The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We need to install libgnutls-devel package to build the host tool,
mkeficapsule, and as of now, there seems to be a depencency conflict
in the current msys2 installer;
:: installing libp11-kit (0.24.1-1) breaks dependency \
'libp11-kit=0.23.22' required by p11-kit
To resolve this conflict, however, the initial "pacman -Syyuu" in
'tools_only_windows' job is not enough. Another "pacman -Su" will
enforce all the out-of-date packages being upgraded.
(Probably the first "-Syyuu" can be changed to "-Syu".)
See the installation steps in
https://www.msys2.org/
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Coreboot supports U-Boot as a payload and this recently got a bit of a
facelist. Add a test for this.
For now this uses a binary build of coreboot (v4.15). Future work could
potentially build it from source, but we need to figure out the
toolchain problems first, since coreboot uses its own toolchain. It
turns out that this is tricky, because coreboot fails to build with a
vanilla gcc.
This needs some changes to the hooks scripts as well. An example build
is at https://source.denx.de/u-boot/custodians/u-boot-dm/-/jobs/359687
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Follow what we do in GitLab CI where we break the jobs up in to stages
such that if earlier and often quicker sanity tests fail we don't run
everything else.
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that all symbols that exist in Kconfig no longer also have boards
setting them in the board config.h file, add a CI test to catch new
instances of this, and fail.
Signed-off-by: Tom Rini <trini@konsulko.com>
As per https://github.com/actions/virtual-environments/issues/4312 the
Windows-2016 environments are scheduled for deprecation and removal in
early 2022. Move to windows-2019 now to avoid this (Visual Studio 2019
is included here, hence the tag naming scheme change).
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Instead of fetching an arm toolchain to use, run the test with the one
that's already in the container image.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Rebuild our current docker image so that ca-certificates will be updated
and Let's Encrypt issued certificates will work again.
Signed-off-by: Tom Rini <trini@konsulko.com>
vexpress_ca9x4 is seemingly the only board except for qemu_arm which
is able to run U-Boot correctly, using the `-M vexpress-a9` option to
QEMU. Building for qemu_arm and running qemu-system-arm with the `-M
virt` argument has a number of downsides, most importantly that it
only supports virtio storage drivers. This significantly reduces its
usefulness in testing memory card and Flash solutions, especially when
the tested images are from a third party source.
So therefore we reintroduce the vexpress_ca9x4 board in this commit,
with the explicit goal of using it with QEMU.
A number of differences to note from the original:
* Since the board was apparently unmaintained, I have now set myself
as the maintainer.
* The board has been converted to use the driver model, which was the
reason it was removed in the first place.
* The vexpress_ca15_tc2 and vexpress_ca5x2 boards, which were removed
in the same commit, are not necessary for the QEMU use case, and
have been omitted.
* An `mmc0` alias was introduced in the dts file. The mmc is not
detected correctly without this, now that it's based on the device
tree instead of the board's init function.
* A couple of other nodes were removed because they were problematic
when trying to run the UEFI bootmgr. Once again, the primary use
case here is QEMU, and these nodes are not needed for that to work.
* Unnecessary board init code has been removed, thanks to driver model
and device tree.
* `CONFIG_OF_EMBED` has been enabled. I know this goes against
recommended practice, but there doesn't seem to be any other way to
pass the dtb to U-Boot in the QEMU scenario. Using the -dtb argument
does not work, I suppose because U-Boot doesn't use the same
mechanics as the kernel when it's booting.
* Load addresses have been changed to fit QEMU use case.
People wanting to get a more detailed, yet somewhat isolated, diff
between this and the original, can run this command:
git diff c6c26a05b89f25a06e7562f8c2071b60fd0c9eac~1 -- \
$( git diff-tree --diff-filter=A -r --name-only HEAD~1 HEAD)
(Make sure to either check out this commit first, or replace HEAD with
the commit ID of this commit)
Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>
This adds CI tests for SiFive Unleashed board.
QEMU supports booting exact the same images as used on the real
hardware out of the box, that U-Boot SPL loads U-Boot proper
from either an SD card or the SPI NOR flash, hence we can easily
set up CI to cover these 2 boot flows of SiFive Unleashed board.
With this, now we can have regression testing of mmc-spi-slot and
sifive spi drivers, as well as mmc and spi-nor subsystems.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The current stable release of LLVM is 12, update to that. While at it,
fix that we had not correctly upgraded to LLVM 11 previously.
Signed-off-by: Tom Rini <trini@konsulko.com>
The aarch64 catch-all job is starting to get close to or exceed the time
limit for jobs. Move the i.MX8 boards to their own job to fix this.
Signed-off-by: Tom Rini <trini@konsulko.com>
With the spear family of platforms gone, remove references to them from
the build jobs.
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
This board has not been converted to CONFIG_DM_PCI by the deadline and is
also missing conversion to CONFIG_DM. Remove it. This is also the last
of the ARCH_MPC8641/MPC8610 platforms, so remove that support as well.
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
- Move to gcc-11.1.0 builds from kernel.org for supported platforms and
LLVM-11 for those tests.
- As Heinrich has noted, the RISC-V platform specification has a profile
OS-A for running rich operating systems like Linux and BSD. This profile
requires 64bit and UEFI conforming to the EBBR. Only the 'embedded'
profile may use 32bit. Given this, drop grub for 32bit RISC-V as it no
longer compiles with gcc-11.1 and upstream is unlikely to fix it:
https://www.mail-archive.com/grub-devel@gnu.org/msg30736.html
- Update to grub-2.06 release to address other issues of building with
gcc-11.1.
- Update to newer Xtensa (gcc-9.2.0) and ARC (gcc-10.2) toolchains
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Move us up to being based on Ubuntu 20.04 "focal" and the latest tag
from Ubuntu for this release. For this, we make sure that "python" is
now python3 but still include python2.7 for the rx51 qemu build as that
is very old and does not support python3.
Signed-off-by: Tom Rini <trini@konsulko.com>
The filesystem test setup needs to prepare disk images for its tests,
with either guestmount or loop mounts. The former requires access to the
host fuse device (added in a previous patch), the latter requires access
to host loop devices. Both mounts also need additional privileges since
docker's default configuration prevents the containers from mounting
filesystems (for host security).
Add any available loop devices to the container and try to add as few
privileges as possible to run these tests, which narrow down to adding
SYS_ADMIN capability and disabling apparmor confinement. However, this
much still seems to be insecure enough to let malicious container
processes escape as root on the host system [1].
[1] https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
Since the mentioned tests are marked to run only on the sandbox board,
add these additional devices and privileges only when testing with that.
An alternative to using mounts is modifying the filesystem tests to use
virt-make-fs (like some EFI tests do), but it fails to generate a
partitionless FAT filesystem image on Debian systems. Other more
feasible alternatives are using guestfish or directly using libguestfs
Python bindings to create and populate the images, but switching the
test setups to these is nontrivial and is left as future work.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The EFI secure boot and capsule test setups need to prepare disk images
for their tests using virt-make-fs, which requires access to the host
fuse device. This is not exposed to the docker container by default and
has to be added explicitly. Add it.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
MSYS2 Windows build started to fail since yesterday (Jun 21):
checking keyring...
checking package integrity...
error: gcc-libs: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gcc-libs-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
error: gcc: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gcc-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
Switching to the latest installer (version 20210604) seems to fix it.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Tested-by: Tom Rini <trini@konsulko.com>
Remove qemu_mips boards because DM migration doesn't make sense.
The board support for qemu_mips is already marked as deprecated
in Qemu in favour of the Malta board. Also qemu_mips support
has been removed from Linux a long time ago.
The official replacement is the Malta board. The same Malta U-Boot
image can be used with Qemu and on physical hardware.
All combinations of Big Endian and Little Endian as well as 32 bit
and 64 bit are supported.
Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Given that test/py/requirements.txt has all required test modules, make
use of that rather than a manual pip install list before running our
assorted tool testsuites.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Version 0.9 of OpenSBI provides the system reset extension which allows us
to reset and power off boards without board specific code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Now that there is a single SuperH platform, rework the Azure job
slightly. Azure build time limits mean that we need to split the world
build up still. Make a single build job for the single Renesas SuperH
platform as well as all of the ARM platforms from Renesas.
Cc: Marek Vasut <marek.vasut+renesas@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
We now see an error such as:
warning: database file for 'ucrt64' does not exist (use '-Sy' to download)
error: failed to prepare transaction (could not find database)
So use -Sy as suggested.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Add this new board to the test plans. Travis-CI is left out, since it is
being removed soon due to lack of capacity.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is only one board which uses sandbox SPL. But with
sandbox_noinst being added, this is no longer true. Add a --board flag
so that we just build one board on azure, as is done in gitlab.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There are times where buildman seems to get stuck in this job when in
CI. Forcing single-threaded here allows us to complete and move on.
Signed-off-by: Tom Rini <trini@konsulko.com>
As Stephen is no longer actively maintaining the uboot-test-hooks
repository, switch to using the instance on our GitLab.
Acked-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Commit dd5c954e91 ("travis/gitlab/azure: Use -W to avoid warnings check")
added -W to avoid warnings check, but it mistakenly dropped -E for
the world build script in the azure pipelines.
This caused builds on the azure pipelines fail to report warnings. Let's
add it back.
Fixes: dd5c954e91 ("travis/gitlab/azure: Use -W to avoid warnings check")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Install all requirements according to doc/sphinx/requirements.txt in the
virtual environment used for testing 'make htmldocs'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add SH4 R2Dplus machine configured to test various U-Boot PCI ethernet
options -- RTL8139, EEPRO100, AMD PCnet, DEC Tulip.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Recent CI failures were seen [1] when building MSYS2 Windows host
tools. The error messages are something like:
downloading mingw32.db...
downloading mingw32.db.sig...
error: mingw32: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
error: failed to update mingw32 (invalid or corrupted database (PGP signature))
Per the MSYS2 official news [2], this was caused by a packager
switch and several solutions were suggested, e.g.: a new package
of msys2-keyring and a new msys2 installer that includes them are
released. However right now we have been using the MSYS2 github
CI base repo [3] for the MSYS2 build in U-Boot, but per the project
information on the github webpage, it says: "This repository is
unused/deprecated and will be remove after 2021-01-01". Since it is
unmaintained it's unlikely the new PGP keys will be included in the
git repo, and the only choice is to switch to use the MSYS2 official
installer as the CI base instead.
[1] https://dev.azure.com/u-boot/u-boot/_build/results?buildId=975
[2] https://www.msys2.org/news/#2020-06-29-new-packagers
[3] https://github.com/msys2/msys2-ci-base
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Package 'flex' is needed when building the U-Boot host tool, but
is currently missing in the build dependency in the CI pipeline.
This is to prepare switching to an installer based CI build.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
This simplifies things a bit to just use a login shell everywhere.
This keeps in sync with MSYS2 upstream commit:
9d11b7f0aa93 ("azure-pipelines: simplify things a bit").
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
At present we use --test to indicate that tests should be run. It is
better to use a subcommand for list, like binman. Change it and adjust
the existing code to fit under a 'send' subcommand, the default.
Give this subcommand the same default arguments as the others.
Signed-off-by: Simon Glass <sjg@chromium.org>