This tool does not work with Python 3. Change the shebang to make sure the
script is run by a Python 2 interpreter.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Currently upstream does not yet understand the imply keyword. For what
we use kconfiglib.py for today, this is OK. We only need to be able to
evaluate in order to make boards.cfg and none of those choices will
depend on how imply evaluates out.
Signed-off-by: Tom Rini <trini@konsulko.com>
This define is not used in tools sources and can be removed
to avoid unnecessary link between tools and defconfig
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit 94084eea3b ("tools: kwbimage: Fix dest addr") changed kwbimage
to do this adjustment. So now the adjustment in kwboot is not needed
(and would prevent UART booting for images generated by the new
kwbimage). Remove the destaddr adjustment in kwboot.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
The return value of fstat was not checked in kwbimage, and in the case
of an error, the already open file was not closed. Fix both errors.
Reported-by: Coverity (CID: 155971)
Reported-by: Coverity (CID: 155969)
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Signed-off-by: Stefan Roese <sr@denx.de>
The previous commit ("add a new command to show .config contents")
improves the basic infrastructure of "embed a compressed file into
the U-Boot image, and print it by a command". The same pattern for
the "license" command.
This commit reworks the command to improve the following:
[1] Improve log style
Kbuild style log
GZIP cmd/license_data.gz
CHK cmd/license_data_gz.h
UPD cmd/license_data_gz.h
CHK cmd/license_data_size.h
UPD cmd/license_data_size.h
instead of the bare Make log:
cat ./Licenses/gpl-2.0.txt | gzip -9 -c | \
tools/bin2header license_gzip > ./include/license.h
[2] Collect related code into the "cmd" directory
Prior to this commit, the license.h was created by tools/Makefile,
placed under the "include" directory, included from cmd/license.c,
and deleted by the top-level Makefile. It is not a good idea to
scatter related code.
[3] Drop the fixed-malloc size LICENSE_MAX
Just allocate the minimum required size of buffer because we know
the size of the original gpl-2.0.txt.
[4] Fix more issues
Terminate the buffer with zero to prevent puts() from over-running.
Add "static" to do_license.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When gathering addresses for the Cc list patman would encounter a
UnicodeDecodeError due to non-ascii characters in the author name.
Address this by explicitly using utf-8 when building the Cc list.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
As well as showing the number of boards, allow showing the actual list of
boards that would be built, if -v is provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is convenient to be able to deal with checkpatch warnings in the same
way as build warnings. Tools such as emacs and kate can quickly locate
the source file and line automatically.
To achieve this, adjust the format to match the C compiler, and output to
stderr.
Signed-off-by: Simon Glass <sjg@chromium.org>
If there is a '.' in a compatible string, then dtoc will produce a struct
with a name containing a '.'. This won't work, so replace it with '_'.
Also add a suitable test to the sandbox device tree to catch this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This patch adds a little tool that takes a generic MAC address and
generates a CRC byte for it. The output is the full MAC address without
any separators, ready written into an EEPROM.
Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This patch enables crc8 to be used from within the tools directory using
u-boot/crc.h.
Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
On platforms which do not require microcode in SPL, handle such
case like U-Boot proper.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
u_boot_spl_with_ucode_ptr is derived from u_boot_with_ucode_ptr,
hence it should call its parent's init.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To troubleshoot unexpected bhavior during building and what's more
important during execution it is strongly recommended to use recent
ARC toolchain, and so we're now referring to arc-2016.09 which is the
latest as of today.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We can use the same header length calculations for both imximage v1 and
v2. This addresses TODO comments about imximage v1 in the current code.
With this patch applied, *header_size_ptr in imximage_set_header() will
have the correct value for both imximage v1 and v2. This is necessary
for people wanting to add proprietary data behind the created imximage.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Cc: sbabic@denx.de
When we have python building tools for the host it will not check HOSTXX
variables but only XX variables, for example LDFLAGS and not
HOSTLDFLAGS.
Cc: Simon Glass <sjg@chromium.org>
Reported-by: Heiko Schocher <hs@denx.de>
Fixes: 1905c8fc71 ("build: Always build the libfdt python module")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Tested-by: Heiko Schocher <hs@denx.de>
The built _libfdt.so is placed in the /tools dir and need to say here
as it contains relative paths.
Add the directory to the python path so binman can use this module.
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
Do not rely on CONFIG_SPL_OF_PLATDATA to build the libfdt python module.
If swig is present, this will be build
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Some OS (all BSD and probably others) do not have python in /usr/bin
but in another directory.
It is a common usage to use /usr/bin/env python as shebang for python
scripts so use this for binman.
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
This patch is fixing missing fclose() calls
in error patch introduced by:
"tools: mkimage: Use fstat instead of stat to avoid malicious hacks"
(sha1: ebe0f53f48)
Reported-by: Coverity (CID: 155064, 155065)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use the endian macros from u-boot's compiler.h instead of duplicating
the definitions.
This also avoids a build error on OpenBSD by removing swap64 which
collides with a system definition in endian.h pulled in by inttypes.h.
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
Now that we have added file names from Kconfig in x86 u-boot.dtsi,
update binman to avoid using hard-coded names.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that binman supports creating images with microcode, drop the code from
ifdtool.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
For boards that need U-Boot-specific additions to the device tree, it is
a minor annoyance to have to add these each time the tree is synced with
upstream.
Add a means to include a file (e.g. u-boot.dtsi) automatically into the .dts
file before it is compiled.
The file uses is the first one that exists in this list:
arch/<arch>/dts/<board.dts>-u-boot.dtsi
arch/<arch>/dts/<soc>-u-boot.dtsi
arch/<arch>/dts/<cpu>-u-boot.dtsi
arch/<arch>/dts/<vendor>-u-boot.dtsi
arch/<arch>/dts/u-boot.dtsi
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Add support for two more from the inexhaustible supply of x86 binary blob
types.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
When building for 64-bit x86 we need an SPL binary in the ROM. Add support
for this. Also increase entry test code coverage to 100%.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Add an entry type for u-boot.img (a legacy U-Boot image) and a simple test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
The structure of x86 ROMs is pretty complex. There are various binary blobs
to place in the image. Microcode requires special handling so that it is
available to very early code and can be used without any memory whatsoever.
Add support for the various entry types that are currently needed, along
with some tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Add entries to support some standard U-Boot binaries, such as u-boot.bin,
u-boot.dtb, etc. Also add some tests for these.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
This adds the basic code for binman, including command parsing, processing
of entries and generation of images.
So far no entry types are supported. These will be added in future commits
as examples of how to add new types.
See the README for documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
The EVP_MD_CTX and EVP_CIPHER_CTX are made opaque since 1.1.x , so instead
of embedding them directly into struct sb_image_ctx and initializing them
using EVP_*_CTX_init(), we use pointers and allocate the crypto contexts
using EVP_*_CTX_new().
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e80155)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).
Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b6460809c)
where file wasn't checked that it is regular file.
Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>