We don't have an explicit indication of whether the root disk is
encrypted or not. For now, try to detect it and set the flag if
found.
Series-to: concept
Cover-letter:
Continue TKey development
This series adds the ability to provide a user-supplied secret to the
TKey and use that to obtain a disk-encryption key.
Expo is enhanced to support password entry and bootflows can now record
whether the root disk is encrypted or not.
Further work will enable the TKey in the UI and actually unlock an
encrypted disk.
END
Signed-off-by: Simon Glass <simon.glass@canonical.com>
We don't support storing the OS on an encrypted partition, but in some
cases the root partition may be encrypted. Add an indication of this
when listing the bootflows.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The header and the extlinux image on mmc1 appear in several tests. Add
a shared constant for this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
It is sometimes useful to use a real TKey even when running with the
test devicetree. Put it first, so it becomes the default. Update tests
to select the emulator explicitly.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Enhance the 'tkey connect' command to allow the device name to be
specified. This will be useful in tests.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
With driver model, -ENODEV has a specific meaning, i.e. there is no
device. Return -EIO instead, since the device actually does exist in
driver model, even if it is not currently connected.
Remove a few error messages which we are here.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Rather than Blake2b, use SHA256 to obtain the disk-encryption key based
on the key material provided by the TKey. This matches the upcoming
disk-encryption test.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The tests need to reset the emulated TKey and put it into a known state.
Add a few more functions to help with this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
One useful feature a the TKey is the ability to set up its app with an
key modified by a user-supplied secret. Add support for this.
Take this opportunity to make the API more expo-friendly by allowing
loading of the TKey to take place iteratively. The TKey runs fairly
slowly (about 60Kbaud) and loading an app takes 6 seconds or so.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide some plat data which tracks whether the emulated tkey is
connected or not, to allow testing of re-inserting a tkey to reset the
passphrase.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Currently textlines only support text entry when with popup expos. In
some cases we want to have menu items to support this, e.g. to enter a
passphrase to unlock an encrypted disk.
Add the missing logic.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide fields to show that a disk is locked and allow the user to
enter a passphrase to unlock it.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Some fields may have sensitive information. Allow it to be obscured
during entry, in case someone is watching the display nearby.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In tests it is useful to fake a mouse click to check that expo handles
it correctly. Create a function for this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The code for obtaining a bootcmd from the host when running until QEMU
is currently x86-specific. In fact it can be supported on other
architecture.
Move it into a common place and update the documentation.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update AES function signatures to use const pointers for parameters that
are not modified. This improves type safety and makes it easier to see
which parameters are read-only.
Fix the Nuvoton npcm_ae driver as well since it implements the API.
Really that should be handled by a driver, but leave that for now.
Functions updated:
- aes_expand_key(): key parameter
- aes_encrypt(): in and expkey parameters
- aes_decrypt(): in and expkey parameters
- aes_apply_cbc_chain_data(): cbc_chain_data and src parameters
- aes_cbc_encrypt_blocks(): key_exp, iv, and src parameters
- aes_cbc_decrypt_blocks(): key_exp, iv, and src parameters
- add_round_key(): key parameter (internal)
- debug_print_vector(): data parameter (internal)
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Convert all __u8, __u16, and __u32 types to their u8, u16, u32
equivalents throughout the FAT filesystem code.
Series-to: u-boot
Series-cc: heinrich
Cover-letter:
fat: Some code improvements
This is an attempt to improve the structure of the FAT code, since it
doesn't fully follow the U-Boot conventions:
- fat_write.c includes fat.c which is odd
- use of __u32 and its ilk
- use of typedef
- old-style struct comments
This series resolves these problems, making it easier to take on other
improvements in future.
END
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add kernel-doc comments to structs and public functions in fat.h so that
it is easier to understand the code.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Convert the struct fat_itr documentation from the older style with
separate @field comments to the standard kernel-doc style where field
descriptions are listed in the header comment block.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Currently fat_write.c includes fat.c directly, which is unusual and
makes the code harder to maintain. Use the internal header file to hold
shared functions, to avoid this.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
As a first step towards separating fat.c from fat_write.c, create a
header file for the definitions.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Since expo now runs with no delays it can trigger the watchdog on
sandbox. Add a call to schedule() to avoid this.
Series-to: concept
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: 0b1b9f90177b7b2e682d57f3df20cf3cdb453517
Series-links: 1:60
The embedded dtb cannot currently be found with ulib, likely due to the
symbols being dropped when building. Add them explicitly into the linker
scripts.
Series-to: concept
Cover-letter:
ulib: Various improvements (part A)
This series collects together a large number of minor improvements to
the U-Boot library (ulib):
- Allow use of ulib with relocating board
- Add support for qemu-x86 (32-bit only so far)
- Supress startup-output with non-EFI builds
- Reserve space for the efi_priv struct before relocation
- A few minor build tweaks
- support custom firmware in build-efi
END
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running as an EFI app we should set the ulib flag early so as to
avoid printing unwanted output on start. Add a parameter to
efi_startup() to control whether ulib is used.
Drop the starting message in this case.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a 'verbose' argument to efi_init() so that the init messages can be
suppressed if desired.
For now, keep them as they are.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a 'verbose' argument to setup_memory() so that the memory messages
can be suppressed if desired.
For now, keep them as they are.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Shared libraries are only meaningful for sandbox builds that run on the
host system. For bare-metal targets like x86, only the static library
(libu-boot.a) makes sense.
Make CONFIG_ULIB_SHARED_LIB depend on SANDBOX to avoid link errors about
missing C-runtime files.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
For boards where ulib starts first we need to jump to the main program
afterwards. Add the logic for this.
Drop the noreturn attribute from board_init_r() and board_init_f_r to
avoid needing #ifdef in the C file.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In the case where this is provided by a Rust main program we don't want
to include it. Add the logic to remove it.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Use the EVT_RESERVE_BOARD event handler to allocate the efi_priv struct
in the normal memory area. This avoids the caller needing to keep it on
the stack.
Copy the struct to the new place and start using it there.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In some cases this function may be provided outside the library, e.g. by
a Rust main program. Add a Kconfig to control this and refactor the code
so that it is optional.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a new EVT_RESERVE_BOARD event that is triggered immediately after
the reserve_board() initcall completes during pre-relocation init. This
allows board or application code to reserve additional memory before
other reservations (global_data, fdt, etc).
The event is placed after EVT_FSP_INIT_F in the event enumeration and
is triggered in board_f.c right after the reserve_board initcall.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
At present events pass data only in one directory, to the spy. Add a new
event_notify_resp() function which can return data from the spy. Mark
the existing function as having const data.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide a way to set the GD_FLG_ULIB flag early in boot. This is needed
where the main program cannot run first, such as where there is a
complex boot process still written in C.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
At present it isn't possible for ulib to call a function outside the
library, since it produces a link error.
Relax this contraint, so we can call a main() function provided by the
main program.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running as a library, don't show the board information, to avoid
printing output before the main program starts.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running as a library, don't show the CPU information, to avoid
printing output before the main program starts.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running as a library, don't show the CPU information, to avoid
printing output before the main program starts.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The MMC and network subsystems must be present to use device paths for
them. Add the missing checks.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add support for using ulib with this board, as an example of using ulib
outside the existing sandbox and EFI options.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Even if CONFIG_ULIB is enabled it may not actually be in use. If not,
we still need the EFI-runtime relocation to happen. Adjust the condition
in efi_runtime_relocate() to fix this.
For static linking with ulib examples, provide weak symbol definitions
for __efi_runtime_rel_start and __efi_runtime_rel_stop. These symbols
are normally defined in linker scripts but need fallback definitions
when linking statically against libu-boot.a.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The ROM is close to its limit and any main program using ulib will
overflow it. Expand the ROM size to 2MB.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
