2019-06-07 |
ARM: Initial OP-TEE support
...
This adds initial support for OP-TEE, see https://www.op-tee.org/
barebox starts in secure mode as usual. When booting a kernel
the bootm code also loads the optee_os binary. Instead of jumping
into the kernel barebox jumps into the optee_os binary and puts
the kernel execution address into the lr register. OP-TEE then
jumps into the kernel in nonsecure mode.
The optee_os binary is passed with the -t option to bootm or
with global.bootm.tee.
Optionally OP-TEE can be compiled into barebox using the builtin firmware
feature. Enable the Kconfig option and place or link your tee binary as
optee.bin into the firmware directory.
The amount of SDRAM which is kept free for OP-TEE is configurable.
This patch was tested on a i.MX6 Nitrogen6x board.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 7 Jun 2019
|
2018-11-15 |
bootm: Print which file cannot be opened
...
When opening the OS image fails we used to print a message *which* file
could not be opened. This message is no longer printed since we now fail
in read_file_2 when there is an error. Move the message in the
read_file_2 failure path to print it again. file_detect_type() needs no
handling for ret < 0, in case of failure it returns filetype_unknown
which is handled later, so we can remove the error handling there.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 15 Nov 2018
|
2018-06-15 |
bootm: Split bootm_load_devicetree into two functions
...
It is not always desired to get the devicetree from image data and load
it to a SDRAM region at the same time. Sometimes it's enough to just
load it to an allocated address (in case the user has no constraints
where the devicetree should be placed.
This patch splits bootm_load_devicetree into bootm_get_devicetree which
returns a pointer to the allocated devicetree and bootm_load_devicetree
which loads the devicetree to a specified region.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 15 Jun 2018
|
bootm: Drop data->oftree
...
It's no longer necessary to store the devicetree pointer in struct
image_data, it can be replaced with a local variable.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 15 Jun 2018
|
2018-04-04 |
bootm: provide handlers the start of the OS image
...
The bootm code needs to read the beginning of the OS image in order to
determine the filetype. If it does so already, then we can provide the
handlers the buffer. This can help the handlers to find some image
metadata before loading the full image.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 4 Apr 2018
|
2018-02-08 |
FIT: Let user specify the configuration to use
...
The images in FIT images can be opened in two different ways. They
can be either opened directly based on their names in the images/
node or as part of a configuration based on their names in the
corresponding /configuration/ node.
So far we only supported the latter. To prepare supporting the former
we return a cookie belonging to the configuration from
fit_open_configuration() which we use in fit_open_image() to refer
to the desired configuration.
While at it document fit_open_configuration().
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 8 Feb 2018
|
bootm: FIT: do not depend on FIT pre-opened images
...
When calling fit_open_configuration the FIT code already opens
the images "kernel", "ramdisk" and "dtb". This does not fit well
into the FIT code, so make the bootm code independent of these
pre-opened images so that we can drop the opening from the FIT
code in the next step.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 8 Feb 2018
|
2018-01-18 |
FIT: export fit_open_configuration() and fit_open_image()
...
Currently only fit_open() is exported which only opens the predefined
images "kernel", "dtb" and "ramdisk". To make the FIT code more usable
for other code which may want to open other images export
fit_open_configuration() and fit_open_image().
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 18 Jan 2018
|
2017-12-15 |
Bootm: remove uimage_close done later in bootm_boot
...
From 24e24f9 Mon Sep 17 00:00:00 2001
From: Clement Leger <clement.leger@kalray.eu>
Date: Thu, 14 Dec 2017 13:29:50 +0100
Subject: [PATCH] Bootm: fix double uimage_close
When uimage crc fails, the error handling path call uimage_close in
bootm_open_os_uimage and also in bootm_boot. This leads to crash/exception.
Keep the main error handling path in bootm_boot and remove uimage_close from
bootm_open_os_uimage to avoid double uimage_close.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Clément Leger
authored
on 14 Dec 2017
Sascha Hauer
committed
on 15 Dec 2017
|
2017-09-20 |
bootm: bootm_open_initrd_uimage(): propagate error if initrd verification fails
...
If the verification of an initrd inside of an uImage fails an error message is
printed but the error is not propagated. Although this is not security
relevant, as the verification is currently only a CRC32 check, the error should
be returned. This patch fixes the problem.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Marc Kleine-Budde
authored
on 19 Sep 2017
Sascha Hauer
committed
on 20 Sep 2017
|
2017-06-13 |
Revert "globalvar: make globalvar functions more consistent"
...
This reverts commit 1b4a05c .
Sascha Hauer
committed
on 13 Jun 2017
|
2017-04-11 |
globalvar: make globalvar functions more consistent
...
Similar to the device parameter functions also make the globalvar
functions more consistent. This also adds support for readonly
globalvars and changes several existing globalvars which should
really be readonly to readonly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 11 Apr 2017
|
2017-01-16 |
bootm: fix magicvar name for global_bootm_verbose
...
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Enrico Jorns
authored
on 13 Jan 2017
Sascha Hauer
committed
on 16 Jan 2017
|
2016-09-05 |
of_unflatten_dtb(): Check return value with IS_ERR
...
Of_unflatten_dtb returns a ERR_PTR value so checking it against NULL is
incorrect. Fix it in all of the places where this was happening.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Andrey Smirnov
authored
on 1 Sep 2016
Sascha Hauer
committed
on 5 Sep 2016
|
2016-07-26 |
include: Move bulk of boot.h to bootm.h
...
The majority of the stuff currently in include/boot.h is about bootm
code implemented common/bootm.c. To be more consistent move it to a
new file include/bootm.h.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 26 Jul 2016
|
2016-05-11 |
bootm: make verbosity controllable via global variable
...
When the bootm code is not called directly by the bootm command it is
useful to control the verbosity with a globalvar. This introduces
global.bootm.verbose for this.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 11 May 2016
|
bootm: Move magicvar descriptions to common/bootm.c
...
Now that the bootm code can be used without the command, we have to
move the magicvar descriptions from the command code to the common
bootm code aswell.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 11 May 2016
|
2016-05-10 |
bootm: Add verify mode "available"
...
The verify "available" mode checks whatever is available in the
booted image, so when an image has a signature, it is checked and
must be correct and when an image is hashed, it is also checked
for correctness.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 10 May 2016
|
bootm: set bootm_verify_mode to correct value
...
When CONFIG_BOOTM_FORCE_SIGNED_IMAGES is enabled bootm_verify_mode
shall be forced to "signature", so set bootm_verify_mode to this
value during startup. Otherwise it shows up as "<NULL>" in devinfo.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 10 May 2016
|
bootm: Move bootm options to common/Kconfig
...
bootm has a C API, so the bootm options have to depend on the
option providing the bootm code (CONFIG_BOOTM), not on the
option providing the command (CONFIG_CMD_BOOTM). Fixing the
dependencies makes it possible to fully use bootm from C without
enabling the bootm command support.
This also removes the CMD_ prefix from the options which means
we have to update the defconfigs aswell.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 10 May 2016
|
2016-05-04 |
bootm: Optionally add a root= option to Kernel command line
...
It becomes a common case that the Kernel is loaded from the filesystem
which later becomes the rootfs. This adds a possibility to let bootm
automatically append the root= option to the kernel command line. This
is done when global.bootm.appendroot is true.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 4 May 2016
|
2016-02-25 |
bootm: Fix booting uImages
...
This fixes:
0a37e22d (bootm: use names instead of numbers for image parts)
This commit switches to strings for the image numbers for better FIT
image support (which uses names instead of numbers). These strings
may be NULL when no image number is given. They are used uninitialzed
in several places. Introduce a wrapper function to convert the string
into a number. Check for NULL here in which case we return 0 which
is the correct value.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 25 Feb 2016
|
2016-02-18 |
bootm: Free allocated fdt buffer in error path
...
It seems like there is a memory leak in an error path of
bootm_open_oftree_uimage() where the memory allocated for the fdt is not
released again.
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Harald Welte
authored
on 17 Feb 2016
Sascha Hauer
committed
on 18 Feb 2016
|
2016-02-15 |
bootm: parse initrd and oftree into correct struct members
...
The code parsing the oftree and initrd file names is clearly wrong,
leading to bootm not loading oftree or initrd files any more.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Lucas Stach
authored
on 12 Feb 2016
Sascha Hauer
committed
on 15 Feb 2016
|
bootm: restore load DT message for plain oftree files
...
This message was dropped when reorganizing the DT loading code,
and it's really confusing to miss this.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Lucas Stach
authored
on 12 Feb 2016
Sascha Hauer
committed
on 15 Feb 2016
|
2016-02-11 |
bootm: Fix resource_size_t format specifier
...
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 11 Feb 2016
|
2016-02-08 |
Merge branch 'for-next/misc'
Sascha Hauer
committed
on 8 Feb 2016
|
2016-01-26 |
bootm: Add option to force booting signed images
...
With CONFIG_BOOTM_FORCE_SIGNED_IMAGES the bootm code will refuse to boot
unsigned images. Since currently FIT is the only image type which
supports signing, this means with this option we enforce using FIT
images. All additionally passed in device trees and initrds will be
ignored, so that only the ones from the FIT image can be used.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Sascha Hauer
committed
on 26 Jan 2016
|
bootm: add initial FIT support
...
This implementation is inspired by U-Boot's FIT support. Instead of
using libfdt (which does not exist in barebox), configuration signatures
are verified by using a simplified DT parser based on barebox's own
code.
Currently, only signed configurations with hashed images are supported,
as the other variants are less useful for verified boot. Compatible FIT
images can be created using U-Boot's mkimage tool.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Jan Luebbe
authored
on 6 Jan 2016
Sascha Hauer
committed
on 26 Jan 2016
|
bootm: make verifying/hashing configurable
...
So long struct bootm_data.verify is a bool which enables CRC checking
(hashing). Extend this to a enum and add support for signature checking
in the same option. This also adds the corresponding globalvar and a
-s option to bootm.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 26 Jan 2016
|