On 'make clean', generated C files in tools/env/ and tools/boot/ are
currently not removed, but they should.
Auto-generation for shared sources was first introduced with
ad80c4a322 ("kbuild, tools: generate wrapper C sources automatically
by Makefile"). Cleanup later regressed (see Fixes:), because shared
files were moved out of lib/ and common/, but 'clean-dirs := lib common'
was not adjusted accordingly. Further, the generated
tools/env/embedded.c became a sibling to project files, which prevents
directory-wise cleanup at all.
To solve it, we establishe tools/generated/ as the sole place for
generated sources. Wrappers are now generated as
tools/generated/<orig_dirname>/<orig_filename>, and 'make clean' can
remove tools/generated/ as a whole (Linux Makefile.asm-generic headers
are cleaned similarly). This way we don't have to maintain separate
clean-files or clean-dirs entries for each single added or moved wrapper
file.
Fixes: 0649cd0d49 ("Move environment files from common/ to env/")
Fixes: 19a91f2464 ("Create a new boot/ directory")
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
[trini: Correct mkfwupdate case]
Signed-off-by: Tom Rini <trini@konsulko.com>
Add 'mkfwumdata' tool to generate FWU metadata image for the meta-data
partition to be used in A/B Update imeplementation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Renesas RZ/N1 devices contain BootROM code that loads a custom SPKG
image from QSPI, NAND or USB DFU. Support this format in mkimage tool.
SPKGs can optionally be signed, however creation of signed SPKG is not
currently supported.
Example of how to use it:
tools/mkimage -n board/schneider/rzn1-snarc/spkgimage.cfg \
-T spkgimage -a 0x20040000 -e 0x20040000 \
-d u-boot.bin u-boot.bin.spkg
The config file (spkgimage.cfg in this example) contains additional
parameters such as NAND ECC settings.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Having to use the -K option to mkimage to populate U-Boot's .dtb with the
public key while signing the kernel FIT image is often a little
awkward. In particular, when using a meta-build system such as
bitbake/Yocto, having the tasks of the kernel and U-Boot recipes
intertwined, modifying deployed artifacts and rebuilding U-Boot with
an updated .dtb is quite cumbersome. Also, in some scenarios one may
wish to build U-Boot complete with the public key(s) embedded in the
.dtb without the corresponding private keys being present on the same
build host.
So this adds a simple tool that allows one to disentangle the kernel
and U-Boot builds, by simply copy-pasting just enough of the mkimage
code to allow one to add a public key to a .dtb. When using mkimage,
some of the information is taken from the .its used to build the
kernel (algorithm and key name), so that of course needs to be
supplied on the command line.
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
The old text format is not much used anymore. Instead a new trace-cmd tool
has introduced a binary format for trace records.
Add support for generating this format. This involves removing the old
text format, adding various helpers for the new format and adjusting the
code to use an output file instead of stdout.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is very old and does not appear to be used. The CONFIG option
enabling it is no-longer present. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This seems to have been used by ppc4xx which was removed a while back.
The Kconfig does not exist so it is never built. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not a Kconfig option so we should not be setting it in the
Makefile. Rename it to use a CFS_ prefix, since this is still used in
mxsimage.c
In general tools should support all the features without reference to
CONFIG options, but this is left to the maintainer to look at.
Signed-off-by: Simon Glass <sjg@chromium.org>
- Drop CONFIG_BUILD_ENVCRC as this is never set directly but instead
means ENV_IS_EMBEDDED, so reference that in code and rename the Makefile
usage to BUILD_ENVCRC.
- Remove extra-$(CONFIG_ENV_IS_EMBEDDED) line as it could never be true,
and likely why there is an extra- line for CONFIG_ENV_IS_IN_FLASH (the
only use case today of embedded environments).
- With these slight changes we can then see that using the calculated
symbol of ENV_IS_EMBEDDED is the right thing to use in any code which
needs to know this situation and can remove CONFIG_ENV_IS_EMBEDDED
entirely.
Signed-off-by: Tom Rini <trini@konsulko.com>
With LTO enabled the U-Boot initial environment is no longer stored
in an easy accessible section in env/common.o. I.e. the section name
changes from build to build, its content maybe compressed and it is
annotated with additional data.
Drop trying to read the initial env with elf tools from the compiler
specific object file in favour of adding and using a host tool with
the only functionality of printing the initial env to stdout.
See also:
https://lore.kernel.org/all/927b122e-1f62-e790-f5ca-30bae4332c77@foss.st.com/
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The predefined NAND headers take too much spaces in the mtk_image.c.
Moving them into a new file can significantly improve the readability of
both mtk_image.c and the new mtk_nand_headers.c.
This is a preparation for adding more NAND headers.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Call pkg-config for each library individually.
This improves fallback handling.
Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 31a7688cbe ("tools: mkeficapsule: use pkg-config to get -luuid and -lgnutls")
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Instead of hardcoding -ltinfo as the flags needed to build
kwboot, use pkg-config when available.
We gracefully fallback on the previous behavior of hardcoding -ltinfo
if pkg-config is not available or fails with an error.
Reviewed-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Instead of hardcoding -luuid -lgnutls as the flags needed to build
mkeficapsule, use pkg-config when available.
We gracefully fallback on the previous behavior of hardcoding -luuid
-lgnutls if pkg-config is not available or fails with an error.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
U-Boot CRC-16 implementation uses polynomial x^16 + x^12 + x^5 + 1 which is
not standard CRC-16 algorithm, but it is known as CRC-16-CCITT. Rename file
crc16.c to crc16-ccitt.c to reduce confusion.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Marvell BootROM recognize only '\b' byte as backspace. Use terminfo
for retrieving current backspace sequence and replace any occurrence of
backspace sequence by the '\b' byte.
Reading terminfo database is possible via tigetstr() function from system
library libtinfo.so.*. So link kwboot with -ltinfo.
Normally terminfo functions are in <term.h> system header file. But this
header file conflicts with U-Boot "termios_linux.h" header file. So declare
terminfo functions manually.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
After BootROM successfully detects boot message pattern on UART it waits
until host stop sending data on UART. For example Armada 385 BootROM
requires that host does not send anything on UART at least 24 ms. If host
is still sending something then BootROM waits (possibly infinitely).
BootROM successfully detects boot message pattern if it receives it in
small period of time after power on.
So to ensure that host put BootROM into UART boot mode, host must send
continuous stream of boot message pattern with a small gap (for A385 at
least 24 ms) after series of pattern. But this gap cannot be too often or
too long to ensure that it does not cover whole BootROM time window when it
is detecting for boot message pattern.
Therefore it is needed to do following steps in cycle without any delay:
1. send series of boot message pattern over UART
2. wait until kernel transmit all data
3. sleep small period of time
At the same time, host needs to monitor input queue, data received on the
UART and checking if it contains NAK byte by which BootROM informs that
xmodem transfer is ready.
But it is not possible to wait until kernel transmit all data on UART and
at the same time in the one process to also wait for input data. This is
limitation of POSIX tty API and also by linux kernel that it does not
provide asynchronous function for waiting until all data are transmitted.
There is only synchronous variant tcdrain().
So to correctly implement this handshake on systems with linux kernel, it
is needed to use tcdrain() in separate thread.
Implement sending of boot message pattern in one thread and reading of
reply in the main thread. Use pthread library for threads.
This change makes UART booting on Armada 385 more reliable. It is possible
to start kwboot and power on board after minute and kwboot correctly put
board into UART boot mode.
Old implementation without separate thread has an issue that it read just
one byte from UART input queue and then it send 128 message pattern to the
output queue. If some noise was on UART then kwboot was not able to read
BootROM response as its input queue was just overflowed and kwboot was
sending more data than receiving.
This change basically fixed above issue too.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add CONFIG_TOOLS_MKEFICAPSULE. Then we want to always build mkeficapsule
if tools-only_defconfig is used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
While we intentionally set -std=gnu11 for building host tools, and have
for quite some time, we never dropped -std=gnu99 from tools/Makefile.
This resulted in passing -std=gnu11 ... -std=gnu99 when building, and
gnu99 would win. This in turn would result now in warnings such as:
tools/mkeficapsule.c:25:15: warning: redefinition of typedef 'u32' is a C11 feature [-Wtypedef-redefinition]
typedef __u32 u32;
^
Signed-off-by: Tom Rini <trini@konsulko.com>
To avoid having #ifdefs in a few functions which are completely different
in the board and host code, create a new image-host.c file.
Signed-off-by: Simon Glass <sjg@chromium.org>
This padding depends on board config file and therefore it makes the
mkimage binary tool board specific, which is not correct. One cannot use
mkimage tool built as a result for board A to generate images for board
B, even if both A and B are on the same platform.
This CONFIG_SYS_U_BOOT_OFFS padding was needed when kwbimage v1 contained
SPL code which loaded U-Boot proper based on CONFIG_SYS_U_BOOT_OFFS,
instead of reading correct offset from kwbimage header.
Now that SPL code parses kwbimage header and deterinate correct offset,
there is no need for this CONFIG_SYS_U_BOOT_OFFS padding anymore.
By removing it we also reduce the size of SPL code and therefore also
decrease the final size of v1 kwbimage. This means there is more space
for U-Boot proper binary.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
The mkimage host tool can be used to generate kwbimage v1 image with
secure header on host system for A38x plaform also when U-Boot is being
compiled for different platform. So there is no reason to not allow
compiling of mkimage/kwbimage with secure header support for e.g. x86-64
host.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
The CONFIG_SYS_U_BOOT_OFFS option may be defined as empty string.
In this case it causes compilation error:
tools/kwbimage.c: In function ‘image_headersz_v1’:
tools/kwbimage.c:1002:39: error: expected expression before ‘)’ token
if (headersz > CONFIG_SYS_U_BOOT_OFFS) {
^
tools/kwbimage.c:1006:41: error: expected expression before ‘)’ token
(int)headersz, CONFIG_SYS_U_BOOT_OFFS);
^
tools/kwbimage.c:1011:35: error: expected expression before ‘;’ token
headersz = CONFIG_SYS_U_BOOT_OFFS;
^
make[1]: *** [scripts/Makefile.host:112: tools/kwbimage.o] Error 1
make: *** [Makefile:1822: tools] Error 2
Check whether the value of CONFIG_SYS_U_BOOT_OFFS is really set.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
Host tool features, such as mkimage's ability to sign FIT images were
enabled or disabled based on the target configuration. However, this
misses the point of a target-agnostic host tool.
A target's ability to verify FIT signatures is independent of
mkimage's ability to create those signatures. In fact, u-boot's build
system doesn't sign images. The target code can be successfully built
without relying on any ability to sign such code.
Conversely, mkimage's ability to sign images does not require that
those images will only work on targets which support FIT verification.
Linking mkimage cryptographic features to target support for FIT
verification is misguided.
Without loss of generality, we can say that host features are and
should be independent of target features.
While we prefer that a host tool always supports the same feature set,
we recognize the following
- some users prefer to build u-boot without a dependency on OpenSSL.
- some distros prefer to ship mkimage without linking to OpenSSL
To allow these use cases, introduce a host-only Kconfig which is used
to select or deselect libcrypto support. Some mkimage features or some
host tools might not be available, but this shouldn't affect the
u-boot build.
I also considered setting the default of this config based on
FIT_SIGNATURE. While it would preserve the old behaviour it's also
contrary to the goals of this change. I decided to enable it by
default, so that the default build yields the most feature-complete
mkimage.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
image-sig.c is used to map a hash or crypto algorithm name to a
handler of that algorithm. There is some similarity between the host
and target variants, with the differences worked out by #ifdefs. The
purpose of this change is to remove those ifdefs.
First, copy the file to a host-only version, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.
The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.
To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Config option ARMADA_39X is never set so remove all dead code hidden under
ifdef CONFIG_ARMADA_39X blocks.
Also remove useless checks for CONFIG_ARMADA_38X define as this macro is
always defined for a38x code path.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then
mkimage/dumpimage will fail to link:
/usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc'
/usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc'
/usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt':
aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new'
/usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex'
/usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate'
/usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free'
/usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex'
collect2: error: ld returned 1 exit status
Signed-off-by: Joel Stanley <joel@jms.id.au>
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.
Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.
The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware
Having said that, you will be able to customize the code to fit
your specific requirements for your platform.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add a tool to update or insert an Octeon specific header into the U-Boot
image. This is needed e.g. for booting via SPI NOR, eMMC and NAND.
While working on this, move enum cvmx_board_types_enum and
cvmx_board_type_to_string() to cvmx-bootloader.h and remove the
unreferenced (unsupported) board definition.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Aaron Williams <awilliams@marvell.com>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
Have this symbol follow the pattern of all other such symbols.
This patch also removes a TODO from the code.
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c
Migrate to a simple wrapper like the other files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Align Kconfig and Kbuild logic to Linux 4.19 release with minimal impact
on files outside of this scope.
Our previous Kconfig sync was done by commit 5972ff077e ("kconfig /
kbuild: re-sync with Linux 4.18").
In this particular re-sync in order to keep clang support working a
number of related changes needed to be pulled in that had been missed
previously. Not all of these changes we easily traceable and so have
been omitted from the list below.
The imported Linux commits are:
[From prior to v4.18]
9f3f1fd29976 kbuild: Add __cc-option macro
d7f14c66c273 kbuild: Enable Large File Support for hostprogs
6d79a7b424a5 kbuild: suppress warnings from 'getconf LFS_*'
24403874316a Shared library support
86a9df597cdd kbuild: fix linker feature test macros when cross compiling with Clang
0294e6f4a000 kbuild: simplify ld-option implementation
[From v4.18 to v4.19]
96f14fe738b6 kbuild: Rename HOSTCFLAGS to KBUILD_HOSTCFLAGS
10844aebf448 kbuild: Rename HOSTCXXFLAGS to KBUILD_HOSTCXXFLAGS
b90a368000ab kbuild: Rename HOSTLDFLAGS to KBUILD_HOSTLDFLAGS
8377bd2b9ee1 kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS
f92d19e0ef9b kbuild: Use HOST*FLAGS options from the command line
4ab3b80159d4 kconfig: check for pkg-config on make {menu,n,g,x}config
693359f7ac90 kconfig: rename SYMBOL_AUTO to SYMBOL_NO_WRITE
f60b992e30ff kbuild: replace $(LDFLAGS) $(ldflags-y) with $(ld_flags)
2fb9279f2c3e kbuild: change ld_flags to contain LDFLAGS_$(@F)
c931d34ea085 arm64: build with baremetal linker target instead of Linux when available
5accd7f3360e kconfig: handle format string before calling conf_message_callback()
a2ff4040151a kconfig: rename file_write_dep and move it to confdata.c
0608182ad542 kconfig: split out useful helpers in confdata.c
adc18acf42a1 kconfig: remove unneeded directory generation from local*config
79123b1389cc kconfig: create directories needed for syncconfig by itself
16952b77d8b5 kconfig: make syncconfig update .config regardless of sym_change_count
d6c6ab93e17f kbuild: remove deprecated host-progs variable
56869d45e364 kconfig: fix the rule of mainmenu_stmt symbol
c151272d1687 kconfig: remove unused sym_get_env_prop() function
1880861226c1 kconfig: remove P_ENV property type
e3fd9b5384f3 scripts/dtc: consolidate include path options in Makefile
4bf6a9af0e91 kconfig: add build-only configurator targets
f1575595d156 kconfig: error out when seeing recursive dependency
5e8c5299d315 kconfig: report recursive dependency involving 'imply'
f498926c47aa kconfig: improve the recursive dependency report
98a4afbfafd2 kconfig: fix "Can't open ..." in parallel build
9a9ddcf47831 kconfig: suppress "configuration written to .config" for syncconfig
87a32e624037 kbuild: pass LDFLAGS to recordmcount.pl
d503ac531a52 kbuild: rename LDFLAGS to KBUILD_LDFLAGS
217c3e019675 disable stringop truncation warnings for now
bc8d2e20a3eb kconfig: remove a spurious self-assignment
fd65465b7016 kconfig: do not require pkg-config on make {menu,n}config
5a4630aadb9a ftrace: Build with CPPFLAGS to get -Qunused-arguments
Note that this adds new cleanup work to do in that we should adapt the
shared library support we have to what is now upstream.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>