binman signing feature
fix buildman -A bug introduced recently
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmQQ8KIRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYRmwgA1XAHafEOfhaya54nalUgW9qYZe5Ntfqd
4Tg7zj3gadZuv82LuyskEyBKptwRCzgX0Tyx62V3Oop9vJ/cCwjIB4AGhCsMKERf
NqcMd8fbGbJ9jJzOp7gNTHzV4vSmwKM0lRkxbClMFcvMsfVdKcBRPswLLghk5/xL
Uu4Ww4yfe7UCqgBm9uouVaIbcNNcl8p0QnSJT9HvwjGKawPT6uSHOHK9Wpkud0q1
ZyrPpCMA29mifhIU8aH5CJH5G61UbGcVSDhm9lIKwqZg+KJGuYf64JbZoY9JI2/z
pOUHLZx7fVHoFyWKWfVkA9l6HRjZTRc0nJhYFx5HyNUOU50hMENeTQ==
=ko2P
-----END PGP SIGNATURE-----
Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next
More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently
Signed-off-by: Tom Rini <trini@konsulko.com>
The previous attempt at fixing this broke the normal usage of the -A
flag.
At present, 'buildman -A sandbox' adds the path containing the
toolchain. We can assume that this is in the path and we don't want to
set CROSS_COMPILE=/bin/
Change this to align with what MakeEnvironment() does, but only for
sandbox boards.
Signed-off-by: Simon Glass <sjg@chromium.org>
Having to use the -K option to mkimage to populate U-Boot's .dtb with the
public key while signing the kernel FIT image is often a little
awkward. In particular, when using a meta-build system such as
bitbake/Yocto, having the tasks of the kernel and U-Boot recipes
intertwined, modifying deployed artifacts and rebuilding U-Boot with
an updated .dtb is quite cumbersome. Also, in some scenarios one may
wish to build U-Boot complete with the public key(s) embedded in the
.dtb without the corresponding private keys being present on the same
build host.
So this adds a simple tool that allows one to disentangle the kernel
and U-Boot builds, by simply copy-pasting just enough of the mkimage
code to allow one to add a public key to a .dtb. When using mkimage,
some of the information is taken from the .its used to build the
kernel (algorithm and key name), so that of course needs to be
supplied on the command line.
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add the documentation about binman sign option and providing an
example.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <sjg@chromium.org>
Add 'fdt chosen' test which works as follows:
- Create basic DT, map it to sysmem
- Apply DTO which adds single property via fragment (without address spec)
- Apply DTO which adds more properties (string, u32, empty) and a subnode,
with phandle via frament@0 and thus tests /__symbols__ node
- Apply DTO which modifies property of the previous DTO via phandle and thus
tests the /__fixups__ node
- Print modified DT, verify it contains updates from DTOs
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt chosen' test which works as follows:
- Create basic DT, map it to sysmem
- Print /chosen node, verify it is nonexistent
- Create chosen node
- Print /chosen node, verify it contains only version
- Create /chosen node with initrd entries
- Print /chosen node, verify it contains version and initrd entries
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt rsvmem' test which works as follows:
- Create custom FDT with single reserved memory (rsvmem) entry, map it to sysmem
- Add new rsvmem entry
- Delete existing older rsvmem entry
- Add new rsvmem entry again
- Always print the rsvmem list and validate it
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt memory' test which works as follows:
- Create custom FDT with /memory node, with select #*cells, map it to sysmem
- Perform memory fixup
- Read back the /memory node and validate its content
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt header' test which works as follows:
- Create basic FDT, map it to sysmem
- Print the FDT header
- Get all members of the FDT header into variable and
verify the variables contain correct data
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merged in test: cmd: fdt: Drop unused fdt_test_header_get() fdt parameter:
Signed-off-by: Simon Glass <sjg@chromium.org>
Add 'fdt print' and 'fdt list' test which works as follows:
- Create fuller FDT, map it to sysmem
- Print the entire FDT, parts of the FDT and select properties
- Compare output from the print or list
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The 'fdt get addr' is always assumed to be hex value, drop the prefix.
Since this might break existing users who depend on the existing
behavior with 0x prefix, this is a separate patch. Revert if this
breaks anything.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
In case character 0x20 (space) is used as line separator,
character 0x9 (tab) is treated end of line. Commands which
output a lot of tabs, i.e. various tree printing commands
like 'fdt print' then end up generating a lot of newlines
in the recorded output, and the recorded output is corrupted.
Use character 0x00 (NUL) as separator instead to treat the
tabs as valid part of recorded line.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop no longer needed { } around ut_assert*() functions in FDT test.
No functional change.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Wrap the assert macros in ({ ... }) so they can be safely used both as
right side argument as well as in conditionals without curly brackets
around them. In the process, find a bunch of missing semicolons, fix
them.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
UEFI:
* Improve graphics support in EFI app
Others:
* x86: Add a few more items to bdinfo
* video: Remove duplicate cursor-positioning function
* video: Clear the vidconsole rather than the video
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmQPNQsACgkQxIHbvCwF
GsTDcQ//V1UUQWmZGgWtref6cbG6RlVV4SZjvaVosfWazQY8fK3TC5LEV6dXjs2L
gJZpHBAU8unCwsnQueYy2HumgEb/9ruyTVLCeO7s7Mqc7jBrHVEaFQf7E+FxAPOg
ibQ5bx5MI36KaqcQ7fZmQtEIOvOIJXkxbdrlFPh/b3oE08GzVDnkryLXC9xykW2Z
Y4HJxNhchz2labGuTInuGnst6qnhy3Oo8WHUSBdOJW04Dd0GVLyY11qjBsy4lttt
uDmb48WouTfLBz6JquDZX9EY97KZA0ThVu6GDAr2BNqVmF/f0/Js5+5KdKYSBy44
jYR8MTG+BOQ2luIwy+YvLKcANOMYXB2HeN5pIemUOkrJA9cEAv4ru1yPR7fp4sse
2u+XZ7P9BosCyOpTErH4GMIdz4kYsT9lhiusVD2QyBgSco6vTD+7atRwH1pEptoS
Hthqn5dnlQvGmMUlrlG4tCRGhu7tCEzPc6Z4MBzxUiOWkWxPvNg3nzjdK/OhSm62
zkznU8xOeoq2XwE6PA29vXAaXlVoPyfOVwTE7s1Zdq/tpZcIGeZqj5DtOqRYiufw
YYWTb667rAcSEM0t/YfnzkuU1xA+rqSd2KrmjXhM6TfGRnyLWRnInr3e6FKaFcmE
Q/bHfzdHHGl5WRfyBd6F0Bg5BIEuyDNew+pSfxXKPLoyJkvNJOg=
=7BR5
-----END PGP SIGNATURE-----
Merge tag 'efi-next-20230313' of https://source.denx.de/u-boot/custodians/u-boot-efi into next
Pull request efi-next-20230313
UEFI:
* Improve graphics support in EFI app
Others:
* x86: Add a few more items to bdinfo
* video: Remove duplicate cursor-positioning function
* video: Clear the vidconsole rather than the video
Documentation:
* man-page for panic command
UEFI:
* Correct parameter check for SetVariable()
Other:
* Provide unit test for crc8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmQPMpwACgkQxIHbvCwF
GsQVQA//WHuCAJg1mjVjGtmhMS/eWMgJun4fipZhUbmCZ9cxnB3EXfyZxnQo3o1G
huYbIB5zVMZSDiJdRk0v3xlOjjq/YQETygURdVZ+biXYbY2ggdJQy5ulGaWKXTnR
ISczFvNr/1UyoS9r2lJkG4+xgetRDzhGx05iFUkIIDEJi6UlKzTq9yHrtsUViL42
9XuNmRmWk/RMRUmO+tGLqASvDkPxDeltjLIL+sQEN8BAhKckRhhiGt7Ft/KNXBTz
kHutHVsKhPSqrQRFbn9sUEmNoTZIVoa4zJlvAzKRD5leFt878SKPRCptmiXL90ao
I2QKQBwINhrUFFxX+giut5FAtLNu4ut8zXo16mX65iefQ64Q8q4H7RQm+x8IDu77
4L4qxu7RWFSgD971Kl2O8VSm0J5OAHFpaE7S9n8M34Dc++clC5dX7ooApzUCjBTT
idQxxEn7RLDcqfIfg+3Fw+4zeNUAG8g6bSg3w5jnxfk+CCuJecxyzOzxXvZwcYFe
lmnt3aZNv47jaDWLOGLAOnVpGn9d9nHeRItK7In1tfQt1dfkg3bJUa3aBLloEQ/w
TdQDBrWll3IEMOZCFRjYzY+i6my5Os+Zuw+1Sb7KJnNjjg+DI14wMvMADvZFB4an
rls8Amm8RMkOeVVufB+nDB/9qyvdtxZCudg2cjwFZmnvtE6nJvY=
=0URM
-----END PGP SIGNATURE-----
Merge tag 'efi-2023-04-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2023-04-rc4
Documentation:
* man-page for panic command
UEFI:
* Correct parameter check for SetVariable()
Other:
* Provide unit test for crc8
Add a function description.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
UEFI specification v2.10 says that
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and
EFI_UNSUPPORTED should be returned in SetVariable variable service.
Current implementation returns EFI_INVALID_PARAMETER,
let's fix the return value.
Together with above change, this commit also updates the SetVariable
attribute check to be aligned with the EDK2 reference implementation.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a man-page for the panic command.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix a couple of links so that they are rendered correctly with sphinx.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add a unit test for the crc8() function.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add these options to provide some performance measurement, see cache
status and slightly speed up the appallingly slow console.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is better to clear the console device rather than the video device,
since the console has the text display. We also need to reset the cursor
position with the console, but not with the video device.
Add a new function to handle this and update the 'cls' command to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running with video enabled, the pre-relocation output of U-Boot is
currently lost. Add a -serial flag to show it on the terminal.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present it is not possible for the video driver to use a pre-allocated
frame buffer (such as is done with EFI) with the copy framebuffer. This
can be useful to speed up the display.
Adjust the implementation so that copy_size can be set to the required
size, with this being allocated if the normal framebuffer size is 0.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for this to EFI in case it becomes useful. At present it just
slows things down. You can enable CONFIG_VIDEO_COPY to turn it on.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is not yet clear how to read the timer via EFI. The current value seems
much too high on a Framework laptop I tried. Adjust it to a lower
hard-coded value for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current vesa structure only provides a 32-bit value for the frame
buffer. Many modern machines use an address outside the range.
It is still useful to have this common struct, but add a separate
frame-buffer address as well.
Add a comment for vesa_setup_video_priv() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put this into a function, as we have done for the app implementation.
Comment both functions. FOr now the app still does not access it
correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable support for sysinfo on R-Car D3 Draak board. The sysinfo is used
e.g. to access and decode board-specific information and then in turn
used by board-info to print those information.
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Signed-off-by: Tam Nguyen <tam.nguyen.xa@renesas.com>
Signed-off-by: Hai Pham <hai.pham.ud@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
[Marek: Drop compatible from I2C node, this is in r8a77995.dtsi already.
Drop status = "okay" from EEPROM node.
Add dts: tag.
Fix Kconfig EEPROM address to be 0x50 and match the DT, sync config.]
Add new sysinfo IDs for R-Car V3H Condor/Condor-I .
Enable support for sysinfo on R-Car V3H Condor/Condor-I. The sysinfo is
used e.g. to access and decode board-specific information and then in
turn used by board-info to print those information.
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Signed-off-by: Tam Nguyen <tam.nguyen.xa@renesas.com>
Signed-off-by: Hai Pham <hai.pham.ud@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
[Marek: Drop compatible from I2C node, this is in r8a77980.dtsi already.
Drop status = "okay" from EEPROM node.
Add dts: tag.
Update the commit message, note the new sysinfo IDs.
Fix Kconfig EEPROM address to be 0x50 and match the DT, sync config.]
Correct the board code ID based on the hardware documentation
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Signed-off-by: Tam Nguyen <tam.nguyen.xa@renesas.com>
Signed-off-by: Hai Pham <hai.pham.ud@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Remove PFC info table entries which are never instantiated,
since there are no drivers for those. No functional change.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
The CLK_RCAR_GEN3 registers two subdrivers, clk_gen3 and rst_gen3.
The former depends on the clock framework, which is always enabled
in this context of clock framework driver, while the later depends
on reset framework which may not always be enabled.
Ensure the reset framework is also always enabled to prevent inobvious
early boot time bind failure of the CPG driver, which leads to system
showing no activity and is difficult to debug.
Note that one possible approach to debug this is to use CONFIG_DEBUG_UART
and add debug printascii()s into the drivers/clk/renesas/clk-rcar-gen3.c .
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
