The external data is located after the mmapped FDT pointed to by
'old_fdt', not in the newly created FDT we are importing into at 'fdt'.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
This patch addresses issue #2 for signed configurations.
-----8<-----
Including the image cipher properties in the configuration signature
prevents an attacker from modifying cipher, key or iv properties.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can
replace an existing property value.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
Previously mkimage would process any node matching the regex cipher.*
and apply the ciphers to the image data in the order they appeared in
the FDT. This meant that data could be inadvertently ciphered multiple
times.
Switch to processing a single cipher node which exactly matches
FIT_CIPHER_NODENAME.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
The printf() string produces a warning about %d not matching size_t. Fix
it and put the format string on one line to avoid a checkpatch warning.
Signed-off-by: Simon Glass <sjg@chromium.org>
Vagrant Cascadian reported that mx6cuboxi target no longer builds
reproducibility on Debian.
One example of builds mismatches:
00096680: 696e 6700 736f 756e 642d 6461 6900 6465 ing.sound-dai.de
-00096690: 7465 6374 2d67 7069 6f73 0000 tect-gpios..
+00096690: 7465 6374 2d67 7069 6f73 0061 tect-gpios.a
This problem happens because all the buffers in fit_image.c are
allocated via malloc(), which does not zero out the allocated buffer.
Using calloc() fixes this unpredictable behaviour as it guarantees
that the allocated buffer are zero initialized.
Reported-by: Vagrant Cascadian <vagrant@reproducible-builds.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Vagrant Cascadian <vagrant@reproducible-builds.org>
With current implementation of fw_setenv, it is always locks u-boot-env
region if lock interface is implemented for such mtd device. You can
not control lock of this region with fw_setenv, there is no option for
it in config or in application itself. Because of this situation may
happen problems like in this thread on xilinx forum:
https://forums.xilinx.com/t5/Embedded-Linux/Flash-be-locked-after-use-fw-setenv-from-user-space
/td-p/1027851
A short summary of that link is: some person has issue with some spi
chip which has lock interface but doesn't locks properly which leads to
lock of whole flash memory on lock of u-boot-env region. As resulted
solution hack was added into spi-nor.c driver for this chip with lock
disablement.
Instead fix this problem by adding logic to fw_setenv only lock the
flash if it was already locked when we attempted to use it.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
After latest improvements in dtoc, compatible strings are checked
against driver and driver alias list to get a valid driver name. With
this new feature the list of compatible string aliases seems not
useful any more.
Signed-off-by: Walter Lozano <walter.lozano@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently dtoc checks if the first compatible string in a dtb node
matches either a driver o driver alias name, without taking into account
any other compatible string in the list. In the case that no driver matches
the first compatible string a warning is printed and the U_BOOT_DEVICE is
not being declared correctly.
This patch adds dtoc's support for try all the compatible strings in the
dtb node, in an effort to find the correct driver.
Signed-off-by: Walter Lozano <walter.lozano@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When binman is in use, most of the targets built by the Makefile are
inputs to binman. We then need a final rule to run binman to produce the
final outputs.
Rename the variable to indicate this, and add a new 'inputs' target.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
It is interesting to note the number of builds completed per second to
track machine performance and build speed. Add a 'rate' value at the end
of the build to show this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This current fails with an error. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 7664b03ffc ("buildman: Remove _of_#_ from results directory paths")
Older versions of this script don't support the -q flag. Since buildman
runs this script from when it starts, we may get the old version.
Fix this in two ways:
1. Use the version from the same tree as buildman is run from, if
available
2. Failing that, allow the -q flag to be missing
Signed-off-by: Simon Glass <sjg@chromium.org>
Add an additional test to dtoc in order improve the coverage,
specifically to take into account the case of unicode error when
scanning drivers.
Signed-off-by: Walter Lozano <walter.lozano@collabora.com>
With the change to absolute imports the concurrent tests feature
unfortunately broke. Fix it.
We cannot easy add a warning, since the output messes up tests which check
the output.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present testPackX86RomMeNoDesc removes the contents of the
descriptor.bin file and testPackX86RomMeMissingDesc removes the file
completely.
If a test that relies on this file happens to run after it is removed, it
will not work. Since we have no control over the selecting of tests that
run in parallel and series, we must avoid changing the files.
Update this tests to use separate files instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
The user can either count the number of patches, or provide a
tracking branch.
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Setting sendemail.suppresscc to all or cccmd leads to --cc-cmd
parameter being ignored, and emails going either nowhere, or
just to the To: line maintainer.
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The unsupported Commit-xxx option are silently skipped
and removed as 're_remove=Commit-\w*', this patch adds
warning message in this case to detect misspelled issue
for the 2 supported options:
Commit-notes:
Commit-changes:
For example: the final 's' is missing (Commit-note:)
NB: no issue for Series-xxx option as only the supported
options are accepted (see valid_series in series.py)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Detect unexpected 'END' line when a section is not detected.
This patch detect issue when tag name for section start is misspelled,
for example 'Commit-note:' for 'Commit-notes:'
Commit-note:
....
END
Then 'Commit-note:' is removed silently by re_remove = "Commit-\w*:"
but 'END' is kept in commit message.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
FIT (Flat Image Tree) is the main image format used by U-Boot. In some
cases scripts are used to create FITs within the U-Boot build system. This
is not ideal for various reasons:
- Each architecture has its own slightly different script
- There are no tests
- Some are written in shell, some in Python
To help address this, add support for FIT generation to binman. This works
by putting the FIT source directly in the binman definition, with the
ability to adjust parameters, etc. The contents of each FIT image come
from sub-entries of the image, as is normal with binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a method for adding a property containing arbitrary bytes. Make sure
that the tree can expand as needed in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Some binary blobs unfortunately obtain their position in the image from
other binary blobs, such as Intel's 'descriptor'. In this case we cannot
rely on packing to work. It is not possible to produce a valid image in
any case, due to the missing blobs.
Allow zero-length overlaps so that this does not cause any problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
When warnings and errors are produced by tools they should be written to
stderr. Update the tout implementation to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Sometimes it is useful to build an image even though external binaries are
not present. This allows the build system to continue to function without
these files, albeit not producing valid images.
U-Boot does with with ATF (ARM Trusted Firmware) today.
Add a new flag to binman to request this behaviour.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Many of the existing blobs rely on external binaries which may not be
available. Move them over to use blob_ext to indicate this.
Unfortunately cros-ec-rw cannot use this class because it inherits
another. So set the 'external' value for that class.
While we are here, drop the import of Entry since it is not used (and
pylint3 complains).
Signed-off-by: Simon Glass <sjg@chromium.org>
It is useful to be able to distinguish between ordinary blobs such as
u-boot.bin and external blobs that cannot be build by the U-Boot build
system. If the external blobs are not available for some reason, then we
know that a value image cannot be built.
Introduce a new 'blob-ext' entry type for that.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
It is easier and less error-prone to use super() when the parent type is
needed. Update binman to remove the type names.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
As a first step to integrating mkimage into binman, add a new entry type
that feeds data into mkimage for processing and incorporates that output
into the image.
Signed-off-by: Simon Glass <sjg@chromium.org>
When binman is run from 'make check' it is given a toolpath so that the
latest tools (e.g. mkimage) are used. When run manually with no toolpath,
it relies on the system mkimage. But this may be missing or old.
Make some effort to find the built-from-soruce version by looking in the
current directory and in the builds created by 'make check'.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present binman's test coverage runs without a toolpath set. This means
that the system tools will be used. That may not be correct if they are
out of date or missing and this can result in a reduction in test coverage
below 100%.
Provide the toolpath to binman in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that binman uses tools/ as its base directory for importing modules,
the path to the pylibfdt build by U-Boot is incorrect. Fix it with a new
path.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present binman outputs errors to stdout which means that fails are
effectively silent when printed by buildman, for example. Fix this by
outputing errors to stderr.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Most users don't want to see traceback errors. Add an option to enable
them for debugging. Disable them by default.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collect response tags such as 'Reviewed-by' while parsing the stream.
This allows us to see what tags are present.
Add a new 'Fixes' tag also, since this is now quite common.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present all text is marked bright, which makes it stand out on the
terminal. Add a way to disable that, as is done with the Color class.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we use --test to indicate that tests should be run. It is
better to use a subcommand for list, like binman. Change it and adjust
the existing code to fit under a 'send' subcommand, the default.
Give this subcommand the same default arguments as the others.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present patman only does one thing so does not have any comments. We
want to add a few more command, so create a sub-parser for the default
command ('send').
Signed-off-by: Simon Glass <sjg@chromium.org>
The -s option allows skipping patches at the top of the branch. Sometimes
there are commits at the bottom that need to be skipped. At present it is
necessary to count the number of commits and then use -c to tell patman
how many to process.
Add a -e option to easily skip a number of commits at the bottom of the
branch.
Signed-off-by: Simon Glass <sjg@chromium.org>