ARM: Specify aligned address for secure section instead of using attributes

In commit a1274cc94a20 ("ARM: Page align secure section only when it is
executed in situ"), we used output section attribu

ARM: Specify aligned address for secure section instead of using attributes

In commit a1274cc94a20 ("ARM: Page align secure section only when it is
executed in situ"), we used output section attributes (the "ALIGN"
keyword after the colon) to specify the alignment requirements. Using
the constant "COMMONPAGE" there was recently broken in binutils 2.31 [1].

Binutils maintainer Alan Modra suggested the former method would still
work. Since both methods achieve the same result, this patch does just
that. This fixes the "reboot after bootm" issue we've been seeing on
sunxi when booting non-secure.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=23571

Suggested-by: Alan Modra <amodra@gmail.com>
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Jagan Teki <jagan@openedev.com>

show more ...

Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot

Patch queue for efi - 2018-07-25

Highlights this time:

- Many small fixes to improve spec compatibility (found by SCT)
- Almost eno

Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot

Patch queue for efi - 2018-07-25

Highlights this time:

- Many small fixes to improve spec compatibility (found by SCT)
- Almost enough to run with sandbox target
- GetTime() improvements
- Enable EFI_LOADER and HYP entry on ARMv7 with NONSEC=y

show more ...

efi_loader: Rename sections to allow for implicit data

Some times gcc may generate data that is then used within code that may
be part of an efi runtime section. That data could be jump tables,
cons

efi_loader: Rename sections to allow for implicit data

Some times gcc may generate data that is then used within code that may
be part of an efi runtime section. That data could be jump tables,
constants or strings.

In order to make sure we catch these, we need to ensure that gcc emits
them into a section that we can relocate together with all the other
efi runtime bits. This only works if the -ffunction-sections and
-fdata-sections flags are passed and the efi runtime functions are
in a section that starts with ".text".

Up to now we had all efi runtime bits in sections that did not
interfere with the normal section naming scheme, but this forces
us to do so. Hence we need to move the efi_loader text/data/rodata
sections before the global *(.text*) catch-all section.

With this patch in place, we should hopefully have an easier time
to extend the efi runtime functionality in the future.

Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: Fix x86_64 breakage]

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Revert "ARM: fixed relocation using proper alignment"

It turns out this change was not intended to be merged and as such,
revert it.

This reverts commit cdde7de0364ffa505d631b342f1a2fa729e8e67d.

R

Revert "ARM: fixed relocation using proper alignment"

It turns out this change was not intended to be merged and as such,
revert it.

This reverts commit cdde7de0364ffa505d631b342f1a2fa729e8e67d.

Reported-by: Manfred Schlaegl <manfred.schlaegl@ginzinger.com>
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

ARM: fixed relocation using proper alignment

Using u-boot-2017.05 on i.MX6UL we ran into following problem:
Initially U-Boot could be started normally.
If we added one random command in configuratio

ARM: fixed relocation using proper alignment

Using u-boot-2017.05 on i.MX6UL we ran into following problem:
Initially U-Boot could be started normally.
If we added one random command in configuration, the newly generated
image hung at startup (last output was DRAM: 256 MiB).

We tracked this down to a data abort within relocation (relocated_code).

relocated_code in arch/arm/lib/relocate.S copies 8 bytes per loop
iteration until the source pointer is equal to __image_copy_end.
In a good case __image_copy_end was aligned to 8 bytes, so the loop
stopped as suggested, but in an errornous case __image_copy_end was
not aligned to 8 bytes, so the loop ran out of bounds and caused a
data abort exception.

This patches solves the issue by aligning __image_copy_end to 8 byte
using the linker script related to arm.

I don't know if it's the correct way to solve this, so some review would
be very appreciated.

show more ...

ARM: create .secure_stack section only for PSCI

Jon Master reports that QEMU refuses to load a U-Boot image built
with CONFIG_ARMV7_NONSEC, but without CONFIG_ARMV7_PSCI since
commit 5a3aae68c74e ("

ARM: create .secure_stack section only for PSCI

Jon Master reports that QEMU refuses to load a U-Boot image built
with CONFIG_ARMV7_NONSEC, but without CONFIG_ARMV7_PSCI since
commit 5a3aae68c74e ("ARM: armv7: guard memory reserve for PSCI
with #ifdef CONFIG_ARMV7_PSCI").

It looks like only PSCI that needs the Secure stack, so move
the #ifdef to guard the whole of .secure_stack allocation in order
not to create the empty section.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reported-by: Jon Masters <jcm@redhat.com>
Link: http://patchwork.ozlabs.org/patch/664025/

show more ...

ARM: armv7: guard memory reserve for PSCI with #ifdef CONFIG_ARMV7_PSCI

If CONFIG_ARMV7_NONSEC is enabled, the linker script requires
CONFIG_ARMV7_PSCI_NR_CPUS regardless of CONFIG_ARMV7_PSCI.

Revi

ARM: armv7: guard memory reserve for PSCI with #ifdef CONFIG_ARMV7_PSCI

If CONFIG_ARMV7_NONSEC is enabled, the linker script requires
CONFIG_ARMV7_PSCI_NR_CPUS regardless of CONFIG_ARMV7_PSCI.

Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge branch 'master' of http://git.denx.de/u-boot-sunxi

ARM: Add secure section for initialized data

The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.

Signed-off-by:

ARM: Add secure section for initialized data

The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

show more ...

ARM: Add CONFIG_ARMV7_SECURE_MAX_SIZE and check size of secure section

As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.

Add a configurable CO

ARM: Add CONFIG_ARMV7_SECURE_MAX_SIZE and check size of secure section

As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.

Add a configurable CONFIG_ARMV7_SECURE_MAX_SIZE so platforms can define
how much secure memory is available. The linker then checks the size of
the whole secure section against this.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

show more ...

ARM: Add an empty secure stack section

Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.

T

ARM: Add an empty secure stack section

Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.

This was partially fixed in ("ARM: allocate extra space for PSCI stack
in secure section during link phase"). However, calculating stack space
from psci_text_end in one place, while allocating the space in another
is error prone.

This patch adds a separate empty secure stack section, with space for
CONFIG_ARMV7_PSCI_NR_CPUS stacks, each 1 KB. There's also
__secure_stack_start and __secure_stack_end symbols. The linker script
handles calculating the correct VMAs for the stack section. For
platforms that relocate/copy the secure monitor before using it, the
space is not allocated in the executable, saving space.

For platforms that do not define CONFIG_ARMV7_PSCI_NR_CPUS, a whole page
of stack space for 4 CPUs is allocated, matching the previous behavior.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

show more ...

ARM: Page align secure section only when it is executed in situ

Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.

Since the secure secti

ARM: Page align secure section only when it is executed in situ

Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.

Since the secure section in the u-boot image is only storage, there's
no reason to page align it and increase the binary image size.

Page align the secure section only when CONFIG_ARMV7_SECURE_BASE is not
defined. And instead of just aligning the __secure_start symbol, align
the whole .__secure_start section. This also makes the section empty,
so we need to add KEEP() to the input entry to prevent the section from
being garbage collected.

Also use ld constant "COMMONPAGESIZE" instead of hardcoded page size.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

show more ...

ARM: allocate extra space for PSCI stack in secure section during link phase

The PSCI implementation expects at most 2 pages worth of space reserved
at the end of the secure section for its stacks.

ARM: allocate extra space for PSCI stack in secure section during link phase

The PSCI implementation expects at most 2 pages worth of space reserved
at the end of the secure section for its stacks. If PSCI is relocated to
secure SRAM, then everything is fine. If no secure SRAM is available,
and PSCI remains in main memory, the reserved memory space doesn't cover
the space used by the stack.

If one accesses PSCI after Linux has fully booted, the memory that should
have been reserved for the PSCI stacks may have been used by the kernel
or userspace, and would be corrupted. Observed after effects include the
system hanging or telinit core dumping when trying to reboot. It seems
the init process gets hit the most on my test bed.

This fix allocates the space used by the PSCI stacks in the secure
section by skipping pages in the linker script, but only when there is
no secure SRAM, to avoid bloating the binary.

This fix is only a stop gap. It would be better to rework the stack
allocation mechanism, maybe with proper usage of CONFIG_ macros and an
explicit symbol.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

show more ...

arm: x86: Drop command-line code when CONFIG_CMDLINE is disabled

Update the link script to drop this code when not needed. This is only done
for two architectures at present.

Signed-off-by: Simon G

arm: x86: Drop command-line code when CONFIG_CMDLINE is disabled

Update the link script to drop this code when not needed. This is only done
for two architectures at present.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

show more ...

efi_loader: Add runtime services

After booting has finished, EFI allows firmware to still interact with the OS
using the "runtime services". These callbacks live in a separate address space,
since t

efi_loader: Add runtime services

After booting has finished, EFI allows firmware to still interact with the OS
using the "runtime services". These callbacks live in a separate address space,
since they are available long after U-Boot has been overwritten by the OS.

This patch adds enough framework for arbitrary code inside of U-Boot to become
a runtime service with the right section attributes set. For now, we don't make
use of it yet though.

We could maybe in the future map U-boot environment variables to EFI variables
here.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>

show more ...

ARM: Disable "DISCARD" for secure section if CONFIG_ARMV7_SECURE_BASE isn't defined

"DISCARD" will remove ._secure.text relocate, but PSCI framework
has already used some absolute address those need

ARM: Disable "DISCARD" for secure section if CONFIG_ARMV7_SECURE_BASE isn't defined

"DISCARD" will remove ._secure.text relocate, but PSCI framework
has already used some absolute address those need to relocate.

Use readelf -t -r u-boot show us:
.__secure_start addr: 601408e4
.__secure_end addr: 60141460

60141140 00000017 R_ARM_RELATIVE
46 _secure_monitor:
47 #ifdef CONFIG_ARMV7_PSCI
48 ldr r5, =_psci_vectors

60141194 00000017 R_ARM_RELATIVE
6014119c 00000017 R_ARM_RELATIVE
601411a4 00000017 R_ARM_RELATIVE
601411ac 00000017 R_ARM_RELATIVE
64 _psci_table:
66 .word psci_cpu_suspend
...
72 .word psci_migrate

60141344 00000017 R_ARM_RELATIVE
6014145c 00000017 R_ARM_RELATIVE
202 ldr r5, =psci_text_end

Solutions:
1. Change absolute address to RelAdr.
Based on LDR (immediate, ARM), we only have 4K offset to jump.
Now PSCI code size is close to 4K size that is LDR limit jump size,
so even if the LDR is based on the current instruction address,
there is also have a risk for RelAdr. If we use two jump steps I
think we can fix this issue, but looks too hack, so give up this way.

2. Enable "DISCARD" only for CONFIG_ARMV7_SECURE_BASE has defined.
If CONFIG_ARMV7_SECURE_BASE is defined in platform, all of secure
will in the BASE address that is absolute.

Signed-off-by: Wang Dongsheng <dongsheng.wang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

show more ...

Merge branch 'master' of git://www.denx.de/git/u-boot-imx

arm: discard relocation entries for secure text

The code such as PSCI in section named secure is bundled with
u-boot image, and when bootm, the code will be copied to their
runtime address same to c

arm: discard relocation entries for secure text

The code such as PSCI in section named secure is bundled with
u-boot image, and when bootm, the code will be copied to their
runtime address same to compliation/linking address -
CONFIG_ARMV7_SECURE_BASE.

When compile the PSCI code and link it into the u-boot image,
there will be relocation entries in .rel.dyn section for PSCI.
Actually, we do not needs these relocation entries.

If still keep the relocation entries in .rel.dyn section,
r0 at line 103 and 106 in arch/arm/lib/relocate.S may be an invalid
address which may not support read/write for one SoC.
102 /* relative fix: increase location by offset */
103 add r0, r0, r4
104 ldr r1, [r0]
105 add r1, r1, r4
106 str r1, [r0]

So discard them to avoid touching the relocation entry in
arch/arm/lib/relocate.S.

Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
Cc: Tom Warren <twarren@nvidia.com>
Cc: York Sun <yorksun@freescale.com>
Cc: Hans De Goede <hdegoede@redhat.com>
Cc: Ian Campbell <ijc@hellion.org.uk>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@konsulko.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Stefano Babic <sbabic@denx.de>
Acked-by: Albert ARIBAUD <albert.u.boot@aribaud.net>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-tegra

ARM: Clean up CONFIG_ARMV7_NONSEC/VIRT/PSCI conditions

CONFIG_ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC, thus doesn't need to
be taken into account additionally. CONFIG_ARMV7_PSCI is only set on
boa

ARM: Clean up CONFIG_ARMV7_NONSEC/VIRT/PSCI conditions

CONFIG_ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC, thus doesn't need to
be taken into account additionally. CONFIG_ARMV7_PSCI is only set on
boards that support CONFIG_ARMV7_NONSEC, and it only works on those.

CC: Tang Yuantian <Yuantian.Tang@freescale.com>
CC: York Sun <yorksun@freescale.com>
CC: Steve Rae <srae@broadcom.com>
CC: Andre Przywara <andre.przywara@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Alison Wang <alison.wang@freescale.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-arm

Merge branch 'master' of git://git.denx.de/u-boot-arm

ARM: HYP/non-sec: add separate section for secure code

In anticipation of refactoring the HYP/non-secure code to run
from secure RAM, add a new linker section that will contain that
code.

Nothing i

ARM: HYP/non-sec: add separate section for secure code

In anticipation of refactoring the HYP/non-secure code to run
from secure RAM, add a new linker section that will contain that
code.

Nothing is using it just yet.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-arm