16 Oct, 2019
1 commit
-
Add commands to read oem device unlock state from
trusty avb app. Use the oem device unlock state to
determine if the device can be unlocked instead of
the state in persistdata part.Test: Read oem device unlock state from avb app.
Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
Signed-off-by: Ji Luo
28 Aug, 2019
1 commit
-
Don't skip vbmeta public key verify for non-trusty
platforms.Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo
20 Aug, 2019
1 commit
-
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
01 Aug, 2019
1 commit
-
We may need to enable the dual bootloader feature on non-trusty
platforms, skip the bootloader rollback index check in spl if
trusty is not enabled.Don't generate rpmb key in spl, it should be generated in u-boot
proper with u-boot commands.Test: dual bootloader on imx8mm.
Change-Id: Iac454e0140cd6f4472a66d267d9ba0d40df7102c
Signed-off-by: Ji Luo
25 Jul, 2019
7 commits
-
MMC device id remap function "board_mmc_get_env_dev()" was
removed in u-boot v2019 because we add the mmc device aliases
in dts file. But we still need to remap the mmc device id in
spl or read/write rpmb keyslot package will fail.This patch adds mmc device id remap function in spl to get the
correct device id.Test: boot on imx8mm with trusty enabled.
Change-Id: I41c46494326d9eb2658d2cda692968fb895d0292
Signed-off-by: Ji Luo -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo -
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo -
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo -
Add sha256 hmac support in u-boot.
Test: hmac calculation.
Change-Id: I0f1438fed8290620a1bb0663d19c21e20098eb5a
Signed-off-by: Ji Luo -
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-encChange-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
22 Jul, 2019
1 commit
-
Due SPL doesn't have env, so cannot use mmc_get_env_dev() get
the mmc index.
Following spl_mmc.c get correct mmc index in SPL.Change-Id: I0f07a9ea35d5b3ba0d638af436238d0cfe925981
Signed-off-by: Haoran.Wang
10 Jul, 2019
2 commits
-
Driver Module may be used in SPL, with CONFIG_BLK enabled for U-Boot,
CONFIG_SPL_BLK will be enabled, struct mmc definition will be different.
comply with that mmc struct definition in fsl_avbkey.c file to handle
conditions when DM is used in SPL.Change-Id: I632600556e764b25228ba467a5e5141cf3fc3dfe
Signed-off-by: faqiang.zhu -
libavb is now under the directory of lib/, not lib/avb/ as before, to
adapt to this change, some modifications are made:
1. header file inclusion change, including parameter of -I option in
Makefile
2. remove avb_sysdeps_posix.o in Makefile since the functions in
avb_sysdeps_posix.c has beed redefined in fsl_avb_sysdeps_uboot.cChange-Id: I4216e3ddb4e3e810783e4f46b953eda510c2627b
Signed-off-by: faqiang.zhu
02 Jul, 2019
1 commit
-
to fix build issues, add two header files, "fastboot_lock_unlock.h" is
copied from imx_v2018.03 branch, "fb_fsl_common.h" contains some
varialbes and a function used in more than one files.the places where "fastboot_lock_unlock.h" is included is modified to
adapt to this change.
"fsl_fastboot.h" is renamed to "fb_fsl.h", the places where
"fsl_fastboot.h" is included is modified to adapt to this change.to fix function issues, command handle function in "fb_fsl_command.c" is
modified.build based on imx8mm_ddr4_evk, the board can boot and basic fastboot
function can work.Change-Id: I34961ef70351a1ee4c84b6721dba5ac7b261a0d3
Signed-off-by: faqiang.zhu
18 Jun, 2019
1 commit
-
Previous patch "MLK-21885 lmb: Handle the overlap case for lmb reserve" adds
the overlap support to lmb reserve. However, u-boot has some places to use the
lmb_reserve when allocating memory in loading images. If we allowed overlap
in this function, it means images loading address can overlap each other and
cause the address check mechanism not work.So add another function to allow overlap and only use it for fdt reserved-memory
nodes. The FDT reserved-memory is ok to merge with other reserved memory, since
this won't break image loading address check.Signed-off-by: Ye Li
06 Jun, 2019
1 commit
-
lmb reserve is used to reserve some memory so that when loading images
(like kernel, dtb, initrd), images won't be loaded into the reserved memory.The problem in current lmb is it does not handle the overlap case. When adding
a new reserved memory, if the memory region is overlap with regions already been
added in lmb, it will fail. One example is reserved memory in DTB may overlap with
u-boot relocate address. lmb reserves the u-boot relocate address firstly, so when
adding reserved memory from DTB, we will meet failure.Actually if we handle the overlap case, we can resolve the overlap by using a max
common region for the overlap regions. So that this case won't fail.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
24 May, 2019
4 commits
-
Fix coverity issue CID 18031: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable fill_buf going out of scope leaks the storage it points toShould free the fill_buf before function return.
Signed-off-by: Ye Li
(cherry picked from commit bc23ae569c7aaea338648c000b7b733b09eb735a) -
chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;
All is uint32. chunk_data_sz may be bigger than 4G.Change chunk_data_sz to 64bit.
force chunk_header->chunk_sz and sparse_header->blk_sz to 64bit.Signed-off-by: Frank Li
Acked-by: Ye Li
(cherry picked from commit 08090670625c4ccf86dbc9157dad4799f3669fb7) -
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster, hwcrypto and SecureStorage service
tipc client implement in this lib.Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
(cherry picked from commit 0ccdd527a794c2b450658980361a7857ce7495c9) -
Porting the android AVB lib from imx u-boot v2018.03. Since 2019 u-boot
has added latest AVB library, try to reuse it.Signed-off-by: Ye Li
(cherry picked from commit 2105662ada738a271e12a81d775134a5821dc38f)
(cherry picked from commit f7291d86c4183ce2e299ad271aa5618c71507ffc)
03 Apr, 2019
1 commit
29 Mar, 2019
2 commits
-
- Bugfixes:
- mmc: correct the HS400 initialization process
- configs: ti: Move FIT image load address to avoid overwrite
- lib: time: update module enable MACRO
- Add mbrugger as RPi board maintainer, correct agraf's email address. -
We'd better use correct way to check if module has enabled.
for we have 3 timer MACRO:
- CONFIG_TIMER
- CONFIG_SPL_TIMER
- CONFIG_TPL_TIMERSigned-off-by: Kever Yang
Reviewed-by: Philipp Tomsich
28 Mar, 2019
1 commit
-
We currently only support EFI_FILE_PROTOCOL_REVISION while
UEFI specs 2.4 - 2.7 prescribe EFI_FILE_PROTOCOL_REVISION2.
Add a todo.Add missing constants for the EFI file protocol revision.
Signed-off-by: Heinrich Schuchardt
27 Mar, 2019
1 commit
-
Avoid duplicate FreePool() in unit test for the device patch utilities
protocol.Signed-off-by: Heinrich Schuchardt
25 Mar, 2019
1 commit
-
The pointer checksum were used before checking that it
isn't NULL. We move the code that use it after the check.Reported-by: Coverity (CID: 185835)
Signed-off-by: Philippe Reynes
Reviewed-by: Simon Glass
21 Mar, 2019
6 commits
-
The check testing the string result of get_string() returned the wrong
result. The result was ignored.Use efi_st_strcmp_16_8() for the string comparison.
Signed-off-by: Heinrich Schuchardt
-
printf("%ls", ..) expects u16 * as argument to print. There is not need for
a conversion to wchar_t *.Signed-off-by: Heinrich Schuchardt
-
It does not make any sense to check if a pointer is NULL if we have
dereferenced it before.Reported-by: Coverity (CID 185827)
Signed-off-by: Heinrich Schuchardt -
Add a missing return statement in efi_get_next_variable_name().
Reported-by: Coverity (CID 185834)
Signed-off-by: Heinrich Schuchardt -
Avoid an endless loop in add_strings_package().
Suggested-by: Takahiro Akashi
Reported-by: Coverity (CID 185833)
Signed-off-by: Heinrich Schuchardt -
efi_allocate_pages() expects a (uint64_t *) pointer to pass the address of
the assigned memory. If we pass the address of a pointer here, an illegal
memory access occurs on 32bit systems.Fixes: 282a06cbcae8 ("efi_loader: Expose U-Boot addresses in memory map
for sandbox")
Signed-off-by: Heinrich Schuchardt
15 Mar, 2019
1 commit
-
Since commit f51a226436a87 ("efi_loader: provide freestanding library") in
parallel builds errorslib/efi_selftest/../efi_loader/efi_freestanding.o:
file not recognized: File truncatedoccur. Obviously make cannot correctly sequence parallel builds with a
dependency like ../efi_loader/efi_freestanding.o.Fixes: f51a226436a87 ("efi_loader: provide freestanding library")
Signed-off-by: Heinrich Schuchardt
11 Mar, 2019
1 commit
-
Function term_read_reply tries to read from the serial console until
the end_char was read. This can hang forever if we are, for some reason,
not able to read the full response (e.g. serial buffer too small,
frame error). This patch moves the timeout detection into
term_read_reply() to assure we will make progress.Fixes: 6bb591f704 ("efi_loader: query serial console size reliably")
Signed-off-by: Matthias BruggerThrow missing error when an incomplete reply for the cursor position is
received.Change type of argument of term_get_char() *s32. This renders the function
reusable in efi_cin_read_key().Reviewed-by: Heinrich Schuchardt
03 Mar, 2019
3 commits
-
When package types are not supported by our implementation of the HII
database protocol supported error messages are displayed.Essentially the output is only needed for debugging. By using EFI_PRINT()
the messages are only written for in debug mode and with correct
indentation.Signed-off-by: Heinrich Schuchardt
-
In new_package_list() we call new_packagelist() to create a new package
list. Next we try to add the packages which fails for form packages. Due
to this error we call free_packagelist(). Now in free_packagelist()
list_del() is called for an uninitialized field hii->link. This leads to
changing random memory addresses.To solve the problem move the initialization of hii->link to
new_packagelist().Signed-off-by: Heinrich Schuchardt
Reviewed-by: AKASHI Takahiro -
In the `efidebug boot add` command we do not want an unsolicited leading
backslash added to the file name.There is no good reason to mark a loaded file with a backslash as absolute.
Anyway when reading files the file name will be interpreted as relative to
root directory of the device.So let's get rid of this backslash.
Signed-off-by: Heinrich Schuchardt
25 Feb, 2019
2 commits
-
See UEFI specification v2.7a, section 3.1.3, "Load Option Processing."
Signed-off-by: AKASHI Takahiro
Reviewed-by: Heinrich Schuchardt -
Since commit 914df75b0c97 ("efi_loader: fix EFI entry counting")
entry_count is already set to 1 before efi_bootmgr_load() is called. So we
should not increment it when entering the function.Without the patch an assert error occurs in efi_get_variable() if DEBUG is
defined.Fixes: 914df75b0c97 ("efi_loader: fix EFI entry counting")
Signed-off-by: Heinrich Schuchardt