Add a Bintool for this, which is used to sign Chrome OS images and
build the Google Binary Block (GBB). It supports the features needed by
binman as well as fetching a binary from Google Drive. Building it from
source is possible but is left for another time, as it requires at least
one other library.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to run FIP tests. It supports
the features needed by the tests as well as building a binary from
the git tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to run CBFS tests. It supports
the features needed by the tests as well as fetching a binary from
Google Drive. Building it from source is very slow since it is not
separately supported by the coreboot build system and it builds an
entire gcc toolchain before starting.
Signed-off-by: Simon Glass <sjg@chromium.org>
Support collecting the available bintools needed by an image, by
scanning the entries in the image.
Also add a command-line interface to access the basic bintool features,
such as listing the bintools and fetching them if needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman requires various tools to actually work, such as 'lz4' to compress
data and 'futility' to sign Chrome OS firmware. At present these are
handled in an ad-hoc manner and there is no easy way to find out what
tools are needd to build an image, nor where to obtain them.
Add an implementation of 'bintool', a base class which implements this
functionality. When a bintool is required, it can be requested from this
module, then executed. When the tool is missing, it can provide a way to
obtain it.
Note that this uses Command directly, not the tools.Run() function. This
allows proper handling of missing tools and avoids needing to catch and
re-raise exceptions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since this is a list of blobs, each blob should have the ability to be
faked, as with blob-ext. Update the Entry base class to set allow_fake
and use the base class in the section code also, so that this propagagtes
to blob-ext-list, which is not a section.
Signed-off-by: Simon Glass <sjg@chromium.org>
The Run() function automatically uses the PATH variable to locate a tool
when running it. Add a function that does this manually, so we don't have
to run a tool to find out if it is present.
This is needed by the new Bintool class, which wants to check which tools
are present.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reverse the order of the return tuple, so that the filename is first.
This seems more obvious than putting the temporary directory first.
Correct a bug that leaves a space on the final line.
Allow the caller to control the name of the temporary directory.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new function which returns the entire result from running a tool,
not just stdout. Update Run() to use this and to return stdout on error,
if stderr is empty, since some unfortunate tools write their error
output to stdout rather than stderr.
Move building of the PATH to a separate function.
Make the exception catching more specific, to catch just ValueError, since
broad exceptions are a pain to debug.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this does not check that the external data is in the expected
place. Use a non-zero offset for the external data and check it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is a debug message at present, which is not very helpful. Print out
the error so that action can be taken.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some newer toolchains do not create a symbol for the .ucode section that
this test relies on. Update the test to use the symbol that is explicitly
created, instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This behaviour is necessary with boards where the binman description
requires processing external blobs, since these may be missing.
Enable it by default, so that CI is happy. Warnings indicate that a valid
image is not produced, as with the --allow-missing option.
Signed-off-by: Simon Glass <sjg@chromium.org>
When OF_LIVE flag is enabled on a 64 bits platform, there is an
issue when dev_read_addr() is called and need to perform an address
translation using __of_translate_address().
In case of error, __of_translate_address() return's value is OF_BAD_ADDR
(wich is defined in include/dm/of.h to ((u64)-1) = 0xffffffffffffffff).
The return value of dev_read_addr() is often compared to FDT_ADDR_T_NONE
which is defined as (-1U) = 0xffffffff.
In this case the comparison is always false.
To fix this issue, define FDT_ADDR_T_NONE to (ulong)(-1) in case of
AARCH64. Update accordingly related tests.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The build system already automatically looks for and includes an
in-tree *-u-boot.dtsi when building the control .dtb. However, there
are some things that are awkward to maintain in such an in-tree file,
most notably the metadata associated to public keys used for verified
boot.
The only "official" API to get that metadata into the .dtb is via
mkimage, as a side effect of building an actual signed image. But
there are multiple problems with that. First of all, the final U-Boot
(be it U-Boot proper or an SPL) image is built based on a binary
image, the .dtb, and possibly some other binary artifacts. So
modifying the .dtb after the build requires the meta-buildsystem
(Yocto, buildroot, whatnot) to know about and repeat some of the steps
that are already known to and handled by U-Boot's build system,
resulting in needless duplication of code. It's also somewhat annoying
and inconsistent to have a .dtb file in the build folder which is not
generated by the command listed in the corresponding .cmd file (that
of course applies to any generated file).
So the contents of the /signature node really needs to be baked into
the .dtb file when it is first created, which means providing the
relevant data in the form of a .dtsi file. One could in theory put
that data into the *-u-boot.dtsi file, but it's more convenient to be
able to provide it externally: For example, when developing for a
customer, it's common to use a set of dummy keys for development,
while the consultants do not (and should not) have access to the
actual keys used in production. For such a setup, it's easier if the
keys used are chosen via the meta-buildsystem and the path(s) patched
in during the configure step. And of course, nothing prevents anybody
from having DEVICE_TREE_INCLUDES point at files maintained in git, or
for that matter from including the public key metadata in the
*-u-boot.dtsi directly and ignore this feature.
There are other uses for this, e.g. in combination with ENV_IMPORT_FDT
it can be used for providing the contents of the /config/environment
node, so I don't want to tie this exclusively to use for verified
boot.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Fix doc formatting error (make htmldocs)
Signed-off-by: Simon Glass <sjg@chromium.org>
For whatever reason, usb_setup_ehci_gadget removes and probes USB device
0. However, not all systems have a device 0. Use the first device
instead.
The device probed should probably have something to do with the
controller (as specified by e.g. ums <controller> or fastboot
<controller>). In fact, I find it odd that we probe the USB device in
the first place, because this is just to set up the gadget itself.
Presumably, the controller should be probed by usb_gadget_initialize
somehow.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add some tables needed for ARM devices, including more MADT subtables,
a CSRT descriptor, GTDT and PPTT.
WIP: This needs comments added.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this list is used to collect items within the DSDT and SSDT
tables. It is useful for it to collect the whole tables as well, so there
is a list of what was created and which write created each one.
Refactor the code accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this over to use a writer file, moving the code from the x86
implementation.
There is no need to store a separate variable since we can simply access
the ACPI context.
With this, the original monolithic x86 function for writing ACPI tables
is gone.
Note that QEMU has its own implementation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update this function to the newer style, so we can avoid passing and
returning an address through this function.
Also move this function out of the x86 code so it can be used by other
archs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Each board has its own way of creating this table. Rather than calling the
acpi_create_fadt() function for each one from a common acpi_write_fadt()
function, just move the writer into the board-specific code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Move this table over to use a writer function, moving the code from the
x86 implementation.
Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.
Disable this table for sandbox since we don't actually compile real ASL
code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this table over to use a writer function, moving the code from the
x86 implementation.
Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the new ACPI writer to write the base tables at the start of the area,
moving this code from the x86 implementation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the new ACPI writer to write the ACPI tables. At present this is all
done in one monolithic function. Future work will split this out.
Unfortunately the QFW write_acpi_tables() function conflicts with the
'writer' version, so disable that for sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present acpi_setup_base_tables() both sets up the ACPI context and
writes out the base tables.
We want to use an ACPI writer to write the base tables, so split this
function into two, with acpi_setup_ctx() doing the context set, and
acpi_setup_base_tables() just doing the base tables.
Disable the writer's write_acpi_tables() function for now, to avoid
build errors. It is enabled in a following patch.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we call lots of functions to generate the required ACPI tables.
It would be better to standardise these functions and allow them to be
automatically collected and used when needed.
Add a linker list to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is useful to record the start of an ACPI table so that offsets from
that point can be easily calculated.
Add this to the context and set it before calling the writer method.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some .asl files include others using the iasl 'include' directive. This
needs to be able to find the files referenced.
For an out-of-tree build the source directory is not the current
directory. Moreover, U-Boot preprocesses the input file and puts the
result in the output directory. So iasl does not know where the real
source file came from.
Add a -I option to produce the correct behaviour. We could add an option
to not preprocess the .asl source, but for now that seems unnecessary.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than keying everything off ACPIGEN, use the main
GENERATE_ACPI_TABLE option to determine whether the core ACPI code
is included. Make sure these option are not enabled in SPL/TPL since we
never generate tables there.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current EFI implementation confuses pointers and addresses. Normally
we can get away with this but in the case of sandbox it causes failures.
Despite the fact that efi_allocate_pages() returns a u64, it is actually
a pointer, not an address. Add special handling to avoid a crash when
running 'bootefi hello'.
Signed-off-by: Simon Glass <sjg@chromium.org>