22 May, 2020
1 commit
-
The main memory contents can spontaneously come to the cache due to
the speculative memory access by the CPU, this may cause coherency
problem if this happens during the DMA operaion is on-going.Invalidate the dcache range after DMA opeartion but before the main
memory read to avoid coherency problem.Test: reboot test.
Change-Id: I93824deab9285b5478669e0a311e0b338bf02f8a
Signed-off-by: Ji Luo
21 May, 2020
1 commit
-
According to the spec of android wear, the device MUST provides a
bootloader menu for debugging purpose.This commit implements a simple bootloader menu based on imx7ulp_evk
revb board, the menu will show when booting with 'VOL+' key pressed,
users can press "VOL+" to choose the item, then press "ONOFF" key to
confirm.Test: bootloader menu show on imx7ulp_evk revb.
Change-Id: I80638a43afa17e312e633b05888c62440380b42b
Signed-off-by: Ji Luo
19 May, 2020
1 commit
-
According to the google boot flow, an orange warning should
be displayed on UNLOCKED device to reminder the users of the
potential risks.This commit will show an orange warning logo and warning text
on the screen, it shall be dismissed after 3 seconds, users
can also skip it by pressing the ON-OFF button.Config 'CONFIG_AVB_WARNING_LOGO_COLS' and 'CONFIG_AVB_WARNING_LOGO_ROWS'
define the (x, y) position of the warning logo, its default
value is for 1080*720 resolution display and can be overridden.Test: Orange warning logo show on all imx8m/imx8q platfroms.
Change-Id: I607edb3da039b47ddfac681f855834d8da187af8
Signed-off-by: Ji Luo
18 May, 2020
21 commits
-
Only check the bootloader rollback index and trusty keyslot package
for rpmb key flashed boards.Test: boots on boards without rpmb key.
Change-Id: I130e4d906c0f08d602eac820ec5612214e01ff55
Signed-off-by: Ji Luo -
dynamic partition feature is not enabled on automotive, so there is
system partition in GPT, uboot for automotive need to get the info of
this partition to generate the correct bootargs.And also, there is no commandline descriptor as "dm=***" in vbmeta image
for standard Android after dynamic partition feature is enabled, so
there is no need to use "strstr" to eleminate this from the bootargs.Change-Id: I51b3b92f5a22550602335cfc212831b263526f42
Signed-off-by: faqiang.zhu -
To enable dynamic partition feature, system partition will be a logic
parition in "super" partition, uboot can't access system partition
anymore.In i.MX Android use case, only vbmeta partition is used to verify other
imags. boot and system are not used. so there is no need to access
system partition to get avb device info, remove system partition from
avb lib.Now, standard Android will boot with ramdisk in boot.img, there is no
need to provide root info to kernel for standard Android. so only
Android Auto will provide this info.Change-Id: I99a43eb8f7aa1dc635e3937c93266f881c9b3655
Signed-off-by: faqiang.zhu
(cherry picked from commit 3a2418a1cc097cd956347fc12b0b4e0566652bfd) -
Only limited heap memory is available on imx8q platforms due
to some memory is reserved for m4 image. Commit cd67414 will
free avb verify data and thus help decrease the heap memory
consumption.But when the device is locked, avb will try to verify one slot
first, it will continue to verify another if the first slot
returns failure. Function load_full_partition() will alloc memory
to load boot/dtbo images from heap (which is a big and continuous
memory region), this memory will be freed if the first slot returns
verify failure. but because part of the continous memory region
will be used in following verify process, even total available memory
is enough, u-boot can't find a continous memory region to load the
boot/dtbo image for another slot and will return error "Failed to
allocate memory".Instead, this commit use fixed memory region start from 96MB offset of
CONFIG_FASTBOOT_BUF_ADDR to load the boot/dtbo images.Test: slot verify and A/B slot switch.
Change-Id: Ifc83bed5a6be37196c0fd109d942eaf9b07b6a74
Signed-off-by: Ji Luo
(cherry picked from commit d13752e831957fb84c71f8ca24fd1979d3605cde) -
Address 0x8880_0000 is reserved for M4 image on imx8q, which
leaves limited memory region for the malloc pool. The avb
will consume much heap memory to verify the kernel and dtbo
image, memory conflicts may happen as the kernel/dtbo image
size is getting larger.As the avb will load kernel/dtbo in every avb_slot_verify(), but
will only free the memory after both slots are checked(if needed).
And for trusty enabled platforms, extra heap memory will be used
to do the hash calculation.This commit will free the slot memory once it's marked as unbootable
and will use fixed memory started from CONFIG_FASTBOOT_BUF_ADDR to
help store the data to do the hash calculation. With above change,
we get a chance to decrease the malloc pool size.Test: boot on imx8qxp and imx8mm.
Change-Id: Ia5cdaf9962ae1cb8b8e9bee5305205ec6d90b84a
Signed-off-by: Ji Luo
(cherry picked from commit 0a299eb1a4c8c929d069cb4a0d58a096c04f09f7) -
Guard oem unlock permission protection feature with new config
'CONFIG_TRUSTY_UNLOCK_PERMISSION', so we can enable or disable
it as needed.Test: build and boot on imx8mm.
Signed-off-by: Ji Luo
(cherry picked from commit c664d8e8b94e9b6f66b2bf04d1be47e9b8a22978)Change-Id: If1db4b46ecac21b8f187854531704eaff2df30c4
-
Slot will be marked as "unbootable" state if error happens during
image load/verify process, this may cause the board never boot up
if some random failures happen (like eMMC/DRAM access error at some
critical temperature).Check the "successful_boot" flag before marking the slot as "unbootable",
this will help ease the "no bootable slot" issue.Test: slot switch on imx8qm_mek.
Signed-off-by: Ji Luo
(cherry picked from commit 6db8ebe2224ab6656e8e798288bd1b3c0472c0c0)Change-Id: Ib060b11cc6687a3bacd09cecda7dd925beba6316
-
Add commands to read oem device unlock state from
trusty avb app. Use the oem device unlock state to
determine if the device can be unlocked instead of
the state in persistdata part.Test: Read oem device unlock state from avb app.
Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
Signed-off-by: Ji Luo
(cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d) -
Don't skip vbmeta public key verify for non-trusty
platforms.Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo
(cherry picked from commit 9b8264c89ccb3e9179a438e428ad79d72c7efe9b) -
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
(cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a) -
MMC device id remap function "board_mmc_get_env_dev()" was
removed in u-boot v2019 because we add the mmc device aliases
in dts file. But we still need to remap the mmc device id in
spl or read/write rpmb keyslot package will fail.This patch adds mmc device id remap function in spl to get the
correct device id.Test: boot on imx8mm with trusty enabled.
Change-Id: I41c46494326d9eb2658d2cda692968fb895d0292
Signed-off-by: Ji Luo
(cherry picked from commit c079188d06b3669df7836e1b8c6126558b1fa39e) -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo
(cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6) -
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo
(cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505) -
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo
(cherry picked from commit 6c1087c030de491a12b7f1be9d332f30ba27d183) -
Add sha256 hmac support in u-boot.
Test: hmac calculation.
Change-Id: I0f1438fed8290620a1bb0663d19c21e20098eb5a
Signed-off-by: Ji Luo
(cherry picked from 1e06de6ef23c1ae9d51383f3c57bb045ea180c03) -
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-encChange-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang
(cherry picked from commit 58965915dd69050429142d3d180c75e98ad14788) -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7) -
Due SPL doesn't have env, so cannot use mmc_get_env_dev() get
the mmc index.
Following spl_mmc.c get correct mmc index in SPL.Change-Id: I0f07a9ea35d5b3ba0d638af436238d0cfe925981
Signed-off-by: Haoran.Wang
(cherry picked from commit 6e4753b4dc0c5bde5aa573b42cb6b7caa6a95bc9) -
This commit enables dual bootloader feature for imx8m/imx8q, but
as commit 'a2018ab' already brings in some dual bootloader codes
when enabling fastboot support, so this commit won't be a complete
and standalone patch to introduce the dual bootloader feature.This commit will do the following:
1. clean up dual bootloader flow and add missing implementation.
2. Merge the dual bootloader entry for fit and container to one
function 'mmc_load_image_raw_sector_dual_uboot'.Change-Id: Ic9410a48092cc05de599dd897fc912177e2a1fe1
Signed-off-by: Ji Luo -
Driver Module may be used in SPL, with CONFIG_BLK enabled for U-Boot,
CONFIG_SPL_BLK will be enabled, struct mmc definition will be different.
comply with that mmc struct definition in fsl_avbkey.c file to handle
conditions when DM is used in SPL.Change-Id: I632600556e764b25228ba467a5e5141cf3fc3dfe
Signed-off-by: faqiang.zhu
(cherry picked from commit de905a8a3c6dfdf9241a188b2e22c76dbef851c1) -
libavb is now under the directory of lib/, not lib/avb/ as before, to
adapt to this change, some modifications are made:
1. header file inclusion change, including parameter of -I option in
Makefile
2. remove fsl_avb_sysdeps_uboot.c as the functions have been defined in
avb_sysdeps_posix.c.Change-Id: I4216e3ddb4e3e810783e4f46b953eda510c2627b
Signed-off-by: faqiang.zhu
Signed-off-by: Ji Luo
(cherry pick from 58010b99560eea2027dd39909eb5b35404e6030e)
27 Apr, 2020
7 commits
-
Previous patch "MLK-21885 lmb: Handle the overlap case for lmb reserve" adds
the overlap support to lmb reserve. However, u-boot has some places to use the
lmb_reserve when allocating memory in loading images. If we allowed overlap
in this function, it means images loading address can overlap each other and
cause the address check mechanism not work.So add another function to allow overlap and only use it for fdt reserved-memory
nodes. The FDT reserved-memory is ok to merge with other reserved memory, since
this won't break image loading address check.Signed-off-by: Ye Li
(cherry picked from commit 2109dc2a4da592003ec62820f5bdfb6bd0899805) -
lmb reserve is used to reserve some memory so that when loading images
(like kernel, dtb, initrd), images won't be loaded into the reserved memory.The problem in current lmb is it does not handle the overlap case. When adding
a new reserved memory, if the memory region is overlap with regions already been
added in lmb, it will fail. One example is reserved memory in DTB may overlap with
u-boot relocate address. lmb reserves the u-boot relocate address firstly, so when
adding reserved memory from DTB, we will meet failure.Actually if we handle the overlap case, we can resolve the overlap by using a max
common region for the overlap regions. So that this case won't fail.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
(cherry picked from commit 37d86c68816dffde3dc8dcda5b9d67a195b2f9c2) -
Fix coverity issue CID 18031: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable fill_buf going out of scope leaks the storage it points toShould free the fill_buf before function return.
Signed-off-by: Ye Li
(cherry picked from commit bc23ae569c7aaea338648c000b7b733b09eb735a)
(cherry picked from commit 0a496da0851e981b0ab19338145fcb622762af94) -
chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;
All is uint32. chunk_data_sz may be bigger than 4G.Change chunk_data_sz to 64bit.
force chunk_header->chunk_sz and sparse_header->blk_sz to 64bit.Signed-off-by: Frank Li
Acked-by: Ye Li
(cherry picked from commit 08090670625c4ccf86dbc9157dad4799f3669fb7)
(cherry picked from commit af09befee9c55525a6bc9844904048c324db7261) -
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster, hwcrypto and SecureStorage service
tipc client implement in this lib.Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
(cherry picked from commit 0ccdd527a794c2b450658980361a7857ce7495c9)
(cherry picked from commit ffca28682c5a9375c29b3036a156aff190341960) -
Porting the FSL android fastboot features from imx u-boot v2018.03 to
support all SoCs: imx6/imx7/imx7ulp/imx8/imx8m.The UUU commands like UCmd and ACmd are also added. Users need set
CONFIG_FASTBOOT_UUU_SUPPORT=y to enable the feature.Signed-off-by: Frank Li
Signed-off-by: Ye Li
(cherry picked from commit 65120b06a7f750b9b1a6e0db3d2082cc7088d5a8)
(cherry picked from commit 9b149c2a28829fe7017f83981d634157bc31cc94) -
Porting the android AVB lib from imx u-boot v2018.03. Since 2019 u-boot
has added latest AVB library, try to reuse it.Signed-off-by: Ye Li
(cherry picked from commit 2105662ada738a271e12a81d775134a5821dc38f)
(cherry picked from commit f7291d86c4183ce2e299ad271aa5618c71507ffc)
(cherry picked from commit b871714c519e1bda3de6afbd354bee2cb246e4b7)
01 Apr, 2020
1 commit
-
These are used in multiple places so update them to use a shared #define.
Signed-off-by: Simon Glass
Reviewed-by: Philippe Reynes
23 Mar, 2020
1 commit
-
'vendor' is both an input and an output parameter. So it cannot be
constant.Fixes: 0bda81bfdc5c ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt
22 Mar, 2020
7 commits
-
Provide unit tests for CalculateCrc32(), CopyMem(), SetMem().
Signed-off-by: Heinrich Schuchardt
-
For EFI binaries we have to provide an implementation of memmove() in
efi_freestanding.c.Before this patch the memmove() function was copying in the wrong
direction.Signed-off-by: Heinrich Schuchardt
-
Correct the description of function efi_convert_pointer().
Signed-off-by: Heinrich Schuchardt
-
To check if a variable is non-zero there is no need for '!= 0'.
Signed-off-by: Heinrich Schuchardt
-
GetNextVariableName should report the length of the variable including the
final 0x0000 in bytes.Check this in the unit test.
Increase the buffer size for variable names. 40 bytes is too short.
Signed-off-by: Heinrich Schuchardt
-
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18Provide correct length in GetNextVariable().
Fixes: d99a87f84b75 ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt -
Use Sphinx style for function descriptions.
Signed-off-by: Heinrich Schuchardt