From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 02 Jan 2024 22:31:33 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rKmMH-0014ib-1j for lore@lore.pengutronix.de; Tue, 02 Jan 2024 22:31:33 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rKmMG-0002KT-It; Tue, 02 Jan 2024 22:31:32 +0100 Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rKmMA-0001zI-S2 for distrokit@pengutronix.de; Tue, 02 Jan 2024 22:31:27 +0100 Message-ID: Date: Tue, 2 Jan 2024 22:31:26 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: "ptxdist@pengutronix.de distrokit@pengutronix.de" References: <20240102154603.3678357-1-a.fatoum@pengutronix.de> <20240102154603.3678357-5-a.fatoum@pengutronix.de> From: Ahmad Fatoum In-Reply-To: <20240102154603.3678357-5-a.fatoum@pengutronix.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [DistroKit] [PATCH 5/6] v7a: update barebox to v2023.09.0 -> v2023.12.0 X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On 02.01.24 16:46, Ahmad Fatoum wrote: > This lets us drop two patches that fixed issues with v2023.09.0. > This update also enables some options that are useful for the hardware > we support: > > - on STM32MP1, support for the NAND controller is enabled > - on platforms with HWRNG, we enable it for use with stack protector > and stack guard mechanisms to harden barebox against stack overflows This commit enables stack protector for i.MX6, but doesn't enable the CAAM RNG driver, leading to the below mentioned error message. I will send out a v2 soon. > > The latter could be enabled universally for all platforms that are no > size constrained, but it prints an ugly error message if there's no > HWRNG as using the fixed fallback canary is insecure. We'll just > postpone enabling stack protector there until there is HWRNG support for > these platforms. > > Signed-off-by: Ahmad Fatoum > --- > .../platform-v7a/barebox-am335x-mlo.config | 17 ++- > configs/platform-v7a/barebox-am335x.config | 20 ++- > .../platform-v7a/barebox-am335x.config.diff | 2 +- > configs/platform-v7a/barebox-at91.config | 20 ++- > configs/platform-v7a/barebox-at91.config.diff | 4 +- > configs/platform-v7a/barebox-mx6.config | 25 +++- > configs/platform-v7a/barebox-mx6.config.diff | 10 +- > configs/platform-v7a/barebox-rpi2.config | 20 ++- > configs/platform-v7a/barebox-rpi2.config.diff | 2 +- > configs/platform-v7a/barebox-stm32mp.config | 26 +++- > .../platform-v7a/barebox-stm32mp.config.diff | 12 +- > configs/platform-v7a/barebox-vexpress.config | 20 ++- > .../platform-v7a/barebox-vexpress.config.diff | 2 +- > configs/platform-v7a/barebox.config | 20 ++- > ...roc-stm32-fix-typo-in-Kconfig-symbol.patch | 26 ---- > ...-fix-breakage-after-DT-sync-with-ups.patch | 135 ------------------ > .../patches/barebox-2023.09.0/series | 5 - > configs/platform-v7a/platformconfig | 4 +- > 18 files changed, 179 insertions(+), 191 deletions(-) > delete mode 100644 configs/platform-v7a/patches/barebox-2023.09.0/0001-remoteproc-stm32-fix-typo-in-Kconfig-symbol.patch > delete mode 100644 configs/platform-v7a/patches/barebox-2023.09.0/0002-remoteproc-stm32-fix-breakage-after-DT-sync-with-ups.patch > delete mode 100644 configs/platform-v7a/patches/barebox-2023.09.0/series > > diff --git a/configs/platform-v7a/barebox-am335x-mlo.config b/configs/platform-v7a/barebox-am335x-mlo.config > index 4eaae17bfe8a..b652d28850c1 100644 > --- a/configs/platform-v7a/barebox-am335x-mlo.config > +++ b/configs/platform-v7a/barebox-am335x-mlo.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_USE_COMPRESSED_DTB=y > @@ -126,6 +126,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -211,6 +212,7 @@ CONFIG_HAS_DEBUG_LL=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > # CONFIG_OF_OVERLAY is not set > @@ -308,6 +310,7 @@ CONFIG_MCI=y > # CONFIG_MCI_ROCKCHIP_DWCMSHC is not set > CONFIG_MCI_OMAP_HSMMC=y > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > > # > @@ -454,6 +457,7 @@ CONFIG_TI_SYSC=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -518,6 +522,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_LZO_DECOMPRESS=y > CONFIG_XYMODEM=y > @@ -537,6 +542,16 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-am335x.config b/configs/platform-v7a/barebox-am335x.config > index a85bbe294886..54453aedf649 100644 > --- a/configs/platform-v7a/barebox-am335x.config > +++ b/configs/platform-v7a/barebox-am335x.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -144,6 +144,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -168,7 +169,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > # CONFIG_TIMESTAMP is not set > CONFIG_BOOTM=y > @@ -479,6 +479,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -677,6 +678,7 @@ CONFIG_MCI_WRITE=y > CONFIG_MCI_OMAP_HSMMC=y > # CONFIG_MCI_MMCI is not set > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > > # > @@ -703,6 +705,7 @@ CONFIG_CLOCKSOURCE_TI_DM=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > # CONFIG_MFD_ATMEL_FLEXCOM is not set > # CONFIG_MFD_RK808 is not set > @@ -750,6 +753,7 @@ CONFIG_WATCHDOG=y > # CONFIG_WATCHDOG_DW is not set > CONFIG_WATCHDOG_OMAP=y > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > # CONFIG_PWM is not set > CONFIG_HWRNG=y > > @@ -861,6 +865,7 @@ CONFIG_REGULATOR_FIXED=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -930,6 +935,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_PROCESS_ESCAPE_SEQUENCE=y > CONFIG_LZO_DECOMPRESS=y > @@ -955,6 +961,16 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-am335x.config.diff b/configs/platform-v7a/barebox-am335x.config.diff > index 273b6c346982..7354b58a06c7 100644 > --- a/configs/platform-v7a/barebox-am335x.config.diff > +++ b/configs/platform-v7a/barebox-am335x.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > # CONFIG_AM33XX_NET_BOOT is not set > CONFIG_ARCH_AM33XX=y > # CONFIG_ARCH_BCM283X is not set > diff --git a/configs/platform-v7a/barebox-at91.config b/configs/platform-v7a/barebox-at91.config > index 389599629374..eac526659940 100644 > --- a/configs/platform-v7a/barebox-at91.config > +++ b/configs/platform-v7a/barebox-at91.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -64,6 +64,7 @@ CONFIG_ARCH_TEXT_BASE=0x23f00000 > # Atmel AT91 System-on-Chip > # > CONFIG_AT91_MULTI_BOARDS=y > +# CONFIG_MACH_CALAO is not set > # CONFIG_MACH_SKOV_ARM9CPU is not set > # CONFIG_MACH_AT91SAM9263EK is not set > # CONFIG_MACH_AT91SAM9X5EK is not set > @@ -151,6 +152,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -175,7 +177,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -491,6 +492,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -677,6 +679,7 @@ CONFIG_MCI_MMC_BOOT_PARTITIONS=y > CONFIG_MCI_ATMEL=y > CONFIG_MCI_ATMEL_SDHCI=y > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > CONFIG_MCI_ATMEL_SDHCI_PBL=y > CONFIG_HAVE_CLK=y > @@ -709,6 +712,7 @@ CONFIG_MFD_SYSCON=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > CONFIG_MFD_ATMEL_FLEXCOM=y > # CONFIG_MFD_RK808 is not set > @@ -756,6 +760,7 @@ CONFIG_WATCHDOG=y > CONFIG_WATCHDOG_AT91SAM9=y > # CONFIG_WATCHDOG_DW is not set > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > # CONFIG_PWM is not set > # CONFIG_HWRNG is not set > > @@ -867,6 +872,7 @@ CONFIG_ATMEL_EBI=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -962,6 +968,16 @@ CONFIG_ARCH_HAS_ZERO_PAGE=y > CONFIG_GENERIC_ALLOCATOR=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-at91.config.diff b/configs/platform-v7a/barebox-at91.config.diff > index 8b093ab0fdaf..b2e86af201b5 100644 > --- a/configs/platform-v7a/barebox-at91.config.diff > +++ b/configs/platform-v7a/barebox-at91.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > CONFIG_ARCH_AT91=y > # CONFIG_ARCH_BCM283X is not set > # CONFIG_ARCH_IMX is undefined > @@ -75,6 +75,7 @@ CONFIG_LIBSCAN=y > CONFIG_LIBUBIGEN=y > # CONFIG_MACH_AT91SAM9263EK is not set > # CONFIG_MACH_AT91SAM9X5EK is not set > +# CONFIG_MACH_CALAO is not set > # CONFIG_MACH_MICROCHIP_KSZ9477_EVB is not set > # CONFIG_MACH_MICROCHIP_SAMA5D3_EDS is not set > # CONFIG_MACH_RPI2 is undefined > @@ -166,6 +167,7 @@ CONFIG_WATCHDOG_AT91SAM9=y > # CONFIG_WATCHDOG_BCM2835 is undefined > CONFIG_XXHASH=y > # CONFIG_XZ_DECOMPRESS is not set > +# CONFIG_XZ_DEC_ARM64 is undefined > # CONFIG_XZ_DEC_ARM is undefined > # CONFIG_XZ_DEC_ARMTHUMB is undefined > # CONFIG_XZ_DEC_IA64 is undefined > diff --git a/configs/platform-v7a/barebox-mx6.config b/configs/platform-v7a/barebox-mx6.config > index 49b0c0fb31dc..a82d1d5511c1 100644 > --- a/configs/platform-v7a/barebox-mx6.config > +++ b/configs/platform-v7a/barebox-mx6.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -235,6 +235,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -259,7 +260,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -560,6 +560,7 @@ CONFIG_CMD_STATE=y > # CONFIG_CMD_DHRYSTONE is not set > # CONFIG_CMD_SPD_DECODE is not set > # CONFIG_CMD_SEED is not set > +# CONFIG_CMD_STACKSMASH is not set > # end of Miscellaneous > # end of Commands > > @@ -578,6 +579,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -596,6 +598,7 @@ CONFIG_ARM_AMBA=y > CONFIG_DRIVER_SERIAL_IMX=y > # CONFIG_DRIVER_SERIAL_NS16550 is not set > # CONFIG_DRIVER_SERIAL_CADENCE is not set > +# CONFIG_DRIVER_SERIAL_LPUART32 is not set > # CONFIG_SERIAL_SIFIVE is not set > # end of serial drivers > > @@ -673,6 +676,7 @@ CONFIG_I2C_ALGOBIT=y > # > CONFIG_I2C_GPIO=y > CONFIG_I2C_IMX=y > +# CONFIG_I2C_IMX_LPI2C is not set > # CONFIG_I2C_DESIGNWARE is not set > # CONFIG_I2C_MV64XXX is not set > # end of I2C Hardware Bus support > @@ -815,6 +819,7 @@ CONFIG_MCI_IMX_ESDHC=y > # CONFIG_MCI_IMX_ESDHC_PIO is not set > # CONFIG_MCI_MMCI is not set > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > CONFIG_HAVE_CLK=y > CONFIG_CLKDEV_LOOKUP=y > @@ -847,6 +852,7 @@ CONFIG_MFD_SYSCON=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > # CONFIG_MFD_ATMEL_FLEXCOM is not set > # CONFIG_MFD_RK808 is not set > @@ -897,7 +903,9 @@ CONFIG_WATCHDOG=y > # CONFIG_WATCHDOG_POLLER is not set > # CONFIG_WATCHDOG_DW is not set > CONFIG_WATCHDOG_IMX=y > +# CONFIG_WATCHDOG_IMXULP is not set > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > CONFIG_PWM=y > CONFIG_PWM_IMX=y > # CONFIG_HWRNG is not set > @@ -1028,6 +1036,7 @@ CONFIG_USB_NOP_XCEIV=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -1102,6 +1111,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_PROCESS_ESCAPE_SEQUENCE=y > CONFIG_LZO_DECOMPRESS=y > @@ -1138,6 +1148,17 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +CONFIG_STACK_GUARD_PAGE=y > +CONFIG_STACKPROTECTOR=y > +# CONFIG_STACKPROTECTOR_NONE is not set > +CONFIG_STACKPROTECTOR_STRONG=y > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-mx6.config.diff b/configs/platform-v7a/barebox-mx6.config.diff > index cc7d235ee68b..19fa32bff76b 100644 > --- a/configs/platform-v7a/barebox-mx6.config.diff > +++ b/configs/platform-v7a/barebox-mx6.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > # CONFIG_ARCH_BCM283X is not set > CONFIG_ARCH_HAS_FEC_IMX=y > CONFIG_ARCH_HAS_IMX_GPT=y > @@ -34,6 +34,7 @@ CONFIG_CMD_NAND=y > # CONFIG_CMD_PWM is not set > # CONFIG_CMD_SMC is undefined > CONFIG_CMD_SPLASH=y > +# CONFIG_CMD_STACKSMASH is not set > CONFIG_CMD_UBI=y > CONFIG_CMD_UBIFORMAT=y > # CONFIG_CONSOLE_ACTIVATE_FIRST is not set > @@ -51,6 +52,7 @@ CONFIG_DISK_INTF_PLATFORM_IDE=y > CONFIG_DISK_PATA_IMX=y > CONFIG_DRIVER_NET_FEC_IMX=y > CONFIG_DRIVER_SERIAL_IMX=y > +# CONFIG_DRIVER_SERIAL_LPUART32 is not set > # CONFIG_DRIVER_SPI_FSL_QUADSPI is not set > CONFIG_DRIVER_SPI_IMX=y > CONFIG_DRIVER_SPI_IMX_2_3=y > @@ -84,6 +86,7 @@ CONFIG_HAVE_DIGEST_HMAC=y > CONFIG_HW_HAS_PCI=y > # CONFIG_I2C_BCM283X is undefined > CONFIG_I2C_IMX=y > +# CONFIG_I2C_IMX_LPI2C is not set > CONFIG_IMAGE_RENDERER=y > CONFIG_IMX_IIM=y > CONFIG_IMX_IIM_FUSE_BLOW=y > @@ -218,6 +221,10 @@ CONFIG_RESET_IMX_SRC=y > # CONFIG_SPI_CADENCE_QUADSPI is not set > CONFIG_SPI_MEM=y > # CONFIG_SPI_SYNOPSYS_OCTALSPI_NOR is not set > +CONFIG_STACKPROTECTOR=y > +# CONFIG_STACKPROTECTOR_NONE is not set > +CONFIG_STACKPROTECTOR_STRONG=y > +CONFIG_STACK_GUARD_PAGE=y > CONFIG_STMP_DEVICE=y > # CONFIG_SYSCON_REBOOT_MODE is not set > CONFIG_THUMB2_BAREBOX=y > @@ -236,6 +243,7 @@ CONFIG_VIDEO=y > CONFIG_VIDEO_VPL=y > # CONFIG_WATCHDOG_BCM2835 is undefined > CONFIG_WATCHDOG_IMX=y > +# CONFIG_WATCHDOG_IMXULP is not set > CONFIG_WATCHDOG_IMX_RESET_SOURCE=y > CONFIG_XXHASH=y > CONFIG_ZSTD_DECOMPRESS=y > diff --git a/configs/platform-v7a/barebox-rpi2.config b/configs/platform-v7a/barebox-rpi2.config > index f72910d5d75a..252c11544fed 100644 > --- a/configs/platform-v7a/barebox-rpi2.config > +++ b/configs/platform-v7a/barebox-rpi2.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -137,6 +137,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -161,7 +162,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -469,6 +469,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -652,6 +653,7 @@ CONFIG_MCI_BCM283X=y > CONFIG_MCI_BCM283X_SDHOST=y > # CONFIG_MCI_MMCI is not set > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > CONFIG_HAVE_CLK=y > CONFIG_CLKDEV_LOOKUP=y > @@ -683,6 +685,7 @@ CONFIG_CLOCKSOURCE_ARM_ARCHITECTED_TIMER=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > # CONFIG_MFD_ATMEL_FLEXCOM is not set > # CONFIG_MFD_RK808 is not set > @@ -730,6 +733,7 @@ CONFIG_WATCHDOG=y > # CONFIG_WATCHDOG_DW is not set > CONFIG_WATCHDOG_BCM2835=y > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > # CONFIG_PWM is not set > # CONFIG_HWRNG is not set > > @@ -843,6 +847,7 @@ CONFIG_USB_NOP_XCEIV=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -912,6 +917,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_PROCESS_ESCAPE_SEQUENCE=y > CONFIG_LZO_DECOMPRESS=y > @@ -937,6 +943,16 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-rpi2.config.diff b/configs/platform-v7a/barebox-rpi2.config.diff > index b26e7a4f56a0..996186382782 100644 > --- a/configs/platform-v7a/barebox-rpi2.config.diff > +++ b/configs/platform-v7a/barebox-rpi2.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > CONFIG_ARM_ASM_UNIFIED=y > # CONFIG_CMD_NVMEM is not set > CONFIG_DRIVER_NET_BCMGENET=y > diff --git a/configs/platform-v7a/barebox-stm32mp.config b/configs/platform-v7a/barebox-stm32mp.config > index 76f051a68bb1..7bbae9cc0f88 100644 > --- a/configs/platform-v7a/barebox-stm32mp.config > +++ b/configs/platform-v7a/barebox-stm32mp.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -133,6 +133,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -157,7 +158,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -447,6 +447,7 @@ CONFIG_CMD_STATE=y > # CONFIG_CMD_DHRYSTONE is not set > # CONFIG_CMD_SPD_DECODE is not set > # CONFIG_CMD_SEED is not set > +# CONFIG_CMD_STACKSMASH is not set > # end of Miscellaneous > # end of Commands > > @@ -467,6 +468,7 @@ CONFIG_REGMAP_I2C=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -618,6 +620,7 @@ CONFIG_MCI_MMC_BOOT_PARTITIONS=y > # CONFIG_MCI_ROCKCHIP_DWCMSHC is not set > # CONFIG_MCI_MMCI is not set > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > CONFIG_MCI_STM32_SDMMC2=y > CONFIG_HAVE_CLK=y > CONFIG_CLKDEV_LOOKUP=y > @@ -649,6 +652,7 @@ CONFIG_MFD_SYSCON=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > CONFIG_MFD_STPMIC1=y > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > CONFIG_MFD_STM32_TIMERS=y > # CONFIG_MFD_ATMEL_FLEXCOM is not set > @@ -698,9 +702,11 @@ CONFIG_WATCHDOG_POLLER=y > CONFIG_STM32_IWDG_WATCHDOG=y > # CONFIG_STPMIC1_WATCHDOG is not set > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > CONFIG_PWM=y > CONFIG_PWM_STM32=y > -# CONFIG_HWRNG is not set > +CONFIG_HWRNG=y > +CONFIG_HWRNG_STM32=y > > # > # DMA support > @@ -760,6 +766,7 @@ CONFIG_STM32_REMOTEPROC=y > > CONFIG_ARCH_HAS_RESET_CONTROLLER=y > CONFIG_RESET_CONTROLLER=y > +CONFIG_RESET_SIMPLE=y > # CONFIG_RESET_IMX7 is not set > # CONFIG_RTC_CLASS is not set > > @@ -789,6 +796,7 @@ CONFIG_PHY_STM32_USBPHYC=y > # > # Memory controller drivers > # > +CONFIG_STM32_FMC2_EBI=y > # end of Memory controller drivers > > # > @@ -819,6 +827,7 @@ CONFIG_PHY_STM32_USBPHYC=y > # CONFIG_POWER_RESET_GPIO_RESTART is not set > CONFIG_RESET_STM32=y > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -905,6 +914,17 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +CONFIG_STACK_GUARD_PAGE=y > +CONFIG_STACKPROTECTOR=y > +# CONFIG_STACKPROTECTOR_NONE is not set > +CONFIG_STACKPROTECTOR_STRONG=y > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-stm32mp.config.diff b/configs/platform-v7a/barebox-stm32mp.config.diff > index f1511064ff62..1d495508c4b0 100644 > --- a/configs/platform-v7a/barebox-stm32mp.config.diff > +++ b/configs/platform-v7a/barebox-stm32mp.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > # CONFIG_ARCH_BCM283X is not set > CONFIG_ARCH_HAS_RESET_CONTROLLER=y > CONFIG_ARCH_NR_GPIO=416 > @@ -29,6 +29,7 @@ CONFIG_CMD_MMC_EXTCSD=y > CONFIG_CMD_POWEROFF=y > # CONFIG_CMD_PWM is not set > # CONFIG_CMD_SPI is undefined > +# CONFIG_CMD_STACKSMASH is not set > CONFIG_COMPILE_LOGLEVEL=6 > # CONFIG_CONSOLE_ACTIVATE_FIRST is not set > CONFIG_CONSOLE_ACTIVATE_NONE=y > @@ -50,7 +51,7 @@ CONFIG_EEPROM_AT24=y > CONFIG_GENERIC_PHY=y > # CONFIG_GPIO_74164 is undefined > # CONFIG_GPIO_RASPBERRYPI_EXP is undefined > -# CONFIG_HWRNG is not set > +CONFIG_HWRNG_STM32=y > # CONFIG_I2C_ALGOBIT is undefined > # CONFIG_I2C_BCM283X is undefined > # CONFIG_I2C_GPIO is not set > @@ -128,11 +129,17 @@ CONFIG_REGULATOR_STPMIC1=y > CONFIG_REMOTEPROC=y > CONFIG_RESET_CONTROLLER=y > # CONFIG_RESET_IMX7 is not set > +CONFIG_RESET_SIMPLE=y > CONFIG_RESET_STM32=y > # CONFIG_SPI is not set > # CONFIG_SPI_MEM is undefined > +CONFIG_STACKPROTECTOR=y > +# CONFIG_STACKPROTECTOR_NONE is not set > +CONFIG_STACKPROTECTOR_STRONG=y > +CONFIG_STACK_GUARD_PAGE=y > CONFIG_STM32_BSEC=y > CONFIG_STM32_BSEC_WRITE=y > +CONFIG_STM32_FMC2_EBI=y > CONFIG_STM32_IMAGE=y > CONFIG_STM32_IWDG_WATCHDOG=y > CONFIG_STM32_REMOTEPROC=y > @@ -151,6 +158,7 @@ CONFIG_USB_OTGDEV=y > # CONFIG_WATCHDOG_BCM2835 is undefined > CONFIG_WATCHDOG_POLLER=y > # CONFIG_XZ_DECOMPRESS is not set > +# CONFIG_XZ_DEC_ARM64 is undefined > # CONFIG_XZ_DEC_ARM is undefined > # CONFIG_XZ_DEC_ARMTHUMB is undefined > # CONFIG_XZ_DEC_IA64 is undefined > diff --git a/configs/platform-v7a/barebox-vexpress.config b/configs/platform-v7a/barebox-vexpress.config > index baf5420ed58f..3b9ab3a0d1fc 100644 > --- a/configs/platform-v7a/barebox-vexpress.config > +++ b/configs/platform-v7a/barebox-vexpress.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -120,6 +120,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -144,7 +145,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -451,6 +451,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_BAREBOX_DRIVERS=y > # CONFIG_OF_BAREBOX_ENV_IN_FS is not set > @@ -631,6 +632,7 @@ CONFIG_MCI_WRITE=y > # CONFIG_MCI_ROCKCHIP_DWCMSHC is not set > CONFIG_MCI_MMCI=y > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > CONFIG_HAVE_CLK=y > CONFIG_CLKDEV_LOOKUP=y > @@ -662,6 +664,7 @@ CONFIG_CLOCKSOURCE_ARM_ARCHITECTED_TIMER=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > # CONFIG_MFD_ATMEL_FLEXCOM is not set > # CONFIG_MFD_RK808 is not set > @@ -700,6 +703,7 @@ CONFIG_LED_TRIGGERS=y > CONFIG_WATCHDOG=y > # CONFIG_WATCHDOG_POLLER is not set > # CONFIG_WATCHDOG_DW is not set > +# CONFIG_CADENCE_WATCHDOG is not set > # CONFIG_PWM is not set > CONFIG_HWRNG=y > > @@ -782,6 +786,7 @@ CONFIG_REGULATOR=y > # CONFIG_POWER_RESET_SYSCON is not set > # CONFIG_POWER_RESET_SYSCON_POWEROFF is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -851,6 +856,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_PROCESS_ESCAPE_SEQUENCE=y > CONFIG_LZO_DECOMPRESS=y > @@ -876,6 +882,16 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/barebox-vexpress.config.diff b/configs/platform-v7a/barebox-vexpress.config.diff > index 5baaca56eb7b..973db9d3b772 100644 > --- a/configs/platform-v7a/barebox-vexpress.config.diff > +++ b/configs/platform-v7a/barebox-vexpress.config.diff > @@ -1,4 +1,4 @@ > -ec05109bb691f36043a0a4f1bf9c20ad > +53d21fb44946357f79471694e33102cc > CONFIG_AMBA_SP804=y > # CONFIG_ARCH_BCM283X is not set > CONFIG_ARCH_VEXPRESS=y > diff --git a/configs/platform-v7a/barebox.config b/configs/platform-v7a/barebox.config > index 70e4c1de3970..91288607f3cc 100644 > --- a/configs/platform-v7a/barebox.config > +++ b/configs/platform-v7a/barebox.config > @@ -1,6 +1,6 @@ > # > # Automatically generated file; DO NOT EDIT. > -# Barebox/arm 2023.09.0 Configuration > +# Barebox/arm 2023.12.0 Configuration > # > CONFIG_ARM=y > CONFIG_ARM_LINUX=y > @@ -136,6 +136,7 @@ CONFIG_BAREBOX_MAX_PBL_SIZE=0xffffffff > CONFIG_BAREBOX_MAX_BARE_INIT_SIZE=0xffffffff > CONFIG_STACK_SIZE=0x8000 > CONFIG_MALLOC_SIZE=0x0 > +CONFIG_MALLOC_ALIGNMENT=8 > # end of memory layout > > # CONFIG_EXPERIMENTAL is not set > @@ -160,7 +161,6 @@ CONFIG_CMDLINE_EDITING=y > CONFIG_AUTO_COMPLETE=y > CONFIG_MENU=y > # CONFIG_PASSWORD is not set > -CONFIG_DYNAMIC_CRC_TABLE=y > CONFIG_ERRNO_MESSAGES=y > CONFIG_TIMESTAMP=y > CONFIG_BOOTM=y > @@ -468,6 +468,7 @@ CONFIG_NET_FASTBOOT=y > CONFIG_OFTREE=y > CONFIG_OFTREE_MEM_GENERIC=y > CONFIG_DTC=y > +CONFIG_OF=y > CONFIG_OFDEVICE=y > CONFIG_OF_GPIO=y > CONFIG_OF_BAREBOX_DRIVERS=y > @@ -649,6 +650,7 @@ CONFIG_MCI_WRITE=y > # CONFIG_MCI_BCM283X_SDHOST is not set > CONFIG_MCI_MMCI=y > # CONFIG_MCI_ARASAN is not set > +# CONFIG_MCI_AM654 is not set > # CONFIG_MCI_SPI is not set > CONFIG_HAVE_CLK=y > CONFIG_CLKDEV_LOOKUP=y > @@ -680,6 +682,7 @@ CONFIG_CLOCKSOURCE_ARM_ARCHITECTED_TIMER=y > # CONFIG_MFD_TWL4030 is not set > # CONFIG_MFD_TWL6030 is not set > # CONFIG_MFD_STPMIC1 is not set > +# CONFIG_MFD_PCA9450 is not set > # CONFIG_MFD_RN568PMIC is not set > # CONFIG_MFD_ATMEL_FLEXCOM is not set > # CONFIG_MFD_RK808 is not set > @@ -727,6 +730,7 @@ CONFIG_WATCHDOG=y > # CONFIG_WATCHDOG_DW is not set > # CONFIG_WATCHDOG_BCM2835 is not set > # CONFIG_GPIO_WATCHDOG is not set > +# CONFIG_CADENCE_WATCHDOG is not set > # CONFIG_PWM is not set > CONFIG_HWRNG=y > > @@ -834,6 +838,7 @@ CONFIG_REGULATOR_BCM283X=y > # CONFIG_POWER_RESET_GPIO is not set > # CONFIG_POWER_RESET_GPIO_RESTART is not set > # CONFIG_VIRTIO_MENU is not set > +# CONFIG_MAILBOX is not set > # end of Drivers > > # > @@ -903,6 +908,7 @@ CONFIG_XZ_DEC_IA64=y > CONFIG_XZ_DEC_ARM=y > CONFIG_XZ_DEC_ARMTHUMB=y > CONFIG_XZ_DEC_SPARC=y > +CONFIG_XZ_DEC_ARM64=y > # CONFIG_BASE64 is not set > CONFIG_PROCESS_ESCAPE_SEQUENCE=y > CONFIG_LZO_DECOMPRESS=y > @@ -928,6 +934,16 @@ CONFIG_ARCH_HAS_DATA_ABORT_MASK=y > CONFIG_ARCH_HAS_ZERO_PAGE=y > # end of Library routines > > +# > +# Hardening options > +# > +# CONFIG_STACK_GUARD_PAGE is not set > +CONFIG_STACKPROTECTOR_NONE=y > +# CONFIG_STACKPROTECTOR_STRONG is not set > +CONFIG_PBL_STACKPROTECTOR_NONE=y > +# CONFIG_PBL_STACKPROTECTOR_STRONG is not set > +# end of Hardening options > + > # > # Crypto support > # > diff --git a/configs/platform-v7a/patches/barebox-2023.09.0/0001-remoteproc-stm32-fix-typo-in-Kconfig-symbol.patch b/configs/platform-v7a/patches/barebox-2023.09.0/0001-remoteproc-stm32-fix-typo-in-Kconfig-symbol.patch > deleted file mode 100644 > index acb5ba3c4a80..000000000000 > --- a/configs/platform-v7a/patches/barebox-2023.09.0/0001-remoteproc-stm32-fix-typo-in-Kconfig-symbol.patch > +++ /dev/null > @@ -1,26 +0,0 @@ > -From: Ahmad Fatoum > -Date: Fri, 20 Oct 2023 15:37:43 +0200 > -Subject: [PATCH] remoteproc: stm32: fix typo in Kconfig symbol > - > -The Kconfig symbol for enabling support for the ARM Secure Monitor Call > -Calling Convention if CONFIG_ARM_SMCCC and not CONFIG_ARM_SMCC, but the > -latter is checked with IS_ENABLED() in the driver. Fix the typo. > - > -Signed-off-by: Ahmad Fatoum > ---- > - drivers/remoteproc/stm32_rproc.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c > -index b6a62634842f..b2282f2fac5b 100644 > ---- a/drivers/remoteproc/stm32_rproc.c > -+++ b/drivers/remoteproc/stm32_rproc.c > -@@ -56,7 +56,7 @@ static int stm32_rproc_set_hold_boot(struct rproc *rproc, bool hold) > - > - val = hold ? HOLD_BOOT : RELEASE_BOOT; > - > -- if (IS_ENABLED(CONFIG_ARM_SMCC) && ddata->secured_soc) { > -+ if (IS_ENABLED(CONFIG_ARM_SMCCC) && ddata->secured_soc) { > - arm_smccc_smc(STM32_SMC_RCC, STM32_SMC_REG_WRITE, > - hold_boot->reg, val, 0, 0, 0, 0, &smc_res); > - err = smc_res.a0; > diff --git a/configs/platform-v7a/patches/barebox-2023.09.0/0002-remoteproc-stm32-fix-breakage-after-DT-sync-with-ups.patch b/configs/platform-v7a/patches/barebox-2023.09.0/0002-remoteproc-stm32-fix-breakage-after-DT-sync-with-ups.patch > deleted file mode 100644 > index 8d932859c324..000000000000 > --- a/configs/platform-v7a/patches/barebox-2023.09.0/0002-remoteproc-stm32-fix-breakage-after-DT-sync-with-ups.patch > +++ /dev/null > @@ -1,135 +0,0 @@ > -From: Ahmad Fatoum > -Date: Fri, 20 Oct 2023 15:37:44 +0200 > -Subject: [PATCH] remoteproc: stm32: fix breakage after DT sync with upstream > - > -Once more, a device tree sync with Linux breaks a barebox driver. > - > -This time, the STM32 remoteproc driver ported from Linux was broken by > -the upstream stm32mp151.dtsi removing the st,syscfg-tz property. > - > -This property is only needed for the SiP secure monitor call case, > -but was so far always specified and the driver required its presence, > -even if it went unused. > - > -The Linux driver has since removed this hard requirement and added a new > -third way to do co-processor reset: Besides direct access to hardware > -and Silicon Provider specific secure monitor call, there's also support > -for doing it over SCMI now. > - > -Sync that part with the Linux driver to fix following boot-time error > -message: > - > - ERROR: stm32-rproc 10000000.m4@10000000.of: failed to get tz syscfg > - > -Reported-by: Robert Schwebel > -Signed-off-by: Ahmad Fatoum > ---- > - drivers/remoteproc/stm32_rproc.c | 70 ++++++++++++++++++++++++++++------------ > - 1 file changed, 50 insertions(+), 20 deletions(-) > - > -diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c > -index b2282f2fac5b..a7df29e57051 100644 > ---- a/drivers/remoteproc/stm32_rproc.c > -+++ b/drivers/remoteproc/stm32_rproc.c > -@@ -30,8 +30,9 @@ struct stm32_syscon { > - > - struct stm32_rproc { > - struct reset_control *rst; > -+ struct reset_control *hold_boot_rst; > - struct stm32_syscon hold_boot; > -- bool secured_soc; > -+ bool hold_boot_smc; > - }; > - > - static void *stm32_rproc_da_to_va(struct rproc *rproc, u64 da, int len) > -@@ -54,13 +55,28 @@ static int stm32_rproc_set_hold_boot(struct rproc *rproc, bool hold) > - struct arm_smccc_res smc_res; > - int val, err; > - > -+ /* > -+ * Three ways to manage the hold boot > -+ * - using SCMI: the hold boot is managed as a reset, > -+ * - using Linux(no SCMI): the hold boot is managed as a syscon register > -+ * - using SMC call (deprecated): use SMC reset interface > -+ */ > -+ > - val = hold ? HOLD_BOOT : RELEASE_BOOT; > - > -- if (IS_ENABLED(CONFIG_ARM_SMCCC) && ddata->secured_soc) { > -+ if (ddata->hold_boot_rst) { > -+ /* Use the SCMI reset controller */ > -+ if (!hold) > -+ err = reset_control_deassert(ddata->hold_boot_rst); > -+ else > -+ err = reset_control_assert(ddata->hold_boot_rst); > -+ } else if (IS_ENABLED(CONFIG_HAVE_ARM_SMCCC) && ddata->hold_boot_smc) { > -+ /* Use the SMC call */ > - arm_smccc_smc(STM32_SMC_RCC, STM32_SMC_REG_WRITE, > - hold_boot->reg, val, 0, 0, 0, 0, &smc_res); > - err = smc_res.a0; > - } else { > -+ /* Use syscon */ > - err = regmap_update_bits(hold_boot->map, hold_boot->reg, > - hold_boot->mask, val); > - } > -@@ -142,28 +158,42 @@ static int stm32_rproc_parse_dt(struct device *dev, struct stm32_rproc *ddata) > - } > - > - /* > -- * if platform is secured the hold boot bit must be written by > -- * smc call and read normally. > -- * if not secure the hold boot bit could be read/write normally > -+ * Three ways to manage the hold boot > -+ * - using SCMI: the hold boot is managed as a reset > -+ * The DT "reset-mames" property should be defined with 2 items: > -+ * reset-names = "mcu_rst", "hold_boot"; > -+ * - using SMC call (deprecated): use SMC reset interface > -+ * The DT "reset-mames" property is optional, "st,syscfg-tz" is required > -+ * - default(no SCMI, no SMC): the hold boot is managed as a syscon register > -+ * The DT "reset-mames" property is optional, "st,syscfg-holdboot" is required > - */ > -- err = stm32_rproc_get_syscon(np, "st,syscfg-tz", &tz); > -- if (err) { > -- dev_err(dev, "failed to get tz syscfg\n"); > -- return err; > -- } > - > -- err = regmap_read(tz.map, tz.reg, &tzen); > -- if (err) { > -- dev_err(dev, "failed to read tzen\n"); > -- return err; > -+ ddata->hold_boot_rst = reset_control_get_optional(dev, "hold_boot"); > -+ if (IS_ERR(ddata->hold_boot_rst)) > -+ return dev_err_probe(dev, PTR_ERR(ddata->hold_boot_rst), > -+ "failed to get hold_boot reset\n"); > -+ > -+ if (!ddata->hold_boot_rst && IS_ENABLED(CONFIG_HAVE_ARM_SMCCC)) { > -+ /* Manage the MCU_BOOT using SMC call */ > -+ err = stm32_rproc_get_syscon(np, "st,syscfg-tz", &tz); > -+ if (!err) { > -+ err = regmap_read(tz.map, tz.reg, &tzen); > -+ if (err) { > -+ dev_err(dev, "failed to read tzen\n"); > -+ return err; > -+ } > -+ ddata->hold_boot_smc = tzen & tz.mask; > -+ } > - } > -- ddata->secured_soc = tzen & tz.mask; > - > -- err = stm32_rproc_get_syscon(np, "st,syscfg-holdboot", > -- &ddata->hold_boot); > -- if (err) { > -- dev_err(dev, "failed to get hold boot\n"); > -- return err; > -+ if (!ddata->hold_boot_rst && !ddata->hold_boot_smc) { > -+ /* Default: hold boot manage it through the syscon controller */ > -+ err = stm32_rproc_get_syscon(np, "st,syscfg-holdboot", > -+ &ddata->hold_boot); > -+ if (err) { > -+ dev_err(dev, "failed to get hold boot\n"); > -+ return err; > -+ } > - } > - > - return 0; > diff --git a/configs/platform-v7a/patches/barebox-2023.09.0/series b/configs/platform-v7a/patches/barebox-2023.09.0/series > deleted file mode 100644 > index 7dadf912ccb5..000000000000 > --- a/configs/platform-v7a/patches/barebox-2023.09.0/series > +++ /dev/null > @@ -1,5 +0,0 @@ > -# generated by git-ptx-patches > -#tag:base --start-number 1 > -0001-remoteproc-stm32-fix-typo-in-Kconfig-symbol.patch > -0002-remoteproc-stm32-fix-breakage-after-DT-sync-with-ups.patch > -# 3e889491708d7a397dcb8350d8babf58 - git-ptx-patches magic > diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig > index 2162b6e5d1b5..45b5477957a6 100644 > --- a/configs/platform-v7a/platformconfig > +++ b/configs/platform-v7a/platformconfig > @@ -186,8 +186,8 @@ PTXCONF_AT91BOOTSTRAP2_MD5="ef321a80bf428bfd6cb642c96126ef6c" > PTXCONF_AT91BOOTSTRAP2_CONFIG="at91bootstrap-wifx-l1.config" > PTXCONF_BAREBOX_COMMON_ARCH_STRING="arm" > PTXCONF_BAREBOX_COMMON=y > -PTXCONF_BAREBOX_COMMON_VERSION="2023.09.0" > -PTXCONF_BAREBOX_COMMON_MD5="a605929ca1d8295fc43b5e1f309152c9" > +PTXCONF_BAREBOX_COMMON_VERSION="2023.12.0" > +PTXCONF_BAREBOX_COMMON_MD5="e1513be5a2995203b75ac45043eac6d0" > PTXCONF_BAREBOX_COMMON_NEEDS_HOST_LZOP=y > PTXCONF_BAREBOX_AM335X_MLO=y > PTXCONF_BAREBOX_AM335X=y -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |