Having to use the -K option to mkimage to populate U-Boot's .dtb with the
public key while signing the kernel FIT image is often a little
awkward. In particular, when using a meta-build system such as
bitbake/Yocto, having the tasks of the kernel and U-Boot recipes
intertwined, modifying deployed artifacts and rebuilding U-Boot with
an updated .dtb is quite cumbersome. Also, in some scenarios one may
wish to build U-Boot complete with the public key(s) embedded in the
.dtb without the corresponding private keys being present on the same
build host.
So this adds a simple tool that allows one to disentangle the kernel
and U-Boot builds, by simply copy-pasting just enough of the mkimage
code to allow one to add a public key to a .dtb. When using mkimage,
some of the information is taken from the .its used to build the
kernel (algorithm and key name), so that of course needs to be
supplied on the command line.
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add the documentation about binman sign option and providing an
example.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <sjg@chromium.org>
Add 'fdt chosen' test which works as follows:
- Create basic DT, map it to sysmem
- Apply DTO which adds single property via fragment (without address spec)
- Apply DTO which adds more properties (string, u32, empty) and a subnode,
with phandle via frament@0 and thus tests /__symbols__ node
- Apply DTO which modifies property of the previous DTO via phandle and thus
tests the /__fixups__ node
- Print modified DT, verify it contains updates from DTOs
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt chosen' test which works as follows:
- Create basic DT, map it to sysmem
- Print /chosen node, verify it is nonexistent
- Create chosen node
- Print /chosen node, verify it contains only version
- Create /chosen node with initrd entries
- Print /chosen node, verify it contains version and initrd entries
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt rsvmem' test which works as follows:
- Create custom FDT with single reserved memory (rsvmem) entry, map it to sysmem
- Add new rsvmem entry
- Delete existing older rsvmem entry
- Add new rsvmem entry again
- Always print the rsvmem list and validate it
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt memory' test which works as follows:
- Create custom FDT with /memory node, with select #*cells, map it to sysmem
- Perform memory fixup
- Read back the /memory node and validate its content
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add 'fdt header' test which works as follows:
- Create basic FDT, map it to sysmem
- Print the FDT header
- Get all members of the FDT header into variable and
verify the variables contain correct data
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merged in test: cmd: fdt: Drop unused fdt_test_header_get() fdt parameter:
Signed-off-by: Simon Glass <sjg@chromium.org>
Add 'fdt print' and 'fdt list' test which works as follows:
- Create fuller FDT, map it to sysmem
- Print the entire FDT, parts of the FDT and select properties
- Compare output from the print or list
The test case can be triggered using:
"
./u-boot -Dc 'ut fdt'
"
To dump the full output from commands used during test, add '-v' flag.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The 'fdt get addr' is always assumed to be hex value, drop the prefix.
Since this might break existing users who depend on the existing
behavior with 0x prefix, this is a separate patch. Revert if this
breaks anything.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
In case character 0x20 (space) is used as line separator,
character 0x9 (tab) is treated end of line. Commands which
output a lot of tabs, i.e. various tree printing commands
like 'fdt print' then end up generating a lot of newlines
in the recorded output, and the recorded output is corrupted.
Use character 0x00 (NUL) as separator instead to treat the
tabs as valid part of recorded line.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop no longer needed { } around ut_assert*() functions in FDT test.
No functional change.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Wrap the assert macros in ({ ... }) so they can be safely used both as
right side argument as well as in conditionals without curly brackets
around them. In the process, find a bunch of missing semicolons, fix
them.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Some Raspberry Pi 400 boards, specifically rev 1.1, have a different
address for the ethernet PHY device than what is provided by the kernel
DTB. The correct address is provided by the firmware, so we should carry
it over into the loaded device tree so that ethernet works on such boards.
Signed-off-by: Antoine Mazeas <antoine@karthanis.net>
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The RPI firmware adjusts several property values in the dtb it passes
to u-boot depending on the board/SoC revision. Inherit some of these
when u-boot loads a dtb itself. Specificaly copy:
* /model: The firmware provides a more specific string
* /memreserve: The firmware defines a reserved range, better keep it
* emmc2bus and pcie0 dma-ranges: The C0T revision of the bcm2711 Soc (as
present on rpi 400 and some rpi 4B boards) has different values for
these then the B0T revision. So these need to be adjusted to boot on
these boards
* blconfig: The firmware defines the memory area where the blconfig
stored. Copy those over so it can be enabled.
* /chosen/kaslr-seed: The firmware generates a kaslr seed, take advantage
of that.
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
Signed-off-by: Antoine Mazeas <antoine@karthanis.net>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Now that the DT nodes for the serial devices are in place for these
boards, enable DM_SERIAL in the associated configs.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tag the serial nodes with bootph-all in order to have these nodes and
the drivers available before relocation.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Sync the serial nodes of the LS208XA RDB/QDS boards with their
representation in Linux. We also imported the clockgen and sysclk nodes
which are dependencies.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Move the serial nodes under the soc node. No changes are made to the
nodes, just their location is changed.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The u-boot dts for these boards do not have an soc node, unlike its
Linux counterpart. This patch just adds the soc node as seen in Linux,
the next patches will move some nodes under it.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When the first device tree description was added for the ethernet nodes,
the 2 10G ports on the LS1088ARDB were wrongly described as 'xgmii'.
Fix this by replacing the two last occurrences of 'xgmii' in the device
trees of the Layerscape DPAA2 devices.
Fixes: 68c7c008e8 ("arm: dts: ls1088ardb: add DPMAC and PHY nodes")
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Now that DM_ETH is enabled by default, there is no point in keeping the
non-DM_ETH code which initialized the ethernet interfaces.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Now that DM_ETH is enabled by default, there is no point in keeping the
non-DM_ETH code which initialized the ethernet interfaces.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Now that DM_ETH is enabled by default, there is no point in keeping the
non-DM_ETH code which initialized the ethernet interfaces.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Now that DM_ETH is enabled by default, there is no point in keeping the
non-DM_ETH code which initialized the ethernet interfaces.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The LX2160ARDB board has support for DM_ETH probed devices, which means
that we do not need to manually create an MDIO controller, register it,
create PHYs on it etc.
In order to cleanup the board file a bit, just remove this code entirely.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The Odroid Go Ultra has 2 chained PMICs RK818 and RK818, and needs
an adjustment on the BUCK and LDO values.
Add the initial regulators values in -u-boot.dtsi & run the initial
regulator setup in a new odroid-go-ultra board.
Proper OTG and BOOST regulators are still missing to have USB-A
host properly working.
Link: https://lore.kernel.org/r/20230210-u-boot-odroid-go-ultra-pmics-setup-v1-1-1f16d62b76af@linaro.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
UEFI:
* Improve graphics support in EFI app
Others:
* x86: Add a few more items to bdinfo
* video: Remove duplicate cursor-positioning function
* video: Clear the vidconsole rather than the video
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmQPNQsACgkQxIHbvCwF
GsTDcQ//V1UUQWmZGgWtref6cbG6RlVV4SZjvaVosfWazQY8fK3TC5LEV6dXjs2L
gJZpHBAU8unCwsnQueYy2HumgEb/9ruyTVLCeO7s7Mqc7jBrHVEaFQf7E+FxAPOg
ibQ5bx5MI36KaqcQ7fZmQtEIOvOIJXkxbdrlFPh/b3oE08GzVDnkryLXC9xykW2Z
Y4HJxNhchz2labGuTInuGnst6qnhy3Oo8WHUSBdOJW04Dd0GVLyY11qjBsy4lttt
uDmb48WouTfLBz6JquDZX9EY97KZA0ThVu6GDAr2BNqVmF/f0/Js5+5KdKYSBy44
jYR8MTG+BOQ2luIwy+YvLKcANOMYXB2HeN5pIemUOkrJA9cEAv4ru1yPR7fp4sse
2u+XZ7P9BosCyOpTErH4GMIdz4kYsT9lhiusVD2QyBgSco6vTD+7atRwH1pEptoS
Hthqn5dnlQvGmMUlrlG4tCRGhu7tCEzPc6Z4MBzxUiOWkWxPvNg3nzjdK/OhSm62
zkznU8xOeoq2XwE6PA29vXAaXlVoPyfOVwTE7s1Zdq/tpZcIGeZqj5DtOqRYiufw
YYWTb667rAcSEM0t/YfnzkuU1xA+rqSd2KrmjXhM6TfGRnyLWRnInr3e6FKaFcmE
Q/bHfzdHHGl5WRfyBd6F0Bg5BIEuyDNew+pSfxXKPLoyJkvNJOg=
=7BR5
-----END PGP SIGNATURE-----
Merge tag 'efi-next-20230313' of https://source.denx.de/u-boot/custodians/u-boot-efi into next
Pull request efi-next-20230313
UEFI:
* Improve graphics support in EFI app
Others:
* x86: Add a few more items to bdinfo
* video: Remove duplicate cursor-positioning function
* video: Clear the vidconsole rather than the video
Documentation:
* man-page for panic command
UEFI:
* Correct parameter check for SetVariable()
Other:
* Provide unit test for crc8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmQPMpwACgkQxIHbvCwF
GsQVQA//WHuCAJg1mjVjGtmhMS/eWMgJun4fipZhUbmCZ9cxnB3EXfyZxnQo3o1G
huYbIB5zVMZSDiJdRk0v3xlOjjq/YQETygURdVZ+biXYbY2ggdJQy5ulGaWKXTnR
ISczFvNr/1UyoS9r2lJkG4+xgetRDzhGx05iFUkIIDEJi6UlKzTq9yHrtsUViL42
9XuNmRmWk/RMRUmO+tGLqASvDkPxDeltjLIL+sQEN8BAhKckRhhiGt7Ft/KNXBTz
kHutHVsKhPSqrQRFbn9sUEmNoTZIVoa4zJlvAzKRD5leFt878SKPRCptmiXL90ao
I2QKQBwINhrUFFxX+giut5FAtLNu4ut8zXo16mX65iefQ64Q8q4H7RQm+x8IDu77
4L4qxu7RWFSgD971Kl2O8VSm0J5OAHFpaE7S9n8M34Dc++clC5dX7ooApzUCjBTT
idQxxEn7RLDcqfIfg+3Fw+4zeNUAG8g6bSg3w5jnxfk+CCuJecxyzOzxXvZwcYFe
lmnt3aZNv47jaDWLOGLAOnVpGn9d9nHeRItK7In1tfQt1dfkg3bJUa3aBLloEQ/w
TdQDBrWll3IEMOZCFRjYzY+i6my5Os+Zuw+1Sb7KJnNjjg+DI14wMvMADvZFB4an
rls8Amm8RMkOeVVufB+nDB/9qyvdtxZCudg2cjwFZmnvtE6nJvY=
=0URM
-----END PGP SIGNATURE-----
Merge tag 'efi-2023-04-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2023-04-rc4
Documentation:
* man-page for panic command
UEFI:
* Correct parameter check for SetVariable()
Other:
* Provide unit test for crc8
Add a function description.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
UEFI specification v2.10 says that
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and
EFI_UNSUPPORTED should be returned in SetVariable variable service.
Current implementation returns EFI_INVALID_PARAMETER,
let's fix the return value.
Together with above change, this commit also updates the SetVariable
attribute check to be aligned with the EDK2 reference implementation.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a man-page for the panic command.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix a couple of links so that they are rendered correctly with sphinx.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add a unit test for the crc8() function.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add these options to provide some performance measurement, see cache
status and slightly speed up the appallingly slow console.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is better to clear the console device rather than the video device,
since the console has the text display. We also need to reset the cursor
position with the console, but not with the video device.
Add a new function to handle this and update the 'cls' command to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running with video enabled, the pre-relocation output of U-Boot is
currently lost. Add a -serial flag to show it on the terminal.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present it is not possible for the video driver to use a pre-allocated
frame buffer (such as is done with EFI) with the copy framebuffer. This
can be useful to speed up the display.
Adjust the implementation so that copy_size can be set to the required
size, with this being allocated if the normal framebuffer size is 0.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for this to EFI in case it becomes useful. At present it just
slows things down. You can enable CONFIG_VIDEO_COPY to turn it on.
Signed-off-by: Simon Glass <sjg@chromium.org>