aboutsummaryrefslogtreecommitdiff
path: root/common/Kconfig.boot
AgeCommit message (Collapse)Author
2021-11-11Create a new boot/ directorySimon Glass
Quite a lot of the code in common/relates to booting and images. Before adding more it seems like a good time to move the code into its own directory. Most files with 'boot' or 'image' in them are moved, except: - autoboot.c which relates to U-Boot automatically running a script - bootstage.c which relates to U-Boot timing Drop the removal of boot* files from the output directory, since this interfers with the symlinks created by tools and there does not appear to be any such file from my brief testing. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Artem Lapkin <email2tema@gmail.com> Tested-by: Artem Lapkin <email2tema@gmail.com>
2021-10-31bootstage: Add SPL supportMarek Vasut
Allow usage of the bootstage facilities in SPL. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-26common: Kconfig.boot: add config SPL_FIT_RSASSA_PSSPhilippe Reynes
The padding pss is only supported on u-boot and tools since commit 2bbed3ff8c7f ("image: Use Kconfig to enable FIT_RSASSA_PSS on host") This commit adds the config SPL_FIT_RSASSA_PSS to support the padding pss in the SPL. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-08image: Remove some #ifdefs from image-fit and image-fit-sigSimon Glass
Drop the #ifdefs which are easy to remove without refactoring. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-16Merge tag 'v2021.10-rc4' into nextTom Rini
Prepare v2021.10-rc4 Signed-off-by: Tom Rini <trini@konsulko.com> # gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT # gpg: using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C # gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate] # Conflicts: # board/Arcturus/ucp1020/spl.c # cmd/mvebu/Kconfig # common/Kconfig.boot # common/image-fit.c # configs/UCP1020_defconfig # configs/sifive_unmatched_defconfig # drivers/pci/Kconfig # include/configs/UCP1020.h # include/configs/sifive-unmatched.h # lib/Makefile # scripts/config_whitelist.txt
2021-09-08image: Drop if/elseif hash selection in calculate_hash()Alexandru Gagniuc
calculate_hash() would try to select the appropriate hashing function by a if/elseif contruct. But that is exactly why hash_lookup_algo() exists, so use it instead. This does mean that we now have to 'select HASH' to make sure we get the hash_lookup_algo() symbol. However, the change makes sense because even basic FITs will have to deal with "hash" nodes. My only concern is that the 'select SPL_HASH' might cause some platform to grow above its SPL size allowance Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Make FSL_CAAM be implied only on ARM && SPL] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASHAlexandru Gagniuc
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for CHAIN_OF_TRUST to select SPL_HASH now. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08common: Remove unused CONFIG_FIT_SHAxxx selectorsAlexandru Gagniuc
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only for hash_calculate() in common/image-fit.c. However, since commit 14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"), the correct selector was changed to CONFIG_SHAxxx. The extra "_FIT_" variants are neither used, nor needed. Remove them. One defconfig disables FIT_SHA256, which is now changed to 'SHA256'. CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined references to "sha256_*()". bubt.c needs sha256, so this selection is correct. It is not clear why this problem did not manifest before. Note that SHA selection in SPL is broken for this exact reason. There is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of this change. Also note that we make CONFIG_FIT now imply SHA256, to make up for FIT_SHA256 previously being a default y option. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Add imply SHA256 to FIT] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31Kconfig: Remove all default n/no optionsMichal Simek
default n/no doesn't need to be specified. It is default option anyway. Signed-off-by: Michal Simek <michal.simek@xilinx.com> [trini: Rework FSP_USE_UPD portion] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31Convert CONFIG_RAMBOOT_PBL et al to KconfigTom Rini
This converts the following to Kconfig: CONFIG_RAMBOOT_PBL CONFIG_SYS_FSL_PBL_PBI CONFIG_SYS_FSL_PBL_RCW Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-16Kconfig: FIT_SIGNATURE should not select RSA_VERIFYAlexandru Gagniuc
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-07-28Rename SPL_CRYPTO_SUPPORT to SPL_CRYPTOSimon Glass
Rename this option so that CONFIG_IS_ENABLED can be used with it. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-23test: add first autoboot unit testsSteffen Jaeckel
This adds tests for the crypt-based and plain SHA256-based password hashing algorithms in the autoboot flow. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23common: add support to fallback to plain SHA256Steffen Jaeckel
In case crypt-based hashing is enabled this will be the default mechanism that is used. If a user wants to have support for both, the environment variable `bootstopusesha256` can be set to `true` to allow plain SHA256 based hashing of the password. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23common: add AUTOBOOT_FLUSH_STDIN optionSteffen Jaeckel
The key-sequence based unlock mechanisms are sensitive to junk symbols that could have been sent to stdin and are still waiting to be retrieved. Enabling this option will read all symbols off stdin before displaying the autoboot prompt (and starting to read the password from stdin). Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23common: allow disabling of timeout for password entrySteffen Jaeckel
In case a user has to enter a complicated password it is sometimes desireable to give the user more time than the default timeout. Enabling this feature will disable the timeout entirely in case the user presses the <Enter> key before entering any other character. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23common: integrate crypt-based passwordsSteffen Jaeckel
Hook into the autoboot flow as an alternative to the existing mechanisms. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-23Kconfig.boot: Make 0x0 the default SYS_TEXT_BASE for POSITION_INDEPENDENTTom Rini
When we build U-Boot with POSITION_INDEPENDENT we must have SYS_TEXT_BASE be set to zero. Make this the default in that case. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-07-16image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORTSimon Glass
Drop the ENABLE and SUPPORT parts of this, which are redundant. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16image: Shorten FIT_ENABLE_SHAxxx_SUPPORTSimon Glass
The ENABLE part of this name is redundant, since all boolean Kconfig options serve to enable something. The SUPPORT part is also redundant since Kconfigs can be assumed to enable support for something. Together they just serve to make these options overly long and inconsistent with other options. Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-05-28Revert "lib: introduce HASH_CALCULATE option"Alexandru Gagniuc
When we think of Kconfig, we usually think of features that we like to enable or not. Ideally, we wouldn't use Kconfig to fix a build issue, although sometimes it might make sense. With Kconfig it's hard to guarantee that the fix is universal. We can only say that it works for the set of tested configurations. In the majority of cases, it's preferable to let the linker figure things out for us. The reverted commit attempted to fix a build issue by adding an invisible Kconfig option. This is wrong in several ways: It invents a new Kconfig variable when CONFIG_HASH already exists for the same purpose. Second, hash-checksum.c makes use of the hash_progressive_lookup_algo() symbol, which is only provided with CONFIG_HASH, but this dependency was not expressed in the reverted patch. It feels like Kconfig is turning into a listing of all available source files, and a buffet to 'select' which ones to compile. The purpose of this revert is to enable the next change to make use of CONFIG_HASH instead of adding to Kconfig. This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-05-19riscv: Drop USE_SPL_FIT_GENERATORBin Meng
Now that we have switched to binman to generate u-boot.itb for all RISC-V boards, USE_SPL_FIT_GENERATOR is no longer needed and can be dropped. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-19common: kconfig: Correct a typo in SPL_LOAD_FITBin Meng
It should be FDT, not FTD. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Rick Chen <rick@andestech.com>
2021-05-18lib: introduce HASH_CALCULATE optionMasahisa Kojima
Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled. Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-14Kconfig: Document the limitations of the simple SPL_LOAD_FIT pathAlexandru Gagniuc
The "simple" SPL_LOAD_FIT path is the most compliant with the format documented in doc/uImage.FIT/source_file_format.txt. The other two paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command. Since the Kconfig menu is the most likely place for a new user to see these options, it seems like the most logical candidate to document the limitations. This documents the _known_ issues, and is not intended to be a complete list of all follies. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-08arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)Siew Chin Lim
Vendor Authorized Boot is a security feature for authenticating the images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and etc loaded from FIT. After those images are loaded from FIT, the VAB certificate and signature block appended at the end of each image are sent to Secure Device Manager (SDM) for authentication. U-Boot will validate the SHA384 of the image against the SHA384 hash stored in the VAB certificate before sending the image to SDM for authentication. Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
2021-03-03bootstage: Fix dependency for BOOTSTAGE_RECORD_COUNTSimon Glass
At present these three Kconfigs exist even when bootstage is not enabled. This is not necessary since bootstage.c is only built if BOOTSTAGE is enabled. Make them conditional. Also fix up the overflow message to mention TPL. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-02-24Kconfig: SPL_FIT_SIGNATURE requires SPL_LOAD_FITKlaus Heinrich Kiwi
Having the ability to support firmware FIT signatures on the SPL sounds not so useful if the SPL is not supporting to load a (U-boot) firmware as a FIT image. Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
2021-02-24Kconfig: SPL_FIT_SIGNATURE selects FIT_SIGNATUREKlaus Heinrich Kiwi
Selecting SPL_FIT_SIGNATURE (without selecting U-boot proper verified boot first) breaks the build due to CONFIG_FIT_SIGNATURE_MAX_SIZE being undefined, in addition to Kconfig warnings on RSA and IMAGE_SIGN_INFO unmet dependencies. Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
2021-02-15image: Add an option to do a full check of the FITSimon Glass
Some strange modifications of the FIT can introduce security risks. Add an option to check it thoroughly, using libfdt's fdt_check_full() function. Enable this by default if signature verification is enabled. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-01common: Kconfig.boot: Add FIT_PRINT config optionRavik Hasija
Config allows to disable printing contents of fitImage to optimize boottime. Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16Add optional salt to AUTOBOOT_STOP_STR_SHA256Joel Peshkin
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string followed by a ":" is prepended to the sha256, the portion to the left of the colon will be used as a salt and the password will be appended to the salt before the sha256 is computed and compared. Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> Cc: Simon Glass <sjg@chromium.org> Cc: Bin Meng <bmeng.cn@gmail.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Cc: Heiko Schocher <hs@denx.de> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Joel Peshkin <joel.peshkin@broadcom.com> To: u-boot@lists.denx.de Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
2020-12-04bootm: Support string substitution in bootargsSimon Glass
In some cases it is necessary to pass parameters to Linux so that it will boot correctly. For example, the rootdev parameter is often used to specify the root device. However the root device may change depending on whence U-Boot loads the kernel. At present it is necessary to build up the command line by adding device strings to it one by one. It is often more convenient to provide a template for bootargs, with U-Boot doing the substitution from other environment variables. Add a way to substitute strings in the bootargs variable. This allows things like "rootdev=${rootdev}" to be used in bootargs, with the ${rootdev} substitution providing the UUID of the root device. For example, to substitute the GUID of the kernel partition: setenv bootargs "console=/dev/ttyS0 rootdev=${uuid}/PARTNROFF=1 kern_guid=${uuid}" part uuid mmc 2:2 uuid bootm This is particularly useful when the command line from another place. For example, Chrome OS stores the command line next to the kernel itself. It depends on the kernel version being used as well as the hardware features, so it is extremely difficult to devise a U-Boot script that works on all boards and kernel versions. With this feature, the command line can be read from disk and used directly, with a few substitutions set up. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-11-06x86: Use CONFIG_CHROMEOS_VBOOT for verified bootSimon Glass
At present CONFIG_CHROMEOS is used to determine whether verified boot is in use. The code to implement that is not in U-Boot mainline. However, it is useful to be able to boot a Chromebook in developer mode in U-Boot mainline without needing the verified boot code. To allow this, use CONFIG_CHROMEOS_VBOOT to indicate that verified boot should be used, and CONFIG_CHROMEOS to indicate that the board supports Chrome OS. That allows us to define CONFIG_CHROMEOS on coral. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-10-22Remove default value of CONFIG_PREBOOT for CONFIG_USB_STORAGEPatrick Delaunay
Remove the default value "usb start" for CONFIG_USB_STORAGE as the USB storage boot initialization is correctly managed by distro boot command ('usb_boot' defined in include/config_distro_bootcmd.h already include the command 'usb start'). Fixes: 324d77998ed6 ("Define default CONFIG_PREBOOT with right config option") Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move DEFAULT_FDT_FILE under boot optionsSimon Glass
This relates to booting since it is the default devicetree provided to Linux. Move it under the 'boot options' menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move SUPPORT_RAW_INITRD under boot optionsSimon Glass
This relates to booting, so move it under the 'boot images' menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move misc boot options under 'boot options'Simon Glass
There are a number of miscellaneous boot images at the top level of the kconfig menu. Move these into the 'boot options' menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move CONFIG_BOOTDELAY under autoboot optionsSimon Glass
This option relates to autoboot, so move it there. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move autoboot options under boot optionsSimon Glass
At present the autoboot options are in cmd/Kconfig but they don't really relate to commands. They relate to booting, so move this menu under the boot menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move boot media under boot optionsSimon Glass
This relates to booting, so move it under the boot menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move boot timing under boot optionsSimon Glass
This relates to booting, so move it under the boot menu. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-09Kconfig: Move boot menu into common/Simon Glass
Most of the boot options are in common/Kconfig but that file is already extremely large. Create a new Kconfig.boot to hold the boot options. Signed-off-by: Simon Glass <sjg@chromium.org>