[PATCH v3 36/43] vbe: Add Kconfig options for VPL
Simon Glass
sjg at chromium.org
Fri Oct 21 02:23:13 CEST 2022
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
(no changes since v1)
boot/Kconfig | 137 +++++++++++++++++++++++++++++++
boot/vbe_simple_os.c | 2 +-
common/spl/Kconfig.vpl | 30 +++++++
configs/sandbox_vpl_defconfig | 13 ++-
test/py/tests/test_event_dump.py | 1 +
5 files changed, 181 insertions(+), 2 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig
index 6eb056def05..93344975a63 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -292,6 +292,57 @@ config SPL_FIT_GENERATOR
endif # SPL
+if VPL
+
+config VPL_FIT
+ bool "Support Flattened Image Tree within VPL"
+ depends on VPL
+ default y
+ select VPL_HASH
+ select VPL_OF_LIBFDT
+
+config VPL_FIT_PRINT
+ bool "Support FIT printing within VPL"
+ depends on VPL_FIT
+ default y
+ help
+ Support printing the content of the fitImage in a verbose manner in VPL.
+
+config VPL_FIT_FULL_CHECK
+ bool "Do a full check of the FIT before using it"
+ default y
+ help
+ Enable this do a full check of the FIT to make sure it is valid. This
+ helps to protect against carefully crafted FITs which take advantage
+ of bugs or omissions in the code. This includes a bad structure,
+ multiple root nodes and the like.
+
+config VPL_FIT_SIGNATURE
+ bool "Enable signature verification of FIT firmware within VPL"
+ depends on VPL_DM
+ depends on VPL_LOAD_FIT || VPL_LOAD_FIT_FULL
+ default y
+ select FIT_SIGNATURE
+ select VPL_FIT
+ select VPL_CRYPTO
+ select VPL_HASH
+ imply VPL_RSA
+ imply VPL_RSA_VERIFY
+ select VPL_IMAGE_SIGN_INFO
+ select VPL_FIT_FULL_CHECK
+
+config VPL_FIT_SIGNATURE_MAX_SIZE
+ hex "Max size of signed FIT structures in VPL"
+ depends on VPL_FIT_SIGNATURE
+ default 0x10000000
+ help
+ This option sets a max size in bytes for verified FIT uImages.
+ A sane value of 256MB protects corrupted DTB structures from overlapping
+ device memory. Assure this size does not extend past expected storage
+ space.
+
+endif # VPL
+
endif # FIT
config PXE_UTILS
@@ -334,6 +385,26 @@ config BOOTSTD_FULL
- support for selecting the ordering of bootdevs using the devicetree
as well as the "boot_targets" environment variable
+config SPL_BOOTSTD
+ bool "Standard boot support in VPL"
+ depends on SPL && SPL_DM && SPL_OF_CONTROL && SPL_BLK
+ default y if VPL
+ help
+ This enables standard boot in SPL. This is neeeded so that VBE
+ (Verified Boot for Embedded) can be used, since it depends on standard
+ boot. It is enabled by default since the main purpose of VPL is to
+ handle the firmware part of VBE.
+
+config VPL_BOOTSTD
+ bool "Standard boot support in VPL"
+ depends on VPL && VPL_DM && VPL_OF_CONTROL && VPL_BLK
+ default y
+ help
+ This enables standard boot in SPL. This is neeeded so that VBE
+ (Verified Boot for Embedded) can be used, since it depends on standard
+ boot. It is enabled by default since the main purpose of VPL is to
+ handle the firmware part of VBE.
+
if BOOTSTD
config BOOTSTD_BOOTCOMMAND
@@ -408,6 +479,24 @@ config BOOTMETH_VBE
supports selection of various firmware components, seleciton of an OS to
boot as well as updating these using fwupd.
+config SPL_BOOTMETH_VBE
+ bool "Bootdev support for Verified Boot for Embedded (SPL)"
+ depends on SPL && FIT
+ default y if VPL
+ help
+ Enables support for VBE boot. This is a standard boot method which
+ supports selection of various firmware components, seleciton of an OS to
+ boot as well as updating these using fwupd.
+
+config VPL_BOOTMETH_VBE
+ bool "Bootdev support for Verified Boot for Embedded (VPL)"
+ depends on VPL && FIT
+ default y
+ help
+ Enables support for VBE boot. This is a standard boot method which
+ supports selection of various firmware components, seleciton of an OS to
+ boot as well as updating these using fwupd.
+
if BOOTMETH_VBE
config BOOTMETH_VBE_SIMPLE
@@ -418,6 +507,54 @@ config BOOTMETH_VBE_SIMPLE
firmware image in boot media such as MMC. It does not support any sort
of rollback, recovery or A/B boot.
+config BOOTMETH_VBE_SIMPLE_OS
+ bool "Bootdev support for VBE 'simple' method OS phase"
+ default y
+ help
+ Enables support for the OS parts of VBE 'simple' boot. This includes
+ fixing up the device tree with the required VBE information, ready
+ for booting into the OS. This option is only enabled for U-Boot
+ proper, since it is the phase where device tree fixups happen.
+
+config SPL_BOOTMETH_VBE_SIMPLE
+ bool "Bootdev support for VBE 'simple' method (SPL)"
+ depends on SPL
+ default y if VPL
+ help
+ Enables support for VBE 'simple' boot. This allows updating a single
+ firmware image in boot media such as MMC. It does not support any sort
+ of rollback, recovery or A/B boot.
+
+config VPL_BOOTMETH_VBE_SIMPLE
+ bool "Bootdev support for VBE 'simple' method (VPL)"
+ depends on VPL
+ default y
+ help
+ Enables support for VBE 'simple' boot. This allows updating a single
+ firmware image in boot media such as MMC. It does not support any sort
+ of rollback, recovery or A/B boot.
+
+config SPL_BOOTMETH_VBE_SIMPLE_FW
+ bool "Bootdev support for VBE 'simple' method firmware phase (SPL)"
+ depends on VPL
+ default y
+ help
+ Enables support for the firmware parts of VBE 'simple' boot. This
+ includes an SPL loader which locates the correct U-Boot to boot into.
+ This option should really only be enabled for VPL, since it is the
+ phase where the SPL + U-Boot decision should be made. But for now,
+ SPL does its own FIT-configuration selection.
+
+config VPL_BOOTMETH_VBE_SIMPLE_FW
+ bool "Bootdev support for VBE 'simple' method firmware phase (VPL)"
+ depends on VPL
+ default y
+ help
+ Enables support for the firmware parts of VBE 'simple' boot. This
+ includes an SPL loader which locates the correct SPL to boot into.
+ This option enabled for VPL, since it is the phase where the SPL
+ decision is made.
+
endif # BOOTMETH_VBE
config BOOTMETH_SANDBOX
diff --git a/boot/vbe_simple_os.c b/boot/vbe_simple_os.c
index 058db6154b0..87778bba97e 100644
--- a/boot/vbe_simple_os.c
+++ b/boot/vbe_simple_os.c
@@ -80,7 +80,7 @@ static int bootmeth_vbe_simple_ft_fixup(void *ctx, struct event *event)
ret = device_probe(dev);
if (ret)
return log_msg_ret("probe", ret);
- ret = simple_read_state(dev, &state);
+ ret = vbe_simple_read_state(dev, &state);
if (ret)
return log_msg_ret("read", ret);
diff --git a/common/spl/Kconfig.vpl b/common/spl/Kconfig.vpl
index f33162276d9..ae1a3c724f3 100644
--- a/common/spl/Kconfig.vpl
+++ b/common/spl/Kconfig.vpl
@@ -133,6 +133,36 @@ config VPL_I2C_SUPPORT
Enable support for the I2C bus in VPL. Vee SPL_I2C_SUPPORT for
details.
+config VPL_MMC
+ bool "Support MMC in VPL"
+ depends on VPL && MMC
+ default y if MMC
+ help
+ Enable support for MMC (Multimedia Card) within VPL This enables
+ the MMC protocol implementation and allows any enabled drivers to
+ be used within VPL. MMC can be used with or without disk partition
+ support depending on the application (SPL_LIBDISK_SUPPORT). Enable
+ this option to build the drivers in drivers/mmc as part of an VPL
+ build.
+
+config VPL_DM_MMC
+ bool "Enable MMC controllers using Driver Model in VPL"
+ depends on VPL_DM && DM_MMC
+ default y
+ help
+ This enables the MultiMediaCard (MMC) uclass which supports MMC and
+ Secure Digital I/O (SDIO) cards. Both removable (SD, micro-SD, etc.)
+ and non-removable (e.g. eMMC chip) devices are supported. These
+ appear as block devices in U-Boot and can support filesystems such
+ as EXT4 and FAT.
+
+config VPL_MMC_WRITE
+ bool "MMC/SD/SDIO card support for write operations in VPL"
+ depends on VPL_MMC
+ default y
+ help
+ Enable write access to MMC and SD Cards in VPL
+
config VPL_PCH_SUPPORT
bool "Support PCH drivers"
default y if TPL_PCH_SUPPORT
diff --git a/configs/sandbox_vpl_defconfig b/configs/sandbox_vpl_defconfig
index 210a50dcad8..b229aebdd9a 100644
--- a/configs/sandbox_vpl_defconfig
+++ b/configs/sandbox_vpl_defconfig
@@ -4,7 +4,10 @@ CONFIG_SPL_LIBGENERIC_SUPPORT=y
CONFIG_NR_DRAM_BANKS=1
CONFIG_ENV_SIZE=0x2000
CONFIG_DEFAULT_DEVICE_TREE="sandbox"
+CONFIG_SPL_TEXT_BASE=0x100000
+CONFIG_SPL_MMC=y
CONFIG_SPL_SERIAL=y
+CONFIG_TPL_TEXT_BASE=0x100000
CONFIG_TPL_LIBCOMMON_SUPPORT=y
CONFIG_TPL_LIBGENERIC_SUPPORT=y
CONFIG_TPL_SERIAL=y
@@ -23,6 +26,7 @@ CONFIG_DISTRO_DEFAULTS=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_BEST_MATCH=y
CONFIG_SPL_LOAD_FIT=y
# CONFIG_USE_SPL_FIT_GENERATOR is not set
CONFIG_BOOTSTAGE=y
@@ -47,6 +51,7 @@ CONFIG_TPL_I2C=y
CONFIG_TPL_RTC=y
CONFIG_VPL=y
CONFIG_VPL_ENV_SUPPORT=y
+CONFIG_VPL_TEXT_BASE=0x100000
CONFIG_CMD_CPU=y
CONFIG_CMD_LICENSE=y
CONFIG_CMD_BOOTZ=y
@@ -98,7 +103,9 @@ CONFIG_CMD_CBFS=y
CONFIG_CMD_CRAMFS=y
CONFIG_CMD_EXT4_WRITE=y
CONFIG_MAC_PARTITION=y
-CONFIG_AMIGA_PARTITION=y
+# CONFIG_SPL_MAC_PARTITION is not set
+# CONFIG_SPL_DOS_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
CONFIG_OF_CONTROL=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_TPL_OF_CONTROL=y
@@ -113,6 +120,7 @@ CONFIG_NETCONSOLE=y
CONFIG_IP_DEFRAG=y
CONFIG_SPL_DM=y
CONFIG_TPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
CONFIG_DM_DMA=y
CONFIG_REGMAP=y
CONFIG_SPL_REGMAP=y
@@ -226,6 +234,8 @@ CONFIG_SPL_SYSRESET=y
CONFIG_TPL_SYSRESET=y
CONFIG_DM_THERMAL=y
CONFIG_TIMER=y
+CONFIG_SPL_TIMER=y
+CONFIG_VPL_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_USB=y
@@ -246,6 +256,7 @@ CONFIG_CMD_DHRYSTONE=y
CONFIG_RSA_VERIFY_WITH_PKEY=y
CONFIG_TPM=y
CONFIG_LZ4=y
+# CONFIG_VPL_LZMA is not set
CONFIG_ERRNO_STR=y
CONFIG_UNIT_TEST=y
CONFIG_SPL_UNIT_TEST=y
diff --git a/test/py/tests/test_event_dump.py b/test/py/tests/test_event_dump.py
index 5da2e191dfa..da196df4c3e 100644
--- a/test/py/tests/test_event_dump.py
+++ b/test/py/tests/test_event_dump.py
@@ -17,5 +17,6 @@ def test_event_dump(u_boot_console):
expect = '''.*Event type Id Source location
-------------------- ------------------------------ ------------------------------
EVT_FT_FIXUP bootmeth_vbe_ft_fixup .*boot/vbe_request.c:.*
+EVT_FT_FIXUP bootmeth_vbe_simple_ft_fixup .*boot/vbe_simple_os.c:.*
EVT_MISC_INIT_F sandbox_misc_init_f .*arch/sandbox/cpu/start.c:'''
assert re.match(expect, out, re.MULTILINE) is not None
--
2.38.0.135.g90850a2211-goog
More information about the U-Boot
mailing list