From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6DCFBC433F5 for ; Mon, 28 Feb 2022 14:17:22 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5A13D837B6; Mon, 28 Feb 2022 15:17:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="PJRsWkWC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F13A683BCC; Mon, 28 Feb 2022 15:17:17 +0100 (CET) Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 47261837B6 for ; Mon, 28 Feb 2022 15:17:04 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x234.google.com with SMTP id z7so13299810oid.4 for ; Mon, 28 Feb 2022 06:17:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=TAqJVgctKLoFdnPGi6CB1u0MwIAPlwIbZ7nRQpZ/XKI=; b=PJRsWkWCuNrGe30PNpUjg4QOLwcp1NpL3yGvelVftG0ginMuZEJJl4s/1mFvT1Gd5J tdq5g1xFQBp6qqjnLZDjxzfwdo6TPKSG5CXE81ChPvZR/CvDgLOGZ8ft/twz/WAJyabc Lze1skrwbgbV3DdPaIR/X3pzGhHn6OxhEd2rk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=TAqJVgctKLoFdnPGi6CB1u0MwIAPlwIbZ7nRQpZ/XKI=; b=qnZnRC5QuNujgblF2Ggv8tdSun0OY5PQy/mtETzWM00DJ8PKWCB4KXIaR1PvkPXQ+H IJk6O2xXiYGl+eo7VKF1FlX32y6ULSbcIoF16GGq/Ikc0/FCdkMXwUebp0dllBUtj8mj kwWod+hFc0xDIt41p3t48Z+xbEe4KCzff+VHCklP6FOC86psBCRbFxiffd+J0+JW4CNy e40T99s4+XIlhnRfG6uPddv8+opMT7unt5kLNzlAM96zrdr2djtrGsi4ShVIikFy5C5W zxc8iLx+dOQpg1i7uAZVqt06wOV4tBLQIyrsDiH9MY9LazNiFkekRFQx3QkwciUmp1AM SQIQ== X-Gm-Message-State: AOAM531PSRqsAc2dBDO/Zjip/eU5W/pEUuBMBtn2qlvrKOasWVp9FctJ +wywg0XJ98inkSGlphQiXZ/T/bpa0+zwDQ== X-Google-Smtp-Source: ABdhPJyV2WPaFfSYxu9U5LuVcz4eGzBSbZvxLxQBFXhllqAfI457RaZkDw4bvLjl+l1Fm+tk8wheuQ== X-Received: by 2002:aca:1816:0:b0:2cd:9d05:11a1 with SMTP id h22-20020aca1816000000b002cd9d0511a1mr10502303oih.56.1646057821889; Mon, 28 Feb 2022 06:17:01 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id y28-20020a4aea3c000000b0031c0cddfbf9sm4905966ood.20.2022.02.28.06.17.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 06:17:01 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Tom Rini , Simon Glass , Jerry Van Baren , Masahiro Yamada Subject: [PATCH v7 00/15] vpl: Introduce a verifying program loader Date: Mon, 28 Feb 2022 07:16:42 -0700 Message-Id: <20220228141657.1388834-1-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean U-Boot provides a verified-boot feature based around FIT, but there is no standard way of implementing it for a board. At present the various required pieces must be built up separately, to produce a working implementation. In particular, there is no built-in support for selecting A/B boot or recovery mode. This series introduces VPL, a verified program loader phase for U-Boot. Its purpose is to run the verified-boot process and decide which SPL binary should be run. It is critical that this decision happens before SPL runs, since SPL sets up SDRAM and we need to be able to update the SDRAM-init code in the field. Adding VPL into the boot flow provides a standard way of implementing verified boot. This series includes the phase itself, some useful Kconfig options and a sandbox_vpl build for sandbox. Most of the patches in this series are fixes and improvements to docs and various Kconfig conditions for SPL so can be applied separately if needed. The last four patches introduce VPL. Changes in v7: - Add new patch with a default for TPL_TEXT_BASE - Add new patch to correct the conditions for SPL - Add new patch to correct condition for SEPARATE_BSS - Add new patch to avoid looking for an appended device tree - Renumber the tests - Update for the patman library rename - Add a few more options - Rebase to master - Update some options based on settings in master Changes in v6: - Fix the missing SPDX tag on test/204... - Add docs for sandbox_vpl build - Drop TPL_HASH_SUPPORT patch since we only have SPL_HASH now Changes in v5: - Rebase this patch on mainline (for GPIO and MISC Kconfig renames) Changes in v4: - Add new patch to correct bloblist Kconfig dependencies - Add new patch to avoid building avb in SPL - Update spl_phase_prefix() for VPL - Tidy up some of the Makefile rules - Add options for blk, core, misc and tpl also - Add VPL_SIZE_LIMIT - Add a sandbox_vpl build - Update cover letter Changes in v3: - Move VPL Kconfig options to a separate patch - Add full build support for VPL - Add a VPL size check (Kconfig option in next patch) Changes in v2: - Add some more VPL Kconfig options Simon Glass (15): doc: Convert SPL documentation to ReST doc: Expand SPL docs to explain the phase and config test: Tidy up test building with SPL bloblist: Correct Kconfig dependencies avb: Don't build in SPL Makefile: Simplify devicetree rules for SPL/TPL Makefile: Tidy up the TPL build rules Add a default for TPL_TEXT_BASE disk: Correct the conditions for SPL fdt: Correct condition for SEPARATE_BSS fdt: sandbox: Avoid looking for an appended device tree binman: Add VPL support Introduce Verifying Program Loader (VPL) vpl: Add Kconfig options for VPL sandbox: Add a build for VPL Kconfig | 10 + Makefile | 28 ++- arch/sandbox/Kconfig | 8 + arch/sandbox/cpu/spl.c | 12 +- arch/sandbox/dts/sandbox.dtsi | 10 +- board/sandbox/MAINTAINERS | 7 + common/Kconfig | 71 +++++- common/Makefile | 2 +- common/spl/Kconfig | 235 ++++++++++++++++++- common/spl/spl.c | 25 +- configs/sandbox_vpl_defconfig | 251 +++++++++++++++++++++ disk/Makefile | 10 +- doc/arch/sandbox.rst | 13 ++ doc/develop/index.rst | 1 + doc/{README.SPL => develop/spl.rst} | 75 ++++-- drivers/Makefile | 2 + drivers/block/Kconfig | 12 + drivers/clk/Kconfig | 26 +++ drivers/core/Kconfig | 33 +++ drivers/core/Makefile | 2 +- drivers/gpio/Kconfig | 11 + drivers/i2c/Kconfig | 11 + drivers/misc/Kconfig | 28 +++ drivers/pinctrl/Kconfig | 18 +- drivers/rtc/Kconfig | 9 + drivers/serial/Kconfig | 20 ++ drivers/sysreset/Kconfig | 10 + drivers/timer/Kconfig | 10 + drivers/tpm/Kconfig | 30 +++ dts/Kconfig | 17 ++ include/bootstage.h | 2 + include/linux/kconfig.h | 3 + include/spl.h | 22 +- lib/Kconfig | 64 +++++- lib/fdtdec.c | 5 +- scripts/Kbuild.include | 4 + scripts/Makefile.autoconf | 12 + scripts/Makefile.build | 4 + scripts/Makefile.lib | 5 + scripts/Makefile.spl | 37 ++- tools/binman/etype/u_boot_vpl.py | 42 ++++ tools/binman/etype/u_boot_vpl_bss_pad.py | 44 ++++ tools/binman/etype/u_boot_vpl_dtb.py | 28 +++ tools/binman/etype/u_boot_vpl_expanded.py | 45 ++++ tools/binman/etype/u_boot_vpl_nodtb.py | 42 ++++ tools/binman/ftest.py | 109 +++++++-- tools/binman/state.py | 3 +- tools/binman/test/082_fdt_update_all.dts | 2 + tools/binman/test/225_u_boot_vpl.dts | 11 + tools/binman/test/226_u_boot_vpl_nodtb.dts | 13 ++ tools/binman/test/227_fdt_incl_vpl.dts | 13 ++ tools/binman/test/228_vpl_bss_pad.dts | 19 ++ 52 files changed, 1441 insertions(+), 85 deletions(-) create mode 100644 configs/sandbox_vpl_defconfig rename doc/{README.SPL => develop/spl.rst} (68%) create mode 100644 tools/binman/etype/u_boot_vpl.py create mode 100644 tools/binman/etype/u_boot_vpl_bss_pad.py create mode 100644 tools/binman/etype/u_boot_vpl_dtb.py create mode 100644 tools/binman/etype/u_boot_vpl_expanded.py create mode 100644 tools/binman/etype/u_boot_vpl_nodtb.py create mode 100644 tools/binman/test/225_u_boot_vpl.dts create mode 100644 tools/binman/test/226_u_boot_vpl_nodtb.dts create mode 100644 tools/binman/test/227_fdt_incl_vpl.dts create mode 100644 tools/binman/test/228_vpl_bss_pad.dts -- 2.35.1.574.g5d30c73bfb-goog