U-Boot provides a verified-boot feature based around FIT, but there is no standard way of implementing it for a board. At present the various required pieces must be built up separately, to produce a working implementation. In particular, there is no built-in support for selecting A/B boot or recovery mode.
This series introduces VPL, a verified program loader phase for U-Boot. Its purpose is to run the verified-boot process and decide which SPL binary should be run. It is critical that this decision happens before SPL runs, since SPL sets up SDRAM and we need to be able to update the SDRAM-init code in the field.
Adding VPL into the boot flow provides a standard place to implement verified boot. This series includes the phase itself, some useful Kconfig options and a sandbox_vpl build for sandbox. No verfied-boot support is provided in this series.
Most of the patches in this series are fixes and improvements to docs and various Kconfig conditions for SPL.
This series requires the earlier sandbox fix patches[1] to be applied first. A test is included to make sure that VPL runs correctly for sandbox, i.e. that the TPL -> VPL -> SPL -> U-Boot flow works.
Future work will add an implementation of verified boot into VPL.
[1] https://patchwork.ozlabs.org/project/uboot/list/?series=297248
Changes in v8: - Rename the VPL symbols in spl.c - Support SYSCON and REGMAP too - Update defconfig to account for option changes - Drop reference to old OF_HOSTFILE option - Add new patch to support running vpl tests
Changes in v7: - Add a few more options - Rebase to master - Update some options based on settings in master
Changes in v6: - Add docs for sandbox_vpl build - Drop TPL_HASH_SUPPORT patch since we only have SPL_HASH now
Changes in v5: - Rebase this patch on mainline (for GPIO and MISC Kconfig renames)
Changes in v4: - Add new patch to correct bloblist Kconfig dependencies - Add new patch to avoid building avb in SPL - Update spl_phase_prefix() for VPL - Tidy up some of the Makefile rules - Add options for blk, core, misc and tpl also - Add VPL_SIZE_LIMIT - Add a sandbox_vpl build - Update cover letter
Changes in v3: - Move VPL Kconfig options to a separate patch - Add full build support for VPL - Add a VPL size check (Kconfig option in next patch)
Changes in v2: - Add some more VPL Kconfig options
Simon Glass (13): doc: Convert SPL documentation to ReST doc: Expand SPL docs to explain the phase and config test: Tidy up test building with SPL bloblist: Correct Kconfig dependencies avb: Don't build in SPL Makefile: Simplify devicetree rules for SPL/TPL Makefile: Tidy up the TPL build rules Introduce Verifying Program Loader (VPL) vpl: Add Kconfig options for VPL sandbox: Add a build for VPL vpl: Support running vpl tests vpl: Test that VPL runs correctly through to U-Boot proper CI: Run VPL tests
.azure-pipelines.yml | 3 + .gitlab-ci.yml | 6 + Kconfig | 10 ++ Makefile | 28 +++- arch/sandbox/Kconfig | 8 + arch/sandbox/cpu/spl.c | 12 +- arch/sandbox/dts/sandbox.dtsi | 10 +- board/sandbox/MAINTAINERS | 7 + common/Kconfig | 71 +++++++- common/Makefile | 2 +- common/spl/Kconfig | 234 +++++++++++++++++++++++++- common/spl/spl.c | 25 ++- configs/sandbox_vpl_defconfig | 251 ++++++++++++++++++++++++++++ doc/arch/sandbox.rst | 13 ++ doc/develop/index.rst | 1 + doc/{README.SPL => develop/spl.rst} | 75 +++++++-- drivers/Makefile | 2 + drivers/block/Kconfig | 12 ++ drivers/clk/Kconfig | 26 +++ drivers/core/Kconfig | 54 +++++- drivers/core/Makefile | 2 +- drivers/gpio/Kconfig | 11 ++ drivers/i2c/Kconfig | 11 ++ drivers/misc/Kconfig | 28 ++++ drivers/pinctrl/Kconfig | 18 +- drivers/rtc/Kconfig | 9 + drivers/serial/Kconfig | 20 +++ drivers/sysreset/Kconfig | 10 ++ drivers/timer/Kconfig | 10 ++ drivers/tpm/Kconfig | 30 ++++ dts/Kconfig | 17 ++ include/bootstage.h | 2 + include/linux/kconfig.h | 3 + include/spl.h | 22 ++- lib/Kconfig | 62 +++++++ scripts/Kbuild.include | 4 + scripts/Makefile.autoconf | 12 ++ scripts/Makefile.build | 4 + scripts/Makefile.lib | 5 + scripts/Makefile.spl | 37 ++-- test/py/conftest.py | 7 +- test/py/tests/test_help.py | 12 ++ test/py/tests/test_vpl.py | 34 ++++ test/py/u_boot_console_sandbox.py | 7 +- 44 files changed, 1167 insertions(+), 60 deletions(-) create mode 100644 configs/sandbox_vpl_defconfig rename doc/{README.SPL => develop/spl.rst} (68%) create mode 100644 test/py/tests/test_vpl.py