[PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT

[PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT

[Andrew Davis]

This matches what this support is called in the non-SPL case. The postfix
_SUPPORT is redundant as enabling Kconfig options implies support.
With this we can use CONFIG_IS_ENABLED() as needed.

Signed-off-by: Andrew Davis <afd@ti.com>
---
 common/spl/Kconfig                          | 6 +++---
 common/spl/Makefile                         | 2 +-
 common/spl/spl_nor.c                        | 2 +-
 configs/axm_defconfig                       | 2 +-
 configs/imx8mm_data_modul_edm_sbc_defconfig | 2 +-
 configs/imx8mn_evk_defconfig                | 2 +-
 configs/kontron-sl-mx6ul_defconfig          | 2 +-
 configs/mx6sabreauto_defconfig              | 2 +-
 configs/mx6sabresd_defconfig                | 2 +-
 configs/openpiton_riscv64_spl_defconfig     | 2 +-
 configs/stm32mp15_dhcom_basic_defconfig     | 2 +-
 configs/stm32mp15_dhcor_basic_defconfig     | 2 +-
 configs/taurus_defconfig                    | 2 +-
 13 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 84f2847c72..43485af468 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -225,7 +225,7 @@ config SPL_RAW_IMAGE_SUPPORT
 	  is y. If this is not set, SPL will move on to other available
 	  boot media to find a suitable image.
 
-config SPL_LEGACY_IMAGE_SUPPORT
+config SPL_LEGACY_IMAGE_FORMAT
 	bool "Support SPL loading and booting of Legacy images"
 	default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
 	help
@@ -235,7 +235,7 @@ config SPL_LEGACY_IMAGE_SUPPORT
 
 config SPL_LEGACY_IMAGE_CRC_CHECK
 	bool "Check CRC of Legacy images"
-	depends on SPL_LEGACY_IMAGE_SUPPORT
+	depends on SPL_LEGACY_IMAGE_FORMAT
 	select SPL_CRC32
 	help
 	  Enable this to check the CRC of Legacy images. While this increases
@@ -451,7 +451,7 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION
 
 config SPL_CRC32
 	bool "Support CRC32"
-	default y if SPL_LEGACY_IMAGE_SUPPORT || SPL_EFI_PARTITION
+	default y if SPL_LEGACY_IMAGE_FORMAT || SPL_EFI_PARTITION
 	default y if SPL_ENV_SUPPORT || TPL_BLOBLIST
 	help
 	  Enable this to support CRC32 in uImages or FIT images within SPL.
diff --git a/common/spl/Makefile b/common/spl/Makefile
index e71e7bee66..13db3df993 100644
--- a/common/spl/Makefile
+++ b/common/spl/Makefile
@@ -10,7 +10,7 @@ ifdef CONFIG_SPL_BUILD
 obj-$(CONFIG_$(SPL_TPL_)FRAMEWORK) += spl.o
 obj-$(CONFIG_$(SPL_TPL_)BOOTROM_SUPPORT) += spl_bootrom.o
 obj-$(CONFIG_$(SPL_TPL_)LOAD_FIT) += spl_fit.o
-obj-$(CONFIG_$(SPL_TPL_)LEGACY_IMAGE_SUPPORT) += spl_legacy.o
+obj-$(CONFIG_$(SPL_TPL_)LEGACY_IMAGE_FORMAT) += spl_legacy.o
 obj-$(CONFIG_$(SPL_TPL_)NOR_SUPPORT) += spl_nor.o
 obj-$(CONFIG_$(SPL_TPL_)XIP_SUPPORT) += spl_xip.o
 obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += spl_ymodem.o
diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c
index 0f4fff8493..067a2d42bb 100644
--- a/common/spl/spl_nor.c
+++ b/common/spl/spl_nor.c
@@ -110,7 +110,7 @@ static int spl_nor_load_image(struct spl_image_info *spl_image,
 	}
 
 	/* Legacy image handling */
-	if (IS_ENABLED(CONFIG_SPL_LEGACY_IMAGE_SUPPORT)) {
+	if (IS_ENABLED(CONFIG_SPL_LEGACY_IMAGE_FORMAT)) {
 		load.bl_len = 1;
 		load.read = spl_nor_load_read;
 		return spl_load_legacy_img(spl_image, bootdev, &load,
diff --git a/configs/axm_defconfig b/configs/axm_defconfig
index 457bf76bd4..89b9f9faea 100644
--- a/configs/axm_defconfig
+++ b/configs/axm_defconfig
@@ -35,7 +35,7 @@ CONFIG_USE_BOOTCOMMAND=y
 CONFIG_BOOTCOMMAND="run flash_self"
 # CONFIG_DISPLAY_BOARDINFO is not set
 CONFIG_BOARD_EARLY_INIT_F=y
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 CONFIG_SPL_CRC32=y
 CONFIG_SPL_NAND_SUPPORT=y
diff --git a/configs/imx8mm_data_modul_edm_sbc_defconfig b/configs/imx8mm_data_modul_edm_sbc_defconfig
index afc8c43ca9..edceb18201 100644
--- a/configs/imx8mm_data_modul_edm_sbc_defconfig
+++ b/configs/imx8mm_data_modul_edm_sbc_defconfig
@@ -42,7 +42,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
 CONFIG_ARCH_MISC_INIT=y
 CONFIG_BOARD_LATE_INIT=y
 # CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x300
diff --git a/configs/imx8mn_evk_defconfig b/configs/imx8mn_evk_defconfig
index 22fad70c5d..c18c19fa14 100644
--- a/configs/imx8mn_evk_defconfig
+++ b/configs/imx8mn_evk_defconfig
@@ -29,7 +29,7 @@ CONFIG_BOARD_LATE_INIT=y
 CONFIG_SPL_BOARD_INIT=y
 CONFIG_SPL_BOOTROM_SUPPORT=y
 # CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x300
diff --git a/configs/kontron-sl-mx6ul_defconfig b/configs/kontron-sl-mx6ul_defconfig
index a59dacf27b..11e4e956c8 100644
--- a/configs/kontron-sl-mx6ul_defconfig
+++ b/configs/kontron-sl-mx6ul_defconfig
@@ -26,7 +26,7 @@ CONFIG_OF_BOARD_SETUP=y
 CONFIG_SYS_CONSOLE_IS_IN_ENV=y
 CONFIG_BOARD_TYPES=y
 CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
 CONFIG_SPL_USB_HOST=y
 CONFIG_SPL_USB_GADGET=y
diff --git a/configs/mx6sabreauto_defconfig b/configs/mx6sabreauto_defconfig
index 0c7aaa6a20..053026daa3 100644
--- a/configs/mx6sabreauto_defconfig
+++ b/configs/mx6sabreauto_defconfig
@@ -32,7 +32,7 @@ CONFIG_BOOTCOMMAND="run findfdt;mmc dev ${mmcdev};if mmc rescan; then if run loa
 # CONFIG_CONSOLE_MUX is not set
 CONFIG_SYS_CONSOLE_IS_IN_ENV=y
 CONFIG_SYS_CONSOLE_OVERWRITE_ROUTINE=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SPL_FIT_IMAGE_TINY=y
 CONFIG_SPL_FS_EXT4=y
 CONFIG_SPL_I2C=y
diff --git a/configs/mx6sabresd_defconfig b/configs/mx6sabresd_defconfig
index c8d9ebdc64..674384c878 100644
--- a/configs/mx6sabresd_defconfig
+++ b/configs/mx6sabresd_defconfig
@@ -31,7 +31,7 @@ CONFIG_BOOTCOMMAND="run findfdt;mmc dev ${mmcdev};if mmc rescan; then if run loa
 # CONFIG_CONSOLE_MUX is not set
 CONFIG_SYS_CONSOLE_IS_IN_ENV=y
 CONFIG_SYS_CONSOLE_OVERWRITE_ROUTINE=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SPL_FIT_IMAGE_TINY=y
 CONFIG_SPL_USB_HOST=y
 CONFIG_SPL_USB_GADGET=y
diff --git a/configs/openpiton_riscv64_spl_defconfig b/configs/openpiton_riscv64_spl_defconfig
index cbcbe42caf..8a7e3ccf3d 100644
--- a/configs/openpiton_riscv64_spl_defconfig
+++ b/configs/openpiton_riscv64_spl_defconfig
@@ -20,7 +20,7 @@ CONFIG_ENV_VARS_UBOOT_CONFIG=y
 # CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
 CONFIG_USE_BOOTCOMMAND=y
 CONFIG_BOOTCOMMAND="fdt addr ${fdtcontroladdr}; fdt move ${fdtcontroladdr} ${fdt_addr_r}; load mmc ${mmcdev}:${mmcpart} ${kernel_addr_r} ${image}; booti ${kernel_addr_r} - ${fdt_addr_r}; "
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 # CONFIG_SPL_BANNER_PRINT is not set
 CONFIG_SPL_CPU=y
diff --git a/configs/stm32mp15_dhcom_basic_defconfig b/configs/stm32mp15_dhcom_basic_defconfig
index ec955eae20..2dfeaacf5f 100644
--- a/configs/stm32mp15_dhcom_basic_defconfig
+++ b/configs/stm32mp15_dhcom_basic_defconfig
@@ -25,7 +25,7 @@ CONFIG_BOOTDELAY=1
 CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
 CONFIG_CONSOLE_MUX=y
 CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3
 CONFIG_SPL_ENV_SUPPORT=y
diff --git a/configs/stm32mp15_dhcor_basic_defconfig b/configs/stm32mp15_dhcor_basic_defconfig
index 387e068155..373ead834d 100644
--- a/configs/stm32mp15_dhcor_basic_defconfig
+++ b/configs/stm32mp15_dhcor_basic_defconfig
@@ -23,7 +23,7 @@ CONFIG_BOOTDELAY=1
 CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
 CONFIG_CONSOLE_MUX=y
 CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3
 CONFIG_SPL_ENV_SUPPORT=y
diff --git a/configs/taurus_defconfig b/configs/taurus_defconfig
index c24b4488a7..e6bef6c974 100644
--- a/configs/taurus_defconfig
+++ b/configs/taurus_defconfig
@@ -39,7 +39,7 @@ CONFIG_USE_BOOTCOMMAND=y
 CONFIG_BOOTCOMMAND="nand read 0x22000000 0x200000 0x300000; bootm"
 # CONFIG_DISPLAY_BOARDINFO is not set
 CONFIG_BOARD_EARLY_INIT_F=y
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 CONFIG_SPL_CRC32=y
 CONFIG_SPL_NAND_SUPPORT=y
-- 
2.36.0

[PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices

[Andrew Davis]

Booting of non-FIT images bypass our chain-of-trust boot flow,
these options should not be allowed when high security is set.

Signed-off-by: Andrew Davis <afd@ti.com>
---
 common/spl/Kconfig | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 43485af468..50ff113cab 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -219,7 +219,8 @@ config SPL_BOOTCOUNT_LIMIT
 config SPL_RAW_IMAGE_SUPPORT
 	bool "Support SPL loading and booting of RAW images"
 	default n if (ARCH_MX6 && (SPL_MMC || SPL_SATA))
-	default y if !TI_SECURE_DEVICE
+	default y
+	depends on !TI_SECURE_DEVICE
 	help
 	  SPL will support loading and booting a RAW image when this option
 	  is y. If this is not set, SPL will move on to other available
@@ -227,7 +228,8 @@ config SPL_RAW_IMAGE_SUPPORT
 
 config SPL_LEGACY_IMAGE_FORMAT
 	bool "Support SPL loading and booting of Legacy images"
-	default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
+	default y if !SPL_LOAD_FIT
+	depends on !TI_SECURE_DEVICE
 	help
 	  SPL will support loading and booting Legacy images when this option
 	  is y. If this is not set, SPL will move on to other available
-- 
2.36.0

[PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices

[Andrew Davis]

Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.

Signed-off-by: Andrew Davis <afd@ti.com>
---
 boot/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boot/Kconfig b/boot/Kconfig
index 4b0802b8c6..9780473190 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -405,7 +405,7 @@ endif
 
 config LEGACY_IMAGE_FORMAT
 	bool "Enable support for the legacy image format"
-	default y if !FIT_SIGNATURE
+	default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE
 	help
 	  This option enables the legacy image format. It is enabled by
 	  default for backward compatibility, unless FIT_SIGNATURE is
-- 
2.36.0

[PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices

[Andrew Davis]

TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.

Signed-off-by: Andrew Davis <afd@ti.com>
---
 boot/Kconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/boot/Kconfig b/boot/Kconfig
index 9780473190..dff4d23b88 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -123,6 +123,7 @@ config FIT_BEST_MATCH
 config FIT_IMAGE_POST_PROCESS
 	bool "Enable post-processing of FIT artifacts after loading by U-Boot"
 	depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH
+	default y if TI_SECURE_DEVICE
 	help
 	  Allows doing any sort of manipulation to blobs after they got extracted
 	  from FIT images like stripping off headers or modifying the size of the
@@ -254,6 +255,7 @@ config SPL_LOAD_FIT_FULL
 config SPL_FIT_IMAGE_POST_PROCESS
 	bool "Enable post-processing of FIT artifacts after loading by the SPL"
 	depends on SPL_LOAD_FIT
+	default y if TI_SECURE_DEVICE
 	help
 	  Allows doing any sort of manipulation to blobs after they got extracted
 	  from the U-Boot FIT image like stripping off headers or modifying the
-- 
2.36.0

Re: [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

On Wed, May 04, 2022 at 03:52:25PM -0500, Andrew Davis wrote:

> This matches what this support is called in the non-SPL case. The postfix
> _SUPPORT is redundant as enabling Kconfig options implies support.
> With this we can use CONFIG_IS_ENABLED() as needed.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 303 bytes --]

On Wed, May 04, 2022 at 03:52:26PM -0500, Andrew Davis wrote:

> Booting of non-FIT images bypass our chain-of-trust boot flow,
> these options should not be allowed when high security is set.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 333 bytes --]

On Wed, May 04, 2022 at 03:52:27PM -0500, Andrew Davis wrote:

> Non-FIT image loading support should be disabled for TI secure
> devices as the image handlers for those image types do not follow
> our secure boot checks.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

On Wed, May 04, 2022 at 03:52:28PM -0500, Andrew Davis wrote:

> TI secure devices chain-of-trust depends on FIT image processing,
> enable it by default on these devices. This also reduces the delta
> between the secure and non-secure defconfig files.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 410 bytes --]

On Wed, May 04, 2022 at 03:52:25PM -0500, Andrew Davis wrote:

> This matches what this support is called in the non-SPL case. The postfix
> _SUPPORT is redundant as enabling Kconfig options implies support.
> With this we can use CONFIG_IS_ENABLED() as needed.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 340 bytes --]

On Wed, May 04, 2022 at 03:52:26PM -0500, Andrew Davis wrote:

> Booting of non-FIT images bypass our chain-of-trust boot flow,
> these options should not be allowed when high security is set.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 370 bytes --]

On Wed, May 04, 2022 at 03:52:27PM -0500, Andrew Davis wrote:

> Non-FIT image loading support should be disabled for TI secure
> devices as the image handlers for those image types do not follow
> our secure boot checks.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 401 bytes --]

On Wed, May 04, 2022 at 03:52:28PM -0500, Andrew Davis wrote:

> TI secure devices chain-of-trust depends on FIT image processing,
> enable it by default on these devices. This also reduces the delta
> between the secure and non-secure defconfig files.
> 
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]