When authenticating the initial boot binary the ROM will check a debug
type value in the certificate and based on that open JTAG access to that
core. This only effects HS devices as non-HS device ROM allows JTAG
by default.
This can be useful for HS developers working in the early boot stage,
before SYSFW is loaded. After that point the JTAG access can be
changed based on board configurations passed to SYSFW.
This access can also be a large security problem as JTAG access on
HS devices can be used to circumvent the chain-of-trust controls.
Accidentally leaving this open defeats the security on HS, due to this
change the default to disabled.
This should only effect those working on early HS boot code, which
is a limited crowd who will already know how to re-enable this access
as needed.
Signed-off-by: Andrew F. Davis <afd@ti.com>
When authenticating the initial boot binary the ROM will check a debug
type value in the certificate and based on that open JTAG access to that
core.
Make this selectable in the signing tool to allow it to be enabled or
disabled based on user command line input.
This does not change the default behavior.
Signed-off-by: Andrew F. Davis <afd@ti.com>
change to how sequence numbers are assigned to devices
minor fixes and improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl7kQ4kRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZrvAgAqc/TEj7QHPyW9rQSl8h65MXK93qRsnZo
4segKEtK0Rmv0S2VfmPCwujsDFl5gZUNt+rXD/l7F0a4Wzx4eYgYrEXOYsXs/ZHP
jjGrcbvO4Qkx3QzjMqqoUiQqeCgNQ9XIre8F+1NmZeQ2bFtPKbJXtXKYTcMI1wSW
PhRGbbsTnKNKC0dL0nLFG6+NC/sk6xRqMx28Ip38FTrQL+Uh67LZFpLkY3yuHo/1
CVhCw+7Aov0I6tDrdKrngjFqXRSoTsuOhavSFoW9U6llqDL7FIC6aoRo7x24lSJN
VFTRpXPmNHeslE6NHEOQs9elFpbxXR34te3k4p74rFuX/J/490UaYA==
=172C
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-12jun20' of git://git.denx.de/u-boot-dm into next
patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
minor fixes and improvements
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
Currently, the following scenario will rebuild the first commit even
though it is not really necessary - the commit sha or the position in the
patchset did not change:
$ git am <local-patch-0001>
$ tools/buildman/buildman -P -E -W -b master mx6
<do some more development work>
$ git am <local-patch-0002>
$ tools/buildman/buildman -P -E -W -b master mx6 <- will rebuild the first
commit as well, even
though nothing has
changed about it.
This is due to the fact that previous results directories get removed
when the number of commits change. By removing the _of_#_ part of the
directory path, the commits will be rebuilt only if the commit sha or the
position in the patchset changes. Also, update the testcase to reflect this
change.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Rather than suffering in silence, output a warning if something about the
checkpatch output cannot be understood.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes checkpatch outputs problems in the patch subject. Add support
for parsing this output and reporting it correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
If checkpatch is configured to output code we should ignore it. Similarly,
notes should be ignored.
Update the logic to handle these situations.
Signed-off-by: Simon Glass <sjg@chromium.org>
Once we have determined what the line refers to there is no point in
processing it further. Update the logic to continue to the next line in
these cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
If checkpatch is run in 'emacs' mode it shows the filename at the
start of each line. Add support for this so that the warnings and errors
are correctly detected.
Signed-off-by: Simon Glass <sjg@chromium.org>
If no warnings are detected due to checkpatch having unexpected options,
patman currently shows an error:
TypeError: unsupported operand type(s) for +=: 'int' and 'property'
Fix this by initing the variable correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
This option currently does not add any sort of hash to the images in the
FIT.
Add a hash node requesting a crc32 checksum, which at least provides some
protection.
The crc32 value is easily ignored (e.g. in SPL) if not needed. and takes
up only about 48 bytes per image, including overhead.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Denk <wd@denx.de>
When using CONFIG_ENV_IS_IN_FAT and the config-file specifies a size
larger than what U-Boot wrote into the env-file, a confusing error
message is shown:
$ fw_printenv
Read error on /boot/uboot.env: Success
Fix this by showing a different error message when read returns too
little data.
Signed-off-by: Harald Seiler <hws@denx.de>
This patch adds or modifies functional tests for the Cover-changes,
Commit-changes, and Series-process-log tags in order to account for new
behavior added in the previous few patches. The '(no changes since v1)'
case is not tested for, since that would need an additional commit to test
in addition to testing the existing code paths.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch adds support to multi-line changes. That is, if one has a line
in a changelog like
- Do a thing but
it spans multiple lines
Using Series-process-log sort would sort as if those lines were unrelated.
With this patch, any change line starting with whitespace will be
considered part of the change before it.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
By default patman generates a combined changelog for the cover letter. This
may not always be desirable.
Many patches may have the same changes. These can be coalesced with
"Series-process-log: uniq", but this is imperfect. Similar changes like
"Move foo to patch 7" will not be merged with the similar "Move foo to this
patch from patch 6".
Changes may not make sense outside of the patch they are written for. For
example, a change line of "Add check for bar" does not make sense outside
of the context in which bar might be checked for. Some changes like "New"
or "Lint" may be repeated many times throughout different change logs, but
carry no useful information in a summary.
Lastly, I like to summarize the broad strokes of the changes I have made in
the cover letter, while documenting all the details in the appropriate
patches. I think this makes it easier to get a good feel for what has
changed, without making it difficult to wade through every change in the
whole series.
This patch adds two new tags to add changelog entries which only appear in
the cover letter, or only appear in the commit. Changes documented with
"Commit-changes" will only appear in the commit, and will not appear in the
cover letter. Changes documented with "Cover-changes" will not appear in
any commit, and will only appear in the cover letter.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Patman outputs a line for every edition of the series in every patch,
regardless of whether any changes were made. This can result in many
redundant lines in patch changelogs, especially when a patch did not exist
before a certain revision. For example, the existing behaviour could result
in a changelog of
Changes in v7: None
Changes in v6: None
Changes in v5:
- Make a change
Changes in v4: None
Changes in v3:
- New
Changes in v2: None
With this patch applied and with --no-empty-changes, the same patch would
look like
(no changes since v5)
Changes in v5:
- Make a change
Changes in v3:
- New
This is entirely aesthetic, but I think it reduces clutter, especially for
patches added later on in a series.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some mailing lists have size limits and when we add binary contents
to our patches it's easy to exceed the size limits.
Git supports a command line option "--no-binary" to generate patches
without any binary contents. Add an option in patman to handle this.
Note with this option patches cannot be applied properly, but they
are still useful for code review.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sort the existing command line options by:
- help comes first
- option starts with '-'
- option starts with '--'
Lower case followed by upper case letters, in alphabetical order.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As reported by Nicolas Carrier on the Buildroot mailing list [1],
there is a new build issue while building a program which interacts with
the u-boot environment. This program uses the headers of the ubootenv
library provided by uboot-tools.
This is a recent change from uboot [2] adding "#include <env.h>" to
fw_env.h. Adding env.h require a board configuration to build since
it also include compiler.h (and others uboot internal includes).
env.h include seems not needed since env_set() is not used in fw_env tool.
Nicolas removed env.h from fw_env tool and fixed it's build issue.
This problem is present since uboot v2019.10.
[1] http://lists.busybox.net/pipermail/buildroot/2020-April/280307.html
[2] 9fb625ce05
Reported-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Building with -Wtype-limits yields
tools/rkcommon.c: In function ‘rkcommon_check_params’:
tools/rkcommon.c:158:27: warning: comparison of
unsigned expression < 0 is always false [-Wtype-limits]
158 | if (spl_params.init_size < 0)
| ^
tools/rkcommon.c:165:28: warning: comparison of
unsigned expression < 0 is always false [-Wtype-limits]
165 | if (spl_params.boot_size < 0)
|
Fix the value checks.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
GCC recognizes /* fallthrough */ if -Wimplicit-fallthrough=3 is enabled.
Let's use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GCC recognizes /* fallthrough */ if -Wimplicit-fallthrough=3 is enabled.
Let's use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Have this symbol follow the pattern of all other such symbols.
This patch also removes a TODO from the code.
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
This has been reported to break booting of U-Boot from SPL on a number
of platforms due to a lack of alignment of the external data. The
issues this commit is addressing will need to be resolved another way.
Re-introduce a data leak in the padding for now.
This reverts commit 20a154f95b.
Reported-by: Alex Kiernan <alex.kiernan@gmail.com>
Reported-by: Michael Walle <michael@walle.cc>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
There is no reason to tail-pad fitImage with external data to 4-bytes,
while fitImage without external data does not have any such padding and
is often unaligned. DT spec also does not mandate any such padding.
Moreover, the tail-pad fills the last few bytes with uninitialized data,
which could lead to a potential information leak.
$ echo -n xy > /tmp/data ; \
./tools/mkimage -E -f auto -d /tmp/data /tmp/fitImage ; \
hexdump -vC /tmp/fitImage | tail -n 3
before:
00000260 61 2d 6f 66 66 73 65 74 00 64 61 74 61 2d 73 69 |a-offset.data-si|
00000270 7a 65 00 00 78 79 64 64 |ze..xydd|
^^ ^^ ^^
after:
00000260 61 2d 6f 66 66 73 65 74 00 64 61 74 61 2d 73 69 |a-offset.data-si|
00000270 7a 65 00 78 79 |ze.xy|
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Tom Rini <trini@konsulko.com>
The cmdline for calling the dtc was cut-off when using long filenames (e.g.
245 bytes) for output-file and datafile of "-f" parameter.
For FIT-images cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN] is declared (hardcoded 512 bytes),
and contains some static values, the path of a tmpfile and a datafile. tmpfile is
max MKIMAGE_MAX_TMPFILE_LEN (256) and datafile might be also this size. Having two
very long pathname results in a truncation os the executed shell command, as the
truncated datafile path will not be found.
Redefine MKIMAGE_MAX_DTC_CMDLINE_LEN to "2 * MKIMAGE_MAX_TMPFILE_LEN + 35 for the
parameters.
This likely applies to the "-d" parameter, too.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
=H2KE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm
Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
We have a board with several revisions. The older ones use a nor flash
with 64k erase size, while the newer have a flash with 4k sectors. The
environment size is 8k.
Currently, we have to put a column containing 0x10000 (64k) in
fw_env.config in order for it to work on the older boards. But that
ends up wasting quite a lot of time on the newer boards that could
just erase the 8k occupied by the environment - strace says the 64k
erase takes 0.405 seconds. With this patch, as expected, that's about
an 8-fold better, at 0.043 seconds.
Having different fw_env.config files for the different revisions is
highly impractical, and the correct information is already available
right at our fingertips. So use the erasesize returned by the
MEMGETINFO ioctl when the fourth and fifth columns (sector size and
#sectors, respectively) are absent or contain 0, a case where the
logic previously used to use the environment size as erase size (and
consequently computed ENVSECTORS(dev) as 1).
As I'm only testing this on a NOR flash, I'm only changing the logic
for that case, though I think it should be possible for the other
types as well.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Now that we are using absolute paths we can remove some of the sys.path
mangling that appears in the tools.
We only need to add the path to 'tools/' so that everything can find
modules relative to that directory.
The special paths for finding pylibfdt remain.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present patman sets the python path on startup so that it can access
the libraries it needs. If we convert to use absolute imports this is not
necessary.
Move patman to use absolute imports. This requires changes in tools which
use the patman libraries (which is most of them).
Signed-off-by: Simon Glass <sjg@chromium.org>
At present binman sets the python path on startup so that it can access
the libraries it needs. If we convert to use absolute imports this is not
necessary.
Move binman to use absolute imports. This enables removable of the path
adjusting in Entry also.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present buildman sets the python path on startup so that it can access
the libraries it needs. If we convert to use absolute imports this is not
necessary.
Move buildman to use absolute imports. Also adjust moveconfig.py too since
it uses some buildman modules and cannot work without this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Python does not like the module name being the same as the module
directory. To allow buildman modules to be used from other tools, rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Python does not like the module name being the same as the module
directory. To allow dtoc modules to be used from other tools, rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Python does not like the module name being the same as the module
directory. To allow buildman modules to be used from other tools, rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This script already works with Python 3. Make it use that by default so
that it can import the patman libraries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Python does not like the module name being the same as the module
directory. To allow patman modules to be used from other tools, rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present buildman does not write its own output files (err, done, the
environment) when using -w. However this is useful for when the build is
run with -s to check it.
In fact ProduceResultSummary() reads the result from those files rather
than using the 'result' info directly. So ProcessResult() does not work
with -w at present. It does not print any output.
Fix this by writing output files even when -w is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the environment used by U-Boot is written to the 'env'
directory. This is fine when the output directory is not the same as the
source directory, but when it is (as with -w) it conflicts with the source
directory of the same name.
Rename 'env' to 'out-env' to fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is a bad idea to use the default output directory ('..') with -w since
it does a build in that directory and writes various files these.
Require that -o is given to avoid this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
