diff options
| author | Philipp Tomsich <philipp.tomsich@theobroma-systems.com> | 2016-09-16 10:33:20 +0200 |
|---|---|---|
| committer | Klaus Goger <klaus.goger@theobroma-systems.com> | 2016-09-18 20:22:05 +0200 |
| commit | 77c1954572cf9a21a5b5efebb570f22a36fbad7f (patch) | |
| tree | 8dbe97258182b47449146c2870b75d7aead7fe60 | |
| parent | c7f0d108cc276031ba9437537dd89dc65c476345 (diff) | |
spl: Provide a FIT-only policy via SPL_LOAD_FIT_ONLY
When probing multiple interfaces (according to the result from the
board_boot_order function), we need to ensure that only valid FIT
images are considered and disable the fallback to assuming that
a raw (binary-only) U-Boot image is loaded (to avoid hangs/crashes
from jumping to random content loaded from devices that in the
probing order which do not contain a valid image).
When the SPL_LOAD_FIT configuration option is enabled, the new
SPL_LOAD_FIT_ONLY option becomes available to disable such fallback
paths.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
| -rw-r--r-- | Kconfig | 18 | ||||
| -rw-r--r-- | common/spl/spl_mmc.c | 9 |
2 files changed, 18 insertions, 9 deletions
@@ -284,6 +284,15 @@ config SPL_LOAD_FIT particular it can handle selecting from multiple device tree and passing the correct one to U-Boot. +config SPL_LOAD_FIT_ONLY + bool "Force SPL to on load images with FIT header" + depends on SPL_LOAD_FIT + help + Normally SPL falls back to assuming that loaded images are raw + U-Boot binaries, when no FIT header is present. This will cause + a crash when probing boot devices and touching one that does not + contain a valid image. + config SPL_FIT_IMAGE_POST_PROCESS bool "Enable post-processing of FIT artifacts after loading by the SPL" depends on SPL_LOAD_FIT && TI_SECURE_DEVICE @@ -298,15 +307,6 @@ config SPL_FIT_IMAGE_POST_PROCESS injected into the FIT creation (i.e. the blobs would have been pre- processed before being added to the FIT image). -config SPL_LOAD_FIT_ONLY - bool "Force SPL to on load images with FIT header" - depends on SPL_LOAD_FIT - help - Normally SPL falls back to assuming that loaded images are raw - U-Boot binaries, when no FIT header is present. This will cause - a crash when probing boot devices and touching one that does not - contain a valid image. - config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI int "CPU clock frequency" diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c index 04b7540226..d7f0648d92 100644 --- a/common/spl/spl_mmc.c +++ b/common/spl/spl_mmc.c @@ -78,7 +78,16 @@ static int mmc_load_image_raw_sector(struct mmc *mmc, unsigned long sector) load.read = h_spl_load_read; ret = spl_load_simple_fit(&load, sector, header); } else { +#if !defined(CONFIG_SPL_LOAD_FIT_ONLY) ret = mmc_load_legacy(mmc, sector, header); +#else + /* legacy (raw binary) images must be disallowed when + * SPL_LOAD_FIT_ONLY is configured to support the + * probing of multiple boot-devices (where some might + * contain 'random' data and cause a crash). + */ + ret = -1; +#endif } end: |