Since binman is used to package bootloader images for all K3 devices, we
do not have to rely on the earlier methods to package them.
Scripts that were used to generate x509 certificate for tiboot3.bin and
generate tispl.bin, u-boot.img have been removed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZLqHzgAKCRDKSWXLKUoM
IcdEAKCSgy0lMxb1c0adCjpkQR9x63oKbQCdGiioU+W+0moznHdI7+W2UptNt3w=
=Uzn8
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2023.10-rc1-v2' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2023.10-rc1 v2
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.
It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.
Implement this mechanism.
Signed-off-by: Simon Glass <sjg@chromium.org>
This permits implementation of a simple templating system, where a node
can be reused as a base for others.
For now this adds new subnodes after any existing ones.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed since the linker script sets it up. Drop the variable
to avoid confusion.
Fix the prototype for main() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).
Allow a fit,fdt-list-val string-list property to be used instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is needed to handle mkimage with inner section located itself in a
section.
Signed-off-by: Marek Vasut <marex@denx.de>
Use BuildSectionData() instead of ObtainContents(), add tests and a few
other minor fixes:
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the LookupAndWriteSymbols() function to return the number of
symbols written. Also add some logging for when debugging is not
enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boards don't use symbol writing but do access the symbols in SPL.
Provide an option to work around this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some section types don't have a simple _entries list. Use the GetEntries()
method in GetEntryContents() and other places to handle this.
This makes the behaviour more consistent.
Signed-off-by: Simon Glass <sjg@chromium.org>
This should be set up in the init function, to avoid a warning about a
property not set up there. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When building from source, setuptools would complain about not finding
package via its auto-discovery mechanism. Manually specify how to
locate the files, relative to the package's directory.
* tools/u_boot_pylib/pyproject.toml: New tool.setuptools.packages.find
section.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As this is the current version of the public cross toolchains we use,
upgrade to this now.
Suggested-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Back in the day we relied a lot on Synopsys own build of the GNU tools
for ARC processors, but since then we worked hard on getting all our changes
upstream and for a couple of years now we have ARCompact (AKA ARCv1)
and ARCv2 processors supported very well in upstream GCC, Binutils, GDB etc.
And so there's no need to use Synopsys forks any longer, thus we remove
all the references to that form and use upstream components as majority
of other architectures in U-Boot.
Thanks to Tom for pointing to that left-over!
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building qemu, all required submodules (of which we need more than
just dtc) are handled automatically. Currently trying to init the
submodule the way we do results in a git failure.
Reported-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a pragma to deal with the code-coverage gap which drops binman down to
90% coverage.
Fixes: de65b122a2 (tools: Fall back to importlib_resources on Python 3.6)
Signed-off-by: Simon Glass <sjg@chromium.org>
The data type of item_offset_list shall be UINT64 according to the UEFI [1]
specifications.
In include/efi_api.h the correct data type is used. The bug was probably
never noticed because of little endianness.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
On 'make clean', generated C files in tools/env/ and tools/boot/ are
currently not removed, but they should.
Auto-generation for shared sources was first introduced with
ad80c4a322 ("kbuild, tools: generate wrapper C sources automatically
by Makefile"). Cleanup later regressed (see Fixes:), because shared
files were moved out of lib/ and common/, but 'clean-dirs := lib common'
was not adjusted accordingly. Further, the generated
tools/env/embedded.c became a sibling to project files, which prevents
directory-wise cleanup at all.
To solve it, we establishe tools/generated/ as the sole place for
generated sources. Wrappers are now generated as
tools/generated/<orig_dirname>/<orig_filename>, and 'make clean' can
remove tools/generated/ as a whole (Linux Makefile.asm-generic headers
are cleaned similarly). This way we don't have to maintain separate
clean-files or clean-dirs entries for each single added or moved wrapper
file.
Fixes: 0649cd0d49 ("Move environment files from common/ to env/")
Fixes: 19a91f2464 ("Create a new boot/ directory")
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
[trini: Correct mkfwupdate case]
Signed-off-by: Tom Rini <trini@konsulko.com>
Compiling on armv7 results in:
tools/renesas_spkgimage.c: In function ‘spkgimage_parse_config_line’:
tools/renesas_spkgimage.c:76:66: warning: format ‘%ld’ expects
argument of type ‘long int’, but argument 3 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
76 | "config error: unknown keyword on line %ld\n",
| ~~^
| |
| long int
| %d
77 | line_num);
| ~~~~~~~~
| |
| size_t {aka unsigned int}
The correct printf specifier for size_t is '%zu'.
Fixes: afdfcb11f9 ("tools: spkgimage: add Renesas SPKG format")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Fixed when build xilinx_zynqmp in long directory ( >256):
| /buildarea1/testtest/wr_build/wr1023test_secureboot/test1-what/test2-what/test3-what/test4-what/test5-what/test6-what/test7-what/test8-what/test9-what/test10-what/test11-what/test12-what/build/tmp-glibc/work/xilinx_zynqmp-wrs-linux/u-boot-xlnx/1_v2023.01-xilinx-v2023.1+gitAUTOINC+40a08d69e7-r0/build/fitImage-linux: Image file name (uboot-mkimage) too long, can't create tmpfile.
| Error: Bad parameters for FIT image type
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Add 'mkfwumdata' tool to generate FWU metadata image for the meta-data
partition to be used in A/B Update imeplementation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.
This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.
When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.
The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Renesas RZ/N1 devices contain BootROM code that loads a custom SPKG
image from QSPI, NAND or USB DFU. Support this format in mkimage tool.
SPKGs can optionally be signed, however creation of signed SPKG is not
currently supported.
Example of how to use it:
tools/mkimage -n board/schneider/rzn1-snarc/spkgimage.cfg \
-T spkgimage -a 0x20040000 -e 0x20040000 \
-d u-boot.bin u-boot.bin.spkg
The config file (spkgimage.cfg in this example) contains additional
parameters such as NAND ECC settings.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Allow symbol writing in these cases so that U-Boot can find the position
and size of U-Boot at runtime.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The host compiler is not failing on warnings at present, when the
-E flag is used in buildman. Add the required flag to fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com>
Variable old_outdir cannot be used before assignment.
The assignment must occur before the try block.
tools/dtoc/test_fdt.py:796:26:
E0601: Using variable 'old_outdir' before assignment
(used-before-assignment)
Add missing space in assignment.
Fixes: a004f29464 ("binman: Tidy up _SetupDtb() to use its own temporary file")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
importlib.resources became part of 3.7 only. Allow using distros with
3.6 and the importlib_resources backport.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Variable orig_dir cannot be used in the finally block if it has not be
assigned outside of the try block.
tools/patman/func_test.py:523:21:
E0601: Using variable 'orig_dir' before assignment
(used-before-assignment)
tools/patman/func_test.py:691:21:
E0601: Using variable 'orig_dir' before assignment
(used-before-assignment)
Fixes: fd70986a62 ("patman: Add a test that uses gitpython")
Fixes: be051c0c77 ("patman: Detect missing upstream in CountCommitsToBranch")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The header binman_sym.h depends on ulong typedef but does not include
types.h. This means the header must be included after including types.h
or a header that includes it.
We could include types.h but instead let's just switch from ulong
to directly using unsigned long. This removes the need for typedef'ing
it in some of the tests, so also remove those.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit aeb40f1166 ("tools: env: use /run to store lockfile") updated the
path to the lockfile but did not update the documentation to match.
Use the new path in the documentation.
Fixes: aeb40f1166 ("tools: env: use /run to store lockfile")
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This member is used in series.MakeCcFile() so should be declared in the
Series class.
Add a declaration to silence the warning.
Signed-off-by: Simon Glass <sjg@chromium.org>
The codes forget to call munmap() to unmap the ELF image that was
mapped by previous mmap().
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Currently kwboot expected that sector size for SATA image is always 512
bytes. If SATA image cannot be parsed with sector size of 512 bytes, try
larger sector sizes which are power of two and up to the 32 kB. Maximal
theoretical value is 32 kB because ATA IDENTIFY command returns sector size
as 16-bit number.
Signed-off-by: Pali Rohár <pali@kernel.org>
SATA kwbimage contains offsets in block size unit, not in bytes.
Until now kwbimage expected that SATA disk always have block size of 512
bytes. But there are 4K Native SATA disks with block size of 4096 bytes.
New SATA_BLKSZ command allows to specify different block size than 512
bytes and therefore allows to generate kwbimage for disks with different
block sizes.
This change add support for generating SATA images with different block
size. Also it add support for verifying and dumping such images.
Because block size itself is not stored in SATA kwbimage, image
verification is done by checking every possible block size (it is any
power of two value between 512 and 32 kB).
Signed-off-by: Pali Rohár <pali@kernel.org>
This allows image type print_header() callback to access struct
image_tool_params *params.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building with -Wimplicit-fallthrough we get a warning
tools/fdt_add_pubkey.c:52:25: warning:
this statement may fall through [-Wimplicit-fallthrough=]
52 | print_help();
|
Explicitly declare which functions don't return.
Fixes: 30238e9961 ("tools: add fdt_add_pubkey")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
According this issue https://github.com/ppp-project/ppp/issues/339.
Eventually, the dt-utils changed lock directory to fix missing /var/lock
directory error then make dt-utils can run normally.
We also have a similar issue with these two utilities fw_printenv and
fw_setenv will failed when the directory /var/lock is non-existent.
We have a custom linux distribution built with yocto (OpenBMC) that
use systemd and it deprecated the /var/lock directory.
More discussion in systemd/systemd#15668.
Thus, we sync with community's solution for uboot/tools/env utilities:
The current location /var/lock is considered legacy (at least by systemd).
Just use /run to store the lockfile and append the usual .lock suffix.
Tested:
Verified /run/lock is now present and fw_printenv can work in OpenBMC.
Signed-off-by: Tim Lee <timlee660101@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
mkbootimg tool is part of the Android project and it is
used to pack Android boot images such as boot image
and vendor_boot image.
Use the following command to run mkbootimg:
$ python3 -m mkbootimg
Add mkbootimg to the docker file
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
As this is now the stable release, move to using that now for our tests.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Given the number of jobs in CI we have which use python and pip install
packages, we should do this once in the Dockerfile, in order to populate
the cache. We let each job continue to create and use the virtual
environments they need to facilitate making updates to these
environments easier.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The toolchain test causes the settings file to be overwritten, which is
annoying for local development. Fix it by passing None as the filename.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use external blob otpcmd.bin to replace the 0xff filled OTP programming
command block to create a firmware image that provisions the OTP on
first boot. This otpcmd.bin is generated from the customer keys using
steps described in the meta-iot2050 integration layer for the device.
Based on original patch by Baocheng Su.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
There are many ways to get a signed firmware for the IOT2050 devices,
namely for the parts under user-control. This script documents one way
of doing it, given a signing key. Augment the board documentation with
the required procedure around it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Allows to create a public key device tree dtsi for inclusion into U-Boot
SPL and proper during first build already. This can be achieved via
CONFIG_DEVICE_TREE_INCLUDES.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The latest version of the binary-only firmware parts come in a combined
form of FSBL and sysfw containers. This implies some layout changes to
the generated firmware image but also makes handling of artifacts much
simpler (4 files less). The env locations will not change, just the
space reserved for U-Boot will shrink from 4 to 3 MB - still plenty of
space left in practice.
Adjust configuration and documentation accordingly.
Along this change, add a new reservation for update commands of the
user-controlled OTP part. A specific userspace tool will fill it, and
the FSBL will evaluate it during boot. This reservation will use 64K of
the former sysfw section.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
A38x BootROM has a bug which cause that BootROM loads data part of UART
image into RAM target address increased by one byte when source address
and header size stored in the image header are not same.
Workaround this bug by completely removing a gap between header and data
part of the UART image. Without gap, this BootROM bug is not triggered.
This gap can be present in SDIO or SATA image types which have aligned
start of the data part to the media sector size. With this workaround
kwboot should be able to convert and send SDIO or SATA images for UART
booting.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Sending of very small images (smaller than 128 bytes = xmodem block size)
cause out-of-bound memory read access. Fix this issue by ensuring that
hdrsz when sending image is not larger than total size of the image.
Issue was introduced in commit f8017c3779 ("tools: kwboot: Fix sending
Kirkwood v0 images"). Special case when total image is smaller than header
size aligned to multiply of xmodem size is already handled since that
commit.
Fixes: f8017c3779 ("tools: kwboot: Fix sending Kirkwood v0 images")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Commit 7665ed2fa0 ("tools: kwboot: Fix parsing UART image without data
checksum") added fixup code to insert place for data checksum if UART image
does not have it. Together with option -B (change baudrate), kwboot
calculates this checksum. Without option -B, it inserts only place for
checksum but does not calculate it.
This commit fix above logic and calculate data checksum also when kwboot is
used without -B option.
Fixes: 7665ed2fa0 ("tools: kwboot: Fix parsing UART image without data checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Ensure that UART aligned header size is always stored into kwbimage v1
header. It is needed for proper UART booting. Calculation of headersz field
was broken in commit d656f5a0ee ("tools: kwboot: Calculate real used
space in kwbimage header when calling kwboot_img_grow_hdr()") which
introduced optimization of kwboot_img_grow_hdr() function.
Fixes: d656f5a0ee ("tools: kwboot: Calculate real used space in kwbimage header when calling kwboot_img_grow_hdr()")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 385 BootROM ignores low 7 bits of headersz when parsing kwbimage
header of UART type, which effectively means that headersz is rounded down
to multiply of 128 bytes. For all other image types BootROM reads and use
all bits of headersz. Therefore fill into UART type of kwbimage v1 headersz
aligned to 128 bytes.
Fixes: 2b0980c240 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
With clang-15 we now get reported that in the make_flame_tree function,
neither the missing_count nor depth variables are used, only
incremenete/decremented. Remove these.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
With clang-15, it is now reported that cont_img_count is unused. This is
true as the code will increment / reset this counter, but never
functionally use it. Remove it.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Given efforts to add an m68k target to CI, build qemu for it.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
binman signing feature
fix buildman -A bug introduced recently
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmQQ8KIRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYRmwgA1XAHafEOfhaya54nalUgW9qYZe5Ntfqd
4Tg7zj3gadZuv82LuyskEyBKptwRCzgX0Tyx62V3Oop9vJ/cCwjIB4AGhCsMKERf
NqcMd8fbGbJ9jJzOp7gNTHzV4vSmwKM0lRkxbClMFcvMsfVdKcBRPswLLghk5/xL
Uu4Ww4yfe7UCqgBm9uouVaIbcNNcl8p0QnSJT9HvwjGKawPT6uSHOHK9Wpkud0q1
ZyrPpCMA29mifhIU8aH5CJH5G61UbGcVSDhm9lIKwqZg+KJGuYf64JbZoY9JI2/z
pOUHLZx7fVHoFyWKWfVkA9l6HRjZTRc0nJhYFx5HyNUOU50hMENeTQ==
=ko2P
-----END PGP SIGNATURE-----
Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next
More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently
Signed-off-by: Tom Rini <trini@konsulko.com>
The previous attempt at fixing this broke the normal usage of the -A
flag.
At present, 'buildman -A sandbox' adds the path containing the
toolchain. We can assume that this is in the path and we don't want to
set CROSS_COMPILE=/bin/
Change this to align with what MakeEnvironment() does, but only for
sandbox boards.
Signed-off-by: Simon Glass <sjg@chromium.org>
Having to use the -K option to mkimage to populate U-Boot's .dtb with the
public key while signing the kernel FIT image is often a little
awkward. In particular, when using a meta-build system such as
bitbake/Yocto, having the tasks of the kernel and U-Boot recipes
intertwined, modifying deployed artifacts and rebuilding U-Boot with
an updated .dtb is quite cumbersome. Also, in some scenarios one may
wish to build U-Boot complete with the public key(s) embedded in the
.dtb without the corresponding private keys being present on the same
build host.
So this adds a simple tool that allows one to disentangle the kernel
and U-Boot builds, by simply copy-pasting just enough of the mkimage
code to allow one to add a public key to a .dtb. When using mkimage,
some of the information is taken from the .its used to build the
kernel (algorithm and key name), so that of course needs to be
supplied on the command line.
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add the documentation about binman sign option and providing an
example.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <sjg@chromium.org>
Currently, a microblaze build with CONFIG_SYS_BIG_ENDIAN=y and
CONFIG_STATIC_RELA=y fails with:
tools/relocate-rela: Not supported machine type
ELF decoding failed
make[2]: *** [u-boot/Makefile:1306: u-boot-nodtb.bin] Error 1
To fix this, convert the 32-bit codepath to use the previously added
elf{16,32}_to_cpu() functions. The aarch64 codepath is left untouched.
This commit ensures that CI doesn't fail for the next patches which enable
runtime relocation by default for microblaze.
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-3-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
Add elf16_to_cpu() and elf32_to_cpu() functions that allow to read data in
both big-endian and little-endian formats.
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-2-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
The sh_addr/sh_offset/sh_size fields in Elf32_Shdr are 32-bits wide, so
use le32_to_cpu() instead of the 64-bit variant.
Fixes: 5e0e1a86d3 ("tools: relocate-rela: Fix ELF decoding on big-endian hosts")
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-1-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present these are handled as if they are allowed to be missing, but
this is only true if the -M flag is provided. Fix this and add a test.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present, 'buildman -A sandbox' adds the path containing the
toolchain at present. We can assume that this is in the path and
we don't want to set CROSS_COMPILE=/bin/ so change this to align
with what MakeEnvironment() does.
Signed-off-by: Simon Glass <sjg@chromium.org>
For large series this can take a while. Run checkpatch in parallel to
try to reduce the time. The checkpatch information is still reported in
sequential order, so a very slow patch at the start can still slow
things down. But overall this gives good results.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
This script can take ages on some series. Try to limit the time by
using threads. If a few stubborn patches remain, show progress so the
user has some idea what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
This function is quite long. Moving the handling of a commit into a
separate function. This will make it easier to do the work in parallel.
Update function comments while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Patman does not do this anymore, as of this commit:
7428dc14b0 ("patman: Remove the -a option")
Drop the comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Create the necessary files to build this new package.
It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.
Fix a long line while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Create the necessary files to build this new package.
This is needed for binman.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update this so that the directory being used is declared at the top of
the file. Use pathlib as it seems to be more modern.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Create the necessary files to build this new package.
It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot. It is included for completeness, since adding
this later would be more trouble.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
Using 'str' as a variable makes it impossible to use it as a type in the
same function. Fix this by using a different name.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when buildman is running
outside of the U-Boot git checkout. Hide the option in this case
Signed-off-by: Simon Glass <sjg@chromium.org>
Tests are not packaged with patman so this file will not be accessible
when installing with pip. Move the import later in the file, when we
know the file is present.
Signed-off-by: Simon Glass <sjg@chromium.org>
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.
To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
While our version is better, it is tricky to use it when we are trying
to package things with pip. Drop it.
Somewhat reduced functionality is provided by the upstream version[1],
along with a rather annoying message each time it is used[2] [3].
[1] pip install concurrencytest
[2] https://github.com/cgoldberg/concurrencytest/issues/12
[3] https://github.com/cgoldberg/concurrencytest/pull/14
Signed-off-by: Simon Glass <sjg@chromium.org>
Unfortunately this adds a new feature to concurrencytest and it has not
made it upstream to the project[1].
Drop it for now so we can use the upstream module. Once it is applied we
can bring this functionality back.
[1] https://github.com/cgoldberg/concurrencytest
This reverts commit ebcaafcded.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a command-line argument for setting the tooldir, so that the default
can be overridden. Add this directory to the toolpath automatically.
Create the directory if it does not already exist.
Put the default in the argument parser instead of the class, so that it
is more obvious.
Update a few tests that expect the utility name to be provided without
any path (e.g. 'futility'), so they can accept a path, e.g.
/path/to/futility
Update the documentation and add a few tests.
Improve the help for --toolpath while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present binman writes tools into the ~/bin directory. This is
convenient but some may be concerned about downloading unverified
binaries and running them. Place then in a special ~/.binman-tools
directory instead.
Mention this in the documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
We want to be able to change this directory. Use a class member to hold
the value, since changing a constant is not good.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is quite a useful thing to use when building since it avoids small
size changes between commits. Add a -r flag for it.
Also undefine CONFIG_LOCALVERSION_AUTO since this appends the git hash
to the version string, causing every build to be slightly different.
Signed-off-by: Simon Glass <sjg@chromium.org>
This cuts down build performance considerably and is not always needed,
when checking for build errors, etc.
Add a flag to disable it.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is sometimes useful to see the exact 'make' command used by buildman
for a commit. Add an output file for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Entry_blob_ext contains an implementation of SetAllowFakeBlob that is
identical to the one in the base Entry class, remove it.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add an entry flag called 'preserve' to indicate that an entry should be
preserved by firmware updates. Propagate this to FMAP too.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is needed to download tools, but we may not need to do this. At
present binman fails to start if HOME is not set.
Use the current directory as a default to avoid this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This change add support for mkimage's -s option to kwbimage format. It will
create an kwbimage with empty data part of image (data part would contain
only required 32-bit checksum). mkimage's -s option is indicated by skipcpy
flag and it is basically in conflict with mkimage's -d (datafile) option.
"Empty" kwbimage with no data can still contain headers. For example it can
contain binary executable header which is copied by BootROM into L2SRAM.
This is useful for example for small images which can do not require DDR
RAM and can be run in L2SRAM (which do not require any initialization).
Signed-off-by: Pali Rohár <pali@kernel.org>
When mkimage was instructed to skip datafile via option -s then do not try
to validate or open datafile as it does not have to exist or to be
specified via -d option.
This change allows to use -s option for skipping datafile when -d option
for datafile was not specified.
Signed-off-by: Pali Rohár <pali@kernel.org>
When asking mkimage to create a new image file and option -d is not
specified then mkimage show human unfriendly error message:
mkimage: Can't open (null): Bad address
Without debugger it is hard to debug what is the issue. Function open() is
being called with file name set to NULL. So add a check for this and if it
happens then show human readable message that option -d was not specified.
Signed-off-by: Pali Rohár <pali@kernel.org>
Marvell BootROM can execute SPI images directly from NOR (either SPI/serial
or parallel) without copying them to DDR RAM. This is know at XIP - execute
in place. To achieve that, destination address in kwbimage must be set to
0xFFFFFFFF and execute address to the offset in bytes from the beginning of
NOR memory.
Kirkwood and Dove which use kwbimage v0 format and have SPI address space
mapped to physical memory at 0xE8000000-0xEFFFFFFF by BootROM.
Armada SoCs use kwbimage v1 format and have SPI address space mapped to
physical memory at 0xD4000000-0xD7FFFFFF and Device bus address space (used
for parallel NOR) at 0xD8000000-0xDFFFFFFF.
Add support for generating XIP kwbimages by mkimage -x flag and mark xflag
as valid option in kwbimage.c.
Signed-off-by: Pali Rohár <pali@kernel.org>
Skip filling legacy_img_hdr structure for XIP images which do not use
legacy_img_hdr structure header. Adding unwanted header to other image
formats, like kwbimage cause generation of broken image.
Signed-off-by: Pali Rohár <pali@kernel.org>
Secure boot header signature is calculated from the image header with
zeroed header checksum. Calculation is done in add_secure_header_v1()
function. So after calling this function no header member except
main_hdr->checksum can be modified. Commit 2b0980c240 ("tools: kwbimage:
Fill the real header size into the main header") broke this requirement as
final header size started to be filled into main_hdr->headersz_* members
after the add_secure_header_v1() call.
Fix this issue by following steps:
- Split header size and image data offset into two variables (headersz and
*dataoff).
- Change image_headersz_v0() and add_binary_header_v1() functions to return
real (unaligned) header size instead of image data offset.
- On every place use correct variable (headersz or *dataoff)
After these steps variable headersz is correctly filled into the
main_hdr->headersz_* members and so overwriting them in the end of the
image_create_v1() function is not needed anymore. Remove those overwriting
which effectively reverts changes in problematic commit without affecting
value in main_hdr->headersz_* members and makes secure boot header
signature valid again.
Fixes: 2b0980c240 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Secure boot data image signature is calculated from the data image without
trailing 4-bit checksum. Commit 37cb9c15d7 ("tools: kwbimage: Simplify
aligning and calculating checksum") unintentionally broke this calculation
when it increased payloadsz variable by 4 bytes which was propagated also
into the add_secure_header_v1() function. Fix this issue by decreasing size
of buffer by 4 bytes from which is calculated secure boot data image
signature.
Fixes: 37cb9c15d7 ("tools: kwbimage: Simplify aligning and calculating checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Variable imagesz in functions image_create_v0(), image_create_v1() and
kwbimage_set_header() stores offset to data from the beginning of the main
header. So it is not image size.
Signed-off-by: Pali Rohár <pali@kernel.org>
To make add_secure_header_v1() function more readable, call it directly
with arguments: header pointer with header size and data image pointer with
data image size. No functional change.
Signed-off-by: Pali Rohár <pali@kernel.org>
For all images except SATA is data offset in bytes. For SATA it is in LBA
format (number of sectors). This is how Marvell BootROM interprets it.
Signed-off-by: Pali Rohár <pali@kernel.org>