Merge tag 'efi-2024-10-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi into next

Pull request efi-2024-10-rc1

Documentation:
      Update requirements.txt to use current Python module versions
      Add a page describing debugging U-Boot with GDB
      FIT: describe data-size as a conditionally mandatory property
      Correct link to FIT specification in SPL code.
      Correct kaslrseed command long text description

UEFI:
      Add unit test checking that don't have kaslr-seed when measuring boot
      Deduplicate code for measured boot.

Other:
      Print size information in fwu command

Author: trini

boot/Kconfig

@@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
 config MEASURED_BOOT
 	bool "Measure boot images and configuration when booting without EFI"
 	depends on HASH && TPM_V2
+	select SHA1
+	select SHA256
+	select SHA384
+	select SHA512
 	help
 	  This option enables measurement of the boot process when booting
 	  without UEFI . Measurement involves creating cryptographic hashes

boot/bootm.c

@@ -24,6 +24,7 @@
 #include <asm/io.h>
 #include <linux/sizes.h>
 #include <tpm-v2.h>
+#include <tpm_tcg2.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif

cmd/fwu_mdata.c

@@ -22,6 +22,7 @@ static void print_mdata(struct fwu_data *data)
 	printf("\tFWU Metadata\n");
 	printf("crc32: %#x\n", data->crc32);
 	printf("version: %#x\n", data->version);
+	printf("size: %#x\n", data->metadata_size);
 	printf("active_index: %#x\n", data->active_index);
 	printf("previous_active_index: %#x\n", data->previous_active_index);
 

cmd/kaslrseed.c

@@ -33,7 +33,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
 }
 
 U_BOOT_LONGHELP(kaslrseed,
-	"[n]\n"
+	"\n"
 	"  - append random bytes to chosen kaslr-seed node\n");
 
 U_BOOT_CMD(

common/spl/spl_fit.c

@@ -587,7 +587,7 @@ __weak void *spl_load_simple_fit_fix_load(const void *fit)
 static void warn_deprecated(const char *msg)
 {
 	printf("DEPRECATED: %s\n", msg);
-	printf("\tSee doc/uImage.FIT/source_file_format.txt\n");
+	printf("\tSee https://fitspec.osfw.foundation/\n");
 }
 
 static int spl_fit_upload_fpga(struct spl_fit_info *ctx, int node,

doc/develop/gdb.rst

@@ -0,0 +1,171 @@
+.. SPDX-License-Identifier: GPL-2.0+
+.. Copyright (c) 2024 Alexander Dahl
+
+Debugging U-Boot with GDB
+=========================
+
+Using a JTAG adapter it is possible to debug a running U-Boot with GDB.
+A common way is to connect a debug adapter to the JTAG connector of your
+board, run a GDB server, connect GDB to the GDB server, and use GDB as usual.
+
+Similarly QEMU can provide a GDB server.
+
+Preparing build
+---------------
+
+Building U-Boot with with reduced optimization (-Og) and without link time
+optimization is recommended for easier debugging::
+
+    CONFIG_CC_OPTIMIZE_FOR_DEBUG=y
+    CONFIG_LTO=n
+
+Otherwise build, install, and run U-Boot as usual.
+
+Using OpenOCD as GDB server
+---------------------------
+
+`OpenOCD <https://openocd.org/>`_ is an open source tool supporting hardware
+debug probes, and providing a GDB server. It is readily available in major Linux
+distributions or you can build it from source.
+
+Here is example of starting OpenOCD on Debian using a J-Link adapter and a
+board with an AT91 SAMA5D2 SoC:
+
+.. code-block:: console
+
+    $ openocd -f interface/jlink.cfg -f target/at91sama5d2.cfg -c 'adapter speed 4000'
+    Open On-Chip Debugger 0.12.0
+    Licensed under GNU GPL v2
+    For bug reports, read
+            http://openocd.org/doc/doxygen/bugs.html
+    Info : auto-selecting first available session transport "jtag". To override use 'transport select <transport>'.
+    adapter speed: 4000 kHz
+
+    Info : Listening on port 6666 for tcl connections
+    Info : Listening on port 4444 for telnet connections
+    Info : J-Link V10 compiled Jan 30 2023 11:28:07
+    Info : Hardware version: 10.10
+    Info : VTarget = 3.244 V
+    Info : clock speed 4000 kHz
+    Info : JTAG tap: at91sama5d2.cpu tap/device found: 0x5ba00477 (mfg: 0x23b (ARM Ltd), part: 0xba00, ver: 0x5)
+    Info : at91sama5d2.cpu_a5.0: hardware has 3 breakpoints, 2 watchpoints
+    Info : at91sama5d2.cpu_a5.0: MPIDR level2 0, cluster 0, core 0, mono core, no SMT
+    Info : starting gdb server for at91sama5d2.cpu_a5.0 on 3333
+    Info : Listening on port 3333 for gdb connections
+
+Notice that OpenOCD is listening on port 3333 for GDB connections.
+
+Using QEMU as GDB server
+------------------------
+
+When running U-Boot on QEMU you can used the '-gdb' parameter to provide a
+GDB server:
+
+     qemu-system-riscv64 -M virt -nographic -gdb tcp::3333 -kernel u-boot
+
+Running a GDB session
+----------------------
+
+You need a GDB suited for your target. This can be the GDB coming with your
+toolchain or *gdb-multiarch* available in your Linux distribution.
+
+.. prompt:: bash $
+
+    gdb-multiarch u-boot
+
+In the above command-line *u-boot* is the U-boot binary in your build
+directory. You may need to adjust the path when calling GDB.
+
+Connect to the GDB server like this:
+
+.. code-block:: console
+
+    (gdb) target extended-remote :3333
+    Remote debugging using :3333
+    0x27fa9ac6 in ?? ()
+    (gdb)
+
+This is fine for debugging before U-Boot relocates itself.
+
+For debugging U-Boot after relocation you need to indicate the relocation
+address to GDB. You can retrieve the relocation address from the U-Boot shell
+with the command *bdinfo*:
+
+.. code-block:: console
+
+    U-Boot> bdinfo
+    boot_params = 0x20000100
+    DRAM bank   = 0x00000000
+    -> start    = 0x20000000
+    -> size     = 0x08000000
+    flashstart  = 0x00000000
+    flashsize   = 0x00000000
+    flashoffset = 0x00000000
+    baudrate    = 115200 bps
+    relocaddr   = 0x27f7a000
+    reloc off   = 0x0607a000
+    Build       = 32-bit
+    current eth = ethernet@f8008000
+    ethaddr     = 00:50:c2:31:58:d4
+    IP addr     = <NULL>
+    fdt_blob    = 0x27b36060
+    new_fdt     = 0x27b36060
+    fdt_size    = 0x00003e40
+    lmb_dump_all:
+     memory.cnt = 0x1 / max = 0x10
+     memory[0]      [0x20000000-0x27ffffff], 0x08000000 bytes flags: 0
+     reserved.cnt = 0x1 / max = 0x10
+     reserved[0]    [0x27b31d00-0x27ffffff], 0x004ce300 bytes flags: 0
+    devicetree  = separate
+    arch_number = 0x00000000
+    TLB addr    = 0x27ff0000
+    irq_sp      = 0x27b36050
+    sp start    = 0x27b36040
+    Early malloc usage: cd8 / 2000
+
+Look out for the line starting with *relocaddr* which has the address
+you need, ``0x27f7a000`` in this case.
+
+On most architectures (not sandbox, x86, Xtensa) the global data pointer is
+stored in a fixed register:
+
+============ ========
+Architecture Register
+============ ========
+arc          r25
+arm          r9
+arm64        x18
+m68k         d7
+microblaze   r31
+mips         k0
+nios2        gp
+powerpc      r2
+riscv        gp
+sh           r13
+============ ========
+
+On these architecture the relocation address cat be determined by
+dereferencing the global data pointer stored in register, *r9* in the example:
+
+.. code-block:: console
+
+     (gdb) p/x (*(struct global_data*)$r9)->relocaddr
+     $1 = 0x27f7a000
+
+In the GDB shell discard the previously loaded symbol file and add it once
+again with the relocation address like this:
+
+.. code-block:: console
+
+    (gdb) symbol-file
+    Discard symbol table from `/home/adahl/build/u-boot/v2024.04.x/u-boot'? (y or n) y
+    No symbol file now.
+    (gdb) add-symbol-file u-boot 0x27f7a000
+    add symbol table from file "u-boot" at
+            .text_addr = 0x27f7a000
+    (y or n) y
+    Reading symbols from u-boot...
+    (gdb)
+
+You can now use GDB as usual, setting breakpoints, printing backtraces,
+inspecting variables, stepping through the code, etc.

doc/develop/index.rst

@@ -60,6 +60,7 @@ Debugging
    :maxdepth: 1
 
    crash_dumps
+   gdb
    trace
 
 Packaging

doc/sphinx/requirements.txt

@@ -1,18 +1,18 @@
 alabaster==0.7.16
-Babel==2.14.0
-certifi==2023.11.17
+Babel==2.15.0
+certifi==2024.6.2
 charset-normalizer==3.3.2
 docutils==0.20.1
 idna==3.7
 imagesize==1.4.1
 Jinja2==3.1.4
-MarkupSafe==2.1.3
-packaging==23.2
-Pygments==2.17.2
-requests==2.32.2
+MarkupSafe==2.1.5
+packaging==24.1
+Pygments==2.18.0
+requests==2.32.3
 six==1.16.0
 snowballstemmer==2.2.0
-Sphinx==7.2.6
+Sphinx==7.3.7
 sphinx-prompt==1.8.0
 sphinx-rtd-theme==2.0.0
 sphinxcontrib-applehelp==1.0.8
@@ -22,4 +22,4 @@ sphinxcontrib-jquery==4.1
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.7
 sphinxcontrib-serializinghtml==1.1.10
-urllib3==2.1.0
+urllib3==2.2.1

doc/usage/fit/source_file_format.rst

@@ -254,9 +254,6 @@ compression
     zstd                  zstd compressed
     ====================  ==================
 
-data-size
-    size of the data in bytes
-
 
 Conditionally mandatory property
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -276,6 +273,9 @@ data-position
     not relative to the loading of the FIT. This is mandatory if external data
     used with a fixed address.
 
+data-size
+    Size of the data in bytes. This is mandatory if external data is used.
+
 os
     OS name, mandatory for types "kernel". Valid OS names are:
 

include/efi_tcg2.h

@@ -18,21 +18,14 @@
 
 #include <efi_api.h>
 #include <tpm-v2.h>
+#include <tpm_tcg2.h>
 
 /* TPMV2 only */
 #define TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002
 #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
 #define PE_COFF_IMAGE 0x0000000000000010
 
 #define EFI_TCG2_MAX_PCR_INDEX 23
-
-/* Algorithm Registry */
-#define EFI_TCG2_BOOT_HASH_ALG_SHA1    0x00000001
-#define EFI_TCG2_BOOT_HASH_ALG_SHA256  0x00000002
-#define EFI_TCG2_BOOT_HASH_ALG_SHA384  0x00000004
-#define EFI_TCG2_BOOT_HASH_ALG_SHA512  0x00000008
-#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
-
 #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
 
 #define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE