5 files changed, 181 insertions, 2 deletions

diff --git a/boot/Kconfig b/boot/Kconfig
index 6eb056def05..93344975a63 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -292,6 +292,57 @@ config SPL_FIT_GENERATOR
 
 endif # SPL
 
+if VPL
+
+config VPL_FIT
+	bool "Support Flattened Image Tree within VPL"
+	depends on VPL
+	default y
+	select VPL_HASH
+	select VPL_OF_LIBFDT
+
+config VPL_FIT_PRINT
+	bool "Support FIT printing within VPL"
+	depends on VPL_FIT
+	default y
+	help
+	  Support printing the content of the fitImage in a verbose manner in VPL.
+
+config VPL_FIT_FULL_CHECK
+	bool "Do a full check of the FIT before using it"
+	default y
+	help
+	  Enable this do a full check of the FIT to make sure it is valid. This
+	  helps to protect against carefully crafted FITs which take advantage
+	  of bugs or omissions in the code. This includes a bad structure,
+	  multiple root nodes and the like.
+
+config VPL_FIT_SIGNATURE
+	bool "Enable signature verification of FIT firmware within VPL"
+	depends on VPL_DM
+	depends on VPL_LOAD_FIT || VPL_LOAD_FIT_FULL
+	default y
+	select FIT_SIGNATURE
+	select VPL_FIT
+	select VPL_CRYPTO
+	select VPL_HASH
+	imply VPL_RSA
+	imply VPL_RSA_VERIFY
+	select VPL_IMAGE_SIGN_INFO
+	select VPL_FIT_FULL_CHECK
+
+config VPL_FIT_SIGNATURE_MAX_SIZE
+	hex "Max size of signed FIT structures in VPL"
+	depends on VPL_FIT_SIGNATURE
+	default 0x10000000
+	help
+	  This option sets a max size in bytes for verified FIT uImages.
+	  A sane value of 256MB protects corrupted DTB structures from overlapping
+	  device memory. Assure this size does not extend past expected storage
+	  space.
+
+endif # VPL
+
 endif # FIT
 
 config PXE_UTILS
@@ -334,6 +385,26 @@ config BOOTSTD_FULL
 	  - support for selecting the ordering of bootdevs using the devicetree
 	    as well as the "boot_targets" environment variable
 
+config SPL_BOOTSTD
+	bool "Standard boot support in VPL"
+	depends on SPL && SPL_DM && SPL_OF_CONTROL && SPL_BLK
+	default y if VPL
+	help
+	  This enables standard boot in SPL. This is neeeded so that VBE
+	  (Verified Boot for Embedded) can be used, since it depends on standard
+	  boot. It is enabled by default since the main purpose of VPL is to
+	  handle the firmware part of VBE.
+
+config VPL_BOOTSTD
+	bool "Standard boot support in VPL"
+	depends on VPL && VPL_DM && VPL_OF_CONTROL && VPL_BLK
+	default y
+	help
+	  This enables standard boot in SPL. This is neeeded so that VBE
+	  (Verified Boot for Embedded) can be used, since it depends on standard
+	  boot. It is enabled by default since the main purpose of VPL is to
+	  handle the firmware part of VBE.
+
 if BOOTSTD
 
 config BOOTSTD_BOOTCOMMAND
@@ -408,6 +479,24 @@ config BOOTMETH_VBE
 	  supports selection of various firmware components, seleciton of an OS to
 	  boot as well as updating these using fwupd.
 
+config SPL_BOOTMETH_VBE
+	bool "Bootdev support for Verified Boot for Embedded (SPL)"
+	depends on SPL && FIT
+	default y if VPL
+	help
+	  Enables support for VBE boot. This is a standard boot method which
+	  supports selection of various firmware components, seleciton of an OS to
+	  boot as well as updating these using fwupd.
+
+config VPL_BOOTMETH_VBE
+	bool "Bootdev support for Verified Boot for Embedded (VPL)"
+	depends on VPL && FIT
+	default y
+	help
+	  Enables support for VBE boot. This is a standard boot method which
+	  supports selection of various firmware components, seleciton of an OS to
+	  boot as well as updating these using fwupd.
+
 if BOOTMETH_VBE
 
 config BOOTMETH_VBE_SIMPLE
@@ -418,6 +507,54 @@ config BOOTMETH_VBE_SIMPLE
 	  firmware image in boot media such as MMC. It does not support any sort
 	  of rollback, recovery or A/B boot.
 
+config BOOTMETH_VBE_SIMPLE_OS
+	bool "Bootdev support for VBE 'simple' method OS phase"
+	default y
+	help
+	  Enables support for the OS parts of VBE 'simple' boot. This includes
+	  fixing up the device tree with the required VBE information, ready
+	  for booting into the OS. This option is only enabled for U-Boot
+	  proper, since it is the phase where device tree fixups happen.
+
+config SPL_BOOTMETH_VBE_SIMPLE
+	bool "Bootdev support for VBE 'simple' method (SPL)"
+	depends on SPL
+	default y if VPL
+	help
+	  Enables support for VBE 'simple' boot. This allows updating a single
+	  firmware image in boot media such as MMC. It does not support any sort
+	  of rollback, recovery or A/B boot.
+
+config VPL_BOOTMETH_VBE_SIMPLE
+	bool "Bootdev support for VBE 'simple' method (VPL)"
+	depends on VPL
+	default y
+	help
+	  Enables support for VBE 'simple' boot. This allows updating a single
+	  firmware image in boot media such as MMC. It does not support any sort
+	  of rollback, recovery or A/B boot.
+
+config SPL_BOOTMETH_VBE_SIMPLE_FW
+	bool "Bootdev support for VBE 'simple' method firmware phase (SPL)"
+	depends on VPL
+	default y
+	help
+	  Enables support for the firmware parts of VBE 'simple' boot. This
+	  includes an SPL loader which locates the correct U-Boot to boot into.
+	  This option should really only be enabled for VPL, since it is the
+	  phase where the SPL + U-Boot decision should be made. But for now,
+	  SPL does its own FIT-configuration selection.
+
+config VPL_BOOTMETH_VBE_SIMPLE_FW
+	bool "Bootdev support for VBE 'simple' method firmware phase (VPL)"
+	depends on VPL
+	default y
+	help
+	  Enables support for the firmware parts of VBE 'simple' boot. This
+	  includes an SPL loader which locates the correct SPL to boot into.
+	  This option enabled for VPL, since it is the phase where the SPL
+	  decision is made.
+
 endif # BOOTMETH_VBE
 
 config BOOTMETH_SANDBOX
diff --git a/boot/vbe_simple_os.c b/boot/vbe_simple_os.c
index 058db6154b0..87778bba97e 100644
--- a/boot/vbe_simple_os.c
+++ b/boot/vbe_simple_os.c
@@ -80,7 +80,7 @@ static int bootmeth_vbe_simple_ft_fixup(void *ctx, struct event *event)
 		ret = device_probe(dev);
 		if (ret)
 			return log_msg_ret("probe", ret);
-		ret = simple_read_state(dev, &state);
+		ret = vbe_simple_read_state(dev, &state);
 		if (ret)
 			return log_msg_ret("read", ret);
 
diff --git a/common/spl/Kconfig.vpl b/common/spl/Kconfig.vpl
index f33162276d9..ae1a3c724f3 100644
--- a/common/spl/Kconfig.vpl
+++ b/common/spl/Kconfig.vpl
@@ -133,6 +133,36 @@ config VPL_I2C_SUPPORT
 	  Enable support for the I2C bus in VPL. Vee SPL_I2C_SUPPORT for
 	  details.
 
+config VPL_MMC
+	bool "Support MMC in VPL"
+	depends on VPL && MMC
+	default y if MMC
+	help
+	  Enable support for MMC (Multimedia Card) within VPL This enables
+	  the MMC protocol implementation and allows any enabled drivers to
+	  be used within VPL. MMC can be used with or without disk partition
+	  support depending on the application (SPL_LIBDISK_SUPPORT). Enable
+	  this option to build the drivers in drivers/mmc as part of an VPL
+	  build.
+
+config VPL_DM_MMC
+	bool "Enable MMC controllers using Driver Model in VPL"
+	depends on VPL_DM && DM_MMC
+	default y
+	help
+	  This enables the MultiMediaCard (MMC) uclass which supports MMC and
+	  Secure Digital I/O (SDIO) cards. Both removable (SD, micro-SD, etc.)
+	  and non-removable (e.g. eMMC chip) devices are supported. These
+	  appear as block devices in U-Boot and can support filesystems such
+	  as EXT4 and FAT.
+
+config VPL_MMC_WRITE
+	bool "MMC/SD/SDIO card support for write operations in VPL"
+	depends on VPL_MMC
+	default y
+	help
+	  Enable write access to MMC and SD Cards in VPL
+
 config VPL_PCH_SUPPORT
 	bool "Support PCH drivers"
 	default y if TPL_PCH_SUPPORT
diff --git a/configs/sandbox_vpl_defconfig b/configs/sandbox_vpl_defconfig
index a2a12955493..557fdd141f2 100644
--- a/configs/sandbox_vpl_defconfig
+++ b/configs/sandbox_vpl_defconfig
@@ -4,7 +4,10 @@ CONFIG_SPL_LIBGENERIC_SUPPORT=y
 CONFIG_NR_DRAM_BANKS=1
 CONFIG_ENV_SIZE=0x2000
 CONFIG_DEFAULT_DEVICE_TREE="sandbox"
+CONFIG_SPL_TEXT_BASE=0x100000
+CONFIG_SPL_MMC=y
 CONFIG_SPL_SERIAL=y
+CONFIG_TPL_TEXT_BASE=0x100000
 CONFIG_TPL_LIBCOMMON_SUPPORT=y
 CONFIG_TPL_LIBGENERIC_SUPPORT=y
 CONFIG_TPL_SERIAL=y
@@ -23,6 +26,7 @@ CONFIG_DISTRO_DEFAULTS=y
 CONFIG_FIT=y
 CONFIG_FIT_SIGNATURE=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_BEST_MATCH=y
 CONFIG_SPL_LOAD_FIT=y
 # CONFIG_USE_SPL_FIT_GENERATOR is not set
 CONFIG_BOOTSTAGE=y
@@ -47,6 +51,7 @@ CONFIG_TPL_I2C=y
 CONFIG_TPL_RTC=y
 CONFIG_VPL=y
 CONFIG_VPL_ENV_SUPPORT=y
+CONFIG_VPL_TEXT_BASE=0x100000
 CONFIG_CMD_CPU=y
 CONFIG_CMD_LICENSE=y
 CONFIG_CMD_BOOTZ=y
@@ -98,7 +103,9 @@ CONFIG_CMD_CBFS=y
 CONFIG_CMD_CRAMFS=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_MAC_PARTITION=y
-CONFIG_AMIGA_PARTITION=y
+# CONFIG_SPL_MAC_PARTITION is not set
+# CONFIG_SPL_DOS_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
 CONFIG_OF_CONTROL=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_TPL_OF_CONTROL=y
@@ -113,6 +120,7 @@ CONFIG_NETCONSOLE=y
 CONFIG_IP_DEFRAG=y
 CONFIG_SPL_DM=y
 CONFIG_TPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
 CONFIG_DM_DMA=y
 CONFIG_REGMAP=y
 CONFIG_SPL_REGMAP=y
@@ -226,6 +234,8 @@ CONFIG_SPL_SYSRESET=y
 CONFIG_TPL_SYSRESET=y
 CONFIG_DM_THERMAL=y
 CONFIG_TIMER=y
+CONFIG_SPL_TIMER=y
+CONFIG_VPL_TIMER=y
 CONFIG_TIMER_EARLY=y
 CONFIG_SANDBOX_TIMER=y
 CONFIG_USB=y
@@ -246,6 +256,7 @@ CONFIG_CMD_DHRYSTONE=y
 CONFIG_RSA_VERIFY_WITH_PKEY=y
 CONFIG_TPM=y
 CONFIG_LZ4=y
+# CONFIG_VPL_LZMA is not set
 CONFIG_ERRNO_STR=y
 CONFIG_UNIT_TEST=y
 CONFIG_SPL_UNIT_TEST=y
diff --git a/test/py/tests/test_event_dump.py b/test/py/tests/test_event_dump.py
index 972c3837111..1a46ca30f42 100644
--- a/test/py/tests/test_event_dump.py
+++ b/test/py/tests/test_event_dump.py
@@ -17,5 +17,6 @@ def test_event_dump(u_boot_console):
     expect = '''.*Event type            Id                              Source location
 --------------------  ------------------------------  ------------------------------
 EVT_FT_FIXUP          bootmeth_vbe_ft_fixup           .*vbe_request.c:.*
+EVT_FT_FIXUP          bootmeth_vbe_simple_ft_fixup    .*vbe_simple_os.c:.*
 EVT_MISC_INIT_F       sandbox_misc_init_f             .*start.c:'''
     assert re.match(expect, out, re.MULTILINE) is not None