Commit Graph

895 Commits

Author SHA1 Message Date
Thomas Petazzoni
65c99394ff boot/grub2: backport fixes for numerous CVEs
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).

So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.

It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.

This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.

All Grub test cases are working fine:

  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585
  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:54:23 +02:00
Baruch Siach
651429d0b8 boot/mv-ddr-marvell: fix build with gcc 12
gcc 12 added a warning that triggers on access to low addresses. Add a
patch to allow access since this is normal for low level code.

Rebase our existing patch on top. While at it, add also a proper
Upstream tag.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4795673785

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-12 16:23:21 +02:00
Thomas Petazzoni
503252d8b0 boot/lpc32xxcdl: remove package
This package has dubious licensing conditions (not even documented in
the .mk file), and is a bootloader for very old platforms. The
defconfigs making use of it have been removed in Buildroot in 2014, in
commit c6a410964b ("configs: remove
lpc32xx defconfigs"), so let's get rid of the package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
[yann.morin.1998@free.fr: remove reference in test]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-10 19:41:42 +02:00
Bernd Kuhls
07acc00add boot/at91dataflashboot: force arm mode instead of Thumb mode
The at91dataflashboot code contains some hand-written ARM assembly
that uses ARM classic instructions, and will not build in Thumb-1
mode.

This issue has always existed in Buildroot, but it's only since we
started testing random configurations, including Thumb-1
configurations, that this issue popped up.

Fixes:

  http://autobuild.buildroot.net/results/68bf2291201ef1882d8e8d3eca2b1a5ad731e4b0/

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 14:12:34 +02:00
Christian Stewart
f788a8f527 boot/uboot: add host-python-pylibfdt dependency if needed
Until now, BR2_TARGET_UBOOT_NEEDS_PYLIBFDT was only bringing host-swig
as a dependency, because U-Boot was building its own pylibfdt, which
requires host-swig.

However, since commit
231d79c81e ("boot/uboot: set DTC path
when BR2_TARGET_UBOOT_NEEDS_DTC"), in which we tell U-Boot to use the
Buildroot built DTC, a consequence is that U-Boot no longer builds its
own pylibfdt: it expects the system to provided it. So now,
BR2_TARGET_UBOOT_NEEDS_PYLIBFDT really needs to bring
host-python-pylibfdt. The dependency on host-swig is no longer needed,
as what we need is host-python-pylibfdt, and it is an internal detail
of pylibfdt that it needs host-swig to build.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/4749556137
  https://gitlab.com/buildroot.org/buildroot/-/jobs/4749556224
  https://gitlab.com/buildroot.org/buildroot/-/jobs/4749556227
  https://gitlab.com/buildroot.org/buildroot/-/jobs/4749556229
  https://gitlab.com/buildroot.org/buildroot/-/jobs/4749556230

Signed-off-by: Christian Stewart <christian@aperture.us>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 12:33:19 +02:00
Alexander Shiyan
624d50b20c boot/barebox: add optional dependencies on host-openssl and host-libusb
Some barebox targets need to build host tools (for example rockchip64
uses scripts/rkimage) that require some host libraries, such as
host-openssl or host-libusb. These are detected by the Barebox build
system using pkg-config.

In order to allow supporting such Barebox configurations, we add two
new options: BR2_TARGET_BAREBOX_NEEDS_OPENSSL and
BR2_TARGET_BAREBOX_NEEDS_LIBUSB that respectively allow to ensure that
host-openssl and/or host-libusb are built before Barebox.

Additionally, $(1)_MAKE_ENV is adjusted to ensure that when pkg-config
is run by the Barebox build system, it finds host libraries. This is
similar to what is done in U-Boot.

This allows to fix the following build failure:

  HOSTCC  scripts/rkimage
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
Package 'openssl', required by 'virtual:world', not found
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: /tmp/ccN8Xyaj.o: in function `main':
rkimage.c:(.text.startup+0x218): undefined reference to `SHA256_Init'
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: rkimage.c:(.text.startup+0x22b): undefined reference to `SHA256_Update'
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: rkimage.c:(.text.startup+0x23e): undefined reference to `SHA256_Final'
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: rkimage.c:(.text.startup+0x253): undefined reference to `SHA256_Init'
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: rkimage.c:(.text.startup+0x265): undefined reference to `SHA256_Update'
/usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: rkimage.c:(.text.startup+0x275): undefined reference to `SHA256_Final'
collect2: error: ld returned 1 exit status
make[2]: *** [scripts/Makefile.host:107: scripts/rkimage] Error 1
make[1]: *** [Makefile:976: scripts] Error 2

Signed-off-by: Alexander Shiyan <eagle.alexander923@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-28 22:40:39 +02:00
Julien Olivain
b21e072127 boot/edk2: remove superfluous =TRUE in DEBUG_ON_SERIAL_PORT macro definition
Commit 8e9c8e624f "boot/edk2: introduce a new _OVMF_DEBUG_ON_SERIAL
option" adds a build macro definition with a "=TRUE" value.

edk2 OVMF readme suggests to define the "DEBUG_ON_SERIAL_PORT" macro
_without_ the "=TRUE" in [1].

The example build.sh script calls build to set the macro _with_
"=TRUE" in [2].

The "Build_Utility_Man_Page.rtf" documentation in [3] does not specify
either what exactly happen when a macro is defined without any value.

Looking at the "build.py" code in [4] shows that a macro definition of
the form "-DMYMACRO" is indeed equivalent as "-DMYMACRO=TRUE". This
was also tested with a qemu virt x86_64 grub2 EFI boot image, to
verify behaviors remain the same.

This commit removes the superfluous "=TRUE" as requested by Yann in [5].

Removing the "=TRUE" make it a bit clearer that it is the macro
definition itself that will enable the feature, rather than its
value. Defining, -DDEBUG_ON_SERIAL_PORT=FALSE (OFF, 0, or anything
else that would suggest the feature is disabled) would do the
opposite of the desired effect, and enable the feature.

[1] https://github.com/tianocore/edk2/blob/edk2-stable202305/OvmfPkg/README#L95
[2] https://github.com/tianocore/edk2/blob/edk2-stable202305/OvmfPkg/build.sh#L252
[3] https://github.com/tianocore/edk2/tree/edk2-stable202305/BaseTools/UserManuals
[4] https://github.com/tianocore/edk2/blob/edk2-stable202305/BaseTools/Source/Python/build/build.py#L2531
[5] https://lists.buildroot.org/pipermail/buildroot/2023-July/671059.html

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-28 22:25:40 +02:00
Kilian Zinnecker
029296c748 boot/uboot: Add support for Rockchip binary blobs
Currently for some Rockchip SoCs binary blobs are needed, e.g., for
the RK3588 bl31 and tpl. These blobs are provided by Rockchip. This
patch adds U-Boot package options to use theses binaries, provided
by the rockchip-rkbin package, which is also introduced in this
patch series. The U-Boot package is modified so that it takes the
chosen binaries and automatically uses them during build.

Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
[yann.morin.1998@free.fr:
  - use already-qstripped variables from rockchip-rkbin
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-07-26 23:25:05 +02:00
Dario Binacchi
8771ca8a66 boot/u-boot: fix u-boot.stm32 creation on newer version
As reported in commit [1] of the U-Boot project, the config.mk file has
been suppressed in order to use binman to manage FIT
generation. Therefore, the "u-boot.stm32" make target should no longer
be used with recent versions of U-Boot.

The configuration option added by this comit allows the creation of
the u-boot.stm32 image for both recent versions of U-Boot, which use
binman, and older versions.

Legacy handling would have suggested that this new option should
"default y" to preserve existing behavior, but as moving forward all
U-Boot new versions will no longer need this u-boot.stm32 target, it
probably makes sense here to not comply with this backward
compatibility rule, as an exception.

[1] 5564b4cd4d5c69 ("stm32mp: add binman support for STM32MP15x")
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Tested-by: David Reaver <me@davidreaver.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-26 22:20:53 +02:00
Vincent Stehlé
f3597910cf boot/arm-trusted-firmware: add patch to fix fiptool link
When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
TF-A build recipe starts by building the host program fiptool with the
proper build environment variables. Then the main TF-A target firmware
build step takes place, with the expectation that the fiptool program will
be used under the hood if necessary.

In TF-A, the build recipe for the host program fiptool has subtly changed
after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
compatibility"). This change has the effect to force re-linking fiptool
each time.

If we try to build with Buildroot a fip firmware with a TF-A version after
v2.7 comprising the aforementioned change, the fiptool program is forcibly
re-linked during the main firmware build step. This happens without the
proper build environment variables and consequently, if openssl is not
installed on the host, the libcrypto shared library will not be found by
the linker and the link will fail with the following error:

  /usr/bin/ld: cannot find -lcrypto: No such file or directory

A patch has been integrated into TF-A to avoid re-linking fiptool when not
necessary, which should solve the problem starting with version v2.10. Add
that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
the cases described above.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
  - don't use symlink in v2.9, just copy patch
  - fix numbering in v2.8 which now has two patches
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-07-23 19:28:21 +02:00
Julien Olivain
8e9c8e624f boot/edk2: introduce a new _OVMF_DEBUG_ON_SERIAL option
When EDK2 OVMF is built with debug, messages are printed to
IO port 0x402. Those messages are not shown in the normal
Qemu emulated serial port. Enabling this option will print
debug messages on the emulated serial port, potentially
mixing messages with UEFI serial console output.

See OVMF README:
https://github.com/tianocore/edk2/blob/master/OvmfPkg/README

This option has been useful to debug problems such as [1], in which the
emulator was hanging at startup without any log. Enabling this option
show the debug message on the console, before hanging:

    ...
    PlatformCpuCountBugCheck: Present=0 Possible=1
    PlatformCpuCountBugCheck: Broken CPU hotplug register block found. Update QEMU to version 8+, or
    PlatformCpuCountBugCheck: to a stable release with commit dab30fbef389 backported. Refer to
    PlatformCpuCountBugCheck: <https://bugzilla.tianocore.org/show_bug.cgi?id=4250>.
    ...

[1] http://lists.busybox.net/pipermail/buildroot/2023-July/670807.html

Signed-off-by: Julien Olivain <ju.o@free.fr>
Tested-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-07-23 18:11:30 +02:00
James Hilliard
231d79c81e boot/uboot: set DTC path when BR2_TARGET_UBOOT_NEEDS_DTC
In order for host-dtc to get picked up properly we need to set
the DTC path passed to the build explicitly.

See:
https://github.com/u-boot/u-boot/blob/v2023.07.02/Makefile#L420

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-18 22:39:14 +02:00
Julien Olivain
6a91dbc5bc boot/edk2: bump to version edk2-stable202305
For change log since version edk2-stable202208, see:
- https://github.com/tianocore/edk2/releases/tag/edk2-stable202211
- https://github.com/tianocore/edk2/releases/tag/edk2-stable202302
- https://github.com/tianocore/edk2/releases/tag/edk2-stable202305

The main motivation of this bump is the RISC-V QEMU Virt support
introduced in edk2-stable202302 (not yet supported in Buildroot).

Cc: Dick Olsson <hi@senzilla.io>
Cc: Vincent Stehlé <vincent.stehle@arm.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-13 19:45:16 +02:00
Heiko Thiery
7b774048be boot/arm-trusted-firmware: fix build issue with binutils 2.39+
The new version of binutils introduces a new warning when linking. The
new warninng is enabled by default. To fix the issue this warning is
disabled by adding the patches to the arm-trusted-firmware package
v{2.2..2.8}. This is a backport of an upstream commit [1]

Since there are too many defconfigs that use the arm-trusted-firmware
package, it is not practical to create a global-patch-dir for all of them.
Therefore the patches are only in the package directory.

[1] 1f49db5f25

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4603996186
https://gitlab.com/buildroot.org/buildroot/-/jobs/4603996189

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: add proper Upstream: tags]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-07-10 23:39:18 +02:00
Bin Meng
39f1812e47 boot/opensbi: Bump to version 1.3
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-06-26 19:02:49 +02:00
Bin Meng
59c4515e92 boot/opensbi: Config.in: Cosmetic style fix
Use space intead of tab before 'if'.

Signed-off-by: Bin Meng <bmeng@tinylab.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-06-26 19:02:44 +02:00
Luca Ceresoli
e1e3050416 boot/uboot: document that the zynqmp pmufw can be in ELF format
This feature was added in commit d07e6b7071 ("boot/uboot/uboot.mk: add
pmufw.elf support"), document it in kconfig.

Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-05-13 12:49:16 +02:00
Etienne Carriere
65647f7b42 boot/optee-os: bump to version 3.21.0
Bumps OP-TEE OS package version to OP-TEE release 3.21.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-05-07 23:28:52 +02:00
Alistair Francis
64f1f82385 boot/opensbi: Bump to version 1.2
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-05-07 21:31:51 +02:00
Peter Korsgaard
df48bcd151 Merge branch 'next' 2023-03-12 22:45:36 +01:00
Fabrice Fontaine
8c44351907 boot/mxs-bootlets: fix build without any bootstream
Fix the following build failure raised since the addition of the package
in commit 2a636d1521:

sed -i 's,[^ *]power_prep.*;,\tpower_prep="/home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/power_prep/power_prep";,' /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/
sed: couldn't edit /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/: not a regular file

Fixes:
 - http://autobuild.buildroot.org/results/b4b26f6b02fd1991f46eba5db240e5050b96d333

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-27 17:03:15 +01:00
Vincent Stehlé
3254a2886a boot/boot-wrapper-aarch64: bump version
Bump boot-wrapper to the latest version.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-23 23:43:32 +01:00
Fabrice Fontaine
bd061466f9 boot/opensbi: fix build with empty OPENSBI_PLAT
Fix the following build failure when OPENSBI_PLAT is empty raised since
commit 9b5b7165de:

/usr/bin/install -m 0644 -D /nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin /nvmedata/autobuild/instance-4/output-1/images/fw_jump.bin
/usr/bin/install: cannot stat '/nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin': No such file or directory

Fixes:
 - http://autobuild.buildroot.org/results/8033327f090e4a3d84a7fce1f62b14fdf89dbd89

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-22 15:55:33 +01:00
Fabrice Fontaine
d868d09d3a boot/at91dataflashboot: disable stack-protector
Disable stack-protector to avoid the following build failure:

/home/buildroot/autobuild/instance-1/output-1/host/bin/arm-buildroot-linux-gnueabi-ld -T elf32-littlearm.lds -Ttext 0 -n -o DataflashBoot-1.05.out objs/cstartup_ram.o objs/at45.o objs/com.o objs/dataflash.o objs/div0.o objs/init.o objs/main.o objs/stdio.o objs/asm_isr.o objs/jump.o objs/_udivsi3.o objs/_umodsi3.o objs/led.o
/home/buildroot/autobuild/instance-1/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: objs/main.o: in function `main':
main.c:(.text.startup+0x834): undefined reference to `__stack_chk_guard'

Fixes:
 - http://autobuild.buildroot.org/results/502c54be4978e628724d72ee2a75d4c5e0a6ace8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-22 15:52:22 +01:00
AndreiCherniaev
7692d5beb2 boot/grub2: add details on grub.cfg location
Signed-off-by: AndreiCherniaev <cherniaev.andrei@kairo.space>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-21 22:59:18 +01:00
Casey Reeves
48d9042e5d boot/arm-trusted-firmware: allow using Barebox as BL33
Since version 2022.04.0, Barebox now supports a generic image built
for platforms, to be used as BL33 to generate FIP images. This patch
makes it available as a choice of BL33 to be used with ATF and is
based on the similar work put into U-Boot as BL33.

Signed-off-by: Casey Reeves <casey@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-21 22:34:27 +01:00
Fabrice Fontaine
c33a133704 boot/afboot-stm32: disable stack-protector
Disable stack-protector to avoid the following build failure:

/home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld -T stm32f429.lds --gc-sections -o stm32f469i-disco.elf stm32f469i-disco.o gpio.o mpu.o qspi.o start_kernel.o usart-f4.o
/home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.o: in function `main':
stm32f469i-disco.c:(.text.startup.main+0x3b0): undefined reference to `__stack_chk_guard'
/home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.c:(.text.startup.main+0x4c0): undefined reference to `__stack_chk_fail'
/home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.c:(.text.startup.main+0x4ec): undefined reference to `__stack_chk_guard'

Fixes:
 - http://autobuild.buildroot.org/results/fa6ffab24c3998f21034ab24e8d2852cacde08c1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-08 16:54:35 +01:00
Thomas Petazzoni
488a87514e boot/gummiboot: remove package
The gummiboot package currently fails to build due to incompatibilies
with recent versions of the gnu-efi code.

It turns out that gummiboot has been marked deprecated/obsolete by its
maintainer since July 2015:

  https://cgit.freedesktop.org/gummiboot/commit/?id=55df1539c9d330732e88bd196afee386db6e4a1d&utm_source=anzwix

Indeed, gummiboot ended up being integrated as part of systemd as
systemd-boot. While it made sense for a while to keep it as a separate
standalone package, it is not possible to maintain it in Buildroot
without an active upstream, and there are other options for simple EFI
bootloaders these days.

Therefore, let's retire this package.

Fixes:

  http://autobuild.buildroot.net/results/5929104a868d2f69ec1b71e5e897b6d1ebf347cf/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 22:40:10 +01:00
Ricardo Martincoski
9b1b1763b7 boot/uboot: remove use of legacy xloader symbol
Commit "070b183d0c boot/xloader: remove package", from release 2018.11,
removed the package, but the symbol is still referenced.

Remove the reference to it.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 14:22:38 +01:00
Thomas Petazzoni
0b42512f2f boot/optee-os: rewrap Config.in help text to fix check-package warning
Fixes:

boot/optee-os/Config.in:140: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

which is a warning that was introduced by commit
46306d135e ("boot/optee-os: add
out-of-source OPTEE-OS device tree support").

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 14:19:30 +01:00
Kory Maincent
46306d135e boot/optee-os: add out-of-source OPTEE-OS device tree support
Similarly to U-Boot, this patch adds the ability to copy in and build
out-of-source device tree sources during an OPTEE-OS build. To build
the external device tree source file, the OP-TEE OS configuration must
refer to it with the CFG_EMBED_DTB_SOURCE_FILE option and no platform
flavor needs to be specified.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 12:07:12 +01:00
Thomas Petazzoni
11e75ecbf0 boot/barebox: explicitly set the timezone for the kbuild timestamp
This adjusts the code added in commit
c90bd74ebb ("boot/barebox: pass required
environment variables for reproducible build") to explicitly set the
timezone when calculating KBUILD_BUILD_TIMESTAMP, like is already done
in linux/linux.mk.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:08 +01:00
Thomas Petazzoni
75c313816e boot/barebox: use $$ instead of $ where needed
Commit c90bd74ebb ("boot/barebox: pass
required environment variables for reproducible build") caused the
build to generate a spurious error message due to the $(shell
... date -d @$(SOURCE_DATE_EPOCH)) command being executed even when
BR2_REPRODUCIBLE was disabled.

This is due to the fact that variable references must be done using $$
within macros. This commit fixes that for the two variables that we
are referencing in the code added in commit
c90bd74ebb.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:08 +01:00
Casey Reeves
c90bd74ebb boot/barebox: pass required environment variables for reproducible build
Barebox makes use of the same variables as the linux kernel does for
handling reproducible build -- KBUILD_BUILD_HOST,
KBUILD_BUILD_TIMESTAMP, KBUILD_BUILD_USER. This patch sets the proper
variables based on linux/linux.mk, and passes them to the make
invocation when building, to ensure a reproducible build is possible
when BR2_REPRODUCIBLE is enabled.

Signed-off-by: Casey Reeves <casey@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 09:50:15 +01:00
Jerry Kooyman
319cc24aca boot/uboot: add BR2_TARGET_UBOOT_NEEDS_XXD option
A host dependency to xxd is required if the U-Boot board
configuration has CONFIG_USE_DEFAULT_ENV_FILE enabled. So
introduce a new BR U-Boot config option BR2_TARGET_UBOOT_NEEDS_XXD
to solve this problem. xxd is provided by host-vim.

Signed-off-by: Jerry Kooyman <jerry.kooyman@entrust.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-01-30 22:16:00 +01:00
Marcin Niestroj
693c88d9d2 boot/barebox: bump version to 2022.12.0
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-01-12 11:44:48 +01:00
Ricardo Martincoski
90e65e46b7 boot/ti-k3-r5-loader: drop bogus TI_K3_R5_LOADER_BOARD
Commit "0189bcb47c boot/ti-k3-r5-loader: new package" added an unused
define.
The define value is calculated from an inexistent option
BR2_TARGET_TI_K3_R5_LOADER_BOARD, so drop the line.

Cc: Anand Gadiyar <gadiyar@ti.com>
Cc: Xuanhao Shi <X15000177@gmail.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-01-04 17:53:50 +01:00
Peter Korsgaard
0a3a7169d6 boot/sun20i-d1-spl: drop package
U-Boot has now gained SPL support for D1, so this temporary bootloader is no
longer supported.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-13 21:20:53 +01:00
Xuanhao Shi
0189bcb47c boot/ti-k3-r5-loader: new package
This is a separate U-Boot package that allows to build the
intermediate SPL binary for the Cortex-R5 core on TI's k3
platforms. Usually, the resulting SPL will be used for k3-image-gen to
build the full R5 boot binary tiboot3.bin.

Signed-off-by: Xuanhao Shi <x-shi@ti.com>
Signed-off-by: Anand Gadiyar <gadiyar@ti.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Acked-by: Andrew Davis <afd@ti.com>
Tested-by: Bryan Brattlof <bb@ti.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-11 21:14:20 +01:00
Etienne Carriere
3f748fc748 boot/optee-os: bump to version 3.19.0
Bumps OP-TEE OS package version to OP-TEE release 3.19.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-12-10 10:34:09 +01:00
Peter Korsgaard
6ca0edcb5f Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-05 10:01:26 +01:00
Vincent Stehlé
17cb635a8a boot/edk2: bump version to edk2-stable202208
The Marvell Armada Devicetree files have been moved out of edk2-platforms
by commit 4b53da6b12a8 ("Marvell/Armada7k8k: Remove device tree sources
from edk2-platforms") and they are now in edk2-non-osi.
Therefore update the MACCHIATObin recipe to depend on the new edk2-non-osi
package and rework a bit the packages path to support that.

Also, drop the backported patch as it is not necessary anymore.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-04 13:51:54 +01:00
Neal Frager
d8c63011e2 boot/uboot/uboot.mk: allow installing u-boot.elf
This patch adds an option that allows to install the u-boot.elf file
produced when CONFIG_REMAKE_ELF=y in the U-Boot configuration.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 23:26:20 +01:00
Vincent Stehlé
40c05259d8 boot/edk2: refine license
The edk2 project is licensed under the BSD-2-Clause license with a patent
grant, as per commit 304bff7223a8 ("edk2: Change License.txt from 2-Clause
BSD to BSD+Patent").

There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2 package to use this more specific identifier.

[1]: https://spdx.org/licenses/BSD-2-Clause-Patent.html

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:38:33 +01:00
Brandon Maier
13dc57c94f boot/uboot/uboot.mk: fix zynqmp without pmufw
Commit d07e6b70 (boot/uboot/uboot.mk: add pmufw.elf support) broke
configurations where the UBOOT_ZYNQMP_PMUFW was blank. Previously it
would set the U-Boot CONFIG_PMUFW_INIT_FILE to the blank string, but now
it will set it to ".bin" which causes U-Boot to fail to build.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:01:58 +01:00
Vincent Stehlé
79591b7667 boot/edk2: fix the build for arm sgi575
The edk2 package can be configured for platform Arm Sgi575 but this
does not build correctly:

Usage: build.exe [options] [all|fds|genc|genmake|clean|cleanall|cleanlib|modules|libraries|run]

build.exe: error: option -a: invalid choice: '-b' (choose from 'IA32', 'X64', 'EBC', 'ARM', 'AARCH64', 'RISCV64')
make[1]: *** [package/pkg-generic.mk:293: /home/thomas/buildroot/buildroot/output/build/edk2-edk2-stable202102/.stamp_built] Error 2
make: *** [Makefile:84: _all] Error 2

Add the necessary definitions to fix the build.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:27:18 +01:00
Baruch Siach
5e330ff030 boot/arm-trusted-firmware: fix SSP disable in v2.2
ATF version 2.2 and older does not disable SSP when
ENABLE_STACK_PROTECTOR is not set. This is because the compiler enables
SSP by default, and ATF does not pass -fno-stack-protector to the
compiler. Upstream commit 7af195e29a42 ("Disable stack protection
explicitly") fixed the issue for v2.3 and newer.

Add -fno-stack-protector in CFLAGS when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is not set to fix older ATF
versions.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3301821171

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-13 21:54:57 +01:00
Baruch Siach
f03ae60451 boot/arm-trusted-firmware: don't enable SSP by default
SSP support requires support in ATF platform code. Not all platforms
implement plat_get_stack_protector_canary() hook. The result is build
failure:

(.text.asm.update_stack_protector_canary+0x4): undefined reference to `plat_get_stack_protector_canary'

Commit cf176128ec ("boot/arm-trusted-firmware: add SSP option")
originally introduces this issue. But then commit ccac9a5bbb
("boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR") hid
the problem by effectively disabling SSP for all platforms. So only
after commit 09acc7cbc9 ("boot/arm-trusted-firmware: fix SSP
support") the issue showed up.

Make SSP an opt-in for platform that actually provide the
plat_get_stack_protector_canary() hook.

Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Dick Olsson <hi@senzilla.io>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-28 08:46:15 +02:00
Thomas Petazzoni
259314f016 boot/grub2: ignore CVE-2021-46705
This CVE is specific to the SUSE distribution. See
https://security-tracker.debian.org/tracker/CVE-2021-46705.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-25 23:06:13 +02:00
Thomas Petazzoni
51b04fc02c boot/grub2: add patch to fix CVE-2021-3981
This commit backports an upstream commit that fixes CVE-2021-3981.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-25 23:06:09 +02:00