[PATCH v7 00/15] vpl: Introduce a verifying program loader
Simon Glass
sjg at chromium.org
Mon Feb 28 15:16:42 CET 2022
U-Boot provides a verified-boot feature based around FIT, but there is
no standard way of implementing it for a board. At present the various
required pieces must be built up separately, to produce a working
implementation. In particular, there is no built-in support for selecting
A/B boot or recovery mode.
This series introduces VPL, a verified program loader phase for U-Boot.
Its purpose is to run the verified-boot process and decide which SPL
binary should be run. It is critical that this decision happens before
SPL runs, since SPL sets up SDRAM and we need to be able to update the
SDRAM-init code in the field.
Adding VPL into the boot flow provides a standard way of implementing
verified boot. This series includes the phase itself, some useful Kconfig
options and a sandbox_vpl build for sandbox.
Most of the patches in this series are fixes and improvements to docs and
various Kconfig conditions for SPL so can be applied separately if needed.
The last four patches introduce VPL.
Changes in v7:
- Add new patch with a default for TPL_TEXT_BASE
- Add new patch to correct the conditions for SPL
- Add new patch to correct condition for SEPARATE_BSS
- Add new patch to avoid looking for an appended device tree
- Renumber the tests
- Update for the patman library rename
- Add a few more options
- Rebase to master
- Update some options based on settings in master
Changes in v6:
- Fix the missing SPDX tag on test/204...
- Add docs for sandbox_vpl build
- Drop TPL_HASH_SUPPORT patch since we only have SPL_HASH now
Changes in v5:
- Rebase this patch on mainline (for GPIO and MISC Kconfig renames)
Changes in v4:
- Add new patch to correct bloblist Kconfig dependencies
- Add new patch to avoid building avb in SPL
- Update spl_phase_prefix() for VPL
- Tidy up some of the Makefile rules
- Add options for blk, core, misc and tpl also
- Add VPL_SIZE_LIMIT
- Add a sandbox_vpl build
- Update cover letter
Changes in v3:
- Move VPL Kconfig options to a separate patch
- Add full build support for VPL
- Add a VPL size check (Kconfig option in next patch)
Changes in v2:
- Add some more VPL Kconfig options
Simon Glass (15):
doc: Convert SPL documentation to ReST
doc: Expand SPL docs to explain the phase and config
test: Tidy up test building with SPL
bloblist: Correct Kconfig dependencies
avb: Don't build in SPL
Makefile: Simplify devicetree rules for SPL/TPL
Makefile: Tidy up the TPL build rules
Add a default for TPL_TEXT_BASE
disk: Correct the conditions for SPL
fdt: Correct condition for SEPARATE_BSS
fdt: sandbox: Avoid looking for an appended device tree
binman: Add VPL support
Introduce Verifying Program Loader (VPL)
vpl: Add Kconfig options for VPL
sandbox: Add a build for VPL
Kconfig | 10 +
Makefile | 28 ++-
arch/sandbox/Kconfig | 8 +
arch/sandbox/cpu/spl.c | 12 +-
arch/sandbox/dts/sandbox.dtsi | 10 +-
board/sandbox/MAINTAINERS | 7 +
common/Kconfig | 71 +++++-
common/Makefile | 2 +-
common/spl/Kconfig | 235 ++++++++++++++++++-
common/spl/spl.c | 25 +-
configs/sandbox_vpl_defconfig | 251 +++++++++++++++++++++
disk/Makefile | 10 +-
doc/arch/sandbox.rst | 13 ++
doc/develop/index.rst | 1 +
doc/{README.SPL => develop/spl.rst} | 75 ++++--
drivers/Makefile | 2 +
drivers/block/Kconfig | 12 +
drivers/clk/Kconfig | 26 +++
drivers/core/Kconfig | 33 +++
drivers/core/Makefile | 2 +-
drivers/gpio/Kconfig | 11 +
drivers/i2c/Kconfig | 11 +
drivers/misc/Kconfig | 28 +++
drivers/pinctrl/Kconfig | 18 +-
drivers/rtc/Kconfig | 9 +
drivers/serial/Kconfig | 20 ++
drivers/sysreset/Kconfig | 10 +
drivers/timer/Kconfig | 10 +
drivers/tpm/Kconfig | 30 +++
dts/Kconfig | 17 ++
include/bootstage.h | 2 +
include/linux/kconfig.h | 3 +
include/spl.h | 22 +-
lib/Kconfig | 64 +++++-
lib/fdtdec.c | 5 +-
scripts/Kbuild.include | 4 +
scripts/Makefile.autoconf | 12 +
scripts/Makefile.build | 4 +
scripts/Makefile.lib | 5 +
scripts/Makefile.spl | 37 ++-
tools/binman/etype/u_boot_vpl.py | 42 ++++
tools/binman/etype/u_boot_vpl_bss_pad.py | 44 ++++
tools/binman/etype/u_boot_vpl_dtb.py | 28 +++
tools/binman/etype/u_boot_vpl_expanded.py | 45 ++++
tools/binman/etype/u_boot_vpl_nodtb.py | 42 ++++
tools/binman/ftest.py | 109 +++++++--
tools/binman/state.py | 3 +-
tools/binman/test/082_fdt_update_all.dts | 2 +
tools/binman/test/225_u_boot_vpl.dts | 11 +
tools/binman/test/226_u_boot_vpl_nodtb.dts | 13 ++
tools/binman/test/227_fdt_incl_vpl.dts | 13 ++
tools/binman/test/228_vpl_bss_pad.dts | 19 ++
52 files changed, 1441 insertions(+), 85 deletions(-)
create mode 100644 configs/sandbox_vpl_defconfig
rename doc/{README.SPL => develop/spl.rst} (68%)
create mode 100644 tools/binman/etype/u_boot_vpl.py
create mode 100644 tools/binman/etype/u_boot_vpl_bss_pad.py
create mode 100644 tools/binman/etype/u_boot_vpl_dtb.py
create mode 100644 tools/binman/etype/u_boot_vpl_expanded.py
create mode 100644 tools/binman/etype/u_boot_vpl_nodtb.py
create mode 100644 tools/binman/test/225_u_boot_vpl.dts
create mode 100644 tools/binman/test/226_u_boot_vpl_nodtb.dts
create mode 100644 tools/binman/test/227_fdt_incl_vpl.dts
create mode 100644 tools/binman/test/228_vpl_bss_pad.dts
--
2.35.1.574.g5d30c73bfb-goog
More information about the U-Boot
mailing list