diff options
Diffstat (limited to 'boot')
| -rw-r--r-- | boot/Kconfig | 137 | ||||
| -rw-r--r-- | boot/vbe_simple_os.c | 2 |
2 files changed, 138 insertions, 1 deletions
diff --git a/boot/Kconfig b/boot/Kconfig index 6eb056def0..93344975a6 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -292,6 +292,57 @@ config SPL_FIT_GENERATOR endif # SPL +if VPL + +config VPL_FIT + bool "Support Flattened Image Tree within VPL" + depends on VPL + default y + select VPL_HASH + select VPL_OF_LIBFDT + +config VPL_FIT_PRINT + bool "Support FIT printing within VPL" + depends on VPL_FIT + default y + help + Support printing the content of the fitImage in a verbose manner in VPL. + +config VPL_FIT_FULL_CHECK + bool "Do a full check of the FIT before using it" + default y + help + Enable this do a full check of the FIT to make sure it is valid. This + helps to protect against carefully crafted FITs which take advantage + of bugs or omissions in the code. This includes a bad structure, + multiple root nodes and the like. + +config VPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within VPL" + depends on VPL_DM + depends on VPL_LOAD_FIT || VPL_LOAD_FIT_FULL + default y + select FIT_SIGNATURE + select VPL_FIT + select VPL_CRYPTO + select VPL_HASH + imply VPL_RSA + imply VPL_RSA_VERIFY + select VPL_IMAGE_SIGN_INFO + select VPL_FIT_FULL_CHECK + +config VPL_FIT_SIGNATURE_MAX_SIZE + hex "Max size of signed FIT structures in VPL" + depends on VPL_FIT_SIGNATURE + default 0x10000000 + help + This option sets a max size in bytes for verified FIT uImages. + A sane value of 256MB protects corrupted DTB structures from overlapping + device memory. Assure this size does not extend past expected storage + space. + +endif # VPL + endif # FIT config PXE_UTILS @@ -334,6 +385,26 @@ config BOOTSTD_FULL - support for selecting the ordering of bootdevs using the devicetree as well as the "boot_targets" environment variable +config SPL_BOOTSTD + bool "Standard boot support in VPL" + depends on SPL && SPL_DM && SPL_OF_CONTROL && SPL_BLK + default y if VPL + help + This enables standard boot in SPL. This is neeeded so that VBE + (Verified Boot for Embedded) can be used, since it depends on standard + boot. It is enabled by default since the main purpose of VPL is to + handle the firmware part of VBE. + +config VPL_BOOTSTD + bool "Standard boot support in VPL" + depends on VPL && VPL_DM && VPL_OF_CONTROL && VPL_BLK + default y + help + This enables standard boot in SPL. This is neeeded so that VBE + (Verified Boot for Embedded) can be used, since it depends on standard + boot. It is enabled by default since the main purpose of VPL is to + handle the firmware part of VBE. + if BOOTSTD config BOOTSTD_BOOTCOMMAND @@ -408,6 +479,24 @@ config BOOTMETH_VBE supports selection of various firmware components, seleciton of an OS to boot as well as updating these using fwupd. +config SPL_BOOTMETH_VBE + bool "Bootdev support for Verified Boot for Embedded (SPL)" + depends on SPL && FIT + default y if VPL + help + Enables support for VBE boot. This is a standard boot method which + supports selection of various firmware components, seleciton of an OS to + boot as well as updating these using fwupd. + +config VPL_BOOTMETH_VBE + bool "Bootdev support for Verified Boot for Embedded (VPL)" + depends on VPL && FIT + default y + help + Enables support for VBE boot. This is a standard boot method which + supports selection of various firmware components, seleciton of an OS to + boot as well as updating these using fwupd. + if BOOTMETH_VBE config BOOTMETH_VBE_SIMPLE @@ -418,6 +507,54 @@ config BOOTMETH_VBE_SIMPLE firmware image in boot media such as MMC. It does not support any sort of rollback, recovery or A/B boot. +config BOOTMETH_VBE_SIMPLE_OS + bool "Bootdev support for VBE 'simple' method OS phase" + default y + help + Enables support for the OS parts of VBE 'simple' boot. This includes + fixing up the device tree with the required VBE information, ready + for booting into the OS. This option is only enabled for U-Boot + proper, since it is the phase where device tree fixups happen. + +config SPL_BOOTMETH_VBE_SIMPLE + bool "Bootdev support for VBE 'simple' method (SPL)" + depends on SPL + default y if VPL + help + Enables support for VBE 'simple' boot. This allows updating a single + firmware image in boot media such as MMC. It does not support any sort + of rollback, recovery or A/B boot. + +config VPL_BOOTMETH_VBE_SIMPLE + bool "Bootdev support for VBE 'simple' method (VPL)" + depends on VPL + default y + help + Enables support for VBE 'simple' boot. This allows updating a single + firmware image in boot media such as MMC. It does not support any sort + of rollback, recovery or A/B boot. + +config SPL_BOOTMETH_VBE_SIMPLE_FW + bool "Bootdev support for VBE 'simple' method firmware phase (SPL)" + depends on VPL + default y + help + Enables support for the firmware parts of VBE 'simple' boot. This + includes an SPL loader which locates the correct U-Boot to boot into. + This option should really only be enabled for VPL, since it is the + phase where the SPL + U-Boot decision should be made. But for now, + SPL does its own FIT-configuration selection. + +config VPL_BOOTMETH_VBE_SIMPLE_FW + bool "Bootdev support for VBE 'simple' method firmware phase (VPL)" + depends on VPL + default y + help + Enables support for the firmware parts of VBE 'simple' boot. This + includes an SPL loader which locates the correct SPL to boot into. + This option enabled for VPL, since it is the phase where the SPL + decision is made. + endif # BOOTMETH_VBE config BOOTMETH_SANDBOX diff --git a/boot/vbe_simple_os.c b/boot/vbe_simple_os.c index 058db6154b..87778bba97 100644 --- a/boot/vbe_simple_os.c +++ b/boot/vbe_simple_os.c @@ -80,7 +80,7 @@ static int bootmeth_vbe_simple_ft_fixup(void *ctx, struct event *event) ret = device_probe(dev); if (ret) return log_msg_ret("probe", ret); - ret = simple_read_state(dev, &state); + ret = vbe_simple_read_state(dev, &state); if (ret) return log_msg_ret("read", ret); |