Commit graph

763 commits

Author SHA1 Message Date
Lukas Funke
d8a2d3b290 binman: ftest: Add test for xilinx-bootgen etype
Add test for the 'xilinx-bootgen' etype

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Allow missing bootgen tool; comment testXilinxBootgenMissing() comment:
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-05 11:38:59 -06:00
Lukas Funke
7fcfa9d930 binman: etype: Add xilinx-bootgen etype
This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.

The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.

Here is an example of the etype in use:

    spl {
        filename = "boot.signed.bin";

        xilinx-bootgen {
            pmufw-filename = "pmu-firmware.elf";
            psk-key-name-hint = "psk0";
            ssk-key-name-hint = "ssk0";
            auth-params = "ppk_select=0", "spk_id=0x00000000";

            u-boot-spl-nodtb {
            };
            u-boot-spl-dtb {
            };
        };
    };

For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.

For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-05 11:33:18 -06:00
Lukas Funke
7f51fe5c6d binman: btool: Add Xilinx Bootgen btool
Add the Xilinx Bootgen as bintool. Xilinx Bootgen is used to create
bootable SPL (FSBL in Xilinx terms) images for Zynq/ZynqMP devices. The
btool creates a signed version of the SPL. Additionally to signing the
key source for the decryption engine can be passend to the boot image.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
2023-08-05 11:31:59 -06:00
Simon Glass
93a203d38b binman: Renumber 291 and 292 test files
These have ended up with the same numbers as earlier files. Fix them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-05 11:31:59 -06:00
Simon Glass
288ae53cb7 binman: Add a temporary hack for duplicate phandles
Three boards use a phandle in a FIT generator and the maintainer is
away. For now, add a hack to allow this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Simon Glass
d4d97661d2 binman: Support templates containing phandles
This provides support for phandles to be copied over from templates. This
is not quite safe, since if the template is instantiated twice (i.e. in
two different nodes), then duplicate phandles will be found. This will
result in an error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Simon Glass
af41b24eba binman: Remove templates after use
It is not necessary to keep templates around after they have been
processed. They can cause confusion and potentially duplicate phandles.

Remove them.

Use the same means of detecting a template node in _ReadImageDesc so that
the two places are consistent.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Simon Glass
b2f47a599c binman: Produce a template-file after processing
This file aids debugging when binman fails to get far enough to write out
the final devicetree file. Write it immediate after template processing.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
8f452bc557 binman: Show filename in missing blob help message
Show the filename next to the node path in missing blob help messages,
also show a generic missing blob message when there was no help message
for the help tag.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
c2600155af binman: Fix blank line usage for invalid images warning text
There is no blank line between last missing blob help message and the
header line for optional blob help messages.

  Image 'simple-bin' is missing external blobs and is non-functional: atf-bl31

  /binman/simple-bin/fit/images/@atf-SEQ/atf-bl31:
     See the documentation for your board. You may need to build ARM Trusted
     Firmware and build with BL31=/path/to/bl31.bin
  Image 'simple-bin' is missing external blobs but is still functional: tee-os

  /binman/simple-bin/fit/images/@tee-SEQ/tee-os:
     See the documentation for your board. You may need to build Open Portable
     Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin

  Some images are invalid

With this a blank line is inserted to make the text more readable.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
49dcd1c0bb binman: Override CheckOptional in fit entry
Missing optional blobs was not reported for generated entries, e.g.
tee-os on rockchip targets. Implement a CheckOptional to fix this.

After this the following can be shown:

  Image 'simple-bin' is missing optional external blobs but is still functional: tee-os

  /binman/simple-bin/fit/images/@tee-SEQ/tee-os (tee-os):
     See the documentation for your board. You may need to build Open Portable
     Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
d92c4dd27d binman: Report missing external blobs using error level
Print missing external blobs using error level and missing optional
external blobs using warning level. Also change to only print the header
line in color, red for missing and yellow for optional.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
05dec37488 binman: Update missing optional external blob warning text
Make it more clear that the missing external blob is optional in the
printed warning message.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Jonas Karlman
321f256c9b binman: Update tee-os missing blob help text
Make it a little bit more clear that it is U-Boot that should be built
with TEE=/path/to/tee.bin and not OP-TEE itself.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-02 12:05:57 -06:00
Lukas Funke
43176ed86d binman: elf: Check for ELF_TOOLS availability and remove extra semicolon
Check if elf tools are available when running DecodeElf(). Also
remove superfuous semicolon at line ending.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Revert part of patch to make binman test pass
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-02 07:51:09 -06:00
Lukas Funke
8c1fbd1f60 binman: ftest: Add test for u_boot_spl_pubkey_dtb
Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the
dtb and checks if the required nodes will be added to the images dtb.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
6cb6425408 binman: doc: Add documentation for Xilinx Bootgen bintool
Add documentation for the 'bootgen' bintool

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
5609843b57 binman: etype: Add u-boot-spl-pubkey-dtb etype
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.

The etype calls the underlying 'fdt_add_pubkey' tool.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
671bc43346 binman: btool: Add fdt_add_pubkey as btool
Add btool which calls 'fdt_add_pubkey'

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
c76831d189 binman: doc: Add documentation for fdt_add_pubkey bintool
Add documentation for btool which calls 'fdt_add_pubkey'

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
f0989c29f8 binman: blob_dtb: Add fake_size argument to ObtainContents()
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Lukas Funke
7a52a45e3a binman: Don't decompress data while signing
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.

While singing there is no reason to decompress data. Thus, decompression
should be disabled.

Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Christian Taedcke
289e6007cf binman: Add tests for etype encrypted
Add tests to reach 100% code coverage for the added etype encrypted.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Christian Taedcke
dcd3d76b7b binman: Allow cipher node as special section
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Christian Taedcke
473e5206f0 binman: Add support for externally encrypted blobs
This adds a new etype encrypted.

It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Simon Glass
df11aa7d74 binman: Add missing ssl documentation
Rerun 'binman bintool-docs' to regenerate bintools.rst

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:33:55 -06:00
Simon Glass
a6b44acaf5 binman: Renumber 277...289 TI test files
These have ended up with the same numbers as earlier files. Fix them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:33:55 -06:00
Simon Glass
176f1f68fa binman: Renumber 277_rockchip and 278_mkimage test files
These have ended up with the same numbers as earlier files. Fix them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:33:55 -06:00
Simon Glass
efda8ab201 binman: Tidy up tests for pre-load entry type
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:33:55 -06:00
Andrew Davis
15432ea611 binman: Overwrite symlink if it already exists
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.

Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:59 -04:00
Neha Malcom Francis
78144826bb binman: ti-secure: Add support for TI signing
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.

Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:58 -04:00
Neha Malcom Francis
6c66ccf26c binman: ti-board-config: Add support for TI board config binaries
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:58 -04:00
Simon Glass
24142ead21 binman: Reduce state.SetInt and bintool cmd to debug level
These are not very important message. Change them to use the 'debug' level
instead of 'detail'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
23b96e920b binman: Support writing symbols inside a mkimage image
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
696f2b73d6 binman: Support templates at any level
Allow templates to be used inside a section, not just in the top-level
/binman node.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
db0e3f13b4 binman: Add a test for templating in a FIT
Add this as a separate test case.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
35f72fb55a binman: Support templating with multiple images
Allow a template to appear in the top level description when using
multiple images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
f6abd5227a binman: Support simple templates
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.

It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.

Implement this mechanism.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
e1ad57e7ef binman: Correct handling of zero bss size
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
073fc36c17 binman: Drop __bss_size variable in bss_data.c
This is not needed since the linker script sets it up. Drop the variable
to avoid confusion.

Fix the prototype for main() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
b1e40ee734 binman: Provide a way to specify the fdt-list directly
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).

Allow a fit,fdt-list-val string-list property to be used instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Marek Vasut
fadad3a64a binman: Convert mkimage to Entry_section
This is needed to handle mkimage with inner section located itself in a
section.

Signed-off-by: Marek Vasut <marex@denx.de>
Use BuildSectionData() instead of ObtainContents(), add tests and a few
other minor fixes:
Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
20a317fb75 binman: Add more detail on how ObtainContents() works
This area of binman can be a bit confusing. Add some more comments to
help.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
7a58a0f319 binman: Update elf to return number of written symbols
Update the LookupAndWriteSymbols() function to return the number of
symbols written. Also add some logging for when debugging is not
enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
4649beae3e binman: Allow disabling symbol writing
Some boards don't use symbol writing but do access the symbols in SPL.
Provide an option to work around this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:58 -06:00
Simon Glass
f5ae32d794 binman: Read _multiple_data_files in the correct place
Move this to the ReadEntries() function where it belongs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:57 -06:00
Simon Glass
ac8d7cf1d0 binman: Use GetEntries() to obtain section contents
Some section types don't have a simple _entries list. Use the GetEntries()
method in GetEntryContents() and other places to handle this.

This makes the behaviour more consistent.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:57 -06:00
Simon Glass
c06c064332 binman: Init align_default in entry_Section
This should be set up in the init function, to avoid a warning about a
property not set up there. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-20 14:10:57 -06:00
Simon Glass
e22596113a binman: Correct coverage gap in control
Add a pragma to deal with the code-coverage gap which drops binman down to
90% coverage.

Fixes: de65b122a2 (tools: Fall back to importlib_resources on Python 3.6)

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-14 12:54:50 -04:00
Simon Glass
f2fac8b557 binman: Support writing symbols for ucode etypes
Allow symbol writing in these cases so that U-Boot can find the position
and size of U-Boot at runtime.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-05-11 10:25:29 +08:00