Commit graph

45 commits

Author SHA1 Message Date
Sughosh Ganu
74aae507bc binman: capsule: Add support for generating EFI empty capsules
Add support in binman for generating EFI empty capsules. These
capsules are used in the FWU A/B update feature. Also add test cases
in binman for the corresponding code coverage.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-13 14:01:42 -06:00
Sughosh Ganu
b617611b27 binman: capsule: Add support for generating EFI capsules
Add support in binman for generating EFI capsules. The capsule
parameters can be specified through the capsule binman entry. Also add
test cases in binman for testing capsule generation.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-29 13:37:54 -04:00
Lukas Funke
7fcfa9d930 binman: etype: Add xilinx-bootgen etype
This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.

The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.

Here is an example of the etype in use:

    spl {
        filename = "boot.signed.bin";

        xilinx-bootgen {
            pmufw-filename = "pmu-firmware.elf";
            psk-key-name-hint = "psk0";
            ssk-key-name-hint = "ssk0";
            auth-params = "ppk_select=0", "spk_id=0x00000000";

            u-boot-spl-nodtb {
            };
            u-boot-spl-dtb {
            };
        };
    };

For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.

For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-05 11:33:18 -06:00
Lukas Funke
5609843b57 binman: etype: Add u-boot-spl-pubkey-dtb etype
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.

The etype calls the underlying 'fdt_add_pubkey' tool.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Christian Taedcke
473e5206f0 binman: Add support for externally encrypted blobs
This adds a new etype encrypted.

It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Neha Malcom Francis
78144826bb binman: ti-secure: Add support for TI signing
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.

Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:58 -04:00
Neha Malcom Francis
6c66ccf26c binman: ti-board-config: Add support for TI board config binaries
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:58 -04:00
Simon Glass
b1e40ee734 binman: Provide a way to specify the fdt-list directly
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).

Allow a fit,fdt-list-val string-list property to be used instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Tom Rini
a5faa4a9eb Prepare v2023.04-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmQPxXsACgkQFHw5/5Y0
 tyzRWgwAlpwF0u0Xtfs+isnwy/2wb1uMKSeZTiMWkP8he48DX/+db1LHyxnb5apX
 5ULLLKnxZGDviFNw6F/Vuq/BlL8aK+K6wJm+HxdN4Df+sQZgP0kZVnZH1DcDGyJ7
 2I5mYxXCQiRfl3lG8uHdfQyGT5BOm1ZYTIBgXPzpdp/PS6Es74aIHfHS4UdsnpZ2
 dw5APUHnXsSeycbvgiZZEAQphRGplTgSmEDLZTCHD6+oIFoyJVMRr4QWc+KjYPR8
 MgfykqaITO7xKg1V2GwEWJA7LpU4L3HrK+8upSjdx0kfKw4jZoBTU5LE3dnk+6fz
 rgisMfyDGZ+w467uk9BSAO9smRRRI7GFMSkvi+kMQtVCFWCSaddkfYPlpFu1PND7
 nHfxkzoIjxeEOG8yIFF8P199w2lEorKTxlXuNBStfozvAz1wfhgq3o3WQGpvDmqF
 E+FoC7t73qVu6DVMiCXCOyUYNyI7d1tFlUhlbZPVCelVL8RX3JjMF/0uhLsOSDMc
 s4z/6fVq
 =xK+J
 -----END PGP SIGNATURE-----

Merge tag 'v2023.04-rc4' into next

Prepare v2023.04-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-03-14 12:06:35 -04:00
Simon Glass
953d4177af binman: Support generation of x509 certificates
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 13:15:15 -08:00
Simon Glass
9dbb02b9d1 binman: Support marking FMAP areas as preserved
Add an entry flag called 'preserve' to indicate that an entry should be
preserved by firmware updates. Propagate this to FMAP too.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:38:48 -08:00
Jonas Karlman
05b978be5f binman: Add support for a rockchip-tpl entry
The rockchip-tpl entry can be used when an external TPL binary should be
used instead of the normal U-Boot TPL.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Eugen Hristev <eugen.hristev@collabora.com>
2023-02-28 18:07:26 +08:00
Jonas Karlman
f584d44c23 binman: Add support for selecting firmware to use with split-elf
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Jonas Karlman
00b3d53f15 binman: Add special subnodes to the nodes generated by split-elf
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.

Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Jonas Karlman
9b2fd2d228 binman: Add support for align argument to mkimage tool
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Simon Glass
62ef2f7bf3 binman: Add a null entry
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.

Add support for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 14:55:40 -07:00
Simon Glass
2f80c5ef13 binman: Support new op-tee binary format
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.

Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:50:01 -07:00
Simon Glass
23ab4e0054 binman: Use a reference for binman symbols docs
Several etypes have this reference in their documentation. Now that we are
using rST, link to the section directly.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
2023-01-18 11:50:01 -07:00
Simon Glass
237ac96a70 binman: Update entry docs
These have got out of data recently. Regenerate them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:50:01 -07:00
Simon Glass
984639039f Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASE
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().

Rename it to resolve this problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-10-31 11:01:31 -04:00
Quentin Schulz
4d91df0548 binman: add support for skipping file concatenation for mkimage
Some image types handled by mkimage require the datafiles to be passed
independently (-d data1:data2) for specific handling of each. A
concatenation of datafiles prior to passing them to mkimage wouldn't
work.

That is the case for rkspi for example which requires page alignment
and only writing 2KB every 4KB.

This adds the ability to tell binman to pass the datafiles without
prior concatenation to mkimage, by adding the multiple-data-files
boolean property to the mkimage node.

Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-04 20:00:39 +08:00
Stefan Herbrechtsmeier
6aa8000e74 binman: Add length header attribute to dtb entry
Add an optional length header attribute to the device tree blob entry
class based on the compressed data header from the utilities to compress
and decompress data.

If needed the header could be enabled with the following
attribute beside the compress attribute:
  prepend = "length";

The header was introduced as part of commit eb0f4a4cb4 ("binman:
Support replacing data in a cbfs") to allow device tree entries to be
larger than the compressed contents. Regarding the commit "this is
necessary to cope with a compressed device tree being updated in such a
way that it shrinks after the entry size is already set (an obscure
case)". This case need to be fixed without influence any compressed data
by itself.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Simon Glass
d626e825f5 binman: Allow collection to use entries from other sections
At present the collections etype only works with entries in the same
section. This can be limiting, since in some cases the data may be inside
a subsection, e.g. if there are alignment constraints.

Add a function to find the entries in an etype and have it search
recursively. Make use of this for mkimage also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:32 -06:00
Simon Glass
9db9e932c7 binman: Allow passing entries using -n
Also control over what goes in the file passed with -n using a separate
imagename subnode. This can include a section or any other entry type.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:32 -06:00
Simon Glass
dfe1db4030 binman: Allow the image name to be the data file
Some image types use the -n parameter to pass in the data file. Add
support for this, with a new property.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:32 -06:00
Simon Glass
e9b5e31a12 binman: Improve mkimage documentation
Expand this a little to make things clearer. Also drop the invalid
entry arg.

Series-changes 2
- Make it clear that -d data is concatenated/collected by binman
- Fix mulitple typoe
- Reword a sentence for grammar

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:32 -06:00
Simon Glass
24474dc20a binman: Fix up the entry-docs for Entry_pre_load
This has got out of sync and needs a line wrap. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:32 -06:00
Simon Glass
228c9b8629 binman: Add rST references for binman entry types
Add references in the documentation for each entry type, so we can refer
to them from other documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-13 11:09:49 +02:00
Philippe Reynes
b1c5093008 tools: binman: add support for pre-load header
Adds the support of the pre-load header with the image signature
to binman.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:23 -04:00
Simon Glass
40c8bdd87e binman: Support splitting an ELF file into multiple nodes
Some boards need to load an ELF file using the 'loadables' property, but
the file has segments at different memory addresses. This means that it
cannot be supplied as a flat binary.

Allow generating a separate node in the FIT for each segment in the ELF,
with a different load address for each.

Also add checks that the fit,xxx directives are valid.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2022-03-18 19:24:25 -06:00
Simon Glass
6a0b5f8b9c binman: Allow different operations in FIT generator nodes
At present we only support expanding out FDT nodes. Make the operation
into an @operation property, so that others can be supported.

Re-arrange and tidy up the documentation so that it has separate
headings for each topic.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-22 10:05:44 -07:00
Simon Glass
98e0de3fb7 binman: Tidy up the docs a little with fit
Add a few quotes and clarify the data property.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-22 10:05:44 -07:00
Simon Glass
5c044ff523 binman: Support a list of strings with the mkimage etype
At present the 'args' property of the mkimage entry type is a string. This
makes it difficult to include CONFIG options in that property. In
particular, this does not work:

   args = "-n CONFIG_SYS_SOC -E"

since the preprocessor does not operate within strings, nor does this:

   args = "-n" CONFIG_SYS_SOC" "-E"

since the device tree compiler does not understand string concatenation.

With this new feature, we can do:

   args = "-n", CONFIG_SYS_SOC, "-E";

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-22 10:05:44 -07:00
Roger Quadros
47f420ae08 binman: Add support for TEE BL32
Add an entry for OP-TEE Trusted OS 'BL32' payload.
This is required by platforms using Cortex-A cores with TrustZone
technology.

Signed-off-by: Roger Quadros <rogerq@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add missing-blob-help, renumber the test file, update entry-docs:
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-22 10:05:44 -07:00
Simon Glass
7598972760 binman: Add support for ATF FIP
This format is used in firmware binaries so we may as well supported it.

With this patch binman supports creating, listing and updating FIPs, as
well as extracting files from one, provided that an FDTMAP is also present
somewhere in the image.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-17 09:44:59 -07:00
Simon Glass
cc2c500426 binman: Support lists of external blobs
Sometimes it is useful to have a list of related external blobs in a
single entry. An example is the DDR binaries used by meson. There are
9 files in total. Add support for this, so we don't have to have a
separate entry for each.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-05 09:23:15 -07:00
Simon Glass
943bf78a48 binman: Allow extracting a file in an alternative format
In some cases entries encapsulate other data and it is useful to access
the data within. An example is the fdtmap which consists of a 16-byte
header, followed by a devicetree.

Provide an option to specify an alternative format when extracting files.
In the case of fdtmap, this is 'fdt', which produces an FDT file which can
be viewed with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-05 09:22:41 -07:00
Simon Glass
3f495f18a7 binman: Update the section documentation
Expand this to explain subclassing better and also to tidy up formatting
for rST.

Fix a few pylint warnings to avoid dropping the score.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-02 09:16:30 -07:00
Bin Meng
4c4d6077d3 binman: Add support for RISC-V OpenSBI fw_dynamic blob
Add an entry for RISC-V OpenSBI's 'fw_dynamic' firmware payload.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-05-19 17:01:49 +08:00
Simon Glass
1736575b0c binman: Support adding sections to FMAPs
When used with hierarchical images, use the Chromium OS convention of
adding a section before all the subentries it contains.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-04-29 03:23:39 -07:00
Simon Glass
5ff9fedc9b binman: Support default alignment for sections
Sometimes it is useful to specify the default alignment for all entries
in a section, such as when word-alignment is necessary, for example. It
is tedious and error-prone to specify this individually for each section.

Add a property to control this for a section.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 16:26:48 +13:00
Simon Glass
189f291914 binman: Add support for a collection of entries
The vblock entry type includes code to collect the data from a number of
other entries (not necessarily subentries) and concatenating it. This is
a useful feature for other entry types.

Make it a base class, so that vblock can use it, along with other entry
types.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 16:26:48 +13:00
Simon Glass
3d43338293 binman: Allow disabling expanding an entry
At present there is a command-line flag to disable substitution of expanded
entries. Add an option to the entry node as well, so it can be controlled
at the node level.

Add a test to cover this. Fix up the comment to the checkSymbols() function
it uses, while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 16:26:48 +13:00
Simon Glass
96d340e9f6 binman: Drop repetitive heading for each entry
Many entries start 'Entry containing a'. This looks fine in the source
code but is annoying when viewed in the htmldocs table of contents. Drop
these unnecessary words.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-26 17:03:10 +13:00
Simon Glass
6bc4309be7 binman: Incorporate entry documentation
Update this to avoid sphinx warnings and incorporate it into the new
documentaiton tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-26 17:03:10 +13:00
Renamed from tools/binman/README.entries (Browse further)