Commit Graph

922 Commits

Author SHA1 Message Date
Olivier L'Heureux
647269b149 boot/arm-trusted-firmware: bump version to 2.7
Bumped the default version of the "arm-trusted-firmware" (a.k.a. TF-A)
from 2.5 to 2.7: updated the config and the tarball checksum.
Work-around CVE-2022-23960.

Updated the "qemu_aarch64_sbsa_defconfig" accordingly: it was using an
"arm-trusted-firmware" v2.4, it nows selects version 2.7.

Updated the license checksum because the license file changed
slightly: it mentions an additional file ("irq.h") released under a
dual GPL or MIT license.

Tested with the "qemu_aarch64_sbsa_defconfig" and QEMU: it boots
without new warning or error message.

Release notes:
<https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html>

Signed-off-by: Olivier L'Heureux <olivier.lheureux@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-07-23 21:10:46 +02:00
Thomas Petazzoni
13bb419938 boot/grub2: update readme.txt details
For the Qemu-compatible UEFI firmware, the kraxel.org pointed to by
the readme.txt file is outdated. Instead, instruct users to use EDK2.
either by building it from source, or by grabbing pre-built ones, or
from their distributions.

While at it, drop the pci=nocrs information, as it is no longer
needed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-23 19:04:41 +02:00
Xuanhao Shi
6103d9b597 boot/arm-trusted-firmware: add target board options
Some platforms such as TI's k3 outputs a TARGET_BOARD directory
in their ATF build output paths after PLATFORM.
$(@D)/build/<PLATFORM>/ does not contain the debug or release
directories for these platforms.
They are under $(@D)/build/<PLATFORM>/<TARGET_BOARD>/

Signed-off-by: Xuanhao Shi <x-shi@ti.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-07-23 17:39:38 +02:00
Thomas Petazzoni
9f1b4d24ce boot/grub2: update to 2.06
The update is very straightforward, as no changes in grub2.mk are
needed beyond the version bump.

Spacing in the hash file is adjusted to the new Buildroot standard.

All patches are dropped as they have all been upstreamed between 2.04
and 2.06. Here is the full list of patches and their corresponding
upstream commit:

 * 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
   6643507ce30f775008e093580f0c9499dfb2c485 build: Fix GRUB i386-pc build with Ubuntu gcc
 * 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
   a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e yylex: Make lexer fatal errors actually be fatal
 * 0003-safemath-Add-some-arithmetic-primitives-that-check-f.patch
   68708c4503018d61dbcce7ac11cbb511d6425f4d safemath: Add some arithmetic primitives that check for overflow
 * 0004-calloc-Make-sure-we-always-have-an-overflow-checking.patch
   64e26162ebfe68317c143ca5ec996c892019f8f8 calloc: Make sure we always have an overflow-checking calloc() available
 * 0005-calloc-Use-calloc-at-most-places.patch
   f725fa7cb2ece547c5af01eeeecfe8d95802ed41 calloc: Use calloc() at most places
 * 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
   3f05d693d1274965ffbe4ba99080dc2c570944c6 malloc: Use overflow checking primitives where we do complex allocations
 * 0007-iso9660-Don-t-leak-memory-on-realloc-failures.patch
   2a1edcf2ede865b60604815d3bc5c01029379ca4 iso9660: Don't leak memory on realloc() failures
 * 0008-font-Do-not-load-more-than-one-NAME-section.patch
   89f3da1a3d14023eda182e075919dd584031ecad font: Do not load more than one NAME section
 * 0009-gfxmenu-Fix-double-free-in-load_image.patch
   26a8c19307f998f67dbfb784068e394c8e9c8478 gfxmenu: Fix double free in load_image()
 * 0010-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
   6d7a59a2a184f7af8a90a4c90d7c7b6482acc656 xnu: Fix double free in grub_xnu_devprop_add_property()
 * 0011-lzma-Make-sure-we-don-t-dereference-past-array.patch
   16c0dbf4bc6a953c41bc7a031b36dfa8e906afea lzma: Make sure we don't dereference past array
 * 0012-term-Fix-overflow-on-user-inputs.patch
   61b7ca08d173adf62facdd6a266cbd2471165e67 term: Fix overflow on user inputs
 * 0013-udf-Fix-memory-leak.patch
   d17770857e1c901a8167f63d6558856cfaf313ff udf: Fix memory leak
 * 0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
   f8ad7a3dd8213f691b0f32d0e9eb656a70cefc13 multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
 * 0015-tftp-Do-not-use-priority-queue.patch
   781b3e5efc35c17cbce95393aafd63a5b429f9e6 tftp: Do not use priority queue
 * 0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
   caea56d1f8fa1ae298936f8d75b220e7f12b73d3 relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow
 * 0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
   61ff5602fe8f2a3446346795daebe4ec3b82c20f relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow
 * 0018-script-Remove-unused-fields-from-grub_script_functio.patch
   1a8d9c9b4ab6df7669b5aa36a56477f297825b96 script: Remove unused fields from grub_script_function struct
 * 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
   426f57383d647406ae9c628c472059c27cd6e040 script: Avoid a use-after-free when redefining a function during execution
 * 0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
   07e5b79e22fd58c5382323dd71d64aaa42f928ec relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation
 * 0021-hfsplus-Fix-two-more-overflows.patch
   f5703eb0625b786f141d09be19b7af40b572a446 hfsplus: Fix two more overflows
 * 0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch
   879c4a8342eacc0ba4b9dd11dc69d3ec3dbe73af lvm: Fix two more potential data-dependent alloc overflows
 * 0023-emu-Make-grub_free-NULL-safe.patch
   b73cee7f1f8287ed3af32fffe8aaf33cdff52f6b emu: Make grub_free(NULL) safe
 * 0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
   d2cf823d0e31818d1b7a223daff6d5e006596543 efi: Fix some malformed device path arithmetic errors
 * 0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch
   098058752e1cee7b457ff45562a81e756ab0b532 efi/chainloader: Propagate errors from copy_file_path()
 * 0026-efi-Fix-use-after-free-in-halt-reboot-path.patch
   f7bd9986f607a924bf23b813900a8595f2815f0c efi: Fix use-after-free in halt/reboot path
 * 0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch
   0dcbf3652b6738971407dacc03fb685dfafc5ec5 loader/linux: Avoid overflow on initrd size calculation
 * 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
   e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 linux: Fix integer overflows in initrd size handling
 * 0029-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
   f76a27996c34900f2c369a8a0d6ac72ae2faa988 efi: Make shim_lock GUID and protocol type public
 * 0030-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
   04ae030d0eea8668d4417702d88bf2cf04713d80 efi: Return grub_efi_status_t from grub_efi_get_variable()
 * 0031-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
   ac5c9367548750e75ed1e7fc4354a3d20186d733 efi: Add a function to read EFI variables with attributes
 * 0032-efi-Add-secure-boot-detection.patch
   d7e54b2e5feee95d2f83058ed30d883c450d1473 efi: Add secure boot detection
 * 0033-verifiers-Move-verifiers-API-to-kernel-image.patch
   9e95f45ceeef36fcf93cbfffcf004276883dbc99 verifiers: Move verifiers API to kernel image
 * 0034-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
   5e280caa6530ed160dcf2920c94f1605fb1f1f7c efi: Move the shim_lock verifier to the GRUB core
 * 0035-kern-Add-lockdown-support.patch
   578c95298bcc46e0296f4c786db64c2ff26ce2cc kern: Add lockdown support
 * 0036-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
   d90367471779c240e002e62edfb6b31fc85b4908 kern/lockdown: Set a variable if the GRUB is locked down
 * 0037-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
   98b00a403cbf2ba6833d1ac0499871b27a08eb77 efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
 * 0038-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
   8f73052885892bc0dbc01e297f79d7cf4925e491 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list
 * 0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
   3e8e4c0549240fa209acffceb473e1e509b50c95 acpi: Don't register the acpi command when locked down
 * 0040-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
   d298b41f90cbf1f2e5a10e29daa1fc92ddee52c9 mmap: Don't register cutmem and badram commands when lockdown is enforced
 * 0041-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
   468a5699b249fe6816b4e7e86c5dc9d325c9b09e commands: Restrict commands that can load BIOS or DT blobs when locked down
 * 0042-commands-setpci-Restrict-setpci-command-when-locked-.patch
   58b77d4069823b44c5fa916fa8ddfc9c4cd51e02 commands/setpci: Restrict setpci command when locked down
 * 0043-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
   5c97492a29c6063567b65ed1a069f5e6f4e211f0 commands/hdparm: Restrict hdparm command when locked down
 * 0044-gdb-Restrict-GDB-access-when-locked-down.patch
   508270838998f151a82e9c13e7cb8a470a2dc23d gdb: Restrict GDB access when locked down
 * 0045-loader-xnu-Don-t-allow-loading-extension-and-package.patch
   9c5565135f12400a925ee901b25984e7af4442f5 loader/xnu: Don't allow loading extension and packages when locked down
 * 0046-docs-Document-the-cutmem-command.patch
   f05e79a0143beb2d9a482a3ebf4fe0ce76778122 docs: Document the cutmem command
 * 0047-dl-Only-allow-unloading-modules-that-are-not-depende.patch
   7630ec5397fe418276b360f9011934b8c034936c dl: Only allow unloading modules that are not dependencies
 * 0048-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
   128c16a682034263eb519c89bc0934eeb6fa8cfa usb: Avoid possible out-of-bound accesses caused by malicious devices
 * 0049-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
   8cb2848f9699642a698af84b12ba187cab722031 mmap: Fix memory leak when iterating over mapped memory
 * 0050-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
   03f2515ae0c503406f1a99a2178405049c6555db net/net: Fix possible dereference to of a NULL pointer
 * 0051-net-tftp-Fix-dangling-memory-pointer.patch
   0cb838b281a68b536a09681f9557ea6a7ac5da7a net/tftp: Fix dangling memory pointer
 * 0052-kern-parser-Fix-resource-leak-if-argc-0.patch
   d06161b035dde4769199ad65aa0a587a5920012b kern/parser: Fix resource leak if argc == 0
 * 0053-kern-efi-Fix-memory-leak-on-failure.patch
   ed286ceba6015d37a9304f04602451c47bf195d7 kern/efi: Fix memory leak on failure
 * 0054-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
   6aee4bfd6973c714056fb7b56890b8d524e94ee1 kern/efi/mm: Fix possible NULL pointer dereference
 * 0055-gnulib-regexec-Resolve-unused-variable.patch
   a983d36bd9178d377d2072fd4b11c635fdc404b4 gnulib/regexec: Resolve unused variable
 * 0056-gnulib-regcomp-Fix-uninitialized-token-structure.patch
   75c3d3cec4f408848f575d6d5e30a95bd6313db0 gnulib/regcomp: Fix uninitialized token structure
 * 0057-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
   3a37bf120a9194c373257c70175cdb5b337bc107 gnulib/argp-help: Fix dereference of a possibly NULL state
 * 0058-gnulib-regexec-Fix-possible-null-dereference.patch
   0b7f347638153e403ee2dd518af3ce26f4f99647 gnulib/regexec: Fix possible null-dereference
 * 0059-gnulib-regcomp-Fix-uninitialized-re_token.patch
   03477085f9a33789ba6cca7cd49ab9326a1baa0e gnulib/regcomp: Fix uninitialized re_token
 * 0060-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
   59666e520f44177c97b82a44c169b3b315d63b42 io/lzopio: Resolve unnecessary self-assignment errors
 * 0061-zstd-Initialize-seq_t-structure-fully.patch
   2777cf4466719921dbe4b30af358a75e7d76f217 zstd: Initialize seq_t structure fully
 * 0062-kern-partition-Check-for-NULL-before-dereferencing-i.patch
   bc9c468a2ce84bc767234eec888b71f1bc744fff kern/partition: Check for NULL before dereferencing input string
 * 0063-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
   23e39f50ca7a107f6b66396ed4d177a914dee035 disk/ldm: Make sure comp data is freed before exiting from make_vg()
 * 0064-disk-ldm-If-failed-then-free-vg-variable-too.patch
   e0b83df5da538d2a38f770e60817b3a4b9d5b4d7 disk/ldm: If failed then free vg variable too
 * 0065-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
   156c281a1625dc73fd350530630c6f2d5673d4f6 disk/ldm: Fix memory leak on uninserted lv references
 * 0066-disk-cryptodisk-Fix-potential-integer-overflow.patch
   a201ad17caa430aa710654fdf2e6ab4c8166f031 disk/cryptodisk: Fix potential integer overflow
 * 0067-hfsplus-Check-that-the-volume-name-length-is-valid.patch
   2298f6e0d951251bb9ca97d891d1bc8b74515f8c hfsplus: Check that the volume name length is valid
 * 0068-zfs-Fix-possible-negative-shift-operation.patch
   a02091834d3e167320d8a262ff04b8e83c5e616d zfs: Fix possible negative shift operation
 * 0069-zfs-Fix-resource-leaks-while-constructing-path.patch
   89bdab965805e8d54d7f75349024e1a11cbe2eb8 zfs: Fix resource leaks while constructing path
 * 0070-zfs-Fix-possible-integer-overflows.patch
   302c12ff5714bc455949117c1c9548ccb324d55b zfs: Fix possible integer overflows
 * 0071-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
   7aab03418ec6a9b991aa44416cb2585aff4e7972 zfsinfo: Correct a check for error allocating memory
 * 0072-affs-Fix-memory-leaks.patch
   178ac5107389f8e5b32489d743d6824a5ebf342a affs: Fix memory leaks
 * 0073-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
   e8814c811132a70f9b55418f7567378a34ad3883 libgcrypt/mpi: Fix possible unintended sign extension
 * 0074-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
   ae0f3fabeba7b393113d5dc185b6aff9b728136d libgcrypt/mpi: Fix possible NULL dereference
 * 0075-syslinux-Fix-memory-leak-while-parsing.patch
   95bc016dba94cab3d398dd74160665915cd08ad6 syslinux: Fix memory leak while parsing
 * 0076-normal-completion-Fix-leaking-of-memory-when-process.patch
   9213575b7a95b514bce80be5964a28d407d7d56d normal/completion: Fix leaking of memory when processing a completion
 * 0077-commands-hashsum-Fix-a-memory-leak.patch
   8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3 commands/hashsum: Fix a memory leak
 * 0079-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
   fc5951d3b1616055ef81a019a5affc09d13344d0 video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info()
 * 0080-video-fb-fbfill-Fix-potential-integer-overflow.patch
   7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6 video/fb/fbfill: Fix potential integer overflow
 * 0081-video-fb-video_fb-Fix-multiple-integer-overflows.patch
   08e098b1dbf01e96376f594b337491bc4cfa48dd video/fb/video_fb: Fix multiple integer overflows
 * 0082-video-fb-video_fb-Fix-possible-integer-overflow.patch
   08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb video/fb/video_fb: Fix possible integer overflow
 * 0083-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
   5f5eb7ca8e971227e95745abe541df3e1509360e video/readers/jpeg: Test for an invalid next marker reference from a jpeg file
 * 0084-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
   4a1aa5917595650efbd46b581368c470ebee42ab gfxmenu/gui_list: Remove code that coverity is flagging as dead
 * 0085-loader-bsd-Check-for-NULL-arg-up-front.patch
   5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a loader/bsd: Check for NULL arg up-front
 * 0086-loader-xnu-Fix-memory-leak.patch
   bcb59ece3263d118510c4440c4da0950f224bb7f loader/xnu: Fix memory leak
 * 0087-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
   4b4027b6b1c877d7ab467896b04c7bd1aadcfa15 loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap()
 * 0088-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
   7c8a2b5d1421a0f2a33d33531f7561f3da93b844 loader/xnu: Check if pointer is NULL before using it
 * 0089-util-grub-install-Fix-NULL-pointer-dereferences.patch
   8b3a95655b4391122e7b0315d8cc6f876caf8183 util/grub-install: Fix NULL pointer dereferences
 * 0090-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
   5dc41edc4eba259c6043ae7698c245ec1baaacc6 util/grub-editenv: Fix incorrect casting of a signed value
 * 0091-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
   1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72 util/glue-efi: Fix incorrect use of a possibly negative value
 * 0092-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
   41ae93b2e6c75453514629bcfe684300e3aec0ce script/execute: Fix NULL dereference in grub_script_execute_cmdline()
 * 0093-commands-ls-Require-device_name-is-not-NULL-before-p.patch
   6afbe6063c95b827372f9ec310c9fc7461311eb1 commands/ls: Require device_name is not NULL before printing
 * 0094-script-execute-Avoid-crash-when-using-outside-a-func.patch
   fe0586347ee46f927ae27bb9673532da9f5dead5 script/execute: Avoid crash when using "$#" outside a function scope
 * 0095-lib-arg-Block-repeated-short-options-that-require-an.patch
   2a330dba93ff11bc00eda76e9419bc52b0c7ead6 lib/arg: Block repeated short options that require an argument
 * 0096-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch
   0a05f88e2bb33ed2a0cfd93f481f471efb7791aa script/execute: Don't crash on a "for" loop with no items
 * 0097-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
   2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 commands/menuentry: Fix quoting in setparams_prefix()
 * 0098-kern-misc-Always-set-end-in-grub_strtoull.patch
   f41f0af48ab7f7c135aac17ac862c30bde0bbab7 kern/misc: Always set *end in grub_strtoull()
 * 0099-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
   693989598fd38c3c0b2a928f4f64865b5681762f video/readers/jpeg: Catch files with unsupported quantization or Huffman tables
 * 0100-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
   34b85a6e07014383ddcad09f99ff239ad752dd1a video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du()
 * 0101-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
   8338a8238f08d9f3ae4c2ddfff0603eff80af9e2 video/readers/jpeg: Don't decode data before start of stream
 * 0102-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch
   829329bddb2c3e623270cc634cc9ab32e6455fe7 term/gfxterm: Don't set up a font with glyphs that are too big
 * 0103-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch
   b5bc456f664bc301ab4cd5a17d3d23c6661c259e fs/fshelp: Catch impermissibly large block sizes in read helper
 * 0104-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch
   58ea11d5b9ca0966bd9c68d8ba5240cf7dc3ba83 fs/hfsplus: Don't fetch a key beyond the end of the node
 * 0105-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch
   2ca0e5dbcdcb6fc93ccae39a0f39d0dba4a7ff20 fs/hfsplus: Don't use uninitialized data on corrupt filesystems
 * 0106-fs-hfs-Disable-under-lockdown.patch
   1c15848838d924552611247110723e2a1c17a5a1 fs/hfs: Disable under lockdown
 * 0107-fs-sfs-Fix-over-read-of-root-object-name.patch
   8d3ae59dee2930d640add3bba983006e1f5dd1b6 fs/sfs: Fix over-read of root object name
 * 0108-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch
   ffd5a46f68710e2781899d0be4d701429a5a817d fs/jfs: Do not move to leaf level if name length is negative
 * 0109-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch
   bd0cf8148ccf721f6e39ffbd70f8abad0c8897f0 fs/jfs: Limit the extents that getblk() can consider
 * 0110-fs-jfs-Catch-infinite-recursion.patch
   223120dd83745126cb232a0248c9a8901d7e350d fs/jfs: Catch infinite recursion
 * 0111-fs-nilfs2-Reject-too-large-keys.patch
   20ab8cb44bc140a1dedda82a3fccdd45e9bc6929 fs/nilfs2: Reject too-large keys
 * 0112-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch
   37c0eb05cdcc64c28d31c4ebd300f14d5239d05e fs/nilfs2: Don't search children if provided number is too large
 * 0113-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch
   ca5d9ac206043b1fb4cb06259272fb1c5946bb6d fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup()
 * 0114-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch
   3334a5e6c86f10e715cca3bf66ce0fc2f164b61b io/gzio: Bail if gzio->tl/td is NULL
 * 0115-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch
   18490336d91da2b532277cba56473bfed1376fc4 io/gzio: Add init_dynamic_block() clean up if unpacking codes fails
 * 0116-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch
   4e76b08f7171a8603d74fcafb27409a91f578647 io/gzio: Catch missing values in huft_build() and bail
 * 0117-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch
   b5a2b59cc5b8f5ee7ba3b951e7693e402d5b3a6f io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails
 * 0118-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch
   a8cc95de74ccc3ad090e8062ac335c844f13c9f4 disk/lvm: Don't go beyond the end of the data we read from disk
 * 0119-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch
   27a79bf38e6d050e497eb96a3fdddce43af25577 disk/lvm: Don't blast past the end of the circular metadata buffer
 * 0120-disk-lvm-Bail-on-missing-PV-list.patch
   2958695c4cdc785de6ed708709af071a2d20afef disk/lvm: Bail on missing PV list
 * 0121-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch
   db29073fc7aec71a40dabfc722a96ea9f3280907 disk/lvm: Do not crash if an expected string is not found
 * 0122-disk-lvm-Do-not-overread-metadata.patch
   1155d7dffd3337942cb7583706b429d567d4db86 disk/lvm: Do not overread metadata
 * 0123-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch
   701293684742d00133b39bf957d3642c81dc83f4 disk/lvm: Sanitize rlocn->offset to prevent wild read
 * 0124-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch
   e18a00073890021362b4a48097672f1d4b340d3c disk/lvm: Do not allow a LV to be it's own segment's node's LV
 * 0125-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch
   b88a82e78cdd0ab8e0339c1c3f9564c4d8c0c969 fs/btrfs: Validate the number of stripes/parities in RAID5/6
 * 0126-fs-btrfs-Squash-some-uninitialized-reads.patch
   b911884dd707ba1e6f641eb17857df3155013a45 fs/btrfs: Squash some uninitialized reads
 * 0127-kern-parser-Fix-a-memory-leak.patch
   c6c426e5ab6ea715153b72584de6bd8c82f698ec kern/parser: Fix a memory leak
 * 0128-kern-parser-Introduce-process_char-helper.patch
   b1c9e9e889e4273fb15712051c887e6078511448 kern/parser: Introduce process_char() helper
 * 0129-kern-parser-Introduce-terminate_arg-helper.patch
   3d157bbd06506b170fde5ec23980c4bf9f7660e2 kern/parser: Introduce terminate_arg() helper
 * 0130-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
   8bc817014ce3d7a498db44eae33c8b90e2430926 kern/parser: Refactor grub_parser_split_cmdline() cleanup
 * 0131-kern-buffer-Add-variable-sized-heap-buffer.patch
   030fb6c4fa354cdbd6a8d6903dfed5d36eaf3cb2 kern/buffer: Add variable sized heap buffer
 * 0132-kern-parser-Fix-a-stack-buffer-overflow.patch
   4ea7bae51f97e49c84dc67ea30b466ca8633b9f6 kern/parser: Fix a stack buffer overflow
 * 0133-kern-efi-Add-initial-stack-protector-implementation.patch
   133d73079c5771bbf3d8311281b6772846357ec1 kern/efi: Add initial stack protector implementation
 * 0134-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
   d52f78def1b9c4f435fdbf6b24fd899208580c76 util/mkimage: Remove unused code to add BSS section
 * 0135-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
   1710452aca05ccdd21e74390ec08c63fdf0ee10a util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32()
 * 0136-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
   ae8936f9c375e1a38129e85a1b5d573fb451f288 util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff
 * 0137-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
   a4e8936f010a8e928e973b80390c8f83ad6b8000 util/mkimage: Unify more of the PE32 and PE32+ header set-up
 * 0138-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
   ba44c87e56a8bccde235ebb7d41d5aa54604d241 util/mkimage: Reorder PE optional header fields set-up
 * 0139-util-mkimage-Improve-data_size-value-calculation.patch
   ff406eff25465932b97a2857ee5a75fd0957e9b9 util/mkimage: Improve data_size value calculation
 * 0140-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
   f60ba9e5945892e835e53f0619406d96002f7f70 util/mkimage: Refactor section setup to use a helper
 * 0141-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
   b11547137703bbc642114a816233a5b6fed61b06 util/mkimage: Add an option to import SBAT metadata into a .sbat section
 * 0142-grub-install-common-Add-sbat-option.patch
   bb51ee2b49fbda0f66c1fa580a33442ff578f110 grub-install-common: Add --sbat option
 * 0143-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
   968de8c23c1cba0f18230f778ebcf6c412ec8ec5 shim_lock: Only skip loading shim_lock verifier with explicit consent
 * 0144-kern-misc-Split-parse_printf_args-into-format-parsin.patch
   7f11bde3143b21b40d8225ea1d641e0f83b5a01e kern/misc: Split parse_printf_args() into format parsing and va_list handling
 * 0145-kern-misc-Add-STRING-type-for-internal-printf-format.patch
   1a2a5aff71e8edba436398492279de434abfe7a3 kern/misc: Add STRING type for internal printf() format handling
 * 0146-kern-misc-Add-function-to-check-printf-format-agains.patch
   83603bea6ce8fdff5ab3fbc4c9e592a8c71a8706 kern/misc: Add function to check printf() format against expected format
 * 0147-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch
   42facd577231cf5ffe4c7128fed15b7e7d99cbca gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label
 * 0148-templates-Disable-the-os-prober-by-default.patch
   e346414725a70e5c74ee87ca14e580c66f517666 templates: Disable the os-prober by default
 * 0149-kern-mm-Fix-grub_debug_calloc-compilation-error.patch
   a9d8de960834f376087856f9d60a214b47c76f61 kern/mm: Fix grub_debug_calloc() compilation error
 * 0150-Makefile-Make-libgrub.pp-depend-on-config-util.h.patch
   42f4054faf3c7f2cd2cab5b43e63f9d97d81f7a1 Makefile: Make libgrub.pp depend on config-util.h

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin@orange.com>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-23 16:06:41 +02:00
Etienne Carriere
eb284ba92c boot/optee-os: bump to version 3.18.0
Bumps OP-TEE OS package version to OP-TEE release 3.18.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-07-23 10:34:29 +02:00
Heiko Thiery
25edf48606 boot/uboot: add BR2_TARGET_UBOOT_NEEDS_UTIL_LINUX option
Since U-Boot 2022.04 a host dependency to util-linux (-luuid) is required if
the U-Boot board configuration has CONFIG_TOOLS_MKEFICAPSULE enabled. So
introduce a new BR U-Boot config option
BR2_TARGET_UBOOT_NEEDS_UTIL_LINUX to solve this problem.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-19 22:45:04 +02:00
Quentin Schulz
44eda2602a boot/optee-os: fix typo in help message of BR2_TARGET_OPTEE_OS_CUSTOM_TARBALL
The custom tarball option should be given a URL pointing to an OP-TEE OS
tarball and not a "kernel" one.

Fixes: 9c79b369d6 "boot/optee-os: add support for custom tarball URL"
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 17:41:00 +02:00
Kory Maincent
9c79b369d6 boot/optee-os: add support for custom tarball URL
For now only latest release and custom git repository was supported.
This patch adds support for custom tarball URL.

It also adds configuration verification for custom git repository and
tarball URL.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.rog> for the v2.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-06-27 23:26:32 +02:00
Arnout Vandecappelle (Essensium/Mind)
efd215c797 boot/uboot: remove patches to old versions
More than five years ago, we added some patches to specific versions of
U-Boot. There is actually little point in maintaining patches for some
versions but not others. In addition, it's pretty unlikely that anyone
is using those specific old versions nowadays. Therefore, get rid of
those patches.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-06-22 22:40:08 +02:00
Kory Maincent
4678363579 package/arm-gnu-toolchain: Bump to 11.2-2022.02 and rename from arm-gnu-a-toolchain
arm-gnu-a-toolchain is now deprecated to be replaced by arm-gnu-toolchain.
The old link [1] now points to a shared page between Cortex-A and
Cortex-R/M [2].

Rename the package, taking into account legacy info, while bumping it.
Also update TF-A package that depends on it.

[1] https://developer.arm.com/downloads/-/gnu-a
[2] https://developer.arm.com/Tools%20and%20Software/GNU%20Toolchain

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-06-19 18:52:38 +02:00
Peter Korsgaard
f657ed3b3e Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-07 21:09:05 +02:00
Fabrice Fontaine
6008e96cbb boot/at91dataflashboot: disable on armeb
at91dataflashboot fails to build on armeb:

/nvmedata/autobuild/instance-6/output-1/per-package/at91dataflashboot/host/bin/armeb-buildroot-linux-uclibcgnueabi-ld -T elf32-littlearm.lds -Ttext 0 -n -o DataflashBoot-1.05.out objs/cstartup_ram.o objs/at45.o objs/com.o objs/dataflash.o objs/div0.o objs/init.o objs/main.o objs/stdio.o objs/asm_isr.o objs/jump.o objs/_udivsi3.o objs/_umodsi3.o objs/led.o
/nvmedata/autobuild/instance-6/output-1/per-package/at91dataflashboot/host/bin/armeb-buildroot-linux-uclibcgnueabi-ld: objs/cstartup_ram.o: compiled for a big endian system and target is little endian

Fixes:
 - http://autobuild.buildroot.org/results/e44c042abc1dfb97b4f8a17389d27f842e9dd311

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-06-06 21:45:01 +02:00
Kory Maincent
edfa431c9b boot/optee-os: add support to build with python-pillow
Some specific versions of OP-TEE need the python-pillow module on the
host to build support for the TUI (Trusted User Interface) feature.

To allow building such OP-TEE versions, this commit adds the option
BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_PILLOW which when enabled ensures
that host-python-pillow is built before OP-TEE.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-05 22:49:00 +02:00
Kory Maincent
1061ed6c62 boot/arm-trusted-firmware: add -fno-PIE to CFLAGS
By default the toolchain-wrapper enable -fPIE to the build of all packages.
TF-A support Position Independent Executable(PIE) only in few build cases,
therefore it should be disable by default.
If you still want to enable PIE, TF-A provide a "ENABLE_PIE" build options
that will override the cflags for the supported cases.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[Peter: Only do so for BR2_PIC_PIE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-03 11:13:36 +02:00
Heiko Thiery
a3a1da05fc boot/uboot: add BR2_TARGET_UBOOT_NEEDS_GNUTLS option
Since U-Boot 2022.04 a host dependency to gnutls is required if the
U-Boot board configuration has CONFIG_TOOLS_MKEFICAPSULE enabled. So
introduce a new BR U-Boot config option BR2_TARGET_UBOOT_NEEDS_GNUTLS
to solve this problem.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 23:32:22 +02:00
Heiko Thiery
a4db0560ac boot/uboot: bump to 2022.04
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 23:31:31 +02:00
Romain Naour
e7da09eb6d boot/edk2: fix patch line ending
The patch 0001 from [1] has been corrupted on the
ML or patchwork.

[1] http://patchwork.ozlabs.org/project/buildroot/patch/20220527112146.387164-1-romain.naour@gmail.com/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-05-30 22:28:41 +02:00
Romain Naour
51316159c8 boot/edk2: fix gcc 11 Werror
Backport a patch [1] included in edk2-stable202202 release.

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/2510255569

[1] ae8272ef78

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-05-28 12:04:18 +02:00
Christian Stewart
d0cbd53ac4 boot/sun20i-d1-spl: update to latest commit 882671
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-05-17 22:15:22 +02:00
Peter Korsgaard
0ebbf0b280 boot/shim: big endian arm/aarch64 variants are not supported
Fixes:
http://autobuild.buildroot.net/results/a6c7dd171529e2a7b7a26af8d99bec53117a7a02/

Commit fd5842a1dd (boot/shim: add
BR2_PACKAGE_SHIM_ARCH_SUPPORTS) added explicit support for big/little endian
arm/aarch64, but the shim code is hard coded for little endian:

head -n 1 elf_{arm,aarch64}_efi.lds
==> elf_arm_efi.lds <==
OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")

==> elf_aarch64_efi.lds <==
OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64")

So drop the support for the big endian variants.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-05-12 10:40:16 +02:00
Thomas Petazzoni
cf5206ea98 boot/afboot-stm32: add patch fixing build issue with recent binutils
The afboot-stm32 build system was initially linking with gcc, but that
was changed upstream following a Buildroot contribution to use ld
instead.

However, the build system was still passing -nostartfiles, which is a
gcc option. By luck, this option was simply ignored by older versions
of ld (such as binutils 2.32), but newer versions of ld (2.36 and
newer, at least) no longer accept/ignore this option.

This commit adds a patch that drops the use of this option, since it
is useless for ld.

The first patch is slightly updated because the upstream pull request
has been updated to contain both build fixes.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-04-28 23:45:07 +02:00
Etienne Carriere
ba146579d9 boot/optee-os: bump to version 3.17.0
Bump OP-TEE OS package version to OP-TEE release 3.17.0.

Cc: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-27 21:27:09 +02:00
Bartosz Bilas
f6ba5e31c2 boot/barebox: bump version to 2022.04.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-27 20:50:15 +02:00
Fabrice Fontaine
fd5842a1dd boot/shim: add BR2_PACKAGE_SHIM_ARCH_SUPPORTS
Add BR2_PACKAGE_SHIM_ARCH_SUPPORTS as requested by Thomas Petazzoni in
https://patchwork.ozlabs.org/project/buildroot/patch/20220419121409.2055818-1-fontaine.fabrice@gmail.com

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: reorder options according to check-package]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-23 17:01:43 +02:00
Fabrice Fontaine
2fd41e56e0 boot/shim: disable on mips64el
Fix the following build failure on mips64el raised since commit
11b347c03a:

In file included from shim.h:47,
                 from shim.c:14:
/nvmedata/autobuild/instance-17/output-1/build/shim-15.4/include/system/stdarg.h:72:2: error: #error what arch is this
   72 | #error what arch is this
      |  ^~~~~

Fixes:
 - http://autobuild.buildroot.org/results/74f4f1d010cfde6978fd614195ef0006f0acb45a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-19 21:47:45 +02:00
Christian Stewart
e7a3501750 boot/sun20i-d1-spl: update to mainline 4da9c5
Update to latest (as of April 14, 2022).

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-19 09:40:55 +02:00
Markus Mayer
6626bf7c5f package: replace git:// URLs with https:// URLs where possible
Replace the remaining git:// URLs with their https:// equivalents as
this is more secure and also more palatable to corporate firewalls.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr: convert dahdi-linux too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-04-02 19:21:57 +02:00
Yann E. MORIN
945f8a788f boot/optee-os: fix version choice
Commit c5d441b7f2 (boot/optee-os: bump to version 3.16.0) forgot to
propagate the rustc arch dependency from the new version, to the default
clause of the choice.

This leaves only the custom git tree as a posible source for building
OP-TEE OS in case the host can't have a rustc compiler.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Clément Léger <clement.leger@bootlin.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-03-27 17:33:24 +02:00
Clément Léger
c5d441b7f2 boot/optee-os: bump to version 3.16.0
Bump OP-TEE OS package version to OP-TEE release 3.16.0 and set
BR2_TARGET_OPTEE_OS_LATEST to select
BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY since
python-cryptography is now needed to build optee-os.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-03-18 23:39:45 +01:00
Clément Léger
752f478aff boot/optee-os: add support to build with python-cryptography
Newer version of optee-os (>= 3.16) uses python-cryptography instead of
python-pycryptodomex in python scripts. Add support to build these
newer versions by adding a new
BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY option which will
select host-python-cryptography dependency when building optee-os.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
[yann.morin.1998@free.fr:
  - move the _ARCH_DEPENDS option from the main symbol to thus new
    symbol
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-03-18 23:26:34 +01:00
Clément Léger
67be54cd94 boot/optee-os: add option to select DTC dependency
Some platforms (stm32, sam) needs DTC to build the platform
device-trees. Add BR2_TARGET_OPTEE_OS_NEEDS_DTC configuration
option to select host-dtc package when building.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[yann.morin.1998@free.fr: move option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-03-14 21:59:26 +01:00
Bartosz Bilas
9a2beaf778 boot/barebox: bump version to 2022.01.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-02-16 20:49:46 +01:00
Yann E. MORIN
3b3859cc7d boot/uboot: fix build with host-gcc 10+
Some older versions of U-Boot, or custom versions (like forks for some
boards), fail to build with host-gcc 10+, because of redefined symbols:

      HOSTLD  scripts/dtc/dtc
    /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition
    of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
    collect2: error: ld returned 1 exit status
    make[4]: *** [scripts/Makefile.host:106: scripts/dtc/dtc] E

Since this has been fixed in recent-ish versions, we can't use an
unconditionaly patch, so we must have a conditional patch. However, a
patch may not always apply to arbitrary U-Boot versions or forks.

Upstream just dropped that line altogether:
    018921ee79

So, we use a little sed-grep combo to do the exact same change.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-02-12 21:38:18 +01:00
Arnout Vandecappelle (Essensium/Mind)
0e8957839c boot/uboot: depend on host-python-setuptools
host-python3-setuptools was removed, we should instead use plain
host-python-setuptools.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-12 14:48:50 +01:00
Peter Korsgaard
d3730ae991 package/python3-pyelftools: drop host package
Now that host-python2 is gone, the custom python3 variant can be dropped.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-11 20:07:57 +01:00
Peter Korsgaard
ea6a0a60e2 boot/uboot: drop host-python2 support
host-python2 is gone, so drop the _NEEDS_PYTHON2 logic.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-11 20:07:51 +01:00
Peter Korsgaard
1fc1b258d3 package/python3-pycryptodomex: drop host package
Now that host-python2 is gone, the custom python3 variant can be dropped.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-11 20:07:42 +01:00
Thomas De Schampheleire
dd8a410eaf core: introduce NORMALIZED_ARCH as non-kernel replacement for KERNEL_ARCH
The variable 'KERNEL_ARCH' is actually a normalized version of
'ARCH'/'BR2_ARCH'. For example, 'arcle' and 'arceb' both become 'arc', just
as all powerpc variants become 'powerpc'.

It is presumably called 'KERNEL_ARCH' because the Linux kernel is typically
the first place where support for a new architecture is added, and thus is
the entity that defines the normalized name.

However, the term 'KERNEL_ARCH' can also be interpreted as 'the architecture
used by the kernel', which need not be exactly the same as 'the normalized
name for a certain arch'. In particular, for cases where a 64-bit
architecture is running a 64-bit kernel but 32-bit userspace. Examples
include:
    * aarch64 architecture, with aarch64 kernel and 32-bit (ARM) userspace
    * x86_64 architecture, with x86_64 kernel and 32-bit (i386) userspace

In such cases, the 'architecture used by the kernel' needs to refer to the
64-bit name (aarch64, x86_64), whereas all userspace applications need to
refer the, potentially normalized, 32-bit name.

This means that there need to be two different variables:

KERNEL_ARCH:     the architecture used by the kernel
NORMALIZED_ARCH: the normalized name for the current userspace architecture

At this moment, both will actually have the same content. But a subsequent
patch will add basic support for situations described above, in which
KERNEL_ARCH may become overwritten to the 64-bit architecture, while
NORMALIZED_ARCH needs to remain the same (32-bit) case.

This commit replaces use of KERNEL_ARCH where actually the userspace arch is
needed.  Places that use KERNEL_ARCH in combination with building of kernel
modules are not touched.
There may be cases where a package builds both a kernel module as userspace,
in which case it may need to know about both KERNEL_ARCH and
NORMALIZED_ARCH, for the case where they differ. But this is to be fixed on
a per-need basis.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Arnout: Also rename BR2_KERNEL_ARCH to BR2_NORMALIZED_ARCH]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-02-08 21:20:23 +01:00
Yann E. MORIN
f22bff4a79 package/zynq-boot-bin: drop legacy package
Since commit 6dd5a33c48 (zynq_zed: bump U-Boot to xilinx-v2016.2), we
have no in-tree users of zynq-boot-bin.py, as U-Boot has since v2016.01
been able to natively generate Xilinx images.

zynq-boot-bin.py is python2-only and there is zero chance that upstream
will move it to python3. We could carry a python3-compatible copy, but
that tool is now virtually unused.

6 years have passed now; let it rest in peace at last.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-02-05 22:16:41 +01:00
Fabio Estevam
bf009f31ef boot/uboot: bump to version 2022.01
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-01-11 22:01:58 +01:00
Bartosz Bilas
f2ff09f5f9 boot/barebox: bump version to 2021.12.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-30 21:15:57 +01:00
Xiangyu Chen
6b1a0864b2 boot/at91bootstrap3: add svn repository method
Signed-off-by: CHEN Xiangyu <xiangyu.chen@aol.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-30 17:36:45 +01:00
Christoph Muellner
5521539eb1 boot/uboot: add support for bundling TEE in ELF format into U-Boot
Some U-Boot platforms (e.g. rockchip) can bundle OPTEE's tee.elf
into the U-Boot image. This patch brings the necessary changes to
enable this feature.

Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-30 15:26:26 +01:00
Dario Binacchi
b235a2cffc boot/afboot-stm32: upgrade version
Newer versions of the kernel generate device trees that are not
storable in a single 16kB sector. In these cases the kernel load address
must be changed.
The commit 2e499dcff3ef ("Add possibility to use custom kernel load address")
adds the possibility to override the default (0x08008000) kernel load
address.

This also required changes to the stm32f429_disco_defconfig and
stm32f469_disco_xip_defconfig configurations. Patching is no longer
needed.

Also update whitespaces in hash file (2 spaces).

Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-17 22:58:11 +01:00
Michael Trimarchi
9a05e2c384 boot/uboot: Add ddr3 IMX firmware files to uboot package dir
The mainline U-Boot can create an i.MX specific firmware image (e.g. flash.bin).
For this the i.MX firmware files must be in the toplevel directory.

Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-12 15:48:33 +01:00
Ricardo Martincoski
39424c2899 package: remove numbered subject from patches
As reported by check-package (by calling it directly):
generate your patches with 'git format-patch -N'

Change all affected files using this command:
$ sed 's,^\(Subject: *\[PATCH\)[^]]*,\1,g' \
    -i $(find * -name '*.patch' -type f)

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-11 20:48:58 +01:00
Ricardo Martincoski
3ed3edb4f1 boot/at91bootstrap: rename patches with the proper naming convention
As reported by check-package (by calling it directly):
use name <number>-<description>.patch

Output of:
make at91bootstrap-dirclean at91bootstrap-patch | grep 'Patching\|Applying'

Before:
>>> at91bootstrap 1.16 Patching
Applying at91bootstrap-1.16-eabi-fix.patch using patch:
Applying at91bootstrap-1.16-gcc-4.6.x-ldscript-fix.patch using patch:
Applying at91bootstrap-1.16-u-boot-relocation-fix.patch using patch:

After:
>>> at91bootstrap 1.16 Patching
Applying 0001-eabi-fix.patch using patch:
Applying 0002-gcc-4.6.x-ldscript-fix.patch using patch:
Applying 0003-u-boot-relocation-fix.patch using patch:

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-11 20:48:58 +01:00
Ricardo Martincoski
59d716403c boot/at91dataflashboot: rename patches with the proper naming convention
As reported by check-package (by calling it directly):
use name <number>-<description>.patch

Output of:
make at91dataflashboot-dirclean at91dataflashboot-patch | grep 'Patching\|Applying'

Before:
>>> at91dataflashboot 1.05 Patching
Applying at91dataflashboot-1.05-do-not-install.patch using patch:
Applying at91dataflashboot-1.05-eabi-fixes.patch using patch:

After:
>>> at91dataflashboot 1.05 Patching
Applying 0001-do-not-install.patch using patch:
Applying 0002-eabi-fixes.patch using patch:

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-11 20:48:58 +01:00
Ricardo Martincoski
8bca032e19 boot/lpc32xxcdl: rename patches with the proper naming convention
As reported by check-package (by calling it directly):
use name <number>-<description>.patch

Output of:
make lpc32xxcdl-dirclean lpc32xxcdl-patch | grep 'Patching\|Applying'

Before:
>>> lpc32xxcdl 2.11 Patching
Applying lpc32xxcdl-2.11-compiler_name.patch using patch:
Applying lpc32xxcdl-2.11-delete_redundant_files.patch using patch:
Applying lpc32xxcdl-2.11-libnosys_gnu.patch using patch:
Applying lpc32xxcdl-2.11-slashes.patch using patch:

After:
>>> lpc32xxcdl 2.11 Patching
Applying 0001-compiler_name.patch using patch:
Applying 0002-delete_redundant_files.patch using patch:
Applying 0003-libnosys_gnu.patch using patch:
Applying 0004-slashes.patch using patch:

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-11 20:48:58 +01:00
Peter Korsgaard
46ccda3a2f Merge branch 'next' 2021-12-06 19:11:23 +01:00
Bartosz Bilas
d3904da8ba boot/barebox: bump version to 2021.11.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-04 23:04:41 +01:00
Adam Duskett
7a68960b68 boot/grub2/Config.in: add symbols to represent legacy and EFI boot
There are cases to want a synthetic information whether the legacy BIOS
or U-Boot boot scheme, or the EFI boot scheme, are enabled, without
resorting to testing all and each platforms.

This is already the cae in grub2 itself, for the configuration of the
BIOS/U-Boot boot partition, and builtin modules and configuration on one
hand, and the EFI builtin modules and configuraiton on the other hand.

It is also the case for mender-grubenv, which will want to know if
either or both are enabled, but without having to resort to testing all
the cases.

Add two new symbols, that each represent those conditions:
  * BR2_TARGET_GRUB2_HAS_LEGACY_BOOT
  * BR2_TARGET_GRUB2_HAS_EFI_BOOT

Each target selects the appropriate bool, which makes it much more
simple for other packages such as mender-grubenv to check if grub legacy
or EFI is selected.

And of course, we also make use of those symbols in grub2 itself, to
simplify the conditions for showing.hiding legacy and EFI options.

Additionally (but that does not merit being in its own patch), add a
comment on the closing 'endif' for the EFI part.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
  - s/BR2_TARGET_GRUB_/BR2_TARGET_GRUB2_/
  - rename variables anyway
  - use variables in grub2 itself
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Köry Maincent <kory.maincent@bootlin.com>
2021-12-04 18:04:08 +01:00
Urja Rannikko
e938419bd9 boot/syslinux: define OBJCOPY and AS
This fixes build on an ARM64 host (and I assume also
other non-x86).

Signed-off-by: Urja Rannikko <urjaman@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-30 17:39:58 +01:00
Yann E. MORIN
c224e7e5c6 boot/uboot: kconfig needs the toolchain
Starting with uboot 2021.10, with upstream commit 473fc279c89 (kconfig /
kbuild: Re-sync with Linux 4.20), the kconfig in uboot now needs the
compiler to detect its features.

Like was done for linux in 3fc990a798 (linux: kconfig needs the
toolchain) and barebox in 1c1a629d81 (boot/barebox: kconfig needs the
toolchain), add the toolchain to the kconfig dependencies of uboot.

Reported-by: Davian on IRC
Reported-by: Xogium on IRC
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-11-21 22:28:35 +01:00
Fabrice Fontaine
9de2c792e1 boot/uboot: don't override dependencies
Don't override UBOOT_DEPENDENCIES in a conditional

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-11-10 10:39:47 +01:00
Peter Korsgaard
87b06f3a80 boot/sun20i-d1-spl: new package
U-Boot does not yet have SPL code to initialize the DDR controller on the
Allwinner D1 - So instead package the sun20i-d1-spl bootloader, which is
based on boot0 from the Allwinner BSP with some modifications to build it
separately from the BSP and boot mainline U-Boot as explained on the
linux-sunxi wiki:

https://linux-sunxi.org/Allwinner_Nezha

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-08 09:45:40 +01:00
Etienne Carriere
7b08ad5a2f boot/optee-os: bump to version 3.15.0
Bump OP-TEE OS package version to OP-TEE release 3.15.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-10-27 22:28:03 +02:00
Yann E. MORIN
51682c03a8 boot/grub2: backport parallel-build fix
There seems to still be a similar parallel build issue, but with this
patch applied, it occurs much less frequently: from a 1/3rf failure
rate, I am now experiencing failures under the 1/10th mark.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-10-24 16:37:08 +02:00
Kory Maincent
82d1e8c628 boot/grub2: use none platform when building for host
When creating the image we are using the target modules. Building
the modules for host is then unnecessary.

Lets configure host Grub2 for the 'none' platform.

Note that this still installs a platform-dependent file:
    .../host/lib/grub/i386-pc/config.h

This file does not seem to have much purpose, but it is harmless.
We did not care to provide a post-isntall hook to remove it.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:56 +02:00
Kory Maincent
1fc095ec75 boot/grub2: fix the cdboot.img source from host to target
This patch updates the location of cdboot.img used, to select the one
from the target directory and not from the host.
The host-grub2 is built only to have access to the Grub tools binaries.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:53 +02:00
Kory Maincent
60b798e000 boot/grub2: add more explicit build messages
This patch adds the calls to MESSAGE, to explicit the different step of
the per-platform builds, following the current tuple loop. Besides a
nicer output to the user, this can also help debug what step actualy
failed.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:49 +02:00
Kory Maincent
7edf28468d boot/grub2: remove the unnecessary \-continuations
This patch cleans the code by removing unnecessary \-continuations.
It replaces the semi-colons by either && or separate lines.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:44 +02:00
Kory Maincent
e077b3997c boot/grub2: fix the installation of target tools
The tools were not installed anymore since we move from autotools to
generic-package. This patch fixes their installation.

We have decided to implement the install tool process by running the "make
install" command for each tuple. This allows to have all different
platforms Grub modules installed in the target. The drawback is the
overwrite of Grub2 binaries tools during each "make install" command. This
drawback is absolutely not important as it happens in the same package. This is
the best option to avoid unnecessary and more complexity to this package.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:40 +02:00
Bartosz Bilas
6091f4af8f boot/barebox: bump version to 2021.10.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-10-15 22:50:32 +02:00
Kory Maincent
883f9fc754 boot/edk2: add support to build 32bit edk2 when using x86_64 architecture
Add BR2_TARGET_EDK2_PLATFORM_OVMF_I386 for x86_64 architecture.
Update the management of EDK2_ARCH to follow the edk2 platform type in
place of BR2 architecture.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-10-15 21:34:25 +02:00
Heiko Thiery
3f47350526 boot/uboot: bump to version 2021.10
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-10-09 22:43:45 +02:00
Kory Maincent
e827bfd0dd boot/edk2: allow building for i386
Add support the build the firmware for QEMU i386 pc machine

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
  - do not make it available for BR2_x86_64
  - introduce BR2_TARGET_EDK2_ARCH_SUPPORTS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-03 14:38:31 +02:00
Kory Maincent
b68810e70c boot/grub2: add support to build multiple Grub2 configurations in the same build
When Grub2 is build it is configured only for one boot set-up, BIOS Legacy,
EFI 32 bit or EFI 64 bit. It can not deal with several boot set-up on the
same image.

This patch allows to build Grub2 for different configurations simultaneously.
To cover Grub2 configuration of legacy BIOS platforms (32-bit), 32-bit EFI
BIOS and 64-bit EFI BIOS in the same build, multi-build system felt much more
reasonable to just extend the grub2 package into 3 packages.

We can no longer use autotools-package as a consequence of this multi-build, and
we have to resort to generic-package and a partial duplication of
the autotools-infra. Grub2 was already using custom option like --prefix or
--exec-prefix so this won't add much more weirdness.

We use a GRUB2_TUPLES list to describe all the configurations selected.
For each boot case described in the GRUB2_TUPLES list, it configures and
builds Grub2 in a separate folder named build-$(tuple).
We use a foreach loop to make actions on each tuple selected.

We have to separate the BR2_TARGET_GRUB2_BUILTIN_MODULES and the
BR2_TARGET_GRUB2_BUILTIN_CONFIG for each BIOS or EFI boot cases.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
  - keep sub-options properly indented
  - fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-27 21:36:06 +02:00
Kory Maincent
3efb5e31fc board, boot, package: remove usage of startup.nsh in EFI partition
The startup.nsh file is useless to boot EFI payloads. We just need to
follow the naming detection specified in the UEFI spec.
The EFI payload need to be placed in the boot/efi folder in the EFI partition
and follow the architecture naming as described below:
32bit : bootia32.efi
x64 : bootx64.efi
aarch32 : bootarm.efi
aarch64 : bootaa64.efi

This naming is already right in the packages involved (systemd, grub2,
gummiboot), therefore we just need to drop the generation of the
startup.nsh file.

The usage of the startup.nsh in genimage is also dropped to avoid errors in
the image generation.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Tested-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-27 21:27:02 +02:00
Romain Naour
6ccfd40711 boot/syslinux: add missing python dependency
Syslinux use some python scripts during the build and they
are using python interpreter by default. It fail to build
when there is no python interpreter on the host.

[...]/syslinux-6.03/com32/cmenu/menugen.py
make[6]: python: No such file or directory

Since Syslinux 5.00, we can override the python interpreter
used during the build:

https://repo.or.cz/syslinux.git/commitdiff/4dec62ce9c2c0d170f21b3ae2d7c618eb7a30c05

Add the	missing	host-python3 dependency and override
it in SYSLINUX_BUILD_CMDS.

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1614446766

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-24 22:02:57 +02:00
Quentin Schulz
8354176915 boot/arm-trusted-firmware: point LICENSE_FILES to correct file
Since v2.2 release (commits 8cc36aec912 "doc: De-duplicate readme and
license files" and 9f1622b018ab "doc: Move content out of readme and
create new index page "), the license.rst file at the root of the git
repo is only telling to look at docs/license.rst file.

Let's point the ARM_TRUSTED_FIRMWARE_LICENSE_FILES to the correct file
and modify the .hash file accordingly.

The comment has also been wrong since we bumped from version 1.4 to 2.2
in commit  a757d173f1  (boot/arm-trusted-firmware: bump to version
2.2). Drop referencing an explicit version, so that is is never wrong
again.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: also fix the comment.]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-24 21:49:37 +02:00
Yann E. MORIN
f05136090d boot/mv-ddr-marvell: fix license file hash
Commit 2cfdf8b8a2 (boot/mv-ddr-marvell: Bump to HEAD as of 20201207)
forgot to update the hash a a source file that we use as license file.

Fixes: #14221

Reported-by: nyanyamiau@gmail.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: D. Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-24 21:45:20 +02:00
Bartosz Bilas
e275b7b0a0 boot/barebox: bump version to 2021.08.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-17 23:31:02 +02:00
Heiko Thiery
3af9c55de0 boot/uboot: fix hook to copy imx firmware files
Simplification has broken it. Fix it again.

Fixes: af99e7a5f3 ("boot/uboot: copy IMX firmware files to uboot package dir")

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-14 21:36:04 +02:00
Yann E. MORIN
d27c74381c boot/uboot: fix check-package
Fix check-package issues introduced with commit af99e7a5f3
(boot/uboot: copy IMX firmware files to uboot package dir).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-12 14:03:03 +02:00
Heiko Thiery
af99e7a5f3 boot/uboot: copy IMX firmware files to uboot package dir
The mainline U-Boot can create an i.MX specific firmware image (e.g. flash.bin).
For this the i.MX firmware files (DDR, HDMI) must be in the toplevel directory.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr: simplify hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-12 10:48:06 +02:00
Heiko Thiery
291eb252ac boot/uboot: copy ATF bl31 binary to uboot package dir
If the ATF binary is used by U-Boot, the file is expected to be in the
toplevel directory.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-09-11 22:53:53 +02:00
Arnout Vandecappelle (Essensium/Mind)
7dac56b76e Merge branch 'master' into next
Conflicts:
	package/go/go.hash
	package/go/go.mk

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-08-26 23:40:57 +02:00
Kory Maincent
82f5b3724b boot/arm-trusted-firmware: Add out-of-source ATF device tree support
Similarly to Uboot, this patch adds the ability to copy in and build
out-of-source device tree sources during an ATF build.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-08-19 23:27:32 +02:00
Eugen Hristev
338a9b655d boot/at91bootstrap3: update to final 4.0.0 version
Update to AT91Bootstrap 4.0.0 version.

This package is now released under MIT license, and a license file was
added.

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-08-19 22:45:14 +02:00
Ludovic Desroches
2fc6db1227 boot/at91bootstrap3: bump 3.x series to 3.10.3
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-08-17 23:12:28 +02:00
Baruch Siach
ccac9a5bbb boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR
Commit 5f432df7e2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:

make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?

Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-17 09:24:09 +02:00
Thomas Petazzoni
5f432df7e2 boot/arm-trusted-firmware: change ENABLE_STACK_PROTECTOR value when disabled
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).

To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.

Fixes:

 https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-08-08 21:54:32 +02:00
Clément Léger
4200631ce2 boot/optee-os: use dedicated 3.13.0 patch directory
Existing patch is for 3.13.0 optee version but is located at the root
of optee-os folder, leading to error when applying it on more recent
version. Move it to a dedicated 3.13.0 folder.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-08-05 20:56:08 +02:00
Yann E. MORIN
e6b3913cfc package: use the generic _HELP_CMDS for kconfig-based packages
As Thomas put it:

    The <pkg>_HELP_CMDS variable allows packages using the
    kconfig-package infrastructure to display their specific
    targets related to the handling of their configuration.

    However, it was not consistently used and handled by the
    different packages.

So, this commit switches all the kconfig-based package to use the
generic help helper.

As a consequence:

  - all kconfig packages now advetise their kconfig-related actions,
    where some were previously missing: at91bootstrap3, linux-backports,
    swupdate, xvisor;

  - busybox advertises it does not support defconfig files;

  - the 'foo-savedfconfig' action is no longer advertised: it is to be
    considered an internal implementation detail.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-07-25 15:20:24 +02:00
Etienne Carriere
2d5829aa3e boot/optee-os: bump to version 3.13.0
Bump OP-TEE OS package version to OP-TEE release 3.13.0.

Add a patch already merged OP-TEE to fix build issue seen with 3.13.0
on some BR toolchain.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-20 21:41:26 +02:00
Bartosz Bilas
04ed52494d boot/barebox: bump version to 2021.07.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-20 21:30:44 +02:00
Drew Fustini
4210b26892 boot/opensbi: introduce BR2_TARGET_OPENSBI_FW_FDT_PATH
If U-Boot CONFIG_OF_SEPARATE is defined [1], then the device tree will
be built and placed in a u-boot.dtb file alongside u-boot.bin.

When BR2_TARGET_UBOOT_FORMAT_DTB is enabled, buildroot will copy
u-boot.dtb to $(BINARIES_DIR).

This is useful for RISC-V platforms that want to build OpenSBI with an
external DTB by using FW_FDT_PATH [2].

[1] https://github.com/u-boot/u-boot/blob/master/doc/README.fdt-control
[2] https://github.com/riscv/opensbi/blob/master/docs/firmware/fw.md

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 21:24:37 +02:00
Drew Fustini
ce534677cb boot/uboot: introduce BR2_TARGET_UBOOT_FORMAT_DTB
If U-Boot CONFIG_OF_SEPARATE is defined [1], then the device tree will
be built and placed in a u-boot.dtb file alongside u-boot.bin.

When BR2_TARGET_UBOOT_FORMAT_DTB is enabled, buildroot will copy
u-boot.dtb to $(BINARIES_DIR).

This is useful for RISC-V platforms that want to build OpenSBI with an
external DTB by using FW_FDT_PATH [2].

[1] https://github.com/u-boot/u-boot/blob/master/doc/README.fdt-control
[2] https://github.com/riscv/opensbi/blob/master/docs/firmware/fw.md

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 21:22:21 +02:00
Yann E. MORIN
d0edfec1e2 boot/uboot: add missing dependency to host-pkgconf
Commit 2eaa6d0f36 (boot/uboot: fix uboot building host tools on x86
architecture) added use of $(PKG_CONFIG_HOST_BINARY), but forgot to add
the corresponding build-ordr dependency.

Add this missing depenency now.

Additionally, the associated test had an explicit host pkgconf enbled in
its configuration. This is superfluous now that uboot properly depends
on host-pkgconf, so drop that from the test.

Note: it hapenned to work, because host-pkgconf, when explicitly enabled
in the configuration, and without per-package directories, would build
before uboot and thus be available. This would fail with PPD, though,
and thus would break for TLPB.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-07-17 13:18:04 +02:00
Pierre-Jean Texier
6e2e9bb654 boot/uboot: bump to version 2021.07
See: https://lists.denx.de/pipermail/u-boot/2021-July/453729.html

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:29:24 +02:00
Drew Fustini
aa2875fba6 boot/beaglev-secondboot: update to 2d200479 to add LICENSE file
Update git commit ID to include recently added LICENSE file

Signed-off-by: Drew Fustini <drew@beagleboard.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-07-13 21:18:50 +02:00
Drew Fustini
dc0bec7936 boot/beaglev-ddrinit: update to c0839f25 to add LICENSE file
Update git commit ID to include recently added LICENSE file

Signed-off-by: Drew Fustini <drew@beagleboard.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-07-13 21:18:19 +02:00
Andreas Hilse
7cb51d4843 boot/grub2: workaround breakage with -O2, -O3 build
When grub2 (i386-pc) is built with -O2 or -O3 it is unable to boot
and the system will reboot in a loop.

Tony Battersby has bisected [0] the error down to this security bugfix:
boot/grub2/0132-kern-parser-Fix-a-stack-buffer-overflow.patch
There is also a bug report by Peter Seiderer about this [1].

As discussed on the mailing list [2], this patch introduces a workaround
in the grub2.mk overriding the global optimization settings with -Os
which results in a booting system.

References:
[0] https://savannah.gnu.org/bugs/?60458
[1] https://bugs.busybox.net/show_bug.cgi?id=13586
[2] http://lists.busybox.net/pipermail/buildroot/2021-May/311524.html

Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-30 23:37:01 +02:00
Kory Maincent
2eaa6d0f36 boot/uboot: fix uboot building host tools on x86 architecture
The make all command run the tools/makefile on the process.
This makefile use "pkg-config" command to support static link.
The issue is the use of pkg-config configured for crosscompiling
to build binaries tools for host architecture.
To fix it, I add pkg-config environment variable to configure it for host.

Add a test to avoid future regress on the build of U-boot.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
  - fix mixed space-TAB indentation
  - fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-30 22:45:18 +02:00
Yann E. MORIN
11fffded3c boot/arm-trusted-firmware: fix coding-style
Fix coding style issue introduced in cf176128ec (boot/arm-trusted-firmware:
add SSP option)

Fixes: cf176128ec

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-26 22:17:07 +02:00
Sergey Matyukevich
cf176128ec boot/arm-trusted-firmware: add SSP option
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based
on the toolchain global BR2_SSP_* options, and all packages are built
with that setting.

However it might not be always convenient to automatically infer TF-A
stack protection from the toolchain features. For instance, secure
memory constraints may become an issue and all the extra TF-A features
need to be tuned or disabled in order to shrink TF-A firmware image.

Besides, for any value other than "none", TF-A platform specific hook
'plat_get_stack_protector_canary' must be implemented. However this hook
is not implemented by all the platforms supported by TF-A. For instance,
Allwinner currently does not provide such a hook.

Add an new option that a user can toggle to enable or disable SSP in
their ATF build. If enabled, the SSP level is automatically inherited
from the global setting.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: simplify logic with a single boolean]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-26 17:10:25 +02:00
Fabrice Fontaine
0567a32b39 boot/edk2: add EDK2_CPE_ID_VENDOR
cpe:2.3🅰️tianocore:edk2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atianocore%3Aedk2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-12 23:15:47 +02:00
Peter Korsgaard
8d07baab43 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-06-07 17:14:37 +02:00
Drew Fustini
6f63917485 boot/beaglev-ddrinit: update to include upstream fixes
Update commit ID to include recent upstream fixes:

- Fix I and D cache synchronization issue (2e2f6faaf105)
- Add carriage return to correct menu formatting (2f6ea51dbb51)
- Add copyright info (7d3413d2ffd9)
- Expand the limit on the size of uboot when update it (623888127a0e)

Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-06 09:25:10 +02:00
Drew Fustini
f1e014655d boot/beaglev-secondboot: update to include upstream fixes
Update the commit id to include upstream fixes:

- Fix print format in load_and_run_ddr(e976d186e69a)
- Update copyright info (f2b049b7fff2)
- Avoid chiplink address exception (86664be28e5d)

Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-06 09:25:07 +02:00
Heiko Thiery
cb5d9fdf1e boot/arm-trusted-firmware: bump to version 2.5
Release notes:
https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html#version-2-5

The existing qemu_aarch64_sbsa_defconfig was using an unpinned version
of ATF, so to avoid any regression, it is pinned to the previous
version, 2.4.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: pin ATF version in qemu_aarch64_sbsa_defconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-21 11:43:54 +02:00
Yann E. MORIN
a86318a79f boot/at91bootstrap3: move BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3
As spotted by Eugen, BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3 currently
is outside the at91bootstrap section, because it was inccorectly added
after the 'endif' statement rather than before, which makes the
menuconfig layout weird.

Move it around.

Reported-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-19 14:34:58 +02:00
Eugen Hristev
d98b5df418 boot/at91bootstrap3: add BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3
Some at91bootstrap3 configurations now use Python scripts on the host
for NAND/PMEC related utilities. In order to be able to use those
scripts, this commit adds a new
BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3 which allows to express the
need for host-python3 as a dependency to build at91bootstrap3.

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
[Thomas: this was extracted from a patch from Eugen adding
at91bootstrap 4.x support.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-19 11:21:00 +02:00
Thomas Petazzoni
7abfdeea12 boot/at91bootstrap3: bump 3.x series to 3.10.2
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-19 11:20:51 +02:00
Eugen Hristev
e009816c67 boot/at91bootstrap3: add support for at91bootstrap 4.x series
The project at https://github.com/linux4sam/at91bootstrap was until
now releasing 3.x versions, which were packaged using
boot/at91bootstrap3/ in Buildroot. Microchip has now started a new
branch of at91bootstrap, called 4.x, which will only support the
following devices: sam9x60, sama5d2, sama5d3, sama5d4, sama7g5. A
number of older devices from Microchip will only be supported by the
existing 3.x series.

Therefore, we cannot simply remove support for the 3.x series, and
allow using only the 4.x series.

So what this commit does is extend the boot/at91bootstrap3 package to
support building both 3.x and 4.x versions. In detail, this implies:

 * Having the BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION symbol point to
   the latest 4.x version. Indeed, we want
   BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION to really point to the
   latest upstream version, even if that means potential breakage for
   users. Users who want to use a fixed version of at91bootstrap
   should anyway not be using
   BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION.

 * Introduce BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION_3X for users who
   would like to use the latest 3.x series.

 * Adjust the installation logic, as images to install are now in
   build/binaries/*.bin instead of binaries/*.bin. In order to not
   have to differentiate 3.x and 4.x, we simply use $(wildcard ...) to
   expand the list of files to install.

 * To make it clear that boot/at91bootstrap3 supports both 3.x and
   4.x, we also update the prompt of the package.

at911bootstrap does not carry a license file; so far we were using
main.c as the license file, as it carries the license blurb. Now that we
have a known alternate version, we would need a per-version hash for
that file. However, this is a bit too cumbersome to handle, so just drop
using main.c as the license file. When upstream introduces a proper
license file, we can revisit the situation.

Update the two defconfigs that were using the upstream 3.9.3 version;
all other defconfigs are using custom tarballs or custom git trees.

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
[Thomas: while this patch is based on previous work by Eugen, it was
reworked quite significantly.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
  - drop main.c as license file, explain why
  - update the two defconfigs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-19 11:15:29 +02:00
Dick Olsson
1074a37e78 boot/edk2: new package
EDK2 is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications.

The initial version of this bootloader package makes it possible to
build firmware for the following seven configurations:

 * QEMU x86-64 pc machine
 * QEMU aarch64 virt machine, booting directly from flash
 * QEMU aarch64 virt machine, booting via the kernel protocol
 * QEMU aarch64 sbsa-ref machine
 * ARM FVP vexpress machine
 * Socionext SynQuacer Developerbox
 * SolidRun MacchiatoBin

Support the use of EDK2 UEFI payloads as BL33 in ARM Trusted Firmware.

Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr:
  - duplicate defaults in Config.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-17 16:52:33 +02:00
Peter Korsgaard
448910b017 boot/opensbi: only check/reference COPYING.BSD when _LATEST_VERSION is used
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the license file name / hash will be correct in all
cases, so only specify COPYING.BSD when _LATEST_VERSION is used, similar to
how we do it for the Linux kernel.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-13 09:48:32 +02:00
Peter Korsgaard
ace8179deb boot/opensbi: move patches to 0.9/ subdir to only apply when the 0.9 version is selected
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the Buildroot patches can be applied - So move them to a
0.9 subdir to ensure they are only applied when the _LATEST_VERSION is used.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-13 09:48:24 +02:00
Fabrice Fontaine
2f7582538f boot/opensbi: unconditionally disable SSP
Fix build failure raised since commit
810ba387be

Fixes:
 - https://gitlab.com/kubu93/buildroot/-/jobs/1247043359

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-12 09:43:18 +02:00
Peter Korsgaard
49453aea90 boot/Config.in: fix beaglev-ddrinit include after rename
Commit 3b551f68a5 (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to
match renamed upstream repo) forgot to update the include in boot/Config.in,
breaking menuconfig.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-11 09:09:07 +02:00
Peter Korsgaard
3b551f68a5 boot/beaglev-ddrlnit: rename to beaglev-ddrinit to match renamed upstream repo
And adjust DEVELOPERS and beaglev_defconfig to match.

The typo in the repo name has now been fixed:

https://github.com/starfive-tech/beagle_ddrinit/issues/6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-10 22:04:38 +02:00
Fabrice Fontaine
0a8e568c65 boot/opensbi: bump to version 0.9
https://github.com/riscv/opensbi/releases/tag/v0.9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-10 09:00:33 +02:00
Thomas Petazzoni
6e746d27c0 boot/beaglev-secondboot: new package
This packages allows to build the first stage bootloader used on the
BeagleV, which is used even before the DDR initialization and
OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first
stage bootloader, but that's the upstream name.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
  - add hash file
  - commit is HEAD only right now, so don't reference HEAD
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-07 23:11:33 +02:00
Thomas Petazzoni
c3dd9ebae0 boot/beaglev-ddrlnit: new package
This commit adds a package for the DDR initialization code used on the
BeagleV platform.

The typo in the package name is upstream's typo, and we just keep it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
  - upstream name is beaglev_ddrlnit, not *init (keep their typo)
  - rename package and variables accordingly
  - the referenced commit is no longer the HEAD of said branch
  - add a hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-07 23:10:37 +02:00
Thomas Petazzoni
24010550be boot/opensbi: add options to enable/disable image installation
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified,
opensbi.mk was assuming that both fw_jump and fw_dynamic would be
produced. However, this is not the case: the OpenSBI per-platform
config.mk can decide which image to build.

As an example, the config.mk for VIC7100-based BeagleV only enables
producing the fw_payload image.

This commit adds three options to enable the installation of images:
one for fw_jump, one for fw_dynamic, one for fw_payload.

The options for fw_jump and fw_dynamic are "default y" when
BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior.

The option for fw_payload is forcefully selected when either Linux or
U-Boot are selected as payloads.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-07 22:29:02 +02:00
Thomas Petazzoni
fe1353020e boot/opensbi: allow using U-Boot as a payload
The opensbi package already allows to use Linux as a payload for
OpenSBI, but in some cases, U-Boot as payload is useful. This commit
adds a BR2_TARGET_OPENSBI_UBOOT_PAYLOAD option, modeled after the
existing BR2_TARGET_OPENSBI_LINUX_PAYLOAD.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-30 09:49:15 +02:00
Thomas Petazzoni
5c7166d387 boot/opensbi: add support for version configuration
OpenSBI contains platform-specific code, so very much like Linux,
U-Boot or other bootloaders, using the upstream version of OpenSBI
will very often not be sufficient.

This commit therefore adds the possibility of specifying a custom
version of OpenSBI, either custom from upstream, custom tarball, or
custom from Git. Support for other version control systems has not
been implemented for now, but could be added later if needed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-30 09:46:21 +02:00
Thomas Petazzoni
3887e8c095 boot/at91bootstrap: add legal information
The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 23:00:55 +02:00
Fabio Estevam
bd62da59b9 boot/uboot: bump to version 2021.04
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:31:49 +02:00
Thomas Petazzoni
1988ebd36c boot/shim: re-enable on ARM32
shim 15.4 builds just fine on ARM32.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 11:46:09 +02:00
Thomas Petazzoni
55c524d46f boot/shim: bump to version 15.4
- Use the tarball provided by upstream developers instead of the one
  generated by Github. Indeed
  https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
  usual, please use the shim-15.4.tar.bz2 tarball, rather than the
  other two archives github automatically produces."

- The tarball now includes the gnu-efi code, so we no longer need to
  select gnu-efi and have it as a build dependency. We continue to use
  BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
  architectures that have gnu-efi support. We also drop the
  EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
  needs to be searched in STAGING_DIR.

- Drop all four patches, which were backports from upstream.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 11:45:17 +02:00
Thomas Petazzoni
4239eff73b boot/shim: fix build issues with gcc 9.x
Backport a set of upstream patches to fix:

MokManager.c: In function ‘write_back_mok_list’:
MokManager.c:1081:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1081 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
      |                   ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1103 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~
MokManager.c: In function ‘delete_cert’:
MokManager.c:1144:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1144 |   if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
      |                   ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_hash_in_list’:
MokManager.c:1195:20: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1195 |   if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
      |                    ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_keys’:
MokManager.c:1359:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1359 |   if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 11:44:57 +02:00
Thomas Petazzoni
888f47cbce boot/shim: fix build issue due to gnu-efi
shim fails to build with:

console.c:448:5: error: ‘EFI_WARN_UNKOWN_GLYPH’ undeclared here (not in a function); did you mean ‘EFI_WARN_UNKNOWN_GLYPH’?
  448 |  {  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
      |     ^~~~~~~~~~~~~~~~~~~~~
      |     EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....

Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 11:44:06 +02:00
Thomas Petazzoni
a490687571 boot/grub2: ignore the last 3 remaining CVEs
An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:

 * CVE-2020-14372 is already fixed by a patch we have in our patch
   stack for grub2

 * CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
   not affect grub2 upstream, nor grub2 with the stack of patches we
   have in Buildroot

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:36:48 +02:00
Peter Seiderer
a9f94d7aba boot/syslinux: fix gcc-10.x compile
Add two patches ([1], [2]) taken from the fedora syslinux package ([3]) to fix
compile/linking with gcc-10.x compiler.

[1] https://src.fedoraproject.org/rpms/syslinux/raw/rawhide/f/0005-Workaround-multiple-definition-of-symbol-errors.patch
[2] https://src.fedoraproject.org/rpms/syslinux/raw/rawhide/f/0006-Replace-builtin-strlen-that-appears-to-get-optimized.patch
[3] https://src.fedoraproject.org/rpms/syslinux/tree/rawhide

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-03-20 23:01:38 +01:00
Thomas Petazzoni
a7143fb316 toolchain: drop old BR2_TOOLCHAIN_HAS_BINUTILS_BUG_* options
The BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615 and
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_20006 options were last selected by the
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 toolchain, but this
toolchain has been removed as part of commit
d87e114a8f in August 2020.

It's time to get rid of those two options that are never enabled.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-15 20:43:30 +01:00
Stefan Sørensen
1bad507220 boot/grub2: Backport 2021/03/02 securify fixes
Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

As detailed in commit 7e64a050fb, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.

In addition to the security fixes, these required patches has been
backported:

  f76a27996 efi: Make shim_lock GUID and protocol type public
  04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
  ac5c93675 efi: Add a function to read EFI variables with attributes
  d7e54b2e5 efi: Add secure boot detection

The following security issues are fixed:

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri

*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)

*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed

*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)

*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-14 08:24:24 +01:00
Nicolas Toromanoff
3cf8173e5c boot/uboot: fix kconfig with per-package directories and host-make
If PER_PACKAGE_DIRECTORIES=Y and using host-make package (because
BR2_FORCE_HOST_BUILD=Y or local make is too old) .stamp_dotconfig
target needs per-package/uboot/host/bin/host-make that doesn't
exist yet.

Add host-make into UBOOT_KCONFIG_DEPENDENCIES.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-13 09:08:48 +01:00
Peter Korsgaard
a56be0d30f Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-08 08:06:00 +01:00
Edgar Bonet
7108838386 boot/at91bootstrap3: fix checksum of license
Commit ca1604388a updated the checksum of
the tarball, but failed to update the one of main.c, which serves as a
license file.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-07 21:42:24 +01:00
Etienne Carriere
80d1bc9b19 boot/optee-os: bump to version 3.12.0
Bump OP-TEE OS package version to OP-TEE release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-03-06 23:32:37 +01:00
Bartosz Bilas
4c488c7385 boot/barebox: bump version to 2021.01.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-23 13:43:32 +01:00
Francois Perrad
399432d60f uboot: fix binman with a new dependency
since 2021.01, tools/binman is broken.
tools/binman/control.py imports pkg_resources
the module pkg_resources is supplied by setuptools,
so this new dependency is required.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-12 09:46:27 +01:00
Fabrice Fontaine
0aa8533213 boot/at91bootstrap3: add CPE variables
cpe:2.3🅰️linux_sam:at91bootstrap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinux_sam%3Aat91bootstrap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-23 21:34:38 +01:00
Fabrice Fontaine
4b6202f721 Replace LIBFOO_CPE_ID_NAME by LIBFOO_CPE_ID_PRODUCT
Replace LIBFOO_CPE_ID_NAME by LIBFOO_CPE_ID_PRODUCT to better "comply"
with the official "Well-Formed CPE Name Data Model" parameters:
 - https://csrc.nist.gov/publications/detail/nistir/7695/final
 - https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:43:24 +01:00
Michael Walle
05e6d35fe7 boot/uboot: bump to version 2021.01
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:48:45 +01:00
Yann E. MORIN
7bbf17f359 boot/barebox, package/linux-headers: carry site-method archive format version when overriding _SOURCE
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.

Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.

However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:

  - linux-headers and linux
  - barebox-aux and barebox

When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.

Fix that by manually propagating the per-site-method format-version.

Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:39:14 +01:00
Fabrice Fontaine
aa10748fd7 boot/shim: add SHIM_CPE_ID_VENDOR
cpe:2.3🅰️redhat:shim is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Ashim

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-17 17:14:25 +01:00
Bartosz Bilas
1f763042f9 boot/barebox: bump version to 2020.11.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-16 23:10:42 +01:00
Bin Meng
3fccb15705 boot/uboot: introduce BR2_TARGET_UBOOT_NEEDS_OPENSBI
Some RISC-V platforms (such as SiFive HiFive Unleashed) encapsulate
the OpenSBI firmware image inside U-Boot.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-16 22:41:19 +01:00
Yann E. MORIN
5b95a5dc27 support/download: change format of archives generated from git
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.

However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.

To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.

So, we bump the git-specific format-version to -br1.

The %ci date  has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.

As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.

Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.

For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

    ---8<------8<------8<------8<---
    #!/bin/sh
    # Find and download all packages using git as backend.
    # Manually fix hashes for affected packages.

    # Packages that only have a host variant
    HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'

    # Packages that have a non-git main _SOURCE, and/or which
    # have BR_NO_CHECK_HASH_FOR for the git _SOURCE
    NOT_GIT='aufs|aufs-util|xenomai|linux-headers'

    export BR2_DL_DIR=$(pwd)/temp-dl-dir

    make defconfig
    make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
                boot/vexpress-firmware/ package/ \
            |sed -r -e 's,.*/([^/]+)\.mk,\1,' \
            |sed -r -e '/^('"${NOT_GIT}"')$/d;' \
                    -e 's/^('"${HOST_ONLY}"')/host-\1/;' \
                    -e 's/$/-legal-info/;'
          )

    ---8<------8<------8<------8<---
2021-01-10 22:06:58 +01:00
Matt Weber
63332c33aa package: provide CPE ID details for numerous packages
This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-04 21:43:54 +01:00
Vincent Stehlé
754dc0d933 boot/boot-wrapper-aarch64: bump version
Bump bootwrapper to the latest version.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-02 18:42:57 +01:00
D. Olsson
2cfdf8b8a2 boot/mv-ddr-marvell: Bump to HEAD as of 20201207
Rebase on the mv-ddr-devel branch as the release branches are no longer
maintained.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-30 10:29:05 +01:00
D. Olsson
d8705587dc boot/arm-trusted-firmware: Bump to version 2.4
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-30 10:29:05 +01:00
Jules Maselbas
1c1a629d81 boot/barebox: kconfig needs the toolchain
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2.  As in linux, kconfig can call the compiler
to test its capabilities.

We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain

Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-29 23:53:43 +01:00
Yann E. MORIN
bd560b6da5 boot/lpc32xxcdl: switch upstream location
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.

As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.

Add a hash file while at it.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-29 18:11:49 +01:00
Christoph Müllner
7b3fcbcdaa boot/arm-trusted-firmware: Forward stack protection configuration
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.

As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).

So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.

This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:

  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]

TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.

Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:24:48 +01:00
Garret Kelly
1271867831 boot/uboot: fix custom repo error message
When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.

Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-16 21:30:56 +01:00