Commit graph

35 commits

Author SHA1 Message Date
Manorit Chawdhry
a3e407bef7 binman: ti-secure: Add support for firewalling entities
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.

The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2024-01-04 16:48:00 -05:00
Neha Malcom Francis
a4ed4c8a51 binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-11-02 22:38:01 -04:00
Sughosh Ganu
f1c8fc5e67 btool: mkeficapsule: Add support for EFI empty capsule generation
Add a method to the mkeficapsule bintool to generate empty
capsules. These are capsules needed for the FWU A/B update feature.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-13 14:01:42 -06:00
Lukas Funke
bff16109e3 binman: bintool: Change make target arg type from string to list
The argument type of `build_from_git` was changed from string to list
in d71e711699.

This commit adapts the argument type of all bintools using this
function.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2023-10-13 10:15:41 -07:00
Sughosh Ganu
3bd6fb980b btool: mkeficapsule: Add a bintool for EFI capsule generation
Add a bintool for generating EFI capsules. This calls the mkeficapsule
tool which generates the capsules.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-29 13:37:54 -04:00
Lukas Funke
7f51fe5c6d binman: btool: Add Xilinx Bootgen btool
Add the Xilinx Bootgen as bintool. Xilinx Bootgen is used to create
bootable SPL (FSBL in Xilinx terms) images for Zynq/ZynqMP devices. The
btool creates a signed version of the SPL. Additionally to signing the
key source for the decryption engine can be passend to the boot image.

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
2023-08-05 11:31:59 -06:00
Lukas Funke
671bc43346 binman: btool: Add fdt_add_pubkey as btool
Add btool which calls 'fdt_add_pubkey'

Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-24 09:34:10 -06:00
Neha Malcom Francis
78144826bb binman: ti-secure: Add support for TI signing
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.

Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-07-21 19:36:58 -04:00
Simon Glass
953d4177af binman: Support generation of x509 certificates
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 13:15:15 -08:00
Simon Glass
4583c00236 patman: Move library functions into a library directory
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.

To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-03-08 11:40:49 -08:00
Jonas Karlman
9b2fd2d228 binman: Add support for align argument to mkimage tool
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-26 10:47:45 -07:00
Quentin Schulz
fb132b3727 Revert "binman: btool: gzip: fix packer name so that binary can be found"
This reverts commit daa2da754a.

This commit is not needed anymore since the btool_ prefix is
automatically stripped by bintool.

Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-22 15:13:34 -07:00
Quentin Schulz
478332a345 binman: bintool: remove btool_ prefix from btool names
The binary is looked on the system by the suffix of the packer class.
This means binman was looking for btool_gzip on the system and not gzip.

Since a btool can have its btool_ prefix missing but its module and
binary presence on the system appropriately found, there's no need to
actually keep this prefix after listing all possible btools, so let's
remove it.

This fixes gzip btool by letting Bintool.find_bintool_class handle the
missing prefix and still return the correct class which is then init
with gzip name instead of btool_gzip.

Additionally, there was an issue with the cached module global variable.
The variable only stores the module and not the associated class name
when calling find_bintool_class.
This means that when caching the module on the first call to
find_bintool_class, class_name would be set to Bintoolbtool_gzip but the
module_name gzip only, adding the module in the gzip key in the module
dictionary. When hitting the cache on next calls, the gzip key would be
found, so its value (the module) is used. However the default class_name
(Bintoolgzip) is used, failing the getattr call.

Instead, let's enforce the same class name: Bintool<packer>, whatever
the filename it is contained in.

Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-22 15:13:34 -07:00
Simon Glass
d64af08f19 binman: Get futility by building it
A binary download is not great, since it depends on libraries being
present in the system. Build futility from source instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-21 10:37:47 +02:00
Quentin Schulz
7ac6842316 binman: bintool: bzip2: fix version function on non-Debian-based systems
Upstream bzip2 1.0.x actually is stuck when running bzip2 -V and
redirecting the output. This is fixed in Debian for about a decade
already in
https://git.launchpad.net/ubuntu/+source/bzip2/tree/debian/patches/20-legacy.patch?h=ubuntu/jammy
and in bzip2 1.1.x (no release yet, see
65179284ce
).

Fedora notably does not have such a patch.

Since bzip2 --help actually prints the version number too, let's use it
instead so that binman works fine on (hopefully) all distributions.

Fixes: 45aa279800 ("binman: Add bzip2 bintool")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Quentin Schulz
9c96786327 binman: btool: futility: use Bintool.version
Bintool.version can now be passed the binary argument to return the
version text, so there's no need to override it in futility anymore.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Quentin Schulz
4508fb9a77 binman: btool: fiptool: use Bintool.version
Bintool.version can now be passed the binary argument to return the
version text, so there's no need to override it in fiptool anymore.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Quentin Schulz
65e2c14d5a binman: btool: mkimage: use Bintool.version
Bintool.version already contains everything required to get the version
out of mkimage binary so let's not override it with its own
implementation.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Quentin Schulz
f17219ad42 binman: btool: lz4: use Bintool.version
Bintool.version already contains everything required to get the version
out of lz4 binary so let's not override it with its own implementation.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Quentin Schulz
daa2da754a binman: btool: gzip: fix packer name so that binary can be found
The binary is looked on the system by the suffix of the packer class.
This means binman was looking for btool_gzip on the system and not gzip.

Therefore, let's pass "gzip" as the name so that it can be found and
used.

Fixes: 0f369d7992 ("binman: Add gzip bintool")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-01 11:36:36 -06:00
Stefan Herbrechtsmeier
cd15b640b0 binman: Add zstd bintool
Add zstd bintool to binman to support on-the-fly compression.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Stefan Herbrechtsmeier
432a825520 binman: Add xz bintool
Add xz bintool to binman to support on-the-fly compression.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Stefan Herbrechtsmeier
7b26a4608c binman: Add lzop bintool
Add lzop bintool to binman to support on-the-fly compression.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Stefan Herbrechtsmeier
0f369d7992 binman: Add gzip bintool
Add gzip bintool to binman to support on-the-fly compression of Linux
kernel images and FPGA bitstreams. The SPL basic fitImage implementation
supports only gzip decompression.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename the module and support this, since gzip.py is a system module:
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Stefan Herbrechtsmeier
45aa279800 binman: Add bzip2 bintool
Add bzip2 bintool to binman to support on-the-fly compression.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 18:07:33 -06:00
Simon Glass
3390948c0f binman: Correct Chromium OS entry types
The conversion to bintools broke the invocation of the utility, since
the arguments are not correct. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
c1aa66e75d patman: Convert camel case in tools.py
Convert this file to snake case and update all files which use it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-09 12:26:12 -07:00
Simon Glass
4cd4ee0432 binman: Add a bintool implementation for lzma_alone
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lzma-alone package.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
992d475003 binman: Add a bintool implementation for lz4
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lz4 package.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
e1b7e4ddb6 binman: Add a bintool implementation for mkimage
Add a Bintool for this, which is used to build images for use by U-Boot.
It supports the features needed by binman as well as installing via the
u-boot-tools packages. Although this is built in the U-Boot tree, it is
still useful to install a binary on the system.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
6f7eb0c037 binman: Add a bintool implementation for ifwitool
Add a Bintool for this, which is used to build Intel IFWI images. It
supports the features needed by the tests as well as downloading a binary
from Google Drive. Although this is built in the U-Boot tree, it is not
currently included with u-boot-tools, so it may be useful to install a
binary on the system.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
9d3a7a2e0b binman: Add a bintool implementation for futility
Add a Bintool for this, which is used to sign Chrome OS images and
build the Google Binary Block (GBB). It supports the features needed by
binman as well as fetching a binary from Google Drive. Building it from
source is possible but is left for another time, as it requires at least
one other library.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
bf87b203a3 binman: Add a bintool implementation for fiptool
Add a Bintool for this, which is used to run FIP tests. It supports
the features needed by the tests as well as building a binary from
the git tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
d38833373b binman: Add a bintool implementation for cbfstool
Add a Bintool for this, which is used to run CBFS tests. It supports
the features needed by the tests as well as fetching a binary from
Google Drive. Building it from source is very slow since it is not
separately supported by the coreboot build system and it builds an
entire gcc toolchain before starting.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
3b47dfa506 binman: Add tests for bintool
Add tests to cover the bintool functionality.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00