| Age | Commit message (Collapse) | Author |
|---|
|
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-key
Test: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo <ji.luo@nxp.com>
(cherry picked from commit 557981f3ace1f11f1483668dd97076e6c3f1d1cc)
|
|
Assign security features to specific config.
Now, use AVB_RPMB to enable RPMB stored rollback
index.
After this refine,
for imx6/7/8 Android release, use no AVB_RPMB,
for imx6/7 AndroidThings, use AVB_RPMB.
This patch also fix below build error for imx6/7:
vendor/nxp-opensource/uboot-imx/lib/avb/fsl/fsl_avbkey.c:711:2: error:
implicit declaration of function 'fsl_fuse_read'
[-Werror=implicit-function-declaration]
if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW,
RPMBKEY_FUSE_OFFSET)){
Change-Id: I734479f0627901f372f4b211b2e710bd103eb244
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
In some situation, like uuu, the current mmc device
won't return the correct value. Avoid the NULL
pointer in secure storage proxy which may cause
panic.
Change-Id: Ie24afc270fec0b0977dee71b7fc44fe94876e410
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
This patch fix the bug that when keymaster tipc not
initialized the access will make uboot panic.
Change-Id: I6500219061ce69103c5f98750eaa5ace4854efea
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Align the callback to ARM64 environment for
Trusty OS.
TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.
Change-Id: I65806f56267a4a9278db04a462e351da181618cb
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Some redundant codes are added after cherry-picking android
related commits from imx_v2017.03, remove them in this commit.
Test: build and boot pass on imx6q_sabresd.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Blob buffer size is 48 bytes larger than the plain text buffer,
set correct range when flush the dcache. Also use cache aligned
buffer for the blob/plain_text to avoid failure in CAAM.
Change-Id: I3b377cfeb8f5bd9c76233827b2c9c7bd0d788c9b
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Sometimes we don't need to dump the whole partition table when
some partition can't be found, only dump the partition table
when it's needed.
Test: Build and boot ok.
Change-Id: I52407f0117b73f4b3656fe2435b08dfc7a349939
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
The RPMB keyslot is stored in last block of boot1 partition which
is easily erased or tampered, set power-on write protection for this
partition to prevent corruption.
Test: Power-on write protection works as expected on imx8m.
Change-Id: I7aadaed81ff81de680da9b20049f163a982e3d57
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Bootloader image take fit format and the rollback index for bootloader
is stored at the "rbindex" node, SPL will read the rollback index for
bootloader and compare it with the one stored in RPMB. The stored
rollback index will be updated only when current slot pass the verify
and has been marked as successful.
Bug:109947126
Test: Rollback index protection feature works fine for imx8m.
Change-Id: Ic12db4571287fbcb99e5eba0127e0b09378fa5d6
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
A/B switch logic will be moved to SPL stage if dual bootloader
feature is enable, in such case, we just need to verify single
slot which is selected in SPL stage.
Test: verify and boot ok for imx8m.
Change-Id: Iafe0d2d4aea1c178551940808416eec4a3547259
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Move the A/B slot check to SPL, the A/B slot switch
workflow is just like what we have in libavb_ab.
Test: A/B select works fine on imx8m.
Change-Id: Ie3d827a9be0298b491bf2bc8d48833597fd70e90
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Fix the null dereferenced issues from converity scan results.
issue id:
3618300:Dereference after null check
3618364:Dereference after null check
3618463:Dereference after null check
3618470:Explicit null dereferenced
3618520:Dereference after null check
Test: issue fixed by converity scan.
Change-Id: I577ed094a1f9b493de61b84827c0e1157a4fbd2f
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Fix build warnings in u-boot.
Change-Id: I1944657d2d89a03c0d2303a22a09538dfaa5fd2c
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Android Things will load dtb from a single partition like
"oem_bootloader" and we are going to sync normal Android
with Android Things. But just keep loading dtb from bootimage
before everything is ready.
Change-Id: I205528b1485d3e8e9961f19812f380a2b11b991b
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
'calc_sha256' should only be valid when CONFIG_IMX_TRUSTY_OS
is defined. Error message is like below:
error: label 'calc_sha256' defined but not used
[-Werror=unused-label]
Test: build pass with or without CONFIG_IMX_TRUSTY_OS enabled.
Change-Id: I0938e641596cb9faccd0c64f7c03d526dab3b7d4
Signed-off-by: Luo Ji <ji.luo@nxp.com>
Reviewed-on: http://androidsource.ap.freescale.net/project/4932
Reviewed-by: Wang Haoran <elven.wang@nxp.com>
|
|
For the device under development, the perm attr
not fused will break unlock ATX/AVB process and
make dm-verity parameters not output for kernel.
Use hard code one if Trusty OS didn't get the
perm attr.
Bug:93961668
Test: Verify kernel command line contains avb information.
Change-Id: Idd55dde79eed793dccdd7319600fbd04e11ca12d
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Test: None
Bug: None
Change-Id: I2c899e42d8b2911ed96df535c4864d1316d66383
|
|
Since Trusty OS will hand RPMB so no touch
the RPMB partition.
Change-Id: I07ed0e4a024171f6b353b038723ccd6e66a00d54
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Add API and IPC calls to read the ATAP certificate UUID from keymaster.
Also rename const local variables to the standard convention.
This cherry-picked the CL 649562 from trusty/external/trusty.
Bug: 76211194
Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Support "fastboot oem fuse at-perm-attr" command for
ATX. The perm_attr will be stored into RPMB which
managed by Trusty OS.
Modified permanent_attributes related AVB ops that
support Trusty OS backed RPMB storage.
Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Use Trusty OS AVB manager handle RollbackIndex and
lock status into RPMB partition.
Change-Id: Idfe7234cfa31b2169af59b64e00f028542c49240
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Part of permanent attributes hash was stored in
fuse for security reason, however, the write
operation of fuse was disabled by default because
it was an irreversible operation. Returning
AVB_IO_RESULT_ERROR_IO will stop following
AVB process and won't pass dm-verity related
commandlines to kernel, in such case, board
will fail to boot even in unlock state.
Returning AVB_IO_RESULT_OK and full zero
permanent attributes hash when the fuse
haven't been initialized, let the lock/unlock
policy in libavb to handle the mismatch errors.
Test: imx7d_pico boot successfully with dm-verity feature.
Change-Id: I6bcf58ff8ce71859fa2d85c86572ea6de1c3a0df
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
This commit did:
1. Sync AVB lib with external/avb, head of commit is:
commit 6d5326a945c2d17d5d0e7718d5cb97663c3b33a2
Author: Neal Ostrem <nealo@google.com>
Date: Tue Apr 24 13:09:45 2018 -0700
Merge fix/changes required after merge from AOSP ToT.
Change library name to one used by AT.
Test: Built successfully and unit tests pass.
Change-Id: I5e5fc9a6010d96cfecfc6faf0858ba930cba65a0
2. Change product id in ATX to be full zeros to sync with
external/avb.
3. Fix build errors and implement ops fsl_set_key_version.
4. Move most nxp modified code to lib/avb/fsl/.
Test: build and boot successfully for imx7d_pico and imx8m_phanbell.
Change-Id: I199a035fe8267b10955299a4b745458d40a2e754
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Refine ql-tipc Makefile to pass the u-boot
build which use uboot.mk.
Change-Id: I678eebdd8b5e5702a59b20b9580592dbaa78aa90
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Update to commit bb39a2b12dce8b6c9df9012faf231648de795e6d
List of changes:
bb39a2b ql-tipc: Support ATAP operations from bootloader
62b8d61 ql-tipc: Move serialization code to keymaster_serializable
8283307 avoid dead loop if tipc is closed by peer
cf3f7f5 [ql-tipc] Refactor U-boot rpmb_storage_send
4b1d74d Make logging more readable
Test: build + manual TIPC tests
Change-Id: Ib2c0e7a4a8313b6e62c1fe4f58b923c0c2d3f695
|
|
Type mismatch will cause some build warnings and they will be treated
as errors when '-Werror' is specified. Fix the error logs loke below:
error: cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
Test: build pass for evk_imx8mm
Change-Id: I48489815c8310c659a5c7c860433c4a93cb0dc66
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster and SecureStorage service
tipc client implement in this lib.
Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
|
|
Porting the android AVB lib from imx u-boot v2017.03
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.
This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h
and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Enable networking command only when NET is enabled.
And remove selecting NET for CMD_NET
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Add CONFIG prefix to DYNAMIC_CRC_TABLE and implement it in
Kconfig.
Signed-off-by: Faiz Abbas <faiz_abbas@ti.com>
|
|
efi_disk_register should return as status code (efi_status_t).
Disks with zero blocks should be reported as 'not ready' without throwing
an error.
This patch solves a problem running OpenBSD on system configured with
CONFIG_BLK=n (e.g. i.MX6).
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Add stubs for UpdateCapsule, QueryCapsuleCapabilities, and
QueryVariableInfo.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Change the return type of efi_driver_init() to efi_status_t.
efi_driver_init() calls efi_add_driver() which returns an efi_status_t
value. efi_driver_init() should not subject this value to a conversion to
int losing high bits on 64bit systems.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Currently the UEFI revision number in the system table header is set to
2.0.5. This version number does not refer to any existing version of the
UEFI standard.
Set the revision number to 2.7.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Currently we set the function pointer for the CreateEventEx boot service
to NULL. When called this would lead to an immediate failure.
A function stub is provided which handles the case that the boot service
is called without an event group and returns EFI_UNSUPPORTED otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
For EFI binaries we need special CFLAGS.
They were specified for an object file that since has been replaced.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Before the patch an undefined constant EFI_SUBSYSTEM was used in the
crt0 code. The current version of binutils does not swallow the error.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888403
The necessary constant IMAGE_SUBSYSTEM_EFI_APPLICATION is already
defined in pe.h. So let's factor out asm-generic/pe.h for the
image subsystem constants and use it in our assembler code.
IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER does not exist in the specification
let's use IMAGE_SUBSYSTEM_EFI_ROM instead.
The include pe.h is only used in code maintained by Alex so let him be the
maintainer here too.
Reported-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Vagrant Cascadian <vagrant@debian.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
config_fallbacks.h has some logic that sets HAVE_BLOCK_DEVICE
based on a list of enabled options. Moving HAVE_BLOCK_DEVICE to
Kconfig allows us to drastically shrink the logic in
config_fallbacks.h
Signed-off-by: Adam Ford <aford173@gmail.com>
[trini: Rename HAVE_BLOCK_DEVICE to CONFIG_BLOCK_DEVICE]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
config_fallback.h has some logic that checks a variety of options
and selects LIB_UUID if it hasn't already been selected. This
will all LIB_UUID in Kconfig and select this option for the list
of options to allow us to remove the logic from fallbacks
Signed-off-by: Adam Ford <aford173@gmail.com>
|
|
config_fallbacks.h had some logic to automatically select
LIB_RAND if RANDOM_UUID or CMD_UUID were set if LIB_HW_RAND wasn't
already selected. By migrating LIB_HW_RAND to Kconfig, we can
remove this check from config_fallbacks.h and put it into Kconfig
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
[trini: Turn into a choice, add NET_RANDOM_ETHADDR]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
AES encryption in CBC mode, in most cases, must be used with random
initialization vector. Using the same key and initialization vector several
times is weak and must be avoided.
Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks
functions for passing initialization vector.
Command 'aes' now also require the initialization vector parameter.
Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru>
|
|
Now that we have %pD support in vsprintf we should avoid separate
logic for printing device paths in other places.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
In an image is loaded from memory we do not have a device path.
Do not install NULL as device path in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
When printing '%pD' with a value of NULL we want to output
'<NULL>'. But this requires copying to buf. Leave this
to string16.
A unit test is supplied which relies on EFI support in the sandbox.
The development for EFI support in the sandbox is currently in branch
u-boot-dm/efi-working. The branch lacks commit 6ea8b580f06b ("efi_loader:
correct DeviceNodeToText for media types"). Ater rebasing the aforementioned
branch on U-Boot v2018.01 and adding 256060e4257a2 and this patch the test
is executed successfully.
Fixes: 256060e4257a2 (vsprintf.c: add EFI device path printing)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
When a UEFI payload just returns instead of calling the Exit() callback,
we handle that in efi_do_enter() and call Exit on its behalf, so that
the loaded_image->exit_status value is correct.
We were missing that logic in StartImage(). Call it there too.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Provide a better description for indent_string.
Fix a typo.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
EFI calls are usually defined as asmlinkage. That means we pass all parameters
to functions via the stack x86_32.
On x86_64 however, we need to also stick to the MS ABI calling conventions,
which the EFIAPI define conveniently handles for us. Most EFI functions were
also marked with EFIAPI, except for the entry call.
So this patch adjusts all entry calls to use EFIAPI instead of the manual
asmlinkage attribute.
While at it, we also change the prototype of the entry point to return
efi_status_t instead of ulong, as this is the correct prototype definition.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- Use efi_status_t in all occurences
|
|
We have 2 users of the EFI headers: efi_loader and the EFI stub. Efi_loader
always expects that the bitness of the definitions it uses is identical to
the execution.
The EFI stub however allows to run x86_64 U-Boot on 32bit EFI and the other
way around, so it allows for different bitness of EFI definitions and U-Boot
environment.
This patch explicitly requests via Kconfig that efi_loader can only be enabled
if the bitness is identical. Because we can run efi_loader on x86_64 without
EFI stub enabled, it also ensures that this case propagates the correct ABI
constraints.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
