This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add documentation for btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.
While singing there is no reason to decompress data. Thus, decompression
should be disabled.
Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
At this point, buildman requires a few different modules and so we need
a requirements.txt to track what modules are needed.
Cc: Simon Glass <sjg@chromium.org>
Cc: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Since binman is used to package bootloader images for all K3 devices, we
do not have to rely on the earlier methods to package them.
Scripts that were used to generate x509 certificate for tiboot3.bin and
generate tispl.bin, u-boot.img have been removed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZLqHzgAKCRDKSWXLKUoM
IcdEAKCSgy0lMxb1c0adCjpkQR9x63oKbQCdGiioU+W+0moznHdI7+W2UptNt3w=
=Uzn8
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2023.10-rc1-v2' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2023.10-rc1 v2
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.
It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.
Implement this mechanism.
Signed-off-by: Simon Glass <sjg@chromium.org>
This permits implementation of a simple templating system, where a node
can be reused as a base for others.
For now this adds new subnodes after any existing ones.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed since the linker script sets it up. Drop the variable
to avoid confusion.
Fix the prototype for main() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).
Allow a fit,fdt-list-val string-list property to be used instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is needed to handle mkimage with inner section located itself in a
section.
Signed-off-by: Marek Vasut <marex@denx.de>
Use BuildSectionData() instead of ObtainContents(), add tests and a few
other minor fixes:
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the LookupAndWriteSymbols() function to return the number of
symbols written. Also add some logging for when debugging is not
enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boards don't use symbol writing but do access the symbols in SPL.
Provide an option to work around this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some section types don't have a simple _entries list. Use the GetEntries()
method in GetEntryContents() and other places to handle this.
This makes the behaviour more consistent.
Signed-off-by: Simon Glass <sjg@chromium.org>
This should be set up in the init function, to avoid a warning about a
property not set up there. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When building from source, setuptools would complain about not finding
package via its auto-discovery mechanism. Manually specify how to
locate the files, relative to the package's directory.
* tools/u_boot_pylib/pyproject.toml: New tool.setuptools.packages.find
section.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As this is the current version of the public cross toolchains we use,
upgrade to this now.
Suggested-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Back in the day we relied a lot on Synopsys own build of the GNU tools
for ARC processors, but since then we worked hard on getting all our changes
upstream and for a couple of years now we have ARCompact (AKA ARCv1)
and ARCv2 processors supported very well in upstream GCC, Binutils, GDB etc.
And so there's no need to use Synopsys forks any longer, thus we remove
all the references to that form and use upstream components as majority
of other architectures in U-Boot.
Thanks to Tom for pointing to that left-over!
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building qemu, all required submodules (of which we need more than
just dtc) are handled automatically. Currently trying to init the
submodule the way we do results in a git failure.
Reported-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a pragma to deal with the code-coverage gap which drops binman down to
90% coverage.
Fixes: de65b122a2 (tools: Fall back to importlib_resources on Python 3.6)
Signed-off-by: Simon Glass <sjg@chromium.org>
The data type of item_offset_list shall be UINT64 according to the UEFI [1]
specifications.
In include/efi_api.h the correct data type is used. The bug was probably
never noticed because of little endianness.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
