diff options
Diffstat (limited to 'meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files')
17 files changed, 2359 insertions, 180 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0001-Add-ast2600-intel-as-a-new-board.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0001-Add-ast2600-intel-as-a-new-board.patch index 1fbb464b8..dfb11d89a 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0001-Add-ast2600-intel-as-a-new-board.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0001-Add-ast2600-intel-as-a-new-board.patch @@ -1,4 +1,4 @@ -From 2cec5042f3b33c6762073deb9275a66875538d82 Mon Sep 17 00:00:00 2001 +From ada80beb48d974f101201745657d10e72fe30b9c Mon Sep 17 00:00:00 2001 From: Vernon Mauery <vernon.mauery@intel.com> Date: Thu, 24 Oct 2019 14:06:33 -0700 Subject: [PATCH] Add ast2600-intel as a new board @@ -8,20 +8,21 @@ Signed-off-by: Kuiying Wang <kuiying.wang@intel.com> Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> --- arch/arm/dts/Makefile | 3 +- - arch/arm/dts/ast2600-intel.dts | 197 ++++++++++++++++ + arch/arm/dts/ast2600-intel.dts | 197 ++++++++++++ arch/arm/lib/interrupts.c | 5 + arch/arm/mach-aspeed/ast2600/Kconfig | 8 + - board/aspeed/ast2600_intel/Kconfig | 13 ++ + board/aspeed/ast2600_intel/Kconfig | 13 + board/aspeed/ast2600_intel/Makefile | 4 + - board/aspeed/ast2600_intel/ast-espi.c | 292 ++++++++++++++++++++++++ - board/aspeed/ast2600_intel/ast-irq.c | 399 +++++++++++++++++++++++++++++++++ + board/aspeed/ast2600_intel/ast-espi.c | 292 ++++++++++++++++++ + board/aspeed/ast2600_intel/ast-irq.c | 399 +++++++++++++++++++++++++ board/aspeed/ast2600_intel/ast-irq.h | 8 + - board/aspeed/ast2600_intel/ast-timer.c | 59 +++++ - board/aspeed/ast2600_intel/intel.c | 192 ++++++++++++++++ + board/aspeed/ast2600_intel/ast-timer.c | 59 ++++ + board/aspeed/ast2600_intel/intel.c | 192 ++++++++++++ cmd/Kconfig | 2 +- common/autoboot.c | 10 + configs/ast2600_openbmc_defconfig | 2 +- 14 files changed, 1191 insertions(+), 3 deletions(-) + mode change 100755 => 100644 arch/arm/dts/Makefile create mode 100644 arch/arm/dts/ast2600-intel.dts create mode 100644 board/aspeed/ast2600_intel/Kconfig create mode 100644 board/aspeed/ast2600_intel/Makefile @@ -30,12 +31,15 @@ Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> create mode 100644 board/aspeed/ast2600_intel/ast-irq.h create mode 100644 board/aspeed/ast2600_intel/ast-timer.c create mode 100644 board/aspeed/ast2600_intel/intel.c + mode change 100755 => 100644 configs/ast2600_openbmc_defconfig diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile -index e4dae2937968..da8903123999 100644 +old mode 100755 +new mode 100644 +index e9d994737949..d2ad5968775e --- a/arch/arm/dts/Makefile +++ b/arch/arm/dts/Makefile -@@ -683,7 +683,8 @@ dtb-$(CONFIG_ARCH_ASPEED) += \ +@@ -684,7 +684,8 @@ dtb-$(CONFIG_ARCH_ASPEED) += \ ast2600-fpga.dtb \ ast2600-rainier.dtb \ ast2600-slt.dtb \ @@ -284,7 +288,7 @@ index ee775ce5d264..8c985532afb4 100644 { efi_restore_gd(); diff --git a/arch/arm/mach-aspeed/ast2600/Kconfig b/arch/arm/mach-aspeed/ast2600/Kconfig -index dd991e87c795..7ccbb0b5e0ea 100644 +index 518f41b558d3..8023397cff58 100644 --- a/arch/arm/mach-aspeed/ast2600/Kconfig +++ b/arch/arm/mach-aspeed/ast2600/Kconfig @@ -51,6 +51,13 @@ config TARGET_SLT_AST2600 @@ -300,8 +304,8 @@ index dd991e87c795..7ccbb0b5e0ea 100644 + endchoice - source "board/aspeed/evb_ast2600a0/Kconfig" -@@ -59,5 +66,6 @@ source "board/aspeed/ncsi_ast2600a0/Kconfig" + config ASPEED_SECBOOT_BL2 +@@ -71,5 +78,6 @@ source "board/aspeed/ncsi_ast2600a0/Kconfig" source "board/aspeed/ncsi_ast2600a1/Kconfig" source "board/aspeed/fpga_ast2600/Kconfig" source "board/aspeed/slt_ast2600/Kconfig" @@ -1318,10 +1322,10 @@ index 000000000000..4a40a050c3da +} +#endif diff --git a/cmd/Kconfig b/cmd/Kconfig -index d5aa204290bd..89f6668b788e 100644 +index 1d2aa3a179a7..7599dd052df2 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig -@@ -1876,7 +1876,7 @@ config CMD_DIAG +@@ -1888,7 +1888,7 @@ config CMD_DIAG config CMD_IRQ bool "irq - Show information about interrupts" @@ -1356,7 +1360,9 @@ index 94133eaeda78..5e69000b848b 100644 abort = __abortboot(bootdelay); diff --git a/configs/ast2600_openbmc_defconfig b/configs/ast2600_openbmc_defconfig -index 2e2df2e3a235..77c39d848312 100644 +old mode 100755 +new mode 100644 +index 2e2df2e3a235..77c39d848312 --- a/configs/ast2600_openbmc_defconfig +++ b/configs/ast2600_openbmc_defconfig @@ -13,7 +13,7 @@ CONFIG_FIT=y @@ -1369,5 +1375,5 @@ index 2e2df2e3a235..77c39d848312 100644 CONFIG_DISPLAY_BOARDINFO_LATE=y CONFIG_ARCH_EARLY_INIT_R=y -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0016-Add-LED-control-support.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0016-Add-LED-control-support.patch new file mode 100644 index 000000000..bc2007288 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0016-Add-LED-control-support.patch @@ -0,0 +1,457 @@ +From d7befc37ba40a248899b5dc8e99bef2746a957d2 Mon Sep 17 00:00:00 2001 +From: Jae Hyun Yoo <jae.hyun.yoo@intel.com> +Date: Fri, 2 Apr 2021 09:48:38 -0700 +Subject: [PATCH] Add LED control support + +This commit adds LED control support including customization and improvement +on led-gpio and led-uclass driver to support 'blink' mode. LEDs will behave +like below. + +Normal u-boot : Green LED blinks at 1Hz + ID LED blinks at 3Hz +FFU u-boot : Amber LED solid on + ID LED solid on +MFG detected : Green LED blinks at 3Hz + ID LED blinks at 3Hz +Failure Recovery : Amber LED blinks at 3Hz + ID LED solid on +Jumping to Kernel : Green LED solid on + ID LED solid on + +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> +--- + arch/arm/dts/ast2600-intel.dts | 4 +- + board/aspeed/ast2600_intel/intel.c | 66 +++++++++++++++++++++++++++++- + cmd/net.c | 23 +++++++++-- + drivers/led/led-uclass.c | 37 +++++++++++++++++ + drivers/led/led_gpio.c | 62 ++++++++++++++++++++++++++++ + include/led.h | 42 ++++++++++++++++++- + 6 files changed, 226 insertions(+), 8 deletions(-) + +diff --git a/arch/arm/dts/ast2600-intel.dts b/arch/arm/dts/ast2600-intel.dts +index 1f14753056ee..5243d1a0afc3 100644 +--- a/arch/arm/dts/ast2600-intel.dts ++++ b/arch/arm/dts/ast2600-intel.dts +@@ -47,8 +47,8 @@ + }; + hb-led { + label = "hb"; +- gpios = <&gpio0 25 GPIO_ACTIVE_LOW>; +- linux,default-trigger = "heartbeat"; ++ gpios = <&gpio0 173 GPIO_ACTIVE_LOW>; ++ default-state = "on"; + }; + }; + }; +diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c +index 849e81ff3fef..fb9075f93945 100644 +--- a/board/aspeed/ast2600_intel/intel.c ++++ b/board/aspeed/ast2600_intel/intel.c +@@ -5,6 +5,7 @@ + #include <common.h> + #include <asm/gpio.h> + #include <asm/io.h> ++#include <led.h> + #include <malloc.h> + + /* use GPIOC0 on intel boards */ +@@ -26,7 +27,27 @@ int read_ffuj(void) + return ret; + ret = dm_gpio_get_value(&desc); + dm_gpio_free(desc.dev, &desc); +- return ret; ++ ++ if (ret) { ++ struct udevice *dev; ++ ++ /* FFU mode: ChassisID - Solid Blue, StatusLED - Solid Amber */ ++ ret = led_get_by_label("green", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_OFF); ++ ++ ret = led_get_by_label("amber", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_ON); ++ ++ ret = led_get_by_label("id", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_ON); ++ ++ return 1; ++ } ++ ++ return 0; + } + + /* gpio_abort is a weak symbol in common/autoboot.c */ +@@ -264,6 +285,11 @@ static void timer_callback(void *cookie) + dummy = readl(0x1e78e07c); + dummy = readl(0x1e78f07c); + break; ++#ifdef CONFIG_LED_BLINK ++ case 1: ++ led_blink_update(); ++ break; ++#endif + } + } + +@@ -286,10 +312,20 @@ int board_early_init_f(void) + + int board_early_init_r(void) + { ++ struct udevice *dev; ++ int ret; ++ + debug("board_early_init_r\n"); + + enable_onboard_tpm(); + ++ led_default_state(); ++#ifdef CONFIG_LED_BLINK ++ ret = led_get_by_label("id", &dev); ++ if (!ret) ++ led_set_period(dev, 160); ++#endif ++ + return 0; + } + +@@ -366,6 +402,11 @@ int board_late_init(void) + if (readl(SCU_BASE | SCU_014) == REV_ID_AST2600A0) + timer_enable(0, ONE_MSEC_IN_USEC, timer_callback, (void *)0); + ++#ifdef CONFIG_LED_BLINK ++ timer_enable(1, LED_BLINK_UPDATE_TICK_MS * ONE_MSEC_IN_USEC, ++ timer_callback, (void *)1); ++#endif ++ + espi_init(); + + /* Add reset reason to bootargs */ +@@ -391,6 +432,29 @@ void board_init(void) + } + */ + ++void board_preboot_os(void) ++{ ++ struct udevice *dev; ++ int ret; ++ ++ /* ++ * last second before OS booting ++ * ChassisID - Solid Blue, StatusLED - Solid Green ++ */ ++ ++ ret = led_get_by_label("green", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_ON); ++ ++ ret = led_get_by_label("amber", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_OFF); ++ ++ ret = led_get_by_label("id", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_ON); ++} ++ + #ifdef CONFIG_WATCHDOG + /* watchdog stuff */ + void watchdog_init(void) +diff --git a/cmd/net.c b/cmd/net.c +index 7d2c21ba4d22..a6b03654cdbf 100644 +--- a/cmd/net.c ++++ b/cmd/net.c +@@ -10,6 +10,7 @@ + #include <common.h> + #include <command.h> + #include <net.h> ++#include <led.h> + + static int netboot_common(enum proto_t, cmd_tbl_t *, int, char * const []); + +@@ -183,6 +184,10 @@ static int netboot_common(enum proto_t proto, cmd_tbl_t *cmdtp, int argc, + int size; + ulong addr; + ++#ifdef CONFIG_LED_BLINK ++ led_blink_disable(); ++#endif ++ + net_boot_file_name_explicit = false; + + /* pre-set load_addr */ +@@ -229,7 +234,8 @@ static int netboot_common(enum proto_t proto, cmd_tbl_t *cmdtp, int argc, + if (strict_strtoul(argv[1], 16, &save_addr) < 0 || + strict_strtoul(argv[2], 16, &save_size) < 0) { + printf("Invalid address/size\n"); +- return CMD_RET_USAGE; ++ rcode = CMD_RET_USAGE; ++ goto exit; + } + net_boot_file_name_explicit = true; + copy_filename(net_boot_file_name, argv[3], +@@ -238,14 +244,16 @@ static int netboot_common(enum proto_t proto, cmd_tbl_t *cmdtp, int argc, + #endif + default: + bootstage_error(BOOTSTAGE_ID_NET_START); +- return CMD_RET_USAGE; ++ rcode = CMD_RET_USAGE; ++ goto exit; + } + bootstage_mark(BOOTSTAGE_ID_NET_START); + + size = net_loop(proto); + if (size < 0) { + bootstage_error(BOOTSTAGE_ID_NET_NETLOOP_OK); +- return CMD_RET_FAILURE; ++ rcode = CMD_RET_FAILURE; ++ goto exit; + } + bootstage_mark(BOOTSTAGE_ID_NET_NETLOOP_OK); + +@@ -255,7 +263,8 @@ static int netboot_common(enum proto_t proto, cmd_tbl_t *cmdtp, int argc, + /* done if no file was loaded (no errors though) */ + if (size == 0) { + bootstage_error(BOOTSTAGE_ID_NET_LOADED); +- return CMD_RET_SUCCESS; ++ rcode = CMD_RET_SUCCESS; ++ goto exit; + } + + bootstage_mark(BOOTSTAGE_ID_NET_LOADED); +@@ -266,6 +275,12 @@ static int netboot_common(enum proto_t proto, cmd_tbl_t *cmdtp, int argc, + bootstage_mark(BOOTSTAGE_ID_NET_DONE); + else + bootstage_error(BOOTSTAGE_ID_NET_DONE_ERR); ++ ++exit: ++#ifdef CONFIG_LED_BLINK ++ led_blink_enable(); ++#endif ++ + return rcode; + } + +diff --git a/drivers/led/led-uclass.c b/drivers/led/led-uclass.c +index 2859475a6b8e..264e0735c815 100644 +--- a/drivers/led/led-uclass.c ++++ b/drivers/led/led-uclass.c +@@ -62,6 +62,39 @@ int led_set_period(struct udevice *dev, int period_ms) + + return ops->set_period(dev, period_ms); + } ++ ++static bool blink_enable = true; ++ ++void led_blink_enable(void) ++{ ++ blink_enable = true; ++} ++ ++void led_blink_disable(void) ++{ ++ blink_enable = false; ++} ++ ++int led_blink_update(void) ++{ ++ struct udevice *dev; ++ ++ if (!blink_enable) ++ return 0; ++ ++ for (uclass_find_first_device(UCLASS_LED, &dev); ++ dev; ++ uclass_find_next_device(&dev)) { ++ if (device_active(dev) && led_get_state(dev) == LEDST_BLINK) { ++ struct led_ops *ops = led_get_ops(dev); ++ ++ if (ops && ops->update_blink) ++ ops->update_blink(dev); ++ } ++ } ++ ++ return 0; ++} + #endif + + int led_default_state(void) +@@ -87,6 +120,10 @@ int led_default_state(void) + led_set_state(dev, LEDST_ON); + else if (!strncmp(default_state, "off", 3)) + led_set_state(dev, LEDST_OFF); ++#ifdef CONFIG_LED_BLINK ++ else if (!strncmp(default_state, "blink", 5)) ++ led_set_state(dev, LEDST_BLINK); ++#endif + /* default-state = "keep" : device is only probed */ + } + +diff --git a/drivers/led/led_gpio.c b/drivers/led/led_gpio.c +index 93f6b913c647..a88efde71a69 100644 +--- a/drivers/led/led_gpio.c ++++ b/drivers/led/led_gpio.c +@@ -13,8 +13,45 @@ + + struct led_gpio_priv { + struct gpio_desc gpio; ++#ifdef CONFIG_LED_BLINK ++ int period; ++ int period_tick_count; ++ enum led_state_t state; ++#endif + }; + ++#ifdef CONFIG_LED_BLINK ++static int gpio_led_set_period(struct udevice *dev, int period_ms) ++{ ++ struct led_gpio_priv *priv = dev_get_priv(dev); ++ ++ if (period_ms < LED_BLINK_UPDATE_TICK_MS) ++ period_ms = LED_BLINK_PERIOD_DEFAULT_MS; ++ ++ priv->period = period_ms / LED_BLINK_UPDATE_TICK_MS; ++ priv->period_tick_count = priv->period; ++ ++ return 0; ++} ++ ++static int gpio_led_update_blink(struct udevice *dev) ++{ ++ struct led_gpio_priv *priv = dev_get_priv(dev); ++ int ret; ++ ++ if (priv->period_tick_count) { ++ priv->period_tick_count--; ++ } else { ++ ret = dm_gpio_get_value(&priv->gpio); ++ if (ret >= 0) ++ dm_gpio_set_value(&priv->gpio, !ret); ++ priv->period_tick_count = priv->period; ++ } ++ ++ return 0; ++} ++#endif ++ + static int gpio_led_set_state(struct udevice *dev, enum led_state_t state) + { + struct led_gpio_priv *priv = dev_get_priv(dev); +@@ -25,6 +62,9 @@ static int gpio_led_set_state(struct udevice *dev, enum led_state_t state) + switch (state) { + case LEDST_OFF: + case LEDST_ON: ++#ifdef CONFIG_LED_BLINK ++ case LEDST_BLINK: ++#endif + break; + case LEDST_TOGGLE: + ret = dm_gpio_get_value(&priv->gpio); +@@ -36,6 +76,20 @@ static int gpio_led_set_state(struct udevice *dev, enum led_state_t state) + return -ENOSYS; + } + ++#ifdef CONFIG_LED_BLINK ++ priv->state = state; ++ ++ if (priv->state == LEDST_BLINK) { ++ if (priv->period < LED_BLINK_UPDATE_TICK_MS) { ++ priv->period = LED_BLINK_PERIOD_DEFAULT_MS / ++ LED_BLINK_UPDATE_TICK_MS; ++ priv->period_tick_count = priv->period; ++ } ++ ++ return dm_gpio_set_value(&priv->gpio, LEDST_ON); ++ } ++#endif ++ + return dm_gpio_set_value(&priv->gpio, state); + } + +@@ -46,6 +100,10 @@ static enum led_state_t gpio_led_get_state(struct udevice *dev) + + if (!dm_gpio_is_valid(&priv->gpio)) + return -EREMOTEIO; ++#ifdef CONFIG_LED_BLINK ++ if (priv->state == LEDST_BLINK) ++ return LEDST_BLINK; ++#endif + ret = dm_gpio_get_value(&priv->gpio); + if (ret < 0) + return ret; +@@ -117,6 +175,10 @@ static int led_gpio_bind(struct udevice *parent) + static const struct led_ops gpio_led_ops = { + .set_state = gpio_led_set_state, + .get_state = gpio_led_get_state, ++#ifdef CONFIG_LED_BLINK ++ .set_period = gpio_led_set_period, ++ .update_blink = gpio_led_update_blink, ++#endif + }; + + static const struct udevice_id led_gpio_ids[] = { +diff --git a/include/led.h b/include/led.h +index 7bfdddfd6fab..fb072c8b9f1a 100644 +--- a/include/led.h ++++ b/include/led.h +@@ -32,7 +32,6 @@ enum led_state_t { + #ifdef CONFIG_LED_BLINK + LEDST_BLINK, + #endif +- + LEDST_COUNT, + }; + +@@ -66,6 +65,17 @@ struct led_ops { + * @return 0 if OK, -ve on error + */ + int (*set_period)(struct udevice *dev, int period_ms); ++ ++ /** ++ * update_blink() - update blink output of an LED ++ * ++ * This should be called in every tick for updating blink behavior of an ++ * LED. ++ * ++ * @dev: LED device to change ++ * @return 0 if OK, -ve on error ++ */ ++ int (*update_blink)(struct udevice *dev); + #endif + }; + +@@ -115,4 +125,34 @@ int led_set_period(struct udevice *dev, int period_ms); + */ + int led_default_state(void); + ++#ifdef CONFIG_LED_BLINK ++#define LED_BLINK_UPDATE_TICK_MS 10 ++#define LED_BLINK_PERIOD_DEFAULT_MS 500 ++ ++/** ++ * led_blink_enable() - enable blinking for all LEDs that have the blink state ++ * ++ * This enables blinking for all LEDs that have the blink state. ++ * ++ */ ++void led_blink_enable(void); ++ ++/** ++ * led_blink_disable() - disable blinking for all LEDs that have the blink state ++ * ++ * This disables blinking for all LEDs that have the blink state. ++ * ++ */ ++void led_blink_disable(void); ++ ++/** ++ * led_blink_update() - timer tick callback for updating blink behavior ++ * ++ * This should be called on every LED_BLINK_UPDATE_TICK_MS for updating blink ++ * behavior of all LEDs that have the blink state. ++ * ++ */ ++int led_blink_update(void); ++#endif ++ + #endif +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0017-Manufacturing-mode-physical-presence-detection.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0017-Manufacturing-mode-physical-presence-detection.patch index 0b0fb466d..c0d409592 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0017-Manufacturing-mode-physical-presence-detection.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0017-Manufacturing-mode-physical-presence-detection.patch @@ -1,4 +1,4 @@ -From 8bfaae756740589ec9644a5ddcd8b19d7d7b9b73 Mon Sep 17 00:00:00 2001 +From 5d3f9d42ba9b1f634a65ae52f6263b1c4a95b947 Mon Sep 17 00:00:00 2001 From: AppaRao Puli <apparao.puli@linux.intel.com> Date: Thu, 20 Jun 2019 18:11:43 +0530 Subject: [PATCH] Manufacturing mode physical presence detection @@ -6,11 +6,9 @@ Subject: [PATCH] Manufacturing mode physical presence detection Support for physical presence of manufacturing mode added. Front panel power button press for 15 seconds will be detected and marked as special mode for manufacturing request. -//TODO: -//There will be 10 second Status LED blink for 10 seconds to -//do the physical indication to the user. This indicates the -//user that he has pressed power button long enough for -//manufacturing mode detection. +There will be Status LED blink for 10 seconds to do the physical +indication to the user. This indicates the user that he has +pressed power button long enough for manufacturing mode detection. Tested: 1. Verified by holding the power button when u-boot boots for @@ -24,14 +22,24 @@ Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.co Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> --- - board/aspeed/ast2600_intel/intel.c | 49 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 49 insertions(+) + board/aspeed/ast2600_intel/intel.c | 74 ++++++++++++++++++++++++++++-- + common/autoboot.c | 12 ++++- + 2 files changed, 82 insertions(+), 4 deletions(-) diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c -index 95e5492009d7..367657df56d1 100644 +index fb9075f93945..a644010dd339 100644 --- a/board/aspeed/ast2600_intel/intel.c +++ b/board/aspeed/ast2600_intel/intel.c -@@ -39,6 +39,26 @@ int gpio_abort(void) +@@ -8,6 +8,8 @@ + #include <led.h> + #include <malloc.h> + ++#define SYS_PWR_RESET_FLAG BIT(0) /* from scu_info.c */ ++ + /* use GPIOC0 on intel boards */ + #define FFUJ_GPIO "gpio@1e78000016" + +@@ -60,6 +62,26 @@ int gpio_abort(void) return value <= 0 ? 0 : 1; } @@ -58,7 +66,28 @@ index 95e5492009d7..367657df56d1 100644 #define SCU_BASE 0x1E6E2000 #define SCU_338 0x338 //Generate UART 24 MHz Reference from UXCLK #define SCU_33C 0x33c //Generate UART 24 MHz Reference from HUXCLK -@@ -334,6 +354,31 @@ static void update_bootargs_cmd(const char *key, const char *value) +@@ -119,6 +141,11 @@ static void gpio_passthru_init(void) + SCU_BASE | SCU_418); + } + ++void board_pre_abort_autoboot(void) ++{ ++ gpio_passthru_init(); ++} ++ + #define AST_LPC_BASE 0x1e789000 + #define LPC_SNOOP_ADDR 0x80 + #define HICR5 0x080 /* Host Interface Control Register 5 */ +@@ -300,8 +327,6 @@ int board_early_init_f(void) + + set_gpio_default_state(); + +- gpio_passthru_init(); +- + port80h_snoop_init(); + + sgpio_init(); +@@ -388,6 +413,43 @@ static void update_bootargs_cmd(const char *key, const char *value) free(buf); } @@ -72,15 +101,27 @@ index 95e5492009d7..367657df56d1 100644 + const uint32_t delay_in_ms = 100; + const uint32_t read_count = ((15 * 1000) / delay_in_ms); + const uint32_t delay_for_indication = 10 * 1000; ++#ifdef CONFIG_LED_BLINK ++ struct udevice *dev; ++ int ret; ++#endif ++ + for (uint32_t count = 0; count < read_count; ++count) { + if (read_frontpanel_power_button() != 1) + return false; + + mdelay(delay_in_ms); + } -+ debug("is_mfg_mode_phy_req : detected mfg mode request\n"); -+ // TODO: enable id led control -+ //id_led_control(GPIO_GREEN_LED, EIDLED_Blink_3HZ); ++ ++ printf("MFG mode is requested.\n"); ++ ++#ifdef CONFIG_LED_BLINK ++ ret = led_get_by_label("green", &dev); ++ if (!ret) { ++ led_set_period(dev, 160); ++ } ++#endif ++ + /* Delay the boot to do physical indication for mfg mode */ + mdelay(delay_for_indication); + @@ -90,17 +131,58 @@ index 95e5492009d7..367657df56d1 100644 extern void espi_init(void); extern void kcs_init(void); extern void timer_enable(int n, u32 interval_us, interrupt_handler_t *handler, -@@ -354,6 +399,10 @@ int board_late_init(void) +@@ -413,8 +475,14 @@ int board_late_init(void) snprintf(value, sizeof(value), "0x%x", gd->reset_reason); update_bootargs_cmd("resetreason", value); +- if (read_ffuj()) + /* Update the special mode in bootargs */ -+ if (is_mfg_mode_phy_req()) ++ if (gd->reset_reason & SYS_PWR_RESET_FLAG && is_mfg_mode_phy_req()) + update_bootargs_cmd("special", "mfg"); + - if (read_ffuj()) ++ if (read_ffuj()) { ++ gpio_passthru_init(); kcs_init(); ++ } + + return 0; + } +diff --git a/common/autoboot.c b/common/autoboot.c +index 5e69000b848b..8a9978042386 100644 +--- a/common/autoboot.c ++++ b/common/autoboot.c +@@ -261,13 +261,19 @@ int gpio_abort(void) + return 0; + } + ++/* Allow for board specific config when we check abort condition */ ++__weak void board_pre_abort_autoboot(void) ++{ ++ /* please define board specific board_pre_abort_autoboot() */ ++} ++ + static int abortboot(int bootdelay) + { + int abort = 0; + + abort = gpio_abort(); + if (abort) +- return abort; ++ goto exit; + + if (bootdelay >= 0) + abort = __abortboot(bootdelay); +@@ -277,6 +283,10 @@ static int abortboot(int bootdelay) + gd->flags &= ~GD_FLG_SILENT; + #endif + ++exit: ++ if (abort) ++ board_pre_abort_autoboot(); ++ + return abort; + } -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch deleted file mode 100644 index 768f3adaa..000000000 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0020-Add-BMC-running-indicator-LED-control.patch +++ /dev/null @@ -1,62 +0,0 @@ -From a5e31f9ef7622b001c55f96a98dd18b19976c90c Mon Sep 17 00:00:00 2001 -From: Jae Hyun Yoo <jae.hyun.yoo@intel.com> -Date: Fri, 26 Jun 2020 14:35:47 -0700 -Subject: [PATCH] Add BMC running indicator LED control - -HBLED cannot be enabled due to a conflict with PWM15 pin and H/W -team is not going to change board layout for supporting HBLED to -keep compatibility between board revisions. Instead, we are going -to use the LED connected to GPIO V5 as BMC running indicator LED. -This commit adds the LED control. - -Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> ---- - board/aspeed/ast2600_intel/intel.c | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c -index 1d650ff959f6..95a90474cbd3 100644 ---- a/board/aspeed/ast2600_intel/intel.c -+++ b/board/aspeed/ast2600_intel/intel.c -@@ -194,6 +194,8 @@ static void sgpio_init(void) - #define GPIO_074 0x074 /* GPIO I/J/K/L Direction */ - #define GPIO_080 0x080 /* GPIO Q/R/S/T Value */ - #define GPIO_084 0x084 /* GPIO Q/R/S/T Direction */ -+#define GPIO_088 0x088 /* GPIO U/V/W/X Value */ -+#define GPIO_08C 0x08C /* GPIO U/V/W/X Direction */ - - static void set_gpio_default_state(void) - { -@@ -270,6 +272,20 @@ void enable_onboard_tpm(void) - AST_GPIO_BASE | GPIO_000); - } - -+void bmc_running_indicator(bool on) -+{ -+#define GPIO_V5 BIT(13) -+ -+ writel(readl(AST_GPIO_BASE | GPIO_08C) | GPIO_V5, -+ AST_GPIO_BASE | GPIO_08C); -+ if (on) -+ writel(readl(AST_GPIO_BASE | GPIO_088) & ~GPIO_V5, -+ AST_GPIO_BASE | GPIO_088); -+ else -+ writel(readl(AST_GPIO_BASE | GPIO_088) | GPIO_V5, -+ AST_GPIO_BASE | GPIO_088); -+} -+ - static void timer_callback(void *cookie) - { - uint timer_nr = (uint)cookie; -@@ -310,6 +326,8 @@ int board_early_init_r(void) - - enable_onboard_tpm(); - -+ bmc_running_indicator(true); -+ - return 0; - } - --- -2.17.1 - diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0022-Reboot-into-UBOOT-on-Watchdog-Failures.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0022-Reboot-into-UBOOT-on-Watchdog-Failures.patch index d5ccddf27..d1cb523e5 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0022-Reboot-into-UBOOT-on-Watchdog-Failures.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0022-Reboot-into-UBOOT-on-Watchdog-Failures.patch @@ -1,4 +1,4 @@ -From b81b62f2ca4d4e434f2fec090725e99f198f64ef Mon Sep 17 00:00:00 2001 +From 56a1cafcf68c624ca9ea9de6c38080603e80ea0d Mon Sep 17 00:00:00 2001 From: James Feist <james.feist@linux.intel.com> Date: Wed, 31 Jul 2019 16:01:49 -0700 Subject: [PATCH] Reboot into UBOOT on Watchdog Failures @@ -13,17 +13,17 @@ uboot after 3 times Signed-off-by: James Feist <james.feist@linux.intel.com> Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> --- - board/aspeed/ast2600_intel/intel.c | 34 ++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) + board/aspeed/ast2600_intel/intel.c | 61 ++++++++++++++++++++++++++++++ + 1 file changed, 61 insertions(+) diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c -index 565893777ffc..2fb84e880e5c 100644 +index a644010dd339..2db162bc9d4c 100644 --- a/board/aspeed/ast2600_intel/intel.c +++ b/board/aspeed/ast2600_intel/intel.c -@@ -7,6 +7,28 @@ - #include <asm/io.h> +@@ -9,6 +9,55 @@ #include <malloc.h> + #define SYS_PWR_RESET_FLAG BIT(0) /* from scu_info.c */ +#define WATCHDOG_RESET_BIT BIT(20) +#define BOOT_FAILURE_LIMIT 3 + @@ -43,13 +43,40 @@ index 565893777ffc..2fb84e880e5c 100644 + +int intel_failed_boot(void) +{ -+ return get_boot_failures() >= BOOT_FAILURE_LIMIT; -+} ++ struct udevice *dev; ++ int ret; ++ ++ ret = get_boot_failures() >= BOOT_FAILURE_LIMIT; ++ if (ret) { ++ /* ++ * Failure Recovery state: ++ * ChassisID - Solid Blue, StatusLED - Blinking Amber at 3Hz ++ */ ++ ret = led_get_by_label("green", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_OFF); ++ ++#ifdef CONFIG_LED_BLINK ++ ret = led_get_by_label("amber", &dev); ++ if (!ret) { ++ led_set_period(dev, 160); ++ led_set_state(dev, LEDST_BLINK); ++ } ++#endif + ++ ret = led_get_by_label("id", &dev); ++ if (!ret) ++ led_set_state(dev, LEDST_ON); ++ ++ return 1; ++ } ++ ++ return 0; ++} + /* use GPIOC0 on intel boards */ #define FFUJ_GPIO "gpio@1e78000016" - -@@ -33,6 +55,10 @@ int read_ffuj(void) +@@ -56,6 +105,10 @@ int read_ffuj(void) int gpio_abort(void) { int value; @@ -60,7 +87,7 @@ index 565893777ffc..2fb84e880e5c 100644 /* check ffuj to abort the autoboot */ value = read_ffuj(); printf("FFUJ: %d\n", value); -@@ -407,6 +433,7 @@ int board_late_init(void) +@@ -460,6 +513,7 @@ int board_late_init(void) #define REV_ID_AST2600A0 0x05000303 /* AST2600 A0 */ #define ONE_MSEC_IN_USEC 1000 char value[11]; @@ -68,7 +95,7 @@ index 565893777ffc..2fb84e880e5c 100644 if (readl(SCU_BASE | SCU_014) == REV_ID_AST2600A0) timer_enable(0, ONE_MSEC_IN_USEC, timer_callback, (void *)0); -@@ -417,6 +444,13 @@ int board_late_init(void) +@@ -475,6 +529,13 @@ int board_late_init(void) snprintf(value, sizeof(value), "0x%x", gd->reset_reason); update_bootargs_cmd("resetreason", value); @@ -80,7 +107,7 @@ index 565893777ffc..2fb84e880e5c 100644 + set_boot_failures(0); + /* Update the special mode in bootargs */ - if (is_mfg_mode_phy_req()) + if (gd->reset_reason & SYS_PWR_RESET_FLAG && is_mfg_mode_phy_req()) update_bootargs_cmd("special", "mfg"); -- 2.17.1 diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0023-Add-WDT-to-u-boot-to-cover-booting-failures.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0023-Add-WDT-to-u-boot-to-cover-booting-failures.patch index d5093bba6..da7889be6 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0023-Add-WDT-to-u-boot-to-cover-booting-failures.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0023-Add-WDT-to-u-boot-to-cover-booting-failures.patch @@ -1,88 +1,317 @@ -From c4aebdd00365539dc155e88ee4f6b88cccdccd8f Mon Sep 17 00:00:00 2001 +From 473b1990ecb578b6dc5d3347dc0ab8f7d5609137 Mon Sep 17 00:00:00 2001 From: Jae Hyun Yoo <jae.hyun.yoo@intel.com> Date: Wed, 16 Sep 2020 13:25:36 -0700 Subject: [PATCH] Add WDT to u-boot to cover booting failures -This commit enables WDT2 before loading kernel image to make BMC -reset to cover booting failures. If BMC meet any failure or if -systemd can't initiate watchdog timer service properly, BMC will -be reset by this watchdog. In case if u-boot meets a kernel image -decoding issue, this watchdog will be immediately disabled and BMC -will stay in u-boot console. +This commit enables WDT1 in early u-boot and before loading kernel +image to make BMC reset to cover booting failures. If BMC meets any +failure or if kernel can't initiate watchdog timer properly, BMC will +be reset by this watchdog. Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> --- - board/aspeed/ast2600_intel/intel.c | 23 ++++++++++++++++++++++- - common/bootm_os.c | 11 +++++++++++ - 2 files changed, 33 insertions(+), 1 deletion(-) + arch/arm/mach-aspeed/ast2600/platform.S | 15 +++++ + board/aspeed/ast2600_intel/intel.c | 50 ++++++++++++++-- + common/board_f.c | 1 + + common/image.c | 3 +- + drivers/mtd/spi/spi-nor-core.c | 5 ++ + drivers/watchdog/ast_wdt.c | 78 ++++++++++++++----------- + include/configs/aspeed-common.h | 2 + + 7 files changed, 116 insertions(+), 38 deletions(-) +diff --git a/arch/arm/mach-aspeed/ast2600/platform.S b/arch/arm/mach-aspeed/ast2600/platform.S +index cd8a57edd76b..08f33a9f1a17 100644 +--- a/arch/arm/mach-aspeed/ast2600/platform.S ++++ b/arch/arm/mach-aspeed/ast2600/platform.S +@@ -64,6 +64,9 @@ + #define AST_MAC2_CTRL2 (AST_MAC2_BASE + 0x058) + + #define AST_WDT1_BASE 0x1E785000 ++#define AST_WDT1_RELOAD_VAL (AST_WDT1_BASE + 0x004) ++#define AST_WDT1_RESTART_CTRL (AST_WDT1_BASE + 0x008) ++#define AST_WDT1_CTRL (AST_WDT1_BASE + 0x00C) + #define AST_WDT1_RESET_MASK1 (AST_WDT1_BASE + 0x01C) + #define AST_WDT1_RESET_MASK2 (AST_WDT1_BASE + 0x020) + +@@ -313,6 +316,18 @@ wait_lock: + ldr r1, =AST_SCU_CA7_PARITY_CHK + str r0, [r1] + ++#ifdef CONFIG_HW_WATCHDOG ++ /* Enable WDT1 to recover u-boot hang */ ++ ldr r0, =AST_WDT1_RELOAD_VAL ++ ldr r1, =0x00500000 @ ~5 seconds ++ str r1, [r0] ++ ldr r0, =AST_WDT1_RESTART_CTRL ++ ldr r1, =0x00004755 ++ str r1, [r0] ++ ldr r0, =AST_WDT1_CTRL ++ ldr r1, =0x00000013 ++ str r1, [r0] ++#endif + #if 0 + ldr r1, =AST_FMC_WDT2_CTRL_MODE + str r0, [r1] diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c -index 807202295757..af2af9786926 100644 +index 948f8a01f868..1a95893631c8 100644 --- a/board/aspeed/ast2600_intel/intel.c +++ b/board/aspeed/ast2600_intel/intel.c -@@ -474,12 +474,33 @@ void board_init(void) - */ +@@ -7,6 +7,7 @@ + #include <asm/io.h> + #include <led.h> + #include <malloc.h> ++#include <wdt.h> + + #define SYS_PWR_RESET_FLAG BIT(0) /* from scu_info.c */ + #define WATCHDOG_RESET_BIT BIT(20) +@@ -584,13 +585,54 @@ void board_preboot_os(void) + led_set_state(dev, LEDST_ON); + } - #ifdef CONFIG_WATCHDOG +-#ifdef CONFIG_WATCHDOG -/* watchdog stuff */ -+#define WDT2_BASE 0x1e785040 -+#define WDT_COUNTER_STATUS 0x00 -+#define WDT_COUNTER_RELOAD_VALUE 0x04 -+#define WDT_COUNTER_RESTART_CTRL 0x08 -+#define WDT_RESTART_VALUE 0x4755 -+#define WDT_CTRL 0x0c -+#define WDT_RST_BY_SOC_RST BIT(4) -+#define WDT_SYS_RESET BIT(1) -+#define WDT_ENABLE BIT(0) -+#define WDT_TIMEOUT_DEFAULT 0x6000000 /* ~100 seconds */ +-void watchdog_init(void) ++#ifdef CONFIG_HW_WATCHDOG ++#define WDT_TIMEOUT_DEFAULT 0x6000000 /* ~100 seconds */ ++ ++void hw_watchdog_init(void) ++{ ++ struct udevice *dev; ++ int ret; ++ ++ ret = uclass_first_device(UCLASS_WDT, &dev); ++ if (ret) { ++ debug("Can't find a WDT: %d\n", ret); ++ return; ++ } ++ ++ ret = wdt_start(dev, WDT_TIMEOUT_DEFAULT, 0); ++ if (ret) ++ debug("WDT start failed: %d\n", ret); ++} + - void watchdog_init(void) ++void hw_watchdog_reset(void) { -+ writel(0, WDT2_BASE + WDT_CTRL); -+ writel(WDT_TIMEOUT_DEFAULT, WDT2_BASE + WDT_COUNTER_RELOAD_VALUE); -+ writel(WDT_RESTART_VALUE, WDT2_BASE + WDT_COUNTER_RESTART_CTRL); -+ writel(WDT_RST_BY_SOC_RST | WDT_SYS_RESET | WDT_ENABLE, -+ WDT2_BASE + WDT_CTRL); ++ struct udevice *dev; ++ int ret; ++ ++ ret = uclass_first_device(UCLASS_WDT, &dev); ++ if (ret) { ++ debug("Can't find a WDT: %d\n", ret); ++ return; ++ } ++ ++ ret = wdt_reset(dev); ++ if (ret) ++ debug("WDT reset failed: %d\n", ret); } - void watchdog_reset(void) +-void watchdog_reset(void) ++void hw_watchdog_disable(void) { -+ writel(WDT_RESTART_VALUE, WDT2_BASE + WDT_COUNTER_RESTART_CTRL); -+} ++ struct udevice *dev; ++ int ret; + -+void watchdog_disable(void) -+{ -+ writel(0, WDT2_BASE + WDT_CTRL); ++ ret = uclass_first_device(UCLASS_WDT, &dev); ++ if (ret) { ++ debug("Can't find a WDT: %d\n", ret); ++ return; ++ } ++ ++ ret = wdt_stop(dev); ++ if (ret) ++ debug("WDT stop failed: %d\n", ret); } #endif -diff --git a/common/bootm_os.c b/common/bootm_os.c -index 855c471c28e6..05836e76c8e8 100644 ---- a/common/bootm_os.c -+++ b/common/bootm_os.c -@@ -511,12 +511,23 @@ __weak void board_preboot_os(void) - /* please define board specific board_preboot_os() */ - } +diff --git a/common/board_f.c b/common/board_f.c +index 149a7229e8fa..fe3e8e59d93e 100644 +--- a/common/board_f.c ++++ b/common/board_f.c +@@ -94,6 +94,7 @@ static int init_func_watchdog_init(void) + { + # if defined(CONFIG_HW_WATCHDOG) && \ + (defined(CONFIG_M68K) || defined(CONFIG_MICROBLAZE) || \ ++ defined(CONFIG_ASPEED_AST2600) || \ + defined(CONFIG_SH) || \ + defined(CONFIG_DESIGNWARE_WATCHDOG) || \ + defined(CONFIG_IMX_WATCHDOG)) +diff --git a/common/image.c b/common/image.c +index 4d4248f234fb..90687092e1ae 100644 +--- a/common/image.c ++++ b/common/image.c +@@ -528,7 +528,8 @@ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) + if (to == from) + return; + +-#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) ++#if !defined(CONFIG_ASPEED_SPI_DMA) && \ ++ (defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)) + if (to > from) { + from += len; + to += len; +diff --git a/drivers/mtd/spi/spi-nor-core.c b/drivers/mtd/spi/spi-nor-core.c +index 1793a9e1f560..2ba5e5d65f4a 100644 +--- a/drivers/mtd/spi/spi-nor-core.c ++++ b/drivers/mtd/spi/spi-nor-core.c +@@ -20,6 +20,7 @@ + #include <linux/mtd/spi-nor.h> + #include <spi-mem.h> + #include <spi.h> ++#include <watchdog.h> + + #include "sf_internal.h" -+#ifdef CONFIG_WATCHDOG -+extern void watchdog_init(void); -+extern void watchdog_disable(void); +@@ -425,6 +426,10 @@ static int spi_nor_wait_till_ready_with_timeout(struct spi_nor *nor, + unsigned long timebase; + int ret; + ++#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) ++ WATCHDOG_RESET(); +#endif + - int boot_selected_os(int argc, char * const argv[], int state, - bootm_headers_t *images, boot_os_fn *boot_fn) + timebase = get_timer(0); + + while (get_timer(timebase) < timeout) { +diff --git a/drivers/watchdog/ast_wdt.c b/drivers/watchdog/ast_wdt.c +index c2dc3cf548d2..811ead41bb95 100644 +--- a/drivers/watchdog/ast_wdt.c ++++ b/drivers/watchdog/ast_wdt.c +@@ -19,10 +19,11 @@ + #define WDT_CTRL_RESET_MODE_SHIFT 5 + #define WDT_CTRL_RESET_MODE_MASK 3 + +-#define WDT_CTRL_EN (1 << 0) +-#define WDT_CTRL_RESET (1 << 1) +-#define WDT_CTRL_CLK1MHZ (1 << 4) +-#define WDT_CTRL_2ND_BOOT (1 << 7) ++#define WDT_CTRL_EN BIT(0) ++#define WDT_CTRL_RESET BIT(1) ++#define WDT_CTRL_CLK1MHZ BIT(4) /* AST2400/2500 */ ++#define WDT_CTRL_WDT_RST_BY_SOC_RST BIT(4) /* AST2600 */ ++#define WDT_CTRL_2ND_BOOT BIT(7) + + /* Values for Reset Mode */ + #define WDT_CTRL_RESET_SOC 0 +@@ -31,32 +32,32 @@ + #define WDT_CTRL_RESET_MASK 3 + + /* Reset Mask register */ +-#define WDT_RESET_ARM (1 << 0) +-#define WDT_RESET_COPROC (1 << 1) +-#define WDT_RESET_SDRAM (1 << 2) +-#define WDT_RESET_AHB (1 << 3) +-#define WDT_RESET_I2C (1 << 4) +-#define WDT_RESET_MAC1 (1 << 5) +-#define WDT_RESET_MAC2 (1 << 6) +-#define WDT_RESET_GCRT (1 << 7) +-#define WDT_RESET_USB20 (1 << 8) +-#define WDT_RESET_USB11_HOST (1 << 9) +-#define WDT_RESET_USB11_EHCI2 (1 << 10) +-#define WDT_RESET_VIDEO (1 << 11) +-#define WDT_RESET_HAC (1 << 12) +-#define WDT_RESET_LPC (1 << 13) +-#define WDT_RESET_SDSDIO (1 << 14) +-#define WDT_RESET_MIC (1 << 15) +-#define WDT_RESET_CRT2C (1 << 16) +-#define WDT_RESET_PWM (1 << 17) +-#define WDT_RESET_PECI (1 << 18) +-#define WDT_RESET_JTAG (1 << 19) +-#define WDT_RESET_ADC (1 << 20) +-#define WDT_RESET_GPIO (1 << 21) +-#define WDT_RESET_MCTP (1 << 22) +-#define WDT_RESET_XDMA (1 << 23) +-#define WDT_RESET_SPI (1 << 24) +-#define WDT_RESET_MISC (1 << 25) ++#define WDT_RESET_ARM BIT(0) ++#define WDT_RESET_COPROC BIT(1) ++#define WDT_RESET_SDRAM BIT(2) ++#define WDT_RESET_AHB BIT(3) ++#define WDT_RESET_I2C BIT(4) ++#define WDT_RESET_MAC1 BIT(5) ++#define WDT_RESET_MAC2 BIT(6) ++#define WDT_RESET_GCRT BIT(7) ++#define WDT_RESET_USB20 BIT(8) ++#define WDT_RESET_USB11_HOST BIT(9) ++#define WDT_RESET_USB11_EHCI2 BIT(10) ++#define WDT_RESET_VIDEO BIT(11) ++#define WDT_RESET_HAC BIT(12) ++#define WDT_RESET_LPC BIT(13) ++#define WDT_RESET_SDSDIO BIT(14) ++#define WDT_RESET_MIC BIT(15) ++#define WDT_RESET_CRT2C BIT(16) ++#define WDT_RESET_PWM BIT(17) ++#define WDT_RESET_PECI BIT(18) ++#define WDT_RESET_JTAG BIT(19) ++#define WDT_RESET_ADC BIT(20) ++#define WDT_RESET_GPIO BIT(21) ++#define WDT_RESET_MCTP BIT(22) ++#define WDT_RESET_XDMA BIT(23) ++#define WDT_RESET_SPI BIT(24) ++#define WDT_RESET_MISC BIT(25) + + #define WDT_RESET_DEFAULT \ + (WDT_RESET_ARM | WDT_RESET_COPROC | WDT_RESET_I2C | \ +@@ -98,12 +99,18 @@ struct ast_wdt_priv { + static int ast_wdt_start(struct udevice *dev, u64 timeout, ulong flags) { - arch_preboot_os(); - board_preboot_os(); -+#ifdef CONFIG_WATCHDOG -+ watchdog_init(); + struct ast_wdt_priv *priv = dev_get_priv(dev); ++ ulong driver_data = dev_get_driver_data(dev); + + writel((u32) timeout, &priv->regs->counter_reload_val); + + writel(WDT_COUNTER_RESTART_VAL, &priv->regs->counter_restart); + +- writel(WDT_CTRL_EN | WDT_CTRL_RESET, &priv->regs->ctrl); ++ if (driver_data == WDT_AST2600) { ++ writel(WDT_CTRL_EN | WDT_CTRL_RESET | ++ WDT_CTRL_WDT_RST_BY_SOC_RST, &priv->regs->ctrl); ++ } else { ++ writel(WDT_CTRL_EN | WDT_CTRL_RESET, &priv->regs->ctrl); ++ } + + return 0; + } +@@ -115,12 +122,15 @@ static int ast_wdt_stop(struct udevice *dev) + + clrbits_le32(&priv->regs->ctrl, WDT_CTRL_EN); + ++#if !defined(CONFIG_TARGET_AST2600_INTEL) + if(driver_data == WDT_AST2600) { + writel(0x030f1ff1, &priv->regs->reset_mask1); + writel(0x3fffff1, &priv->regs->reset_mask2); +- } else ++ } else { + writel(WDT_RESET_DEFAULT, &priv->regs->reset_mask1); +- ++ } +#endif - boot_fn(state, argc, argv, images); -+#ifdef CONFIG_WATCHDOG -+ watchdog_disable(); ++ + return 0; + } + +@@ -168,7 +178,9 @@ static const struct wdt_ops ast_wdt_ops = { + static int ast_wdt_probe(struct udevice *dev) + { + debug("%s() wdt%u\n", __func__, dev->seq); ++#if !defined(CONFIG_TARGET_AST2600_INTEL) + ast_wdt_stop(dev); +#endif - /* Stand-alone may return when 'autostart' is 'no' */ - if (images->os.type == IH_TYPE_STANDALONE || + return 0; + } +diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h +index 255901ff0ea8..0797cd4febed 100755 +--- a/include/configs/aspeed-common.h ++++ b/include/configs/aspeed-common.h +@@ -18,6 +18,8 @@ + #define CONFIG_IPADDR 192.168.0.45 + #define CONFIG_SERVERIP 192.168.0.81 + ++#define CONFIG_HW_WATCHDOG ++ + /* Misc CPU related */ + #define CONFIG_CMDLINE_TAG + #define CONFIG_SETUP_MEMORY_TAGS -- 2.17.1 diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch index 0933d913c..8e3a17107 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0027-ast2600-Add-Mailbox-init-function.patch @@ -1,4 +1,4 @@ -From 615d57c7c2a86df3ba19e0c1a201aa0d8042e38d Mon Sep 17 00:00:00 2001 +From b41a5d9eb94bcaf40bc960d82f13cf41cb83c34e Mon Sep 17 00:00:00 2001 From: Kuiying Wang <kuiying.wang@intel.com> Date: Thu, 25 Feb 2021 14:45:12 +0800 Subject: [PATCH] ast2600: Add Mailbox init function. @@ -31,18 +31,14 @@ Signed-off-by: Vernon Mauery <vernon.mauery@intel.com> Signed-off-by: Kuiying Wang <kuiying.wang@intel.com> Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> --- - board/aspeed/ast2600_intel/intel.c | 26 ++++++++++++++++++++++++-- - 1 file changed, 24 insertions(+), 2 deletions(-) + board/aspeed/ast2600_intel/intel.c | 56 ++++++++++++++++++++++++++++-- + 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c -index 4a5ff0bdac..fbc3215138 100644 +index 17f9d6c8fbf6..c8b3cef70dd7 100644 --- a/board/aspeed/ast2600_intel/intel.c +++ b/board/aspeed/ast2600_intel/intel.c -@@ -7,9 +7,13 @@ - #include <asm/io.h> - #include <malloc.h> - -+#define SYS_PWR_RESET_FLAG BIT(0) /* from scu_info.c */ +@@ -13,6 +13,9 @@ #define WATCHDOG_RESET_BIT BIT(20) #define BOOT_FAILURE_LIMIT 3 @@ -52,7 +48,7 @@ index 4a5ff0bdac..fbc3215138 100644 static int get_boot_failures(void) { return env_get_ulong("bootfailures", 10, 0); -@@ -329,6 +333,55 @@ static void timer_callback(void *cookie) +@@ -374,6 +377,55 @@ static void timer_callback(void *cookie) } } @@ -108,16 +104,16 @@ index 4a5ff0bdac..fbc3215138 100644 int board_early_init_f(void) { /* This is called before relocation; beware! */ -@@ -350,6 +405,8 @@ int board_early_init_r(void) - { +@@ -396,6 +448,8 @@ int board_early_init_r(void) + debug("board_early_init_r\n"); + mailbox_init(); + enable_onboard_tpm(); - bmc_running_indicator(true); -@@ -447,8 +504,6 @@ extern void timer_enable(int n, u32 interval_us, interrupt_handler_t *handler, + led_default_state(); +@@ -510,8 +564,6 @@ extern void timer_enable(int n, u32 interval_us, interrupt_handler_t *handler, void *cookie); int board_late_init(void) { diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0029-Set-UART-routing-in-lowlevel_init.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0029-Set-UART-routing-in-lowlevel_init.patch new file mode 100644 index 000000000..4d8d97d10 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0029-Set-UART-routing-in-lowlevel_init.patch @@ -0,0 +1,43 @@ +From b6f6c6fe9b92e3b1bbed12e27a65e822a44da528 Mon Sep 17 00:00:00 2001 +From: Jae Hyun Yoo <jae.hyun.yoo@intel.com> +Date: Mon, 26 Apr 2021 13:20:21 -0700 +Subject: [PATCH] Set UART routing in lowlevel_init + +This commit sets the UART routing back to default in lowlevel_init +to prevent any data dropping from the physical host serial until +SOL service is activated. + +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com> +--- + arch/arm/mach-aspeed/ast2600/platform.S | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/arch/arm/mach-aspeed/ast2600/platform.S b/arch/arm/mach-aspeed/ast2600/platform.S +index 0d038920b150..dce15c83a093 100644 +--- a/arch/arm/mach-aspeed/ast2600/platform.S ++++ b/arch/arm/mach-aspeed/ast2600/platform.S +@@ -79,6 +79,9 @@ + #define AST_GPIO_BASE (0x1E780000) + #define AST_GPIOYZ_DATA_VALUE (AST_GPIO_BASE + 0x1E0) + ++#define AST_LPC_BASE 0x1E789000 ++#define AST_LPC_HICRA (AST_LPC_BASE + 0x09C) ++ + /* Revision ID */ + #define REV_ID_AST2600A0 0x05000303 + #define REV_ID_AST2600A1 0x05010303 +@@ -409,6 +412,11 @@ skip_fill_wip_bit: + orr r1, #0x0A + str r1, [r0] + ++ /* set UART routing back to default */ ++ ldr r0, =AST_LPC_HICRA ++ ldr r1, =0x0 ++ str r1, [r0] ++ + /* relocate mailbox insn. for cpuN polling SMP go signal */ + adrl r0, mailbox_insn + adrl r1, mailbox_insn_end +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch new file mode 100644 index 000000000..d35ee0ac1 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch @@ -0,0 +1,62 @@ +From febbc583319b567fe3d83e521cc2ace9be8d1501 Mon Sep 17 00:00:00 2001 +From: Benjamin Lim <jarsp.ctf@gmail.com> +Date: Fri, 29 Mar 2019 07:29:45 -0400 +Subject: [PATCH] Fix ext4 block group descriptor sizing + +Ext4 allows for arbitrarily sized block group descriptors when 64-bit +addressing is enabled, which was previously not properly supported. This +patch dynamically allocates a chunk of memory of the correct size. + +Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com> +--- + fs/ext4/ext4_common.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c +index feffbfa9a9eb..464c33d0d74c 100644 +--- a/fs/ext4/ext4_common.c ++++ b/fs/ext4/ext4_common.c +@@ -1587,7 +1587,7 @@ static int ext4fs_blockgroup + + int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode) + { +- struct ext2_block_group blkgrp; ++ struct ext2_block_group *blkgrp; + struct ext2_sblock *sblock = &data->sblock; + struct ext_filesystem *fs = get_fs(); + int log2blksz = get_fs()->dev_desc->log2blksz; +@@ -1595,17 +1595,28 @@ int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode) + long int blkno; + unsigned int blkoff; + ++ /* Allocate blkgrp based on gdsize (for 64-bit support). */ ++ blkgrp = zalloc(get_fs()->gdsize); ++ if (!blkgrp) ++ return 0; ++ + /* It is easier to calculate if the first inode is 0. */ + ino--; + status = ext4fs_blockgroup(data, ino / le32_to_cpu +- (sblock->inodes_per_group), &blkgrp); +- if (status == 0) ++ (sblock->inodes_per_group), blkgrp); ++ if (status == 0) { ++ free(blkgrp); + return 0; ++ } + + inodes_per_block = EXT2_BLOCK_SIZE(data) / fs->inodesz; +- blkno = ext4fs_bg_get_inode_table_id(&blkgrp, fs) + ++ blkno = ext4fs_bg_get_inode_table_id(blkgrp, fs) + + (ino % le32_to_cpu(sblock->inodes_per_group)) / inodes_per_block; + blkoff = (ino % inodes_per_block) * fs->inodesz; ++ ++ /* Free blkgrp as it is no longer required. */ ++ free(blkgrp); ++ + /* Read the inode. */ + status = ext4fs_devread((lbaint_t)blkno << (LOG2_BLOCK_SIZE(data) - + log2blksz), blkoff, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11690/0001-lib-uuid-Fix-unseeded-PRNG-on-RANDOM_UUID-y.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11690/0001-lib-uuid-Fix-unseeded-PRNG-on-RANDOM_UUID-y.patch new file mode 100644 index 000000000..c793df2f4 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11690/0001-lib-uuid-Fix-unseeded-PRNG-on-RANDOM_UUID-y.patch @@ -0,0 +1,95 @@ +From 4ccf678f37731d8ec09eae8dca5f4cbe84132a52 Mon Sep 17 00:00:00 2001 +From: Eugeniu Rosca <erosca@de.adit-jv.com> +Date: Thu, 2 May 2019 14:27:06 +0200 +Subject: [PATCH] lib: uuid: Fix unseeded PRNG on RANDOM_UUID=y + +The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our +platform are always the same. Below is consistent on each cold boot: + + => ### interrupt autoboot + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7 + +While the uuids do change on every 'gpt write' command, the values +appear to be taken from the same pool, in the same order. + +Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of +devices, all those devices would essentially expose the same UUID, +breaking the assumption of system/RFS/application designers who rely +on UUID as being globally unique (e.g. a database using UUID as key +would alias/mix up entries/records due to duplicated UUID). + +The root cause seems to be simply _not_ seeding PRNG before generating +a random value. It turns out this belongs to an established class of +PRNG-specific problems, commonly known as "unseeded randomness", for +which I am able to find below bugs/CVE/CWE: + - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285 + ("CVE-2015-0285 openssl: handshake with unseeded PRNG") + - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019 + ("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded + randomness") + - https://cwe.mitre.org/data/definitions/336.html + ("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)") + +The first revision [1] of this patch updated the seed based on the +output of get_timer(), similar to [4]. + +There are two problems with this approach: + - get_timer() has a poor _ms_ resolution + - when gen_rand_uuid() is called in a loop, get_timer() returns the + same result, leading to the same seed being passed to srand(), + leading to the same uuid being generated for several partitions + with different names + +The above drawbacks have been addressed in the second version [2]. +In its third revision (current), the patch reworded the description +and summary line to emphasize it is a *fix* rather than an improvement. + +Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a +loop on R-Car3 for several minutes, collecting 8844 randomly generated +UUIDS. Two consecutive cold boots are concatenated in the log. +As a result, all uuid values are unique (scripted check). + +Thanks to Roman, who reported the issue and provided support in fixing. + +[1] https://patchwork.ozlabs.org/patch/1091802/ +[2] https://patchwork.ozlabs.org/patch/1092945/ +[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca +[4] commit da384a9d7628 ("net: rename and refactor eth_rand_ethaddr() function") + +Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com> +Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> +Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> +--- + lib/uuid.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/uuid.c b/lib/uuid.c +index fa20ee39fc32..2d4d6ef7e461 100644 +--- a/lib/uuid.c ++++ b/lib/uuid.c +@@ -238,6 +238,8 @@ void gen_rand_uuid(unsigned char *uuid_bin) + unsigned int *ptr = (unsigned int *)&uuid; + int i; + ++ srand(get_ticks() + rand()); ++ + /* Set all fields randomly */ + for (i = 0; i < sizeof(struct uuid) / sizeof(*ptr); i++) + *(ptr + i) = cpu_to_be32(rand()); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch new file mode 100644 index 000000000..fbb9098fe --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13104/0001-CVE-2019-13104-ext4-check-for-underflow-in-ext4fs_re.patch @@ -0,0 +1,41 @@ +From 878269dbe74229005dd7f27aca66c554e31dad8e Mon Sep 17 00:00:00 2001 +From: Paul Emge <paulemge@forallsecure.com> +Date: Mon, 8 Jul 2019 16:37:05 -0700 +Subject: [PATCH] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file + +in ext4fs_read_file, it is possible for a broken/malicious file +system to cause a memcpy of a negative number of bytes, which +overflows all memory. This patch fixes the issue by checking for +a negative length. + +Signed-off-by: Paul Emge <paulemge@forallsecure.com> +--- + fs/ext4/ext4fs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c +index 85dc122f3003..e2b740cac405 100644 +--- a/fs/ext4/ext4fs.c ++++ b/fs/ext4/ext4fs.c +@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + + ext_cache_init(&cache); + +- if (blocksize <= 0) +- return -1; +- + /* Adjust len so it we can't read past the end of the file. */ + if (len + pos > filesize) + len = (filesize - pos); + ++ if (blocksize <= 0 || len <= 0) { ++ ext_cache_fini(&cache); ++ return -1; ++ } ++ + blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize); + + for (i = lldiv(pos, blocksize); i < blockcnt; i++) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0001-fs-ext4-cache-extent-data.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0001-fs-ext4-cache-extent-data.patch new file mode 100644 index 000000000..4daf1649e --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0001-fs-ext4-cache-extent-data.patch @@ -0,0 +1,409 @@ +From c7422737dc7c2ecd7c2118540fbc0dad48affaf5 Mon Sep 17 00:00:00 2001 +From: Stephen Warren <swarren@nvidia.com> +Date: Wed, 30 Jan 2019 12:58:05 -0700 +Subject: [PATCH] fs: ext4: cache extent data + +When a file contains extents, U-Boot currently reads extent-related data +for each block in the file, even if that data is located in the same +block each time. This significantly slows down loading of files that use +extents. Implement a very dumb cache to prevent repeatedly reading the +same block. Files with extents now load as fast as files without. + +Note: There are many cases where read_allocated_block() is called. This +patch only addresses one of those places; all others still read redundant +data in any case they did before. This is a minimal patch to fix the +load command; other cases aren't fixed. + +Signed-off-by: Stephen Warren <swarren@nvidia.com> +--- + fs/ext4/ext4_common.c | 45 ++++++++++++++++++++++--------------- + fs/ext4/ext4_journal.c | 22 +++++++++--------- + fs/ext4/ext4_write.c | 6 ++--- + fs/ext4/ext4fs.c | 51 +++++++++++++++++++++++++++++++++++++----- + include/ext4fs.h | 12 +++++++++- + 5 files changed, 99 insertions(+), 37 deletions(-) + +diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c +index 67e2471bd388..29308e3b4474 100644 +--- a/fs/ext4/ext4_common.c ++++ b/fs/ext4/ext4_common.c +@@ -510,7 +510,8 @@ restart: + + restart_read: + /* read the block no allocated to a file */ +- first_block_no_of_root = read_allocated_block(g_parent_inode, blk_idx); ++ first_block_no_of_root = read_allocated_block(g_parent_inode, blk_idx, ++ NULL); + if (first_block_no_of_root <= 0) + goto fail; + +@@ -646,7 +647,7 @@ static int search_dir(struct ext2_inode *parent_inode, char *dirname) + + /* get the block no allocated to a file */ + for (blk_idx = 0; blk_idx < directory_blocks; blk_idx++) { +- blknr = read_allocated_block(parent_inode, blk_idx); ++ blknr = read_allocated_block(parent_inode, blk_idx, NULL); + if (blknr <= 0) + goto fail; + +@@ -943,7 +944,7 @@ int ext4fs_filename_unlink(char *filename) + + /* read the block no allocated to a file */ + for (blk_idx = 0; blk_idx < directory_blocks; blk_idx++) { +- blknr = read_allocated_block(g_parent_inode, blk_idx); ++ blknr = read_allocated_block(g_parent_inode, blk_idx, NULL); + if (blknr <= 0) + break; + inodeno = unlink_filename(filename, blknr); +@@ -1522,7 +1523,7 @@ void ext4fs_allocate_blocks(struct ext2_inode *file_inode, + #endif + + static struct ext4_extent_header *ext4fs_get_extent_block +- (struct ext2_data *data, char *buf, ++ (struct ext2_data *data, struct ext_block_cache *cache, + struct ext4_extent_header *ext_block, + uint32_t fileblock, int log2_blksz) + { +@@ -1551,12 +1552,10 @@ static struct ext4_extent_header *ext4fs_get_extent_block + + block = le16_to_cpu(index[i].ei_leaf_hi); + block = (block << 32) + le32_to_cpu(index[i].ei_leaf_lo); +- +- if (ext4fs_devread((lbaint_t)block << log2_blksz, 0, blksz, +- buf)) +- ext_block = (struct ext4_extent_header *)buf; +- else ++ block <<= log2_blksz; ++ if (!ext_cache_read(cache, (lbaint_t)block, blksz)) + return NULL; ++ ext_block = (struct ext4_extent_header *)cache->buf; + } + } + +@@ -1613,7 +1612,8 @@ int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode) + return 1; + } + +-long int read_allocated_block(struct ext2_inode *inode, int fileblock) ++long int read_allocated_block(struct ext2_inode *inode, int fileblock, ++ struct ext_block_cache *cache) + { + long int blknr; + int blksz; +@@ -1630,20 +1630,26 @@ long int read_allocated_block(struct ext2_inode *inode, int fileblock) + + if (le32_to_cpu(inode->flags) & EXT4_EXTENTS_FL) { + long int startblock, endblock; +- char *buf = zalloc(blksz); +- if (!buf) +- return -ENOMEM; ++ struct ext_block_cache *c, cd; + struct ext4_extent_header *ext_block; + struct ext4_extent *extent; + int i; ++ ++ if (cache) { ++ c = cache; ++ } else { ++ c = &cd; ++ ext_cache_init(c); ++ } + ext_block = +- ext4fs_get_extent_block(ext4fs_root, buf, ++ ext4fs_get_extent_block(ext4fs_root, c, + (struct ext4_extent_header *) + inode->b.blocks.dir_blocks, + fileblock, log2_blksz); + if (!ext_block) { + printf("invalid extent block\n"); +- free(buf); ++ if (!cache) ++ ext_cache_fini(c); + return -EINVAL; + } + +@@ -1655,19 +1661,22 @@ long int read_allocated_block(struct ext2_inode *inode, int fileblock) + + if (startblock > fileblock) { + /* Sparse file */ +- free(buf); ++ if (!cache) ++ ext_cache_fini(c); + return 0; + + } else if (fileblock < endblock) { + start = le16_to_cpu(extent[i].ee_start_hi); + start = (start << 32) + + le32_to_cpu(extent[i].ee_start_lo); +- free(buf); ++ if (!cache) ++ ext_cache_fini(c); + return (fileblock - startblock) + start; + } + } + +- free(buf); ++ if (!cache) ++ ext_cache_fini(c); + return 0; + } + +diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c +index 148593da7fef..6adbab93a68f 100644 +--- a/fs/ext4/ext4_journal.c ++++ b/fs/ext4/ext4_journal.c +@@ -347,7 +347,7 @@ void recover_transaction(int prev_desc_logical_no) + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, + (struct ext2_inode *)&inode_journal); + blknr = read_allocated_block((struct ext2_inode *) +- &inode_journal, i); ++ &inode_journal, i, NULL); + ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, fs->blksz, + temp_buff); + p_jdb = (char *)temp_buff; +@@ -372,7 +372,7 @@ void recover_transaction(int prev_desc_logical_no) + be32_to_cpu(jdb->h_sequence)) == 0) + continue; + } +- blknr = read_allocated_block(&inode_journal, i); ++ blknr = read_allocated_block(&inode_journal, i, NULL); + ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, + fs->blksz, metadata_buff); + put_ext4((uint64_t)((uint64_t)be32_to_cpu(tag->block) * (uint64_t)fs->blksz), +@@ -419,7 +419,8 @@ int ext4fs_check_journal_state(int recovery_flag) + } + + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, &inode_journal); +- blknr = read_allocated_block(&inode_journal, EXT2_JOURNAL_SUPERBLOCK); ++ blknr = read_allocated_block(&inode_journal, EXT2_JOURNAL_SUPERBLOCK, ++ NULL); + ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, fs->blksz, + temp_buff); + jsb = (struct journal_superblock_t *) temp_buff; +@@ -443,7 +444,7 @@ int ext4fs_check_journal_state(int recovery_flag) + + i = be32_to_cpu(jsb->s_first); + while (1) { +- blknr = read_allocated_block(&inode_journal, i); ++ blknr = read_allocated_block(&inode_journal, i, NULL); + memset(temp_buff1, '\0', fs->blksz); + ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, + 0, fs->blksz, temp_buff1); +@@ -537,7 +538,7 @@ end: + ext4_read_superblock((char *)fs->sb); + + blknr = read_allocated_block(&inode_journal, +- EXT2_JOURNAL_SUPERBLOCK); ++ EXT2_JOURNAL_SUPERBLOCK, NULL); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), + (struct journal_superblock_t *)temp_buff, + (uint32_t) fs->blksz); +@@ -566,7 +567,7 @@ static void update_descriptor_block(long int blknr) + + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, &inode_journal); + jsb_blknr = read_allocated_block(&inode_journal, +- EXT2_JOURNAL_SUPERBLOCK); ++ EXT2_JOURNAL_SUPERBLOCK, NULL); + ext4fs_devread((lbaint_t)jsb_blknr * fs->sect_perblk, 0, fs->blksz, + temp_buff); + jsb = (struct journal_superblock_t *) temp_buff; +@@ -618,7 +619,7 @@ static void update_commit_block(long int blknr) + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, + &inode_journal); + jsb_blknr = read_allocated_block(&inode_journal, +- EXT2_JOURNAL_SUPERBLOCK); ++ EXT2_JOURNAL_SUPERBLOCK, NULL); + ext4fs_devread((lbaint_t)jsb_blknr * fs->sect_perblk, 0, fs->blksz, + temp_buff); + jsb = (struct journal_superblock_t *) temp_buff; +@@ -645,16 +646,17 @@ void ext4fs_update_journal(void) + long int blknr; + int i; + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, &inode_journal); +- blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++); ++ blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++, NULL); + update_descriptor_block(blknr); + for (i = 0; i < MAX_JOURNAL_ENTRIES; i++) { + if (journal_ptr[i]->blknr == -1) + break; +- blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++); ++ blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++, ++ NULL); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), + journal_ptr[i]->buf, fs->blksz); + } +- blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++); ++ blknr = read_allocated_block(&inode_journal, jrnl_blk_idx++, NULL); + update_commit_block(blknr); + printf("update journal finished\n"); + } +diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c +index 4eb77c327ef3..95ffa3dfad51 100644 +--- a/fs/ext4/ext4_write.c ++++ b/fs/ext4/ext4_write.c +@@ -479,7 +479,7 @@ static int ext4fs_delete_file(int inodeno) + + /* release data blocks */ + for (i = 0; i < no_blocks; i++) { +- blknr = read_allocated_block(&inode, i); ++ blknr = read_allocated_block(&inode, i, NULL); + if (blknr == 0) + continue; + if (blknr < 0) +@@ -695,7 +695,7 @@ void ext4fs_deinit(void) + ext4fs_read_inode(ext4fs_root, EXT2_JOURNAL_INO, + &inode_journal); + blknr = read_allocated_block(&inode_journal, +- EXT2_JOURNAL_SUPERBLOCK); ++ EXT2_JOURNAL_SUPERBLOCK, NULL); + ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, fs->blksz, + temp_buff); + jsb = (struct journal_superblock_t *)temp_buff; +@@ -776,7 +776,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, + long int blknr; + int blockend = fs->blksz; + int skipfirst = 0; +- blknr = read_allocated_block(file_inode, i); ++ blknr = read_allocated_block(file_inode, i, NULL); + if (blknr <= 0) + return -1; + +diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c +index 2a28031d14ca..26db677a1f17 100644 +--- a/fs/ext4/ext4fs.c ++++ b/fs/ext4/ext4fs.c +@@ -62,6 +62,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + lbaint_t delayed_next = 0; + char *delayed_buf = NULL; + short status; ++ struct ext_block_cache cache; ++ ++ ext_cache_init(&cache); + + if (blocksize <= 0) + return -1; +@@ -77,9 +80,11 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + int blockoff = pos - (blocksize * i); + int blockend = blocksize; + int skipfirst = 0; +- blknr = read_allocated_block(&(node->inode), i); +- if (blknr < 0) ++ blknr = read_allocated_block(&node->inode, i, &cache); ++ if (blknr < 0) { ++ ext_cache_fini(&cache); + return -1; ++ } + + blknr = blknr << log2_fs_blocksize; + +@@ -109,8 +114,10 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + delayed_skipfirst, + delayed_extent, + delayed_buf); +- if (status == 0) ++ if (status == 0) { ++ ext_cache_fini(&cache); + return -1; ++ } + previous_block_number = blknr; + delayed_start = blknr; + delayed_extent = blockend; +@@ -136,8 +143,10 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + delayed_skipfirst, + delayed_extent, + delayed_buf); +- if (status == 0) ++ if (status == 0) { ++ ext_cache_fini(&cache); + return -1; ++ } + previous_block_number = -1; + } + /* Zero no more than `len' bytes. */ +@@ -153,12 +162,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + status = ext4fs_devread(delayed_start, + delayed_skipfirst, delayed_extent, + delayed_buf); +- if (status == 0) ++ if (status == 0) { ++ ext_cache_fini(&cache); + return -1; ++ } + previous_block_number = -1; + } + + *actread = len; ++ ext_cache_fini(&cache); + return 0; + } + +@@ -252,3 +264,32 @@ int ext4fs_uuid(char *uuid_str) + return -ENOSYS; + #endif + } ++ ++void ext_cache_init(struct ext_block_cache *cache) ++{ ++ memset(cache, 0, sizeof(*cache)); ++} ++ ++void ext_cache_fini(struct ext_block_cache *cache) ++{ ++ free(cache->buf); ++ ext_cache_init(cache); ++} ++ ++int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) ++{ ++ /* This could be more lenient, but this is simple and enough for now */ ++ if (cache->buf && cache->block == block && cache->size == size) ++ return 1; ++ ext_cache_fini(cache); ++ cache->buf = malloc(size); ++ if (!cache->buf) ++ return 0; ++ if (!ext4fs_devread(block, 0, size, cache->buf)) { ++ free(cache->buf); ++ return 0; ++ } ++ cache->block = block; ++ cache->size = size; ++ return 1; ++} +diff --git a/include/ext4fs.h b/include/ext4fs.h +index 24210113411a..4b5de6e7b636 100644 +--- a/include/ext4fs.h ++++ b/include/ext4fs.h +@@ -117,6 +117,12 @@ struct ext_filesystem { + struct blk_desc *dev_desc; + }; + ++struct ext_block_cache { ++ char *buf; ++ lbaint_t block; ++ int size; ++}; ++ + extern struct ext2_data *ext4fs_root; + extern struct ext2fs_node *ext4fs_file; + +@@ -146,11 +152,15 @@ int ext4fs_size(const char *filename, loff_t *size); + void ext4fs_free_node(struct ext2fs_node *node, struct ext2fs_node *currroot); + int ext4fs_devread(lbaint_t sector, int byte_offset, int byte_len, char *buf); + void ext4fs_set_blk_dev(struct blk_desc *rbdd, disk_partition_t *info); +-long int read_allocated_block(struct ext2_inode *inode, int fileblock); ++long int read_allocated_block(struct ext2_inode *inode, int fileblock, ++ struct ext_block_cache *cache); + int ext4fs_probe(struct blk_desc *fs_dev_desc, + disk_partition_t *fs_partition); + int ext4_read_file(const char *filename, void *buf, loff_t offset, loff_t len, + loff_t *actread); + int ext4_read_superblock(char *buffer); + int ext4fs_uuid(char *uuid_str); ++void ext_cache_init(struct ext_block_cache *cache); ++void ext_cache_fini(struct ext_block_cache *cache); ++int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size); + #endif +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0002-CVE-2019-13105-ext4-fix-double-free-in-ext4_cache_re.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0002-CVE-2019-13105-ext4-fix-double-free-in-ext4_cache_re.patch new file mode 100644 index 000000000..f7ccb41f4 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13105/0002-CVE-2019-13105-ext4-fix-double-free-in-ext4_cache_re.patch @@ -0,0 +1,30 @@ +From 6e5a79de658cb1c8012c86e0837379aa6eabd024 Mon Sep 17 00:00:00 2001 +From: Paul Emge <paulemge@forallsecure.com> +Date: Mon, 8 Jul 2019 16:37:04 -0700 +Subject: [PATCH] CVE-2019-13105: ext4: fix double-free in ext4_cache_read + +ext_cache_read doesn't null cache->buf, after freeing, which results +in a later function double-freeing it. This patch fixes +ext_cache_read to call ext_cache_fini instead of free. + +Signed-off-by: Paul Emge <paulemge@forallsecure.com> +--- + fs/ext4/ext4fs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c +index 26db677a1f17..85dc122f3003 100644 +--- a/fs/ext4/ext4fs.c ++++ b/fs/ext4/ext4fs.c +@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) + if (!cache->buf) + return 0; + if (!ext4fs_devread(block, 0, size, cache->buf)) { +- free(cache->buf); ++ ext_cache_fini(cache); + return 0; + } + cache->block = block; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13106/0001-CVE-2019-13106-ext4-fix-out-of-bounds-memset.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13106/0001-CVE-2019-13106-ext4-fix-out-of-bounds-memset.patch new file mode 100644 index 000000000..9bd0b27a8 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-13106/0001-CVE-2019-13106-ext4-fix-out-of-bounds-memset.patch @@ -0,0 +1,49 @@ +From e205896c5383c938274262524adceb2775fb03ba Mon Sep 17 00:00:00 2001 +From: Paul Emge <paulemge@forallsecure.com> +Date: Mon, 8 Jul 2019 16:37:07 -0700 +Subject: [PATCH] CVE-2019-13106: ext4: fix out-of-bounds memset + +In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of +the destination memory region. This patch adds a check to disallow +this. + +Signed-off-by: Paul Emge <paulemge@forallsecure.com> +--- + fs/ext4/ext4fs.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c +index e2b740cac405..37b31d9f0fcc 100644 +--- a/fs/ext4/ext4fs.c ++++ b/fs/ext4/ext4fs.c +@@ -61,6 +61,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + lbaint_t delayed_skipfirst = 0; + lbaint_t delayed_next = 0; + char *delayed_buf = NULL; ++ char *start_buf = buf; + short status; + struct ext_block_cache cache; + +@@ -139,6 +140,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + } + } else { + int n; ++ int n_left; + if (previous_block_number != -1) { + /* spill */ + status = ext4fs_devread(delayed_start, +@@ -153,8 +155,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, + } + /* Zero no more than `len' bytes. */ + n = blocksize - skipfirst; +- if (n > len) +- n = len; ++ n_left = len - ( buf - start_buf ); ++ if (n > n_left) ++ n = n_left; + memset(buf, 0, n); + } + buf += blocksize - skipfirst; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch new file mode 100644 index 000000000..97814024f --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch @@ -0,0 +1,397 @@ +From d676a491fb465f11271c47185f1eb3e479c5c738 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:09 -0700 +Subject: [PATCH] image: Adjust the workings of fit_check_format() + +At present this function does not accept a size for the FIT. This means +that it must be read from the FIT itself, introducing potential security +risk. Update the function to include a size parameter, which can be +invalid, in which case fit_check_format() calculates it. + +For now no callers pass the size, but this can be updated later. + +Also adjust the return value to an error code so that all the different +types of problems can be distinguished by the user. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> +--- + arch/arm/cpu/armv8/sec_firmware.c | 2 +- + cmd/bootm.c | 6 ++-- + cmd/disk.c | 2 +- + cmd/fdc.c | 2 +- + cmd/fpga.c | 2 +- + cmd/nand.c | 2 +- + cmd/source.c | 2 +- + cmd/ximg.c | 2 +- + common/image-fdt.c | 2 +- + common/image-fit.c | 45 +++++++++++++----------------- + common/splash_source.c | 4 +-- + common/update.c | 2 +- + drivers/net/fsl-mc/mc.c | 2 +- + drivers/net/pfe_eth/pfe_firmware.c | 2 +- + include/image.h | 21 +++++++++++++- + tools/fit_common.c | 3 +- + tools/fit_image.c | 2 +- + tools/mkimage.h | 2 ++ + 18 files changed, 61 insertions(+), 44 deletions(-) + +diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c +index 8dc0ac92668f..3c5249541222 100644 +--- a/arch/arm/cpu/armv8/sec_firmware.c ++++ b/arch/arm/cpu/armv8/sec_firmware.c +@@ -310,7 +310,7 @@ __weak bool sec_firmware_is_valid(const void *sec_firmware_img) + return false; + } + +- if (!fit_check_format(sec_firmware_img)) { ++ if (fit_check_format(sec_firmware_img, IMAGE_SIZE_INVAL)) { + printf("SEC Firmware: Bad firmware image (bad FIT header)\n"); + return false; + } +diff --git a/cmd/bootm.c b/cmd/bootm.c +index c3a063474ac6..1d6ec0d4cacc 100644 +--- a/cmd/bootm.c ++++ b/cmd/bootm.c +@@ -282,7 +282,7 @@ static int image_info(ulong addr) + case IMAGE_FORMAT_FIT: + puts(" FIT image found\n"); + +- if (!fit_check_format(hdr)) { ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format!\n"); + return 1; + } +@@ -355,7 +355,7 @@ static int do_imls_nor(void) + #endif + #if defined(CONFIG_FIT) + case IMAGE_FORMAT_FIT: +- if (!fit_check_format(hdr)) ++ if (fit_check_format(hdr), IMAGE_SIZE_INVAL) + goto next_sector; + + printf("FIT Image at %08lX:\n", (ulong)hdr); +@@ -435,7 +435,7 @@ static int nand_imls_fitimage(struct mtd_info *mtd, int nand_dev, loff_t off, + return ret; + } + +- if (!fit_check_format(imgdata)) { ++ if (fit_check_format(imgdata), IMAGE_SIZE_INVAL) { + free(imgdata); + return 0; + } +diff --git a/cmd/disk.c b/cmd/disk.c +index dcc36a6c2cb7..294fc111023a 100644 +--- a/cmd/disk.c ++++ b/cmd/disk.c +@@ -110,7 +110,7 @@ int common_diskboot(cmd_tbl_t *cmdtp, const char *intf, int argc, + /* This cannot be done earlier, + * we need complete FIT image in RAM first */ + if (genimg_get_format((void *) addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_IDE_FIT_READ); + puts("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/fdc.c b/cmd/fdc.c +index 906845d4049b..37e557a1e7d7 100644 +--- a/cmd/fdc.c ++++ b/cmd/fdc.c +@@ -730,7 +730,7 @@ int do_fdcboot (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) + #if defined(CONFIG_FIT) + /* This cannot be done earlier, we need complete FIT image in RAM first */ + if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts ("** Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/fpga.c b/cmd/fpga.c +index 88a8e3f3186b..9093026ff6ce 100644 +--- a/cmd/fpga.c ++++ b/cmd/fpga.c +@@ -325,7 +325,7 @@ static int do_fpga_loadmk(cmd_tbl_t *cmdtp, int flag, int argc, + return CMD_RET_FAILURE; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return CMD_RET_FAILURE; + } +diff --git a/cmd/nand.c b/cmd/nand.c +index a22945d144b3..536a11be9605 100644 +--- a/cmd/nand.c ++++ b/cmd/nand.c +@@ -911,7 +911,7 @@ static int nand_load_image(cmd_tbl_t *cmdtp, struct mtd_info *mtd, + #if defined(CONFIG_FIT) + /* This cannot be done earlier, we need complete FIT image in RAM first */ + if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_NAND_FIT_READ); + puts ("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/source.c b/cmd/source.c +index 6d98a1cfd32b..897b97057d85 100644 +--- a/cmd/source.c ++++ b/cmd/source.c +@@ -106,7 +106,7 @@ source (ulong addr, const char *fit_uname) + #if defined(CONFIG_FIT) + case IMAGE_FORMAT_FIT: + fit_hdr = buf; +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts ("Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/ximg.c b/cmd/ximg.c +index 8572a67a0063..51af741c827b 100644 +--- a/cmd/ximg.c ++++ b/cmd/ximg.c +@@ -131,7 +131,7 @@ do_imgextract(cmd_tbl_t * cmdtp, int flag, int argc, char * const argv[]) + "at %08lx ...\n", uname, addr); + + fit_hdr = (const void *)addr; +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return 1; + } +diff --git a/common/image-fdt.c b/common/image-fdt.c +index 52ada56fc17b..3aa6c427362c 100644 +--- a/common/image-fdt.c ++++ b/common/image-fdt.c +@@ -394,7 +394,7 @@ int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch, + */ + #if CONFIG_IS_ENABLED(FIT) + /* check FDT blob vs FIT blob */ +- if (fit_check_format(buf)) { ++ if (!fit_check_format(buf, IMAGE_SIZE_INVAL)) { + ulong load, len; + + fdt_noffset = boot_get_fdt_fit(images, +diff --git a/common/image-fit.c b/common/image-fit.c +index 6894384b47b9..124d8895cffd 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -8,6 +8,8 @@ + * Wolfgang Denk, DENX Software Engineering, wd@denx.de. + */ + ++#define LOG_CATEGORY LOGC_BOOT ++ + #ifdef USE_HOSTCC + #include "mkimage.h" + #include <time.h> +@@ -1460,46 +1462,39 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + +-/** +- * fit_check_format - sanity check FIT image format +- * @fit: pointer to the FIT format image header +- * +- * fit_check_format() runs a basic sanity FIT image verification. +- * Routine checks for mandatory properties, nodes, etc. +- * +- * returns: +- * 1, on success +- * 0, on failure +- */ +-int fit_check_format(const void *fit) ++int fit_check_format(const void *fit, ulong size) + { ++ int ret; ++ + /* A FIT image must be a valid FDT */ +- if (fdt_check_header(fit)) { +- debug("Wrong FIT format: not a flattened device tree\n"); +- return 0; ++ ret = fdt_check_header(fit); ++ if (ret) { ++ log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n", ++ ret); ++ return -ENOEXEC; + } + + /* mandatory / node 'description' property */ +- if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no description\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { ++ log_debug("Wrong FIT format: no description\n"); ++ return -ENOMSG; + } + + if (IMAGE_ENABLE_TIMESTAMP) { + /* mandatory / node 'timestamp' property */ +- if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no timestamp\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) { ++ log_debug("Wrong FIT format: no timestamp\n"); ++ return -ENODATA; + } + } + + /* mandatory subimages parent '/images' node */ + if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { +- debug("Wrong FIT format: no images parent node\n"); +- return 0; ++ log_debug("Wrong FIT format: no images parent node\n"); ++ return -ENOENT; + } + +- return 1; ++ return 0; + } + + +@@ -1813,7 +1808,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT %s image format!\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); + return -ENOEXEC; +diff --git a/common/splash_source.c b/common/splash_source.c +index 62763b9ebd56..d43dd0b2cd98 100644 +--- a/common/splash_source.c ++++ b/common/splash_source.c +@@ -329,8 +329,8 @@ static int splash_load_fit(struct splash_location *location, u32 bmp_load_addr) + if (res < 0) + return res; + +- res = fit_check_format(fit_header); +- if (!res) { ++ res = fit_check_format(fit_header, IMAGE_SIZE_INVAL); ++ if (res) { + debug("Could not find valid FIT image\n"); + return -EINVAL; + } +diff --git a/common/update.c b/common/update.c +index f237ea53bb2a..42950edbbf22 100644 +--- a/common/update.c ++++ b/common/update.c +@@ -280,7 +280,7 @@ int update_tftp(ulong addr, char *interface, char *devstring) + got_update_file: + fit = (void *)addr; + +- if (!fit_check_format((void *)fit)) { ++ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT format of the update file, aborting " + "auto-update\n"); + return 1; +diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c +index cc59b21f9f48..c4f35e7325b2 100644 +--- a/drivers/net/fsl-mc/mc.c ++++ b/drivers/net/fsl-mc/mc.c +@@ -130,7 +130,7 @@ int parse_mc_firmware_fit_image(u64 mc_fw_addr, + return -EINVAL; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + printf("fsl-mc: ERR: Bad firmware image (bad FIT header)\n"); + return -EINVAL; + } +diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c +index adb2d06010ce..7b930ecc2a02 100644 +--- a/drivers/net/pfe_eth/pfe_firmware.c ++++ b/drivers/net/pfe_eth/pfe_firmware.c +@@ -150,7 +150,7 @@ static int pfe_fit_check(void) + return ret; + } + +- if (!fit_check_format(pfe_fit_addr)) { ++ if (fit_check_format(pfe_fit_addr, IMAGE_SIZE_INVAL)) { + printf("PFE Firmware: Bad firmware image (bad FIT header)\n"); + ret = -1; + return ret; +diff --git a/include/image.h b/include/image.h +index ea4c05ca2586..b73f739c1585 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -453,6 +453,9 @@ extern bootm_headers_t images; + #define uimage_to_cpu(x) be32_to_cpu(x) + #define cpu_to_uimage(x) cpu_to_be32(x) + ++/* An invalid size, meaning that the image size is not known */ ++#define IMAGE_SIZE_INVAL (-1UL) ++ + /* + * Translation table for entries of a specific type; used by + * get_table_entry_id() and get_table_entry_name(). +@@ -1062,7 +1065,23 @@ int fit_image_check_os(const void *fit, int noffset, uint8_t os); + int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); + int fit_image_check_type(const void *fit, int noffset, uint8_t type); + int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); +-int fit_check_format(const void *fit); ++ ++/** ++ * fit_check_format() - Check that the FIT is valid ++ * ++ * This performs various checks on the FIT to make sure it is suitable for ++ * use, looking for mandatory properties, nodes, etc. ++ * ++ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make ++ * sure that there are no strange tags or broken nodes in the FIT. ++ * ++ * @fit: pointer to the FIT format image header ++ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check ++ * failed (e.g. due to bad structure), -ENOMSG if the description is ++ * missing, -ENODATA if the timestamp is missing, -ENOENT if the /images ++ * path is missing ++ */ ++int fit_check_format(const void *fit, ulong size); + + int fit_conf_find_compat(const void *fit, const void *fdt); + +diff --git a/tools/fit_common.c b/tools/fit_common.c +index 9506390214ce..5e85ca221ac9 100644 +--- a/tools/fit_common.c ++++ b/tools/fit_common.c +@@ -26,7 +26,8 @@ + int fit_verify_header(unsigned char *ptr, int image_size, + struct image_tool_params *params) + { +- if (fdt_check_header(ptr) != EXIT_SUCCESS || !fit_check_format(ptr)) ++ if (fdt_check_header(ptr) != EXIT_SUCCESS || ++ fit_check_format(ptr, IMAGE_SIZE_INVAL)) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +diff --git a/tools/fit_image.c b/tools/fit_image.c +index 3b867e06564e..21fc11c084c9 100644 +--- a/tools/fit_image.c ++++ b/tools/fit_image.c +@@ -764,7 +764,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params) + /* Indent string is defined in header image.h */ + p = IMAGE_INDENT_STRING; + +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT image format\n"); + return -1; + } +diff --git a/tools/mkimage.h b/tools/mkimage.h +index 0254af59fbed..d32625f0a234 100644 +--- a/tools/mkimage.h ++++ b/tools/mkimage.h +@@ -29,6 +29,8 @@ + #define debug(fmt,args...) + #endif /* MKIMAGE_DEBUG */ + ++#define log_debug(fmt, args...) debug(fmt, ##args) ++ + static inline void *map_sysmem(ulong paddr, unsigned long len) + { + return (void *)(uintptr_t)paddr; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch new file mode 100644 index 000000000..51d858470 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch @@ -0,0 +1,212 @@ +From cf469ab0783da6783f89a8e31c213f19fdf38dba Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:10 -0700 +Subject: [PATCH] image: Add an option to do a full check of the FIT + +Some strange modifications of the FIT can introduce security risks. Add an +option to check it thoroughly, using libfdt's fdt_check_full() function. + +Enable this by default if signature verification is enabled. + +CVE-2021-27097 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> +--- + Kconfig | 19 ++++++++++++ + common/image-fit.c | 20 ++++++++++++- + include/linux/libfdt.h | 2 ++ + lib/libfdt/fdt_ro.c | 65 ++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 105 insertions(+), 1 deletion(-) + +diff --git a/Kconfig b/Kconfig +index b62bcdbccf1e..0165ca33c5d1 100644 +--- a/Kconfig ++++ b/Kconfig +@@ -318,11 +318,21 @@ config FIT_ENABLE_SHA512_SUPPORT + SHA512 checksum is a 512-bit (64-byte) hash value used to check that + the image contents have not been corrupted. + ++config FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ default y ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ + config FIT_SIGNATURE + bool "Enable signature verification of FIT uImages" + depends on DM + select HASH + select RSA ++ select FIT_FULL_CHECK + help + This option enables signature verification of FIT uImages, + using a hash signed and verified using RSA. If +@@ -398,6 +408,14 @@ config SPL_FIT_PRINT + help + Support printing the content of the fitImage in a verbose manner in SPL. + ++config SPL_FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ + config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_DM +@@ -405,6 +423,7 @@ config SPL_FIT_SIGNATURE + select SPL_CRYPTO_SUPPORT + select SPL_HASH_SUPPORT + select SPL_RSA ++ select SPL_FIT_FULL_CHECK + + config SPL_LOAD_FIT + bool "Enable SPL loading U-Boot as a FIT" +diff --git a/common/image-fit.c b/common/image-fit.c +index 124d8895cffd..b1926d8b53f8 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -15,7 +15,6 @@ + #include <time.h> + #else + #include <linux/compiler.h> +-#include <linux/kconfig.h> + #include <common.h> + #include <errno.h> + #include <mapmem.h> +@@ -26,12 +25,15 @@ DECLARE_GLOBAL_DATA_PTR; + + #include <image.h> + #include <bootstage.h> ++#include <linux/kconfig.h> + #include <u-boot/crc.h> + #include <u-boot/md5.h> + #include <u-boot/sha1.h> + #include <u-boot/sha256.h> + #include <u-boot/sha512.h> + ++#define log_debug(fmt, args...) debug(fmt, ##args) ++ + /*****************************************************************************/ + /* New uImage format routines */ + /*****************************************************************************/ +@@ -1487,6 +1489,22 @@ int fit_check_format(const void *fit, ulong size) + return -ENODATA; + } + } ++ ++ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { ++ /* ++ * If we are not given the size, make do wtih calculating it. ++ * This is not as secure, so we should consider a flag to ++ * control this. ++ */ ++ if (size == IMAGE_SIZE_INVAL) ++ size = fdt_totalsize(fit); ++ ret = fdt_check_full(fit, size); ++ ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return -EINVAL; ++ } ++ } + + /* mandatory subimages parent '/images' node */ + if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { +diff --git a/include/linux/libfdt.h b/include/linux/libfdt.h +index eeb2344971f3..29c997ada398 100644 +--- a/include/linux/libfdt.h ++++ b/include/linux/libfdt.h +@@ -305,6 +305,8 @@ int fdt_next_region(const void *fdt, + */ + int fdt_add_alias_regions(const void *fdt, struct fdt_region *region, int count, + int max_regions, struct fdt_region_state *info); ++ ++int fdt_check_full(const void *fdt, size_t bufsize); + #endif /* SWIG */ + + extern struct fdt_header *working_fdt; /* Pointer to the working fdt */ +diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c +index b6ca4e0b0c30..dfbeb2c21a85 100644 +--- a/lib/libfdt/fdt_ro.c ++++ b/lib/libfdt/fdt_ro.c +@@ -680,3 +680,68 @@ int fdt_node_offset_by_compatible(const void *fdt, int startoffset, + + return offset; /* error from fdt_next_node() */ + } ++ ++#define INT_MAX ((int)(~0U>>1)) ++ ++int fdt_check_full(const void *fdt, size_t bufsize) ++{ ++ int err; ++ int num_memrsv; ++ int offset, nextoffset = 0; ++ uint32_t tag; ++ unsigned depth = 0; ++ const void *prop; ++ const char *propname; ++ ++ if (bufsize < FDT_V1_SIZE) ++ return -FDT_ERR_TRUNCATED; ++ err = fdt_check_header(fdt); ++ if (err != 0) ++ return err; ++ if (bufsize < fdt_totalsize(fdt)) ++ return -FDT_ERR_TRUNCATED; ++ ++ num_memrsv = fdt_num_mem_rsv(fdt); ++ if (num_memrsv < 0) ++ return num_memrsv; ++ ++ while (1) { ++ offset = nextoffset; ++ tag = fdt_next_tag(fdt, offset, &nextoffset); ++ ++ if (nextoffset < 0) ++ return nextoffset; ++ ++ switch (tag) { ++ case FDT_NOP: ++ break; ++ ++ case FDT_END: ++ if (depth != 0) ++ return -FDT_ERR_BADSTRUCTURE; ++ return 0; ++ ++ case FDT_BEGIN_NODE: ++ depth++; ++ if (depth > INT_MAX) ++ return -FDT_ERR_BADSTRUCTURE; ++ break; ++ ++ case FDT_END_NODE: ++ if (depth == 0) ++ return -FDT_ERR_BADSTRUCTURE; ++ depth--; ++ break; ++ ++ case FDT_PROP: ++ prop = fdt_getprop_by_offset(fdt, offset, &propname, ++ &err); ++ if (!prop) ++ return err; ++ break; ++ ++ default: ++ return -FDT_ERR_INTERNAL; ++ } ++ } ++} +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch new file mode 100644 index 000000000..33dbf15be --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch @@ -0,0 +1,106 @@ +From dbfcf0735d5f4d27445176f72e6174edf064c118 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:12 -0700 +Subject: [PATCH] image: Check for unit addresses in FITs + +Using unit addresses in a FIT is a security risk. Add a check for this +and disallow it. + +CVE-2021-27138 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> +--- + common/image-fit.c | 56 ++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 52 insertions(+), 4 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 78db32e89f6f..6c495ffa4349 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1217,6 +1217,34 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + ++/** ++ * fdt_check_no_at() - Check for nodes whose names contain '@' ++ * ++ * This checks the parent node and all subnodes recursively ++ * ++ * @fit: FIT to check ++ * @parent: Parent node to check ++ * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@' ++ */ ++static int fdt_check_no_at(const void *fit, int parent) ++{ ++ const char *name; ++ int node; ++ int ret; ++ ++ name = fdt_get_name(fit, parent, NULL); ++ if (!name || strchr(name, '@')) ++ return -EADDRNOTAVAIL; ++ ++ fdt_for_each_subnode(node, fit, parent) { ++ ret = fdt_check_no_at(fit, node); ++ if (ret) ++ return ret; ++ } ++ ++ return 0; ++} ++ + int fit_check_format(const void *fit, ulong size) + { + int ret; +@@ -1251,10 +1279,27 @@ int fit_check_format(const void *fit, ulong size) + if (size == IMAGE_SIZE_INVAL) + size = fdt_totalsize(fit); + ret = fdt_check_full(fit, size); ++ if (ret) ++ ret = -EINVAL; ++ ++ /* ++ * U-Boot stopped using unit addressed in 2017. Since libfdt ++ * can match nodes ignoring any unit address, signature ++ * verification can see the wrong node if one is inserted with ++ * the same name as a valid node but with a unit address ++ * attached. Protect against this by disallowing unit addresses. ++ */ ++ if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) { ++ ret = fdt_check_no_at(fit, 0); + ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return ret; ++ } ++ } + if (ret) { + log_debug("FIT check error %d\n", ret); +- return -EINVAL; ++ return ret; + } + } + +@@ -1604,10 +1649,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { +- printf("Bad FIT %s image format!\n", prop_name); ++ ret = fit_check_format(fit, IMAGE_SIZE_INVAL); ++ if (ret) { ++ printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret); ++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL) ++ printf("Signature checking prevents use of unit addresses (@) in nodes\n"); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- return -ENOEXEC; ++ return ret; + } + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); + if (fit_uname) { +-- +2.17.1 + |