Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UBI_IOCVOLUP ioctl can fail if exclusive access to the volume isn't
obtained. If this happens, the flush operation doesn't return error,
leaving the caller without knowledge of missing flush.
Fix this by forwarding the error (-1) from ubi_update_start().
Fixes: 34255b92e6 ("tools: env: Add support for direct read/write UBI volumes")
Signed-off-by: Martin Hundebøll <martin@geanix.com>
These commands were disabled when CONFIG_FIT_SIGNATURE is disabled, but
they do not depend on crypto support so they can be unconditionally
enabled.
Signed-off-by: Joel Stanley <joel@jms.id.au>
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then
mkimage/dumpimage will fail to link:
/usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc'
/usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt':
aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new'
/usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex'
/usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate'
/usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free'
/usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex'
collect2: error: ld returned 1 exit status
Signed-off-by: Joel Stanley <joel@jms.id.au>
The propoerty sign-images points to images in the configuration
node. But thoses images may references severals "sub-images" (for
example for images loadable). This commit adds the support of
severals sub-images.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit creates a function fit_config_add_hash that will be
used in the next commit to support several 'sub-images'.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage is only able to package aarch32 binaries. Add support for
AArch64 images.
One can create a ARM64 image using the following command line:
mkimage -T mtk_image -a 0x201000 -e 0x201000 -n "media=emmc;arm64=1"
-d bl2.bin bl2.img
Signed-off-by: Fabien Parent <fparent@baylibre.com>
The existing socfpgaimage always pads the image to the maximum size of
OCRAM size. This will break in the encryption flow where it expects the
image to be un-padded. The encryption tool will do the encryption for
the whole image and append the signature key at end of the image.
The signature key will append to beyond the size of OCRAM if the image
is padded with the maximum size before encryption.
Move the padding step from socfpgaimage to Makefile and pads with objcopy
command.
socfpgaimage will pad the image with 16 bytes aligned (including CRC word),
this is a requirement in encryption flow.
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Print image header information if the header is verified.
Example output from mkimage "-l" option:
$ ./tools/mkimage -l spl/u-boot-spl.sfp
Image Type : Cyclone V / Arria V SoC Image
Validation word : 0x31305341
Version : 0x00000000
Flags : 0x00000000
Program length : 0x00003a59
Header checksum : 0x00000188
$ ./tools/mkimage -l spl/u-boot-spl.sfp
Image Type : Arria 10 SoC Image
Validation word : 0x31305341
Version : 0x00000001
Flags : 0x00000000
Header length : 0x00000014
Program length : 0x000138e0
Program entry : 0x00000014
Header checksum : 0x00000237
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
When deleting a variable we must check that the GUID provided by the
user matches the GUID of the variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
According to https://pep8.org/#indentation we should use 4 spaces per
indentation level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
When tools: efivar.py is called without arguments an error occurs:
Traceback (most recent call last):
File "tools/efivar.py", line 380, in <module>
main()
File "tools/efivar.py", line 360, in main
args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'
Show the online help if the arguments do not specify a function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.
Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
arm64:
- DT updates
microblaze:
- Add support for NOR device support
spi:
- Fix unaligned data write issue
nand:
- Minor code change
xilinx:
- Fru fix in limit calculation
- Fill git repo link for all Xilinx boards
video:
- Add support for seps525 spi display
tools:
- Minor Vitis file support
cmd/common
- Minor code indentation fixes
serial:
- Uartlite debug uart initialization fix
-----BEGIN PGP SIGNATURE-----
iFsEABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCX/ROlgAKCRDKSWXLKUoM
IRC5AIkBzg4Sz8fQgdCiOK89k7tdFKMAnA9SYhgm4TSCzffZCJwnm78QoGAC
=4FnY
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.04' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next
Xilinx changes for v2021.04
arm64:
- DT updates
microblaze:
- Add support for NOR device support
spi:
- Fix unaligned data write issue
nand:
- Minor code change
xilinx:
- Fru fix in limit calculation
- Fill git repo link for all Xilinx boards
video:
- Add support for seps525 spi display
tools:
- Minor Vitis file support
cmd/common
- Minor code indentation fixes
serial:
- Uartlite debug uart initialization fix
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl/09LURHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIrebjwwf/fHRjYsAY/Yj/+y1xgo3L3sphIvQUqTDF
KkLl+kHdV5r8W/HJULxLQcF2r7pcPEI6TAQxuj3qQ5SUvm2HviS8GHGPawDEwyht
HgBp9VD56+HUadMfnbG//DVS73ycbL4XSKlYqpkINEejtnlttsCIawUXX5cTyGM/
59VkgnKrKvJQRUXvYLa8MTugTs4fkPJGDqhActBk/7SP1SImj+rfalNSqA2/dx6y
2RnPCSzB1x2231KSj+B1NgGlR3Xb8P8zgh20ijcEU/hrlXBTZyi7K7f4SJR30Efu
LYkkuj4VbxcV/25RozR0fmknqCs0QyAI+/dql6TNtbTSPC/jAfj0jQ==
=9kN3
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-5jan21' of git://git.denx.de/u-boot-dm into next
Driver model: make some udevice fields private
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
Some of these tests don't actually check anything. Add a few more checks
to complete the tests.
Also add a simple scan test that does the basics.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move the tests related to scanning into their own class, updating them
to avoid using dtb_platdata as a pass-through.
Signed-off-by: Simon Glass <sjg@chromium.org>
Before expanding the scanning features any more, move this into a separate
file. This will make it easier to maintain in the future. In particular,
it reduces the size of dtb_platdata.py and allows us to add tests
specifically for scanning, without going through that file.
The pieces moved are the Driver class, the scanning code and the various
naming functions, since they mostly depend on the scanning results.
So far there is are no separate tests for src_scan. These will be added
as new functionality appears.
This introduces no functional change.
Signed-off-by: Simon Glass <sjg@chromium.org>
This has not been needed since parent information was added and we started
using indicies for references to other drivers instead of pointers. It was
kept around in the expectation that it might be needed later.
However with the latest updates, it doesn't seem likely that we'll need
this in the foreseeable future.
Drop dm_populate_phandle_data() from dtoc and driver model.
Signed-off-by: Simon Glass <sjg@chromium.org>
Previously we had to worry about nodes being output before those that they
depended on, thus causing build errors. So the current algorithm is
careful to output nodes in the right order.
We now use a different method for outputting phandles that does not
involve pointers. Also we plan to add a 'declarations' header file to
declare all drivers as 'extern'.
Update the code to drop the dependency checking and output in a simple
loop. This makes the output easier to follow since drivers are in order of
thier indices (0, 1, ...), which is also the order it appears in in the
linker list.
Signed-off-by: Simon Glass <sjg@chromium.org>
The base directory of U-Boot, where the source is, it currently calculated
from the directory of the dtb_platdata.py script. If this is installed
elsewhere that will not work. Also it is inconvenient for tests.
Add a parameter to allow specifying this base directory.
To test this, pass a temporary directory with some files in it and check
that they are passed to scan_driver().
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than the if/else construct, update OutputFile with the method to
call to process each command. This is easier to maintain as the number of
commands increases.
Rename generate_tables to generate_plat since it better describes what is
being generated ('plat' is the U-Boot name for platform data).
With this, each output method needs to have the same signature. Store the
output structures in a member variable instead of using parameters, to
accomplish this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use this new name to be consistent with the rest of U-Boot, which talks
about 'plat' for the platform data, which is what this file holds.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is currently fairly obvious what the two generated files are for, but
this will change as more are added. It is helpful for readers to describe
the purpose of each file.
Add a header commment field to OutputFile and use it to generate a comment
at the top of each file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the standard function for running tests and reported results. This
allows the tests to run in parallel, which is a significant speed-up on
most machines (e.g. 4.5 seconds -> 1.5s on mine).
Signed-off-by: Simon Glass <sjg@chromium.org>
This gives a warning in some situations:
File "tools/dtoc/../concurrencytest/concurrencytest.py", line 95,
in do_fork
stream = os.fdopen(c2pread, 'rb', 1)
File "/usr/lib/python3.8/os.py", line 1023, in fdopen
return io.open(fd, *args, **kwargs)
RuntimeWarning: line buffering (buffering=1) isn't supported in binary
mode, the default buffer size will be used
Fix this by dropping the line-buffer parameter.
Signed-off-by: Simon Glass <sjg@chromium.org>
We use the U_BOOT_ prefix (i.e. U_BOOT_DRIVER) to declare a driver but
in every other case we just use DM_. Update the alias macros to use the
DM_ prefix.
We could perhaps rename U_BOOT_DRIVER() to DM_DRIVER(), but this macro
is widely used and there is at least some benefit to indicating it us a
U-Boot driver, particularly for code ported from Linux. So for now, let's
keep that name.
Signed-off-by: Simon Glass <sjg@chromium.org>
This does not get a device (struct udevice *) but a struct driver_info *
so the name is confusing.
Rename it accordingly. Since we plan to have several various of these
macros, put GET at the end instead of the middle, so it is easier to spot
the related macros.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current macro is a misnomer since it does not declare a device
directly. Instead, it declares driver_info record which U-Boot uses at
runtime to create a device.
The distinction seems somewhat minor most of the time, but is becomes
quite confusing when we actually want to declare a device, with
of-platdata. We are left trying to distinguish between a device which
isn't actually device, and a device that is (perhaps an 'instance'?)
It seems better to rename this macro to describe what it actually is. The
macros is not widely used, since boards should use devicetree to declare
devices.
Rename it to U_BOOT_DRVINFO(), which indicates clearly that this is
declaring a new driver_info record, not a device.
Signed-off-by: Simon Glass <sjg@chromium.org>
With upcoming changes, dtoc will output several files for different
of-platdata components.
Add a way to output all ava!ilable files at once ('all'), to the
appropriate directories, without needing to specify each one invidually.
This puts the commands in alphabetical order, so update the tests
accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Implement the 'output directory' feature, allowing dtoc to write the
output files separately to the supplied directories. This allows us to
handle the struct and platdata output in one run of dtoc.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present dtoc writes only a single file on each invocation. U-Boot
writes the two files it needs by separate invocations of dtoc. Since dtoc
now scans all U-Boot driver source, this is fairly slow (about 1 second
per file).
It would be better if dtoc could write all the files at once.
In preparation for this, add a way to specify an output directory for the
files.
Signed-off-by: Simon Glass <sjg@chromium.org>
Normally dtoc outputs to a file but it also offers a way to write output
to stdout. At present the test for that does not actually check that the
output is correct. Add this to the test.
This uses a member variable to hold the expected text, so it can be used
in muitiple places.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present dtoc uses '-' internally to mean that output should go to
stdout. This is not necessary and None is more convenient. Update it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this member holds a simple list of driver names. Update it to
be a dict of DriverInfo, with the name being the key. This will allow more
information to be added about each driver, in future patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reduce the length of output_node() futher by moving the struct-output
functionality into a two separate functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is annoying to have this function inside its parent since it makes the
parent longer and hard to read. Move it to the top level.
Signed-off-by: Simon Glass <sjg@chromium.org>
These have crept in again. Update the file to fix all but these ones:
dtb_platdata.py:143:0: R0902: Too many instance attributes (10/7)
(too-many-instance-attributes)
dtb_platdata.py:713:0: R0913: Too many arguments (6/5)
(too-many-arguments)
Signed-off-by: Simon Glass <sjg@chromium.org>
The spl-test4 node deliberately has an invalid compatible string. This
causes a warning from dtoc and the check it does is not really necessary.
Drop it, to avoid the warning and associated confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.
The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Buildman reuses build directories from previous builds to avoid the cost
of 'make mrproper' for every build. If the previous build produced an SPL
image but the current one does not, the SPL image will remain and buildman
will think it is a result of building the current board.
Remove these files before building, to avoid this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add defaults for FSF/GNU projects, such as gcc, that provide sensible
settings for those projects.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>