From 40108db4434d8c2e0a1ad2d1dd3f5ae34b17352c Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Mon, 3 Aug 2020 15:40:26 -0700 Subject: Update to internal 0.72 Signed-off-by: Jason M. Bills --- ...1-2-reset-mask-to-reset-needed-controller.patch | 83 +++++++++++ .../files/0046-Enable-FMC-DMA-for-memmove.patch | 151 ++++++++++++++++++++ .../files/0047-ast2500-parse-reset-reason.patch | 65 +++++++++ ...age-Correct-comment-for-fit_conf_get_node.patch | 77 +++++++++++ ...little-more-verbose-when-checking-signatu.patch | 45 ++++++ ...n-an-error-message-from-fit_config_verify.patch | 39 ++++++ ...k-hash-nodes-when-checking-configurations.patch | 97 +++++++++++++ ...the-correct-configuration-in-fit_check_si.patch | 51 +++++++ ...ign-Allow-selecting-the-configuration-to-.patch | 101 ++++++++++++++ ...-constants-for-required-and-key-name-hint.patch | 152 +++++++++++++++++++++ .../recipes-bsp/u-boot/files/intel.cfg | 3 + 11 files changed, 864 insertions(+) create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0045-Apply-WDT1-2-reset-mask-to-reset-needed-controller.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0046-Enable-FMC-DMA-for-memmove.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0047-ast2500-parse-reset-reason.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/intel.cfg (limited to 'meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files') diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0045-Apply-WDT1-2-reset-mask-to-reset-needed-controller.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0045-Apply-WDT1-2-reset-mask-to-reset-needed-controller.patch new file mode 100644 index 000000000..ea7a582df --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0045-Apply-WDT1-2-reset-mask-to-reset-needed-controller.patch @@ -0,0 +1,83 @@ +From 622df2804c7f8540587df26c81653b47809c9984 Mon Sep 17 00:00:00 2001 +From: Suryakanth Sekar +Date: Thu, 16 Jul 2020 11:02:53 +0530 +Subject: [PATCH] Apply WDT1-2 reset mask to reset needed controller + +Issue: +BMC reset during BIOS serial port access causes BIOS hang. + +Root caused: +BMC resetting the LPC controller during BMC warm reset. +Which cause BIOS hang as BIOS cannot dump the BIOS serial data. + +Fix: +WDT reset mask has been updated from default to proper value, +such that controllers interacting with host will not be reset +during wdt reset operation. +This was missed earlier, causing BIOS to hang whenever BMC resets, +as BIOS was accessing the serial port (LPC controller). +De-coupling LPC controller will make sure BIOS serial port access +is not disturbed. +And also Reset mask is updated not to reset the following +in order to avoid the host hang. +1. SDRAM controller +2. AHB Bridges +3. Graphics CRT controller +4. Reset Video Engine +5. LPC controller +6. CRT mode 2D Engine +7. PWM controller +8. MCTP Controller +9. X- DMA Controller +10. SPI controller + +Quick Step to reproduce: + Stop the BMC in uboot and add below bootcmd command + setenv bootcmd "reset" + Do the System power ON or System warm reset. + + For WDT2: + boot the BMC and ran the /usr/bin/watch_dog_reset.sh + Do the System Power ON or System warm reset. + +Tested: + 1. Ran overnight continous BIOS and BMC warm reset on two SUTs. + + 2.Ran the TestApp which dump the BIOS serial port continously and + do the BMC reset. + + 3.Stop the BMC in uboot and add below bootcmd command + setenv bootcmd "reset" + Do the System Power ON or System warm reset. + + 4.Ran Over night AC cycle test. Completed +1000 in two systems. + + 5.Stopped at u-boot. + Issue protect off all command + Issue erase all command. + BMC should not hang and able to complete the "erase all" command + +Signed-off-by: Suryakanth Sekar +--- + arch/arm/mach-aspeed/platform_g5.S | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/mach-aspeed/platform_g5.S b/arch/arm/mach-aspeed/platform_g5.S +index b404353..97253f4 100644 +--- a/arch/arm/mach-aspeed/platform_g5.S ++++ b/arch/arm/mach-aspeed/platform_g5.S +@@ -366,7 +366,10 @@ init_dram: + and r1, r1, #0x01 + str r1, [r0] + ldr r0, =0x1e78501c @ restore normal mask setting +- ldr r1, =0x023FFFF3 @ added 2016.09.06 ++ ldr r1, =0x023CD773 @ Changed 2020.06.18 ++ str r1, [r0] ++ ldr r0, =0x1e78503c @ restore normal mask setting ++ ldr r1, =0x023CD773 @ Changed 2020.07.08 + str r1, [r0] + b bypass_first_reset + +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0046-Enable-FMC-DMA-for-memmove.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0046-Enable-FMC-DMA-for-memmove.patch new file mode 100644 index 000000000..e75b732b1 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0046-Enable-FMC-DMA-for-memmove.patch @@ -0,0 +1,151 @@ +From 38d3fba3ac2d4240bab1e5427fc6ed71291e1cc8 Mon Sep 17 00:00:00 2001 +From: Jae Hyun Yoo +Date: Fri, 19 Jun 2020 16:30:47 -0700 +Subject: [PATCH] Enable FMC DMA for memmove + +This commit enables FMC DMA for memmove so that kernel loading can be +completed quickly. + +Signed-off-by: Chia-Wei Wang +Signed-off-by: Jae Hyun Yoo +--- + arch/arm/mach-aspeed/Makefile | 2 +- + arch/arm/mach-aspeed/utils.S | 53 +++++++++++++++++++++++++++++++++++++++++++ + lib/Kconfig | 6 +++++ + lib/string.c | 12 +++++++++- + 4 files changed, 71 insertions(+), 2 deletions(-) + create mode 100644 arch/arm/mach-aspeed/utils.S + +diff --git a/arch/arm/mach-aspeed/Makefile b/arch/arm/mach-aspeed/Makefile +index 7d8930beb988..b9fcf41d8c97 100644 +--- a/arch/arm/mach-aspeed/Makefile ++++ b/arch/arm/mach-aspeed/Makefile +@@ -11,7 +11,7 @@ + # + + +-obj-y += timer.o reset.o cpuinfo.o ast-scu.o ast-ahbc.o ast-sdmc.o ++obj-y += timer.o reset.o cpuinfo.o ast-scu.o ast-ahbc.o ast-sdmc.o utils.o + obj-$(CONFIG_AST_SPI_NOR) += flash.o + obj-$(CONFIG_ARCH_AST2500) += platform_g5.o + obj-$(CONFIG_ARCH_AST2400) += platform_g4.o +diff --git a/arch/arm/mach-aspeed/utils.S b/arch/arm/mach-aspeed/utils.S +new file mode 100644 +index 000000000000..a06d72552eef +--- /dev/null ++++ b/arch/arm/mach-aspeed/utils.S +@@ -0,0 +1,53 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * Copyright (C) ASPEED Technology Inc. ++ * Chia-Wei Wang ++ */ ++ ++#include ++#include ++#include ++ ++#define AST_FMC_BASE (0x1E620000) ++#define AST_FMC_INT_CTRL_STAT (AST_FMC_BASE + 0x008) ++#define AST_FMC_DMA_CTRL (AST_FMC_BASE + 0x080) ++#define AST_FMC_DMA_FLASH_ADDR (AST_FMC_BASE + 0x084) ++#define AST_FMC_DMA_DRAM_ADDR (AST_FMC_BASE + 0x088) ++#define AST_FMC_DMA_LENGTH (AST_FMC_BASE + 0x08C) ++ ++/* ++ * void aspeed_spi_fastcpy(u32 mem_addr, u32 spi_addr, u32 count) ++ * ++ * perform FMC SPI DMA to speed up flash copy. ++ * @dst: destination memory address ++ * @src: source SPI address ++ * @count: number of bytes to be copied, 4-byte aligned ++ * ++ * NOTE that the caller must ensure the validity of parameters. ++ */ ++ENTRY(aspeed_spi_fastcpy) ++ ldr r3, =AST_FMC_DMA_DRAM_ADDR ++ str r0, [r3] ++ ++ ldr r3, =AST_FMC_DMA_FLASH_ADDR ++ str r1, [r3] ++ ++ ldr r3, =AST_FMC_DMA_LENGTH ++ str r2, [r3] ++ ++ ldr r0, =AST_FMC_DMA_CTRL ++ mov r1, #1 ++ str r1, [r0] ++ ++ ldr r0, =AST_FMC_INT_CTRL_STAT ++polling: ++ ldr r1, [r0] ++ tst r1, #(1 << 11) ++ beq polling ++ ++ ldr r0, =AST_FMC_DMA_CTRL ++ mov r1, #0 ++ str r1, [r0] ++ ++ mov pc, lr ++ENDPROC(aspeed_spi_fastcpy) +diff --git a/lib/Kconfig b/lib/Kconfig +index 02ca4058d37e..8c8fde6b1b28 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -149,6 +149,12 @@ config SPL_OF_LIBFDT + particular compatible nodes. The library operates on a flattened + version of the device tree. + ++config ASPEED_FMC_DMA ++ bool "Enable Aspeed SPI DMA" ++ default n ++ help ++ This enables fast memmove using FMC DMA on Aspeed SoCs. ++ + source lib/efi/Kconfig + source lib/efi_loader/Kconfig + +diff --git a/lib/string.c b/lib/string.c +index 0bf472f1f69e..f95b8e478fa6 100644 +--- a/lib/string.c ++++ b/lib/string.c +@@ -15,11 +15,12 @@ + * reentrant and should be faster). Use only strsep() in new code, please. + */ + ++#include + #include + #include + #include + #include +- ++#include + + /** + * strncasecmp - Case insensitive, length-limited string comparison +@@ -497,6 +498,7 @@ void * memcpy(void *dest, const void *src, size_t count) + #endif + + #ifndef __HAVE_ARCH_MEMMOVE ++extern void aspeed_spi_fastcpy(u32 mem_addr, u32 spi_addr, u32 count); + /** + * memmove - Copy one area of memory to another + * @dest: Where to copy to +@@ -520,6 +522,14 @@ void *memmove(void *dest, const void *src, size_t count) + if (src == dest || !count) + return dest; + ++#ifdef CONFIG_ASPEED_FMC_DMA ++ if ((u32)src >= AST_FMC_CS0_BASE && (u32)src < AST_SPI0_CS0_BASE) { ++ count = ((count + 3) / 4) * 4; ++ aspeed_spi_fastcpy((u32)dest, (u32)src, (u32)count); ++ return dest; ++ } ++#endif ++ + if (unaligned_src || unaligned_dst) { + if (unaligned_dst != unaligned_src) { + unaligned_header = count; +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0047-ast2500-parse-reset-reason.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0047-ast2500-parse-reset-reason.patch new file mode 100644 index 000000000..b1b525f99 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0047-ast2500-parse-reset-reason.patch @@ -0,0 +1,65 @@ +From 96eb25949b824af10cabd387cfdc6401d23ac04b Mon Sep 17 00:00:00 2001 +From: Kuiying Wang +Date: Tue, 7 Jul 2020 13:41:48 +0800 +Subject: [PATCH] ast2500: parse reset reason. + +Signed-off-by: Kuiying Wang +--- + arch/arm/mach-aspeed/ast-scu.c | 39 +++++++++++++++++++++++++++++++++- + 1 file changed, 38 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/mach-aspeed/ast-scu.c b/arch/arm/mach-aspeed/ast-scu.c +index 28c48c1154..ff90c0fc7e 100644 +--- a/arch/arm/mach-aspeed/ast-scu.c ++++ b/arch/arm/mach-aspeed/ast-scu.c +@@ -596,9 +596,46 @@ void ast_scu_security_info(void) + void ast_scu_sys_rest_info(void) + { + u32 rest = ast_scu_read(AST_SCU_SYS_CTRL); ++ bool unknown_flag = true; + + #ifdef AST_SOC_G5 +- printf("RST : 0x%02x\n", rest); ++ printf("RST : 0x%02x (", rest); ++ if (rest & SCU_SYS_EXT_RESET_FLAG) { ++ unknown_flag = false; ++ printf("External"); ++ } ++ if (rest & SCU_SYS_WDT_RESET_FLAG) { ++ if (unknown_flag) ++ printf("WDT1"); ++ else ++ printf("|WDT1"); ++ unknown_flag = false; ++ } ++ if (rest & SCU_SYS_WDT2_RESET_FLAG) { ++ if (unknown_flag) ++ printf("WDT2"); ++ else ++ printf("|WDT2"); ++ unknown_flag = false; ++ } ++ if (rest & SCU_SYS_WDT3_RESET_FLAG) { ++ if (unknown_flag) ++ printf("WDT3"); ++ else ++ printf("|WDT3"); ++ unknown_flag = false; ++ } ++ if (rest & SCU_SYS_PWR_RESET_FLAG) { ++ if (unknown_flag) ++ printf("Power On"); ++ else ++ printf("|Power On"); ++ unknown_flag = false; ++ } ++ if (unknown_flag) { ++ printf("Unknown"); ++ } ++ printf(")\n"); + #else + if (rest & SCU_SYS_EXT_RESET_FLAG) { + printf("RST : External\n"); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch new file mode 100644 index 000000000..7e1cd0351 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch @@ -0,0 +1,77 @@ +From 07867a17f8ed7ca621107550e218b1c916b9cc19 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Correct comment for fit_conf_get_node() + +This should mention that conf_uname can be NULL and should be in the +header file. Fix this. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/image-fit.c | 18 ------------------ + include/image.h | 19 +++++++++++++++++++ + 2 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 6f920da22043..f31e93a36441 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1375,24 +1375,6 @@ int fit_conf_find_compat(const void *fit, const void *fdt) + return best_match_offset; + } + +-/** +- * fit_conf_get_node - get node offset for configuration of a given unit name +- * @fit: pointer to the FIT format image header +- * @conf_uname: configuration node unit name +- * +- * fit_conf_get_node() finds a configuration (within the '/configurations' +- * parent node) of a provided unit name. If configuration is found its node +- * offset is returned to the caller. +- * +- * When NULL is provided in second argument fit_conf_get_node() will search +- * for a default configuration node instead. Default configuration node unit +- * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' +- * node. +- * +- * returns: +- * configuration node offset when found (>=0) +- * negative number on failure (FDT_ERR_* code) +- */ + int fit_conf_get_node(const void *fit, const char *conf_uname) + { + int noffset, confs_noffset; +diff --git a/include/image.h b/include/image.h +index a16187f874db..b05e8552cc5b 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -908,6 +908,25 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); + int fit_check_format(const void *fit); + + int fit_conf_find_compat(const void *fit, const void *fdt); ++ ++/** ++ * fit_conf_get_node - get node offset for configuration of a given unit name ++ * @fit: pointer to the FIT format image header ++ * @conf_uname: configuration node unit name (NULL to use default) ++ * ++ * fit_conf_get_node() finds a configuration (within the '/configurations' ++ * parent node) of a provided unit name. If configuration is found its node ++ * offset is returned to the caller. ++ * ++ * When NULL is provided in second argument fit_conf_get_node() will search ++ * for a default configuration node instead. Default configuration node unit ++ * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' ++ * node. ++ * ++ * returns: ++ * configuration node offset when found (>=0) ++ * negative number on failure (FDT_ERR_* code) ++ */ + int fit_conf_get_node(const void *fit, const char *conf_uname); + + /** +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch new file mode 100644 index 000000000..16ac5fb59 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch @@ -0,0 +1,45 @@ +From 3d7360b1b32f56e26bbc90bcff42d5f204d0b717 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Be a little more verbose when checking signatures + +It is useful to be a little more specific about what is being checked. +Update a few messages to help with this. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/image-fit.c | 2 +- + tools/image-host.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index f31e93a36441..8a7c78f4c144 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1637,7 +1637,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + fit_uname = fit_get_name(fit, noffset, NULL); + } + if (noffset < 0) { +- puts("Could not find subimage node\n"); ++ printf("Could not find subimage node type '%s'\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE); + return -ENOENT; + } +diff --git a/tools/image-host.c b/tools/image-host.c +index 7effb6cea59e..01fdec276da4 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -717,7 +717,8 @@ int fit_check_sign(const void *fit, const void *key) + if (!cfg_noffset) + return -1; + +- printf("Verifying Hash Integrity ... "); ++ printf("Verifying Hash Integrity for node '%s'... ", ++ fdt_get_name(fit, cfg_noffset, NULL)); + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch new file mode 100644 index 000000000..fd8ceecf0 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch @@ -0,0 +1,39 @@ +From 647e43f0aee09ef33d2159ad95c7f3499d8fd8a4 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Return an error message from fit_config_verify_sig() + +This function only returns an error message sometimes. Update it to always +return an error message if one is available. This makes it easier to see +what went wrong. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/image-sig.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index eda5e1353ab0..a664f4a40945 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -415,13 +415,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + goto error; + } + +- return verified ? 0 : -EPERM; ++ if (verified) ++ return 0; + + error: + printf(" error!\n%s for '%s' hash node in '%s' config node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, conf_noffset, NULL)); +- return -1; ++ return -EPERM; + } + + int fit_config_verify_required_sigs(const void *fit, int conf_noffset, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch new file mode 100644 index 000000000..5a4bca485 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch @@ -0,0 +1,97 @@ +From ece10b3eac018240776bfec8aceb1e8f4947288b Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Check hash-nodes when checking configurations + +It is currently possible to use a different configuration's signature and +thus bypass the configuration check. Make sure that the configuration node +that was hashed matches the one being checked, to catch this problem. + +Also add a proper function comment to fit_config_check_sig() and make it +static. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/image-sig.c | 36 +++++++++++++++++++++++++++++++++--- + 1 file changed, 33 insertions(+), 3 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index a664f4a40945..057d654c17d4 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -283,20 +283,39 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + return 0; + } + +-int fit_config_check_sig(const void *fit, int noffset, int required_keynode, +- char **err_msgp) ++/** ++ * fit_config_check_sig() - Check the signature of a config ++ * ++ * @fit: FIT to check ++ * @noffset: Offset of configuration node (e.g. /configurations/conf-1) ++ * @required_keynode: Offset in the control FDT of the required key node, ++ * if any. If this is given, then the configuration wil not ++ * pass verification unless that key is used. If this is ++ * -1 then any signature will do. ++ * @conf_noffset: Offset of the configuration subnode being checked (e.g. ++ * /configurations/conf-1/kernel) ++ * @err_msgp: In the event of an error, this will be pointed to a ++ * help error string to display to the user. ++ * @return 0 if all verified ok, <0 on error ++ */ ++static int fit_config_check_sig(const void *fit, int noffset, ++ int required_keynode, int conf_noffset, ++ char **err_msgp) + { + char * const exc_prop[] = {"data"}; + const char *prop, *end, *name; + struct image_sign_info info; + const uint32_t *strings; ++ const char *config_name; + uint8_t *fit_value; + int fit_value_len; ++ bool found_config; + int max_regions; + int i, prop_len; + char path[200]; + int count; + ++ config_name = fit_get_name(fit, conf_noffset, NULL); + debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), + fit_get_name(fit, noffset, NULL), + fit_get_name(gd_fdt_blob(), required_keynode, NULL)); +@@ -332,9 +351,20 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, + char *node_inc[count]; + + debug("Hash nodes (%d):\n", count); ++ found_config = false; + for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { + debug(" '%s'\n", name); + node_inc[i] = (char *)name; ++ if (!strncmp(FIT_CONFS_PATH, name, strlen(FIT_CONFS_PATH)) && ++ name[sizeof(FIT_CONFS_PATH) - 1] == '/' && ++ !strcmp(name + sizeof(FIT_CONFS_PATH), config_name)) { ++ debug(" (found config node %s)", config_name); ++ found_config = true; ++ } ++ } ++ if (!found_config) { ++ *err_msgp = "Selected config not in hashed nodes"; ++ return -1; + } + + /* +@@ -399,7 +429,7 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + if (!strncmp(name, FIT_SIG_NODENAME, + strlen(FIT_SIG_NODENAME))) { + ret = fit_config_check_sig(fit, noffset, sig_offset, +- &err_msg); ++ conf_noffset, &err_msg); + if (ret) { + puts("- "); + } else { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch new file mode 100644 index 000000000..4701086bc --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch @@ -0,0 +1,51 @@ +From 738b8ba7ac971c10500d1322fda59ac6aa58e867 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Load the correct configuration in fit_check_sign + +At present bootm_host_load_images() is passed the configuration that has +been verified, but ignores it and just uses the default configuration. +This may not be the same. + +Update this function to use the selected configuration. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/bootm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/common/bootm.c b/common/bootm.c +index 46909ecdbb1f..b39fd60c8c49 100644 +--- a/common/bootm.c ++++ b/common/bootm.c +@@ -894,7 +894,8 @@ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) + memmove(to, from, len); + } + +-static int bootm_host_load_image(const void *fit, int req_image_type) ++static int bootm_host_load_image(const void *fit, int req_image_type, ++ int cfg_noffset) + { + const char *fit_uname_config = NULL; + ulong data, len; +@@ -906,6 +907,7 @@ static int bootm_host_load_image(const void *fit, int req_image_type) + void *load_buf; + int ret; + ++ fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL); + memset(&images, '\0', sizeof(images)); + images.verify = 1; + noffset = fit_image_load(&images, (ulong)fit, +@@ -950,7 +952,7 @@ int bootm_host_load_images(const void *fit, int cfg_noffset) + for (i = 0; i < ARRAY_SIZE(image_types); i++) { + int ret; + +- ret = bootm_host_load_image(fit, image_types[i]); ++ ret = bootm_host_load_image(fit, image_types[i], cfg_noffset); + if (!err && ret && ret != -ENOENT) + err = ret; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch new file mode 100644 index 000000000..687946e4c --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch @@ -0,0 +1,101 @@ +From 86a746eecc231886fbca97db6c6544997b95e49a Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] fit_check_sign: Allow selecting the configuration to verify + +This tool always verifies the default configuration. It is useful to be +able to verify a specific one. Add a command-line flag for this and plumb +the logic through. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + tools/fdt_host.h | 3 ++- + tools/fit_check_sign.c | 8 ++++++-- + tools/image-host.c | 6 ++++-- + 3 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/tools/fdt_host.h b/tools/fdt_host.h +index 134d9657139b..4eceab19dd3a 100644 +--- a/tools/fdt_host.h ++++ b/tools/fdt_host.h +@@ -11,6 +11,7 @@ + #include "../include/libfdt.h" + #include "../include/fdt_support.h" + +-int fit_check_sign(const void *working_fdt, const void *key); ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config); + + #endif /* __FDT_HOST_H__ */ +diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c +index d9361b00950c..e9a489db3920 100644 +--- a/tools/fit_check_sign.c ++++ b/tools/fit_check_sign.c +@@ -42,6 +42,7 @@ int main(int argc, char **argv) + void *fit_blob; + char *fdtfile = NULL; + char *keyfile = NULL; ++ char *config_name = NULL; + char cmdname[256]; + int ret; + void *key_blob; +@@ -49,7 +50,7 @@ int main(int argc, char **argv) + + strncpy(cmdname, *argv, sizeof(cmdname) - 1); + cmdname[sizeof(cmdname) - 1] = '\0'; +- while ((c = getopt(argc, argv, "f:k:")) != -1) ++ while ((c = getopt(argc, argv, "f:k:c:")) != -1) + switch (c) { + case 'f': + fdtfile = optarg; +@@ -57,6 +58,9 @@ int main(int argc, char **argv) + case 'k': + keyfile = optarg; + break; ++ case 'c': ++ config_name = optarg; ++ break; + default: + usage(cmdname); + break; +@@ -79,7 +83,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + + image_set_host_blob(key_blob); +- ret = fit_check_sign(fit_blob, key_blob); ++ ret = fit_check_sign(fit_blob, key_blob, config_name); + if (!ret) { + ret = EXIT_SUCCESS; + fprintf(stderr, "Signature check OK\n"); +diff --git a/tools/image-host.c b/tools/image-host.c +index 01fdec276da4..da374eeabf5e 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -708,12 +708,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, + } + + #ifdef CONFIG_FIT_SIGNATURE +-int fit_check_sign(const void *fit, const void *key) ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config) + { + int cfg_noffset; + int ret; + +- cfg_noffset = fit_conf_get_node(fit, NULL); ++ cfg_noffset = fit_conf_get_node(fit, fit_uname_config); + if (!cfg_noffset) + return -1; + +@@ -722,6 +723,7 @@ int fit_check_sign(const void *fit, const void *key) + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; ++ printf("Verified OK, loading images\n"); + ret = bootm_host_load_images(fit, cfg_noffset); + + return ret; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch new file mode 100644 index 000000000..4f5704e7c --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch @@ -0,0 +1,152 @@ +From 82d0b38436fd44bc54372ebe3f3d3fef63835b83 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint' + +These are used in multiple places so update them to use a shared #define. + +Signed-off-by: Simon Glass +Signed-off-by: Jae Hyun Yoo +--- + common/image-fit.c | 6 +++--- + common/image-sig.c | 8 +++++--- + include/image.h | 4 +++- + lib/rsa/rsa-sign.c | 6 +++--- + tools/image-host.c | 6 +++--- + 5 files changed, 17 insertions(+), 13 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 8a7c78f4c144..322fde728b50 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -264,7 +264,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + uint8_t *value; + int value_len; + char *algo; +- int required; ++ bool required; + int ret, i; + + debug("%s %s node: '%s'\n", p, type, +@@ -275,8 +275,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + return; + } + printf("%s", algo); +- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); +- required = fdt_getprop(fit, noffset, "required", NULL) != NULL; ++ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); ++ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL; + if (keyname) + printf(":%s", keyname); + if (required) +diff --git a/common/image-sig.c b/common/image-sig.c +index 057d654c17d4..b49732117927 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -156,7 +156,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, + return -1; + } + memset(info, '\0', sizeof(*info)); +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = (void *)fit; + info->node_offset = noffset; + info->algo = image_get_sig_algo(algo_name); +@@ -264,7 +264,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "image")) + continue; + ret = fit_image_verify_sig(fit, image_noffset, data, size, +@@ -473,7 +474,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "conf")) + continue; + ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, +diff --git a/include/image.h b/include/image.h +index b05e8552cc5b..2c6ef4de259d 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -782,12 +782,14 @@ int bootz_setup(ulong image, ulong *start, ulong *end); + #define FIT_IMAGES_PATH "/images" + #define FIT_CONFS_PATH "/configurations" + +-/* hash/signature node */ ++/* hash/signature/key node */ + #define FIT_HASH_NODENAME "hash" + #define FIT_ALGO_PROP "algo" + #define FIT_VALUE_PROP "value" + #define FIT_IGNORE_PROP "uboot-ignore" + #define FIT_SIG_NODENAME "signature" ++#define FIT_KEY_REQUIRED "required" ++#define FIT_KEY_HINT "key-name-hint" + + /* image node */ + #define FIT_DATA_PROP "data" +diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c +index 5d9716f01349..972af6b8a7e2 100644 +--- a/lib/rsa/rsa-sign.c ++++ b/lib/rsa/rsa-sign.c +@@ -486,8 +486,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + } + + if (!ret) { +- ret = fdt_setprop_string(keydest, node, "key-name-hint", +- info->keyname); ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT, ++ info->keyname); + } + if (!ret) + ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); +@@ -509,7 +509,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + info->algo->name); + } + if (info->require_keys) { +- ret = fdt_setprop_string(keydest, node, "required", ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED, + info->require_keys); + } + done: +diff --git a/tools/image-host.c b/tools/image-host.c +index da374eeabf5e..afeba22a09be 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -161,7 +161,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, + + memset(info, '\0', sizeof(*info)); + info->keydir = keydir; +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = fit; + info->node_offset = noffset; + info->algo = image_get_sig_algo(algo_name); +@@ -234,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest, + free(value); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* Write the public key into the supplied FDT file */ + if (keydest && info.algo->add_verify_data(&info, keydest)) { +@@ -605,7 +605,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, + free(region_prop); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* Write the public key into the supplied FDT file */ + if (keydest) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/intel.cfg b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/intel.cfg new file mode 100644 index 000000000..e59d585de --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/intel.cfg @@ -0,0 +1,3 @@ +CONFIG_ASPEED_FMC_DMA=y +CONFIG_NETCONSOLE=n +CONFIG_CMD_NFS=n \ No newline at end of file -- cgit v1.2.3