Simon Glass [Thu, 17 Dec 2020 04:20:27 +0000 (21:20 -0700)]
dm: test: Add a test for DM_UC_FLAG_NO_AUTO_SEQ
Check that this flag operates as expected. This patch is not earlier in
this series since is uses the new behaviour of dev_seq().
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:26 +0000 (21:20 -0700)]
dm: Switch over to use new sequence number for dev_seq()
Update this function to use the new sequence number and fix up the test
that deals with this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:25 +0000 (21:20 -0700)]
pinctrl: Update for new sequence numbers
Use the dev_seq() sequence number in all cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:24 +0000 (21:20 -0700)]
gpio: Update for new sequence numbers
Use the dev_seq() sequence number in all cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:23 +0000 (21:20 -0700)]
x86: Simplify acpi_device_infer_name()
There is no-longer any need to check if sequence numbers are valid, since
this is ensured by driver model. Drop the unwanted logic.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:22 +0000 (21:20 -0700)]
x86: Drop unnecessary mp_init logic
Now that sequence numbers are set up when devices are bound, this code is
not needed. Also, we should use dev_seq() instead of req_seq. Update the
whole file accordingly.
Also fix up APL cpu while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:21 +0000 (21:20 -0700)]
usb: Update for new sequence numbers
Use the new sequence number in all cases. Since all devices are assigned
a number when bound, this hack should not be needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:20 +0000 (21:20 -0700)]
usb: ehci-mx6: Drop assignment of sequence number
This hack cannot work in the new sequence-numbering scheme. Remove it
while we wait for the maintainer to complete DM conversion as noted in
the existing comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:19 +0000 (21:20 -0700)]
spi: Update for new sequence numbers
Use the new sequence number in all cases. Drop the rockchip case because
the sequence number should be 0 anyway, and assigning to the sequence
number is not permitted.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:18 +0000 (21:20 -0700)]
pci: Update to use new sequence numbers
Now that we know the sequence number at bind time, there is no need for
special-case code in dm_pci_hose_probe_bus().
Note: the PCI_CAP_ID_EA code may need a look, but there are no test
failures so I have left it as is.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:17 +0000 (21:20 -0700)]
dm: core: Allow manual sequence numbering
Some buses have their own rules which require assigning sequence numbers
with a bus-specific algorithm. For example, PCI requires that sub-buses
are numbered higher than their parent buses, meaning effectively that
parent buses must be numbered only after all of their child buses have
been numbered.
Add a uclass flag to indicate that driver model should not assign sequence
numbers. In this case, the uclass must do it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:16 +0000 (21:20 -0700)]
net: Update to use new sequence numbers
Checking for seq == -1 is effectively checking that the device is
activated. The new sequence numbers are never -1 for a bound device, so
update the check.
Also drop the note about valid sequence numbers so it is accurate with the
new approach.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:15 +0000 (21:20 -0700)]
i2c: Update for new sequence numbers
Use the new sequence number in all cases. Drop the logic to check for a
valid number in designware_i2c, since it will always be valid.
Also drop the numbering in the uclass, since we can rely on driver
model giving us the right sequence numbers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:14 +0000 (21:20 -0700)]
octeon: Don't attempt to set the sequence number
Several Octeon drivers operate by setting the sequence number of their
device. This should not be needed with the new sequence number setup. Also
it is not permitted. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:13 +0000 (21:20 -0700)]
dm: test: Drop assumptions of no sequence numbers
Drop code in a few tests which assumes that sequence numbers are only
valid when a device is probed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:12 +0000 (21:20 -0700)]
dm: Fix return value in dev_read_alias_seq()
This should return 0 on success but currently does not. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:11 +0000 (21:20 -0700)]
dm: core: Switch binding to use new sequence numbers
Update the core logic to use the new approach. For now the old code is
left as is. Update one test so it still passes.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:10 +0000 (21:20 -0700)]
dm: test: Check all devices have a sequence numbers
Add a test that the new sequence numbers work as expected. Every device
should get one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:09 +0000 (21:20 -0700)]
dm: core: Add a new sequence number for devices
At present each device has two sequence numbers, with 'req_seq' being
set up at bind time and 'seq' at probe time. The idea is that devices
can 'request' a sequence number and then the conflicts are resolved when
the device is probed.
This makes things complicated in a few cases, since we don't really know
what the sequence number will end up being. We want to honour the
bind-time requests if at all possible, but in fact the only source of
these at present is the devicetree aliases. Since we have the devicetree
available at bind time, we may as well just use it, in the hope that the
required processing will turn out to be useful later (i.e. the device
actually gets used).
Add a new 'sqq' member, the bind-time sequence number. It operates in
parallel to the old values for now. All devices get a valid sqq value,
i.e. it is never -1.
Drop an #ifdef while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:08 +0000 (21:20 -0700)]
dm: core: Update uclass_find_next_free_req_seq() args
At present this is passed a uclass ID and it has to do a lookup. The
callers all have the uclass pointer, except for the I2C uclass where the
code will soon be deleted.
Update the argument to a uclass * instead of an ID since it is more
efficient.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:07 +0000 (21:20 -0700)]
dm: Avoid accessing seq directly
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.
The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:06 +0000 (21:20 -0700)]
linker_lists: Fix alignment issue
The linker script uses alphabetic sorting to group the different linker
lists together. Each group has its own struct and potentially its own
alignment. But when the linker packs the structs together it cannot ensure
that a linker list starts on the expected alignment boundary.
For example, if the first list has a struct size of 8 and we place 3 of
them in the image, that means that the next struct will start at offset
0x18 from the start of the linker_list section. If the next struct has
a size of 16 then it will start at an 8-byte aligned offset, but not a
16-byte aligned offset.
With sandbox on x86_64, a reference to a linker list item using
ll_entry_get() can force alignment of that particular linker_list item,
if it is in the same file as the linker_list item is declared.
Consider this example, where struct driver is 0x80 bytes:
ll_entry_declare(struct driver, fred, driver)
...
void *p = ll_entry_get(struct driver, fred, driver)
If these two lines of code are in the same file, then the entry is forced
to be aligned at the 'struct driver' alignment, which is 16 bytes. If the
second line of code is in a different file, then no action is taken, since
the compiler cannot update the alignment of the linker_list item.
In the first case, an 8-byte 'fill' region is added:
.u_boot_list_2_driver_2_testbus_drv
0x0000000000270018 0x80 test/built-in.o
0x0000000000270018 _u_boot_list_2_driver_2_testbus_drv
.u_boot_list_2_driver_2_testfdt1_drv
0x0000000000270098 0x80 test/built-in.o
0x0000000000270098 _u_boot_list_2_driver_2_testfdt1_drv
*fill* 0x0000000000270118 0x8
.u_boot_list_2_driver_2_testfdt_drv
0x0000000000270120 0x80 test/built-in.o
0x0000000000270120 _u_boot_list_2_driver_2_testfdt_drv
.u_boot_list_2_driver_2_testprobe_drv
0x00000000002701a0 0x80 test/built-in.o
0x00000000002701a0 _u_boot_list_2_driver_2_testprobe_drv
With this, the linker_list no-longer works since items after testfdt1_drv
are not at the expected address.
Ideally we would have a way to tell gcc not to align structs in this way.
It is not clear how we could do this, and in any case it would require us
to adjust every struct used by the linker_list feature.
One possible fix is to force each separate linker_list to start on the
largest possible boundary that can be required by the compiler. However
that does not seem to work on x86_64, which uses 16-byte alignment in this
case but needs 32-byte alignment.
So add a Kconfig option to handle this. Set the default value to 4 so
as to avoid changing platforms that don't need it.
Update the ll_entry_start() accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tom Rini [Mon, 14 Dec 2020 23:57:57 +0000 (18:57 -0500)]
Merge tag 'dm-pull-14dec20' of git://git.denx.de/u-boot-dm into next
Driver model tidy-up for livetree
Driver model big rename for consistency
Python 3 clean-ups for patman
Update sandbox serial driver to use membuff
Simon Glass [Thu, 3 Dec 2020 23:55:24 +0000 (16:55 -0700)]
checkpatch: Add warnings for unexpected struct names
As a way of keeping the driver declarations more consistent, add a warning
if the struct used does not end with _priv or _plat.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:23 +0000 (16:55 -0700)]
dm: treewide: Rename ..._platdata variables to just ..._plat
Try to maintain some consistency between these variables by using _plat as
a suffix for them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:22 +0000 (16:55 -0700)]
dm: treewide: Update 'auto' declarations to be on one line
Fix up the code style for those declarations that should now fit onto one
line, which is all of them that currently do not.
This is needed for dtoc to detect the structs correctly, at present.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:21 +0000 (16:55 -0700)]
dm: treewide: Rename ofdata_to_platdata() to of_to_plat()
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:20 +0000 (16:55 -0700)]
dm: treewide: Rename dev_get_platdata() to dev_get_plat()
Rename this to be consistent with the change from 'platdata'.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:19 +0000 (16:55 -0700)]
dm: Rename 'platdata_size' to 'plat_size'
Rename this to be consistent with the change from 'platdata'.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:18 +0000 (16:55 -0700)]
dm: treewide: Rename 'platdata' variables to just 'plat'
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:17 +0000 (16:55 -0700)]
dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 3 Dec 2020 23:55:16 +0000 (16:55 -0700)]
dtoc: Tidy up more Python style in dtb_platdata
Update this file to reduce the number of pylint warnings. Also add a few
missing comments while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:10 +0000 (17:50 -0700)]
dm: core: Drop unused parameter from dm_extended_scan_fdt()
This doesn't need to be passed the devicetree anymore. Drop it.
Also rename the function to drop the _fdt suffix.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:09 +0000 (17:50 -0700)]
dm: core: Drop unused parameter from dm_scan_fdt()
This doesn't need to be passed the devicetree anymore. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:08 +0000 (17:50 -0700)]
dm: core: Combine the flattree and livetree binding code
At present there are two copies of this code. With ofnode we can combine
them to reduce duplication. Update the dm_scan_fdt_node() function and
adjust its callers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:07 +0000 (17:50 -0700)]
dm: core: Add an ofnode function to get the devicetree root
This is needed in at least one place. Avoid the conditional code in root.c
by adding this inline function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:06 +0000 (17:50 -0700)]
dm: core: Drop device_bind_offset()
This function is not needed since the standard device_bind() can be used
instead. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:05 +0000 (17:50 -0700)]
dm: core: Drop dev_set_of_offset()
This pre-livetree function is not needed anymore. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:04 +0000 (17:50 -0700)]
dm: Drop uses of dev_set_of_offset()
The need for this can be avoided by passing the correct node to the
device_bind() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:03 +0000 (17:50 -0700)]
dm: Remove uses of device_bind_offset()
This function is not needed since the standard device_bind() can be used
instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:02 +0000 (17:50 -0700)]
dm: core: Add a livetree function to check node status
Add a way to find out if a node is enabled or not, based on its 'status'
property.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:01 +0000 (17:50 -0700)]
dm: core: Rename device_bind_ofnode() to device_bind()
This is the standard function to use when binding devices. Drop the
'_ofnode' suffix to make this clear.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sun, 29 Nov 2020 00:50:00 +0000 (17:50 -0700)]
dm: core: Rename device_bind() to device_bind_offset()
This function is not necessary anymore, since device_bind_ofnode() does
the same thing and works with both flattree and livetree.
Rename it to indicate that it is special.
Signed-off-by: Simon Glass <sjg@chromium.org>
Heinrich Schuchardt [Wed, 11 Nov 2020 23:29:59 +0000 (00:29 +0100)]
test: unit test for exception command
Test that an exception SIGILL is answered by a reset on the sandbox if
CONFIG_SANDBOX_CRASH_RESET=y or by exiting to the OS otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Heinrich Schuchardt [Wed, 11 Nov 2020 23:29:58 +0000 (00:29 +0100)]
efi_selftest: implement exception test for sandbox
Provide a unit test that causes an illegal instruction to occur.
The test can be run with the following commands:
=> setenv efi_selftest exception
=> bootefi selftest
This might be the output:
Executing 'exception'
EFI application triggers exception.
Illegal instruction
pc = 0x1444d016, pc_reloc = 0xffffaa078e8dd016
UEFI image [0x0000000000000000:0xffffffffffffffff] '/\selftest'
UEFI image [0x000000001444b000:0x0000000014451fff] pc=0x2016 '/bug.efi'
Resetting ...
It would tell us that the exception was triggered by an instruction
0x2016 bytes after the load address of the binary with filename /bug.efi.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Heinrich Schuchardt [Wed, 11 Nov 2020 23:29:57 +0000 (00:29 +0100)]
cmd: sandbox: implement exception command
Implement the commands
* exception undefined - execute an illegal instruction
* exception sigsegv - cause a segment violation
Here is a possible output:
=> exception undefined
Illegal instruction
pc = 0x55eb8d0a7575, pc_reloc = 0x57575
Resetting ...
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Heinrich Schuchardt [Wed, 11 Nov 2020 23:29:56 +0000 (00:29 +0100)]
sandbox: add handler for exceptions
Add a handler for SIGILL, SIGBUS, SIGSEGV.
When an exception occurs print the program counter and the loaded
UEFI binaries and reset the system if CONFIG_SANDBOX_CRASH_RESET=y
or exit to the OS otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:50 +0000 (20:36 -0700)]
sandbox: serial: Update to use membuff
Rather than implementing our own circular queue, use membuff. This allows
us to read multiple bytes at once into the serial input.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:49 +0000 (20:36 -0700)]
sandbox: serial: Convert to livetree
Use a livetree function to read the colour.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:48 +0000 (20:36 -0700)]
serial: sandbox: Drop unnecessary #ifdefs
CONFIG_OF_CONTROL is always enabled for sandbox (as it should be for all
boards), so we can drop it. Also use IS_ENABLED() for the SPL check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:21 +0000 (20:36 -0700)]
dtoc: Tidy up Python style in dtb_platdata
Update this, mostly to add comments for argument and return types. It is
probably still too early to use type hinting since it was introduced in
3.5.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:20 +0000 (20:36 -0700)]
patman: Drop tools.ToChar() and ToChars()
This is useful anymore, since we always want to call chr() in Python 3.
Drop it and adjust callers to use chr().
Also drop ToChars() which is no-longer used.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:19 +0000 (20:36 -0700)]
patman: Drop tools.ToByte()
This is not needed in Python 3. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:18 +0000 (20:36 -0700)]
patman: Drop unicode helper functions
We don't need these now that everything uses Python 3. Remove them and
the extra code in GetBytes() and ToBytes() too.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 9 Nov 2020 03:36:17 +0000 (20:36 -0700)]
fdt: Use an Enum for the data type
Use an Enum instead of the current ad-hoc constants, so that there is a
data type associated with each 'type' value.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tom Rini [Thu, 10 Dec 2020 18:54:33 +0000 (13:54 -0500)]
Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for next
Bug fixes
* avoid corruption of FAT file system when using long names
* correct values for RuntimeServicesSupport concerning UEFI capsule update
* link partition to block device via EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
New feature
* support EFI_LOAD_FILE_PROTOCOL in LoadImage() boot service
Heinrich Schuchardt [Fri, 10 Jan 2020 11:36:01 +0000 (12:36 +0100)]
efi_loader: link partition to block device
We provide a UEFI driver for block devices. When ConnectController() is
called for a handle with the EFI_BLOCK_IO_PROTOCOL this driver creates the
partitions. When DisconnectController() is called the handles for the
partitions have to be deleted. This requires that the child controllers
(partitions) open the EFI_BLOCK_IO_PROTOCOL of the controller (block IO
device) with attribute EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Fri, 10 Jan 2020 11:33:59 +0000 (12:33 +0100)]
efi_loader: make efi_protocol_open() non-static
Provide efi_protocol_open() as library function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Tue, 8 Dec 2020 14:55:01 +0000 (15:55 +0100)]
efi_selftest: test EFI_LOAD_FILE_PROTOCOL
A unit test is supplied to test the support for the EFI_LOAD_FILE_PROTOCOL
and the EFI_LOAD_FILE2_PROTOCOL by the LoadImage() boot service.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Tue, 8 Dec 2020 06:12:10 +0000 (07:12 +0100)]
efi_selftest: clean up Makefile
Bring all obj-y entries together.
Sort *.o targets.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 6 Dec 2020 12:00:15 +0000 (13:00 +0100)]
efi_loader: support EFI_LOAD_FILE_PROTOCOL
Support loading images via the EFI_LOAD_FILE_PROTOCOL and
EFI_LOAD_FILE2_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 6 Dec 2020 09:47:57 +0000 (10:47 +0100)]
efi_loader: carve out efi_load_image_from_file()
efi_load_image_from_file() should read via either of:
* EFI_SIMPLE_FILE_SYSTEM_PROTOCOL
* EFI_LOAD_FILE_PROTOCOL
* EFI_LOAD_FILE2_PROTOCOL
To make the code readable carve out a function to load the image via the
file system protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Fri, 4 Dec 2020 08:27:41 +0000 (09:27 +0100)]
efi_loader: pass boot_policy to efi_load_image_from_path
Implementing support for loading images via the EFI_LOAD_FILE_PROTOCOL
requires the boot policy as input for efi_load_image_from_path().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Fri, 4 Dec 2020 02:33:41 +0000 (03:33 +0100)]
efi_loader: move EFI_LOAD_FILE2_PROTOCOL_GUID
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.
Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Fri, 4 Dec 2020 02:02:03 +0000 (03:02 +0100)]
efi_loader: resequence functions in efi_boottime.c
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Mon, 7 Dec 2020 17:20:57 +0000 (18:20 +0100)]
efi_loader: remove EFI_HII_CONFIG_ROUTING_PROTOCOL
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Wed, 9 Dec 2020 06:38:46 +0000 (07:38 +0100)]
efi_loader: don't set EFI_RT_SUPPORTED_UPDATE_CAPSULE
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.
Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.
Fixes:
2bc27ca8a04a ("efi_loader: define UpdateCapsule api")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Thu, 19 Nov 2020 06:31:18 +0000 (07:31 +0100)]
fs: fat: deletion of long file names
Long file names are stored in multiple directory entries. When deleting a
file we must delete all of them.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Thu, 19 Nov 2020 06:44:08 +0000 (07:44 +0100)]
fs: fat: first dentry of long name in FAT iterator
A long name is split over multiple directory entries. When deleting a file
with a long name we need the first directory entry to be able to delete the
whole chain.
Add the necessary fields to the FAT iterator:
* cluster of first directory entry
* address of first directory entry
* remaining entries in cluster
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Thu, 19 Nov 2020 05:47:35 +0000 (06:47 +0100)]
fs: fat: use constant DELETED_FLAG
When deleting a directory entry 0xe5 is written to name[0].
We have a constant for this value and should use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Thu, 26 Nov 2020 15:10:01 +0000 (16:10 +0100)]
fs: fat: search file should not allocate cluster
Searching for a file is not a write operation. So it should not lead to the
allocation of a new cluster to the directory.
If we reuse deleted entries, we might not even use the new cluster and due
to not flushing it the directory could be corrupted.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 10:54:22 +0000 (11:54 +0100)]
fs: fat: reuse deleted directory entries
When creating new directory entries try to reuse entries marked as deleted.
In fill_dir_slot() do not allocate new clusters as this has already been
done in fat_find_empty_dentries().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 08:58:44 +0000 (09:58 +0100)]
fs: fat: fat_find_empty_dentries()
Provide a function to find a series of empty directory entries.
The current directory is scanned for deleted entries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Thu, 26 Nov 2020 18:06:55 +0000 (19:06 +0100)]
fs: fat: flush new directory cluster
When handling long file names directory entries may be split over multiple
clusters. We must make sure that new clusters are zero filled on disk.
When allocating a new cluster for a directory flush it.
The flushing should be executed before updating the FAT. This way if
flushing fails, we still have a valid directory structure.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 15:04:47 +0000 (16:04 +0100)]
fs: fat: set start cluster for root directory
When iterating over a child directory we set itr->start_clust.
Do the same when over the root directory.
When looking for deleted directory entries or existing short names we will
have to iterate over directories a second and third time. With this patch
we do not need any special logic for the root directory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 18:24:46 +0000 (19:24 +0100)]
fs: fat: dentry iterator for fill_dir_slot()
For reusing deleted directory entries we have to adjust the function called
to step to the next directory entry.
This patch alone is not enough to actually reuse deleted directory entries
as the fill_dir_slot() is still called with first never used directory
entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Wed, 25 Nov 2020 15:33:55 +0000 (16:33 +0100)]
fs: fat: generate unique short names
File names must be unique within their directory. So before assigning a
short name we must check that it is unique.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 18:19:39 +0000 (19:19 +0100)]
fs: fat: call set_name() only once
In set_name() we select the short name. Once this is correctly implemented
this will be a performance intensive operation because we need to check
that the name does not exist yet. So set_name should only be called once.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sat, 21 Nov 2020 07:32:50 +0000 (08:32 +0100)]
fs: fat: pass shortname to fill_dir_slot
Currently we pass the short name via the directory iterator.
Pass it explicitly as a parameter.
This removes the requirement to set the short name in the iterator before
writing the long name.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Fri, 20 Nov 2020 11:55:22 +0000 (12:55 +0100)]
fs: fat: create correct short names
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:
* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
concluding '\0'.
The solution for the following bug is split of into a separate patch:
* Short file names must be unique.
This patch only provides the loop over possible short file names.
Fixes:
c30a15e590c ("FAT: Add FAT write feature")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Sun, 22 Nov 2020 08:19:52 +0000 (09:19 +0100)]
fs: fat: export fat_next_cluster()
Rename function next_cluster() to fat_next_cluster() and export it.
When creating a new directory entries we should reuse deleted entries.
This requires re-scanning the directory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt [Tue, 24 Nov 2020 20:04:07 +0000 (21:04 +0100)]
fs: fat: correct first cluster for '..'
The FAT specification [1] requires that for a '..' directory entry pointing
to the root directory the fields DIR_FstClusHi and DIR_FstClusLo are 0.
[1] Microsoft FAT Specification, Microsoft Corporation, August 30 2005
Fixes:
31a18d570d96 ("fs: fat: support mkdir")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Alexandru Gagniuc [Wed, 21 Oct 2020 23:32:58 +0000 (18:32 -0500)]
spl: fit: Prefer a malloc()'d buffer for loading images
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
/======================\
| DRAM |
| |
| | CONFIG_SYS_TEXT_BASE
| |
| |
| ____________________ | CONFIG_SYS_SPL_MALLOC_START
|| malloc() data ||
|| ||
|| __________________ ||
||| FIT Image |||
||| |||
||| |||
Figure III
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Tom Rini [Mon, 7 Dec 2020 22:16:23 +0000 (17:16 -0500)]
Merge branch '2020-12-07-bootm-and-spl-atf-improvements' into next
- Series to improve "bootm" by allowing variable evaluation within the
cmdline we would be passing. This will help with Chrome OS but can be
useful elsewhere.
- Improve ATF (TF-A) support within SPL.
Simon Glass [Thu, 5 Nov 2020 17:33:48 +0000 (10:33 -0700)]
bootm: Support string substitution in bootargs
In some cases it is necessary to pass parameters to Linux so that it will
boot correctly. For example, the rootdev parameter is often used to
specify the root device. However the root device may change depending on
whence U-Boot loads the kernel. At present it is necessary to build up
the command line by adding device strings to it one by one.
It is often more convenient to provide a template for bootargs, with
U-Boot doing the substitution from other environment variables.
Add a way to substitute strings in the bootargs variable. This allows
things like "rootdev=${rootdev}" to be used in bootargs, with the
${rootdev} substitution providing the UUID of the root device.
For example, to substitute the GUID of the kernel partition:
setenv bootargs "console=/dev/ttyS0 rootdev=${uuid}/PARTNROFF=1
kern_guid=${uuid}"
part uuid mmc 2:2 uuid
bootm
This is particularly useful when the command line from another place. For
example, Chrome OS stores the command line next to the kernel itself. It
depends on the kernel version being used as well as the hardware features,
so it is extremely difficult to devise a U-Boot script that works on all
boards and kernel versions. With this feature, the command line can be
read from disk and used directly, with a few substitutions set up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:47 +0000 (10:33 -0700)]
cli: Support macro processing with a fixed-size buffer
At present cli_simple_process_macros() requires that the caller provide
an output buffer that is exactly CONFIG_SYS_CBSIZE bytes in length. This
makes sense since it is designed to be used from the command line. But we
also want to use it for bootargs substitution.
Update the function to allow the caller to specify the buffer size. Also
return an error if the buffer is exhausted. The caller can ignore that if
preferred.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:46 +0000 (10:33 -0700)]
x86: zimage: Add silent-console processing
At present zimage does its own command-line processing and does not
support the 'silent console' feature. There doesn't seem to be any good
reason for this.
Add support for silent console to zimage.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:45 +0000 (10:33 -0700)]
bootm: Allow updating the bootargs in a buffer
At present we only support updating the 'bootargs' environment
variable. Add another function to update a buffer instead. This will
allow zimage to use this feature.
Also add a lot more tests to cover various cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:44 +0000 (10:33 -0700)]
bootm: Update bootm_process_cmdline_env() to use flags
At present only one transformation is supported: making the Linux console
silent. To prepare for adding more, convert the boolean parameter into a
flag value.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:43 +0000 (10:33 -0700)]
bootm: Split out bootargs environment reading / writing
At present bootm_process_cmdline_env() reads the 'bootargs' variable and
then writes it back afterwards. This is painful for tests, which would
rather use a simple buffer.
It is also useful for zimage to use a buffer, since it does not actually
put the Linux command line in the bootargs variable.
Refactor the existing code into two pieces. One handles reading and
writing the environment variable, as well as allocating a buffer for use
by the rest of the code, which now operates on a buffer.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:42 +0000 (10:33 -0700)]
bootm: Use size rather than length for CONSOLE_ARG
Use the size (including terminator) for in this function, rather than
the length. This is arguably easier to follow, with the coming
refactor.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:41 +0000 (10:33 -0700)]
bootm: Add a bool parameter to bootm_process_cmdline_env()
This function will soon do more than just handle the 'silent linux'
feature. As a first step, update it to take a boolean parameter,
indicating whether or not the processing is required.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:40 +0000 (10:33 -0700)]
bootm: Rename fixup_silent_linux()
We want to add more processing to this function. Before doing so, rename
it to bootm_process_cmdline_env(), which is more generic.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:39 +0000 (10:33 -0700)]
bootm: Update fixup_silent_linux() to return an error
At present this function fails silently on error. Update it to produce
an error code. Report this error to the user and abort the boot, since it
likely will prevent a successful start.
No tests are added at this stage, since additional refactoring is taking
place in subsequent patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:38 +0000 (10:33 -0700)]
bootm: Add tests for fixup_silent_linux()
This function currently has no tests. Export it so that we can implement
a simple test on sandbox. Use IS_ENABLED() to remove the unused code,
instead #ifdef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 5 Nov 2020 17:33:37 +0000 (10:33 -0700)]
env: Allow returning errors from hdelete_r()
At present this function returns 1 on success and 0 on failure. But in
the latter case it provides no indication of what went wrong.
If an attempt is made to delete a non-existent variable, the caller may
want to ignore this error. This happens when setting a non-existent
variable to "", for example.
Update the function to return 0 on success and a useful error code on
failure. Add a function comment too.
Make sure that env_set() does not return an error if it is deleting a
variable that doesn't exist. We could update env_set() to return useful
error numbers also, but that is beyond the scope of this change.
Signed-off-by: Simon Glass <sjg@chromium.org>
wip
Michael Walle [Wed, 18 Nov 2020 16:46:02 +0000 (17:46 +0100)]
board: sl28: add OP-TEE Trusted OS support (bl32)
Add support to load the OP-TEE Trusted OS by the SPL.
Signed-off-by: Michael Walle <michael@walle.cc>
Michael Walle [Wed, 18 Nov 2020 16:46:01 +0000 (17:46 +0100)]
board: sl28: add ATF support (bl31)
Add support to load the bl31 part of the ARM Trusted Firmware by the
SPL.
Signed-off-by: Michael Walle <michael@walle.cc>
Michael Walle [Wed, 18 Nov 2020 16:46:00 +0000 (17:46 +0100)]
board: sl28: remove u-boot from loadable DT node
It is not needed. Remove it.
Signed-off-by: Michael Walle <michael@walle.cc>
Michael Walle [Wed, 18 Nov 2020 16:45:59 +0000 (17:45 +0100)]
armv8: layerscape: don't initialize GIC in SPL
The BL31 expects the GIC to be uninitialized. Thus, if we are loading
the BL31 by the SPL we must not initialize it. If u-boot is loaded by
the SPL directly, it will initialize the GIC again (in the same
lowlevel_init()).
This was tested on a custom board with SPL loading the BL31 and jumping
to u-boot as BL33 as well as loading u-boot directly by the SPL. In case
the ATF BL1/BL2 is used, this patch won't change anything, because no
SPL is used at all.
Signed-off-by: Michael Walle <michael@walle.cc>