Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.
Summary:
-f auto => FIT with crc32 images
-f auto -g ... -o ... => FIT with signed images
-f auto-conf -g ... -o ... => FIT with sha1 images and signed confs
Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.
mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
-e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
-k /folder/with/key-files -g keyname -o sha256,rsa4096 \
-K u-boot.dtb -r kernel.itb
Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.
mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
-g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb
Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On a second and third look, a recent patch seems to be writing to the
wrong place - updating offsets from the address of the pointer instead
of what the pointer points to.
Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 2d1b2ac13f ("tool: ifwitool: Fix buffer overflow")
Acked-by: Sean Anderson <seanga2@gmail.com>
Unfortunately a recent patch snuck through without the require test
coverage. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 571bc4e67d ("binman: Support positioning an entry by and ELF symbol")
This property sets the minimum size of an entry, including padding but
not alignment. It can be used to reserve space for growth of an entry,
or to enforce a minimum offset for later entries in the section.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.
Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
This makes it possible to run the patman test suite simply by invoking
'pytest' from the patman sub-directory:
$ cd tools/patman
$ pytest
Otherwise, the top level .checkpatch.conf would be ignored and
multiple test_checkpatch.py tests would fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 648d8186dd, because
it broke usage of patman on Linux, whose check script doesn't know
about '--strict' or '--u-boot'.
Reported-by: Sjoerd Simons <sjoerd@collabora.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Sjoerd Simons <sjoerd@collabora.com>
In some cases it is useful to position an entry over the top of a symbol
in an ELF file. For example, if the symbol holds a version string then it
allows the string to be accessed from the fdtmap.
Add support for this.
Suggested-by: Pali Rohár <pali@kernel.org>
Suggested-by: Keith Short <keithshort@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
The current support for updating variables in a binary is hard-coded to
work with U-Boot:
- It assumes the image starts at __image_copy_start
- It uses the existing U-Boot-specific entry types
It is useful for other projects to use these feature.
Add properties to enable writing symbols for any blob, a way of specifying
the base symbol and a way of providing the ELF filename to allow symbol
lookup to take place.
With this it is possible to update a Zephyr image, such as zephyr.bin
after it has been built.
Signed-off-by: Simon Glass <sjg@chromium.org>
In some cases it is useful to have an entry overlap with another in a
section, either to update the contents within a blob, or to add an entry
to the fdtmap that covers only part of the blob.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some blobs are actually not necessary for the board to work correctly. Add
a property to allow this to be indicated. Missing optional blobs do not
cause a build failure.
Signed-off-by: Simon Glass <sjg@chromium.org>
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.
Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function which checks whether data is in ELF format or not. This
will be used by binman to check this for entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Support entries which can be optional depending on their contents. This
allows special entry types which appear in the image only when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Several etypes have this reference in their documentation. Now that we are
using rST, link to the section directly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
At present only the image (which is a section) has a filename. Move this
implementation to the entry_Section class so that any section can have a
filename. With this, the section data is written to a file.
This allows parts of an image to be written, along with the entire image.
Make a note that this can be used to include the contents of a section in
one image in another (later) image.
Signed-off-by: Simon Glass <sjg@chromium.org>
This now includes flags and the layout has changed slightly in recent
versions of Linux. Update the generator accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
The flags in this tool don't match the comments or help. Also the variable
names are quite confusing. Update them for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add messages to make it clearer which part of the FIT creation is failing.
This can happen when an invalid 'algo' property is provided in the .its
file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for rv1126 package header in mkimage tool.
Signed-off-by: Jagan Teki <jagan@edgeble.ai>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This is read-only data, so mark it as such.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Update to the latest "jammy" tag. This requires us to list libc6-i386 as
a required package to install (for nokia_rx51 tests) that was previously
implicit.
Signed-off-by: Tom Rini <trini@konsulko.com>
In preparation of adding the infodocs target to our CI install the
prerequisite texinfo software package.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This makes it possible to configure a project to use some other
location or script than the default scripts/get_maintainer.pl one used
in the U-Boot and Linux projects. It can be configured via a .patman
configuration file and accepts arguments, as documented.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This enables versioning a project specific patman configuration file.
It also makes it possible to declare the project name, which is not a
useful thing to do in $HOME/.patman. A new test is added, along
updated documentation.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rationale: if the user explicitly provide this argument, they probably
intend for it to be used.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This better matches Python conventions, allowing to easily test
whether the optional argument is provided.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Instead of propagating it from the module entry point (main script).
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The SafeConfigParser class has been renamed in Python 3.2 to
ConfigParser, and the old alias has been deprecated since.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove extraneous imports, variables and comply to PEP 8 maximum line
width, among other PEP 8 changes suggested by Pyflake.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Document that this command is the default and what it's intended for.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Pytest offers useful features such as selecting tests by means of a
regular expression, or running the pdb debugger upon encountering a
test failure.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Some tests would fail when the test data is not available, so it
doesn't make much sense to expose the action when patman is running
outside of the u-boot git checkout.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
With this change, a user can run the patman test suite using Pytest
the same as when using 'patman test':
$ cd tools/patman && pytest
[...]
44 passed, 8 warnings in 8.87s
$ ./patman test
Ran 44 tests in 8.460s
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This allows running the package as a Python module, like e.g.:
$ python -m patman
It also prevents Pytest from attempting to parse main.py, which
would cause errors.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Fix up main.py in __init__.py:
Signed-off-by: Simon Glass <sjg@chromium.org>
This resolves 10 out of 11 test failures seen when running './patman
test' from the 'tools/patman' subdirectory. This was caused by the
.checkpatch.conf configuration file at the root of the project not
being picked up. Make the test suite of patman independent from it by
always invoking the checkpatch.pl script with the minimally required
arguments for the test suite to pass.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Previously it would rely on the executing script location, which could
break for example when running the tests via 'pytest'.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This patch fixes all the PEP 8 warnings reported by Pyflake for the
gitutil module.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Rationale: this is more robust than assumptions about the file
hierarchy layout of the installation of patman, for example on non
file-hierarchy standard (FHS) systems such as Guix System or Nix OS.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This fixes a regression introduced in commit 74df491051 ("buildman:
Convert documentation to rST").
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Simon Glass <sjg@chromium.org>