Consolidate build and coding documentation into CLAUDE.md and
remove the redundant .claude/README.md file.
Mention the use of the Co-developed-by tag and how to run tests.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a -t option to the 'luks unlock' command to allow a TKey to be used
to unlock a disk. The password is used as the user-supplied secret (USS)
in this case.
Series-to: concept
Cover-letter:
luks: Integrate support for a TKey
This series illustrates how to use a Tillitis TKey to unlock an
encrypted disk. This has the advantage that the key depends on a
physical key in the user's posession as well as the usual passphrase.
The TKey handles the key derivation, so this series includes logic to
skip that step when a TKey is used.
The 'luks unlock' command provides a -t flag to use a TKey.
It also provides a small pytest fix to ease conflicts with Labgrid
integration.
END
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Series-links: 1:63
This algorithm can use a lot of memory, so add a check for this condition
and return the correct error.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update luks_unlock() to support a pre-derived key, such as that obtained
from a TKey. This must match the key_size of the LUKS partition,
otherwise it will fail to unlock.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In some cases we may wish to provide a pre-derived key, e.g. obtained
from a TKey. Provide an option for this with LUKSv2. For now it is not
exported.
Improve the error-return documentation while we are here.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In some cases we may wish to provide a pre-derived key, e.g. obtained
from a TKey. Provide an option for this with LUKSv1. For now it is not
exported.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move the LUKSv1-specific unlock logic from luks_unlock() into a new
unlock_luks1() function, lining up with the structure used for LUKSv2.
Also update unlock_luks1() to use a local key_size variable and only
set the output parameter on success.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move the derive_key_pbkdf2() call from inside try_keyslot() to the
caller, luks_unlock()
With this change luks_unlock() deals with key derivation and
try_keyslot() only handles the decryption part, using a supplied
derived key.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Create a new derive_key_pbkdf2() function to handle key derivation, to
allow this be called from other places and to reduce the size of
try_keyslot()
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update luks_unlock() to accept a binary passphrase, to match the LUKS2
implementation.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update unlock_luks2() and related functions to accept a binary
passphrase instead of a string passphrase. This will allow unlocking
using hashed data.
For now this is internal to the luks implementation.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In preparation for supporting unlock using binary data, update
try_keyslot() to accept an array of bytes instead of a string.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Name the derived key as such to avoid confusion. Fix a typo in nearby
log_debug() statement.
Update essiv_decrypt() to have a const * for its first argument.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Both luks.c and luks2.c have similar implementations of essiv_decrypt().
Drop the version in the later to reduce code duplication.
Drop the duplicate function comments while we are here, since exported
functions should have the information in the header file.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When Labgrid is installed as an editable package (pip install -e),
pytest automatically loads it as a plugin. This can interfere with
U-Boot's test suite.
Disable automatic loading of the Labgrid pytest plugin to prevent
conflicts.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
We don't have an explicit indication of whether the root disk is
encrypted or not. For now, try to detect it and set the flag if
found.
Series-to: concept
Cover-letter:
Continue TKey development
This series adds the ability to provide a user-supplied secret to the
TKey and use that to obtain a disk-encryption key.
Expo is enhanced to support password entry and bootflows can now record
whether the root disk is encrypted or not.
Further work will enable the TKey in the UI and actually unlock an
encrypted disk.
END
Signed-off-by: Simon Glass <simon.glass@canonical.com>
We don't support storing the OS on an encrypted partition, but in some
cases the root partition may be encrypted. Add an indication of this
when listing the bootflows.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The header and the extlinux image on mmc1 appear in several tests. Add
a shared constant for this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
It is sometimes useful to use a real TKey even when running with the
test devicetree. Put it first, so it becomes the default. Update tests
to select the emulator explicitly.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Enhance the 'tkey connect' command to allow the device name to be
specified. This will be useful in tests.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
With driver model, -ENODEV has a specific meaning, i.e. there is no
device. Return -EIO instead, since the device actually does exist in
driver model, even if it is not currently connected.
Remove a few error messages which we are here.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Rather than Blake2b, use SHA256 to obtain the disk-encryption key based
on the key material provided by the TKey. This matches the upcoming
disk-encryption test.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The tests need to reset the emulated TKey and put it into a known state.
Add a few more functions to help with this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
One useful feature a the TKey is the ability to set up its app with an
key modified by a user-supplied secret. Add support for this.
Take this opportunity to make the API more expo-friendly by allowing
loading of the TKey to take place iteratively. The TKey runs fairly
slowly (about 60Kbaud) and loading an app takes 6 seconds or so.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide some plat data which tracks whether the emulated tkey is
connected or not, to allow testing of re-inserting a tkey to reset the
passphrase.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Currently textlines only support text entry when with popup expos. In
some cases we want to have menu items to support this, e.g. to enter a
passphrase to unlock an encrypted disk.
Add the missing logic.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide fields to show that a disk is locked and allow the user to
enter a passphrase to unlock it.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Some fields may have sensitive information. Allow it to be obscured
during entry, in case someone is watching the display nearby.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In tests it is useful to fake a mouse click to check that expo handles
it correctly. Create a function for this.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
The code for obtaining a bootcmd from the host when running until QEMU
is currently x86-specific. In fact it can be supported on other
architecture.
Move it into a common place and update the documentation.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update AES function signatures to use const pointers for parameters that
are not modified. This improves type safety and makes it easier to see
which parameters are read-only.
Fix the Nuvoton npcm_ae driver as well since it implements the API.
Really that should be handled by a driver, but leave that for now.
Functions updated:
- aes_expand_key(): key parameter
- aes_encrypt(): in and expkey parameters
- aes_decrypt(): in and expkey parameters
- aes_apply_cbc_chain_data(): cbc_chain_data and src parameters
- aes_cbc_encrypt_blocks(): key_exp, iv, and src parameters
- aes_cbc_decrypt_blocks(): key_exp, iv, and src parameters
- add_round_key(): key parameter (internal)
- debug_print_vector(): data parameter (internal)
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Convert all __u8, __u16, and __u32 types to their u8, u16, u32
equivalents throughout the FAT filesystem code.
Series-to: u-boot
Series-cc: heinrich
Cover-letter:
fat: Some code improvements
This is an attempt to improve the structure of the FAT code, since it
doesn't fully follow the U-Boot conventions:
- fat_write.c includes fat.c which is odd
- use of __u32 and its ilk
- use of typedef
- old-style struct comments
This series resolves these problems, making it easier to take on other
improvements in future.
END
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add kernel-doc comments to structs and public functions in fat.h so that
it is easier to understand the code.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Convert the struct fat_itr documentation from the older style with
separate @field comments to the standard kernel-doc style where field
descriptions are listed in the header comment block.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Currently fat_write.c includes fat.c directly, which is unusual and
makes the code harder to maintain. Use the internal header file to hold
shared functions, to avoid this.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
As a first step towards separating fat.c from fat_write.c, create a
header file for the definitions.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Since expo now runs with no delays it can trigger the watchdog on
sandbox. Add a call to schedule() to avoid this.
Series-to: concept
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: 0b1b9f90177b7b2e682d57f3df20cf3cdb453517
Series-links: 1:60
The embedded dtb cannot currently be found with ulib, likely due to the
symbols being dropped when building. Add them explicitly into the linker
scripts.
Series-to: concept
Cover-letter:
ulib: Various improvements (part A)
This series collects together a large number of minor improvements to
the U-Boot library (ulib):
- Allow use of ulib with relocating board
- Add support for qemu-x86 (32-bit only so far)
- Supress startup-output with non-EFI builds
- Reserve space for the efi_priv struct before relocation
- A few minor build tweaks
- support custom firmware in build-efi
END
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running as an EFI app we should set the ulib flag early so as to
avoid printing unwanted output on start. Add a parameter to
efi_startup() to control whether ulib is used.
Drop the starting message in this case.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a 'verbose' argument to efi_init() so that the init messages can be
suppressed if desired.
For now, keep them as they are.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a 'verbose' argument to setup_memory() so that the memory messages
can be suppressed if desired.
For now, keep them as they are.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Shared libraries are only meaningful for sandbox builds that run on the
host system. For bare-metal targets like x86, only the static library
(libu-boot.a) makes sense.
Make CONFIG_ULIB_SHARED_LIB depend on SANDBOX to avoid link errors about
missing C-runtime files.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
