[U-Boot] [PATCH v4 0/6] Allow disabling non-FIT image loading from SPL
Hello all,
To address a needed feature brought up by Andreas[0], we need a way to disable SPL from loading non-FIT images.
The function spl_parse_image_header is common to all SPL loading paths (common/spl/spl_(nand|net|nor|etc..)) so we add the check here.
This version of the series is a bit different than the last 2 due to suggestions by Simon, instead of a negative option disabling non-FIT images, we allow the other image format's support to be toggled off, and do that on HS boards.
Thanks, Andrew
[0] https://www.mail-archive.com/u-boot@lists.denx.de/msg219253.html
Changes from v3: - Add debug print as suggested by Simon
Andrew F. Davis (6): spl: Convert CONFIG_SPL_ABORT_ON_RAW_IMAGE into a positive option spl: Add option to enable SPL Legacy image support ARM: AM335x: Disable non-FIT based image loading for HS devices ARM: AM43xx: Disable non-FIT based image loading for HS devices ARM: AM57xx: Disable non-FIT based image loading for HS devices ARM: DRA7xx: Disable non-FIT based image loading for HS devices
Kconfig | 15 +++++++++++++++ README | 4 ---- common/spl/spl.c | 20 ++++++++++++++------ configs/am335x_hs_evm_defconfig | 2 ++ configs/am43xx_hs_evm_defconfig | 2 ++ configs/am57xx_hs_evm_defconfig | 2 ++ configs/dra7xx_hs_evm_defconfig | 2 ++ include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +- include/spl.h | 2 +- 10 files changed, 41 insertions(+), 14 deletions(-)
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it encounters RAW images, express this same functionality as a positive option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Signed-off-by: Andrew F. Davis afd@ti.com --- Kconfig | 7 +++++++ README | 4 ---- common/spl/spl.c | 10 ++++++---- include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +- include/spl.h | 2 +- 6 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/Kconfig b/Kconfig index 81b4226463..cfc8f929ee 100644 --- a/Kconfig +++ b/Kconfig @@ -291,6 +291,13 @@ config SYS_TEXT_BASE help TODO: Move CONFIG_SYS_TEXT_BASE for all the architecture
+config SPL_RAW_IMAGE_SUPPORT + bool "Support SPL loading and booting of RAW images" + default y + help + SPL will support loading and booting a RAW image when this option + is y. If this is not set, SPL will move on to other available + boot media to find a suitable image.
config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI diff --git a/README b/README index 4f0dbd4fca..a45c6b88bf 100644 --- a/README +++ b/README @@ -3279,10 +3279,6 @@ FIT uImage format: consider that a completely unreadable NAND block is bad, and thus should be skipped silently.
- CONFIG_SPL_ABORT_ON_RAW_IMAGE - When defined, SPL will proceed to another boot method - if the image it has loaded does not have a signature. - CONFIG_SPL_RELOC_STACK Adress of the start of the stack SPL will use after relocation. If unspecified, this is equal to diff --git a/common/spl/spl.c b/common/spl/spl.c index 766fb3d6f4..da8f55eef6 100644 --- a/common/spl/spl.c +++ b/common/spl/spl.c @@ -146,16 +146,18 @@ int spl_parse_image_header(struct spl_image_info *spl_image, } #endif
-#ifdef CONFIG_SPL_ABORT_ON_RAW_IMAGE - /* Signature not found, proceed to other boot methods. */ - return -EINVAL; -#else +#ifdef CONFIG_SPL_RAW_IMAGE_SUPPORT /* Signature not found - assume u-boot.bin */ debug("mkimage signature not found - ih_magic = %x\n", header->ih_magic); spl_set_header_raw_uboot(spl_image); +#else + /* RAW image not supported, proceed to other boot methods. */ + debug("Raw boot image support not enabled, proceeding to other boot methods"); + return -EINVAL; #endif } + return 0; }
diff --git a/include/configs/imx6_spl.h b/include/configs/imx6_spl.h index c5a035fccf..acaf81b6b9 100644 --- a/include/configs/imx6_spl.h +++ b/include/configs/imx6_spl.h @@ -45,14 +45,14 @@ #if defined(CONFIG_SPL_MMC_SUPPORT) #define CONFIG_SYS_MMCSD_FS_BOOT_PARTITION 1 #define CONFIG_SYS_MONITOR_LEN 409600 /* 400 KB */ -#define CONFIG_SPL_ABORT_ON_RAW_IMAGE +#undef CONFIG_SPL_RAW_IMAGE_SUPPORT #endif
/* SATA support */ #if defined(CONFIG_SPL_SATA_SUPPORT) #define CONFIG_SPL_SATA_BOOT_DEVICE 0 #define CONFIG_SYS_SATA_FAT_BOOT_PARTITION 1 -#define CONFIG_SPL_ABORT_ON_RAW_IMAGE +#undef CONFIG_SPL_RAW_IMAGE_SUPPORT #endif
/* Define the payload for FAT/EXT support */ diff --git a/include/configs/socfpga_de1_soc.h b/include/configs/socfpga_de1_soc.h index 2278357fc6..6f5506f542 100644 --- a/include/configs/socfpga_de1_soc.h +++ b/include/configs/socfpga_de1_soc.h @@ -50,6 +50,6 @@ /* The rest of the configuration is shared */ #include <configs/socfpga_common.h>
-#define CONFIG_SPL_ABORT_ON_RAW_IMAGE +#undef CONFIG_SPL_RAW_IMAGE_SUPPORT
#endif /* __CONFIG_TERASIC_DE1_SOC_H__ */ diff --git a/include/spl.h b/include/spl.h index bde44374ea..270798c988 100644 --- a/include/spl.h +++ b/include/spl.h @@ -85,7 +85,7 @@ void spl_set_header_raw_uboot(struct spl_image_info *spl_image); * This parses the legacy image header information at @header and sets up * @spl_image according to what is found. If no image header is found, then * a raw image or bootz is assumed. If CONFIG_SPL_PANIC_ON_RAW_IMAGE is - * enabled, then this causes a panic. If CONFIG_SPL_ABORT_ON_RAW_IMAGE is + * enabled, then this causes a panic. If CONFIG_SPL_RAW_IMAGE_SUPPORT is not * enabled then U-Boot gives up. Otherwise U-Boot sets up the image using * spl_set_header_raw_uboot(), or possibly the bootz header. *
On Mon, Feb 13, 2017 at 12:47:36PM -0600, Andrew F. Davis wrote:
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it encounters RAW images, express this same functionality as a positive option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Signed-off-by: Andrew F. Davis afd@ti.com
Kconfig | 7 +++++++ README | 4 ---- common/spl/spl.c | 10 ++++++---- include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +-
OK, with this in Kconfig, we need to migrate the appropriate configs/ files rather than tweak include/configs/ files again. I think moveconfig.py will be reasonable to run here given that you can pass a list of defconfigs to look at (anything that sets CONFIG_IMX6 and so on). Thanks!
On 02/14/2017 02:15 PM, Tom Rini wrote:
On Mon, Feb 13, 2017 at 12:47:36PM -0600, Andrew F. Davis wrote:
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it encounters RAW images, express this same functionality as a positive option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Signed-off-by: Andrew F. Davis afd@ti.com
Kconfig | 7 +++++++ README | 4 ---- common/spl/spl.c | 10 ++++++---- include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +-
OK, with this in Kconfig, we need to migrate the appropriate configs/ files rather than tweak include/configs/ files again. I think moveconfig.py will be reasonable to run here given that you can pass a list of defconfigs to look at (anything that sets CONFIG_IMX6 and so on). Thanks!
It does, and it removes the symbols I tweaked in the include/configs/ automatically. The issue is that it also caused a lot of churn in the defconfig files as a lot of symbols have become out of order and get re-ordered. With other similar patches re-ordering defconfig symbols this would be trouble for you to merge and for me to rebase if it needs a re-spin. Maybe moveconfig.py could be done on your side when patches like this are taken?
I'll post the patch generated by tools/moveconfig.py -c -v SPL_RAW_IMAGE_SUPPORT but it may be very large and I cannot guarantee it will not have +300 merge conflicts for you to handle if you take it with other defconfig fixup patches :)
Andrew
On Tue, Feb 14, 2017 at 02:32:42PM -0600, Andrew F. Davis wrote:
On 02/14/2017 02:15 PM, Tom Rini wrote:
On Mon, Feb 13, 2017 at 12:47:36PM -0600, Andrew F. Davis wrote:
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it encounters RAW images, express this same functionality as a positive option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Signed-off-by: Andrew F. Davis afd@ti.com
Kconfig | 7 +++++++ README | 4 ---- common/spl/spl.c | 10 ++++++---- include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +-
OK, with this in Kconfig, we need to migrate the appropriate configs/ files rather than tweak include/configs/ files again. I think moveconfig.py will be reasonable to run here given that you can pass a list of defconfigs to look at (anything that sets CONFIG_IMX6 and so on). Thanks!
It does, and it removes the symbols I tweaked in the include/configs/ automatically. The issue is that it also caused a lot of churn in the defconfig files as a lot of symbols have become out of order and get re-ordered. With other similar patches re-ordering defconfig symbols this would be trouble for you to merge and for me to rebase if it needs a re-spin. Maybe moveconfig.py could be done on your side when patches like this are taken?
So in this case, the way you deal with it is: 1) Do a moveconfig.py -s and commit the results. 2) Do the rest of your patches 3) Drop that first patch and post. If it doesn't apply cleanly (sometimes it in fact does), I end up dealing with the fallout.
It's easier for me to deal with fixing defconfig fails to apply than it is to be sure that everything is migrated correctly and as intended.
On 02/14/2017 03:04 PM, Tom Rini wrote:
On Tue, Feb 14, 2017 at 02:32:42PM -0600, Andrew F. Davis wrote:
On 02/14/2017 02:15 PM, Tom Rini wrote:
On Mon, Feb 13, 2017 at 12:47:36PM -0600, Andrew F. Davis wrote:
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it encounters RAW images, express this same functionality as a positive option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Signed-off-by: Andrew F. Davis afd@ti.com
Kconfig | 7 +++++++ README | 4 ---- common/spl/spl.c | 10 ++++++---- include/configs/imx6_spl.h | 4 ++-- include/configs/socfpga_de1_soc.h | 2 +-
OK, with this in Kconfig, we need to migrate the appropriate configs/ files rather than tweak include/configs/ files again. I think moveconfig.py will be reasonable to run here given that you can pass a list of defconfigs to look at (anything that sets CONFIG_IMX6 and so on). Thanks!
It does, and it removes the symbols I tweaked in the include/configs/ automatically. The issue is that it also caused a lot of churn in the defconfig files as a lot of symbols have become out of order and get re-ordered. With other similar patches re-ordering defconfig symbols this would be trouble for you to merge and for me to rebase if it needs a re-spin. Maybe moveconfig.py could be done on your side when patches like this are taken?
So in this case, the way you deal with it is:
- Do a moveconfig.py -s and commit the results.
- Do the rest of your patches
- Drop that first patch and post. If it doesn't apply cleanly
(sometimes it in fact does), I end up dealing with the fallout.
It's easier for me to deal with fixing defconfig fails to apply than it is to be sure that everything is migrated correctly and as intended.
Works for me, I'll post v5 with this change.
Thanks, Andrew
Add a Kconfig option that enables Legacy image support, this allows boards to explicitly disable this, for instance when needed for security reasons.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- Kconfig | 8 ++++++++ common/spl/spl.c | 10 ++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/Kconfig b/Kconfig index cfc8f929ee..8504199493 100644 --- a/Kconfig +++ b/Kconfig @@ -299,6 +299,14 @@ config SPL_RAW_IMAGE_SUPPORT is y. If this is not set, SPL will move on to other available boot media to find a suitable image.
+config SPL_LEGACY_IMAGE_SUPPORT + bool "Support SPL loading and booting of Legacy images" + default y + help + SPL will support loading and booting Legacy images when this option + is y. If this is not set, SPL will move on to other available + boot media to find a suitable image. + config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI int "CPU clock frequency" diff --git a/common/spl/spl.c b/common/spl/spl.c index da8f55eef6..3d6c0ecba1 100644 --- a/common/spl/spl.c +++ b/common/spl/spl.c @@ -93,9 +93,10 @@ void spl_set_header_raw_uboot(struct spl_image_info *spl_image) int spl_parse_image_header(struct spl_image_info *spl_image, const struct image_header *header) { - u32 header_size = sizeof(struct image_header); - if (image_get_magic(header) == IH_MAGIC) { +#ifdef CONFIG_SPL_LEGACY_IMAGE_SUPPORT + u32 header_size = sizeof(struct image_header); + if (spl_image->flags & SPL_COPY_PAYLOAD_ONLY) { /* * On some system (e.g. powerpc), the load-address and @@ -118,6 +119,11 @@ int spl_parse_image_header(struct spl_image_info *spl_image, debug("spl: payload image: %.*s load addr: 0x%lx size: %d\n", (int)sizeof(spl_image->name), spl_image->name, spl_image->load_addr, spl_image->size); +#else + /* LEGACY image not supported */ + debug("Legacy boot image support not enabled, proceeding to other boot methods"); + return -EINVAL; +#endif } else { #ifdef CONFIG_SPL_PANIC_ON_RAW_IMAGE /*
On Mon, Feb 13, 2017 at 12:47:37PM -0600, Andrew F. Davis wrote:
Add a Kconfig option that enables Legacy image support, this allows boards to explicitly disable this, for instance when needed for security reasons.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Tom Rini trini@konsulko.com
Disable support for loading non-FIT images for AM335x platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/am335x_hs_evm_defconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/configs/am335x_hs_evm_defconfig b/configs/am335x_hs_evm_defconfig index d6224bcdfb..374540906c 100644 --- a/configs/am335x_hs_evm_defconfig +++ b/configs/am335x_hs_evm_defconfig @@ -14,6 +14,8 @@ CONFIG_SYS_EXTRA_OPTIONS="NAND" CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y CONFIG_FIT_IMAGE_POST_PROCESS=y +# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SYS_CONSOLE_INFO_QUIET=y CONFIG_VERSION_VARIABLE=y CONFIG_SPL=y
On Mon, Feb 13, 2017 at 12:47:38PM -0600, Andrew F. Davis wrote:
Disable support for loading non-FIT images for AM335x platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Tom Rini trini@konsulko.com
Disable support for loading non-FIT images for AM43xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/am43xx_hs_evm_defconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/configs/am43xx_hs_evm_defconfig b/configs/am43xx_hs_evm_defconfig index 8bb1b3535a..fabf876621 100644 --- a/configs/am43xx_hs_evm_defconfig +++ b/configs/am43xx_hs_evm_defconfig @@ -10,6 +10,8 @@ CONFIG_FIT=y CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SYS_EXTRA_OPTIONS="CONS_INDEX=1, NAND" CONFIG_SYS_CONSOLE_INFO_QUIET=y CONFIG_VERSION_VARIABLE=y
On Mon, Feb 13, 2017 at 12:47:39PM -0600, Andrew F. Davis wrote:
Disable support for loading non-FIT images for AM43xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Tom Rini trini@konsulko.com
Disable support for loading non-FIT images for AM57xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/am57xx_hs_evm_defconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/configs/am57xx_hs_evm_defconfig b/configs/am57xx_hs_evm_defconfig index 7e84ccddf3..4adbde427b 100644 --- a/configs/am57xx_hs_evm_defconfig +++ b/configs/am57xx_hs_evm_defconfig @@ -14,6 +14,8 @@ CONFIG_FIT=y CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y CONFIG_VERSION_VARIABLE=y
On Mon, Feb 13, 2017 at 12:47:40PM -0600, Andrew F. Davis wrote:
Disable support for loading non-FIT images for AM57xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Tom Rini trini@konsulko.com
Disable support for loading non-FIT images for DRA7xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/dra7xx_hs_evm_defconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/configs/dra7xx_hs_evm_defconfig b/configs/dra7xx_hs_evm_defconfig index 244940cd6c..c5e7b16c8b 100644 --- a/configs/dra7xx_hs_evm_defconfig +++ b/configs/dra7xx_hs_evm_defconfig @@ -15,6 +15,8 @@ CONFIG_FIT=y CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y CONFIG_VERSION_VARIABLE=y
On Mon, Feb 13, 2017 at 12:47:41PM -0600, Andrew F. Davis wrote:
Disable support for loading non-FIT images for DRA7xx platforms using the high-security (HS) device variant.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Tom Rini trini@konsulko.com
participants (2)
-
Andrew F. Davis -
Tom Rini