Commit graph

710 commits

Author SHA1 Message Date
Jan Kiszka
367b1bf2ce arm: dts: iot2050: Optionally embed OTP programming data into image
Use external blob otpcmd.bin to replace the 0xff filled OTP programming
command block to create a firmware image that provisions the OTP on
first boot. This otpcmd.bin is generated from the customer keys using
steps described in the meta-iot2050 integration layer for the device.

Based on original patch by Baocheng Su.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-03-29 11:58:26 -04:00
Jan Kiszka
6ac9131702 iot2050: Update firmware layout
The latest version of the binary-only firmware parts come in a combined
form of FSBL and sysfw containers. This implies some layout changes to
the generated firmware image but also makes handling of artifacts much
simpler (4 files less). The env locations will not change, just the
space reserved for U-Boot will shrink from 4 to 3 MB - still plenty of
space left in practice.

Adjust configuration and documentation accordingly.

Along this change, add a new reservation for update commands of the
user-controlled OTP part. A specific userspace tool will fill it, and
the FSBL will evaluate it during boot. This reservation will use 64K of
the former sysfw section.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-03-29 11:58:26 -04:00
Tom Rini
cb90ddb2a6 More tests and fixes for fdt command
binman signing feature
 fix buildman -A bug introduced recently
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmQQ8KIRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYRmwgA1XAHafEOfhaya54nalUgW9qYZe5Ntfqd
 4Tg7zj3gadZuv82LuyskEyBKptwRCzgX0Tyx62V3Oop9vJ/cCwjIB4AGhCsMKERf
 NqcMd8fbGbJ9jJzOp7gNTHzV4vSmwKM0lRkxbClMFcvMsfVdKcBRPswLLghk5/xL
 Uu4Ww4yfe7UCqgBm9uouVaIbcNNcl8p0QnSJT9HvwjGKawPT6uSHOHK9Wpkud0q1
 ZyrPpCMA29mifhIU8aH5CJH5G61UbGcVSDhm9lIKwqZg+KJGuYf64JbZoY9JI2/z
 pOUHLZx7fVHoFyWKWfVkA9l6HRjZTRc0nJhYFx5HyNUOU50hMENeTQ==
 =ko2P
 -----END PGP SIGNATURE-----

Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next

More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-03-16 12:16:14 -04:00
Ivan Mikhaylov
5b34efe865 binman: add tests for sign option
Add the test which provides sequence of actions:
  1. create the image from binman dts
  2. create public and private keys
  3. add public key into dtb with fdt_add_pubkey
  4. 1. sign FIT container with new sign option with extracting from
        image
     2. sign exact FIT container with replacing of it in image
  5. check with fit_check_sign

Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
   Move UpdateSignatures() to Entry base class;
   Don't allow missing mkimage as it doesn't make sense;
   Propagate --toolpath for CI;
   Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-14 16:08:52 -06:00
Ivan Mikhaylov
4023dc9c95 binman: add sign option for binman
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.

Usage as example:

from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit

to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit

and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit

Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
2023-03-14 16:08:51 -06:00
Ivan Mikhaylov
0f40e23fd2 binman: add documentation for binman sign option
Add the documentation about binman sign option and providing an
example.

Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-14 16:08:51 -06:00
Tom Rini
a5faa4a9eb Prepare v2023.04-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmQPxXsACgkQFHw5/5Y0
 tyzRWgwAlpwF0u0Xtfs+isnwy/2wb1uMKSeZTiMWkP8he48DX/+db1LHyxnb5apX
 5ULLLKnxZGDviFNw6F/Vuq/BlL8aK+K6wJm+HxdN4Df+sQZgP0kZVnZH1DcDGyJ7
 2I5mYxXCQiRfl3lG8uHdfQyGT5BOm1ZYTIBgXPzpdp/PS6Es74aIHfHS4UdsnpZ2
 dw5APUHnXsSeycbvgiZZEAQphRGplTgSmEDLZTCHD6+oIFoyJVMRr4QWc+KjYPR8
 MgfykqaITO7xKg1V2GwEWJA7LpU4L3HrK+8upSjdx0kfKw4jZoBTU5LE3dnk+6fz
 rgisMfyDGZ+w467uk9BSAO9smRRRI7GFMSkvi+kMQtVCFWCSaddkfYPlpFu1PND7
 nHfxkzoIjxeEOG8yIFF8P199w2lEorKTxlXuNBStfozvAz1wfhgq3o3WQGpvDmqF
 E+FoC7t73qVu6DVMiCXCOyUYNyI7d1tFlUhlbZPVCelVL8RX3JjMF/0uhLsOSDMc
 s4z/6fVq
 =xK+J
 -----END PGP SIGNATURE-----

Merge tag 'v2023.04-rc4' into next

Prepare v2023.04-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-03-14 12:06:35 -04:00
Simon Glass
953d4177af binman: Support generation of x509 certificates
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 13:15:15 -08:00
Simon Glass
7caa372a5e binman: Support updating section contents
Implement this feature since it is useful for updating FITs within an
image.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 13:15:14 -08:00
Simon Glass
033828cf34 binman: Handle missing bintools correctly in fit
At present these are handled as if they are allowed to be missing, but
this is only true if the -M flag is provided. Fix this and add a test.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 13:15:14 -08:00
Simon Glass
e00197f92d binman: Allow preserving the output dir when replacing
Add these flags for the 'replace' subcommand too, to aid debugging.

Signed-off-by: Simon Glass <sjg@chromium.org>

44 2023 -0700
2023-03-08 13:15:14 -08:00
Simon Glass
6608acb29d doc: Add notes on how to install patman and binman
These can be installed with 'pip' now. Add the details for those who are
interested.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:56 -08:00
Simon Glass
ada5e2f978 binman: Add support for building a binmanu PyPi package
Create the necessary files to build this new package.

It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot.

Move the main program into a function so that it can easily be called by
the PyPi-created script.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:56 -08:00
Simon Glass
8de6adbf4a binman: Use importlib to find the help
Use this function so that the help can be found even when binman is
running from a package.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:56 -08:00
Simon Glass
94bb5cd2f9 binman: Hide the 'test' command unless test code is available
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.

Fix a long line while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:56 -08:00
Simon Glass
952a61adb4 binman: Move the main code into a function
Put this code into a function so it is easy for it be run when packaged.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Simon Glass
4583c00236 patman: Move library functions into a library directory
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.

To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Simon Glass
7c4027af48 binman: Avoid unwanted output in testFitFirmwareLoadables()
This prints a message about the missing tee-os generated by the test. This
is confusing, so suppress it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Simon Glass
fe7e9245c5 binman: Make the tooldir configurable
Add a command-line argument for setting the tooldir, so that the default
can be overridden. Add this directory to the toolpath automatically.
Create the directory if it does not already exist.

Put the default in the argument parser instead of the class, so that it
is more obvious.

Update a few tests that expect the utility name to be provided without
any path (e.g. 'futility'), so they can accept a path, e.g.
/path/to/futility

Update the documentation and add a few tests.

Improve the help for --toolpath while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Simon Glass
932e40d0b5 binman: Use a private directory for bintools
At present binman writes tools into the ~/bin directory. This is
convenient but some may be concerned about downloading unverified
binaries and running them. Place then in a special ~/.binman-tools
directory instead.

Mention this in the documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2023-03-08 11:40:49 -08:00
Simon Glass
00f674db2d binman: Move the tools directory into the Bintool class
We want to be able to change this directory. Use a class member to hold
the value, since changing a constant is not good.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Simon Glass
fbb0e48032 binman: Update bintools documentation
This was not regenerated with recent changes. Update it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Simon Glass
6569cb8e1f binman: Correct an 'aot' typo
Fix this typo.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Jonas Karlman
e389d445c7 binman: Use correct argument name in docstrings
Use correct argument name in docstrings.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Jonas Karlman
dd4bdad4c1 binman: Fix spelling of nodes in code comments
Replace notes with nodes in code comments and docstrings.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Jonas Karlman
cbe429bc97 binman: Remove redundant SetAllowFakeBlob from blob-ext entry
Entry_blob_ext contains an implementation of SetAllowFakeBlob that is
identical to the one in the base Entry class, remove it.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Simon Glass
9dbb02b9d1 binman: Support marking FMAP areas as preserved
Add an entry flag called 'preserve' to indicate that an entry should be
preserved by firmware updates. Propagate this to FMAP too.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Simon Glass
139c464c2a binman: Avoid requiring a home directory on startup
This is needed to download tools, but we may not need to do this. At
present binman fails to start if HOME is not set.

Use the current directory as a default to avoid this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Ralph Siemsen
abe2a16aa5 tools: binman: minor formatting fix in docs
This should fix a rendering oddity when viewing the docs online at
https://u-boot.readthedocs.io/en/latest/develop/package/binman.html

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-03-01 11:22:40 -07:00
Jonas Karlman
40389c2a46 binman: Mark mkimage entry missing when its subnodes is missing
Using the mkimage entry with the multiple-data-files prop and having a
missing external blob result in an unexpected ValueError exception using
the --allow-missing flag.

  ValueError: Filename 'missing.bin' not found in input path (...)

Fix this by using _pathname that is resolved by ObtainContents for blob
entries, ObtainContents also handles allow missing for external blobs.

Mark mkimage entry as missing and return without running mkimage when
missing entries is reported by CheckMissing.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
2023-02-28 18:07:26 +08:00
Jonas Karlman
05b978be5f binman: Add support for a rockchip-tpl entry
The rockchip-tpl entry can be used when an external TPL binary should be
used instead of the normal U-Boot TPL.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Eugen Hristev <eugen.hristev@collabora.com>
2023-02-28 18:07:26 +08:00
Tom Rini
5b197eee33 Prepare v2023.04-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmP9LHYACgkQFHw5/5Y0
 tyw3Ogv+IhcqqlK1MpF6me6j0nyZpl5Vc29J+ghO8xPr/nzEhlcq8HUcBdM8QaEd
 3oMkD6m6HsZMWjrz/eWM5Oa742j/yqfbr+6H7NwFutyNOQ/aIrCoD9fbAzszd2ii
 fANFn0vftOApnqn0dHXqodam31+MrOWnffcz2jyJXvhwcFxYDcv5yboFsFA5GVtA
 5l3ko8PGaRp/RwNAqMlEWX3DgXWKjglIo+yiyntJqh3HJ+t3BMlwIrhq1NdWQxPk
 M3K5znl836bb10ULXeItGMtdlPviqRKzqqgy6HgVU/66qaoJUFzdL0kyydWqR/Zv
 5XrFvvyYT9go3IA6mnZmNsO4/L/lEUEOXRsQWoPxW/QROuNtltuEpxwjmg+pDLlr
 9uV/ZdEGtHj/fEPEs6BdslnrQmGGA0akzBh85jcofE8Lm7+7RB1uIj9hUrOub4Qr
 DKQHUORVmu3qVOQgK03VIHBg43figMCEU4voZbuFeVUdXC6FQHpQrxSxL7uemrvW
 Cg8/Hyrc
 =PwNP
 -----END PGP SIGNATURE-----

Merge tag 'v2023.04-rc3' into next

Prepare v2023.04-rc3
2023-02-27 17:28:21 -05:00
Rick Chen
7574b6476a riscv: binman: Add help message for missing blobs
Add the 'missing-msg' for more detailed output
on missing system firmware.

Signed-off-by: Rick Chen <rick@andestech.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
2023-02-17 19:07:48 +08:00
Simon Glass
e316fbabbf dm: treewide: Complete migration to new driver model schema
Update various build and test components to use the new schema.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-02-14 09:43:27 -07:00
Simon Glass
193d3dbd45 binman: Show the image name for the top-level section
At present we show 'main section' as the top-level section name. It may
be more helpful to show the actual image name. This is tricky because
Image is a parent class of Entry_section, so there is no distinction
between an image and a section.

Update it to show the image name.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-02-12 17:33:51 -07:00
Simon Glass
060a65e899 binman: Fix a test-coverage regression
Unfortunately a recent patch snuck through without the require test
coverage. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 571bc4e67d ("binman: Support positioning an entry by and ELF symbol")
2023-01-26 10:47:45 -07:00
Samuel Holland
b01ae03c0b binman: Add 'min-size' entry property
This property sets the minimum size of an entry, including padding but
not alignment. It can be used to reserve space for growth of an entry,
or to enforce a minimum offset for later entries in the section.

Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Jonas Karlman
f584d44c23 binman: Add support for selecting firmware to use with split-elf
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Jonas Karlman
00b3d53f15 binman: Add special subnodes to the nodes generated by split-elf
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.

Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Jonas Karlman
9b2fd2d228 binman: Add support for align argument to mkimage tool
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Simon Glass
571bc4e67d binman: Support positioning an entry by and ELF symbol
In some cases it is useful to position an entry over the top of a symbol
in an ELF file. For example, if the symbol holds a version string then it
allows the string to be accessed from the fdtmap.

Add support for this.

Suggested-by: Pali Rohár <pali@kernel.org>
Suggested-by: Keith Short <keithshort@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:41 -07:00
Simon Glass
c1157860c5 binman: Provide general support for updating ELF symbols
The current support for updating variables in a binary is hard-coded to
work with U-Boot:

- It assumes the image starts at __image_copy_start
- It uses the existing U-Boot-specific entry types

It is useful for other projects to use these feature.

Add properties to enable writing symbols for any blob, a way of specifying
the base symbol and a way of providing the ELF filename to allow symbol
lookup to take place.

With this it is possible to update a Zephyr image, such as zephyr.bin
after it has been built.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:41 -07:00
Simon Glass
9766f69c98 binman: Support overlapping entries
In some cases it is useful to have an entry overlap with another in a
section, either to update the contents within a blob, or to add an entry
to the fdtmap that covers only part of the blob.

Add support for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:41 -07:00
Simon Glass
97fb8081ec binman: Add a function to check for special section nodes
This appears in two places in the code. Use a shared function instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:40 -07:00
Simon Glass
62ef2f7bf3 binman: Add a null entry
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.

Add support for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:40 -07:00
Simon Glass
4331d66661 binman: Clarify use of False when obtaining data
This means that the data is not yet available. Update some comments to
make this clearer.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:40 -07:00
Simon Glass
0b079fcb09 binman: Add a test for an inner section with a size
This is a slightly different scenario from the existing testSections
tests. Add a new test for it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:40 -07:00
Simon Glass
67a0501708 binman: Support optional external blobs
Some blobs are actually not necessary for the board to work correctly. Add
a property to allow this to be indicated. Missing optional blobs do not
cause a build failure.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:50:01 -07:00
Simon Glass
2f80c5ef13 binman: Support new op-tee binary format
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.

Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:50:01 -07:00
Simon Glass
39f4a85bb2 binman: Add a way to check for a valid ELF file
Add a function which checks whether data is in ELF format or not. This
will be used by binman to check this for entries.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:50:01 -07:00