From 0307d0c975b0007e48f25f86005dad40fc905b61 Mon Sep 17 00:00:00 2001 From: Jose Diaz de Grenu Date: Wed, 27 Dec 2017 18:00:42 +0100 Subject: [PATCH] rocko migration: u-boot-fw-utils: update patches Pending to update the patch for dynamic environment location in NAND. https://jira.digi.com/browse/DEL-5518 Signed-off-by: Jose Diaz de Grenu --- ...ent-support-for-environment-encrypti.patch | 56 +++--- ...-U-Boot-environment-access-functions.patch | 13 +- ...upport-to-unlock-emmc-boot-partition.patch | 19 +- ...actorize-function-to-get-device-type.patch | 68 ------- ...pport-to-set-dynamic-location-of-env.patch | 166 ------------------ .../u-boot/u-boot-fw-utils_%.bbappend | 2 - meta-digi-dey/conf/distro/dey.conf | 4 + 7 files changed, 48 insertions(+), 280 deletions(-) delete mode 100644 meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0004-tools-env-factorize-function-to-get-device-type.patch delete mode 100644 meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0005-tools-env-add-support-to-set-dynamic-location-of-env.patch diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch index 1c35f84ec..3dc6f1f80 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch @@ -1,7 +1,7 @@ From: "Diaz de Grenu, Jose" Date: Tue, 23 Aug 2016 13:05:05 +0200 -Subject: [PATCH] tools: env: implement support for environment encryption by - CAAM +Subject: [PATCH 1/4] tools: env: implement support for environment encryption + by CAAM https://jira.digi.com/browse/DEL-2836 @@ -10,21 +10,21 @@ Signed-off-by: Diaz de Grenu, Jose configs/sandbox_defconfig | 1 + tools/env/Makefile | 2 +- tools/env/caam_keyblob.h | 45 +++++++++++++++ - tools/env/fw_env.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 185 insertions(+), 1 deletion(-) + tools/env/fw_env.c | 139 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 tools/env/caam_keyblob.h diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig -index 02534bfea761..5a690c1cc623 100644 +index 4c4e4809be76..82ebe96067b5 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig -@@ -90,3 +90,4 @@ CONFIG_UNIT_TEST=y +@@ -193,3 +193,4 @@ CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y CONFIG_UT_ENV=y +CONFIG_MD5=y diff --git a/tools/env/Makefile b/tools/env/Makefile -index 38ad118d032f..fa2a564bb357 100644 +index 95b28c0b3a3c..c10ff66c7772 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -25,7 +25,7 @@ hostprogs-y := fw_printenv @@ -88,10 +88,10 @@ index 000000000000..1cdf3946c1ba + +#endif /* CAAM_KEYBLOB_H */ diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index b2f62827d918..46c619b211b5 100644 +index ab06415898c2..de2e693e9f93 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c -@@ -22,6 +22,7 @@ +@@ -24,6 +24,7 @@ #include #include #include @@ -99,17 +99,14 @@ index b2f62827d918..46c619b211b5 100644 #include #ifdef MTD_OLD -@@ -32,12 +33,21 @@ +@@ -34,9 +35,19 @@ # include #endif +#include "caam_keyblob.h" + #include "fw_env_private.h" #include "fw_env.h" - struct common_args common_args; - struct printenv_args printenv_args; - struct setenv_args setenv_args; - +/* + * The BLOB includes a random AES-256 key (32 bytes) and a + * Message Authentication Code (MAC) (16 bytes) @@ -118,19 +115,20 @@ index b2f62827d918..46c619b211b5 100644 +#define CAAM_KEY_DEV "/dev/caam_kb" + +#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) - #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) ++ + struct env_opts default_opts = { + #ifdef CONFIG_FILE + .config_file = CONFIG_FILE +@@ -113,6 +124,8 @@ static struct environment environment = { - #define WHITESPACE(c) ((c == '\t') || (c == ' ')) -@@ -109,6 +119,8 @@ static struct environment environment = { - - static int env_aes_cbc_crypt(char *data, const int enc); + static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key); +static int caam_encryption_flag; + static int HaveRedundEnv = 0; static unsigned char active_flag = 1; -@@ -234,6 +246,103 @@ int parse_aes_key(char *key, uint8_t *bin_key) +@@ -245,6 +258,103 @@ int parse_aes_key(char *key, uint8_t *bin_key) return 0; } @@ -179,7 +177,7 @@ index b2f62827d918..46c619b211b5 100644 + struct caam_kb_data enc_data; + int fd; + int ret = 0; -+ const int len = getenvsize(); ++ const int len = usable_envsize; + int ioctl_mode; + char *buffer; + unsigned char key_modifier[16]; @@ -234,7 +232,7 @@ index b2f62827d918..46c619b211b5 100644 /* * Print the current definition of one, or more, or all * environment variables -@@ -311,6 +420,15 @@ int fw_env_close(void) +@@ -323,6 +433,15 @@ int fw_env_flush(struct env_opts *opts) } } @@ -250,17 +248,17 @@ index b2f62827d918..46c619b211b5 100644 /* * Update CRC */ -@@ -1154,6 +1272,8 @@ int fw_env_open(void) +@@ -1144,6 +1263,8 @@ int fw_env_open(struct env_opts *opts) struct env_image_single *single; struct env_image_redundant *redundant; + check_caam_encryption(); + - if (parse_config ()) /* should fill envdevices */ - return -1; + if (!opts) + opts = &default_opts; -@@ -1192,6 +1312,15 @@ int fw_env_open(void) - return ret; +@@ -1189,6 +1310,15 @@ int fw_env_open(struct env_opts *opts) + goto open_cleanup; } + if (caam_encryption_flag) { @@ -275,8 +273,8 @@ index b2f62827d918..46c619b211b5 100644 crc0_ok = (crc0 == *environment.crc); if (!HaveRedundEnv) { if (!crc0_ok) { -@@ -1249,6 +1378,15 @@ int fw_env_open(void) - return ret; +@@ -1251,6 +1381,15 @@ int fw_env_open(struct env_opts *opts) + goto open_cleanup; } + if (caam_encryption_flag) { diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-Implement-U-Boot-environment-access-functions.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-Implement-U-Boot-environment-access-functions.patch index 0a18c6598..d9e1b8465 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-Implement-U-Boot-environment-access-functions.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-Implement-U-Boot-environment-access-functions.patch @@ -1,8 +1,9 @@ From: Javier Viguera Date: Tue, 10 Jan 2017 19:34:26 +0100 -Subject: [PATCH] Implement U-Boot environment access functions +Subject: [PATCH 2/4] Implement U-Boot environment access functions Signed-off-by: Javier Viguera +Signed-off-by: Jose Diaz de Grenu --- tools/env/Makefile | 2 +- tools/env/ubootenv.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -12,7 +13,7 @@ Signed-off-by: Javier Viguera create mode 100644 tools/env/ubootenv.h diff --git a/tools/env/Makefile b/tools/env/Makefile -index fa2a564bb357..b29dcea16fe8 100644 +index c10ff66c7772..1d99e3b65dc6 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -25,7 +25,7 @@ hostprogs-y := fw_printenv @@ -26,7 +27,7 @@ index fa2a564bb357..b29dcea16fe8 100644 diff --git a/tools/env/ubootenv.c b/tools/env/ubootenv.c new file mode 100644 -index 000000000000..db789a55adaa +index 000000000000..836fcd14a67f --- /dev/null +++ b/tools/env/ubootenv.c @@ -0,0 +1,62 @@ @@ -61,7 +62,7 @@ index 000000000000..db789a55adaa +{ + int ret = 0; + -+ ret = fw_env_open(); ++ ret = fw_env_open(NULL); + if (ret) + goto err; + @@ -79,7 +80,7 @@ index 000000000000..db789a55adaa +{ + int ret = 0; + -+ ret = fw_env_open(); ++ ret = fw_env_open(NULL); + if (ret) + goto err; + @@ -87,7 +88,7 @@ index 000000000000..db789a55adaa + if (ret) + goto err; + -+ ret = fw_env_close(); ++ ret = fw_env_close(NULL); + +err: + return ret ? -1 : 0; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0003-fw_env-add-support-to-unlock-emmc-boot-partition.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0003-fw_env-add-support-to-unlock-emmc-boot-partition.patch index a2b1259d7..90620db4a 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0003-fw_env-add-support-to-unlock-emmc-boot-partition.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0003-fw_env-add-support-to-unlock-emmc-boot-partition.patch @@ -1,17 +1,17 @@ From: Javier Viguera Date: Thu, 16 Feb 2017 14:53:44 +0100 -Subject: [PATCH] fw_env: add support to unlock emmc boot partition +Subject: [PATCH 3/4] fw_env: add support to unlock emmc boot partition Signed-off-by: Javier Viguera --- - tools/env/fw_env.c | 31 +++++++++++++++++++++++++++++++ - 1 file changed, 31 insertions(+) + tools/env/fw_env.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index 46c619b211b5..1c337b4727a9 100644 +index de2e693e9f93..db1182c7216e 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c -@@ -1177,9 +1177,31 @@ static int flash_read (int fd) +@@ -1173,9 +1173,31 @@ static int flash_read (int fd) return 0; } @@ -43,10 +43,11 @@ index 46c619b211b5..1c337b4727a9 100644 /* dev_current: fd_current, erase_current */ fd_current = open (DEVNAME (dev_current), mode); -@@ -1209,8 +1231,17 @@ static int flash_io (int mode) +@@ -1205,8 +1227,18 @@ static int flash_io (int mode) fd_target = fd_current; } ++ + /* Disable mmcboot protection if using EMMC (set read-write) */ + mmcblk = strstr(DEVNAME(dev_target), "mmcblk"); + if (mmcblk) @@ -58,6 +59,6 @@ index 46c619b211b5..1c337b4727a9 100644 + if (mmcblk) + sysfs_mmcboot_set_protection(mmcblk, 1); + - if (HaveRedundEnv) { - if (close (fd_target)) { - fprintf (stderr, + if (fsync(fd_current) && + !(errno == EINVAL || errno == EROFS)) { + fprintf (stderr, diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0004-tools-env-factorize-function-to-get-device-type.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0004-tools-env-factorize-function-to-get-device-type.patch deleted file mode 100644 index 48aeb0745..000000000 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0004-tools-env-factorize-function-to-get-device-type.patch +++ /dev/null @@ -1,68 +0,0 @@ -From: Hector Palacios -Date: Mon, 29 May 2017 11:41:23 +0200 -Subject: [PATCH 1/2] tools: env: factorize function to get device type - -This function may be reused to determine the device type in other helper -functions. - -Signed-off-by: Hector Palacios - -https://jira.digi.com/browse/DUB-741 ---- - tools/env/fw_env.c | 20 +++++++++++++++----- - 1 file changed, 15 insertions(+), 5 deletions(-) - -diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index 1c337b4727a9..08ba0fd1111f 100644 ---- a/tools/env/fw_env.c -+++ b/tools/env/fw_env.c -@@ -1134,7 +1134,7 @@ static int flash_write (int fd_current, int fd_target, int dev_target) - return 0; - } - --static int flash_read (int fd) -+static int get_type(int dev, int fd) - { - struct mtd_info_user mtdinfo; - struct stat st; -@@ -1151,7 +1151,7 @@ static int flash_read (int fd) - rc = ioctl(fd, MEMGETINFO, &mtdinfo); - if (rc < 0) { - fprintf(stderr, "Cannot get MTD information for %s\n", -- DEVNAME(dev_current)); -+ DEVNAME(dev)); - return -1; - } - if (mtdinfo.type != MTD_NORFLASH && -@@ -1159,7 +1159,7 @@ static int flash_read (int fd) - mtdinfo.type != MTD_DATAFLASH && - mtdinfo.type != MTD_UBIVOLUME) { - fprintf (stderr, "Unsupported flash type %u on %s\n", -- mtdinfo.type, DEVNAME(dev_current)); -+ mtdinfo.type, DEVNAME(dev)); - return -1; - } - } else { -@@ -1167,10 +1167,20 @@ static int flash_read (int fd) - mtdinfo.type = MTD_ABSENT; - } - -- DEVTYPE(dev_current) = mtdinfo.type; -+ DEVTYPE(dev) = mtdinfo.type; -+ return 0; -+} -+ -+static int flash_read (int fd) -+{ -+ int rc; -+ -+ rc = get_type(dev_current, fd); -+ if (rc < 0) -+ return -1; - - rc = flash_read_buf(dev_current, fd, environment.image, CUR_ENVSIZE, -- DEVOFFSET (dev_current), mtdinfo.type); -+ DEVOFFSET(dev_current), DEVTYPE(dev_current)); - if (rc != CUR_ENVSIZE) - return -1; - diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0005-tools-env-add-support-to-set-dynamic-location-of-env.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0005-tools-env-add-support-to-set-dynamic-location-of-env.patch deleted file mode 100644 index 0742e56ac..000000000 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0005-tools-env-add-support-to-set-dynamic-location-of-env.patch +++ /dev/null @@ -1,166 +0,0 @@ -From: Hector Palacios -Date: Mon, 29 May 2017 12:10:10 +0200 -Subject: [PATCH 2/2] tools: env: add support to set dynamic location of - environment copies - -A mechanism was added in U-Boot to set the location of environment copies -dynamically in an shared area. If the config file sets both copies to the -same offset, a function will be called to set the offset of each copy to -the first two good NAND sectors within the specified area. - -The config file should contain the sector size and the number of sectors -of the area, like in this example: - - # Device name Offset Size Erase-size No.Blocks - /dev/mtd1 0x0 0x20000 0x20000 8 - /dev/mtd1 0x0 0x20000 0x20000 8 - -Signed-off-by: Hector Palacios - -https://jira.digi.com/browse/DUB-741 ---- - tools/env/fw_env.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 96 insertions(+), 7 deletions(-) - -diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index 08ba0fd1111f..c1a4d89f62c0 100644 ---- a/tools/env/fw_env.c -+++ b/tools/env/fw_env.c -@@ -122,6 +122,8 @@ static int env_aes_cbc_crypt(char *data, const int enc); - static int caam_encryption_flag; - - static int HaveRedundEnv = 0; -+static int have_dynamic_env; -+static off_t top_of_range; /* end of the last block we may use */ - - static unsigned char active_flag = 1; - /* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */ -@@ -790,7 +792,6 @@ static int flash_read_buf (int dev, int fd, void *buf, size_t count, - 0 on NOR */ - size_t processed = 0; /* progress counter */ - size_t readlen = count; /* current read length */ -- off_t top_of_range; /* end of the last block we may use */ - off_t block_seek; /* offset inside the current block to the start - of the data */ - loff_t blockstart; /* running start of the current block - -@@ -809,12 +810,22 @@ static int flash_read_buf (int dev, int fd, void *buf, size_t count, - */ - blocklen = DEVESIZE (dev); - -- /* -- * To calculate the top of the range, we have to use the -- * global DEVOFFSET (dev), which can be different from offset -- */ -- top_of_range = ((DEVOFFSET(dev) / blocklen) + -- ENVSECTORS (dev)) * blocklen; -+ if (!have_dynamic_env) { -+ /* -+ * To calculate the top of the range, we have to use the -+ * global DEVOFFSET (dev), which can be different from -+ * offset -+ */ -+ top_of_range = ((DEVOFFSET(dev) / blocklen) + -+ ENVSECTORS(dev)) * blocklen; -+ } -+ -+ if (offset >= top_of_range) { -+ /* End of range is reached */ -+ fprintf(stderr, -+ "Too few good blocks within range\n"); -+ return -1; -+ } - - /* Limit to one block for the first read */ - if (readlen > blocklen - block_seek) -@@ -1208,6 +1219,72 @@ static int sysfs_mmcboot_set_protection(const char *device, int value) - return 0; - } - -+static int set_dynamic_location(void) -+{ -+ int fd, i, nsectors, type; -+ loff_t offset, blocksize; -+ int dev = 0; -+ int copies = 1; -+ int rc = 0; -+ -+ if (HaveRedundEnv) -+ copies++; -+ -+ fd = open(DEVNAME(dev), O_RDONLY); -+ if (fd < 0) { -+ fprintf(stderr, "Can't open %s: %s\n", DEVNAME(dev), -+ strerror(errno)); -+ rc = -1; -+ goto error; -+ } -+ -+ rc = get_type(dev, fd); -+ if (rc < 0) { -+ fprintf(stderr, "could not get type\n", DEVNAME(dev), -+ strerror(errno)); -+ rc = -1; -+ goto error; -+ } -+ -+ /* Set initial block to start looking for environment */ -+ offset = DEVOFFSET(dev); -+ /* Use variables for common values */ -+ blocksize = DEVESIZE(dev); -+ type = DEVTYPE(dev); -+ /* Look for the number of sectors specified for the primary copy */ -+ nsectors = ENVSECTORS(dev); -+ -+ for (i = 0; i < nsectors && copies; i++) { -+ rc = flash_bad_block(fd, type, &offset); -+ if (rc < 0) { -+ rc = -1; -+ goto error; -+ } else if (!rc) { -+ /* -+ * Set first good block as primary (no matter if it is -+ * the other copy. After all, the 'current' copy is -+ * determined by the active flag. -+ */ -+ DEVOFFSET(dev) = offset; -+ copies--; -+ dev++; -+ } -+ offset += blocksize; -+ } -+ -+ while (copies) { -+ /* No good sectors available. Set offset out of bounds */ -+ DEVOFFSET(dev) = offset; -+ copies--; -+ dev++; -+ } -+ rc = 0; -+ -+error: -+ close(fd); -+ return rc; -+} -+ - static int flash_io (int mode) - { - int fd_current, fd_target, rc, dev_target; -@@ -1341,6 +1418,18 @@ int fw_env_open(void) - environment.data = single->data; - } - -+ /* -+ * Trigger dynamic location of environment if redundant copy has the -+ * same offset than primary copy. -+ */ -+ if (HaveRedundEnv && (DEVOFFSET(0) == DEVOFFSET(1))) { -+ have_dynamic_env = 1; -+ top_of_range = DEVOFFSET(0) + (ENVSECTORS(0) * DEVESIZE(0)); -+ -+ if (set_dynamic_location() < 0) -+ return -1; -+ } -+ - dev_current = 0; - if (flash_io (O_RDONLY)) - return -1; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend index 5dc685e89..8a58bd8f4 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend @@ -10,8 +10,6 @@ UBOOT_FW_UTILS_PATCHES = " \ file://0001-tools-env-implement-support-for-environment-encrypti.patch \ file://0002-Implement-U-Boot-environment-access-functions.patch \ file://0003-fw_env-add-support-to-unlock-emmc-boot-partition.patch \ - file://0004-tools-env-factorize-function-to-get-device-type.patch \ - file://0005-tools-env-add-support-to-set-dynamic-location-of-env.patch \ " # Patches from 'meta-swupdate' touch the same files than ours, so we need to diff --git a/meta-digi-dey/conf/distro/dey.conf b/meta-digi-dey/conf/distro/dey.conf index 3877924f2..1baea77ba 100644 --- a/meta-digi-dey/conf/distro/dey.conf +++ b/meta-digi-dey/conf/distro/dey.conf @@ -51,6 +51,10 @@ PREFERRED_PROVIDER_jpeg_armv7a ?= "libjpeg-turbo" PREFERRED_VERSION_linux-yocto ?= "4.12%" +# Some features (swupdate, environment encryption) depends on this specific +# provider for u-boot-fw-tools +PREFERRED_PROVIDER_u-boot-fw-utils ?= "u-boot-fw-utils" + # Use git recipe for libsoc PREFERRED_VERSION_libsoc = "git"