Merge tag 'efi-2026-07-rc2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request efi-2026-07-rc2 CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/29967 Documentation: * .clang-format description * qemu-arm: describe secure state steps * mention that CONFIG_BOOTSTD_DEFAULTS provides network features when NET=y * ti: k3: describe fTPM support UEFI: * cmd/bootefi: move efi_init_obj_list() to the start of do_bootefi * correct return value of efi_bootmgr_run() * correct efi_binary_run_dp() return value * centralize messaging for efi_init_obj_list * correct Kconfig dependencies for EFI_HTTP_BOOT Others: * .clang-format: add U-Boot specific for each macros # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmn0hjwACgkQxIHbvCwF # GsRDVQ/+LADSJv/WxhsEayOe1f0H0wp42bssPZikyUxHGr6azNHjgngw2sExfFt0 # YE9j3HUclZy0LLlsykUk8f6uzHsL4DTLS1pqwoi1tYX/szotvW6fP5eUUxkUD06Y # GYx8ub+Niq8F5/wT7VYj4cBxs8Pl3Zql4vp0nlBFdgxH0D9APH6ORucjNawa+vCv # a7yqzSv9vyJXdsOKxpusfrcsz8pdd8UqXRmTwgPxarc8g0gqieLAwP/bECEeq5ZR # FSKrWF9qYrLUEBVlwUx6jEVgq9JvzL1FP8p9w+WMdP++ani7ytaqL40KGorHm1mU # JAwaDdWiRgodYGRNoP5aPZNvx1o+e0dRoioF2cL9Eob+6pXG053dN5VVZUgMfGPf # 9xHfpAI47y+EvSPZEe1T/m7wAIOTBCP58rJGgTXvlCL1+dc3X4Ez68x5zcDMrJF/ # 0QnuAoaZS+XgyWwsCOR9cGHSzNT3rR3Wx/f2lKXklbCMQ+C+sp5UkRFNvYrhCqnk # tg+sWH54oEKKQ0dTwGG+tsFhn8lsdXzhRKl1jN7w4DVY/R9YZu776biU3yzortfI # ymbFmfOGmcPSD+lO7S1w+64zjvwnJT+rAzMLuYr3bIuhWpS4rd2phsEyLfcDSXwc # 51imC2PSnp7Mx51F5qjCXligYC0kHh3BHpxxZok/fHjUVzx2c98= # =RLJL # -----END PGP SIGNATURE----- # gpg: Signature made Fri 01 May 2026 04:53:48 AM CST # gpg: using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4 # gpg: Good signature from "Heinrich Schuchardt <xypron.glpk@gmx.de>" [unknown] # gpg: aka "[jpeg image of size 1389]" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7 6D33 C481 DBBC 2C05 1AC4
2026-06-02 09:46:37 +03:00 · 2026-05-01 08:12:13 -06:00
parent b52670d37b a48ddf81c2
commit 21d842d4e5
15 changed files with 242 additions and 49 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -748,6 +748,57 @@ ForEachMacros:
  - 'ynl_attr_for_each_nested'
  - 'ynl_attr_for_each_payload'
  - 'zorro_for_each_dev'
+  # U-Boot specific
+  - '__for_each_child_of_node'
+  - '__usbhs_for_each_pipe'
+  - '__usbhsg_for_each_uep'
+  - '_for_each_zynqmp_part'
+  - 'alist_for_each'
+  - 'alist_for_each_filter'
+  - 'cvmx_coremask_for_each_core'
+  - 'cvmx_coremask_for_each_node'
+  - 'dev_for_each_property'
+  - 'dev_for_each_subnode'
+  - 'expr_list_for_each_sym'
+  - 'fdt_for_each_node_by_compatible'
+  - 'fdt_for_each_property_offset'
+  - 'fdt_for_each_subnode'
+  - 'for_each_bin_hdr_v0'
+  - 'for_each_bl_params_node'
+  - 'for_each_child_withdel'
+  - 'for_each_console_dev'
+  - 'for_each_ext_hdr_v0'
+  - 'for_each_label'
+  - 'for_each_label_withdel'
+  - 'for_each_marker'
+  - 'for_each_marker_of_type'
+  - 'for_each_memory_map_entry_reversed'
+  - 'for_each_mmc_mode_by_pref'
+  - 'for_each_opt_hdr_v1'
+  - 'for_each_property_withdel'
+  - 'for_each_sd_mode_by_pref'
+  - 'for_each_supported_width'
+  - 'for_each_tpm_device'
+  - 'for_each_w1_device'
+  - 'for_each_zynqmp_image'
+  - 'for_each_zynqmp_part'
+  - 'for_each_zynqmp_part_in_image'
+  - 'mtd_for_each_device'
+  - 'ofnode_for_each_compatible_node'
+  - 'ofnode_for_each_prop'
+  - 'ofnode_for_each_subnode'
+  - 'pko_for_each_port'
+  - 'sfi_for_each_mentry'
+  - 'ubi_for_each_free_peb'
+  - 'ubi_for_each_protected_peb'
+  - 'ubi_for_each_scrub_peb'
+  - 'ubi_for_each_used_peb'
+  - 'ubi_rb_for_each_entry'
+  - 'usbhs_for_each_dfifo'
+  - 'usbhs_for_each_pipe'
+  - 'usbhs_for_each_pipe_with_dcp'
+  - 'usbhsg_for_each_uep'
+  - 'usbhsg_for_each_uep_with_dcp'

 IncludeBlocks: Preserve
 IncludeCategories:
--- a/boot/bootmeth_efi_mgr.c
+++ b/boot/bootmeth_efi_mgr.c
@@ -58,8 +58,8 @@ static int efi_mgr_read_bootflow(struct udevice *dev, struct bootflow *bflow)
 	}

 	ret = efi_init_obj_list();
-	if (ret)
-		return log_msg_ret("init", ret);
+	if (ret != EFI_SUCCESS)
+		return ret;

 	/* Enable this method if the "BootOrder" UEFI exists. */
 	bootorder = efi_get_var(u"BootOrder", &efi_global_variable_guid,
--- a/cmd/bootefi.c
+++ b/cmd/bootefi.c
@@ -142,6 +142,11 @@ static int do_bootefi(struct cmd_tbl *cmdtp, int flag, int argc,
 	if (argc < 2)
 		return CMD_RET_USAGE;

+	/* Initialize EFI drivers */
+	ret = efi_init_obj_list();
+	if (ret != EFI_SUCCESS)
+		return CMD_RET_FAILURE;
+
 	if (argc > 2) {
 		ulong rd_addr = 0;
 		char *end = strchr(argv[2], ':');
@@ -179,14 +184,6 @@ static int do_bootefi(struct cmd_tbl *cmdtp, int flag, int argc,

 	if (IS_ENABLED(CONFIG_CMD_BOOTEFI_SELFTEST) &&
 	    !strcmp(argv[1], "selftest")) {
-		/* Initialize EFI drivers */
-		ret = efi_init_obj_list();
-		if (ret != EFI_SUCCESS) {
-			log_err("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-				ret & ~EFI_ERROR_MASK);
-			return CMD_RET_FAILURE;
-		}
-
 		ret = efi_install_fdt(fdt);
 		if (ret != EFI_SUCCESS)
 			return CMD_RET_FAILURE;
--- a/cmd/bootmenu.c
+++ b/cmd/bootmenu.c
@@ -505,12 +505,8 @@ static void handle_uefi_bootnext(void)

 	/* Initialize EFI drivers */
 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		log_err("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-			ret & ~EFI_ERROR_MASK);
-
+	if (ret != EFI_SUCCESS)
 		return;
-	}

 	/* If UEFI BootNext variable is set, boot the BootNext load option */
 	size = sizeof(u16);
--- a/cmd/eficonfig.c
+++ b/cmd/eficonfig.c
@@ -2466,12 +2466,8 @@ static int do_eficonfig(struct cmd_tbl *cmdtp, int flag, int argc, char *const a
 		return CMD_RET_USAGE;

 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		log_err("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-			ret & ~EFI_ERROR_MASK);
-
+	if (ret != EFI_SUCCESS)
 		return CMD_RET_FAILURE;
-	}

 	ret = eficonfig_init();
 	if (ret != EFI_SUCCESS)
--- a/cmd/efidebug.c
+++ b/cmd/efidebug.c
@@ -1669,11 +1669,8 @@ static int do_efidebug(struct cmd_tbl *cmdtp, int flag,

 	/* Initialize UEFI drivers */
 	r = efi_init_obj_list();
-	if (r != EFI_SUCCESS) {
-		printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-		       r & ~EFI_ERROR_MASK);
+	if (r != EFI_SUCCESS)
 		return CMD_RET_FAILURE;
-	}

 	cp = find_cmd_tbl(argv[0], cmd_efidebug_sub,
 			  ARRAY_SIZE(cmd_efidebug_sub));
--- a/cmd/nvedit_efi.c
+++ b/cmd/nvedit_efi.c
@@ -213,11 +213,8 @@ int do_env_print_efi(struct cmd_tbl *cmdtp, int flag, int argc,

 	/* Initialize EFI drivers */
 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-		       ret & ~EFI_ERROR_MASK);
+	if (ret != EFI_SUCCESS)
 		return CMD_RET_FAILURE;
-	}

 	for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
 		if (!strcmp(argv[0], "-guid")) {
@@ -389,11 +386,8 @@ int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,

 	/* Initialize EFI drivers */
 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-		       ret & ~EFI_ERROR_MASK);
+	if (ret != EFI_SUCCESS)
 		return CMD_RET_FAILURE;
-	}

 	/*
 	 * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
--- a/doc/board/emulation/qemu-arm.rst
+++ b/doc/board/emulation/qemu-arm.rst
@@ -24,8 +24,78 @@ Additionally, a number of optional peripherals can be added to the PCI bus.
 See :doc:`../../develop/devicetree/dt_qemu` for information on how to see
 the devicetree actually generated by QEMU.

-Building U-Boot
---------------
+Building (secure)
+-----------------
+
+U-Boot
+^^^^^^
+
+- For AArch64::
+
+    make qemu_arm64_defconfig
+    make
+
+On successful build 'u-boot.bin' should be created. It's necessary in the following
+steps (building TF-A).
+
+OP-TEE
+^^^^^^
+
+- For AArch64::
+
+    git clone https://github.com/OP-TEE/optee_os.git
+    cd optee_os
+    git checkout 4.9.0
+    export CROSS_COMPILE64=aarch64-none-elf-
+    export CROSS_COMPILE32=arm-none-eabi-
+    make PLATFORM=vexpress-qemu_armv8a CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y
+
+At least OP-TEE v4.9.0 for AArch64 needs both compiler (64-Bit and 32-Bit edition) for
+a successful build. On a successful build following files should be created under the
+directory 'out/arm-plat-vexpress/core' from OP-TEE::
+
+    optee_os/out/arm-plat-vexpress/core/tee-header_v2.bin
+    optee_os/out/arm-plat-vexpress/core/tee-pageable_v2.bin
+    optee_os/out/arm-plat-vexpress/core/tee-pager_v2.bin
+
+TF-A
+^^^^
+
+- For AArch64::
+
+    git clone https://github.com/ARM-software/arm-trusted-firmware.git
+    cd arm-trusted-firmware
+    git submodule update --init
+    git checkout v2.14.0
+    export CROSS_COMPILE=aarch64-none-elf-
+    export BL32=path/to/tee-header_v2.bin
+    export BL32_EXTRA1=path/to/tee-pager_v2.bin
+    export BL32_EXTRA2=path/to/tee-pageable_v2.bin
+    export BL33=path/to/u-boot.bin
+    make PLAT=qemu BL32_RAM_LOCATION=tdram SPD=opteed TRANSFER_LIST=1 all fip
+
+On successful build the following files should be created under the directory
+'build/qemu/release' from TF-A::
+
+    arm-trusted-firmware/build/qemu/release/bl1.bin
+    arm-trusted-firmware/build/qemu/release/fip.bin
+
+The following file is at least created with TF-A v2.14.0 and can be directly passed
+with the '-bios' option to QEMU::
+
+    arm-trusted-firmware/build/qemu/release/qemu_fw.bios
+
+If the single file ('qemu_fw.bios') doesn't exist, 'bl1.bin' and 'fip.bin' can be
+concatenated with the command 'dd' alternatively::
+
+    dd if=bl1.bin of=qemu_fw.bios bs=4096 conv=notrunc
+    dd if=fip.bin of=qemu_fw.bios seek=64 bs=4096 conv=notrunc
+
+Building (non-secure)
+---------------------
+
+U-Boot
+^^^^^^
 Set the CROSS_COMPILE environment variable as usual, and run:

 - For ARM::
@@ -38,8 +108,18 @@ Set the CROSS_COMPILE environment variable as usual, and run:
    make qemu_arm64_defconfig
    make

-Running U-Boot
--------------
+Running U-Boot (secure)
+-----------------------
+
+- For AArch64::
+
+    qemu-system-aarch64 -machine virt,secure=on,virtualization=on \
+    -nographic -cpu cortex-a57 -bios qemu_fw.bios
+
+For additional QEMU command description see running U-Boot in non-secure state.
+
+Running U-Boot (non-secure)
+---------------------------
 The minimal QEMU command line to get U-Boot up and running is:

 - For ARM::
--- a/doc/board/ti/k3.rst
+++ b/doc/board/ti/k3.rst
@@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing
 function could be beneficial if the bug in code occurs deep within
 nested function and can optionally save developers major trouble of
 stepping through a large quantity of code.
+
+Firmware TPM (fTPM) Support
+---------------------------
+
+K3 family of devices with **eMMC** are capable of supporting firmware TPM
+(fTPM) functionality through OP-TEE, providing TPM 2.0 capabilities
+without requiring discrete TPM hardware.
+The fTPM Trusted Application runs in OP-TEE secure world and uses
+eMMC Replay Protected Memory Block (RPMB) for secure persistent
+storage.
+
+The fTPM implementation consists of:
+
+* **fTPM TA**: Microsoft's fTPM Trusted Application (TA) running in OP-TEE
+* **RPMB Storage**: eMMC RPMB partition for persistent TPM NV storage
+* **U-Boot Support**: TPM commands and RPMB access via OP-TEE
+
+fTPM can be used to enable security features such as:
+
+* Measured boot
+* Secure key storage
+* Platform attestation
+
+Enabling fTPM in U-Boot
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The following are the steps to enable fTPM in uboot:
+
+1. Programming Keys into eMMC RPMB
+""""""""""""""""""""""""""""""""""
+
+Since fTPM uses RPMB for persistent storage, the eMMC RPMB must be
+provisioned with an authentication key on first boot. This requires
+building optee_os with the ``CFG_RPMB_WRITE_KEY=y`` flag
+
+.. prompt:: bash $
+
+  # inside optee_os source
+  make CROSS_COMPILE=$CC32 CROSS_COMPILE64=$CC64 CFG_ARM64_core=y \
+      PLATFORM=$OPTEE_PLATFORM CFG_RPMB_WRITE_KEY=y
+
+.. warning::
+
+  Programming the RPMB key is a **one-time, irreversible operation**.
+  The key is derived from the Hardware Unique Key (HUK) and cannot
+  be changed once programmed. For further details, refer
+  `Secure Storage <https://optee.readthedocs.io/en/latest/architecture/secure_storage.html>`_
+
+On first boot with this configuration, OP-TEE will automatically program
+the RPMB authentication key. Subsequent boots should use OP-TEE built
+without this flag.
+
+2. Generate fTPM TA binary
+""""""""""""""""""""""""""
+
+To generate fTPM TA binary, follow the
+`Building the TA <https://github.com/OP-TEE/optee_ftpm#building-the-ta>`_
+steps mentioned in the OP-TEE fTPM Github repository
+
+3. Build OP-TEE with TA:
+""""""""""""""""""""""""
+
+With the TA generated from last step, build optee-os with RPMB and early
+TA enabled:
+
+.. prompt:: bash $
+
+  # inside optee_os source
+  make CROSS_COMPILE=$CC32 CROSS_COMPILE64=$CC64 CFG_ARM64_core=y \
+      PLATFORM=$OPTEE_PLATFORM CFG_RPMB_FS=y CFG_REE_FS=n \
+      CFG_EARLY_TA=y CFG_RPMB_ANNOUNCE_PROBE_CAP=n \
+      EARLY_TA_PATHS=/path/to/ftpm_ta.stripped.elf
+
+Expected Outcome
+^^^^^^^^^^^^^^^^
+
+To verify fTPM support is working, run tpm2 commands in u-boot prompt:
+
+.. code-block:: console
+
+  => tpm2 info
+  Microsoft OP-TEE fTPM
+  => tpm2 init
--- a/doc/develop/bootstd/overview.rst
+++ b/doc/develop/bootstd/overview.rst
@@ -422,7 +422,7 @@ includes the full set of commands, more error messages when things go wrong and
 bootmeth ordering with the bootmeths environment variable.

 You should probably also enable `CONFIG_BOOTSTD_DEFAULTS`, which provides
-several filesystem and network features (if `CONFIG_NET_LEGACY` is enabled) so that
+several filesystem and network features (if `CONFIG_NET` is enabled) so that
 a good selection of boot options is available.

 Some devicetree properties are supported in the bootstd node when
--- a/doc/develop/codingstyle.rst
+++ b/doc/develop/codingstyle.rst
@@ -80,8 +80,10 @@ Code Formatting with clang-format
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 U-Boot provides a `.clang-format` configuration file that was copied directly
-from the Linux kernel without any modifications, ensuring complete compatibility
-with kernel coding standards. Here are common ways to use clang-format:
+from the Linux kernel, ensuring complete compatibility with kernel coding
+standards.
+
+Here are common ways to use clang-format:

 **Basic usage for single files:**

--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -610,6 +610,7 @@ config EFI_BOOTMGR
 config EFI_HTTP_BOOT
 	bool "EFI HTTP Boot support"
 	depends on NET
+	depends on CMDLINE
 	select CMD_NET
 	select CMD_DHCP
 	select CMD_DNS
--- a/lib/efi_loader/efi_bootbin.c
+++ b/lib/efi_loader/efi_bootbin.c
@@ -224,11 +224,8 @@ static efi_status_t efi_binary_run_dp(void *image, size_t size, void *fdt,

 	/* Initialize EFI drivers */
 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		log_err("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-			ret & ~EFI_ERROR_MASK);
-		return -1;
-	}
+	if (ret != EFI_SUCCESS)
+		return ret;

 	ret = efi_install_fdt(fdt);
 	if (ret != EFI_SUCCESS)
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -1310,11 +1310,8 @@ efi_status_t efi_bootmgr_run(void *fdt)

 	/* Initialize EFI drivers */
 	ret = efi_init_obj_list();
-	if (ret != EFI_SUCCESS) {
-		log_err("Error: Cannot initialize UEFI sub-system, r = %lu\n",
-			ret & ~EFI_ERROR_MASK);
-		return CMD_RET_FAILURE;
-	}
+	if (ret != EFI_SUCCESS)
+		return ret;

 	ret = efi_bootmgr_load(&handle, &load_options);
 	if (ret != EFI_SUCCESS) {
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -392,5 +392,7 @@ efi_status_t efi_init_obj_list(void)
 	ret = efi_start_obj_list();
 out:
 	efi_obj_list_initialized = ret;
+	if (ret != EFI_SUCCESS)
+		log_err("Cannot initialize UEFI sub-system\n");
 	return ret;
 }