Revert debuginfo changes for stable rebases
This commit is contained in:
parent
b0f3de0ab8
commit
272a38dcb8
|
@ -1,37 +1,36 @@
|
|||
From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001
|
||||
From 0451d4e795929a69a0fda6d960aa4b077c5bd179 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH 15/20] Add EFI signature data types
|
||||
Date: Fri, 5 May 2017 08:21:58 +0100
|
||||
Subject: [PATCH 1/4] efi: Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard for now
|
||||
Add the data types that are used for containing hashes, keys and
|
||||
certificates for cryptographic verification along with their corresponding
|
||||
type GUIDs.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
include/linux/efi.h | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
include/linux/efi.h | 25 +++++++++++++++++++++++++
|
||||
1 file changed, 25 insertions(+)
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 5af91b58afae..190858d62fe3 100644
|
||||
index ec36f42..3259ad6 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
|
||||
#define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
|
||||
#define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
|
||||
+#define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
|
||||
@@ -614,6 +614,10 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
|
||||
#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
|
||||
+#define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
|
||||
+#define EFI_CERT_X509_SHA256_GUID EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed)
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
@@ -853,6 +856,20 @@ typedef struct {
|
||||
/*
|
||||
* This GUID is used to pass to the kernel proper the struct screen_info
|
||||
* structure that was populated by the stub based on the GOP protocol instance
|
||||
@@ -873,6 +877,27 @@ typedef struct {
|
||||
efi_memory_desc_t entry[0];
|
||||
} efi_memory_attributes_table_t;
|
||||
|
||||
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_owner;
|
||||
+ u8 signature_data[];
|
||||
|
@ -45,6 +44,13 @@ index 5af91b58afae..190858d62fe3 100644
|
|||
+ u8 signature_header[];
|
||||
+ /* efi_signature_data_t signatures[][] */
|
||||
+} efi_signature_list_t;
|
||||
+
|
||||
+typedef u8 efi_sha256_hash_t[32];
|
||||
+
|
||||
+typedef struct {
|
||||
+ efi_sha256_hash_t to_be_signed_hash;
|
||||
+ efi_time_t time_of_revocation;
|
||||
+} efi_cert_x509_sha256_t;
|
||||
+
|
||||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
|
|
|
@ -1,29 +1,38 @@
|
|||
From 822b4b3eb76ca451a416a51f0a7bfedfa5c5ea39 Mon Sep 17 00:00:00 2001
|
||||
From e4c62c12635a371e43bd17e8d33a936668264491 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
|
||||
Date: Fri, 5 May 2017 08:21:58 +0100
|
||||
Subject: [PATCH 2/4] efi: Add an EFI signature blob parser
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
Add a function to parse an EFI signature blob looking for elements of
|
||||
interest. A list is made up of a series of sublists, where all the
|
||||
elements in a sublist are of the same type, but sublists can be of
|
||||
different types.
|
||||
|
||||
For each sublist encountered, the function pointed to by the
|
||||
get_handler_for_guid argument is called with the type specifier GUID and
|
||||
returns either a pointer to a function to handle elements of that type or
|
||||
NULL if the type is not of interest.
|
||||
|
||||
If the sublist is of interest, each element is passed to the handler
|
||||
function in turn.
|
||||
|
||||
[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED]
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
crypto/asymmetric_keys/Kconfig | 8 +++
|
||||
crypto/asymmetric_keys/Makefile | 1 +
|
||||
crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 4 ++
|
||||
4 files changed, 121 insertions(+)
|
||||
create mode 100644 crypto/asymmetric_keys/efi_parser.c
|
||||
certs/Kconfig | 8 ++++
|
||||
certs/Makefile | 1 +
|
||||
certs/efi_parser.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 9 +++++
|
||||
4 files changed, 130 insertions(+)
|
||||
create mode 100644 certs/efi_parser.c
|
||||
|
||||
diff --git a/certs/Kconfig b/certs/Kconfig
|
||||
index 6ce51ed..630ae09 100644
|
||||
--- a/certs/Kconfig
|
||||
+++ b/certs/Kconfig
|
||||
@@ -82,4 +82,12 @@ config SYSTEM_BLACKLIST_HASH_LIST
|
||||
wrapper to incorporate the list into the kernel. Each <hash> should
|
||||
be a string of hex digits.
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
|
||||
index 331f6baf2df8..5f9002d3192e 100644
|
||||
--- a/crypto/asymmetric_keys/Kconfig
|
||||
+++ b/crypto/asymmetric_keys/Kconfig
|
||||
@@ -61,4 +61,12 @@ config SIGNED_PE_FILE_VERIFICATION
|
||||
This option provides support for verifying the signature(s) on a
|
||||
signed PE binary.
|
||||
|
||||
+config EFI_SIGNATURE_LIST_PARSER
|
||||
+ bool "EFI signature list parser"
|
||||
+ depends on EFI
|
||||
|
@ -32,28 +41,28 @@ index 331f6baf2df8..5f9002d3192e 100644
|
|||
+ This option provides support for parsing EFI signature lists for
|
||||
+ X.509 certificates and turning them into keys.
|
||||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index 6516855bec18..c099fe15ed6d 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -10,6 +10,7 @@ asymmetric_keys-y := \
|
||||
signature.o
|
||||
|
||||
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
|
||||
endmenu
|
||||
diff --git a/certs/Makefile b/certs/Makefile
|
||||
index 4119bb3..738151a 100644
|
||||
--- a/certs/Makefile
|
||||
+++ b/certs/Makefile
|
||||
@@ -9,6 +9,7 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
|
||||
else
|
||||
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
|
||||
endif
|
||||
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
#
|
||||
# X.509 Certificate handling
|
||||
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
|
||||
|
||||
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
|
||||
|
||||
diff --git a/certs/efi_parser.c b/certs/efi_parser.c
|
||||
new file mode 100644
|
||||
index 000000000000..636feb18b733
|
||||
index 0000000..4e396f9
|
||||
--- /dev/null
|
||||
+++ b/crypto/asymmetric_keys/efi_parser.c
|
||||
@@ -0,0 +1,108 @@
|
||||
+++ b/certs/efi_parser.c
|
||||
@@ -0,0 +1,112 @@
|
||||
+/* EFI signature/key/certificate list parser
|
||||
+ *
|
||||
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Written by David Howells (dhowells@redhat.com)
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
|
@ -67,27 +76,44 @@ index 000000000000..636feb18b733
|
|||
+#include <linux/printk.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+
|
||||
+/**
|
||||
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
|
||||
+ * @source: The source of the key
|
||||
+ * @data: The data blob to parse
|
||||
+ * @size: The size of the data blob
|
||||
+ * @keyring: The keyring to add extracted keys to
|
||||
+ * @get_handler_for_guid: Get the handler func for the sig type (or NULL)
|
||||
+ *
|
||||
+ * Parse an EFI signature list looking for elements of interest. A list is
|
||||
+ * made up of a series of sublists, where all the elements in a sublist are of
|
||||
+ * the same type, but sublists can be of different types.
|
||||
+ *
|
||||
+ * For each sublist encountered, the @get_handler_for_guid function is called
|
||||
+ * with the type specifier GUID and returns either a pointer to a function to
|
||||
+ * handle elements of that type or NULL if the type is not of interest.
|
||||
+ *
|
||||
+ * If the sublist is of interest, each element is passed to the handler
|
||||
+ * function in turn.
|
||||
+ *
|
||||
+ * Error EBADMSG is returned if the list doesn't parse correctly and 0 is
|
||||
+ * returned if the list was parsed correctly. No error can be returned from
|
||||
+ * the @get_handler_for_guid function or the element handler function it
|
||||
+ * returns.
|
||||
+ */
|
||||
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
|
||||
+int __init parse_efi_signature_list(
|
||||
+ const char *source,
|
||||
+ const void *data, size_t size,
|
||||
+ efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *))
|
||||
+{
|
||||
+ efi_element_handler_t handler;
|
||||
+ unsigned offs = 0;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ pr_devel("-->%s(,%zu)\n", __func__, size);
|
||||
+
|
||||
+ while (size > 0) {
|
||||
+ efi_signature_list_t list;
|
||||
+ const efi_signature_data_t *elem;
|
||||
+ key_ref_t key;
|
||||
+ efi_signature_list_t list;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ if (size < sizeof(list))
|
||||
+ return -EBADMSG;
|
||||
|
@ -108,6 +134,7 @@ index 000000000000..636feb18b733
|
|||
+ __func__, offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (lsize < sizeof(list) ||
|
||||
+ lsize - sizeof(list) < hsize ||
|
||||
+ esize < sizeof(*elem) ||
|
||||
|
@ -117,7 +144,8 @@ index 000000000000..636feb18b733
|
|||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
|
||||
+ handler = get_handler_for_guid(&list.signature_type);
|
||||
+ if (!handler) {
|
||||
+ data += lsize;
|
||||
+ size -= lsize;
|
||||
+ offs += lsize;
|
||||
|
@ -132,24 +160,9 @@ index 000000000000..636feb18b733
|
|||
+ elem = data;
|
||||
+
|
||||
+ pr_devel("ELEM[%04x]\n", offs);
|
||||
+
|
||||
+ key = key_create_or_update(
|
||||
+ make_key_ref(keyring, 1),
|
||||
+ "asymmetric",
|
||||
+ NULL,
|
||||
+ handler(source,
|
||||
+ &elem->signature_data,
|
||||
+ esize - sizeof(*elem),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA);
|
||||
+
|
||||
+ if (IS_ERR(key))
|
||||
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
+ PTR_ERR(key));
|
||||
+ else
|
||||
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
|
||||
+ key_ref_to_ptr(key)->description,
|
||||
+ keyring->description);
|
||||
+ esize - sizeof(*elem));
|
||||
+
|
||||
+ data += esize;
|
||||
+ size -= esize;
|
||||
|
@ -160,16 +173,21 @@ index 000000000000..636feb18b733
|
|||
+ return 0;
|
||||
+}
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 190858d62fe3..668aa1244885 100644
|
||||
index 3259ad6..08024c6 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -1025,6 +1025,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
|
||||
@@ -1055,6 +1055,15 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
|
||||
char * __init efi_md_typeattr_format(char *buf, size_t size,
|
||||
const efi_memory_desc_t *md);
|
||||
|
||||
+struct key;
|
||||
+extern int __init parse_efi_signature_list(const void *data, size_t size,
|
||||
+ struct key *keyring);
|
||||
|
||||
+
|
||||
+typedef void (*efi_element_handler_t)(const char *source,
|
||||
+ const void *element_data,
|
||||
+ size_t element_size);
|
||||
+extern int __init parse_efi_signature_list(
|
||||
+ const char *source,
|
||||
+ const void *data, size_t size,
|
||||
+ efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *));
|
||||
+
|
||||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
|
|
1080
AllWinner-h3.patch
1080
AllWinner-h3.patch
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,180 +0,0 @@
|
|||
From: "J. Bruce Fields" <bfields@redhat.com>
|
||||
Date: 2017-04-14 15:04:40
|
||||
Subject: [PATCH] nfsd: check for oversized NFSv2/v3 arguments
|
||||
|
||||
A client can append random data to the end of an NFSv2 or NFSv3 RPC call
|
||||
without our complaining; we'll just stop parsing at the end of the
|
||||
expected data and ignore the rest.
|
||||
|
||||
Encoded arguments and replies are stored together in an array of pages,
|
||||
and if a call is too large it could leave inadequate space for the
|
||||
reply. This is normally OK because NFS RPC's typically have either
|
||||
short arguments and long replies (like READ) or long arguments and short
|
||||
replies (like WRITE). But a client that sends an incorrectly long reply
|
||||
can violate those assumptions. This was observed to cause crashes.
|
||||
|
||||
So, insist that the argument not be any longer than we expect.
|
||||
|
||||
Also, several operations increment rq_next_page in the decode routine
|
||||
before checking the argument size, which can leave rq_next_page pointing
|
||||
well past the end of the page array, causing trouble later in
|
||||
svc_free_pages.
|
||||
|
||||
As followup we may also want to rewrite the encoding routines to check
|
||||
more carefully that they aren't running off the end of the page array.
|
||||
|
||||
Reported-by: Tuomas Haanpää <thaan@synopsys.com>
|
||||
Reported-by: Ari Kauppi <ari@synopsys.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
|
||||
---
|
||||
fs/nfsd/nfs3xdr.c | 23 +++++++++++++++++------
|
||||
fs/nfsd/nfsxdr.c | 13 ++++++++++---
|
||||
include/linux/sunrpc/svc.h | 3 +--
|
||||
3 files changed, 28 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
|
||||
index dba2ff8eaa68..be66bcadfaea 100644
|
||||
--- a/fs/nfsd/nfs3xdr.c
|
||||
+++ b/fs/nfsd/nfs3xdr.c
|
||||
@@ -334,8 +334,11 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
if (!p)
|
||||
return 0;
|
||||
p = xdr_decode_hyper(p, &args->offset);
|
||||
-
|
||||
args->count = ntohl(*p++);
|
||||
+
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = min(args->count, max_blocksize);
|
||||
|
||||
/* set up the kvec */
|
||||
@@ -349,7 +352,7 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
v++;
|
||||
}
|
||||
args->vlen = v;
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -536,9 +539,11 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
p = decode_fh(p, &args->fh);
|
||||
if (!p)
|
||||
return 0;
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -564,10 +569,14 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->verf = p; p += 2;
|
||||
args->dircount = ~0;
|
||||
args->count = ntohl(*p++);
|
||||
+
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
args->count = min_t(u32, args->count, PAGE_SIZE);
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -585,6 +594,9 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->dircount = ntohl(*p++);
|
||||
args->count = ntohl(*p++);
|
||||
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = args->count = min(args->count, max_blocksize);
|
||||
while (len > 0) {
|
||||
struct page *p = *(rqstp->rq_next_page++);
|
||||
@@ -592,8 +604,7 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->buffer = page_address(p);
|
||||
len -= PAGE_SIZE;
|
||||
}
|
||||
-
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
|
||||
index 41b468a6a90f..79268369f7b3 100644
|
||||
--- a/fs/nfsd/nfsxdr.c
|
||||
+++ b/fs/nfsd/nfsxdr.c
|
||||
@@ -257,6 +257,9 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
len = args->count = ntohl(*p++);
|
||||
p++; /* totalcount - unused */
|
||||
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
|
||||
|
||||
/* set up somewhere to store response.
|
||||
@@ -272,7 +275,7 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
v++;
|
||||
}
|
||||
args->vlen = v;
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -360,9 +363,11 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
|
||||
p = decode_fh(p, &args->fh);
|
||||
if (!p)
|
||||
return 0;
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -400,9 +405,11 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->cookie = ntohl(*p++);
|
||||
args->count = ntohl(*p++);
|
||||
args->count = min_t(u32, args->count, PAGE_SIZE);
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
|
||||
index e770abeed32d..6ef19cf658b4 100644
|
||||
--- a/include/linux/sunrpc/svc.h
|
||||
+++ b/include/linux/sunrpc/svc.h
|
||||
@@ -336,8 +336,7 @@ xdr_argsize_check(struct svc_rqst *rqstp, __be32 *p)
|
||||
{
|
||||
char *cp = (char *)p;
|
||||
struct kvec *vec = &rqstp->rq_arg.head[0];
|
||||
- return cp >= (char*)vec->iov_base
|
||||
- && cp <= (char*)vec->iov_base + vec->iov_len;
|
||||
+ return cp == (char *)vec->iov_base + vec->iov_len;
|
||||
}
|
||||
|
||||
static inline int
|
||||
--
|
||||
2.9.3
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
|
@ -1,7 +1,7 @@
|
|||
From 8a4535bcfe24d317be675e53cdc8c61d22fdc7f3 Mon Sep 17 00:00:00 2001
|
||||
From 90dc66270b02981b19a085c6a9184e3452b7b3e8 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
Date: Fri, 5 May 2017 08:21:59 +0100
|
||||
Subject: [PATCH 3/4] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
||||
Secure Boot stores a list of allowed certificates in the 'db' variable.
|
||||
This imports those certificates into the system trusted keyring. This
|
||||
|
@ -11,104 +11,68 @@ variable, a user can allow a module signed with that certificate to
|
|||
load. The shim UEFI bootloader has a similar certificate list stored
|
||||
in the 'MokListRT' variable. We import those as well.
|
||||
|
||||
In the opposite case, Secure Boot maintains a list of disallowed
|
||||
certificates in the 'dbx' variable. We load those certificates into
|
||||
the newly introduced system blacklist keyring and forbid any module
|
||||
signed with those from loading.
|
||||
Secure Boot also maintains a list of disallowed certificates in the 'dbx'
|
||||
variable. We load those certificates into the newly introduced system
|
||||
blacklist keyring and forbid any module signed with those from loading and
|
||||
forbid the use within the kernel of any key with a matching hash.
|
||||
|
||||
This facility is enabled by setting CONFIG_LOAD_UEFI_KEYS.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
certs/system_keyring.c | 13 ++++++
|
||||
include/keys/system_keyring.h | 1 +
|
||||
init/Kconfig | 9 ++++
|
||||
kernel/Makefile | 3 ++
|
||||
kernel/modsign_uefi.c | 99 +++++++++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 125 insertions(+)
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
certs/Kconfig | 16 ++++++
|
||||
certs/Makefile | 4 ++
|
||||
certs/load_uefi.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 188 insertions(+)
|
||||
create mode 100644 certs/load_uefi.c
|
||||
|
||||
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
||||
index 787eeead2f57..4d9123ed5c07 100644
|
||||
--- a/certs/system_keyring.c
|
||||
+++ b/certs/system_keyring.c
|
||||
@@ -30,6 +30,19 @@ extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
|
||||
/**
|
||||
+ * get_system_keyring - Return a pointer to the system keyring
|
||||
+ *
|
||||
+ */
|
||||
+struct key *get_system_keyring(void)
|
||||
+{
|
||||
+ struct key *system_keyring = NULL;
|
||||
+
|
||||
+ system_keyring = builtin_trusted_keys;
|
||||
+ return system_keyring;
|
||||
+}
|
||||
+EXPORT_SYMBOL_GPL(get_system_keyring);
|
||||
+
|
||||
+/**
|
||||
* restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
|
||||
*
|
||||
* Restrict the addition of keys into a keyring based on the key-to-be-added
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 5bc291a3d261..56ff5715ab67 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -36,6 +36,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
|
||||
#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
extern struct key *system_blacklist_keyring;
|
||||
#endif
|
||||
+extern struct key *get_system_keyring(void);
|
||||
|
||||
#ifdef CONFIG_IMA_BLACKLIST_KEYRING
|
||||
extern struct key *ima_blacklist_keyring;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 461ad575a608..93646fd7b1c8 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -2009,6 +2009,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
+config MODULE_SIG_UEFI
|
||||
+ bool "Allow modules signed with certs stored in UEFI"
|
||||
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
|
||||
+ select EFI_SIGNATURE_LIST_PARSER
|
||||
diff --git a/certs/Kconfig b/certs/Kconfig
|
||||
index 630ae09..edf9f75 100644
|
||||
--- a/certs/Kconfig
|
||||
+++ b/certs/Kconfig
|
||||
@@ -90,4 +90,20 @@ config EFI_SIGNATURE_LIST_PARSER
|
||||
This option provides support for parsing EFI signature lists for
|
||||
X.509 certificates and turning them into keys.
|
||||
|
||||
+config LOAD_UEFI_KEYS
|
||||
+ bool "Load certs and blacklist from UEFI db for module checking"
|
||||
+ depends on SYSTEM_BLACKLIST_KEYRING
|
||||
+ depends on SECONDARY_TRUSTED_KEYRING
|
||||
+ depends on EFI
|
||||
+ depends on EFI_SIGNATURE_LIST_PARSER
|
||||
+ help
|
||||
+ This will import certificates stored in UEFI and allow modules
|
||||
+ signed with those to be loaded. It will also disallow loading
|
||||
+ of modules stored in the UEFI dbx variable.
|
||||
+ If the kernel is booted in secure boot mode, this option will cause
|
||||
+ the kernel to load the certificates from the UEFI db and MokListRT
|
||||
+ into the secondary trusted keyring. It will also load any X.509
|
||||
+ SHA256 hashes in the dbx list into the blacklist.
|
||||
+
|
||||
choice
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index eb26e12c6c2a..e0c2268cb97e 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -57,6 +57,7 @@ endif
|
||||
obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
|
||||
@@ -113,6 +114,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
|
||||
|
||||
obj-$(CONFIG_HAS_IOMEM) += memremap.o
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+ The effect of this is that, if the kernel is booted in secure boot
|
||||
+ mode, modules signed with UEFI-stored keys will be permitted to be
|
||||
+ loaded and keys that match the blacklist will be rejected.
|
||||
+
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
endmenu
|
||||
diff --git a/certs/Makefile b/certs/Makefile
|
||||
index 738151a..a5e057a 100644
|
||||
--- a/certs/Makefile
|
||||
+++ b/certs/Makefile
|
||||
@@ -11,6 +11,10 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
|
||||
endif
|
||||
obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
+obj-$(CONFIG_LOAD_UEFI_KEYS) += load_uefi.o
|
||||
+$(obj)/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
+
|
||||
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
|
||||
|
||||
$(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
|
||||
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..fe4a6f2bf10a
|
||||
index 0000000..b44e464
|
||||
--- /dev/null
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -0,0 +1,99 @@
|
||||
+++ b/certs/load_uefi.c
|
||||
@@ -0,0 +1,168 @@
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/sched.h>
|
||||
+#include <linux/cred.h>
|
||||
|
@ -117,14 +81,22 @@ index 000000000000..fe4a6f2bf10a
|
|||
+#include <linux/slab.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+#include <keys/system_keyring.h>
|
||||
+#include "module-internal.h"
|
||||
+#include "internal.h"
|
||||
+
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GUID;
|
||||
+static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
|
||||
+
|
||||
+/*
|
||||
+ * Get a certificate list blob from the named EFI variable.
|
||||
+ */
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
|
||||
+ unsigned long *size)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned long lsize = 4;
|
||||
+ unsigned long tmpdb[4];
|
||||
+ void *db = NULL;
|
||||
+ void *db;
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
|
||||
+ if (status != EFI_BUFFER_TOO_SMALL) {
|
||||
|
@ -135,23 +107,89 @@ index 000000000000..fe4a6f2bf10a
|
|||
+ db = kmalloc(lsize, GFP_KERNEL);
|
||||
+ if (!db) {
|
||||
+ pr_err("Couldn't allocate memory for uefi cert list\n");
|
||||
+ goto out;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
|
||||
+ if (status != EFI_SUCCESS) {
|
||||
+ kfree(db);
|
||||
+ db = NULL;
|
||||
+ pr_err("Error reading db var: 0x%lx\n", status);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+out:
|
||||
+
|
||||
+ *size = lsize;
|
||||
+ return db;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * * Load the certs contained in the UEFI databases
|
||||
+ * */
|
||||
+ * Blacklist an X509 TBS hash.
|
||||
+ */
|
||||
+static __init void uefi_blacklist_x509_tbs(const char *source,
|
||||
+ const void *data, size_t len)
|
||||
+{
|
||||
+ char *hash, *p;
|
||||
+
|
||||
+ hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
|
||||
+ if (!hash)
|
||||
+ return;
|
||||
+ p = memcpy(hash, "tbs:", 4);
|
||||
+ p += 4;
|
||||
+ bin2hex(p, data, len);
|
||||
+ p += len * 2;
|
||||
+ *p = 0;
|
||||
+
|
||||
+ mark_hash_blacklisted(hash);
|
||||
+ kfree(hash);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Blacklist the hash of an executable.
|
||||
+ */
|
||||
+static __init void uefi_blacklist_binary(const char *source,
|
||||
+ const void *data, size_t len)
|
||||
+{
|
||||
+ char *hash, *p;
|
||||
+
|
||||
+ hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
|
||||
+ if (!hash)
|
||||
+ return;
|
||||
+ p = memcpy(hash, "bin:", 4);
|
||||
+ p += 4;
|
||||
+ bin2hex(p, data, len);
|
||||
+ p += len * 2;
|
||||
+ *p = 0;
|
||||
+
|
||||
+ mark_hash_blacklisted(hash);
|
||||
+ kfree(hash);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Return the appropriate handler for particular signature list types found in
|
||||
+ * the UEFI db and MokListRT tables.
|
||||
+ */
|
||||
+static __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
|
||||
+{
|
||||
+ if (efi_guidcmp(*sig_type, efi_cert_x509_guid) == 0)
|
||||
+ return add_trusted_secondary_key;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Return the appropriate handler for particular signature list types found in
|
||||
+ * the UEFI dbx and MokListXRT tables.
|
||||
+ */
|
||||
+static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type)
|
||||
+{
|
||||
+ if (efi_guidcmp(*sig_type, efi_cert_x509_sha256_guid) == 0)
|
||||
+ return uefi_blacklist_x509_tbs;
|
||||
+ if (efi_guidcmp(*sig_type, efi_cert_sha256_guid) == 0)
|
||||
+ return uefi_blacklist_binary;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Load the certs contained in the UEFI databases
|
||||
+ */
|
||||
+static int __init load_uefi_certs(void)
|
||||
+{
|
||||
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
||||
|
@ -159,17 +197,9 @@ index 000000000000..fe4a6f2bf10a
|
|||
+ void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
+ int rc = 0;
|
||||
+ struct key *keyring = NULL;
|
||||
+
|
||||
+ /* Check if SB is enabled and just return if not */
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return 0;
|
||||
+
|
||||
+ keyring = get_system_keyring();
|
||||
+ if (!keyring) {
|
||||
+ pr_err("MODSIGN: Couldn't get system keyring\n");
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (!efi.get_variable)
|
||||
+ return false;
|
||||
+
|
||||
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
+ * an error if we can't get them.
|
||||
|
@ -178,7 +208,8 @@ index 000000000000..fe4a6f2bf10a
|
|||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, keyring);
|
||||
+ rc = parse_efi_signature_list("UEFI:db",
|
||||
+ db, dbsize, get_handler_for_db);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
|
@ -188,7 +219,8 @@ index 000000000000..fe4a6f2bf10a
|
|||
+ if (!mok) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(mok, moksize, keyring);
|
||||
+ rc = parse_efi_signature_list("UEFI:MokListRT",
|
||||
+ mok, moksize, get_handler_for_db);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
|
||||
+ kfree(mok);
|
||||
|
@ -198,8 +230,9 @@ index 000000000000..fe4a6f2bf10a
|
|||
+ if (!dbx) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(dbx, dbxsize,
|
||||
+ system_blacklist_keyring);
|
||||
+ rc = parse_efi_signature_list("UEFI:dbx",
|
||||
+ dbx, dbxsize,
|
||||
+ get_handler_for_dbx);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
|
||||
+ kfree(dbx);
|
||||
|
|
|
@ -1,62 +1,62 @@
|
|||
From 9d2e5c61d5adcf7911f67ed44a1b0ff881f175bb Mon Sep 17 00:00:00 2001
|
||||
From 9f1958a0cc911e1f79b2733ee5029dbd819ff328 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
|
||||
Date: Fri, 5 May 2017 08:21:59 +0100
|
||||
Subject: [PATCH 4/4] MODSIGN: Allow the "db" UEFI variable to be suppressed
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
Have the uefi import code look for this and not import things from the db
|
||||
variable.
|
||||
for verification purposes, shim will set a UEFI variable called
|
||||
MokIgnoreDB. Have the uefi import code look for this and ignore the db
|
||||
variable if it is found.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 31 insertions(+), 9 deletions(-)
|
||||
certs/load_uefi.c | 44 ++++++++++++++++++++++++++++++++++----------
|
||||
1 file changed, 34 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
index fe4a6f2bf10a..a41da14b1ffd 100644
|
||||
--- a/kernel/modsign_uefi.c
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -8,6 +8,23 @@
|
||||
#include <keys/system_keyring.h>
|
||||
#include "module-internal.h"
|
||||
|
||||
+static __init int check_ignore_db(void)
|
||||
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
|
||||
index b44e464..3d88459 100644
|
||||
--- a/certs/load_uefi.c
|
||||
+++ b/certs/load_uefi.c
|
||||
@@ -13,6 +13,26 @@ static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GU
|
||||
static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
|
||||
|
||||
/*
|
||||
+ * Look to see if a UEFI variable called MokIgnoreDB exists and return true if
|
||||
+ * it does.
|
||||
+ *
|
||||
+ * This UEFI variable is set by the shim if a user tells the shim to not use
|
||||
+ * the certs/hashes in the UEFI db variable for verification purposes. If it
|
||||
+ * is set, we should ignore the db variable also and the true return indicates
|
||||
+ * this.
|
||||
+ */
|
||||
+static __init bool uefi_check_ignore_db(void)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned int db = 0;
|
||||
+ unsigned long size = sizeof(db);
|
||||
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
|
||||
+
|
||||
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
|
||||
+ * then we don't ignore DB. If it succeeds, we do.
|
||||
+ */
|
||||
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+ return status == EFI_SUCCESS;
|
||||
+}
|
||||
+
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+/*
|
||||
* Get a certificate list blob from the named EFI variable.
|
||||
*/
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
|
||||
@@ -113,7 +133,9 @@ static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_ty
|
||||
}
|
||||
|
||||
/*
|
||||
- * Load the certs contained in the UEFI databases
|
||||
+ * Load the certs contained in the UEFI databases into the secondary trusted
|
||||
+ * keyring and the UEFI blacklisted X.509 cert SHA256 hashes into the blacklist
|
||||
+ * keyring.
|
||||
*/
|
||||
static int __init load_uefi_certs(void)
|
||||
{
|
||||
efi_status_t status;
|
||||
@@ -47,7 +64,7 @@ static int __init load_uefi_certs(void)
|
||||
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
- int rc = 0;
|
||||
+ int ignore_db, rc = 0;
|
||||
struct key *keyring = NULL;
|
||||
|
||||
/* Check if SB is enabled and just return if not */
|
||||
@@ -60,17 +77,22 @@ static int __init load_uefi_certs(void)
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
+ /* See if the user has setup Ignore DB mode */
|
||||
+ ignore_db = check_ignore_db();
|
||||
+
|
||||
@@ -129,15 +151,17 @@ static int __init load_uefi_certs(void)
|
||||
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
* an error if we can't get them.
|
||||
*/
|
||||
|
@ -64,22 +64,24 @@ index fe4a6f2bf10a..a41da14b1ffd 100644
|
|||
- if (!db) {
|
||||
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
- } else {
|
||||
- rc = parse_efi_signature_list(db, dbsize, keyring);
|
||||
- rc = parse_efi_signature_list("UEFI:db",
|
||||
- db, dbsize, get_handler_for_db);
|
||||
- if (rc)
|
||||
- pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
- kfree(db);
|
||||
+ if (!ignore_db) {
|
||||
+ if (!uefi_check_ignore_db()) {
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, keyring);
|
||||
+ rc = parse_efi_signature_list("UEFI:db",
|
||||
+ db, dbsize, get_handler_for_db);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
}
|
||||
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
2.9.3
|
||||
|
|
|
@ -26,21 +26,21 @@ index 011808490fed..ccdff6650541 100644
|
|||
--- a/arch/arm/boot/dts/Makefile
|
||||
+++ b/arch/arm/boot/dts/Makefile
|
||||
@@ -353,6 +353,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
|
||||
imx6dl-gw552x.dtb \
|
||||
imx6dl-gw553x.dtb \
|
||||
imx6dl-gw5903.dtb \
|
||||
imx6dl-gw5904.dtb \
|
||||
imx6dl-hummingboard.dtb \
|
||||
+ imx6dl-hummingboard2.dtb \
|
||||
imx6dl-icore.dtb \
|
||||
imx6dl-icore-rqs.dtb \
|
||||
imx6dl-nit6xlite.dtb \
|
||||
@@ -397,6 +398,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
|
||||
imx6q-gw553x.dtb \
|
||||
imx6q-gw5904.dtb \
|
||||
imx6q-h100.dtb \
|
||||
imx6q-hummingboard.dtb \
|
||||
+ imx6q-hummingboard2.dtb \
|
||||
imx6q-icore.dtb \
|
||||
imx6q-icore-rqs.dtb \
|
||||
imx6q-marsboard.dtb \
|
||||
imx6q-icore-ofcap10.dtb \
|
||||
imx6q-icore-ofcap12.dtb \
|
||||
diff --git a/arch/arm/boot/dts/imx6dl-hummingboard2.dts b/arch/arm/boot/dts/imx6dl-hummingboard2.dts
|
||||
new file mode 100644
|
||||
index 000000000000..990b5050de5b
|
||||
|
|
|
@ -1,573 +0,0 @@
|
|||
From 223599514133293bb9afe7b82937140c3b275877 Mon Sep 17 00:00:00 2001
|
||||
From: Eddie Cai <eddie.cai.linux@gmail.com>
|
||||
Date: Tue, 14 Feb 2017 18:07:31 +0800
|
||||
Subject: ARM: dts: rockchip: add dts for RK3288-Tinker board
|
||||
|
||||
This patch add basic support for RK3288-Tinker board. We can boot in to rootfs
|
||||
with this patch.
|
||||
|
||||
Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
|
||||
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
|
||||
---
|
||||
arch/arm/boot/dts/Makefile | 1 +
|
||||
arch/arm/boot/dts/rk3288-tinker.dts | 536 ++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 537 insertions(+)
|
||||
create mode 100644 arch/arm/boot/dts/rk3288-tinker.dts
|
||||
|
||||
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
|
||||
index 0118084..fb46849 100644
|
||||
--- a/arch/arm/boot/dts/Makefile
|
||||
+++ b/arch/arm/boot/dts/Makefile
|
||||
@@ -695,6 +695,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += \
|
||||
rk3288-popmetal.dtb \
|
||||
rk3288-r89.dtb \
|
||||
rk3288-rock2-square.dtb \
|
||||
+ rk3288-tinker.dtb \
|
||||
rk3288-veyron-brain.dtb \
|
||||
rk3288-veyron-jaq.dtb \
|
||||
rk3288-veyron-jerry.dtb \
|
||||
diff --git a/arch/arm/boot/dts/rk3288-tinker.dts b/arch/arm/boot/dts/rk3288-tinker.dts
|
||||
new file mode 100644
|
||||
index 0000000..f601c78
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/boot/dts/rk3288-tinker.dts
|
||||
@@ -0,0 +1,536 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2017 Fuzhou Rockchip Electronics Co., Ltd.
|
||||
+ *
|
||||
+ * This file is dual-licensed: you can use it either under the terms
|
||||
+ * of the GPL or the X11 license, at your option. Note that this dual
|
||||
+ * licensing only applies to this file, and not this project as a
|
||||
+ * whole.
|
||||
+ *
|
||||
+ * a) This file is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public License as
|
||||
+ * published by the Free Software Foundation; either version 2 of the
|
||||
+ * License, or (at your option) any later version.
|
||||
+ *
|
||||
+ * This file is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * Or, alternatively,
|
||||
+ *
|
||||
+ * b) Permission is hereby granted, free of charge, to any person
|
||||
+ * obtaining a copy of this software and associated documentation
|
||||
+ * files (the "Software"), to deal in the Software without
|
||||
+ * restriction, including without limitation the rights to use,
|
||||
+ * copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
+ * sell copies of the Software, and to permit persons to whom the
|
||||
+ * Software is furnished to do so, subject to the following
|
||||
+ * conditions:
|
||||
+ *
|
||||
+ * The above copyright notice and this permission notice shall be
|
||||
+ * included in all copies or substantial portions of the Software.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
||||
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
||||
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||
+ * OTHER DEALINGS IN THE SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+/dts-v1/;
|
||||
+
|
||||
+#include "rk3288.dtsi"
|
||||
+#include <dt-bindings/input/input.h>
|
||||
+
|
||||
+/ {
|
||||
+ model = "Rockchip RK3288 Tinker Board";
|
||||
+ compatible = "asus,rk3288-tinker", "rockchip,rk3288";
|
||||
+
|
||||
+ memory {
|
||||
+ reg = <0x0 0x80000000>;
|
||||
+ device_type = "memory";
|
||||
+ };
|
||||
+
|
||||
+ ext_gmac: external-gmac-clock {
|
||||
+ compatible = "fixed-clock";
|
||||
+ #clock-cells = <0>;
|
||||
+ clock-frequency = <125000000>;
|
||||
+ clock-output-names = "ext_gmac";
|
||||
+ };
|
||||
+
|
||||
+ gpio-keys {
|
||||
+ compatible = "gpio-keys";
|
||||
+ #address-cells = <1>;
|
||||
+ #size-cells = <0>;
|
||||
+ autorepeat;
|
||||
+
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&pwrbtn>;
|
||||
+
|
||||
+ button@0 {
|
||||
+ gpios = <&gpio0 RK_PA5 GPIO_ACTIVE_LOW>;
|
||||
+ linux,code = <KEY_POWER>;
|
||||
+ label = "GPIO Key Power";
|
||||
+ linux,input-type = <1>;
|
||||
+ wakeup-source;
|
||||
+ debounce-interval = <100>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ gpio-leds {
|
||||
+ compatible = "gpio-leds";
|
||||
+
|
||||
+ act-led {
|
||||
+ gpios=<&gpio1 RK_PD0 GPIO_ACTIVE_HIGH>;
|
||||
+ linux,default-trigger="mmc0";
|
||||
+ };
|
||||
+
|
||||
+ heartbeat-led {
|
||||
+ gpios=<&gpio1 RK_PD1 GPIO_ACTIVE_HIGH>;
|
||||
+ linux,default-trigger="heartbeat";
|
||||
+ };
|
||||
+
|
||||
+ pwr-led {
|
||||
+ gpios = <&gpio0 RK_PA3 GPIO_ACTIVE_HIGH>;
|
||||
+ linux,default-trigger = "default-on";
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ sound {
|
||||
+ compatible = "simple-audio-card";
|
||||
+ simple-audio-card,format = "i2s";
|
||||
+ simple-audio-card,name = "rockchip,tinker-codec";
|
||||
+ simple-audio-card,mclk-fs = <512>;
|
||||
+
|
||||
+ simple-audio-card,codec {
|
||||
+ sound-dai = <&hdmi>;
|
||||
+ };
|
||||
+
|
||||
+ simple-audio-card,cpu {
|
||||
+ sound-dai = <&i2s>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc_sys: vsys-regulator {
|
||||
+ compatible = "regulator-fixed";
|
||||
+ regulator-name = "vcc_sys";
|
||||
+ regulator-min-microvolt = <5000000>;
|
||||
+ regulator-max-microvolt = <5000000>;
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ };
|
||||
+
|
||||
+ vcc_sd: sdmmc-regulator {
|
||||
+ compatible = "regulator-fixed";
|
||||
+ gpio = <&gpio7 11 GPIO_ACTIVE_LOW>;
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&sdmmc_pwr>;
|
||||
+ regulator-name = "vcc_sd";
|
||||
+ regulator-min-microvolt = <3300000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ startup-delay-us = <100000>;
|
||||
+ vin-supply = <&vcc_io>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&cpu0 {
|
||||
+ cpu0-supply = <&vdd_cpu>;
|
||||
+};
|
||||
+
|
||||
+&gmac {
|
||||
+ assigned-clocks = <&cru SCLK_MAC>;
|
||||
+ assigned-clock-parents = <&ext_gmac>;
|
||||
+ clock_in_out = "input";
|
||||
+ phy-mode = "rgmii";
|
||||
+ phy-supply = <&vcc33_lan>;
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&rgmii_pins>;
|
||||
+ snps,reset-gpio = <&gpio4 7 0>;
|
||||
+ snps,reset-active-low;
|
||||
+ snps,reset-delays-us = <0 10000 1000000>;
|
||||
+ tx_delay = <0x30>;
|
||||
+ rx_delay = <0x10>;
|
||||
+ status = "ok";
|
||||
+};
|
||||
+
|
||||
+&hdmi {
|
||||
+ ddc-i2c-bus = <&i2c5>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&i2c0 {
|
||||
+ clock-frequency = <400000>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ rk808: pmic@1b {
|
||||
+ compatible = "rockchip,rk808";
|
||||
+ reg = <0x1b>;
|
||||
+ interrupt-parent = <&gpio0>;
|
||||
+ interrupts = <4 IRQ_TYPE_LEVEL_LOW>;
|
||||
+ #clock-cells = <1>;
|
||||
+ clock-output-names = "xin32k", "rk808-clkout2";
|
||||
+ dvs-gpios = <&gpio0 11 GPIO_ACTIVE_HIGH>,
|
||||
+ <&gpio0 12 GPIO_ACTIVE_HIGH>;
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&pmic_int &global_pwroff &dvs_1 &dvs_2>;
|
||||
+ rockchip,system-power-controller;
|
||||
+ wakeup-source;
|
||||
+
|
||||
+ vcc1-supply = <&vcc_sys>;
|
||||
+ vcc2-supply = <&vcc_sys>;
|
||||
+ vcc3-supply = <&vcc_sys>;
|
||||
+ vcc4-supply = <&vcc_sys>;
|
||||
+ vcc6-supply = <&vcc_sys>;
|
||||
+ vcc7-supply = <&vcc_sys>;
|
||||
+ vcc8-supply = <&vcc_io>;
|
||||
+ vcc9-supply = <&vcc_io>;
|
||||
+ vcc10-supply = <&vcc_io>;
|
||||
+ vcc11-supply = <&vcc_sys>;
|
||||
+ vcc12-supply = <&vcc_io>;
|
||||
+ vddio-supply = <&vcc_io>;
|
||||
+
|
||||
+ regulators {
|
||||
+ vdd_cpu: DCDC_REG1 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <750000>;
|
||||
+ regulator-max-microvolt = <1350000>;
|
||||
+ regulator-name = "vdd_arm";
|
||||
+ regulator-ramp-delay = <6000>;
|
||||
+ regulator-state-mem {
|
||||
+ regulator-off-in-suspend;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vdd_gpu: DCDC_REG2 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <850000>;
|
||||
+ regulator-max-microvolt = <1250000>;
|
||||
+ regulator-name = "vdd_gpu";
|
||||
+ regulator-ramp-delay = <6000>;
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1000000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc_ddr: DCDC_REG3 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-name = "vcc_ddr";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc_io: DCDC_REG4 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <3300000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ regulator-name = "vcc_io";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <3300000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc18_ldo1: LDO_REG1 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <1800000>;
|
||||
+ regulator-name = "vcc18_ldo1";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1800000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc33_mipi: LDO_REG2 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <3300000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ regulator-name = "vcc33_mipi";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-off-in-suspend;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vdd_10: LDO_REG3 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1000000>;
|
||||
+ regulator-max-microvolt = <1000000>;
|
||||
+ regulator-name = "vdd_10";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1000000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc18_codec: LDO_REG4 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <1800000>;
|
||||
+ regulator-name = "vcc18_codec";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1800000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vccio_sd: LDO_REG5 {
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ regulator-name = "vccio_sd";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <3300000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vdd10_lcd: LDO_REG6 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1000000>;
|
||||
+ regulator-max-microvolt = <1000000>;
|
||||
+ regulator-name = "vdd10_lcd";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1000000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc_18: LDO_REG7 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <1800000>;
|
||||
+ regulator-name = "vcc_18";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1800000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc18_lcd: LDO_REG8 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <1800000>;
|
||||
+ regulator-name = "vcc18_lcd";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ regulator-suspend-microvolt = <1800000>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc33_sd: SWITCH_REG1 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-name = "vcc33_sd";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ vcc33_lan: SWITCH_REG2 {
|
||||
+ regulator-always-on;
|
||||
+ regulator-boot-on;
|
||||
+ regulator-name = "vcc33_lan";
|
||||
+ regulator-state-mem {
|
||||
+ regulator-on-in-suspend;
|
||||
+ };
|
||||
+ };
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&i2c2 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&i2c5 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&i2s {
|
||||
+ #sound-dai-cells = <0>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&io_domains {
|
||||
+ status = "okay";
|
||||
+
|
||||
+ sdcard-supply = <&vccio_sd>;
|
||||
+};
|
||||
+
|
||||
+&pinctrl {
|
||||
+ pcfg_pull_none_drv_8ma: pcfg-pull-none-drv-8ma {
|
||||
+ drive-strength = <8>;
|
||||
+ };
|
||||
+
|
||||
+ pcfg_pull_up_drv_8ma: pcfg-pull-up-drv-8ma {
|
||||
+ bias-pull-up;
|
||||
+ drive-strength = <8>;
|
||||
+ };
|
||||
+
|
||||
+ backlight {
|
||||
+ bl_en: bl-en {
|
||||
+ rockchip,pins = <7 2 RK_FUNC_GPIO &pcfg_pull_none>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ buttons {
|
||||
+ pwrbtn: pwrbtn {
|
||||
+ rockchip,pins = <0 5 RK_FUNC_GPIO &pcfg_pull_up>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ eth_phy {
|
||||
+ eth_phy_pwr: eth-phy-pwr {
|
||||
+ rockchip,pins = <0 6 RK_FUNC_GPIO &pcfg_pull_none>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ pmic {
|
||||
+ pmic_int: pmic-int {
|
||||
+ rockchip,pins = <RK_GPIO0 4 RK_FUNC_GPIO \
|
||||
+ &pcfg_pull_up>;
|
||||
+ };
|
||||
+
|
||||
+ dvs_1: dvs-1 {
|
||||
+ rockchip,pins = <RK_GPIO0 11 RK_FUNC_GPIO \
|
||||
+ &pcfg_pull_down>;
|
||||
+ };
|
||||
+
|
||||
+ dvs_2: dvs-2 {
|
||||
+ rockchip,pins = <RK_GPIO0 12 RK_FUNC_GPIO \
|
||||
+ &pcfg_pull_down>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ sdmmc {
|
||||
+ sdmmc_bus4: sdmmc-bus4 {
|
||||
+ rockchip,pins = <6 16 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
|
||||
+ <6 17 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
|
||||
+ <6 18 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
|
||||
+ <6 19 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
|
||||
+ };
|
||||
+
|
||||
+ sdmmc_clk: sdmmc-clk {
|
||||
+ rockchip,pins = <6 20 RK_FUNC_1 \
|
||||
+ &pcfg_pull_none_drv_8ma>;
|
||||
+ };
|
||||
+
|
||||
+ sdmmc_cmd: sdmmc-cmd {
|
||||
+ rockchip,pins = <6 21 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
|
||||
+ };
|
||||
+
|
||||
+ sdmmc_pwr: sdmmc-pwr {
|
||||
+ rockchip,pins = <7 11 RK_FUNC_GPIO &pcfg_pull_none>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ usb {
|
||||
+ host_vbus_drv: host-vbus-drv {
|
||||
+ rockchip,pins = <0 14 RK_FUNC_GPIO &pcfg_pull_none>;
|
||||
+ };
|
||||
+
|
||||
+ pwr_3g: pwr-3g {
|
||||
+ rockchip,pins = <7 8 RK_FUNC_GPIO &pcfg_pull_none>;
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&pwm0 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&saradc {
|
||||
+ vref-supply = <&vcc18_ldo1>;
|
||||
+ status ="okay";
|
||||
+};
|
||||
+
|
||||
+&sdmmc {
|
||||
+ bus-width = <4>;
|
||||
+ cap-mmc-highspeed;
|
||||
+ cap-sd-highspeed;
|
||||
+ card-detect-delay = <200>;
|
||||
+ disable-wp; /* wp not hooked up */
|
||||
+ num-slots = <1>;
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
|
||||
+ status = "okay";
|
||||
+ vmmc-supply = <&vcc33_sd>;
|
||||
+ vqmmc-supply = <&vccio_sd>;
|
||||
+};
|
||||
+
|
||||
+&tsadc {
|
||||
+ rockchip,hw-tshut-mode = <1>; /* tshut mode 0:CRU 1:GPIO */
|
||||
+ rockchip,hw-tshut-polarity = <1>; /* tshut polarity 0:LOW 1:HIGH */
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&uart0 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&uart1 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&uart2 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&uart3 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&uart4 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&usbphy {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&usb_host0_ehci {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&usb_host1 {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&usb_otg {
|
||||
+ status= "okay";
|
||||
+};
|
||||
+
|
||||
+&vopb {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&vopb_mmu {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&vopl {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&vopl_mmu {
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&wdt {
|
||||
+ status = "okay";
|
||||
+};
|
||||
--
|
||||
cgit v1.1
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
From patchwork Sat Apr 8 07:18:40 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: reset: hi6220: Set module license so that it can be loaded
|
||||
From: Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
X-Patchwork-Id: 9670985
|
||||
Message-Id: <20170408071840.29380-1-lintonrjeremy@gmail.com>
|
||||
To: linux-kernel@vger.kernel.org
|
||||
Cc: p.zabel@pengutronix.de, saberlily.xia@hisilicon.com,
|
||||
puck.chen@hisilicon.com, xinliang.liu@linaro.org,
|
||||
Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
Date: Sat, 8 Apr 2017 02:18:40 -0500
|
||||
|
||||
The hi6220_reset driver can be built as a standalone module
|
||||
yet it cannot be loaded because it depends on GPL exported symbols.
|
||||
|
||||
Lets set the module license so that the module loads, and things like
|
||||
the on-board kirin drm starts working.
|
||||
|
||||
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
reviewed-by: Xinliang Liu <xinliang.liu@linaro.org>
|
||||
---
|
||||
drivers/reset/hisilicon/hi6220_reset.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c
|
||||
index 35ce53e..d5e5229 100644
|
||||
--- a/drivers/reset/hisilicon/hi6220_reset.c
|
||||
+++ b/drivers/reset/hisilicon/hi6220_reset.c
|
||||
@@ -155,3 +155,5 @@ static int __init hi6220_reset_init(void)
|
||||
}
|
||||
|
||||
postcore_initcall(hi6220_reset_init);
|
||||
+
|
||||
+MODULE_LICENSE("GPL v2");
|
||||
From patchwork Mon Apr 3 05:28:42 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [v2,1/2] regulator: hi655x: Describe consumed platform device
|
||||
From: Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
X-Patchwork-Id: 9658793
|
||||
Message-Id: <20170403052843.12711-2-lintonrjeremy@gmail.com>
|
||||
To: linux-kernel@vger.kernel.org
|
||||
Cc: broonie@kernel.org, lgirdwood@gmail.com, puck.chen@hisilicon.com,
|
||||
lee.jones@linaro.org, Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
Date: Mon, 3 Apr 2017 00:28:42 -0500
|
||||
|
||||
The hi655x-regulator driver consumes a similarly named platform device.
|
||||
Adding that to the module device table, allows modprobe to locate this
|
||||
driver once the device is created.
|
||||
|
||||
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
|
||||
---
|
||||
drivers/regulator/hi655x-regulator.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/regulator/hi655x-regulator.c b/drivers/regulator/hi655x-regulator.c
|
||||
index 065c100..36ae54b 100644
|
||||
--- a/drivers/regulator/hi655x-regulator.c
|
||||
+++ b/drivers/regulator/hi655x-regulator.c
|
||||
@@ -214,7 +214,14 @@ static int hi655x_regulator_probe(struct platform_device *pdev)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static const struct platform_device_id hi655x_regulator_table[] = {
|
||||
+ { .name = "hi655x-regulator" },
|
||||
+ {},
|
||||
+};
|
||||
+MODULE_DEVICE_TABLE(platform, hi655x_regulator_table);
|
||||
+
|
||||
static struct platform_driver hi655x_regulator_driver = {
|
||||
+ .id_table = hi655x_regulator_table,
|
||||
.driver = {
|
||||
.name = "hi655x-regulator",
|
||||
},
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_ADXL345_I2C is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_ADXL345_SPI is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ARM64_ERRATUM_858921=y
|
|
@ -1 +1 @@
|
|||
CONFIG_B43LEGACY_DEBUG=y
|
||||
# CONFIG_B43LEGACY_DEBUG is not set
|
||||
|
|
|
@ -1 +1 @@
|
|||
CONFIG_B43_DEBUG=y
|
||||
# CONFIG_B43_DEBUG is not set
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BACKLIGHT_ARCXCNN=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_BATTERY_LEGO_EV3 is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_BCM_FLEXRM_MBOX is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BFQ_GROUP_IOSCHED=y
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_BLK_DEV_HD is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_BLK_DEV_THROTTLING_LOW is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BT_HCIUART_SERDEV=y
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_BT_QCOMSMD is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_CAN_HI311X=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_CAN_MCBA_USB=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_CAN_PEAK_PCIEFD=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_CAN_VXCAN=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_CEC_PLATFORM_DRIVERS=y
|
|
@ -1 +1 @@
|
|||
# CONFIG_CROS_KBD_LED_BACKLIGHT is not set
|
||||
CONFIG_CROS_KBD_LED_BACKLIGHT=m
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_CRYPTO_DEV_CCREE is not set
|
|
@ -1 +1 @@
|
|||
CONFIG_CRYPTO_DH=m
|
||||
CONFIG_CRYPTO_DH=y
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DM_INTEGRITY=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_DW_HDMI_AHB_AUDIO is not set
|
|
@ -1 +1 @@
|
|||
CONFIG_DRM_DW_HDMI_I2S_AUDIO=m
|
||||
# CONFIG_DRM_DW_HDMI_I2S_AUDIO is not set
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_FBDEV_OVERALLOC=100
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_LVDS_ENCODER is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set
|
|
@ -1 +1 @@
|
|||
CONFIG_DRM_MXSFB=m
|
||||
# CONFIG_DRM_MXSFB is not set
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_PANEL_LVDS is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2 is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_RCAR_DW_HDMI is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_EARLY_PRINTK_USB_XDBC=y
|
|
@ -0,0 +1 @@
|
|||
CONFIG_EDAC_GHES=y
|
|
@ -1 +0,0 @@
|
|||
CONFIG_EDAC_MM_EDAC=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_GPIO_FTGPIO010 is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HD44780=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HID_ACCUTOUCH=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HID_NTI=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HID_SENSOR_HUMIDITY=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HID_SENSOR_TEMP=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_I2C_MUX_LTC4306=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IEEE802154_CA8210=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_IEEE802154_CA8210_DEBUGFS is not set
|
|
@ -1 +0,0 @@
|
|||
CONFIG_IIO_CROS_EC_SENSORS_COR=m
|
|
@ -1 +1 @@
|
|||
CONFIG_INPUT_MMA8450=m
|
||||
# CONFIG_INPUT_MMA8450 is not set
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
CONFIG_INPUT_MPU3050=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IOSCHED_BFQ=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IR_SIR=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_JOYSTICK_PSXPAD_SPI=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_JOYSTICK_PSXPAD_SPI_FF=y
|
|
@ -1 +1 @@
|
|||
# CONFIG_KEYBOARD_QT1070 is not set
|
||||
CONFIG_KEYBOARD_QT1070=m
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
CONFIG_LEDS_DELL_NETBOOKS=m
|
|
@ -1 +0,0 @@
|
|||
CONFIG_LIRC_SASEM=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_LOAD_UEFI_KEYS is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_LTC2497 is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_LTC2632 is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MAX1118 is not set
|
|
@ -1 +1 @@
|
|||
# CONFIG_MAX1363 is not set
|
||||
CONFIG_MAX1363=m
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MAX30102 is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MAX9611 is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MEDIA_CEC_RC=y
|
|
@ -1 +1 @@
|
|||
CONFIG_MFD_CPCAP=m
|
||||
# CONFIG_MFD_CPCAP is not set
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_MFD_EXYNOS_LPASS is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MFD_TI_LMU is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MLX5_CORE_IPOIB=y
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MMC_SDHCI_XENON=m
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_MODULE_SIG_UEFI is not set
|
|
@ -1 +1 @@
|
|||
# CONFIG_MPU3050_I2C is not set
|
||||
CONFIG_MPU3050_I2C=m
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MQ_IOSCHED_KYBER=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NET_9P_XEN=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NET_DSA_LOOP=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NET_DSA_MT7530=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NET_DSA_SMSC_LAN9303_I2C=m
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NET_DSA_SMSC_LAN9303_MDIO=m
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_NET_SCH_DEFAULT is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_PCI_ENDPOINT is not set
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_PCI_ENDPOINT_TEST is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
|
@ -0,0 +1 @@
|
|||
CONFIG_PCI_SW_SWITCHTEC=m
|
|
@ -1 +1 @@
|
|||
CONFIG_PINCTRL_MSM8994=m
|
||||
# CONFIG_PINCTRL_MSM8994 is not set
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_PINCTRL_TI_IODELAY is not set
|
|
@ -0,0 +1 @@
|
|||
CONFIG_RAS_CEC=y
|
|
@ -1 +0,0 @@
|
|||
CONFIG_REGULATOR_CPCAP=m
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue