Update to internal 0.43

Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>

9 files changed, 137 insertions, 219 deletions

diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0004-AST2600-Adjust-default-GPIO-settings.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0004-AST2600-Adjust-default-GPIO-settings.patch
index 4e6ebb5ad..60929ccb0 100644
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0004-AST2600-Adjust-default-GPIO-settings.patch
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0004-AST2600-Adjust-default-GPIO-settings.patch
@@ -1,24 +1,24 @@
-From 122fa6153479d026a06c27512f3c7024a1515c63 Mon Sep 17 00:00:00 2001
+From a7c85034b4a0a7e061930f27a6ec561d23d97cc6 Mon Sep 17 00:00:00 2001
 From: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
 Date: Fri, 3 Jan 2020 15:14:09 -0800
 Subject: [PATCH] AST2600: Adjust default GPIO settings
 
 - Disabled GPIOC3 to prevent unexpected host failures.
-- Fixed GPIOC5, GPIOD4, GPIOG6, GPIOI0~7 and GPIOL6~7 directions and
-  default values.
+- Fixed GPIOC5, GPIOD4, GPIOG6, GPIOI0~7, GPIOL6~7 and GPIO_S3
+  directions and default values.
 - Disabled internal pull-down of GPIOB6.
 - Disabled HBLED.
 
 Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
 ---
- board/aspeed/ast2600_intel/intel.c | 65 ++++++++++++++++++++++++++++++
- 1 file changed, 65 insertions(+)
+ board/aspeed/ast2600_intel/intel.c | 74 ++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
 
 diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c
-index d1ac8651ac6c..7c9e78f8c005 100644
+index d1ac8651ac6c..14a20b27e178 100644
 --- a/board/aspeed/ast2600_intel/intel.c
 +++ b/board/aspeed/ast2600_intel/intel.c
-@@ -162,6 +162,69 @@ static void sgpio_init(void)
+@@ -162,6 +162,78 @@ static void sgpio_init(void)
  	       SCU_BASE | SCU_414);
  }
  
@@ -31,6 +31,8 @@ index d1ac8651ac6c..7c9e78f8c005 100644
 +#define GPIO_024		0x024 /* GPIO E/F/G/H Direction */
 +#define GPIO_070		0x070 /* GPIO I/J/K/L Value */
 +#define GPIO_074		0x074 /* GPIO I/J/K/L Direction */
++#define GPIO_080		0x080 /* GPIO Q/R/S/T Value */
++#define GPIO_084		0x084 /* GPIO Q/R/S/T Direction */
 +
 +static void set_gpio_default_state(void)
 +{
@@ -83,12 +85,19 @@ index d1ac8651ac6c..7c9e78f8c005 100644
 +#define GPIO_G6			BIT(22)
 +	writel(readl(AST_GPIO_BASE | GPIO_024) & ~GPIO_G6,
 +	       AST_GPIO_BASE | GPIO_024);
++
++	/* Set GPIO S3 as push-pull output high */
++#define GPIO_S3			BIT(19)
++	writel(readl(AST_GPIO_BASE + GPIO_084) | GPIO_S3,
++	       AST_GPIO_BASE + GPIO_084);
++	writel(readl(AST_GPIO_BASE + GPIO_080) | GPIO_S3,
++	       AST_GPIO_BASE + GPIO_080);
 +}
 +
  static void timer_handler(void *regs)
  {
  	printf("+");
-@@ -175,6 +238,8 @@ int board_early_init_f(void)
+@@ -175,6 +247,8 @@ int board_early_init_f(void)
  	 * I am not sure if it actually does anything... */
  	arch_interrupt_init_early();
  
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0008-AST2600-Add-TPM-pulse-trigger.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0008-AST2600-Add-TPM-pulse-trigger.patch
index edad150af..6b417fae9 100644
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0008-AST2600-Add-TPM-pulse-trigger.patch
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0008-AST2600-Add-TPM-pulse-trigger.patch
@@ -1,4 +1,4 @@
-From 627e49e75963fb372f1d6cd2297c8f73d6ec91e0 Mon Sep 17 00:00:00 2001
+From ec8377bb77dd560b3f03f02361d268b362e28e7f Mon Sep 17 00:00:00 2001
 From: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
 Date: Wed, 25 Mar 2020 15:04:26 -0700
 Subject: [PATCH] AST2600: Add TPM pulse trigger
@@ -11,11 +11,11 @@ Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
  1 file changed, 17 insertions(+)
 
 diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c
-index e1fd06a142b9..63af3d0f9034 100644
+index d03a446846bc..ebf883144418 100644
 --- a/board/aspeed/ast2600_intel/intel.c
 +++ b/board/aspeed/ast2600_intel/intel.c
-@@ -215,6 +215,21 @@ static void set_gpio_default_state(void)
- 	       AST_GPIO_BASE | GPIO_024);
+@@ -234,6 +234,21 @@ static void set_gpio_default_state(void)
+ 	       AST_GPIO_BASE + GPIO_080);
  }
  
 +void enable_onboard_tpm(void)
@@ -36,7 +36,7 @@ index e1fd06a142b9..63af3d0f9034 100644
  static void timer_handler(void *regs)
  {
  	printf("+");
-@@ -245,6 +260,8 @@ int board_early_init_r(void)
+@@ -264,6 +279,8 @@ int board_early_init_r(void)
  	debug("board_early_init_r\n");
  	/* timer_enable(0, 1, timer_handler); */
  
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch
index a30f7a7b8..768f3adaa 100644
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch
@@ -1,4 +1,4 @@
-From 5029f400e62981278957f62c5f8b4e22c2faecd9 Mon Sep 17 00:00:00 2001
+From a5e31f9ef7622b001c55f96a98dd18b19976c90c Mon Sep 17 00:00:00 2001
 From: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
 Date: Fri, 26 Jun 2020 14:35:47 -0700
 Subject: [PATCH] Add BMC running indicator LED control
@@ -15,19 +15,19 @@ Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
  1 file changed, 18 insertions(+)
 
 diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c
-index e93ef57dabed..565893777ffc 100644
+index 1d650ff959f6..95a90474cbd3 100644
 --- a/board/aspeed/ast2600_intel/intel.c
 +++ b/board/aspeed/ast2600_intel/intel.c
-@@ -192,6 +192,8 @@ static void sgpio_init(void)
- #define GPIO_024		0x024 /* GPIO E/F/G/H Direction */
- #define GPIO_070		0x070 /* GPIO I/J/K/L Value */
+@@ -194,6 +194,8 @@ static void sgpio_init(void)
  #define GPIO_074		0x074 /* GPIO I/J/K/L Direction */
+ #define GPIO_080		0x080 /* GPIO Q/R/S/T Value */
+ #define GPIO_084		0x084 /* GPIO Q/R/S/T Direction */
 +#define GPIO_088		0x088 /* GPIO U/V/W/X Value */
 +#define GPIO_08C		0x08C /* GPIO U/V/W/X Direction */
  
  static void set_gpio_default_state(void)
  {
-@@ -252,6 +254,20 @@ void enable_onboard_tpm(void)
+@@ -270,6 +272,20 @@ void enable_onboard_tpm(void)
  	       AST_GPIO_BASE | GPIO_000);
  }
  
@@ -48,7 +48,7 @@ index e93ef57dabed..565893777ffc 100644
  static void timer_callback(void *cookie)
  {
  	uint timer_nr = (uint)cookie;
-@@ -292,6 +308,8 @@ int board_early_init_r(void)
+@@ -310,6 +326,8 @@ int board_early_init_r(void)
  
  	enable_onboard_tpm();
  
@@ -58,5 +58,5 @@ index e93ef57dabed..565893777ffc 100644
  }
  
 -- 
-2.7.4
+2.17.1
 
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0025-ast2600-PFR-platform-EXTRST-reset-mask-selection.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0025-ast2600-PFR-platform-EXTRST-reset-mask-selection.patch
index 119db1318..23fc22ea7 100644
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0025-ast2600-PFR-platform-EXTRST-reset-mask-selection.patch
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0025-ast2600-PFR-platform-EXTRST-reset-mask-selection.patch
@@ -1,9 +1,8 @@
-From 298f34e528c3e64e5e10403380832df91f986f12 Mon Sep 17 00:00:00 2001
-From: Chalapathi Venkataramashetty <chalapathix.venkataramashetty@intel.com>
-Date: Tue, 8 Dec 2020 10:44:53 +0000
-Subject: [PATCH] ast2600:PFR platform - EXTRST# reset mask selection
+From 5ca28a9259d084440879be48ef4b4d6716794281 Mon Sep 17 00:00:00 2001
+From: Vikram Bodireddy <vikram.bodireddy@intel.com>
+Date: Mon, 22 Feb 2021 17:22:16 +0530
+Subject: [PATCH] ast2600-PFR-platform-EXTRST-reset-mask-selection
 
-This is a fix taken from Purely PFR.
 This commit will enable specific reset mask for EXTRST# signal.
 On PFR platforms, EXTRST# signal is used by PFR CPLD to put BMC
 in reset during firmware authentications, recovery and firmware
@@ -11,29 +10,35 @@ update flow, during which certain modules of BMC should be chosen
 to be reset so that Host functionality would be intact.
 
 Signed-off-by: Chalapathi Venkataramashetty <chalapathix.venkataramashetty@intel.com>
+Signed-off-by: Vikram Bodireddy <vikram.bodireddy@intel.com>
 ---
- arch/arm/mach-aspeed/ast2600/platform.S | 6 ++++++
- 1 file changed, 6 insertions(+)
+ arch/arm/mach-aspeed/ast2600/platform.S | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
 
 diff --git a/arch/arm/mach-aspeed/ast2600/platform.S b/arch/arm/mach-aspeed/ast2600/platform.S
-index cd8a57edd7..6756aee804 100644
+index ecc9fd33d1..8c40515b76 100644
 --- a/arch/arm/mach-aspeed/ast2600/platform.S
 +++ b/arch/arm/mach-aspeed/ast2600/platform.S
-@@ -39,6 +39,7 @@
+@@ -39,6 +39,8 @@
  #define AST_SCU_REV_ID			(AST_SCU_BASE + 0x014)
  #define AST_SCU_SYSRST_CTRL		(AST_SCU_BASE + 0x040)
  #define AST_SCU_SYSRST_CTRL_CLR		(AST_SCU_BASE + 0x044)
-+#define AST_SCU_EXTRST_SEL		(AST_SCU_BASE + 0x060)
++#define AST_SCU_EXTRST_SEL1		(AST_SCU_BASE + 0x060)
++#define AST_SCU_EXTRST_SEL2		(AST_SCU_BASE + 0x070)
  #define AST_SCU_DEBUG_CTRL              (AST_SCU_BASE + 0x0C8)
  #define AST_SCU_DEBUG_CTRL2             (AST_SCU_BASE + 0x0D8)
  #define AST_SCU_HPLL_PARAM		(AST_SCU_BASE + 0x200)
-@@ -285,6 +286,11 @@ wait_lock:
+@@ -285,6 +287,15 @@ wait_lock:
  	str	r1, [r0]
  
  1:
-+	/* SCU060:EXTRST# reset mask selection */
-+	ldr 	r0, =AST_SCU_EXTRST_SEL
-+	ldr 	r1, =0x00FF1FF5
++	/* SCU060:EXTRST1# reset mask selection */
++	ldr 	r0, =AST_SCU_EXTRST_SEL1
++	ldr 	r1, =0x6FF1FF5
++	str 	r1, [r0]
++	/* SCU070:EXTRST2# reset mask selection */
++	ldr 	r0, =AST_SCU_EXTRST_SEL2
++	ldr 	r1, =0x3FFFFF7
 +	str 	r1, [r0]
 +
  	/* disable eSPI, LPC and PWM resets on WDT1 reset */
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch
new file mode 100644
index 000000000..2bcf464cf
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch
@@ -0,0 +1,87 @@
+From 615d57c7c2a86df3ba19e0c1a201aa0d8042e38d Mon Sep 17 00:00:00 2001
+From: Kuiying Wang <kuiying.wang@intel.com>
+Date: Thu, 25 Feb 2021 14:45:12 +0800
+Subject: [PATCH] ast2600: Add Mailbox init function.
+
+Add Mailbox init function to make sure
+mailbox regs are clear when BMC reset.
+AST2600 A0 has 16 mailboxes.
+AST2600 A1 has 32 mailboxes.
+
+Tested:
+BMC could boot correctly and all the mailboxes clear
+ast# md 0x1e789200
+1e789200: 00000000 00000000 00000000 00000000    ................
+1e789210: 00000000 00000000 00000000 00000000    ................
+1e789220: 00000000 00000000 00000000 00000000    ................
+1e789230: 00000000 00000000 00000000 00000000    ................
+1e789240: 00000000 00000000 00000000 00000000    ................
+
+Signed-off-by: Vernon Mauery <vernon.mauery@intel.com>
+Signed-off-by: Kuiying Wang <kuiying.wang@intel.com>
+Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
+---
+ board/aspeed/ast2600_intel/intel.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c
+index 17a21c746098..17d1b1952d4d 100644
+--- a/board/aspeed/ast2600_intel/intel.c
++++ b/board/aspeed/ast2600_intel/intel.c
+@@ -10,6 +10,9 @@
+ #define WATCHDOG_RESET_BIT	BIT(20)
+ #define BOOT_FAILURE_LIMIT	3
+ 
++#define SCU_014			0x014		/* Silicon Revision ID */
++#define REV_ID_AST2600A0	0x05000303	/* AST2600 A0 */
++
+ static int get_boot_failures(void)
+ {
+ 	return env_get_ulong("bootfailures", 10, 0);
+@@ -320,6 +323,25 @@ static void timer_callback(void *cookie)
+ 	}
+ }
+ 
++#define AST_MBX_BASE		0x1e789200
++#define AST_MBX_COUNT_A0	16
++#define AST_MBX_COUNT		32
++static void mailbox_init(void)
++{
++	/* clear out default mbox values */
++	int i, mbx_count;
++
++	if (readl(SCU_BASE + SCU_014) == REV_ID_AST2600A0)
++		mbx_count = AST_MBX_COUNT_A0;
++	else
++		mbx_count = AST_MBX_COUNT;
++
++	for (i = 0; i < mbx_count; i++)
++	{
++		writel(0, AST_MBX_BASE + 4 * i);
++	}
++}
++
+ int board_early_init_f(void)
+ {
+ 	/* This is called before relocation; beware! */
+@@ -333,6 +355,8 @@ int board_early_init_f(void)
+ 
+ 	sgpio_init();
+ 
++	mailbox_init();
++
+ 	/* TODO: is it too late to enforce HW security registers? */
+ 	return 0;
+ }
+@@ -469,8 +493,6 @@ extern void timer_enable(int n, u32 interval_us, interrupt_handler_t *handler,
+ 			 void *cookie);
+ int board_late_init(void)
+ {
+-#define SCU_014			0x014		/* Silicon Revision ID */
+-#define REV_ID_AST2600A0	0x05000303	/* AST2600 A0 */
+ #define ONE_MSEC_IN_USEC	1000
+ 	char value[11];
+ 	u32 boot_failures;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch
deleted file mode 100644
index 230a7bb0a..000000000
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 63c22eddb8fba1b6ffb845765e91587e998e470e Mon Sep 17 00:00:00 2001
-From: Simon Glass <sjg@chromium.org>
-Date: Tue, 31 Mar 2020 18:43:55 +0200
-Subject: [PATCH] image: Be a little more verbose when checking signatures
-
-It is useful to be a little more specific about what is being checked.
-Update a few messages to help with this.
-
-Signed-off-by: Simon Glass <sjg@chromium.org>
-Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
----
- common/image-fit.c | 2 +-
- tools/image-host.c | 3 ++-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/common/image-fit.c b/common/image-fit.c
-index 06f3358c931c..58923cbc9371 100644
---- a/common/image-fit.c
-+++ b/common/image-fit.c
-@@ -1850,7 +1850,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
- 		fit_uname = fit_get_name(fit, noffset, NULL);
- 	}
- 	if (noffset < 0) {
--		puts("Could not find subimage node\n");
-+		printf("Could not find subimage node type '%s'\n", prop_name);
- 		bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE);
- 		return -ENOENT;
- 	}
-diff --git a/tools/image-host.c b/tools/image-host.c
-index 88b329502ca3..8e94ee8f3e31 100644
---- a/tools/image-host.c
-+++ b/tools/image-host.c
-@@ -743,7 +743,8 @@ int fit_check_sign(const void *fit, const void *key)
- 	if (!cfg_noffset)
- 		return -1;
- 
--	printf("Verifying Hash Integrity ... ");
-+	printf("Verifying Hash Integrity for node '%s'... ",
-+	       fdt_get_name(fit, cfg_noffset, NULL));
- 	ret = fit_config_verify(fit, cfg_noffset);
- 	if (ret)
- 		return ret;
--- 
-2.17.1
-
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch
deleted file mode 100644
index 5f82abeda..000000000
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 2fa27334977ba688f17edb6b66c8eb355d4a53a5 Mon Sep 17 00:00:00 2001
-From: Simon Glass <sjg@chromium.org>
-Date: Tue, 31 Mar 2020 18:43:55 +0200
-Subject: [PATCH] image: Return an error message from fit_config_verify_sig()
-
-This function only returns an error message sometimes. Update it to always
-return an error message if one is available. This makes it easier to see
-what went wrong.
-
-Signed-off-by: Simon Glass <sjg@chromium.org>
-Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
----
- common/image-sig.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/common/image-sig.c b/common/image-sig.c
-index 4f6b4ec412c3..48c89f930276 100644
---- a/common/image-sig.c
-+++ b/common/image-sig.c
-@@ -470,13 +470,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset,
- 		goto error;
- 	}
- 
--	return verified ? 0 : -EPERM;
-+	if (verified)
-+		return 0;
- 
- error:
- 	printf(" error!\n%s for '%s' hash node in '%s' config node\n",
- 	       err_msg, fit_get_name(fit, noffset, NULL),
- 	       fit_get_name(fit, conf_noffset, NULL));
--	return -1;
-+	return -EPERM;
- }
- 
- int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
--- 
-2.17.1
-
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch
deleted file mode 100644
index 9dd5e6668..000000000
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From c7c1af4f9996986f05ced17694b68a575eda328e Mon Sep 17 00:00:00 2001
-From: Simon Glass <sjg@chromium.org>
-Date: Tue, 31 Mar 2020 18:43:55 +0200
-Subject: [PATCH] image: Check hash-nodes when checking configurations
-
-It is currently possible to use a different configuration's signature and
-thus bypass the configuration check. Make sure that the configuration node
-that was hashed matches the one being checked, to catch this problem.
-
-Also add a proper function comment to fit_config_check_sig() and make it
-static.
-
-Signed-off-by: Simon Glass <sjg@chromium.org>
-Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
----
- common/image-sig.c | 36 +++++++++++++++++++++++++++++++++---
- 1 file changed, 33 insertions(+), 3 deletions(-)
-
-diff --git a/common/image-sig.c b/common/image-sig.c
-index 48c89f930276..4526c82acf75 100644
---- a/common/image-sig.c
-+++ b/common/image-sig.c
-@@ -330,20 +330,39 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
- 	return 0;
- }
- 
--int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
--			 char **err_msgp)
-+/**
-+ * fit_config_check_sig() - Check the signature of a config
-+ *
-+ * @fit: FIT to check
-+ * @noffset: Offset of configuration node (e.g. /configurations/conf-1)
-+ * @required_keynode:	Offset in the control FDT of the required key node,
-+ *			if any. If this is given, then the configuration wil not
-+ *			pass verification unless that key is used. If this is
-+ *			-1 then any signature will do.
-+ * @conf_noffset: Offset of the configuration subnode being checked (e.g.
-+ *	 /configurations/conf-1/kernel)
-+ * @err_msgp:		In the event of an error, this will be pointed to a
-+ *			help error string to display to the user.
-+ * @return 0 if all verified ok, <0 on error
-+ */
-+static int fit_config_check_sig(const void *fit, int noffset,
-+				int required_keynode, int conf_noffset,
-+				char **err_msgp)
- {
- 	char * const exc_prop[] = {"data"};
- 	const char *prop, *end, *name;
- 	struct image_sign_info info;
- 	const uint32_t *strings;
-+	const char *config_name;
- 	uint8_t *fit_value;
- 	int fit_value_len;
-+	bool found_config;
- 	int max_regions;
- 	int i, prop_len;
- 	char path[200];
- 	int count;
- 
-+	config_name = fit_get_name(fit, conf_noffset, NULL);
- 	debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(),
- 	      fit_get_name(fit, noffset, NULL),
- 	      fit_get_name(gd_fdt_blob(), required_keynode, NULL));
-@@ -384,9 +403,20 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
- 	char *node_inc[count];
- 
- 	debug("Hash nodes (%d):\n", count);
-+	found_config = false;
- 	for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) {
- 		debug("   '%s'\n", name);
- 		node_inc[i] = (char *)name;
-+		if (!strncmp(FIT_CONFS_PATH, name, strlen(FIT_CONFS_PATH)) &&
-+		    name[sizeof(FIT_CONFS_PATH) - 1] == '/' &&
-+		    !strcmp(name + sizeof(FIT_CONFS_PATH), config_name)) {
-+			debug("      (found config node %s)", config_name);
-+			found_config = true;
-+		}
-+	}
-+	if (!found_config) {
-+		*err_msgp = "Selected config not in hashed nodes";
-+		return -1;
- 	}
- 
- 	/*
-@@ -454,7 +484,7 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset,
- 		if (!strncmp(name, FIT_SIG_NODENAME,
- 			     strlen(FIT_SIG_NODENAME))) {
- 			ret = fit_config_check_sig(fit, noffset, sig_offset,
--						   &err_msg);
-+						   conf_noffset, &err_msg);
- 			if (ret) {
- 				puts("- ");
- 			} else {
--- 
-2.17.1
-
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend
index 3747fbdfb..e05f9e16f 100644
--- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend
+++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend
@@ -32,14 +32,12 @@ SRC_URI_append_intel-ast2600 = " \
     file://0024-fix-SUS_WARN-handling-logic.patch \
     file://0025-ast2600-PFR-platform-EXTRST-reset-mask-selection.patch \
     file://0025-Enable-PCIe-L1-support.patch \
+    file://0027-ast2600-Add-Mailbox-init-function.patch \
     "
 
 # CVE-2020-10648 vulnerability fix
 SRC_URI_append_intel-ast2600 = " \
     file://0001-image-Correct-comment-for-fit_conf_get_node.patch \
-    file://0002-image-Be-a-little-more-verbose-when-checking-signatu.patch \
-    file://0003-image-Return-an-error-message-from-fit_config_verify.patch \
-    file://0007-image-Check-hash-nodes-when-checking-configurations.patch \
     file://0008-image-Load-the-correct-configuration-in-fit_check_si.patch \
     file://0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch \
     file://0012-image-Use-constants-for-required-and-key-name-hint.patch \