RSA provides a public key encryption facility which is ideal for image
signing and verification.
Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.
This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
This tool provides the facility to decode U-Boot trace data and write out
a text file in Linux ftrace format for use with pytimechart.
Signed-off-by: Simon Glass <sjg@chromium.org>
This adds a userspace linux utility that writes the u-boot image to an mtd
partition on the docg4 nand flash.
A special utility is required to do this because u-boot is partially loaded by
an initial program loader (IPL) that is permanently programmed to the boot
region of the flash. This IPL expects the image to be written in a unique
format. The characteristics of this format can be summarized as follows:
- Flash blocks to be loaded must have a magic number in the oob bytes of the
first page of the block.
- Each page must be written redundantly in the subsequent page.
- The integrated flash controller's "reliable mode" is used, requiring that
alternate 2k regions (4 pages) are skipped when writing.
For these reasons, a u-boot image can not be written using nandwrite from
mtd-utils.
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Instead of assuming that SYS_TEXT_BASE is 0xFFF80000 calculate the initial
pbl command offset by subtracting the image size from the top of the
24-bit address range. Also increase the size of the memory buffer to
accommodate a larger output image.
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Small conflict over DRA7XX updates and adding SRAM_SCRATCH_SPACE_ADDR
Conflicts:
arch/arm/include/asm/arch-omap5/omap.h
Signed-off-by: Tom Rini <trini@ti.com>
These are not actually used in mkimage itself, but the image code (which
is common with mkimage) does use them. To avoid #ifdefs in the image code
just for mkimage, define dummy version of these here. The compiler will
eliminate the dead code anyway.
A better way to handle this might be to split out more things from common.h
so that mkimage can include them. At present any file that mkimage uses
has to be very careful what headers it includes.
Signed-off-by: Simon Glass <sjg@chromium.org>
The boot logo matching is now done in following way:
- use LOGO_BMP if it is set, or
- use $(BOARD).bmp if it exists in tools/logos, or
- use $(VENDOR).bmp if it exists in tools/logos, or
- use denx.bmp otherwise.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Acked-by: Wolfgang Denk <wd@denx.de>
The fit_handle_file() function is quite long - split out the part that
loads and checks a FIT into its own function. We will use this
function for storing public keys into a destination FDT file.
The error handling is currently a bit repetitive - tidy it.
Signed-off-by: Simon Glass <sjg@chromium.org>
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
This function doesn't need to be exported, and with verification
we want to use it for setting the 'value' property in any node,
so rename it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
This function has become quite long and much of the body is indented quite
a bit. Move it into a separate function to make it easier to work with.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The FIT code is about half the size of the >3000-line image.c. Split this
code into its own file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Move this definition from aisimage.c to mkimage.h so that it is available
more widely.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
Patman requires python 2.7.4 to run but it doesn't
need to be placed in /usr/bin/python.
Use env to ensure that the interpreter used is
the first one on environment's $PATH on system
with several versions of Python installed.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@ti.com>
Acked-by: Simon Glass <sjg@chromium.org>
Conflicting tags can prevent buildman from building two series which exist
one after the other in a branch. There is no reason not to allow this sort
of workflow with buildman, so ignore conflicting tags in buildman.
Change-Id: I2231d04d8684fe0f8fe77f8ea107e5899a3da5e8
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@ti.com>
The MX53 ROM loads the data from NAND in multiples of pages and
supports maximum page size of 4k. Thus, align the image and header
to 4k to be safe from ROM bugs.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Tom Rini <trini@ti.com>
Implement BOOT_OFFSET command for imximage. This command is parallel
to current BOOT_FROM command, but allows more flexibility in configuring
arbitrary image header offset. Also add an imximage.cfg with default
offset values into arm/arch/imx-common/ so the board-specific imximage.cfg
can include this file to avoid magic constants.
The syntax of BOOT_OFFSET command is "BOOT_OFFSET <u32 offset>".
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Tom Rini <trini@ti.com>
Acked-by: Stefano Babic <sbabic@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
The MX23 Boot ROM does blindly load from 2048 offset while the MX28
does parse the BCB header to known where to load the image from. We
move the BCB header to 4 sectors offset so same code can be used by
both SoCs avoiding code duplication.
This idea was given by Marek Vasut <marex@denx.de>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Tested-by: Marek Vasut <marex@denx.de>
The git config parameter log.decorate is quite useful when working with git.
Patman, however can not handle the decorated output when parsing the commit.
To prevent this use the '--no-decorate' switch for git-log.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Acked-by: Simon Glass <sjg@chromium.org>
When building host utilities, we include libfdt.h from the host, not from
U-Boot. This in turn brings in libfdt_env.h from the host, which can mess
up the types and cause a build failure, depending on the host environment.
To fix this, force inclusion of U-Boot's libfdt_env.h so that the types
are correct.
Another way to fix this is to use -nostdinc and -idirafter to ensure that
system includes are included after U-Boot ones. Unfortunately this means
that U-Boot's errno.h gets included instead of the system one. This in
turn requires a hack to errno.h to redirect things, so all in all the
solution in this patch is probably cleaner.
Signed-off-by: Simon Glass <sjg@chromium.org>
Give more flexibility to define configs that can be interpreted by make, e.g. to
define fallback values of configs like in the example below.
Before this change, the config lines:
#define CONFIG_SPL_MAX_SIZE 2048
#define CONFIG_SPL_PAD_TO CONFIG_SPL_MAX_SIZE
would have been changed in autoconfig.mk into:
CONFIG_SPL_MAX_SIZE=2048
CONFIG_SPL_PAD_TO="CONFIG_SPL_MAX_SIZE"
Hence, a make recipe using as an argument to $(OBJCOPY):
--pad-to=$(CONFIG_SPL_PAD_TO)
would have issued:
--pad-to="CONFIG_SPL_MAX_SIZE"
which means nothing for $(OBJCOPY) and makes it fail.
Thanks to this change, the config lines above are changed in autoconfig.mk into:
CONFIG_SPL_MAX_SIZE=2048
CONFIG_SPL_PAD_TO=$(CONFIG_SPL_MAX_SIZE)
Hence, the make recipe above now issues:
--pad-to=2048
as expected from the defined config.
Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Reviewed-by: Tom Rini <trini@ti.com>
UBI is a better place for the environment on NAND devices because it
handles wear-leveling and bad blocks.
Gluebi is needed in Linux to access the env as an MTD partition.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
For some series with lots of changes it is annoying that duplicate change
log items are not caught. It is also helpful sometimes to sort the change
logs.
Add a Series-process-log tag to enable this, which can be placed in a
commit to control this.
The change to the Cc: line is to fix a checkpatch warning.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Especially with the Linux kernel, it takes a long time (a minute or more)
to test-apply the patches, so patman becomes significantly less useful.
The only real problem that is found with this apply step is trailing spaces.
Provide a -a option to skip this step, for those working with clean patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Patman's regular expression for detecting the start of a
commit in a git log was a little simplistic and could be
confused if the git log itself had the word "commit" as
the start of a line (as this commit does). Make patman
a little more robust.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Often it happens that patches include tags which don't have aliases. It
is annoying that patman fails in this case, and provides no option to
continue other than adding empty tags to the .patman file.
Correct this by adding a '-t' option to ignore tags that don't exist.
Print a warning instead.
Since running the tests is not a common operation, move this to --test
instead, to reserve -t for this new option.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Atmel change to new logo since 2012. This patch update the logo to new one.
Signed-off-by: Josh Wu <josh.wu@atmel.com>
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
This tool handles building U-Boot to check that you have not broken it
with your patch series. It can build each individual commit and report
which boards fail on which commits, and which errors come up. It also
shows differences in image sizes due to particular commits.
Buildman aims to make full use of multi-processor machines.
Documentation and caveats are in tools/buildman/README.
Signed-off-by: Simon Glass <sjg@chromium.org>
These tags are used by Gerrit, so let's ignore all of them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
A few of the help messages are not quite right, and there is a typo
in the README. Fix these.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
This comment is less than helpful. Since multiple tags are supported, add
an example of how multiple tags work.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
At present something like:
Revert "arm: Add cache operations"
will try to use
Revert "arm
as a tag. Clearly this is wrong, so fix it.
If the revert is intended to be tagged, then the tag can come before
the revert, perhaps. Alternatively the 'Cc' tag can be used in the commit
messages.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
checkpatch has a new type of warning, a 'CHECK'. At present patman fails
with these, which makes it less than useful.
Add support for checks, making it backwards compatible with the old
checkpatch.
At the same time, clean up formatting of the CheckPatches() output,
fix erroneous "internal error" if multiple patches have warnings and
be more robust to new types of problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
The cover letter is sent to everyone who is on the Cc list for any of
the patches in the series. Sometimes it is useful to send just the cover
letter to additional people, so that they are aware of the series, but
don't need to wade through all the individual patches.
Add a new Cover-letter-cc tag for this purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Some versions of git don't seem to prompt you for the message ID that
your series is in reply to. Allow specifying this from the command
line.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Although "Reviewed-by:" is a tag that gerrit adds, it's also a tag
used by upstream. Stripping it is undesirable. In fact, we should
treat it as important.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Otavio Salvador <otavio@ossystems.com.br>
Acked-by: Simon Glass <sjg@chromium.org>
We normally read from the current branch, but buildman will need to look
at commits from another branch. Allow the metadata to be read from any
list of commits, to provide this flexibility.
Signed-off-by: Simon Glass <sjg@chromium.org>
Make raise_on_error a parameter so that we can control which commands
raise and which do not. If we get an error reading the alias file, just
continue.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than returning a list of things, return an object. That makes it
easier to access the returned items, and easier to extend the return
value later.
Signed-off-by: Simon Glass <sjg@chromium.org>
This adds a new library on top of subprocess which permits access to
the subprocess output as it is being generated. We can therefore
give the illusion that a process is running independently, but still
monitor its output so that we know what is going on.
It is possible to display output on a terminal as it is generated
(a little like tee). The supplied output function is called with all
stdout/stderr data as it arrives.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than the rather dull colours, use bright versions which normally
look better and are easier to read.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is easy to detect whether or not the process is connected to a terminal,
or piped to a file. Disable ANSI colours automatically when output is
not to a terminal.
Signed-off-by: Simon Glass <sjg@chromium.org>
While the kernel mainly uses pr_debug(...), etc, for debug messages, we
use debug(...). Add this to the list of logFunctions so that they are
correctly checked (and not warned against) for long string literals.
Signed-off-by: Tom Rini <trini@ti.com>
In certain cases, memory device is present as flat file or block device (via
mmc or mtdblock layer). Do not attempt MTD operations against it.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
and, if including libfdt.h which includes libfdt_env.h in
the correct order, don't include fdt.h before libfdt.h.
this is needed to get the fdt type definitions set from
the project environment before fdt.h uses them.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Cc: Jerry Van Baren <gvb.uboot@gmail.com>
To make it usable in git trees not providing a patch checker
implementation, add a command line option, allowing to suppress patch
check. While we are at it, sort debug options alphabetically.
Also, do not raise an exception if checkpatch.pl is not found - just
print an error message suggesting to use the new option, and return
nonzero status.
. unit test passes:
$ ./patman -t
<unittest.result.TestResult run=7 errors=0 failures=0>
. successfully used patman in the autotest tree to generate a patch
email (with --no-check option)
. successfully used patman in the u-boot tree to generate a patch
email
. `patman --help' now shows command line options ordered
alphabetically
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Acked-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
There are cases that we want to support different settings (or maybe
even different aliases) for different projects. Add support for this
by:
* Adding detection for two big projects: U-Boot and Linux.
* Adding default settings for Linux (U-Boot is already good with the
standard patman defaults).
* Extend the new "settings" feature in .patman to specify per-project
settings.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
This patch adds support for a [settings] section in the .patman file.
In this section you can add settings that will affect the default
values for command-line options.
Support is added in a generic way such that any setting can be updated
by just referring to the "dest" of the option that is passed to the
option parser. At the moment options that would make sense to put in
settings are "ignore_errors", "process_tags", and "verbose". You
could override them like:
[settings]
ignore_errors: True
process_tags: False
verbose: True
The settings functionality is also used in a future change which adds
support for per-project settings.
Signed-off-by: Doug Anderson <dianders@chromium.org>
For Linux the best way to figure out where to send a patch is with the
"get_maintainer.pl" script. Add support for calling it from patman.
Support is added unconditionally for "scripts/get_maintainer.pl" in
case it is helpful for any other projects.
Signed-off-by: Doug Anderson <dianders@chromium.org>
If we're sending a cover letter make sure to CC everyone that we're
CCing on each of the individual patches.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Currently we go through and generate the CC list for patches twice.
This gets slow when (in a future CL) we add a call to
get_maintainer.pl on Linux. Instead of doing things twice, just cache
the CC list when it is first generated.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
The Linux kernel stores checkpatch.pl in the scripts directory. Add
that to the search path to make things more automatic for kernel
development.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Several of the patman doctests assume that patman was run with:
./patman
Fix them so that they work even if patman is run with just "patman"
(because patman is in the path).
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
The patman test code was failing because some extra spaces got
stripped when it was applied. These spaces are critical to the test
code working.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
In order to mx53 ROM to properly load the U-boot image, its header size should
be multiple of 512 bytes.
This issue was observed with gcc 4.6.2/4.7.3, which caused data aborts:
U-Boot 2013.01-rc2-00172-gf8cfcf1-dirty (Dec 26 2012 - 13:13:28)
Board: MX53 LOCO
I2C: ready
DRAM: 1 GiB
MMC: FSL_SDHC: 0, FSL_SDHC: 1
In: serial
Out: serial
Err: serial
CPU: Freescale i.MX53 family rev2.1 at 1000 MHz
Reset cause: WDOG
Net: FEC
Warning: FEC using MAC address from net device
Hit any key to stop autoboot: 0
data abort
MAYBE you should read doc/README.arm-unaligned-accesses
pc : [<aff72220>] lr : [<aff721fc>]
sp : af565e20 ip : af566918 fp : 00000000
r10: 00000003 r9 : affabb5b r8 : af565f58
r7 : 00000000 r6 : 36747fff r5 : af5668e8 r4 : 36747fff
r3 : af5668ec r2 : af5668eb r1 : 00000000 r0 : af5668e8
Flags: NzcV IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
,and this patch fixes it.
Also, even though the ROUND macro is already defined in common.h,
the reason for redefining it in image.h is explained by Stefano Babic:
"I will remark a previous comment - even if including common.h seems a
good idea to avoid duplications, it makes tools like mkimage to depend
on the selected board, because <board>_config must run. Even if this is
not a problem for us u-boot developers, it becomes an issue when these
tools are included in distros (like u-boot-tools in Ubuntu) and cannot
be packaged."
Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com>
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
When using open(), the O_CREAT flag must be given a mode, otherwise it
uses random garbage from the stack. Also, it can fail to build:
In file included from /usr/include/fcntl.h:290:0,
from fw_env_main.c:42:
In function 'open',
inlined from 'main' at fw_env_main.c:97:9:
/usr/include/bits/fcntl2.h:50:24: error: call to '__open_missing_mode' declared
with attribute error: open with O_CREAT in second argument needs 3 arguments
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This variable is assigned by a size_t, and is printed that way, but is
incorrectly declared as an int. Which means we get warnings:
fw_env.c: In function 'fw_setenv':
fw_env.c:409:5: warning: format '%zu' expects argument of type 'size_t',
but argument 3 has type 'int' [-Wformat]
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Use the variable access flags to implement the protection for ethaddr
and serial# instead of hard-coding them.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Currently just validates variable types as decimal, hexidecimal,
boolean, ip address, and mac address. Call
env_acl_validate_setenv_params() from setenv() in fw_env.c.
If the entry is not found in the env .flags, then look in the static
one. This allows the env to override the static definitions, but prevents
the need to have every definition in the environment distracting you.
Need to build in _ctype for isdigit for Linux.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Often a particular patch may change only for some versions of a series.
For versions where there is no change, issue a change log indicating
that (for example 'Changes in v4: None').
For such lines, don't add a blank line afterwards, to conserve space.
Use list.insert() instead of list = [item] + list.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stefan Roese <sr@denx.de>
The BRANCH= tag can be used to indicate the destination branch for a
commit. Ignore this tag.
Also ignore the gerrit 'Commit-Ready:' tag.
Signed-off-by: Simon Glass <sjg@chromium.org>
When later we change to variable length
header, we won't know the file size when
set_imx_hdr is called. So this is prep work.
Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com>
Both set_imx_hdr_v1 and set_imx_hdr_v2 perform the
same check. Move check to before the set_imx_hdr call.
Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com>
Acked-by: Stefano Babic <sbabic@denx.de>
Before the len was checked after the entire file
was processed, so it could have already overflowed.
Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com>
Colored logs confuse patman when analyzing logs.
Add --no-color option in git log commands in case
the default config has color.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@ti.com>
There used to be a huge structure duplicated 3 times in the source.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Tom Rini <trini@ti.com>
Provide more information when using redundant environments
Consistently print debug info to stderr
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
