (e.g. at24).
Signed-off-by: Alex Michel
---
Changes for v2:
- fixed deviations from checkpatch.pl
- improved commit message
Changes
Hi Tom,
> We don't need to promote the types to unsigned here do we?
You are right, I will provide a new version of my patch where I will change all
"unsigned int" 's to int's.
Alex
of a page and the page_offset + len is greater
than the page boundary (pagesize), the write operation
would overflow the current page and the behaviour can be
undefined (e.g. at24).
Signed-off-by: Alex Michel
---
Changes for v2:
- fixed deviations from checkpatch.pl
- improved commit message
Changes
of a page and the page_offset + len is greater
than the page boundary (pagesize), the write operation
would overflow the current page and the behaviour can be
undefined (e.g. at24).
Signed-off-by: Alex Michel
---
Changes for v2:
- fixed deviations from checkpatch.pl
- improved commit message
-by: Alex Michel
---
drivers/misc/i2c_eeprom.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/i2c_eeprom.c b/drivers/misc/i2c_eeprom.c
index bdd7e018cc..f345e34179 100644
--- a/drivers/misc/i2c_eeprom.c
+++ b/drivers/misc/i2c_eeprom.c
@@ -60,6 +60,17
t; + cons->body[pos] = data;
While at it, is it OK to increment cons->cursor unconditionally,
even when the buffer is full?
It's better to do it after the check, isn't it? E.g.:
if (cons->cursor < cons->size)
cons->body[cons->cursor++] = data;
Cheers, Alex.
Hi Kever,
Am 19.07.23 um 09:28 schrieb Kever Yang:
Hi Alex,
On 2023/7/18 22:57, Alex Bee wrote:
Currently the only ARM Rockchip SoC which is supported by upstream
optee-os is RK322x. For all other ARM SoCs a
vendor-provided OP-TEE binary has to be used to have a TEE available.
Those
which signals that any
of those vendor binaries is used and changes the calling convension
accordingly.
Signed-off-by: Alex Bee
---
arch/arm/mach-rockchip/Kconfig | 8
common/spl/spl_optee.S | 4
2 files changed, 12 insertions(+)
diff --git a/arch/arm/mach-rockchip/Kconfig
This updates the evb_rk3229's README on howto create / use the FIT image
created by binman.
Also fix some wrong paths and update filenames which have changed in recent
upstream optee-os versions.
Signed-off-by: Alex Bee
---
board/rockchip/evb_rk3229/README | 72
For RK322x series ARM SoCs the OP-TEE is non-optional, as besides the TEE
it also provides the PSCI implementation, which is expected to be available
by upstream linux.
Select CONFIG_SPL_OPTEE_IMAGE if an FIT image is built.
Signed-off-by: Alex Bee
---
arch/arm/mach-rockchip/Kconfig | 1 +
1
value for CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN in order
successfully unpack the FIT image.
Signed-off-by: Alex Bee
---
configs/evb-rk3229_defconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/evb-rk3229_defconfig b/configs/evb-rk3229_defconfig
index cf73afeded
n-optional if CONFIG_SPL_OPTEE_IMAGE is selected and
there will be an error if the file does not exist and/or `TEE=` build
option is missing.
Signed-off-by: Alex Bee
---
arch/arm/dts/rk3288-u-boot.dtsi | 1 -
arch/arm/dts/rockchip-optee.dtsi | 64 ---
arch/arm/dts/rockchip-u-boot
_OPTEE_IMAGE only, as the
latter depends on SPL_FIT already
(via `depends on SPL_LOAD_FIT || SPL_LOAD_FIT_FULL`)
Alex Bee (5):
rockchip: Support OP-TEE for ARM in FIT images created by binman
configs: evb-rk3229: Increase SPL_STACK_R_MALLOC_SIMPLE_LEN
rockchip: RK322x: Select SPL_OPTEE_IMAG
Hi Jerome,
Am 17.07.23 um 15:42 schrieb Jerome Forissier:
On 7/16/23 10:10, Alex Bee wrote:
This updates the evb_rk3229's README on howto create / use the FIT image
created by binman.
Also fix some wrong paths and update filenames which have changed in recent
upstream optee-os versions
which signals that any
of those vendor binaries is used and changes the calling convension
accordingly.
Signed-off-by: Alex Bee
---
arch/arm/mach-rockchip/Kconfig | 9 +
common/spl/spl_optee.S | 4
2 files changed, 13 insertions(+)
diff --git a/arch/arm/mach-rockchip
This updates the evb_rk3229's README on howto create / use the FIT image
created by binman.
Also fix some wrong paths and update filenames which have changed in recent
upstream optee-os versions.
Signed-off-by: Alex Bee
---
board/rockchip/evb_rk3229/README | 72
For RK322x series ARM SoCs the OP-TEE is non-optional, as besides the TEE
it also provides the PSCI implementation, which is expected to be available
by upstream linux.
Select CONFIG_SPL_OPTEE_IMAGE if an FIT image is built.
Signed-off-by: Alex Bee
---
arch/arm/mach-rockchip/Kconfig | 1 +
1
that definition, so that the default defined will be used, in order to
successfully boot that image.
Signed-off-by: Alex Bee
---
configs/evb-rk3229_defconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/configs/evb-rk3229_defconfig b/configs/evb-rk3229_defconfig
index cf73afeded..b818d11b69 100644
n-optional if CONFIG_SPL_OPTEE_IMAGE is selected and
there will be an error if the file does not exist and/or `TEE=` build
option is missing.
Signed-off-by: Alex Bee
---
arch/arm/dts/rk3288-u-boot.dtsi | 1 -
arch/arm/dts/rockchip-optee.dtsi | 64 ---
arch/arm/dts/rockchip-u-boot
implementation only).
[1] https://github.com/rockchip-linux/rkbin
Alex Bee (5):
rockchip: Support OP-TEE for ARM in FIT images created by binman
evb-rk3229_defconfig: Drop SPL_STACK_R_MALLOC_SIMPLE_LEN
rockchip: RK322x: select SPL_OPTEE_IMAGE
rockchip: evb_rk3229: Update/fix README
optee
:0xfe720fff] pc=0xc496
'/efibootbootriscv64.efi'
My questions:
* Is GCC 12.2 known broken / unreliable for riscv64 builds of u-boot?
* Has anything else changed around memory management on riscv64 between May
2022 and Oct 2022
-- Alex
e notes I have from a previous life which may be useful, but I'm
afraid I've no way of checking these days:
* CONFIG_DEBUG_UART=y
* CONFIG_DEBUG_UART_BASE=0x44e09000
* CONFIG_DEBUG_UART_CLOCK=4800
* CONFIG_DEBUG_UART_OMAP=y
* CONFIG_DEBUG_UART_SHIFT=2
* CONFIG_DEBUG_UART_BOARD_INIT=y
* CONFIG_DEBUG_UART_ANNOUNCE=y
--
Alex Kiernan
Somewhere between e7fb67df319cec410c20906bbf33936a6f7479b2 and
86feeab3dc71977afb70f595e42060ce324086d0 u-boot stopped booting on the SiFive
unmatched.
gcc version 11.2.0 (GCC)
GNU ld (GNU Binutils) 2.36.1
First boot...
U-Boot SPL 2022.10-rc1-00159-g86feeab3dc (Jul 26 2022 - 17:01:52
ideas on what's going on?
Toolchain:
riscv64-linux-gnu-gcc - gcc version 12.1.0 (GCC)
riscv64-linux-gnu-as - GNU assembler (GNU Binutils) 2.36.1
Compiling on ArchLinux
-- Alex
March 24, 2022 1:25 PM, "Alexander von Gluck IV" wrote:
> March 24, 2022 12:06 PM, "Heinrich Schuchardt" wrote:
>
>> On 3/24/22 17:22, Alexander von Gluck IV wrote:
>> Do we really always need this output for every invokation of LoadImage()?
>>
>> Writing test messages during the runtime of a
.
"positioning image at address 0xfe6b" or something
using the leveraged kernel_addr_r (0x8400) was not enough.
-- Alex
by u-boot.
-- Alex
required-policy" property at /signature or "required"
property in individual key nodes.
This might separate the logic out in a way that's acceptable to Alex.
Let me poke at it.
I've thought about this some more and adding support for
`required-mode = "none";` or si
urther depending on config selections. It makes many code
parsers and IDEs poop their pantaloons. It makes u-boot harder to work
with as a result. I suggest finding a way to turn this into a static inline.
Alex
. I see quite a few ARMv8 platforms throw such
warnings on gitlab-ci. We can compile an elf, right? Any good reason why
kwbimage should be different?
Alex
err_get_pub_key;
- rsa = EVP_PKEY_get0_RSA(pkey);
+ rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
I think it's the wrong path to discard const qualifiers, whether
unwillingly or by type punning. I suggest making 'rsa' a "const RSA *"
and fixing the downstream users to do the sa
On 11/26/21 4:36 PM, Abder wrote:
Hi Alex,
Just a quick remarque that intrigued me:
Le jeu. 25 nov. 2021 à 15:57, Alex G. a écrit :
On 11/25/21 1:07 AM, Chan Kim wrote:
Hello all,
I'm trying to implement falcon mode for our board. Then should I first
implement the normal mode(spl
On 11/26/21 1:53 AM, Chan Kim wrote:
Hi Alex,
Thanks for the reply.
So I gather that to be able to use 'spl export fdt' to store the 'snapshot' to
the storage I should make the spl program runnable at least to that stage.
(being able to load kernel image, dtb, initrd and give the spl export
"spl export" and "fdtargs", and
package your kernel, devicetree, and overlays in a FIT container. You'd
make sure to enable SPL_LOAD_FIT_APPLY_OVERLAY. There isn't much more to
this other than the usual gotcha's with FIT and overlays.
Alex
- at least for rk3188 and rk3399 (from what
I've seen) and it is not fixable with an extra -u-boot.dtsi.
Any idea (without having to define an extra config include/configs per
board?)
[1]
https://github.com/u-boot/u-boot/commit/b212ad24a604b00b240add35516b7381965deb31
Alex
Am 25.06.21 um 15:26
600, Simon Glass wrote:
> > Hi all,
> >
> > On Wed, 27 Oct 2021 at 08:56, Tom Rini wrote:
> > >
> > > On Wed, Oct 27, 2021 at 03:44:08PM +0100, Alex Bennée wrote:
> > > >
> > > > François Ozog writes:
> > > >
> > > &
'm not entirely clear what a
qemu_arm and qemu_arm64 def targets are meant to be in this context.
--
Alex Bennée
On 10/25/21 6:55 PM, Spandan Mahadevegowda wrote:
Hello Alexandru,
I'm currently working on some POC on Pine64 that requires a Trusted
Execution Environment. I was using U-Boot 2020.10 with SPL_FIT_GENERATOR
and modified mksunxi_fit_atf.sh to accommodate OP-TEE. However, due to
new changes
. If platforms
can't build a usable image, I suggest just printing a loud warning
instead of overriding the user.
Alex
---
Changes in v3:
- Selected TOOLS_LIBCRYPTO on all platforms that use kwbimage (as best
as I can tell, using the suggestions from Pali Rohár)
Changes in v2:
- Refactored
On 10/15/21 3:30 PM, Pali Rohár wrote:
On Friday 15 October 2021 09:35:43 Alex G. wrote:
On 10/15/21 6:34 AM, Pali Rohár wrote:
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a s
On 10/15/21 6:34 AM, Pali Rohár wrote:
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable
OpenSSL") recently introduced option to dis
ot instead of SPL. AFAIR the u-boot FIT loader
is defective in this regard.
Alex
APPENDIX A: Example FIT ITS
/dts-v1/
;/ {
description = "Flu-boot image with overlays";
#address-cells = <1>;
images {
kernel-1 {
descript
On 10/10/21 6:06 AM, Jernej Škrabec wrote:
Dne četrtek, 07. oktober 2021 ob 00:05:24 CEST je Alex G. napisal(a):
Can you please give the following diff a try, and if it works for you, submit
as patch?
This works, I'll submit it as a patch. Should I keep you as original author
and add your SoB
On 10/7/21 4:04 PM, Tom Rini wrote:
On Thu, Oct 07, 2021 at 03:33:32PM -0500, Alex G. wrote:
On 10/7/21 2:39 PM, Tom Rini wrote:
On Thu, Oct 07, 2021 at 02:32:42PM -0500, Alex G. wrote:
On 10/7/21 1:50 PM, Simon Glass wrote:
Hi Tom,
On Thu, 7 Oct 2021 at 12:30, Tom Rini wrote
On 10/7/21 2:39 PM, Tom Rini wrote:
On Thu, Oct 07, 2021 at 02:32:42PM -0500, Alex G. wrote:
On 10/7/21 1:50 PM, Simon Glass wrote:
Hi Tom,
On Thu, 7 Oct 2021 at 12:30, Tom Rini wrote:
On Thu, Oct 07, 2021 at 12:02:24PM -0600, Simon Glass wrote:
Hi Tom,
On Thu, 7 Oct 2021 at 07:42
it would be a hardship.
That in turn, I think, is coming down to modern vs very old openssl
support, rather than having any at all.
OK I'll take a look at some point.
Or perhaps Alex might like to?
We just got a complain about OpenSSL yesterday [1]
Alex
[1] https://lists.denx.de/pipermail/u-boot
On 10/4/21 9:57 AM, Patrick DELAUNAY wrote:
Hi,
=> if OPTEE is loaded after SPL the U-Boot configuration change (running
in secure world or not)
I am starting to work on these issues in the branch
https://github.com/u-boot/u-boot/compare/master...patrickdelaunay:spl_optee_W2140
_WITH_PAGER=n \
CFG_NS_ENTRY_ADDR=${KERNEL_UIMAGE_LOADADDRESS} \
CROSS_COMPILE=${HOST_PREFIX} \
CFG_TEE_CORE_DEBUG=y \
CFG_TEE_CORE_LOG_LEVEL=2 \
${TZDRAM_FLAGS} \
"
TZDRAM_FLAGS = "CFG_TZDRAM_START= 0xde00\
CFG_DRAM_SIZE=0x2000 "
Alex
en
cross-compiling U-Boot inside LibreELEC build system. It's not needed for our
case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit
as patch?
Alex
diff --git a/tools/Makefile b/tools/Makefile
index 4a86321f64..7f72ff9645 100644
--- a/tools/
-intuitive, as I would expect all signatures to be checked.
In my mind, the 'break;' clause should only happen when
fit_image_check_sig() returns an error. I have no idea why it happened
on success. Simon, any thoughts?
Alex
On 9/25/21 8:43 PM, Simon Glass wrote:
We can use the new host_build() function for this, so drop it.
s/host_build/tools_build/
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
(no changes since v1)
common/image-fit.c | 2 +-
include/image.h| 3 ---
2 files
On 9/25/21 8:43 PM, Simon Glass wrote:
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
(no changes since v1)
common/image-fdt.c | 2 +-
include/image.h| 6 --
2 files
On 9/25/21 8:43 PM, Simon Glass wrote:
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
(no changes since v1)
common/image-fdt.c | 4 ++--
include/image.h| 6 --
2 files
On 9/25/21 8:43 PM, Simon Glass wrote:
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough and the board code is now in a separate file. Update the only place
where this is used and drop it.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
Changes
On 9/25/21 8:43 PM, Simon Glass wrote:
Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.
Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make
On 9/25/21 8:43 PM, Simon Glass wrote:
Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.
Drop the #ifdef around padding_pss_verify() too since it is not needed.
Use the
On 9/25/21 8:43 PM, Simon Glass wrote:
Add a host Kconfig for FIT_VERBOSE. With this we can use
CONFIG_IS_ENABLED(FIT_VERBOSE) directly in the host build, so drop the
s/host build/ tools build/
forcing of this in the image.h header.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru
On 9/25/21 8:43 PM, Simon Glass wrote:
Add a host Kconfig for OF_LIBFDT. With this we can use
CONFIG_IS_ENABLED(OF_LIBFDT) directly in the host build, so drop the
s/host build/tools build/
unnecessary indirection.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
On 9/25/21 8:43 PM, Simon Glass wrote:
Make use of the host Kconfig for FIT. With this we can use
CONFIG_IS_ENABLED(FIT) directly in the host build, so drop the unnecessary
indirection.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
---
Changes in v5:
- Rebase to next
On 9/25/21 8:43 PM, Simon Glass wrote:
We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.
Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
On 9/25/21 8:43 PM, Simon Glass wrote:
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.
For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.
Clean
On 9/25/21 8:43 PM, Simon Glass wrote:
Unfortunately these were removed by mistake. This means that adding hash
support to SPL brings in all software algorithms, with a substantial
increase in code size.
The origin of the problem was renaming them to SPL_FIT_xxx and then these
were removed
On 9/25/21 8:43 PM, Simon Glass wrote:
In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
some options to enable the various FIT options expected in these tools.
This will ensure that the code builds correctly when CONFIG_TOOLS_xxx
is distinct from CONFIG_xxx.
Drop some
On 9/25/21 8:43 PM, Simon Glass wrote:
In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
some options to enable the various FIT options expected in these tools.
This will ensure that the code builds correctly when CONFIG_TOOLS_xxx
is distinct from CONFIG_xxx.
Drop some
On 9/25/21 8:43 PM, Simon Glass wrote:
At present we must separately test for the host build for many options,
since we force them to be enabled. For example, CONFIG_FIT is always
enabled in the host tools, even if CONFIG_FIT is not enabled by the
board itself.
It would be more convenient if we
On 9/25/21 8:43 PM, Simon Glass wrote:
With the new TOOLS_LIBCRYPTO and some other changes, it seems that we are
heading towards calling this a tools build rather than a host build,
although of course it does happen on the host.
I cannot think of anything built by the host which cannot be
algo = "${FIT_HASHISH}";
};
};
Something like:
"fpga"
"fpga-auth" : authenticated
"fpga-enc" : encrypted
"fpga-sec" : encrypted and authenticated
Can these properties be inferred from the FPGA
On 9/14/21 7:14 AM, Patrick Delaunay wrote:
Continue to use the "ssbl" name for GPT partition of secondary boot
stage = U-Boot for basic boot with SPL to avoid to disturb existing user.
The "fip" partition name is only used for TFA_BOOT with FIP, it is a TF-A
BL2 requirement; it the default
On 9/27/21 11:06 AM, Simon Glass wrote:
Hi Alex,
On Mon, 27 Sept 2021 at 09:53, Alex G. wrote:
Hi Simon
On 9/25/21 8:43 PM, Simon Glass wrote:
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
to this series other
than these final thoughts. We can fix the code later, and then remove
the HOST configs.
Alex
Changes in v5:
- Update commit message
- Use TOOLS_ instead of HOST_
Changes in v2:
- Correct comment about USE_HOSTCC being undefined in CONFIG_VAL()
- Fix up comment to put
I_WANT_MD5 (which is temporary), and drop
define CONFIG_SHA_*, and by extension, drop the need for
CONFIG_TOOLS_SHA*. I think that's far more elegant.
Alex
Changes in v2:
- Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL
common/hash.c | 49
On 9/23/21 9:49 PM, Simon Glass wrote:> On Thu, 16 Sept 2021 at 09:43,
Alex G. wrote:
On 7/29/21 8:08 PM, Chia-Wei Wang wrote:
+
+enum HASH_ALGO hash_algo_lookup_by_name(const char *name)
string -> hash_lookup_algo() -> ops struct
Is the current way to
Hi Oleksandr
On 9/16/21 8:09 AM, Oleksandr Suvorov wrote:
From: Henry Beberman
SPL FIT load checks the signature on loadable images but just continues
in the case of a failure. This is undesirable behavior because the boot
process depends on the authenticity of each loadable part.
Adding
d in its entirety with host tools. There isn't a huge
opportunity for using a DM-type approach here without #ifndef USE_HOSTCC.
Alex
+ int rc;
+ enum HASH_ALGO hash_algo;
+ struct udevice *dev;
+
+ rc = uclass_get_device(UCLASS_HASH, 0, );
+
ady exists in common/hash.c for hash_Lookup_algo() and
hash_progressive_algo().
Alex
since we
already identify them by their strings (e.g. "sha256"). and then
associated ops structure. The
+
+enum HASH_ALGO hash_algo_lookup_by_name(const char *name)
string -> hash_lookup_algo() -> ops struct
Is the current way to do things. hash_algo_lookup_by_name() does the
roundabout through an enum. That doesn't make sense to me.
Alex
d the baudrate table doesn't
model that very well. Combine this with a CONFIG_MAX_BAUDRATE so that
boards with shitty RS232 converters can set a safe upper limit -- and
make sure CONFIG_BAUDRATE also enforces this.
There's a lot of unrealized potential here.
Alex
On 9/9/21 10:00 AM, Tom Rini wrote:
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice. Kconfig doesn't complain, but this is still wrong
and should be corrected.
Fixes: e60e44993120
On 9/6/21 5:39 PM, Alex G. wrote:
On 9/6/21 11:53 AM, Patrick DELAUNAY wrote:
In fact, the SPL boot path for OP-TEE doesn't use this function. That's
intentional.
Here's what I suggest:
- Remove OPTEE_TZDRAM_BASE and _SIZE
There is some legacy here, board/warp7and board/technexion
y to your arguments from
a few paragraphs ago. Just don't call optee_verify_boot_image in bootm_os.c.
Alex
ned options with their corresponding
security implications. Even absent that, SPL is perfectly capable of
starting a secure system. I think it's also more flexible.
Let's get serious. Without SPL, I wouldn't have been able to boot linux
in one second, with a secure OS.
Alex
So it seems the motivation behing optee_verify_bootm_image() is
flawed. Also the error message is not very helpful.
In fact, the SPL boot path for OP-TEE doesn't use this function. That's
intentional.
Here's what I suggest:
- Remove OPTEE_TZDRAM_BASE and _SIZE
- Remove optee_verify_bootm_image()
- No need for CONFIG_OPTEE_IMAGE
Alex
On 9/2/21 5:02 AM, Patrick Delaunay wrote:
The stm32 platforms never had to support an ATAGs-based Linux Kernel,
so remove the bi_boot_params initialization.
Signed-off-by: Patrick Delaunay
Tested-by: Alexandru Gagniuc
---
board/dhelectronics/dh_stm32mp1/board.c | 3 ---
On 9/2/21 5:02 AM, Patrick Delaunay wrote:
These platforms never had to support an ATAGs-based Linux Kernel, so
remove the options.
Cc: Marek Vasut
Signed-off-by: Tom Rini
Signed-off-by: Patrick Delaunay
Reviewed-by: Alexandru Gagniuc
Slowly, but surely, configs/*.h will grow to zero.
release111/
Okay, I don't think it's worth excluding 1.1.0 then. The only way we
could do that is a compile time check against OPENSSL_VERSION.
That won't prevent someone from compiling with openssl 1.1.1, and then
just replacing libcrypto.so with 1.1.0.
Alex
Hi Patrick,
On 9/1/21 10:10 AM, Alex G. wrote:
Hi Patrick,
On 8/31/21 12:24 PM, Patrick DELAUNAY wrote:
Hi,
On 8/26/21 11:42 PM, Alexandru Gagniuc wrote:
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases
memory has been set up by SPL (or TF-A for that matter):
Nonsec: c000->ddff
Sec:de00->dfdf
SHMEM: dfe0->dfff
The external DTB will be in the nonsec region, which OP-TEE allegedly
can't access. So how would this get patched?
Alex
Probably not. It works with SPL and
the current LTS linux (v5.10), and is likely the least intensive
solution in terms of lines of code.
Alex
PS: this part is not yet upstreamed in Linux
That's not problematic. I can accommodate devicetree changes by using
overlays in the FIT image. This flexibi
1 - 100 of 1342 matches
Mail list logo
