Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm

acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements

14 files changed, 471 insertions, 94 deletions

diff --git a/lib/Kconfig b/lib/Kconfig
index 52d4b27ae51..3c6fa99b1a6 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -202,6 +202,24 @@ config LIB_HW_RAND
 
 endchoice
 
+config SUPPORT_ACPI
+	bool
+	help
+	  Enable this if your arch or board can support generating ACPI
+	  (Advanced Configuration and Power Interface) tables. In this case
+	  U-Boot can generate these tables and pass them to the Operating
+	  System.
+
+config GENERATE_ACPI_TABLE
+	bool "Generate an ACPI (Advanced Configuration and Power Interface) table"
+	depends on SUPPORT_ACPI
+	select QFW if QEMU
+	help
+	  The Advanced Configuration and Power Interface (ACPI) specification
+	  provides an open standard for device configuration and management
+	  by the operating system. It defines platform-independent interfaces
+	  for configuration and power management monitoring.
+
 config SPL_TINY_MEMSET
 	bool "Use a very small memset() in SPL"
 	help
diff --git a/lib/Makefile b/lib/Makefile
index f2238922bb6..11b03d1cbec 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -64,7 +64,7 @@ obj-$(CONFIG_TPM_V1) += tpm-v1.o
 obj-$(CONFIG_TPM_V2) += tpm-v2.o
 endif
 
-obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
+obj-$(CONFIG_$(SPL_TPL_)GENERATE_ACPI_TABLE) += acpi/
 obj-$(CONFIG_$(SPL_)MD5) += md5.o
 obj-$(CONFIG_ECDSA) += ecdsa/
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
diff --git a/lib/acpi/Makefile b/lib/acpi/Makefile
index 5c2f793701f..f9b504988f2 100644
--- a/lib/acpi/Makefile
+++ b/lib/acpi/Makefile
@@ -1,7 +1,22 @@
 # SPDX-License-Identifier: GPL-2.0+
 #
 
-obj-y += acpigen.o
-obj-y += acpi_device.o
-obj-y += acpi_dp.o
-obj-y += acpi_table.o
+obj-$(CONFIG_$(SPL_)ACPIGEN) += acpigen.o
+obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi_device.o
+obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi_dp.o
+obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi_table.o
+obj-y += acpi_writer.o
+
+# With QEMU the ACPI tables come from there, not from U-Boot
+ifndef CONFIG_QEMU
+obj-y += base.o
+obj-y += csrt.o
+
+# Sandbox does not build a .asl file
+ifndef CONFIG_SANDBOX
+obj-y += dsdt.o
+endif
+
+obj-y += facs.o
+obj-y += ssdt.o
+endif
diff --git a/lib/acpi/acpi_table.c b/lib/acpi/acpi_table.c
index d1685404c21..f8642f99420 100644
--- a/lib/acpi/acpi_table.c
+++ b/lib/acpi/acpi_table.c
@@ -201,88 +201,6 @@ int acpi_add_table(struct acpi_ctx *ctx, void *table)
 	return 0;
 }
 
-void acpi_write_rsdp(struct acpi_rsdp *rsdp, struct acpi_rsdt *rsdt,
-		     struct acpi_xsdt *xsdt)
-{
-	memset(rsdp, 0, sizeof(struct acpi_rsdp));
-
-	memcpy(rsdp->signature, RSDP_SIG, 8);
-	memcpy(rsdp->oem_id, OEM_ID, 6);
-
-	rsdp->length = sizeof(struct acpi_rsdp);
-	rsdp->rsdt_address = map_to_sysmem(rsdt);
-
-	rsdp->xsdt_address = map_to_sysmem(xsdt);
-	rsdp->revision = ACPI_RSDP_REV_ACPI_2_0;
-
-	/* Calculate checksums */
-	rsdp->checksum = table_compute_checksum(rsdp, 20);
-	rsdp->ext_checksum = table_compute_checksum(rsdp,
-						    sizeof(struct acpi_rsdp));
-}
-
-static void acpi_write_rsdt(struct acpi_rsdt *rsdt)
-{
-	struct acpi_table_header *header = &rsdt->header;
-
-	/* Fill out header fields */
-	acpi_fill_header(header, "RSDT");
-	header->length = sizeof(struct acpi_rsdt);
-	header->revision = 1;
-
-	/* Entries are filled in later, we come with an empty set */
-
-	/* Fix checksum */
-	header->checksum = table_compute_checksum(rsdt,
-						  sizeof(struct acpi_rsdt));
-}
-
-static void acpi_write_xsdt(struct acpi_xsdt *xsdt)
-{
-	struct acpi_table_header *header = &xsdt->header;
-
-	/* Fill out header fields */
-	acpi_fill_header(header, "XSDT");
-	header->length = sizeof(struct acpi_xsdt);
-	header->revision = 1;
-
-	/* Entries are filled in later, we come with an empty set */
-
-	/* Fix checksum */
-	header->checksum = table_compute_checksum(xsdt,
-						  sizeof(struct acpi_xsdt));
-}
-
-void acpi_setup_base_tables(struct acpi_ctx *ctx, void *start)
-{
-	ctx->base = start;
-	ctx->current = start;
-
-	/* Align ACPI tables to 16 byte */
-	acpi_align(ctx);
-	gd->arch.acpi_start = map_to_sysmem(ctx->current);
-
-	/* We need at least an RSDP and an RSDT Table */
-	ctx->rsdp = ctx->current;
-	acpi_inc_align(ctx, sizeof(struct acpi_rsdp));
-	ctx->rsdt = ctx->current;
-	acpi_inc_align(ctx, sizeof(struct acpi_rsdt));
-	ctx->xsdt = ctx->current;
-	acpi_inc_align(ctx, sizeof(struct acpi_xsdt));
-
-	/* clear all table memory */
-	memset((void *)start, '\0', ctx->current - start);
-
-	acpi_write_rsdp(ctx->rsdp, ctx->rsdt, ctx->xsdt);
-	acpi_write_rsdt(ctx->rsdt);
-	acpi_write_xsdt(ctx->xsdt);
-	/*
-	 * Per ACPI spec, the FACS table address must be aligned to a 64 byte
-	 * boundary (Windows checks this, but Linux does not).
-	 */
-	acpi_align64(ctx);
-}
-
 void acpi_create_dbg2(struct acpi_dbg2_header *dbg2,
 		      int port_type, int port_subtype,
 		      struct acpi_gen_regaddr *address, u32 address_size,
diff --git a/lib/acpi/acpi_writer.c b/lib/acpi/acpi_writer.c
new file mode 100644
index 00000000000..946f90e8e7b
--- /dev/null
+++ b/lib/acpi/acpi_writer.c
@@ -0,0 +1,131 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Handles writing the declared ACPI tables
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <log.h>
+#include <malloc.h>
+#include <mapmem.h>
+#include <acpi/acpi_table.h>
+#include <asm/global_data.h>
+#include <dm/acpi.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+int acpi_write_one(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	int ret;
+
+	log_debug("%s: writing table '%s'\n", entry->name,
+		  entry->table);
+	ctx->tab_start = ctx->current;
+	ret = entry->h_write(ctx, entry);
+	if (ret == -ENOENT) {
+		log_debug("%s: Omitted due to being empty\n",
+			  entry->name);
+		ret = 0;
+		ctx->current = ctx->tab_start;	/* drop the table */
+		return ret;
+	}
+	if (ret)
+		return log_msg_ret("write", ret);
+
+	if (entry->flags & ACPIWF_ALIGN64)
+		acpi_align64(ctx);
+	else
+		acpi_align(ctx);
+
+	/* Add the item to the internal list */
+	ret = acpi_add_other_item(ctx, entry, ctx->tab_start);
+	if (ret)
+		return log_msg_ret("add", ret);
+
+	return 0;
+}
+
+#ifndef CONFIG_QEMU
+static int acpi_write_all(struct acpi_ctx *ctx)
+{
+	const struct acpi_writer *writer =
+		 ll_entry_start(struct acpi_writer, acpi_writer);
+	const int n_ents = ll_entry_count(struct acpi_writer, acpi_writer);
+	const struct acpi_writer *entry;
+	int ret;
+
+	for (entry = writer; entry != writer + n_ents; entry++) {
+		ret = acpi_write_one(ctx, entry);
+		if (ret && ret != -ENOENT)
+			return log_msg_ret("one", ret);
+	}
+
+	return 0;
+}
+
+/*
+ * QEMU's version of write_acpi_tables is defined in drivers/misc/qfw.c
+ */
+ulong write_acpi_tables(ulong start_addr)
+{
+	struct acpi_ctx *ctx;
+	ulong addr;
+	int ret;
+
+	ctx = malloc(sizeof(*ctx));
+	if (!ctx)
+		return log_msg_ret("mem", -ENOMEM);
+
+	log_debug("ACPI: Writing ACPI tables at %lx\n", start_addr);
+
+	acpi_reset_items();
+	acpi_setup_ctx(ctx, start_addr);
+
+	ret = acpi_write_all(ctx);
+	if (ret) {
+		log_err("Failed to write ACPI tables (err=%d)\n", ret);
+		return log_msg_ret("write", -ENOMEM);
+	}
+
+	addr = map_to_sysmem(ctx->current);
+	log_debug("ACPI current = %lx\n", addr);
+
+	return addr;
+}
+
+int write_dev_tables(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	int ret;
+
+	ret = acpi_write_dev_tables(ctx);
+	if (ret)
+		return log_msg_ret("write", ret);
+
+	return 0;
+}
+ACPI_WRITER(8dev, NULL, write_dev_tables, 0);
+
+ulong acpi_get_rsdp_addr(void)
+{
+	if (!gd->acpi_ctx)
+		return 0;
+
+	return map_to_sysmem(gd->acpi_ctx->rsdp);
+}
+#endif /* QEMU */
+
+void acpi_setup_ctx(struct acpi_ctx *ctx, ulong start)
+{
+	gd->acpi_ctx = ctx;
+	memset(ctx, '\0', sizeof(*ctx));
+
+	/* Align ACPI tables to 16-byte boundary */
+	start = ALIGN(start, 16);
+	ctx->base = map_sysmem(start, 0);
+	ctx->current = ctx->base;
+
+	gd_set_acpi_start(start);
+}
diff --git a/lib/acpi/base.c b/lib/acpi/base.c
new file mode 100644
index 00000000000..2057bd2bef8
--- /dev/null
+++ b/lib/acpi/base.c
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Write base ACPI tables
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <acpi/acpi_table.h>
+#include <dm/acpi.h>
+#include <mapmem.h>
+#include <tables_csum.h>
+
+void acpi_write_rsdp(struct acpi_rsdp *rsdp, struct acpi_rsdt *rsdt,
+		     struct acpi_xsdt *xsdt)
+{
+	memset(rsdp, 0, sizeof(struct acpi_rsdp));
+
+	memcpy(rsdp->signature, RSDP_SIG, 8);
+	memcpy(rsdp->oem_id, OEM_ID, 6);
+
+	rsdp->length = sizeof(struct acpi_rsdp);
+	rsdp->rsdt_address = map_to_sysmem(rsdt);
+
+	rsdp->xsdt_address = map_to_sysmem(xsdt);
+	rsdp->revision = ACPI_RSDP_REV_ACPI_2_0;
+
+	/* Calculate checksums */
+	rsdp->checksum = table_compute_checksum(rsdp, 20);
+	rsdp->ext_checksum = table_compute_checksum(rsdp,
+						    sizeof(struct acpi_rsdp));
+}
+
+static void acpi_write_rsdt(struct acpi_rsdt *rsdt)
+{
+	struct acpi_table_header *header = &rsdt->header;
+
+	/* Fill out header fields */
+	acpi_fill_header(header, "RSDT");
+	header->length = sizeof(struct acpi_rsdt);
+	header->revision = 1;
+
+	/* Entries are filled in later, we come with an empty set */
+
+	/* Fix checksum */
+	header->checksum = table_compute_checksum(rsdt,
+						  sizeof(struct acpi_rsdt));
+}
+
+static void acpi_write_xsdt(struct acpi_xsdt *xsdt)
+{
+	struct acpi_table_header *header = &xsdt->header;
+
+	/* Fill out header fields */
+	acpi_fill_header(header, "XSDT");
+	header->length = sizeof(struct acpi_xsdt);
+	header->revision = 1;
+
+	/* Entries are filled in later, we come with an empty set */
+
+	/* Fix checksum */
+	header->checksum = table_compute_checksum(xsdt,
+						  sizeof(struct acpi_xsdt));
+}
+
+static int acpi_write_base(struct acpi_ctx *ctx,
+			   const struct acpi_writer *entry)
+{
+	/* We need at least an RSDP and an RSDT Table */
+	ctx->rsdp = ctx->current;
+	acpi_inc_align(ctx, sizeof(struct acpi_rsdp));
+	ctx->rsdt = ctx->current;
+	acpi_inc_align(ctx, sizeof(struct acpi_rsdt));
+	ctx->xsdt = ctx->current;
+	acpi_inc_align(ctx, sizeof(struct acpi_xsdt));
+
+	/* clear all table memory */
+	memset(ctx->base, '\0', ctx->current - ctx->base);
+
+	acpi_write_rsdp(ctx->rsdp, ctx->rsdt, ctx->xsdt);
+	acpi_write_rsdt(ctx->rsdt);
+	acpi_write_xsdt(ctx->xsdt);
+
+	return 0;
+}
+/*
+ * Per ACPI spec, the FACS table address must be aligned to a 64-byte boundary
+ * (Windows checks this, but Linux does not).
+ *
+ * Use the '0' prefix to put this one first
+ */
+ACPI_WRITER(0base, NULL, acpi_write_base, ACPIWF_ALIGN64);
diff --git a/lib/acpi/csrt.c b/lib/acpi/csrt.c
new file mode 100644
index 00000000000..2ba86f22952
--- /dev/null
+++ b/lib/acpi/csrt.c
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Write an ACPI Core System Resource Table (CSRT)
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <mapmem.h>
+#include <tables_csum.h>
+#include <acpi/acpi_table.h>
+#include <dm/acpi.h>
+
+__weak int acpi_fill_csrt(struct acpi_ctx *ctx)
+{
+	return 0;
+}
+
+int acpi_write_csrt(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	struct acpi_table_header *header;
+	struct acpi_csrt *csrt;
+	int ret;
+
+	csrt = ctx->current;
+	header = &csrt->header;
+
+	memset(csrt, '\0', sizeof(struct acpi_csrt));
+
+	/* Fill out header fields */
+	acpi_fill_header(header, "CSRT");
+	header->revision = 0;
+	acpi_inc(ctx, sizeof(*header));
+
+	ret = acpi_fill_csrt(ctx);
+	if (ret)
+		return log_msg_ret("fill", ret);
+
+	/* (Re)calculate length and checksum */
+	header->length = (ulong)ctx->current - (ulong)csrt;
+	header->checksum = table_compute_checksum(csrt, header->length);
+
+	acpi_add_table(ctx, csrt);
+
+	return 0;
+}
+ACPI_WRITER(5csrt, "CSRT", acpi_write_csrt, 0);
diff --git a/lib/acpi/dsdt.c b/lib/acpi/dsdt.c
new file mode 100644
index 00000000000..db98cc20e1d
--- /dev/null
+++ b/lib/acpi/dsdt.c
@@ -0,0 +1,55 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Write the ACPI Differentiated System Description Table (DSDT)
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <acpi/acpi_table.h>
+#include <dm/acpi.h>
+#include <tables_csum.h>
+
+/*
+ * IASL compiles the dsdt entries and writes the hex values
+ * to a C array AmlCode[] (see dsdt.c).
+ */
+extern const unsigned char AmlCode[];
+
+int acpi_write_dsdt(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	const int thl = sizeof(struct acpi_table_header);
+	struct acpi_table_header *dsdt = ctx->current;
+	int aml_len;
+
+	/* Put the table header first */
+	memcpy(dsdt, &AmlCode, thl);
+	acpi_inc(ctx, thl);
+	log_debug("DSDT starts at %p, hdr ends at %p\n", dsdt, ctx->current);
+
+	/* If the table is not empty, allow devices to inject things */
+	aml_len = dsdt->length - thl;
+	if (aml_len) {
+		void *base = ctx->current;
+		int ret;
+
+		ret = acpi_inject_dsdt(ctx);
+		if (ret)
+			return log_msg_ret("inject", ret);
+		log_debug("Added %lx bytes from inject_dsdt, now at %p\n",
+			  (ulong)(ctx->current - base), ctx->current);
+		log_debug("Copy AML code size %x to %p\n", aml_len,
+			  ctx->current);
+		memcpy(ctx->current, AmlCode + thl, aml_len);
+		acpi_inc(ctx, aml_len);
+	}
+
+	ctx->dsdt = dsdt;
+	dsdt->length = ctx->current - (void *)dsdt;
+	log_debug("Updated DSDT length to %x\n", dsdt->length);
+
+	return 0;
+}
+ACPI_WRITER(3dsdt, "DSDT", acpi_write_dsdt, 0);
diff --git a/lib/acpi/facs.c b/lib/acpi/facs.c
new file mode 100644
index 00000000000..e89f43ca5c9
--- /dev/null
+++ b/lib/acpi/facs.c
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Write an ACPI Firmware ACPI Control Structure (FACS) table
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <acpi/acpi_table.h>
+#include <dm/acpi.h>
+
+int acpi_write_facs(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	struct acpi_facs *facs = ctx->current;
+
+	memset((void *)facs, '\0', sizeof(struct acpi_facs));
+
+	memcpy(facs->signature, "FACS", 4);
+	facs->length = sizeof(struct acpi_facs);
+	facs->hardware_signature = 0;
+	facs->firmware_waking_vector = 0;
+	facs->global_lock = 0;
+	facs->flags = 0;
+	facs->x_firmware_waking_vector_l = 0;
+	facs->x_firmware_waking_vector_h = 0;
+	facs->version = 1;
+
+	ctx->facs = facs;
+	acpi_inc(ctx, sizeof(struct acpi_facs));
+
+	return 0;
+}
+ACPI_WRITER(1facs, "FACS", acpi_write_facs, 0);
diff --git a/lib/acpi/ssdt.c b/lib/acpi/ssdt.c
new file mode 100644
index 00000000000..659c1aad406
--- /dev/null
+++ b/lib/acpi/ssdt.c
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Write an ACPI Secondary System Descriptor Table (SSDT) table
+ *
+ * Copyright 2021 Google LLC
+ */
+
+#define LOG_CATEGORY LOGC_ACPI
+
+#include <common.h>
+#include <acpi/acpi_table.h>
+#include <dm/acpi.h>
+#include <tables_csum.h>
+
+int acpi_write_ssdt(struct acpi_ctx *ctx, const struct acpi_writer *entry)
+{
+	struct acpi_table_header *ssdt;
+	int ret;
+
+	ssdt = ctx->current;
+	memset((void *)ssdt, '\0', sizeof(struct acpi_table_header));
+
+	acpi_fill_header(ssdt, "SSDT");
+	memcpy(ssdt->oem_table_id, OEM_TABLE_ID, sizeof(ssdt->oem_table_id));
+	ssdt->revision = acpi_get_table_revision(ACPITAB_SSDT);
+	ssdt->aslc_revision = 1;
+	ssdt->length = sizeof(struct acpi_table_header);
+
+	acpi_inc(ctx, sizeof(struct acpi_table_header));
+
+	ret = acpi_fill_ssdt(ctx);
+	if (ret) {
+		ctx->current = ssdt;
+		return log_msg_ret("fill", ret);
+	}
+
+	/* (Re)calculate length and checksum */
+	ssdt->length = ctx->current - (void *)ssdt;
+	ssdt->checksum = table_compute_checksum((void *)ssdt, ssdt->length);
+	log_debug("SSDT at %p, length %x\n", ssdt, ssdt->length);
+
+	/* Drop the table if it is empty */
+	if (ssdt->length == sizeof(struct acpi_table_header))
+		return log_msg_ret("fill", -ENOENT);
+	acpi_add_table(ctx, ssdt);
+
+	return 0;
+}
+ACPI_WRITER(6ssdt, "SSDT", acpi_write_ssdt, 0);
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index ae6dfa0ba97..d5939af2c56 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -301,7 +301,7 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	if (ret < 0)
 		return ret;
 
-	return 0;
+	return key_node;
 }
 
 int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
@@ -313,7 +313,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
 	if (ret >= 0)
-		do_add(&ctx, fdt, fdt_key_name);
+		ret = do_add(&ctx, fdt, fdt_key_name);
 
 	free_ctx(&ctx);
 	return ret;
diff --git a/lib/efi_loader/efi_acpi.c b/lib/efi_loader/efi_acpi.c
index 83f025e1ca6..2ddc3502b5d 100644
--- a/lib/efi_loader/efi_acpi.c
+++ b/lib/efi_loader/efi_acpi.c
@@ -8,6 +8,7 @@
 #include <common.h>
 #include <efi_loader.h>
 #include <log.h>
+#include <mapmem.h>
 #include <acpi/acpi_table.h>
 
 static const efi_guid_t acpi_guid = EFI_ACPI_TABLE_GUID;
@@ -22,6 +23,7 @@ efi_status_t efi_acpi_register(void)
 	/* Map within the low 32 bits, to allow for 32bit ACPI tables */
 	u64 acpi = U32_MAX;
 	efi_status_t ret;
+	ulong addr;
 
 	/* Reserve 64kiB page for ACPI */
 	ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
@@ -34,7 +36,8 @@ efi_status_t efi_acpi_register(void)
 	 * a 4k-aligned address, so it is safe to assume that
 	 * write_acpi_tables() will write the table at that address.
 	 */
-	write_acpi_tables(acpi);
+	addr = map_to_sysmem((void *)(ulong)acpi);
+	write_acpi_tables(addr);
 
 	/* And expose them to our EFI payload */
 	return efi_install_configuration_table(&acpi_guid,
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index a95a3d2748a..3e7b7982890 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -703,5 +703,8 @@ err_get_pub_key:
 	if (info->engine_id)
 		rsa_engine_remove(e);
 
-	return ret;
+	if (ret)
+		return ret;
+
+	return node;
 }
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index fbb2d35a7d5..32c7507024b 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -79,14 +79,14 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
 	struct checksum_algo *checksum = info->checksum;
 	int ret, pad_len = msg_len - checksum->checksum_len;
 
-	/* Check pkcs1.5 padding bytes. */
+	/* Check pkcs1.5 padding bytes */
 	ret = rsa_verify_padding(msg, pad_len, checksum);
 	if (ret) {
 		debug("In RSAVerify(): Padding check failed!\n");
 		return -EINVAL;
 	}
 
-	/* Check hash. */
+	/* Check hash */
 	if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
 		debug("In RSAVerify(): Hash check failed!\n");
 		return -EACCES;
@@ -502,7 +502,8 @@ int rsa_verify_hash(struct image_sign_info *info,
 	if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
 		/* don't rely on fdt properties */
 		ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
-
+		if (ret)
+			debug("%s: rsa_verify_with_pkey() failed\n", __func__);
 		return ret;
 	}
 
@@ -522,6 +523,9 @@ int rsa_verify_hash(struct image_sign_info *info,
 		if (info->required_keynode != -1) {
 			ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
 						      info->required_keynode);
+			if (ret)
+				debug("%s: Failed to verify required_keynode\n",
+				      __func__);
 			return ret;
 		}
 
@@ -531,6 +535,8 @@ int rsa_verify_hash(struct image_sign_info *info,
 		ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node);
 		if (!ret)
 			return ret;
+		debug("%s: Could not verify key '%s', trying all\n", __func__,
+		      name);
 
 		/* No luck, so try each of the keys in turn */
 		for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
@@ -546,6 +552,7 @@ int rsa_verify_hash(struct image_sign_info *info,
 			}
 		}
 	}
+	debug("%s: Failed to verify by any means\n", __func__);
 
 	return ret;
 }