On Fri, 5 Jul 2024 at 22:51, Tom Rini wrote:
>
> On Thu, Jul 04, 2024 at 01:05:34PM +0530, Sughosh Ganu wrote:
>
> > Add a Kconfig symbol to enable getting updates on any memory map
> > changes that might be done by the LMB module. This notification
> > mechanism can then be used to have a
an
> -* calling lmb_init_and_reserve() to create a new (and
> hopefully
> -* identical one). But for now this seems good enough.
> - */
> if (!IS_ENABLED(CONFIG_SANDBOX) && i == 3) {
> ut_assert_nextlinen(" %s[%d]\t[", name, i);
> continue;
> @@ -200,7 +192,6 @@ static int bdinfo_test_all(struct unit_test_state *uts)
> if (IS_ENABLED(CONFIG_LMB) && gd->fdt_blob) {
> struct lmb lmb;
>
> - lmb_init_and_reserve(gd->bd, (void *)gd->fdt_blob);
> ut_assertok(lmb_test_dump_all(uts, ));
> if (IS_ENABLED(CONFIG_OF_REAL))
> ut_assert_nextline("devicetree = %s",
> fdtdec_get_srcname());
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
G_LMB_MAX_REGIONS; i++)
> - ut_asserteq(lmb.memory.region[i].base, ram + 2 * i *
> ram_size);
> -
> - for (i = 0; i < CONFIG_LMB_MAX_REGIONS; i++)
> - ut_asserteq(lmb.reserved.region[i].base, ram + 2 * i *
> blk_size);
> -
> - return 0;
> -}
> -LIB_TEST(lib_test_lmb_max_regions, 0);
> -#endif
> -
> static int lib_test_lmb_flags(struct unit_test_state *uts)
> {
> const phys_addr_t ram = 0x4000;
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
Hi all
On Sun, 21 Jul 2024 at 13:08, Simon Glass wrote:
>
> Hi,
>
> On Mon, 15 Jul 2024 at 12:23, wrote:
> >
> > From: Lukas Funke
> >
> > tpm_tis_wait_init() is using the 'chip->timeout_b' field which is
> > initialized in tpm_tis_init(). However, the init-function is called
> > *after*
bflow->size = size;
>
> -/* bootfile should be setup by dhcp*/
> + /* bootfile should be setup by dhcp */
> bootfile_name = env_get("bootfile");
> if (!bootfile_name)
> return log_msg_ret("bootfile_name", ret);
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
gt; we copy runtime variables in DRAM and support GetVariableRT
>
> Enable this option to allow SetVariableRT on the RAM backend of
> --
> 2.43.0
>
I don't think we n eed fixes tags for typos. In any case
Reviewed-by: Ilias Apalodimas
2_1_CONFORMANCE
> bool "Add the EBBRv2.1 conformance entry to the ECPT table"
> + depends on BOOTMETH_EFI_BOOTMGR
> depends on EFI_ECPT
> depends on EFI_LOADER_HII
> depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
> --
> 2.45.2
>
Reviewed-by: Ilias Apalodimas
gt; diff --git a/common/system_map.c b/common/system_map.c
> deleted file mode 100644
> index 8307293bf3ae..
> --- a/common/system_map.c
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -/*
> - * The builtin symbol table for use with kallsyms
> - *
> - * Copyright (c) 2008-2009 Analog Devices Inc.
> - * Licensed under the GPL-2 or later.
> - */
> -
> -const char const system_map[] = SYSTEM_MAP;
>
> --
> 2.45.2
>
Reviewed-by: Ilias Apalodimas
> + break;
> + case FDT_END_NODE:
> + if (!level) {
> + error(u"Extraneous end node\r\n");
> + return EFI_LOAD_ERROR;
> + }
> +
> + --level;
> + indent(level);
> + print(u"};\n\r");
> + ++pos;
> + break;
> + case FDT_END:
> + if (level) {
> + error(u"Missing end node\r\n");
> + return EFI_LOAD_ERROR;
> + }
> + return EFI_SUCCESS;
> + default:
> + error(u"Invalid device tree token\r\n");
> + return EFI_LOAD_ERROR;
> + }
> + }
> + error(u"Overrun\r\n");
> +
> + return EFI_LOAD_ERROR;
> +}
> +
> /**
> * efi_main() - entry point of the EFI application.
> *
> @@ -524,6 +783,8 @@ efi_status_t EFIAPI efi_main(efi_handle_t image_handle,
> pos = skip_whitespace(command);
> if (starts_with(pos, u"exit"))
> break;
> + else if (starts_with(pos, u"dump"))
> + do_dump();
> else if (starts_with(pos, u"load "))
> do_load(pos + 5);
> else if (starts_with(pos, u"save "))
> --
> 2.45.2
>
Acked-by: Ilias Apalodimas
Tested-by: Ilias Apalodimas
Hi Heinrich
On Sun, 30 Jun 2024 at 15:47, Ilias Apalodimas
wrote:
>
> Hi Heinrich,
>
> On Sun, 30 Jun 2024 at 15:23, Heinrich Schuchardt wrote:
> >
> > On 6/22/24 18:38, Ilias Apalodimas wrote:
> > > On Sat, 22 Jun 2024 at 19:36, Heinrich Schuchardt
> >
The tests we currently have expect the firmware update to fail
when OsIndications is not set properly. However, we have a Kconfig flag
that explicitly ignores that variable. Adjust the tests accordingly
Signed-off-by: Ilias Apalodimas
---
Changes since v1:
- v1 was rebased incorrectly and only
Hi Heinrich
Please ignore this patch I messed up my rebasing.
I'll send the proper one shortly
On Thu, 4 Jul 2024 at 17:37, Ilias Apalodimas
wrote:
>
> The tests we currently have expect the firmware update to fail
> when OsIndications is not set properly. However, we have a Kco
The tests we currently have expect the firmware update to fail
when OsIndications is not set properly. However, we have a Kconfig flag
that explicitly ignores that variable and trigers the capsule update
regardless. Adjust the tests accordingly
Signed-off-by: Ilias Apalodimas
---
.../py/tests
On Fri, Jun 14, 2024 at 11:54:41AM -0500, Jon Humphreys wrote:
> Ilias Apalodimas writes:
>
> > Hi Jonathan
> >
> > On Thu, 13 Jun 2024 at 23:28, Jonathan Humphreys wrote:
> >>
> >> Use the capsule's public key certificate rather than a prebuilt ESL
&g
RYSTONE=y
> +CONFIG_MBEDTLS_LIB=y
> +CONFIG_MBEDTLS_LIB_CRYPTO=y
> +CONFIG_MBEDTLS_LIB_X509=y
> CONFIG_ECDSA=y
> CONFIG_ECDSA_VERIFY=y
> CONFIG_TPM=y
> --
> 2.25.1
>
Reviewed-by: Ilias Apalodimas
On Tue, 2 Jul 2024 at 21:30, Raymond Mao wrote:
>
> Add porting layer for public key on top of MbedTLS X509 library.
> Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and
> MbedTLS implementations respectively.
>
> Signed-off-by: Raymond Mao
> ---
> Changes in v2
> - Move the
On Tue, 2 Jul 2024 at 21:27, Raymond Mao wrote:
>
> Add the mbedtls include directories into the build system.
>
> Signed-off-by: Raymond Mao
> ---
> Changes in v2
> - None.
> Changes in v3
> - Remove changes for PLATFORM_CPPFLAGS.
> Changes in v4
> - Fix errors when building without "O=".
> -
y) {
> + kfree(key->key);
> + kfree(key->params);
> + kfree(key);
> + }
> +}
> +
> +/*
> + * from /crypto/asymmetric_keys/signature.c
> + *
> + * Destroy a public key signature.
> + */
> +void public_key_signature_free(struct pu
&& cert->sig->auth_ids[1])
> - goto out;
> - }
> -
> - ret = -EKEYREJECTED;
> - if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
> - goto out;
> -
> - ret = public_key_verify_signature(cert->pub, cert->sig);
> - if (ret < 0) {
> - if (ret == -ENOPKG) {
> - cert->unsupported_sig = true;
> - ret = 0;
> - }
> - goto out;
> - }
> -
> - pr_devel("Cert Self-signature verified");
> - cert->self_signed = true;
> -
> -out:
> - pr_devel("<==%s() = %d\n", __func__, ret);
> - return ret;
> -
> -not_self_signed:
> - pr_devel("<==%s() = 0 [not]\n", __func__);
> - return 0;
> -}
> +#endif /* !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */
>
> #ifndef __UBOOT__
> /*
> --
> 2.25.1
>
with the above fixed
Reviewed-by: Ilias Apalodimas
->data;
> - *_data_len = pkcs7->data_len;
> - if (_headerlen)
> - *_headerlen = pkcs7->data_hdrlen;
> - return 0;
> -}
> -EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
> -
> /*
> * Note an OID when we find one for later processing when we know how
> * to interpret it.
> --
> 2.25.1
>
with the above fixed
Reviewed-by: Ilias Apalodimas
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao wrote:
>
> Integrate common/hash.c on the hash shim layer so that hash APIs
> from mbedtls can be leveraged by boot/image and efi_loader.
>
> Signed-off-by: Raymond Mao
> ---
> Changes in v2
> - Use the original head files instead of creating
auth[20],
> return -1;
> if (err)
> continue;
> - sha1_csum(buf, buf_len, digest);
> + sha1_csum_wd(buf, buf_len, digest, SHA1_DEF_CHUNK_SZ);
> if (!memcmp(digest, pubkey_digest, 20)) {
> *handle = key_handles[i];
> return 0;
> --
> 2.25.1
>
Reviewed-by: Ilias Apalodimas
Hi Heinrich,
On Sun, 30 Jun 2024 at 15:23, Heinrich Schuchardt wrote:
>
> On 6/22/24 18:38, Ilias Apalodimas wrote:
> > On Sat, 22 Jun 2024 at 19:36, Heinrich Schuchardt
> > wrote:
> >>
> >> On 20.06.24 22:15, Ilias Apalodimas wrote:
> >>
r for
> Qualcomm platforms.
>
> To: Tom Rini
> To: Lukasz Majewski
> To: Sean Anderson
> To: Caleb Connolly
> To: Neil Armstrong
> To: Sumit Garg
> Cc: Heinrich Schuchardt
> Cc: Ilias Apalodimas
> Cc: u-boot@lists.denx.de
> Cc: u-boot-q...@groups.io
>
&g
Hi Conor,
On Thu, 27 Jun 2024 at 23:27, Conor Dooley wrote:
>
> On Thu, Jun 27, 2024 at 11:50:33AM +0100, Simon Glass wrote:
> > On Thu, 27 Jun 2024 at 10:38, Conor Dooley
> > wrote:
> > > On Thu, Jun 27, 2024 at 09:36:49AM +0100, Simon Glass wrote:
> > > > On Tue, 25 Jun 2024 at 15:34, Tom
ulong size)
> /* flush prefetch queue */
> asm volatile("isync" : : : "memory");
> }
> +
> +/*
> + * Default implementation:
> + * do a range flush for the entire range
> + */
> +void flush_dcache_all(void)
> +{
> + flush_dcache_range(0, ~0);
> +}
> --
> 2.34.1
>
Acked-by: Ilias Apalodimas
0, ~0);
> +}
> +
> void invalidate_dcache_range(unsigned long start, unsigned long end)
> {
> u32 v;
> --
> 2.34.1
>
Acked-by: Ilias Apalodimas
e_dcache_range(unsigned long start, unsigned long stop)
> {
> /* An empty stub, real implementation should be in platform code */
> --
> 2.34.1
>
Acked-by: Ilias Apalodimas
returning invalid
values on failures and violating the EFI spec.
Ilias Apalodimas (2):
tpm: fix the return code, if the eventlog buffer is full
efi_loader: fix the return values on efi_tcg
lib/efi_loader/efi_tcg2.c | 126
On Mon, 24 Jun 2024 at 00:52, Simon Glass wrote:
>
> Hi Ilias,
>
> On Sun, 23 Jun 2024 at 05:49, Ilias Apalodimas
> wrote:
> >
> > Simon reports that after enabling all algorithms on the TPM some boards
> > fail since they don't have enough stora
Hi Simon,
On Mon, 24 Jun 2024 at 00:52, Simon Glass wrote:
>
> Hi Ilias,
>
> On Sun, 23 Jun 2024 at 05:48, Ilias Apalodimas
> wrote:
> >
> > We currently return 'No space left on device' if the eventlong buffer
> > we allocated is not enough. On a similar check
-by: Ilias Apalodimas
---
boot/Kconfig | 4
include/tpm-v2.h | 59 +++-
lib/Kconfig | 6 ++---
lib/tpm-v2.c | 40 +---
4 files changed, 87 insertions(+), 22 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig
-0.9_Revision-03_Review_030918.pdf
Signed-off-by: Ilias Apalodimas
---
include/tpm-v2.h | 16 ++---
include/tpm_tcg2.h| 13 +++
lib/efi_loader/efi_tcg2.c | 2 +-
lib/tpm-v2.c | 73 +--
lib/tpm_tcg2.c| 38
efi_tcg2.h already includes tpm-v2.h. Remove it
Reviewed-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index b4915cab6be7..19fe4720ef48 100644
The previous patch is moving the TPM TCG headers in their own file for
a cleaner API. Move the functions in their own file as well.
Signed-off-by: Ilias Apalodimas
---
include/tpm-v2.h | 190 -
include/tpm_tcg2.h | 189
lib/Makefile | 2 +
lib/tpm-v2.c
it in new
files since the TCG2 is governed by its own spec, it's overeall cleaner
and also easier to enable certain parts of the TPM functionality.
So let's start moving the headers in a new file containing the TCG
specific bits.
Signed-off-by: Ilias Apalodimas
---
boot/bootm.c | 1
commit 97707f12fdab ("tpm: Support boot measurements") moved some of the
EFI TCG code to the TPM subsystem. Those definitions are now in tpm-v2.h.
Let's remove the stale entries
Reviewed-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
include/efi_tcg2.h | 8
1 fi
("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing
the protocol")
Reviewed-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 126 +-
and not a device.
Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Reviewed-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index a67daed2f3c1..91526af33
a comment on why we return EFI_INVALID_PARAMETER on failures
while EFI_DEVICE_ERROR would make more sense
- Fixed some typos
- split patch 4 to 2 patches
- collected r-b tags
The testing was ok again, and comparing the eventlog between versions
had no changes -- aprt from PCR0 which is expected
Ilias
On Sat, 22 Jun 2024 at 21:01, Heinrich Schuchardt wrote:
>
>
>
> Am 22. Juni 2024 18:09:40 MESZ schrieb Ilias Apalodimas
> :
> >Hi Heinrich,
> >
> >[...]
> >
> >> > rc = tpm2_submit_command(dev, input_param_block,
> >> &g
On Sat, 22 Jun 2024 at 19:36, Ilias Apalodimas
wrote:
>
> Hi
>
> again many thanks for the quick review
>
> On Sat, 22 Jun 2024 at 19:25, Heinrich Schuchardt wrote:
> >
> > On 22.06.24 16:35, Ilias Apalodimas wrote:
> > > commit 97707f12fdab ("tpm
On Sat, 22 Jun 2024 at 19:34, Heinrich Schuchardt wrote:
>
> On 22.06.24 16:35, Ilias Apalodimas wrote:
> > Simon reports that after enabling all algorithms on the TPM some boards
> > fail since they don't have enough storage to accommodate the ~5KB growth.
> >
> >
On Sat, 22 Jun 2024 at 19:36, Heinrich Schuchardt wrote:
>
> On 20.06.24 22:15, Ilias Apalodimas wrote:
> > EFI_IGNORE_OSINDICATIONS is used to ignore OsIndications if setvariable
> > at runtime is not supported and allow the platform to perform capsule
> > updates
Hi
again many thanks for the quick review
On Sat, 22 Jun 2024 at 19:25, Heinrich Schuchardt wrote:
>
> On 22.06.24 16:35, Ilias Apalodimas wrote:
> > commit 97707f12fdab ("tpm: Support boot measurements") moved out code
> > from the EFI subsystem into the TPM one
Hi Heinrich,
[...]
> > rc = tpm2_submit_command(dev, input_param_block,
> >output_param_block, _buf_size);
> > @@ -714,19 +721,20 @@ efi_tcg2_get_active_pcr_banks(struct
> > efi_tcg2_protocol *this,
> > u32 *active_pcr_banks)
> >
On Sat, 22 Jun 2024 at 17:58, Heinrich Schuchardt
wrote:
>
> On 18.06.24 17:54, Ilias Apalodimas wrote:
> > On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt
> > wrote:
> >>
> >> Test that we don't have a /chosen/kaslr-seed property if we measure the
&g
On Thu, 20 Jun 2024 at 22:19, Ilias Apalodimas
wrote:
>
> On Thu, 20 Jun 2024 at 22:16, Ilias Apalodimas
> wrote:
> >
> > We currently return 'No space left on device' if the eventlong buffer
> > we allocated is not enough. On a similar check later on that f
-by: Ilias Apalodimas
---
boot/Kconfig | 4
include/tpm-v2.h | 59 +++-
lib/Kconfig | 6 ++---
lib/tpm-v2.c | 40 +---
4 files changed, 87 insertions(+), 22 deletions(-)
diff --git a/boot/Kconfig b/boot
-0.9_Revision-03_Review_030918.pdf
Signed-off-by: Ilias Apalodimas
---
include/tpm-v2.h | 16 ++---
include/tpm_tcg2.h| 13 +++
lib/efi_loader/efi_tcg2.c | 2 +-
lib/tpm-v2.c | 73 +--
lib/tpm_tcg2.c| 38
efi_tcg2.h already includes tpm-v2.h. Remove it
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 10c09caac35a..c654d2cbd704 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b
it in new
files since the TCG2 is governed by its own spec and it's cleaner
when we want to enable certian parts of the TPM functionality.
So let's create a header file and another library and move the TCG
specific bits there.
Signed-off-by: Ilias Apalodimas
---
boot/bootm.c | 1 +
include/
commit 97707f12fdab ("tpm: Support boot measurements") moved some of the
EFI TCG code to the TPM subsystem. Those definitions are now in tpm-v2.h.
Let's remove the duplicate entries
Signed-off-by: Ilias Apalodimas
---
include/efi_tcg2.h | 8
1 file changed, 8 deletions(-)
("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing
the protocol")
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 121 --
1 file changed, 64 insertions(+), 57 dele
and not a device.
Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index a67daed2f3c1..91526af33acb 100644
--- a/lib/tpm-v2.c
+++ b/li
any chance you can test it?
Ilias Apalodimas (7):
tpm: fix the return code, if the eventlog buffer is full
efi_loader: fix the return values on efi_tcg
efi_loader: remove duplicate TCG algo definitions
tpm: Move TCG into a separate library
efi_loader: remove unneeded header files
Hi Simon,
On Fri, 21 Jun 2024 at 17:57, Simon Glass wrote:
>
> Hi Ilias,
>
> On Thu, 20 Jun 2024 at 23:49, Ilias Apalodimas
> wrote:
> >
> > On Fri, 21 Jun 2024 at 08:32, Ilias Apalodimas
> > wrote:
> > >
> > > Hi Simon,
> >
On Fri, 21 Jun 2024 at 14:01, Ilias Apalodimas
wrote:
>
> Hi Vincent,
>
> [...]
>
> > > > $ uuid -d 935FE837-FAC8-4394-C008-737D8852C60D
> > > > encode: STR: 935fe837-fac8-4394-c008-737d8852c60d
> > > > SIV: 19589449353613
Hi Vincent,
[...]
> > > $ uuid -d 935FE837-FAC8-4394-C008-737D8852C60D
> > > encode: STR: 935fe837-fac8-4394-c008-737d8852c60d
> > > SIV: 195894493536133784175416063449172723213
> > > decode: variant: reserved (Microsoft GUID)
> > > version: 4 (random data
capsule_dump = true;
> break;
> + case 'V':
> + printf("mkeficapsule version %s\n", PLAIN_VERSION);
> + exit(EXIT_SUCCESS);
> default:
> print_usage();
> exit(EXIT_SUCCESS);
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
On Fri, 21 Jun 2024 at 08:32, Ilias Apalodimas
wrote:
>
> Hi Simon,
>
> On Fri, 21 Jun 2024 at 02:06, Simon Glass wrote:
> >
> > It does not make sense to enable all SHA algorithms unless they are
> > needed. It bloats the code and in this case, causes chrome
Hi Simon,
On Fri, 21 Jun 2024 at 02:06, Simon Glass wrote:
>
> It does not make sense to enable all SHA algorithms unless they are
> needed. It bloats the code and in this case, causes chromebook_link to
> fail to build. That board does use the TPM, but not with measured boot,
> nor EFI.
>
>
Kconfigs and enable EFI_IGNORE_OSINDICATIONS
when set variable at runtime is disabled.
Since EFI_RT_VOLATILE_STORE needs help from the OS to persist the
variables, allow users to ignore OsIndications even if setvariable at
runtime is enabled.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader
Hi Heinrich,
On Thu, 20 Jun 2024 at 18:23, Heinrich Schuchardt wrote:
>
> On 18.06.24 17:49, Ilias Apalodimas wrote:
> > EFI_IGNORE_OSINDICATIONS is used to ignore OsIndications if setvariable
> > at runtime is not supported and allow the platform to perform capsule
&
On Thu, 20 Jun 2024 at 22:16, Ilias Apalodimas
wrote:
>
> We currently return 'No space left on device' if the eventlong buffer
> we allocated is not enough. On a similar check later on that function
> during the call to tcg2_log_init() we return 'No buffer space
> available'.
("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing
the protocol")
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 121 --
1 file changed, 64 insertions(+), 57 dele
and not a device.
Fixes: 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index a67daed2f3c1..91526af33acb 100644
--- a/lib/tpm-v2.c
+++ b/li
ACHED_MEMORY
> noncached_set_region();
> +#endif
> break;
> case 2:
> flush_dcache_all();
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
ecv(struct udevice *dev, int flags,
> uchar **packetp)
>
> for (;;) {
> #ifdef CONFIG_SYS_UNIFY_CACHE
> - icache_invalid();
> + invalidate_icache_all();
> #endif
> /* If nothing received - leave for() loop */
> if (info->rxbd[info->rx_idx].cbd_sc & BD_ENET_RX_EMPTY)
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
AllĂ´ Vincent,
Thanks for testing!
On Wed, 19 Jun 2024 at 17:02, Vincent Stehlé wrote:
>
> On Fri, May 31, 2024 at 03:50:34PM +0200, Caleb Connolly wrote:
> > As more boards adopt support for the EFI CapsuleUpdate mechanism, there
> > is a growing issue of being able to target updates to them
On Wed, 19 Jun 2024 at 16:05, Ilias Apalodimas
wrote:
>
> On Wed, 19 Jun 2024 at 15:36, Heinrich Schuchardt
> wrote:
> >
> > On 19.06.24 14:23, Ilias Apalodimas wrote:
> > > On Sun, 16 Jun 2024 at 20:31, Heinrich Schuchardt
> > > wrote:
> > >&
On Wed, 19 Jun 2024 at 15:36, Heinrich Schuchardt
wrote:
>
> On 19.06.24 14:23, Ilias Apalodimas wrote:
> > On Sun, 16 Jun 2024 at 20:31, Heinrich Schuchardt
> > wrote:
> >>
> >> If we have multiple weak implementations of functions, the linker might
>
Hi Simon,
On Wed, Jun 12, 2024 at 02:24:31PM -0600, Simon Glass wrote:
> Hi Ilias,
>
> On Wed, 12 Jun 2024 at 00:02, Ilias Apalodimas
> wrote:
> >
> > [...]
> >
> > > > > >> ---
> > > > > >>
> > > > > >>
tion,
> +* the prefetch queue is invalidated.
> +*/
> + if (!CONFIG_IS_ENABLED(X86))
> + invalidate_icache_all();
> }
>
> /**
> --
> 2.43.0
>
Reviewed-by: Ilias Apalodimas
On Sun, 16 Jun 2024 at 20:31, Heinrich Schuchardt
wrote:
>
> If we have multiple weak implementations of functions, the linker might
> choose any of these. ARM and RISC-V already provide a weak implementation
> of flush_dcache_all().
>
> Signed-off-by: Heinrich Schuchardt
> ---
> cmd/cache.c |
Hi Heinrich,
On Sun, 16 Jun 2024 at 20:31, Heinrich Schuchardt
wrote:
>
> In EFI sub-system we rely on invalidate_icache_all() to invalidate the
> instruction cache after loading binaries. Add the missing implementation on
> ARM1136, ARM1176.
>
> Signed-off-by: Heinrich Schuchardt
> ---
>
..1f5fd097f0e
> --- /dev/null
> +++ b/configs/qemu_arm64_lwip_defconfig
> @@ -0,0 +1,4 @@
> +#include
> +CONFIG_NET_LWIP=y
> +CONFIG_CMD_DNS=y
> +CONFIG_CMD_WGET=y
> --
> 2.40.1
>
Reviewed-by: Ilias Apalodimas
[...]
> >> +
> >> +static struct netif *new_netif(bool with_ip)
> >> +{
> >> +unsigned char enetaddr[ARP_HLEN];
> >> +char hwstr[MAC_ADDR_STRLEN];
> >> +ip4_addr_t ip, mask, gw;
> >> +struct udevice *dev;
> >> +struct netif *netif;
> >
> > This does not fit into the driver
ulong cnt)
> FLASH_SHOW_PROGRESS(scale, dots, digit, info->portwidth);
> /* Only check every once in a while */
> if ((cnt & 0x) < info->portwidth && ctrlc())
> - return ERR_ABORTED;
> + return FL_ERR_ABORTED;
> }
> #endif /* CONFIG_SYS_FLASH_USE_BUFFER_WRITE */
>
> diff --git a/include/flash.h b/include/flash.h
> index 3710a2731b7..77bee42f76b 100644
> --- a/include/flash.h
> +++ b/include/flash.h
> @@ -125,16 +125,16 @@ void flash_perror(int err);
> /*---
> * return codes from flash_write():
> */
> -#define ERR_OK 0
> -#define ERR_TIMEOUT1
> -#define ERR_NOT_ERASED 2
> -#define ERR_PROTECTED 4
> -#define ERR_INVAL 8
> -#define ERR_ALIGN 16
> -#define ERR_UNKNOWN_FLASH_VENDOR 32
> -#define ERR_UNKNOWN_FLASH_TYPE 64
> -#define ERR_PROG_ERROR 128
> -#define ERR_ABORTED256
> +#define FL_ERR_OK 0
> +#define FL_ERR_TIMEOUT 1
> +#define FL_ERR_NOT_ERASED 2
> +#define FL_ERR_PROTECTED 4
> +#define FL_ERR_INVAL 8
> +#define FL_ERR_ALIGN 16
> +#define FL_ERR_UNKNOWN_FLASH_VENDOR32
> +#define FL_ERR_UNKNOWN_FLASH_TYPE 64
> +#define FL_ERR_PROG_ERROR 128
> +#define FL_ERR_ABORTED 256
>
> /*---
> * Protection Flags for flash_protect():
> --
> 2.40.1
>
Reviewed-by: Ilias Apalodimas
Hi Tom
On Tue, 18 Jun 2024 at 23:21, Tom Rini wrote:
>
> On Mon, Jun 17, 2024 at 05:32:52PM +0200, Jerome Forissier wrote:
>
> > This is a rework of a patch series by Maxim Uvarov: "net/lwip: add lwip
> > library for the network stack" [1]. The goal is to introduce the lwIP TCP/IP
> > stack [2]
We currently don't have any boards enabling CONFIG_EFI_RT_VOLATILE_STORE.
We do have EFI selftests testing the feature though, so enable it in
all the sandbox platforms and test the functionality properly
Signed-off-by: Ilias Apalodimas
---
configs/sandbox64_defconfig | 1 +
configs
Hi Jon,
On Tue, 18 Jun 2024 at 19:49, Jon Humphreys wrote:
>
> Ilias Apalodimas writes:
>
> > EFI_IGNORE_OSINDICATIONS is used to ignore OsIndications if setvariable
> > at runtime is not supported and allow the platform to perform capsule
> > updates on disk. With th
On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt
wrote:
>
> Test that we don't have a /chosen/kaslr-seed property if we measure the
> device-tree.
>
> Signed-off-by: Heinrich Schuchardt
> ---
> lib/efi_selftest/efi_selftest_fdt.c | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git
Hi Heinrich,
On Tue, 18 Jun 2024 at 18:40, Heinrich Schuchardt wrote:
>
> On 18.06.24 17:23, Ilias Apalodimas wrote:
> > We currently only describe the process to enable measured boot using
> > bootm. Describe the UEFI requirements as well which predate bootm.
> >
depend on each other and clarify their
functionality. When EFI_RT_VOLATILE_STORE, setvariable at runtime is
supported and EFI_IGNORE_OSINDICATIONS, which also breaks the EFI spec, is
not needed anymore.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/Kconfig | 2 ++
1 file changed, 2 insertions
We currently only describe the process to enable measured boot using
bootm. Describe the UEFI requirements as well which predate bootm.
Signed-off-by: Ilias Apalodimas
---
Changes since v2:
- add all bootX commands in the description instead of just bootm
- Remove and extra _ from the header
starting
> GRUB::
> ## Transferring control to EFI (at address 404000d0) ...
> Welcome to GRUB!
>
> -See doc/uImage.FIT/howto.txt for an introduction to FIT images.
> +See :doc:`../../usage/fit/howto` for an introduction to FIT images.
>
> Configuring UEFI secure boot
>
> --
> 2.43.0
>
Reviewed-by: Ilias Apalodimas
mit 6b3b0ab89663 ("Make linker assigned symbol dynamic only for
shared object")
Tested-by: Heinrich Schuchardt # sandbox_defconfig on
amd64, arm64, riscv64
Reviewed-by: Simon Glass
Fixes: commit aac53d3d96a2 ("sandbox: Rename EFI runtime sections")
Signed-off-by: Ilias A
Hi Heinrich
resending the reply, I accidentally sent half of the message...
On Fri, 14 Jun 2024 at 12:04, Heinrich Schuchardt wrote:
>
> On 14.06.24 09:01, Ilias Apalodimas wrote:
> > On Fri, 14 Jun 2024 at 09:59, Heinrich Schuchardt
> > wrote:
> >>
> >>
Hi Heinrich,
On Fri, 14 Jun 2024 at 12:04, Heinrich Schuchardt wrote:
>
> On 14.06.24 09:01, Ilias Apalodimas wrote:
> > On Fri, 14 Jun 2024 at 09:59, Heinrich Schuchardt
> > wrote:
> >>
> >> On 6/14/24 08:03, Ilias Apalodimas wrote:
> >>> Hi
Thanks Eddie,
On Sat, 15 Jun 2024 at 00:31, Eddie James wrote:
>
>
> On 6/14/24 07:09, Ilias Apalodimas wrote:
> > The PC client spec [0], doesn't describe measurements for DTBs. It does
> > describe what do to for ACPI tables though.
> >
> > There is a desc
+ 0x01, 0x15, 0x87, 0x0e, 0xf3, 0x67)
> +
> +#define BEAGLEBONEAI64_SPL_IMAGE_GUID \
> + EFI_GUID(0x83447222, 0x1e26, 0x40cd, 0xa3, 0x95, \
> + 0xb7, 0xde, 0x09, 0x57, 0xe8, 0x75)
> +
> +#define BEAGLEBONEAI64_UBOOT_IMAGE_GUID \
> + EFI_GUID(0x4249ff77, 0xc17d, 0x4eb7, 0xa1, 0xdb, \
> + 0x45, 0xaa, 0x98, 0x87, 0xd4, 0x9e)
> +
> +#define BEAGLEBONEAI64_SYSFW_IMAGE_GUID \
> + EFI_GUID(0xdfc9c683, 0x49b7, 0x46bd, 0xb3, 0xc1, \
> + 0x3a, 0x3b, 0x2f, 0xdb, 0x13, 0x5b)
> +
> +/* Now for the remaining common defines */
> +#include
> +
> +#endif /* __CONFIG_BEAGLEBONEAI64_H */
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas
On Fri, 14 Jun 2024 at 15:40, Heinrich Schuchardt wrote:
>
> On 14.06.24 14:14, Ilias Apalodimas wrote:
> > We currently only describe the process to enable measured boot using
> > bootm. Describe the UEFI requirements as well which predate bootm.
> >
> > S
We currently only describe the process to enable measured boot using
bootm. Describe the UEFI requirements as well which predate bootm.
Signed-off-by: Ilias Apalodimas
---
Changes since v1:
- fixed remarks from Heinrich on titling and DTB measured PCR
doc/usage/measured_boot.rst | 28
://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification
Reported-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
boot/bootm.c | 2 +-
lib/efi_loader/efi_tcg2.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
[...]
>
> > +
> > +UEFI requirements
> > +~
> > +* A hardware TPM 2.0 supported by the U-Boot drivers
>
> by an enabled U-Boot driver.
>
> > +* CONFIG_EFI_TCG2_PROTOCOL=y
> > +* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
> > +* optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will
[...]
>
> > +
> > +UEFI requirements
> > +~
> > +* A hardware TPM 2.0 supported by the U-Boot drivers
>
> by an enabled U-Boot driver.
>
> > +* CONFIG_EFI_TCG2_PROTOCOL=y
> > +* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
> > +* optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will
We currently only describe the process to enable measured boot using
bootm. Describe the UEFI requirements as well which predate bootm.
Signed-off-by: Ilias Apalodimas
---
doc/usage/measured_boot.rst | 24 ++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git
On Fri, 14 Jun 2024 at 09:59, Heinrich Schuchardt wrote:
>
> On 6/14/24 08:03, Ilias Apalodimas wrote:
> > Hi Simon,
> >
> > On Mon, 10 Jun 2024 at 17:59, Simon Glass wrote:
> >>
> >> It does not make sense to enable all SHA algorithms unles
On Fri, 14 Jun 2024 at 09:54, Ilias Apalodimas
wrote:
>
> commit 6e2228fb052b ("Merge patch series "Clean up arm linker scripts"")
> was cleaning up linker scripts for armv7 and v8 in a similar fashion.
>
> Several commits in the past -- e.g
> commit d0b5d9da5d
1 - 100 of 2410 matches
Mail list logo