boot/bootm.c at master · jcs.org/u-boot

jcs.org / u-boot
fork atom
"Das U-Boot" Source Tree
fork atom
u-boot / boot / bootm.c
at master 1254 lines 32 kB view raw
wrap content
Ilias Apalodimas lmb: Remove lmb_reserve_flags() 1y ago
900a8951
   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * (C) Copyright 2000-2009
   4 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
   5 */
   6
   7#ifndef USE_HOSTCC
   8#include <bootm.h>
   9#include <bootstage.h>
  10#include <cli.h>
  11#include <command.h>
  12#include <cpu_func.h>
  13#include <env.h>
  14#include <errno.h>
  15#include <fdt_support.h>
  16#include <irq_func.h>
  17#include <lmb.h>
  18#include <log.h>
  19#include <malloc.h>
  20#include <mapmem.h>
  21#include <net.h>
  22#include <asm/cache.h>
  23#include <asm/global_data.h>
  24#include <asm/io.h>
  25#include <linux/sizes.h>
  26#include <tpm-v2.h>
  27#include <tpm_tcg2.h>
  28#if defined(CONFIG_CMD_USB)
  29#include <usb.h>
  30#endif
  31#else
  32#include "mkimage.h"
  33#endif
  34
  35#include <bootm.h>
  36#include <image.h>
  37
  38#define MAX_CMDLINE_SIZE	SZ_4K
  39
  40#define IH_INITRD_ARCH IH_ARCH_DEFAULT
  41
  42#ifndef USE_HOSTCC
  43
  44DECLARE_GLOBAL_DATA_PTR;
  45
  46struct bootm_headers images;		/* pointers to os/initrd/fdt images */
  47
  48__weak void board_quiesce_devices(void)
  49{
  50}
  51
  52#if CONFIG_IS_ENABLED(LEGACY_IMAGE_FORMAT)
  53/**
  54 * image_get_kernel - verify legacy format kernel image
  55 * @img_addr: in RAM address of the legacy format image to be verified
  56 * @verify: data CRC verification flag
  57 *
  58 * image_get_kernel() verifies legacy image integrity and returns pointer to
  59 * legacy image header if image verification was completed successfully.
  60 *
  61 * returns:
  62 *     pointer to a legacy image header if valid image was found
  63 *     otherwise return NULL
  64 */
  65static struct legacy_img_hdr *image_get_kernel(ulong img_addr, int verify)
  66{
  67	struct legacy_img_hdr *hdr = (struct legacy_img_hdr *)img_addr;
  68
  69	if (!image_check_magic(hdr)) {
  70		puts("Bad Magic Number\n");
  71		bootstage_error(BOOTSTAGE_ID_CHECK_MAGIC);
  72		return NULL;
  73	}
  74	bootstage_mark(BOOTSTAGE_ID_CHECK_HEADER);
  75
  76	if (!image_check_hcrc(hdr)) {
  77		puts("Bad Header Checksum\n");
  78		bootstage_error(BOOTSTAGE_ID_CHECK_HEADER);
  79		return NULL;
  80	}
  81
  82	bootstage_mark(BOOTSTAGE_ID_CHECK_CHECKSUM);
  83	image_print_contents(hdr);
  84
  85	if (verify) {
  86		puts("   Verifying Checksum ... ");
  87		if (!image_check_dcrc(hdr)) {
  88			printf("Bad Data CRC\n");
  89			bootstage_error(BOOTSTAGE_ID_CHECK_CHECKSUM);
  90			return NULL;
  91		}
  92		puts("OK\n");
  93	}
  94	bootstage_mark(BOOTSTAGE_ID_CHECK_ARCH);
  95
  96	if (!image_check_target_arch(hdr)) {
  97		printf("Unsupported Architecture 0x%x\n", image_get_arch(hdr));
  98		bootstage_error(BOOTSTAGE_ID_CHECK_ARCH);
  99		return NULL;
 100	}
 101	return hdr;
 102}
 103#endif
 104
 105/**
 106 * boot_get_kernel() - find kernel image
 107 *
 108 * @addr_fit: first argument to bootm: address, fit configuration, etc.
 109 * @os_data: pointer to a ulong variable, will hold os data start address
 110 * @os_len: pointer to a ulong variable, will hold os data length
 111 *     address and length, otherwise NULL
 112 *     pointer to image header if valid image was found, plus kernel start
 113 * @kernp: image header if valid image was found, otherwise NULL
 114 *
 115 * boot_get_kernel() tries to find a kernel image, verifies its integrity
 116 * and locates kernel data.
 117 *
 118 * Return: 0 on success, -ve on error. -EPROTOTYPE means that the image is in
 119 * a wrong or unsupported format
 120 */
 121static int boot_get_kernel(const char *addr_fit, struct bootm_headers *images,
 122			   ulong *os_data, ulong *os_len, const void **kernp)
 123{
 124#if CONFIG_IS_ENABLED(LEGACY_IMAGE_FORMAT)
 125	struct legacy_img_hdr	*hdr;
 126#endif
 127	ulong		img_addr;
 128	const void *buf;
 129	const char *fit_uname_config = NULL, *fit_uname_kernel = NULL;
 130#if CONFIG_IS_ENABLED(FIT)
 131	int		os_noffset;
 132#endif
 133
 134#ifdef CONFIG_ANDROID_BOOT_IMAGE
 135	const void *boot_img;
 136	const void *vendor_boot_img;
 137#endif
 138	img_addr = genimg_get_kernel_addr_fit(addr_fit, &fit_uname_config,
 139					      &fit_uname_kernel);
 140
 141	if (IS_ENABLED(CONFIG_CMD_BOOTM_PRE_LOAD))
 142		img_addr += image_load_offset;
 143
 144	bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC);
 145
 146	/* check image type, for FIT images get FIT kernel node */
 147	*os_data = *os_len = 0;
 148	buf = map_sysmem(img_addr, 0);
 149	switch (genimg_get_format(buf)) {
 150#if CONFIG_IS_ENABLED(LEGACY_IMAGE_FORMAT)
 151	case IMAGE_FORMAT_LEGACY:
 152		printf("## Booting kernel from Legacy Image at %08lx ...\n",
 153		       img_addr);
 154		hdr = image_get_kernel(img_addr, images->verify);
 155		if (!hdr)
 156			return -EINVAL;
 157		bootstage_mark(BOOTSTAGE_ID_CHECK_IMAGETYPE);
 158
 159		/* get os_data and os_len */
 160		switch (image_get_type(hdr)) {
 161		case IH_TYPE_KERNEL:
 162		case IH_TYPE_KERNEL_NOLOAD:
 163			*os_data = image_get_data(hdr);
 164			*os_len = image_get_data_size(hdr);
 165			break;
 166		case IH_TYPE_MULTI:
 167			image_multi_getimg(hdr, 0, os_data, os_len);
 168			break;
 169		case IH_TYPE_STANDALONE:
 170			*os_data = image_get_data(hdr);
 171			*os_len = image_get_data_size(hdr);
 172			break;
 173		default:
 174			bootstage_error(BOOTSTAGE_ID_CHECK_IMAGETYPE);
 175			return -EPROTOTYPE;
 176		}
 177
 178		/*
 179		 * copy image header to allow for image overwrites during
 180		 * kernel decompression.
 181		 */
 182		memmove(&images->legacy_hdr_os_copy, hdr,
 183			sizeof(struct legacy_img_hdr));
 184
 185		/* save pointer to image header */
 186		images->legacy_hdr_os = hdr;
 187
 188		images->legacy_hdr_valid = 1;
 189		bootstage_mark(BOOTSTAGE_ID_DECOMP_IMAGE);
 190		break;
 191#endif
 192#if CONFIG_IS_ENABLED(FIT)
 193	case IMAGE_FORMAT_FIT:
 194		os_noffset = fit_image_load(images, img_addr,
 195				&fit_uname_kernel, &fit_uname_config,
 196				IH_ARCH_DEFAULT, IH_TYPE_KERNEL,
 197				BOOTSTAGE_ID_FIT_KERNEL_START,
 198				FIT_LOAD_IGNORED, os_data, os_len);
 199		if (os_noffset < 0)
 200			return -ENOENT;
 201
 202		images->fit_hdr_os = map_sysmem(img_addr, 0);
 203		images->fit_uname_os = fit_uname_kernel;
 204		images->fit_uname_cfg = fit_uname_config;
 205		images->fit_noffset_os = os_noffset;
 206		break;
 207#endif
 208#ifdef CONFIG_ANDROID_BOOT_IMAGE
 209	case IMAGE_FORMAT_ANDROID: {
 210		int ret;
 211
 212		boot_img = buf;
 213		vendor_boot_img = NULL;
 214		if (IS_ENABLED(CONFIG_CMD_ABOOTIMG)) {
 215			boot_img = map_sysmem(get_abootimg_addr(), 0);
 216			vendor_boot_img = map_sysmem(get_avendor_bootimg_addr(), 0);
 217		}
 218		printf("## Booting Android Image at 0x%08lx ...\n", img_addr);
 219		ret = android_image_get_kernel(boot_img, vendor_boot_img,
 220					       images->verify, os_data, os_len);
 221		if (IS_ENABLED(CONFIG_CMD_ABOOTIMG)) {
 222			unmap_sysmem(vendor_boot_img);
 223			unmap_sysmem(boot_img);
 224		}
 225		if (ret)
 226			return ret;
 227		break;
 228	}
 229#endif
 230	default:
 231		bootstage_error(BOOTSTAGE_ID_CHECK_IMAGETYPE);
 232		return -EPROTOTYPE;
 233	}
 234
 235	debug("   kernel data at 0x%08lx, len = 0x%08lx (%ld)\n",
 236	      *os_data, *os_len, *os_len);
 237	*kernp = buf;
 238
 239	return 0;
 240}
 241
 242static int bootm_start(void)
 243{
 244	memset((void *)&images, 0, sizeof(images));
 245	images.verify = env_get_yesno("verify");
 246
 247	bootstage_mark_name(BOOTSTAGE_ID_BOOTM_START, "bootm_start");
 248	images.state = BOOTM_STATE_START;
 249
 250	return 0;
 251}
 252
 253static ulong bootm_data_addr(const char *addr_str)
 254{
 255	ulong addr;
 256
 257	if (addr_str)
 258		addr = hextoul(addr_str, NULL);
 259	else
 260		addr = image_load_addr;
 261
 262	return addr;
 263}
 264
 265/**
 266 * bootm_pre_load() - Handle the pre-load processing
 267 *
 268 * This can be used to do a full signature check of the image, for example.
 269 * It calls image_pre_load() with the data address of the image to check.
 270 *
 271 * @addr_str: String containing load address in hex, or NULL to use
 272 * image_load_addr
 273 * Return: 0 if OK, CMD_RET_FAILURE on failure
 274 */
 275static int bootm_pre_load(const char *addr_str)
 276{
 277	ulong data_addr = bootm_data_addr(addr_str);
 278	int ret = 0;
 279
 280	if (IS_ENABLED(CONFIG_CMD_BOOTM_PRE_LOAD))
 281		ret = image_pre_load(data_addr);
 282
 283	if (ret)
 284		ret = CMD_RET_FAILURE;
 285
 286	return ret;
 287}
 288
 289/**
 290 * bootm_find_os(): Find the OS to boot
 291 *
 292 * @cmd_name: Command name that started this boot, e.g. "bootm"
 293 * @addr_fit: Address and/or FIT specifier (first arg of bootm command)
 294 * Return: 0 on success, -ve on error
 295 */
 296static int bootm_find_os(const char *cmd_name, const char *addr_fit)
 297{
 298	const void *os_hdr;
 299#ifdef CONFIG_ANDROID_BOOT_IMAGE
 300	const void *vendor_boot_img;
 301	const void *boot_img;
 302#endif
 303	bool ep_found = false;
 304	int ret;
 305
 306	/* get kernel image header, start address and length */
 307	ret = boot_get_kernel(addr_fit, &images, &images.os.image_start,
 308			      &images.os.image_len, &os_hdr);
 309	if (ret) {
 310		if (ret == -EPROTOTYPE)
 311			printf("Wrong Image Type for %s command\n", cmd_name);
 312
 313		printf("ERROR %dE: can't get kernel image!\n", ret);
 314		return 1;
 315	}
 316
 317	/* get image parameters */
 318	switch (genimg_get_format(os_hdr)) {
 319#if CONFIG_IS_ENABLED(LEGACY_IMAGE_FORMAT)
 320	case IMAGE_FORMAT_LEGACY:
 321		images.os.type = image_get_type(os_hdr);
 322		images.os.comp = image_get_comp(os_hdr);
 323		images.os.os = image_get_os(os_hdr);
 324
 325		images.os.end = image_get_image_end(os_hdr);
 326		images.os.load = image_get_load(os_hdr);
 327		images.os.arch = image_get_arch(os_hdr);
 328		break;
 329#endif
 330#if CONFIG_IS_ENABLED(FIT)
 331	case IMAGE_FORMAT_FIT:
 332		if (fit_image_get_type(images.fit_hdr_os,
 333				       images.fit_noffset_os,
 334				       &images.os.type)) {
 335			puts("Can't get image type!\n");
 336			bootstage_error(BOOTSTAGE_ID_FIT_TYPE);
 337			return 1;
 338		}
 339
 340		if (fit_image_get_comp(images.fit_hdr_os,
 341				       images.fit_noffset_os,
 342				       &images.os.comp)) {
 343			puts("Can't get image compression!\n");
 344			bootstage_error(BOOTSTAGE_ID_FIT_COMPRESSION);
 345			return 1;
 346		}
 347
 348		if (fit_image_get_os(images.fit_hdr_os, images.fit_noffset_os,
 349				     &images.os.os)) {
 350			puts("Can't get image OS!\n");
 351			bootstage_error(BOOTSTAGE_ID_FIT_OS);
 352			return 1;
 353		}
 354
 355		if (fit_image_get_arch(images.fit_hdr_os,
 356				       images.fit_noffset_os,
 357				       &images.os.arch)) {
 358			puts("Can't get image ARCH!\n");
 359			return 1;
 360		}
 361
 362		images.os.end = fit_get_end(images.fit_hdr_os);
 363
 364		if (fit_image_get_load(images.fit_hdr_os, images.fit_noffset_os,
 365				       &images.os.load)) {
 366			puts("Can't get image load address!\n");
 367			bootstage_error(BOOTSTAGE_ID_FIT_LOADADDR);
 368			return 1;
 369		}
 370		break;
 371#endif
 372#ifdef CONFIG_ANDROID_BOOT_IMAGE
 373	case IMAGE_FORMAT_ANDROID:
 374		boot_img = os_hdr;
 375		vendor_boot_img = NULL;
 376		if (IS_ENABLED(CONFIG_CMD_ABOOTIMG)) {
 377			boot_img = map_sysmem(get_abootimg_addr(), 0);
 378			vendor_boot_img = map_sysmem(get_avendor_bootimg_addr(), 0);
 379		}
 380		images.os.type = IH_TYPE_KERNEL;
 381		images.os.comp = android_image_get_kcomp(boot_img, vendor_boot_img);
 382		images.os.os = IH_OS_LINUX;
 383		images.os.end = android_image_get_end(boot_img, vendor_boot_img);
 384		images.os.load = android_image_get_kload(boot_img, vendor_boot_img);
 385		images.ep = images.os.load;
 386		ep_found = true;
 387		if (IS_ENABLED(CONFIG_CMD_ABOOTIMG)) {
 388			unmap_sysmem(vendor_boot_img);
 389			unmap_sysmem(boot_img);
 390		}
 391		break;
 392#endif
 393	default:
 394		puts("ERROR: unknown image format type!\n");
 395		return 1;
 396	}
 397
 398	/* If we have a valid setup.bin, we will use that for entry (x86) */
 399	if (images.os.arch == IH_ARCH_I386 ||
 400	    images.os.arch == IH_ARCH_X86_64) {
 401		ulong len;
 402
 403		ret = boot_get_setup(&images, IH_ARCH_I386, &images.ep, &len);
 404		if (ret < 0 && ret != -ENOENT) {
 405			puts("Could not find a valid setup.bin for x86\n");
 406			return 1;
 407		}
 408		/* Kernel entry point is the setup.bin */
 409	} else if (images.legacy_hdr_valid) {
 410		images.ep = image_get_ep(&images.legacy_hdr_os_copy);
 411#if CONFIG_IS_ENABLED(FIT)
 412	} else if (images.fit_uname_os) {
 413		int ret;
 414
 415		ret = fit_image_get_entry(images.fit_hdr_os,
 416					  images.fit_noffset_os, &images.ep);
 417		if (ret) {
 418			puts("Can't get entry point property!\n");
 419			return 1;
 420		}
 421#endif
 422	} else if (!ep_found) {
 423		puts("Could not find kernel entry point!\n");
 424		return 1;
 425	}
 426
 427	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
 428		images.os.load = images.os.image_start;
 429		images.ep += images.os.image_start;
 430	}
 431
 432	images.os.start = map_to_sysmem(os_hdr);
 433
 434	return 0;
 435}
 436
 437/**
 438 * check_overlap() - Check if an image overlaps the OS
 439 *
 440 * @name: Name of image to check (used to print error)
 441 * @base: Base address of image
 442 * @end: End address of image (+1)
 443 * @os_start: Start of OS
 444 * @os_size: Size of OS in bytes
 445 * Return: 0 if OK, -EXDEV if the image overlaps the OS
 446 */
 447static int check_overlap(const char *name, ulong base, ulong end,
 448			 ulong os_start, ulong os_size)
 449{
 450	ulong os_end;
 451
 452	if (!base)
 453		return 0;
 454	os_end = os_start + os_size;
 455
 456	if ((base >= os_start && base < os_end) ||
 457	    (end > os_start && end <= os_end) ||
 458	    (base < os_start && end >= os_end)) {
 459		printf("ERROR: %s image overlaps OS image (OS=%lx..%lx)\n",
 460		       name, os_start, os_end);
 461
 462		return -EXDEV;
 463	}
 464
 465	return 0;
 466}
 467
 468int bootm_find_images(ulong img_addr, const char *conf_ramdisk,
 469		      const char *conf_fdt, ulong start, ulong size)
 470{
 471	const char *select = conf_ramdisk;
 472	char addr_str[17];
 473	void *buf;
 474	int ret;
 475
 476	if (IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE)) {
 477		/* Look for an Android boot image */
 478		buf = map_sysmem(images.os.start, 0);
 479		if (buf && genimg_get_format(buf) == IMAGE_FORMAT_ANDROID) {
 480			strcpy(addr_str, simple_xtoa(img_addr));
 481			select = addr_str;
 482		}
 483	}
 484
 485	if (conf_ramdisk)
 486		select = conf_ramdisk;
 487
 488	/* find ramdisk */
 489	ret = boot_get_ramdisk(select, &images, IH_INITRD_ARCH,
 490			       &images.rd_start, &images.rd_end);
 491	if (ret) {
 492		puts("Ramdisk image is corrupt or invalid\n");
 493		return 1;
 494	}
 495
 496	/* check if ramdisk overlaps OS image */
 497	if (check_overlap("RD", images.rd_start, images.rd_end, start, size))
 498		return 1;
 499
 500	if (CONFIG_IS_ENABLED(OF_LIBFDT)) {
 501		buf = map_sysmem(img_addr, 0);
 502
 503		/* find flattened device tree */
 504		ret = boot_get_fdt(buf, conf_fdt, IH_ARCH_DEFAULT, &images,
 505				   &images.ft_addr, &images.ft_len);
 506		if (ret) {
 507			puts("Could not find a valid device tree\n");
 508			return 1;
 509		}
 510
 511		/* check if FDT overlaps OS image */
 512		if (check_overlap("FDT", map_to_sysmem(images.ft_addr),
 513				  images.ft_len, start, size))
 514			return 1;
 515
 516		if (IS_ENABLED(CONFIG_CMD_FDT))
 517			set_working_fdt_addr(map_to_sysmem(images.ft_addr));
 518	}
 519
 520#if CONFIG_IS_ENABLED(FIT)
 521	if (IS_ENABLED(CONFIG_FPGA)) {
 522		/* find bitstreams */
 523		ret = boot_get_fpga(&images);
 524		if (ret) {
 525			printf("FPGA image is corrupted or invalid\n");
 526			return 1;
 527		}
 528	}
 529
 530	/* find all of the loadables */
 531	ret = boot_get_loadable(&images);
 532	if (ret) {
 533		printf("Loadable(s) is corrupt or invalid\n");
 534		return 1;
 535	}
 536#endif
 537
 538	return 0;
 539}
 540
 541static int bootm_find_other(ulong img_addr, const char *conf_ramdisk,
 542			    const char *conf_fdt)
 543{
 544	if ((images.os.type == IH_TYPE_KERNEL ||
 545	     images.os.type == IH_TYPE_KERNEL_NOLOAD ||
 546	     images.os.type == IH_TYPE_MULTI) &&
 547	    (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS ||
 548	     images.os.os == IH_OS_EFI || images.os.os == IH_OS_TEE)) {
 549		return bootm_find_images(img_addr, conf_ramdisk, conf_fdt, 0,
 550					 0);
 551	}
 552
 553	return 0;
 554}
 555#endif /* USE_HOSTC */
 556
 557#if !defined(USE_HOSTCC) || defined(CONFIG_FIT_SIGNATURE)
 558/**
 559 * handle_decomp_error() - display a decompression error
 560 *
 561 * This function tries to produce a useful message. In the case where the
 562 * uncompressed size is the same as the available space, we can assume that
 563 * the image is too large for the buffer.
 564 *
 565 * @comp_type:		Compression type being used (IH_COMP_...)
 566 * @uncomp_size:	Number of bytes uncompressed
 567 * @buf_size:		Number of bytes the decompresion buffer was
 568 * @ret:		errno error code received from compression library
 569 * Return: Appropriate BOOTM_ERR_ error code
 570 */
 571static int handle_decomp_error(int comp_type, size_t uncomp_size,
 572			       size_t buf_size, int ret)
 573{
 574	const char *name = genimg_get_comp_name(comp_type);
 575
 576	/* ENOSYS means unimplemented compression type, don't reset. */
 577	if (ret == -ENOSYS)
 578		return BOOTM_ERR_UNIMPLEMENTED;
 579
 580	if (uncomp_size >= buf_size)
 581		printf("Image too large: increase CONFIG_SYS_BOOTM_LEN\n");
 582	else
 583		printf("%s: uncompress error %d\n", name, ret);
 584
 585	/*
 586	 * The decompression routines are now safe, so will not write beyond
 587	 * their bounds. Probably it is not necessary to reset, but maintain
 588	 * the current behaviour for now.
 589	 */
 590	printf("Must RESET board to recover\n");
 591#ifndef USE_HOSTCC
 592	bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
 593#endif
 594
 595	return BOOTM_ERR_RESET;
 596}
 597#endif
 598
 599#ifndef USE_HOSTCC
 600static int bootm_load_os(struct bootm_headers *images, int boot_progress)
 601{
 602	struct image_info os = images->os;
 603	ulong load = os.load;
 604	ulong load_end;
 605	ulong blob_start = os.start;
 606	ulong blob_end = os.end;
 607	ulong image_start = os.image_start;
 608	ulong image_len = os.image_len;
 609	ulong flush_start = ALIGN_DOWN(load, ARCH_DMA_MINALIGN);
 610	bool no_overlap;
 611	void *load_buf, *image_buf;
 612	int err;
 613
 614	/*
 615	 * For a "noload" compressed kernel we need to allocate a buffer large
 616	 * enough to decompress in to and use that as the load address now.
 617	 * Assume that the kernel compression is at most a factor of 4 since
 618	 * zstd almost achieves that.
 619	 * Use an alignment of 2MB since this might help arm64
 620	 */
 621	if (os.type == IH_TYPE_KERNEL_NOLOAD && os.comp != IH_COMP_NONE) {
 622		ulong req_size = ALIGN(image_len * 4, SZ_1M);
 623
 624		load = lmb_alloc(req_size, SZ_2M);
 625		if (!load)
 626			return 1;
 627		os.load = load;
 628		images->ep = load;
 629		debug("Allocated %lx bytes at %lx for kernel (size %lx) decompression\n",
 630		      req_size, load, image_len);
 631	}
 632
 633	load_buf = map_sysmem(load, 0);
 634	image_buf = map_sysmem(os.image_start, image_len);
 635	err = image_decomp(os.comp, load, os.image_start, os.type,
 636			   load_buf, image_buf, image_len,
 637			   CONFIG_SYS_BOOTM_LEN, &load_end);
 638	if (err) {
 639		err = handle_decomp_error(os.comp, load_end - load,
 640					  CONFIG_SYS_BOOTM_LEN, err);
 641		bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
 642		return err;
 643	}
 644	/* We need the decompressed image size in the next steps */
 645	images->os.image_len = load_end - load;
 646
 647	flush_cache(flush_start, ALIGN(load_end, ARCH_DMA_MINALIGN) - flush_start);
 648
 649	debug("   kernel loaded at 0x%08lx, end = 0x%08lx\n", load, load_end);
 650	bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
 651
 652	no_overlap = (os.comp == IH_COMP_NONE && load == image_start);
 653
 654	if (!no_overlap && load < blob_end && load_end > blob_start) {
 655		debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
 656		      blob_start, blob_end);
 657		debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load,
 658		      load_end);
 659
 660		/* Check what type of image this is. */
 661		if (images->legacy_hdr_valid) {
 662			if (image_get_type(&images->legacy_hdr_os_copy)
 663					== IH_TYPE_MULTI)
 664				puts("WARNING: legacy format multi component image overwritten\n");
 665			return BOOTM_ERR_OVERLAP;
 666		} else {
 667			puts("ERROR: new format image overwritten - must RESET the board to recover\n");
 668			bootstage_error(BOOTSTAGE_ID_OVERWRITTEN);
 669			return BOOTM_ERR_RESET;
 670		}
 671	}
 672
 673	if (IS_ENABLED(CONFIG_CMD_BOOTI) && images->os.arch == IH_ARCH_ARM64 &&
 674	    images->os.os == IH_OS_LINUX) {
 675		ulong relocated_addr;
 676		ulong image_size;
 677		int ret;
 678
 679		ret = booti_setup(load, &relocated_addr, &image_size, false);
 680		if (ret) {
 681			printf("Failed to prep arm64 kernel (err=%d)\n", ret);
 682			return BOOTM_ERR_RESET;
 683		}
 684
 685		/* Handle BOOTM_STATE_LOADOS */
 686		if (relocated_addr != load) {
 687			printf("Moving Image from 0x%lx to 0x%lx, end=0x%lx\n",
 688			       load, relocated_addr,
 689			       relocated_addr + image_size);
 690			memmove((void *)relocated_addr, load_buf, image_size);
 691		}
 692
 693		images->ep = relocated_addr;
 694		images->os.start = relocated_addr;
 695		images->os.end = relocated_addr + image_size;
 696	}
 697
 698	if (CONFIG_IS_ENABLED(LMB))
 699		lmb_reserve(images->os.load, (load_end - images->os.load),
 700			    LMB_NONE);
 701
 702	return 0;
 703}
 704
 705/**
 706 * bootm_disable_interrupts() - Disable interrupts in preparation for load/boot
 707 *
 708 * Return: interrupt flag (0 if interrupts were disabled, non-zero if they were
 709 *	enabled)
 710 */
 711ulong bootm_disable_interrupts(void)
 712{
 713	ulong iflag;
 714
 715	/*
 716	 * We have reached the point of no return: we are going to
 717	 * overwrite all exception vector code, so we cannot easily
 718	 * recover from any failures any more...
 719	 */
 720	iflag = disable_interrupts();
 721#ifdef CONFIG_NETCONSOLE
 722	/* Stop the ethernet stack if NetConsole could have left it up */
 723	eth_halt();
 724#endif
 725
 726	return iflag;
 727}
 728
 729#define CONSOLE_ARG		"console="
 730#define NULL_CONSOLE		(CONSOLE_ARG "ttynull")
 731#define CONSOLE_ARG_SIZE	sizeof(NULL_CONSOLE)
 732
 733/**
 734 * fixup_silent_linux() - Handle silencing the linux boot if required
 735 *
 736 * This uses the silent_linux envvar to control whether to add/set a "console="
 737 * parameter to the command line
 738 *
 739 * @buf: Buffer containing the string to process
 740 * @maxlen: Maximum length of buffer
 741 * Return: 0 if OK, -ENOSPC if @maxlen is too small
 742 */
 743static int fixup_silent_linux(char *buf, int maxlen)
 744{
 745	int want_silent;
 746	char *cmdline;
 747	int size;
 748
 749	/*
 750	 * Move the input string to the end of buffer. The output string will be
 751	 * built up at the start.
 752	 */
 753	size = strlen(buf) + 1;
 754	if (size * 2 > maxlen)
 755		return -ENOSPC;
 756	cmdline = buf + maxlen - size;
 757	memmove(cmdline, buf, size);
 758	/*
 759	 * Only fix cmdline when requested. The environment variable can be:
 760	 *
 761	 *	no - we never fixup
 762	 *	yes - we always fixup
 763	 *	unset - we rely on the console silent flag
 764	 */
 765	want_silent = env_get_yesno("silent_linux");
 766	if (want_silent == 0)
 767		return 0;
 768	else if (want_silent == -1 && !(gd->flags & GD_FLG_SILENT))
 769		return 0;
 770
 771	debug("before silent fix-up: %s\n", cmdline);
 772	if (*cmdline) {
 773		char *start = strstr(cmdline, CONSOLE_ARG);
 774
 775		/* Check space for maximum possible new command line */
 776		if (size + CONSOLE_ARG_SIZE > maxlen)
 777			return -ENOSPC;
 778
 779		if (start) {
 780			char *end = strchr(start, ' ');
 781			int start_bytes;
 782
 783			start_bytes = start - cmdline;
 784			strncpy(buf, cmdline, start_bytes);
 785			strncpy(buf + start_bytes, NULL_CONSOLE, CONSOLE_ARG_SIZE);
 786			if (end)
 787				strcpy(buf + start_bytes + CONSOLE_ARG_SIZE - 1, end);
 788			else
 789				buf[start_bytes + CONSOLE_ARG_SIZE] = '\0';
 790		} else {
 791			sprintf(buf, "%s %s", cmdline, NULL_CONSOLE);
 792		}
 793		if (buf + strlen(buf) >= cmdline)
 794			return -ENOSPC;
 795	} else {
 796		if (maxlen < CONSOLE_ARG_SIZE)
 797			return -ENOSPC;
 798		strcpy(buf, NULL_CONSOLE);
 799	}
 800	debug("after silent fix-up: %s\n", buf);
 801
 802	return 0;
 803}
 804
 805/**
 806 * process_subst() - Handle substitution of ${...} fields in the environment
 807 *
 808 * Handle variable substitution in the provided buffer
 809 *
 810 * @buf: Buffer containing the string to process
 811 * @maxlen: Maximum length of buffer
 812 * Return: 0 if OK, -ENOSPC if @maxlen is too small
 813 */
 814static int process_subst(char *buf, int maxlen)
 815{
 816	char *cmdline;
 817	int size;
 818	int ret;
 819
 820	/* Move to end of buffer */
 821	size = strlen(buf) + 1;
 822	cmdline = buf + maxlen - size;
 823	if (buf + size > cmdline)
 824		return -ENOSPC;
 825	memmove(cmdline, buf, size);
 826
 827	ret = cli_simple_process_macros(cmdline, buf, cmdline - buf);
 828
 829	return ret;
 830}
 831
 832int bootm_process_cmdline(char *buf, int maxlen, int flags)
 833{
 834	int ret;
 835
 836	/* Check config first to enable compiler to eliminate code */
 837	if (IS_ENABLED(CONFIG_SILENT_CONSOLE) &&
 838	    !IS_ENABLED(CONFIG_SILENT_U_BOOT_ONLY) &&
 839	    (flags & BOOTM_CL_SILENT)) {
 840		ret = fixup_silent_linux(buf, maxlen);
 841		if (ret)
 842			return log_msg_ret("silent", ret);
 843	}
 844	if (IS_ENABLED(CONFIG_BOOTARGS_SUBST) && IS_ENABLED(CONFIG_CMDLINE) &&
 845	    (flags & BOOTM_CL_SUBST)) {
 846		ret = process_subst(buf, maxlen);
 847		if (ret)
 848			return log_msg_ret("subst", ret);
 849	}
 850
 851	return 0;
 852}
 853
 854int bootm_process_cmdline_env(int flags)
 855{
 856	const int maxlen = MAX_CMDLINE_SIZE;
 857	bool do_silent;
 858	const char *env;
 859	char *buf;
 860	int ret;
 861
 862	/* First check if any action is needed */
 863	do_silent = IS_ENABLED(CONFIG_SILENT_CONSOLE) &&
 864	    !IS_ENABLED(CONFIG_SILENT_U_BOOT_ONLY) && (flags & BOOTM_CL_SILENT);
 865	if (!do_silent && !IS_ENABLED(CONFIG_BOOTARGS_SUBST))
 866		return 0;
 867
 868	env = env_get("bootargs");
 869	if (env && strlen(env) >= maxlen)
 870		return -E2BIG;
 871	buf = malloc(maxlen);
 872	if (!buf)
 873		return -ENOMEM;
 874	if (env)
 875		strcpy(buf, env);
 876	else
 877		*buf = '\0';
 878	ret = bootm_process_cmdline(buf, maxlen, flags);
 879	if (!ret) {
 880		ret = env_set("bootargs", buf);
 881
 882		/*
 883		 * If buf is "" and bootargs does not exist, this will produce
 884		 * an error trying to delete bootargs. Ignore it
 885		 */
 886		if (ret == -ENOENT)
 887			ret = 0;
 888	}
 889	free(buf);
 890	if (ret)
 891		return log_msg_ret("env", ret);
 892
 893	return 0;
 894}
 895
 896int bootm_measure(struct bootm_headers *images)
 897{
 898	int ret = 0;
 899
 900	/* Skip measurement if EFI is going to do it */
 901	if (images->os.os == IH_OS_EFI &&
 902	    IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL) &&
 903	    IS_ENABLED(CONFIG_BOOTM_EFI))
 904		return ret;
 905
 906	if (IS_ENABLED(CONFIG_MEASURED_BOOT)) {
 907		struct tcg2_event_log elog;
 908		struct udevice *dev;
 909		void *initrd_buf;
 910		void *image_buf;
 911		const char *s;
 912		u32 rd_len;
 913		bool ign;
 914
 915		elog.log_size = 0;
 916		ign = IS_ENABLED(CONFIG_MEASURE_IGNORE_LOG);
 917		ret = tcg2_measurement_init(&dev, &elog, ign);
 918		if (ret)
 919			return ret;
 920
 921		image_buf = map_sysmem(images->os.image_start,
 922				       images->os.image_len);
 923		ret = tcg2_measure_data(dev, &elog, 8, images->os.image_len,
 924					image_buf, EV_COMPACT_HASH,
 925					strlen("linux") + 1, (u8 *)"linux");
 926		if (ret)
 927			goto unmap_image;
 928
 929		rd_len = images->rd_end - images->rd_start;
 930		initrd_buf = map_sysmem(images->rd_start, rd_len);
 931		ret = tcg2_measure_data(dev, &elog, 9, rd_len, initrd_buf,
 932					EV_COMPACT_HASH, strlen("initrd") + 1,
 933					(u8 *)"initrd");
 934		if (ret)
 935			goto unmap_initrd;
 936
 937		if (IS_ENABLED(CONFIG_MEASURE_DEVICETREE)) {
 938			ret = tcg2_measure_data(dev, &elog, 1, images->ft_len,
 939						(u8 *)images->ft_addr,
 940						EV_TABLE_OF_DEVICES,
 941						strlen("dts") + 1,
 942						(u8 *)"dts");
 943			if (ret)
 944				goto unmap_initrd;
 945		}
 946
 947		s = env_get("bootargs");
 948		if (!s)
 949			s = "";
 950		ret = tcg2_measure_data(dev, &elog, 1, strlen(s) + 1, (u8 *)s,
 951					EV_PLATFORM_CONFIG_FLAGS,
 952					strlen(s) + 1, (u8 *)s);
 953
 954unmap_initrd:
 955		unmap_sysmem(initrd_buf);
 956
 957unmap_image:
 958		unmap_sysmem(image_buf);
 959		tcg2_measurement_term(dev, &elog, ret != 0);
 960	}
 961
 962	return ret;
 963}
 964
 965int bootm_run_states(struct bootm_info *bmi, int states)
 966{
 967	struct bootm_headers *images = bmi->images;
 968	boot_os_fn *boot_fn;
 969	ulong iflag = 0;
 970	int ret = 0, need_boot_fn;
 971
 972	images->state |= states;
 973
 974	/*
 975	 * Work through the states and see how far we get. We stop on
 976	 * any error.
 977	 */
 978	if (states & BOOTM_STATE_START)
 979		ret = bootm_start();
 980
 981	if (!ret && (states & BOOTM_STATE_PRE_LOAD))
 982		ret = bootm_pre_load(bmi->addr_img);
 983
 984	if (!ret && (states & BOOTM_STATE_FINDOS))
 985		ret = bootm_find_os(bmi->cmd_name, bmi->addr_img);
 986
 987	if (!ret && (states & BOOTM_STATE_FINDOTHER)) {
 988		ulong img_addr;
 989
 990		img_addr = bmi->addr_img ? hextoul(bmi->addr_img, NULL)
 991			: image_load_addr;
 992		ret = bootm_find_other(img_addr, bmi->conf_ramdisk,
 993				       bmi->conf_fdt);
 994	}
 995
 996	if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !ret &&
 997	    (states & BOOTM_STATE_MEASURE))
 998		bootm_measure(images);
 999
1000	/* Load the OS */
1001	if (!ret && (states & BOOTM_STATE_LOADOS)) {
1002		iflag = bootm_disable_interrupts();
1003		ret = bootm_load_os(images, 0);
1004		if (ret && ret != BOOTM_ERR_OVERLAP)
1005			goto err;
1006		else if (ret == BOOTM_ERR_OVERLAP)
1007			ret = 0;
1008	}
1009
1010	/* Relocate the ramdisk */
1011#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
1012	if (!ret && (states & BOOTM_STATE_RAMDISK)) {
1013		ulong rd_len = images->rd_end - images->rd_start;
1014
1015		ret = boot_ramdisk_high(images->rd_start, rd_len,
1016					&images->initrd_start,
1017					&images->initrd_end);
1018		if (!ret) {
1019			env_set_hex("initrd_start", images->initrd_start);
1020			env_set_hex("initrd_end", images->initrd_end);
1021		}
1022	}
1023#endif
1024#if CONFIG_IS_ENABLED(OF_LIBFDT) && CONFIG_IS_ENABLED(LMB)
1025	if (!ret && (states & BOOTM_STATE_FDT)) {
1026		boot_fdt_add_mem_rsv_regions(images->ft_addr);
1027		ret = boot_relocate_fdt(&images->ft_addr, &images->ft_len);
1028	}
1029#endif
1030
1031	/* From now on, we need the OS boot function */
1032	if (ret)
1033		return ret;
1034	boot_fn = bootm_os_get_boot_func(images->os.os);
1035	need_boot_fn = states & (BOOTM_STATE_OS_CMDLINE |
1036			BOOTM_STATE_OS_BD_T | BOOTM_STATE_OS_PREP |
1037			BOOTM_STATE_OS_FAKE_GO | BOOTM_STATE_OS_GO);
1038	if (boot_fn == NULL && need_boot_fn) {
1039		if (iflag)
1040			enable_interrupts();
1041		printf("ERROR: booting os '%s' (%d) is not supported\n",
1042		       genimg_get_os_name(images->os.os), images->os.os);
1043		bootstage_error(BOOTSTAGE_ID_CHECK_BOOT_OS);
1044		return 1;
1045	}
1046
1047	/* Call various other states that are not generally used */
1048	if (!ret && (states & BOOTM_STATE_OS_CMDLINE))
1049		ret = boot_fn(BOOTM_STATE_OS_CMDLINE, bmi);
1050	if (!ret && (states & BOOTM_STATE_OS_BD_T))
1051		ret = boot_fn(BOOTM_STATE_OS_BD_T, bmi);
1052	if (!ret && (states & BOOTM_STATE_OS_PREP)) {
1053		int flags = 0;
1054		/* For Linux OS do all substitutions at console processing */
1055		if (images->os.os == IH_OS_LINUX)
1056			flags = BOOTM_CL_ALL;
1057		ret = bootm_process_cmdline_env(flags);
1058		if (ret) {
1059			printf("Cmdline setup failed (err=%d)\n", ret);
1060			ret = CMD_RET_FAILURE;
1061			goto err;
1062		}
1063		ret = boot_fn(BOOTM_STATE_OS_PREP, bmi);
1064	}
1065
1066#ifdef CONFIG_TRACE
1067	/* Pretend to run the OS, then run a user command */
1068	if (!ret && (states & BOOTM_STATE_OS_FAKE_GO)) {
1069		char *cmd_list = env_get("fakegocmd");
1070
1071		ret = boot_selected_os(BOOTM_STATE_OS_FAKE_GO, bmi, boot_fn);
1072		if (!ret && cmd_list)
1073			ret = run_command_list(cmd_list, -1, 0);
1074	}
1075#endif
1076
1077	/* Check for unsupported subcommand. */
1078	if (ret) {
1079		printf("subcommand failed (err=%d)\n", ret);
1080		return ret;
1081	}
1082
1083	/* Now run the OS! We hope this doesn't return */
1084	if (!ret && (states & BOOTM_STATE_OS_GO))
1085		ret = boot_selected_os(BOOTM_STATE_OS_GO, bmi, boot_fn);
1086
1087	/* Deal with any fallout */
1088err:
1089	if (iflag)
1090		enable_interrupts();
1091
1092	if (ret == BOOTM_ERR_UNIMPLEMENTED) {
1093		bootstage_error(BOOTSTAGE_ID_DECOMP_UNIMPL);
1094	} else if (ret == BOOTM_ERR_RESET) {
1095		printf("Resetting the board...\n");
1096		reset_cpu();
1097	}
1098
1099	return ret;
1100}
1101
1102int boot_run(struct bootm_info *bmi, const char *cmd, int extra_states)
1103{
1104	int states;
1105
1106	bmi->cmd_name = cmd;
1107	states = BOOTM_STATE_MEASURE | BOOTM_STATE_OS_PREP |
1108		BOOTM_STATE_OS_FAKE_GO | BOOTM_STATE_OS_GO;
1109	if (IS_ENABLED(CONFIG_SYS_BOOT_RAMDISK_HIGH))
1110		states |= BOOTM_STATE_RAMDISK;
1111	states |= extra_states;
1112
1113	return bootm_run_states(bmi, states);
1114}
1115
1116int bootm_run(struct bootm_info *bmi)
1117{
1118	return boot_run(bmi, "bootm", BOOTM_STATE_START | BOOTM_STATE_FINDOS |
1119			BOOTM_STATE_PRE_LOAD | BOOTM_STATE_FINDOTHER |
1120			BOOTM_STATE_LOADOS);
1121}
1122
1123int bootz_run(struct bootm_info *bmi)
1124{
1125	return boot_run(bmi, "bootz", 0);
1126}
1127
1128int booti_run(struct bootm_info *bmi)
1129{
1130	return boot_run(bmi, "booti", 0);
1131}
1132
1133int bootm_boot_start(ulong addr, const char *cmdline)
1134{
1135	char addr_str[30];
1136	struct bootm_info bmi;
1137	int states;
1138	int ret;
1139
1140	states = BOOTM_STATE_START | BOOTM_STATE_FINDOS | BOOTM_STATE_PRE_LOAD |
1141		BOOTM_STATE_FINDOTHER | BOOTM_STATE_LOADOS |
1142		BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO |
1143		BOOTM_STATE_OS_GO;
1144	if (IS_ENABLED(CONFIG_SYS_BOOT_RAMDISK_HIGH))
1145		states |= BOOTM_STATE_RAMDISK;
1146	if (IS_ENABLED(CONFIG_PPC) || IS_ENABLED(CONFIG_MIPS))
1147		states |= BOOTM_STATE_OS_CMDLINE;
1148	images.state |= states;
1149
1150	snprintf(addr_str, sizeof(addr_str), "%lx", addr);
1151
1152	ret = env_set("bootargs", cmdline);
1153	if (ret) {
1154		printf("Failed to set cmdline\n");
1155		return ret;
1156	}
1157	bootm_init(&bmi);
1158	bmi.addr_img = addr_str;
1159	bmi.cmd_name = "bootm";
1160	ret = bootm_run_states(&bmi, states);
1161
1162	return ret;
1163}
1164
1165void bootm_init(struct bootm_info *bmi)
1166{
1167	memset(bmi, '\0', sizeof(struct bootm_info));
1168	bmi->boot_progress = true;
1169	if (IS_ENABLED(CONFIG_CMD_BOOTM))
1170		bmi->images = &images;
1171}
1172
1173/**
1174 * switch_to_non_secure_mode() - switch to non-secure mode
1175 *
1176 * This routine is overridden by architectures requiring this feature.
1177 */
1178void __weak switch_to_non_secure_mode(void)
1179{
1180}
1181
1182#else /* USE_HOSTCC */
1183
1184#if defined(CONFIG_FIT_SIGNATURE)
1185static int bootm_host_load_image(const void *fit, int req_image_type,
1186				 int cfg_noffset)
1187{
1188	const char *fit_uname_config = NULL;
1189	ulong data, len;
1190	struct bootm_headers images;
1191	int noffset;
1192	ulong load_end, buf_size;
1193	uint8_t image_type;
1194	uint8_t image_comp;
1195	void *load_buf;
1196	int ret;
1197
1198	fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
1199	memset(&images, '\0', sizeof(images));
1200	images.verify = 1;
1201	noffset = fit_image_load(&images, (ulong)fit,
1202		NULL, &fit_uname_config,
1203		IH_ARCH_DEFAULT, req_image_type, -1,
1204		FIT_LOAD_IGNORED, &data, &len);
1205	if (noffset < 0)
1206		return noffset;
1207	if (fit_image_get_type(fit, noffset, &image_type)) {
1208		puts("Can't get image type!\n");
1209		return -EINVAL;
1210	}
1211
1212	if (fit_image_get_comp(fit, noffset, &image_comp))
1213		image_comp = IH_COMP_NONE;
1214
1215	/* Allow the image to expand by a factor of 4, should be safe */
1216	buf_size = (1 << 20) + len * 4;
1217	load_buf = malloc(buf_size);
1218	ret = image_decomp(image_comp, 0, data, image_type, load_buf,
1219			   (void *)data, len, buf_size, &load_end);
1220	free(load_buf);
1221
1222	if (ret) {
1223		ret = handle_decomp_error(image_comp, load_end - 0, buf_size, ret);
1224		if (ret != BOOTM_ERR_UNIMPLEMENTED)
1225			return ret;
1226	}
1227
1228	return 0;
1229}
1230
1231int bootm_host_load_images(const void *fit, int cfg_noffset)
1232{
1233	static uint8_t image_types[] = {
1234		IH_TYPE_KERNEL,
1235		IH_TYPE_FLATDT,
1236		IH_TYPE_RAMDISK,
1237	};
1238	int err = 0;
1239	int i;
1240
1241	for (i = 0; i < ARRAY_SIZE(image_types); i++) {
1242		int ret;
1243
1244		ret = bootm_host_load_image(fit, image_types[i], cfg_noffset);
1245		if (!err && ret && ret != -ENOENT)
1246			err = ret;
1247	}
1248
1249	/* Return the first error we found */
1250	return err;
1251}
1252#endif
1253
1254#endif /* ndef USE_HOSTCC */