Binman's FIT entry type can have image subentries with "hash" subnodes
intended to be processed by mkimage, but not binman. However, the Entry
class and any subclass that reuses its implementation tries to process
these unconditionally. This can lead to an error when boards specify
hash algorithms that binman doesn't support, but mkimage supports.
Let entries skip processing these "hash" subnodes based on an instance
variable, and set this instance variable for FIT subsections. Also
re-enable processing of calculated and missing properties of FIT entries
which was disabled to mitigate this issue.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
First binary executable header is extracted by '-p 1' argument.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
These two commands are currently not processed when generating v0 images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
When pflag is set then kwbimage was invoked by dumpimage and not mkimage.
So do not show mkimage error message in this case.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
dumpimage is now able to successfully parse and dump content of the Dove
bootloader image.
Note that support for generating these extended parts of v0 images is not
included yet.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Extended and binary headers are optional and are part of the image header.
Fixes kwboot to determinate correct length of Dove images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
They are used by Marvell Dove 88AP510 BootROM.
After the main header is a list of optional extended headers and after that
is a list of optional binary executable headers. Between each two extended
headers is additional 0x20 byte long padding.
Original Kirkwood SoCs support only one extended header and no binary
executable header.
Extension of struct ext_hdr_v0 is backward compatible with the old
definition. Only reserved[] fields are changed.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
End of DATA register section is indicated by zero value in both raddr and
rdata.
So do not stop dumping registers with non-zero address and zero value.
And also print end of DATA registers section.
Fixes: 1a8e6b63e2 ("tools: kwbimage: Dump kwbimage config file on '-p -1' option")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reported-by: Tony Dinh <mibodhi@gmail.com>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIGtKEACgkQxIHbvCwF
GsSWlg//Vr61dpbpPVuczl18OtojpUzMg8bwqc4tJQRQrOGMGjmPqrGZJCm1pmMH
Q5ZD4QCAdycbRqAqcpdX9FXHmD5R0HvGmhlC9TnXxo4nKaOcphMMC3PFjBQZlhPJ
KPc7jjoIcycz+fRqbd4CGRFXNGJAecK++4uM6v6WCNF3Dq16r0ws1aUTG7YPlaJF
JNo3/4eEQpRsplNXpJsqVPQhbfLuaiCOJc8VUWYNylRdhBC7Dx8yI7m1FHOSBbKb
Pk4tbysEhowcSc2Duc9muxkaVAkSy/mIHj1I8Z2VzpzH8zXcaiHMjROqMGOE+vwx
raDzJI0ZcEV/MEbm/QLCALlCKqN3d1NRmZLAvXPYN4+ioA8lzPAEnqEywXRPY/Yk
KnkDWaF1KEKzDaY52oqkh2LkasY9wzluvb1sm+oW9bh/kn4wKLr0Z1oSl92/vvci
S/ztLqxhqlXpWx0NzOFnNvUUkEl0VN6IM/+Bsg5AoO7mdWe7MC3iSPOU1Ge5wRU9
R9BLaTrr61/+soc2jrJL5PQr3Rqtyo1qLpIusMFT88jeFp0b8AIUL2AUlJsAUXYg
a2NV7qGUsZN/Ur488N1t7DixTkjGdStHKRk06bSTPrOpfA2oembdA2/H/HECoJMP
JzdwMeZM0qcxFGTbC7c3yO3cTVVYPyIDGh1YEBYjCzfL6AuR2uU=
=AAdJ
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add CONFIG_TOOLS_MKEFICAPSULE. Then we want to always build mkeficapsule
if tools-only_defconfig is used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Environment variables can be stored in two formats:
1. Single entry with header containing CRC32
2. Two entries with extra flags field in each entry header
For that reason fw_env_open() has two main code paths and there are
pointers for CRC32/flags/data.
Previous implementation was a bit hard to follow:
1. It was checking for used format twice (in reversed order each time)
2. It was setting "environment" global struct fields to some temporary
values that required extra comments explaining it
This change simplifies that code:
1. It introduces two clear code paths
2. It sets "environment" global struct fields values only once it really
knows them
To be fair there are *two* crc32() calls now and an extra pointer
variable but that should be cheap enough and worth it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's usually easier to understand code & follow it if all arguments are
passed explicitly. Many coding styles also discourage using global
variables.
Behaviour of flash_io() was a bit unintuitive as it was writing to a
buffer referenced in a global struct. That required developers to
remember how it works and sometimes required hacking "environment"
global struct variable to read data into a proper buffer.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Addresses the feedback provided on 5902a397d0 ("mkimage: Allow to
specify the signature algorithm on the command line") which raced with
the merge.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
binman fit improvements
ACPI fixes and making MCFG available to ARM
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmIEGscRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZVkwf/RO9qLM/qtpcvtzFTciVFa/GQwd922abw
Anc4DYDBFTWfVymBTZT4Te0luTkZpqBV9cLEGw4XGYKGt+daVYB4cNKknKDOWqLI
adF7xHK2utT3OBlR7pL4d0Rvq0DAAFmyizkbi/CKHhrrpPkW8rPEiZlMwi+WQlTb
9Qv3deoVnRn3ivgw3AnTny+S52IFuI9pH4a34ASWfpOi3gGzICtIAnhVpRXdD+3A
TIhgK6XaGxBc0lVThsqc20FWfZ6rb4WyBRTRgbYivHn/fQxkynxBdSD6WU1ZdGH8
UZGjk5wBIkf+OyHjNQo/VEwoRHXR1k435+gsehUV8LvzytUykzP/FA==
=7Gel
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-8feb22-take3' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm
patman snake-case conversion
binman fit improvements
ACPI fixes and making MCFG available to ARM
[trini: Update scripts/pylint.base]
Signed-off-by: Tom Rini <trini@konsulko.com>
Currently it is possible to call "kwboot -b -t /dev/ttyUSB0" but not to
call "kwboot -b /dev/ttyUSB0".
Fix it by not trying to process the last argv[], which is non-getopt()
option (tty path) as the image path for -b.
Fixes: c513fe47dc ("tools: kwboot: Allow to use option -b without image path")
Reported-by: Marcel Ziswiler <marcel@ziswiler.com>
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marcel Ziswiler <marcel@ziswiler.com>
Tested-by: Marcel Ziswiler <marcel@ziswiler.com>
Quit esc sequence may be also in the middle of the read buffer.
Fix the detection for that case.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The binman FIT entry type shares some code with the Section entry type.
This shared code is bound to grow, since FIT entries are conceptually a
variation of Section entries.
Make FIT entry type a subclass of Section entry type, simplifying it a
bit and providing us the features that Section implements. Also fix the
subentry alignment test which now attempts to write symbols to a
nonexistent SPL ELF test file by creating it first.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Avoid AddMissingProperties() and SetCalculatedProperties() with FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman can check for missing binary tools and prints warnings if
anything required for an image is missing. The implementation of this
for the Section entry only checks the subentries, presumably because
Section does not use any binary tools itself. However, this means the
check is also skipped for subclasses of Section which might need binary
tools.
Make sure missing binary tools are checked for subclasses of the Section
entry type as well, by calling the parent class' implementation in
the relevant Section method.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Binman keeps track of binary tools each entry wants to use. The
implementation of this for the FIT entry only adds "mkimage", but not
the tools that would be used by its subentries.
Register the binary tools that FIT subentries will use in addition to
the one FIT itself uses, and check their existence by copying the
appropriate method from Section entry type. Also add tests that check if
these subentries can use and warn about binary tools.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Binman tries to expand some entries into parts that make it up, e.g.
'u-boot' into a 'u-boot-expanded' section that contains 'u-boot-nodtb'
and 'u-boot-dtb'. Entries with child entries must call ExpandEntries()
on them to build a correct image, as it's possible that unexpanded child
entries have no data of their own. The FIT entry type doesn't currently
do this, which means putting a "u-boot" entry inside it doesn't work as
expected.
Implement ExpandEntries() for FIT and add a copy of a simple FIT image
test that checks subentry expansion in FIT entries.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This method has the same name as its class which is confusing. It is also
annoying when searching the code.
It builds a string with a colour, so rename it to build().
Signed-off-by: Simon Glass <sjg@chromium.org>
Rename this function so that when we convert it to snake case it will not
conflict with the built-in print() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a -a option to specify changes to the config before the build
commences. For example
buildman -a ~CONFIG_CMDLINE
disables CONFIG_CMDLINE before doing the build.
This makes it easier to try things out as well as to write tests without
creating a new board or manually manging the .config file.
Signed-off-by: Simon Glass <sjg@chromium.org>
If a thread crashes it is helpful to try the operation again with
threading disabled. Add a hint about that.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the only straightforward way to write tests that need a
slightly different configuration is to create a new board with its own
configuration. This is cumbersome.
It would be useful if buildman could adjust the configuration of a build
on the fly. In preparation for this, add a utility library which can
modify a .config file according to various parameters passed to it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the full horror of the Python traceback is shown by default. It
is normally only useful for debugging. Turn it off by default and add a
--debug flag to enable it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this function does not run the doctests. Allow the caller to
pass these modules in as strings.
Update patman to use this.
Signed-off-by: Simon Glass <sjg@chromium.org>
malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If `sb_load_cmdfile()` fails to open the configuration file it will jump
to error handling where the code will try to `fclose()` the FILE pointer
which is NULL causing `mkimage` to segfault.
This patch removes the label for error handling and instead returns
immediately which skips the `fclose()` and prevents the segfault. The
errno is also described in the error message to guide users.
Signed-off-by: Mattias Hansson <hansson.mattias@gmail.com>
Reviewed-by: Wolfgang Denk <wd@denx.de>
For adding signing feature for capsule authentication to the host tool,
mkeficapsule, we will link gnutls library for crypto operation.
Since we need this command to complete the capsule authentication test
on sandbox in CI loop, necessary packages must be installed on the host.
See my patch, "tools: mkeficapsule: add firmware image signing."
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
mkimage segfaults due to the ASLR mechanism on MacOS arm64
It is required to use _dyld_get_image_vmaddr_slide()
to prevent segfault on MacOS arm64
This patch is based on the discussion
3b142045e8
Thanks to Jessica Clarke, Ronny Kotzschmar and ptpt52 github user
Reviewed-by: Jessica Clarke <jrtc27@jrtc27.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
binman support for listing files with generated entries
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmH3WqwRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYzPAf/bRBppRDMhjGP5DCCLmF3WwqeLPVBVI42
O5vjC1fNChpEADiV6HFt6Ply+lpWe/BL5/BxHJ8NE9yDUeJOQlBO3wjbNHWKmEW7
h54HXEGK+zfZD/Bourxn45BVOdGt8PV21ABZcQ9lQsbt20z0sZ7iDNTQjjbHO9Iq
oDo69C06UynWweCG6ZfJky3Hnn07t2PtbyINlVCiKPc01/KFFMfJteQfR2onUgwj
9ZzEG9PUCmAvwuDLYqVhNehv1C08rZ9qV4SxXW3xJpEEsqaAgATm/L/jTOIu3PqR
jm6PKVU14SD+qe9mp9gHM4n8VRTS2Brb4dlBxbYyUaCXoeOrhqxJMg==
=zbnI
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-30jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm
moveconfig fix
binman support for listing files with generated entries
This should enable BootROM output on UART.
(At least on A385 BootROM this is broken, BootROM ignores this debug
flag and does not enable its output on UART if some valid image is
available in SPI-NOR.)
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
When -D is specified then both bootmsg and debugmsg are not set, but
imgpath is set. Fix this check for valid and required parameters.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The select() and read() syscalls may be interrupted. Handle EINTR and
retry them.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The write() syscall may be interrupted. Handle EINTR and retry it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This delay is not needed anymore since kwboot already handles retrying
logic for incomplete xmodem packets and also forces BootROM to flush its
input queue. Removing it decreases total transfer time.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Force the BootROM to flush its input queue after sending boot pattern.
This ensures that after function kwboot_bootmsg() finishes, BootROM is
able to start receiving xmodem packets without any specific delay or
setup.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Allow option -b without image path parameter, to send boot pattern and
wait for response but not send any image. This allows to use kwboot just
for processing boot pattern and user can use any other xmodem tool for
transferring the image itself (e.g. sx). Useful for debugging purposes.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
When kwboot is unable to resend current xmodem packet, show an 'E' in the
progress output instead of a '+'. This allows to distinguish between the
state when kwboot is retrying sending the packet and when retry is not
possible.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Unfortunately during some stages of xmodem transfer, A385 BootROM is not
able to handle repeated xmodem packets. So if an error occurs during that
stage, stop the transfer and return failure.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Marvell BootROM expects retransmission of previous xmodem packet only in
the case when it sends NAK response to the host.
Do not change non-xmodem response (possibly UART transfer error) to NAK
in kwboot_xm_recv_reply() function. Allow caller to receive original
response from device.
Change argument 'nak_on_non_xm' to 'stop_on_non_xm'. Instead of changing
non-xmodem character to NAK, stop processing on invalid character and
return it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
It is unknown why handling of CAN byte was added into kwboot tool as
Marvell BootROM does not support CAN byte. It never sends CAN byte to host
and if host sends CAN byte BootROM handles it as an unknown byte.
Remove code for handling and sending CAN bytes from the kwboot tool.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Sometimes if the first byte of xmodem packet (SOH) is incorrectly
transmitted, BootROM sends NAK for every non-SOH received byte, which
makes BootROM and the host kwboot tool out of sync. BootROM automatically
re-synchronizes after 2s pause by dropping its input queue. So when
attempting retransmit for 9th time or later, ignore NAK reply from BootROM
and either wait for valid ACK or let kwboot timeout, which implies
re-synchronization.
This fixes retransmission of xmodem packets and allows kwboot to work also
without "Waiting ... and flushing tty" code which is at the beginning of
kwboot xmodem transfer.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Use the blk_rsp_timeo variable when sleeping before flushing tty.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Fix xmodem retry mechanism if some bytes from xmodem packet were lost and
BootROM is still waiting for completing previous xmodem packet.
It is required to wait at least 1.312s on A385, otherwise BootROM does not
accept next xmodem packet if previous one was not completely transferred.
2s should be enough timeout cause that BootROM will drop incomplete xmodem
packet and expects new packet.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
We can and should run the node generator only when creating a new image.
When we read it back, there is no need to generate nodes - they already
exits, and binman does not dive that deep into the image - and there is
no way to provide the required fdt-list. So store the mode in the image
object so that Entry_fit can simply skip generator nodes when reading
them from an fdtmap.
This unbreaks all read-backs of images that contain generator nodes in
their fdtmap. To confirm this, add a corresponding test case.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Add SPDX to dts file:
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit 37f815cad0 ("moveconfig: Use a function to read files") adds a
helper function that can read a file as lines, but strips the newline
characters. This change broke parts of moveconfig code that relied on
their existence, resulting in a few issues:
Configs that are defined as empty aren't removed from header files (e.g.
"#define CONFIG_REMAKE_ELF"). Make regex patterns use '\b' to match word
boundaries instead of '\W' (which matched the newlines) so these lines
still match and get removed.
All changes in defconfig are considered removed by savedefconfig even
if they weren't, and line continuations in the headers aren't recognized
and removed properly, because their checks explicitly look for a newline
character. Remove the character from both comparisons.
The printed diff of header files is wrongly formatted and raises an
IndexError if a blank line was removed. Let print() print the new lines,
and use size-independent ways to check strings to fix the diff output.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
a bit delayed, the first batch of the sunxi pull request for this cycle.
This is mostly collecting some patches that were lying around for a
while, plus some recent fixes. Nothing too exciting at this point, but
of course they should be merged nevertheless.
There is the much bigger F1C100s SoC support coming up, which I hope to
be able to send in the next few days, along with the removal of sunxi's
lowlevel_init usage.
Compile tested for all 159 sunxi boards, plus briefly tested on BananaPi
M1, OrangePi Zero, Pine64 and Pine-H64.
Due to a bug in the H3 SoC, where the CPU 0 hotplug flag cannot be
written, resuming CPU 0 requires using the "Super Standby" code path in
the BROM instead of the hotplug path. This path requires jumping to an
eGON image in SRAM.
This resume image, whose single purpose is to jump back to the secure
monitor, only needs to contain a single instruction. Padding the image
to 8 KiB would be wasteful of SRAM. Hook up the -B (block size) option
so users can set the block/padding size.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Documentation:
* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board
UEFI:
* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
=+edp
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc1-3
Documentation:
* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board
UEFI:
* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
Abstract common routines to make the code easily understandable.
No functional change.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
All the error messages should be printed out to stderr.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.
Add test case in vboot for sha384 with rsa3072 algorithm testing.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.
Signed-off-by: Simon Glass <sjg@chromium.org>
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.
Signed-off-by: Simon Glass <sjg@chromium.org>
Each bintool has some documentation which can be useful for the user.
Add a new command that collects this and writes it into a .rst file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Drop the unused gzip code, update comments and add a test for an
invalid algorithm. The temporary file is not needed now, so drop that
also.
Signed-off-by: Simon Glass <sjg@chromium.org>
Bintools can be missing, in which case binman continues operation but
reports an invalid image. Plumb in support for this and add tests for
entry types which use bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the code to use this bintool, instead of running lzma_alone
directly. This simplifies the code and provides more consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lzma-alone package.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the code to use this bintool, instead of running lz4 directly. This
simplifies the code and provides more consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lz4 package.
Signed-off-by: Simon Glass <sjg@chromium.org>
The compression functions are not actually used by patman, so we don't
need then in the tools module. Also we want to change them to use
bintools, which patman will not support.
Move these into a new comp_util module, within binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the fit and mkimage entry types to use this bintool, instead of
running mkimage directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the ifwi entry type to use this bintool, instead of running
ifwitool directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the GBB and vblock entry types to use this bintool, instead of
running futility directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the FIP tests to use this bintool, instead of running fiptool
directly. This simplifies the code and provides more consistency as well
as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the CBFS tests to use this bintool, instead of running cbfstool
directly. This simplifies the overall code and provides more consistency,
as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
The tests rely on having at least 5 bintool implementions. Now that we
have this, enable them. Add tests for the binman 'tool' subcommand.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to build images for use by U-Boot.
It supports the features needed by binman as well as installing via the
u-boot-tools packages. Although this is built in the U-Boot tree, it is
still useful to install a binary on the system.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to build Intel IFWI images. It
supports the features needed by the tests as well as downloading a binary
from Google Drive. Although this is built in the U-Boot tree, it is not
currently included with u-boot-tools, so it may be useful to install a
binary on the system.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to sign Chrome OS images and
build the Google Binary Block (GBB). It supports the features needed by
binman as well as fetching a binary from Google Drive. Building it from
source is possible but is left for another time, as it requires at least
one other library.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to run FIP tests. It supports
the features needed by the tests as well as building a binary from
the git tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to run CBFS tests. It supports
the features needed by the tests as well as fetching a binary from
Google Drive. Building it from source is very slow since it is not
separately supported by the coreboot build system and it builds an
entire gcc toolchain before starting.
Signed-off-by: Simon Glass <sjg@chromium.org>
Support collecting the available bintools needed by an image, by
scanning the entries in the image.
Also add a command-line interface to access the basic bintool features,
such as listing the bintools and fetching them if needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman requires various tools to actually work, such as 'lz4' to compress
data and 'futility' to sign Chrome OS firmware. At present these are
handled in an ad-hoc manner and there is no easy way to find out what
tools are needd to build an image, nor where to obtain them.
Add an implementation of 'bintool', a base class which implements this
functionality. When a bintool is required, it can be requested from this
module, then executed. When the tool is missing, it can provide a way to
obtain it.
Note that this uses Command directly, not the tools.Run() function. This
allows proper handling of missing tools and avoids needing to catch and
re-raise exceptions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since this is a list of blobs, each blob should have the ability to be
faked, as with blob-ext. Update the Entry base class to set allow_fake
and use the base class in the section code also, so that this propagagtes
to blob-ext-list, which is not a section.
Signed-off-by: Simon Glass <sjg@chromium.org>
The Run() function automatically uses the PATH variable to locate a tool
when running it. Add a function that does this manually, so we don't have
to run a tool to find out if it is present.
This is needed by the new Bintool class, which wants to check which tools
are present.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reverse the order of the return tuple, so that the filename is first.
This seems more obvious than putting the temporary directory first.
Correct a bug that leaves a space on the final line.
Allow the caller to control the name of the temporary directory.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new function which returns the entire result from running a tool,
not just stdout. Update Run() to use this and to return stdout on error,
if stderr is empty, since some unfortunate tools write their error
output to stdout rather than stderr.
Move building of the PATH to a separate function.
Make the exception catching more specific, to catch just ValueError, since
broad exceptions are a pain to debug.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this does not check that the external data is in the expected
place. Use a non-zero offset for the external data and check it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is a debug message at present, which is not very helpful. Print out
the error so that action can be taken.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some newer toolchains do not create a symbol for the .ucode section that
this test relies on. Update the test to use the symbol that is explicitly
created, instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
There are over 200 errors in this file. Fix some of them, starting at the
beginning of the file. Future work can continue this effort.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is quite a bit of ad-hoc code reading from files. The
most common case is to read the file as lines. Put it in a function and
set the unicode encoding correctly.
Avoid writing back to a file when there are obviously no changes as this
speeds things up slightly.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is quite a bit of ad-hoc code writing to files. The
treatment of newlines is different in some of them. Put it in a function
and set the unicode encoding correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Python 2 is not supported anymore and Python 3 has had subprocess.DEVNULL
since version 3.3 which was released in 2012. Drop the unnecessary check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a newer library and is now preferred for Python scripts. Update
the code to use it instead of optparse
Use 'args' instead of 'options' throughout, since this is the term used
in that module. Also it helps to avoid confusion with CONFIG options, a
term that is used in this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Quite a few places use double quotes. Fix this to be consistent with
other Python code in U-Boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
It is useful to be able to find out which boards define a particular
option, or combination of options. This is not as easy as grepping the
defconfig files since many options are implied by others.
Add a -f option to the moveconfig tool to permit this. Update the
documentation to cover this, including a better title for the doc page.
Signed-off-by: Simon Glass <sjg@chromium.org>
This doesn't work anymore, since the Kconfig update. The script has no
tests so we did not notice. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add some empty __init__ files for binman, buildman and dtoc so that
pylint is able to recognise these as Python modules and produce more
useful pylint output.
Signed-off-by: Simon Glass <sjg@chromium.org>
The component st_size of struct stat is of type off_t. Depending on the
system printing it using %ld leads to a warning:
tools/mkimage.c:438:54: warning: format '%ld' expects argument of type
'long int', but argument 5 has type
'off_t' {aka 'long long int'} [-Wformat=]
438 | "%s: Bad size: \"%s\" is not valid image: size %ld < %u\n",
| ~~^
| |
| long int
| %lld
When comparing an off_t value to a 32bit integer we should not convert to
uint32_t but to off_t which may be wider.
Reported-by: Milan P. Stanić <mps@arvanta.net>
Fixes: 331f0800f1 ("mkimage: allow -l to work on block devices on Linux")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.
When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The actual opt string is inlined - and different. Seems this was a
left-over from older versions of 603e26f763.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fit_verify_header fails if it detects unit addresses "@". However, this
will break tools like dumpimage on fit images which worked with previous
versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output
of:
dumpimage -l <fit image>
is:
FIT description: U-Boot fitImage for Linux Distribution
Created: Thu Jan 1 01:00:00 1970
Image 0 (kernel@1)
Description: Linux kernel
Created: Thu Jan 1 01:00:00 1970
Type: Kernel Image
Compression: gzip compressed
Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80080000
Entry Point: 0x80080000
Hash algo: sha256
Hash value: ...
Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb)
Description: Flattened Device Tree blob
Created: Thu Jan 1 01:00:00 1970
Type: Flat Device Tree
Compression: uncompressed
Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB
Architecture: AArch64
Hash algo: sha256
Hash value: ...
Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb'
Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb)
Description: 1 Linux kernel, FDT blob
Kernel: kernel@1
FDT: fdt@freescale_fsl-s32g274a-evb.dtb
Hash algo: sha256
Hash value: unavailable
But with newer version it shows:
dumpimage -l <fit image>
GP Header: Size d00dfeed LoadAddr 62f0a4
This commit will output a warning that unit addresses were detected but
will not fail:
dumpimage -l <fit image>
Image contains unit addresses @, this will break signing
...
Signed-off-by: Stefan Eichenberger <eichest@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fit_extract_contents does a fit_check_format even thought it was already
checked during imagetool_verify_print_header.
Therefore, this check is not necessary. This commit removes the
redundancy.
Signed-off-by: Stefan Eichenberger <eichest@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Do not check for kwbimage configuration file when just showing information
about existing kwbimage file.
The check for kwbimage configuration file is required only when creating
kwbimage, not when showing information about image or when extracting data
from image.
With this change, it is possible to call mkimage -l and dumpimage -l also
for existing kwbimage file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
When there is no -p argument for dumpimage tool specified, extract the main
data image from kwbimage file. This makes dumpimage consistent with other
image formats.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Despite the official specification, BootROM does not look at the lowest bit
of ext field but rather checks if ext field is non-zero.
Moreover original Marvell doimage tool puts into the mhdr->ext field the
number of extended headers, so basically it sets ext filed to non-zero
value if some extended header is present.
Fix U-Boot dumpimage and kwboot tools to parse correctly also kwbimage
files created by Marvell doimage tool, in the same way as the BootROM is
doing it when booting these images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
To regenerate kwbimage from existing image, it is needed to have kwbimage
config file. Add a new option to generate kwbimage config file from
existing kwbimage when '-p 1' option is given.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
For debugging purposes it is good to know where the binary image would be
loaded and also it is needed to know if printed size is image size or the
size of header together with image.
Make it unambiguous by showing that printed size is not the size of the
whole header, but only the size of executable code, and print also the
executable offset of this binary image. Load/execute address is the offset
relative to the base address (either 0x40004000 or 0x40000000).
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Data delay is stored as 8-bit number in kwbimage structure. Ensure the
given value is at most 255.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This alignment is required only for platforms based on Sheeva CPU core
which are A370 and AXP. Now when U-Boot build system correctly propagates
LOAD_ADDRESS there is no need to have enabled 128-bit boundary alignment on
platforms which do not need it. Previously it was required because load
address was implicitly rounded to 128-bit boundary and U-Boot build system
expected it and misused it. Now with explicit setting of LOAD_ADDRESS there
is no guessing for load address anymore.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
BootROM loads kwbimage header to L2-SRAM and BootROM reserve only 192 kB for it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>