For the first eMMC read of data for upload, use the "large" dfu_buf (now
configurable) instead of usb request buffer allocated at composite layer
(which is 4KiB) [*].

For eMMC the whole file is read, which usually is larger than the buffer [*]
provided with usb request.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Tom Rini <trini@ti.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>

In the following commit:
"dfu: Support larger than memory transfers."
SHA1: ea2453d5

The ext4{read|write} command formatting has been changed. It removed
a write mandatory [sizebytes] parameter.

It extents DFU_FS_EXT4 case at mmc_file_op to provide mandatory
parameter for DFU write.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Tom Rini <trini@ti.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>

Commit 35fc84fa broke bootm on avr32. It
requires to call do_bootm_linux() with flag set to BOOTM_STATE_OS_PREP before
calling it again with flag set to BOOTM_STATE_OS_GO.
Fix this by allowing flag set to BOOTM_STATE_OS_PREP, this however will
require a complete refactoring later on.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
[trini: Apply to m68k, microblaze, nds32, nios2, openrisc, sh and sparc]
Signed-off-by: Tom Rini <trini@ti.com>

This trivial patch adds the definition of the vid/pid for the Ver C1 of the
USB Ethernet adapter D-Link DUB-E100.

Signed-off-by: Pierre Aubert <p.aubert@staubli.com>
CC: Marek Vasut <marex@denx.de>

while playing with dfu, I tapped in an unaligned access
when doing on the host side a "lsusb -d [vendornr]: -v"
I get on the board:

GADGET DRIVER: usb_dnl_dfu
data abort

    MAYBE you should read doc/README.arm-unaligned-accesses

pc : [<8ff71db8>]          lr : [<8ff75aec>]
sp : 8ef40d18  ip : 00000005     fp : 00000000
r10: 00000000  r9 : 47401410     r8 : 8ef40f38
r7 : 8ef4aae8  r6 : 0000000a     r5 : 8ef4ab28  r4 : 8ef4ab80
r3 : 0000000a  r2 : 00000006     r1 : 00000006  r0 : 8ef4aae8
Flags: Nzcv  IRQs off  FIQs on  Mode SVC_32
Resetting CPU ...

reason is that in the "struct usb_composite_dev" the
"struct usb_device_descriptor desc;" is on an odd address,
and this struct gets accessed in
drivers/usb/gadget/composite.c device_qual()

Fix it, by align this var "struct desc" fix to an aligned
address.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: Samuel Egli <samuel.egli@siemens.com>

This subtle change fix problem with too small amount of allocated
memory to store DFU function pointers.

One needs to allocate extra space for sentinel NULL pointer in this array
of function pointers.

With the previous code, the NULL value overwrites malloc internal data
and afterwards free(f_dfu->function) crashes.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Vasut <marex@denx.de>

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: Ilya Yanok <ilya.yanok@cogentembedded.com>

add a weak dummy function g_dnl_fixup to add the possibility to update
the device_desc board specific. Used on the upcoming siemens board
support, where idVendor and idProduct is stored in an eeprom.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

- set in to_dfu_mode() f_dfu->dfu_state = DFU_STATE_dfuIDLE
  as after every to_dfu_mode call this is done, so move
  this into to_dfu_mode
- switch in dfu_bind() into dfu mode:
  This fixes wrong "dfu-util -l" output, when calling
  "dfu-util -l" after a board reset, without doing a
  download before. See also discussion here:

http://lists.denx.de/pipermail/u-boot/2013-June/157272.html



Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Tom Rini <trini@ti.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Samuel Egli <samuel.egli@siemens.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>

This patch memcpy is used instead of an assignment to
avoid unaligned access execption on some ARM platforms.

Signed-off-by: Piotr Wilczek <p.wilczek@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
CC: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>

This patch use get|put_unaligned_le16 to access structure data
to avoid data abort on some ARM platforms.

Signed-off-by: Piotr Wilczek <p.wilczek@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
CC: Marek Vasut <marex@denx.de>

Dfu transfer uses a buffer before writing data to the
raw storage device. Make the size (in bytes) of this buffer
configurable through environment variable "dfu_bufsiz".
Defaut value is configurable through CONFIG_SYS_DFU_DATA_BUF_SIZE

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Tom Rini <trini@ti.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Acked-by: Tom Rini <trini@ti.com>

Signed-off-by: Tom Rini <trini@ti.com>

Patch 35fc84fa [Refactor the bootm command to reduce code duplication]
breaks booting Linux (compressed uImage with fdt) on powerpc.

boot_jump_linux() mustn't be called before boot_prep_linux() and
boot_body_linux() have been called. So remove the superfluous call
to boot_jump_linux() in arch/powerpc/lib/bootm.c as its called later on
in this function.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@ti.com>

At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>

This restores the ordering of interrupt disable to what it what before
commit 35fc84fa. It seems that on some archiectures (e.g. PowerPC) the
OS is loaded into an interrupt region, which can cause problems if
interrupts are still running.

Tested-by: Stefan Roese <sr@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

With 35fc84fa [Refactor the bootm command to reduce code duplication]
we stopped checking the return value of bootm_load_os (unintentionally!)
and simply returned if we had a non-zero return value from the function.
This broke the valid case of a legacy image file of a single kernel
loaded into an overlapping memory area (the default way of booting
nearly all TI platforms).

The best way to fix this problem in the new code is to make
bootm_load_os be the one to see if we have a problem with this, and if
it's fatal return BOOTM_ERR_RESET and if it's not BOOTM_ERR_OVERLAP, so
that we can avoid calling lmb_reserve() but continue with booting.  We
however still need to handle the other BOOTM_ERR values so re-work
do_bootm_states so that we have an error handler at the bottom we can
goto for problems from bootm_load_os, or problems from the other callers
(as the code was before).  Add a comment to do_bootm_states noting the
existing restriction on negative return values.

Signed-off-by: Tom Rini <trini@ti.com>

---
Changes in v2:
- Rework so that only bootm_load_os and boot_selected_os head down into
  the err case code, and other errors simply return back to the caller.
  Fixes 'spl export'.

In a7143215 we add a check at the end of findfdt to make sure we have
updated it from undefined and if not, warn the user.  This however
forgot a ';' on the end of the previous last test.

Signed-off-by: Tom Rini <trini@ti.com>

Fix:

misc.c: In function 'misc_init_r':
misc.c:210:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
misc.c:211:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
misc.c:212:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]

Signed-off-by: Wolfgang Denk <wd@denx.de>

Update inp_clk, vco_clk and flb_clk for mcf5441x as those
items were moved to arch_global_data.

Signed-off-by: Jason Jin <Jason.jin@freescale.com>

SDRAMC_DARCn_BA() macro worked fine when the BA is 0x00000000 even
though the macro is incorrect. It causes the BA to be set incorrctly
for other base addresses. This patch fixes the macro so that base
addresses other than zero can be used with the MCF5235.

Signed-off-by: Steve deRosier <derosier@gmail.com>

There is a debug call in board.c befor serial interface was initialized.
This moves the debug code behind serial_initialize call.

Signed-off-by: Jens Scharsig (BuS Elektronik) <esw@bus-elektronik.de>

Newer gcc versions warn about unused variables.  This patch corrects a few of
those warnings that popped up in a build for the palmtreo680 board.

Signed-off-by: Mike Dunn <mikedunn@newsguy.com>

Signed-off-by: Axel Lin <axel.lin@ingics.com>

Signed-off-by: Axel Lin <axel.lin@ingics.com>

Signed-off-by: Axel Lin <axel.lin@ingics.com>

Signed-off-by: Axel Lin <axel.lin@ingics.com>

Align the list of default commands mentioned in the configuration options
paragraph of the README with the actual definitions found in
include/config_cmd_default.h

Signed-off-by: Vincent Stehlé <vincent.stehle@freescale.com>

With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives.

For some obscure reason, the current U-Boot code uses lbaint_t for the
number of blocks to read (a rather optimistic estimation of how RAM
sizes will evolve), but not for the starting address. Trying to access
blocks beyond the 2TiB boundary will simply wrap around and read a
block within the 0..2TiB range.

We now use lbaint_t for block start addresses, too. This required
changes to all block drivers as the signature of block_read(),
block_write() and block_erase() in block_dev_desc_t changed.

Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de>

This patch introduces support for command line arguments to Plan 9.
Plan 9 generally dedicates a small region of kernel memory (known
as CONFADDR) for runtime configuration.  A new environment variable
named confaddr was introduced to indicate this location when copying
arguments.

Signed-off-by: Steven Stallion <sstallion@gmail.com>
[trini: Adapt for Simon's changes about correcting argc, no need to bump
by 2 now]
Signed-off-by: Tom Rini <trini@ti.com>

Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.

The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.

Signed-off-by: Simon Glass <sjg@chromium.org>

We want to sign and verify images using sandbox, so enable these options.

Signed-off-by: Simon Glass <sjg@chromium.org>

While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add a function to find regions in device tree given a list of nodes to
include and properties to exclude.

See the header file for full documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>

Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.

But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.

Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.

If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>

When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>

When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>