This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add documentation for btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.
While singing there is no reason to decompress data. Thus, decompression
should be disabled.
Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
-----BEGIN PGP SIGNATURE-----
iQFQBAABCgA6FiEEqxhEmNJ6d7ZdeFLIHrMeAg6sL8gFAmS+Xv0cHGV1Z2VuLmhy
aXN0ZXZAY29sbGFib3JhLmNvbQAKCRAesx4CDqwvyMgxB/9BTjFfVaglu5+m/kiw
XEVSJSwe1H3sc5vFlMUYTSAOSF/mzdZIZHXC6THkCU1yfzu9AZXhp4mfRUiNTwth
w8bvYXm4ZjSxcGPVxVqfThN8iT/SWLpaUC8j7TosP1VKYwzpGmqLyO+ZLu7IwdH+
/wyXFuYtVQVxmSC6SMNAD5eNtS4O6pufat5e5EkhR2atZ/rhhAYmb9zv3RFuCuSM
bxqM+4/FqpENaIdMOPk7EbB3S1C5MsJS2b+s1oIRRLfItlLjpQG4nZnuJGRlL/Bg
mcqYYgHrAnFbLXVOEe5WxMKR1E2fMbtKSlJGpoYO9rSdQRzxGuyRrDm9M77GH2pJ
0Q/F
=DT1v
-----END PGP SIGNATURE-----
Merge tag 'u-boot-at91-fixes-2023.10-a' of https://source.denx.de/u-boot/custodians/u-boot-at91
First set of u-boot-atmel fixes for the 2023.07 cycle:
This small fixes set includes the LTO configs for the boards that had
the SPL size up to the limit (sama5d2-based), such that more code can be
added. It also includes a fix for mmc non-removable.
If the device attached to the MMC bus is not removable, set force card-detect
bit to bypass card detection procedure, so card detection pin can be used for
other purposes.
It's also a workaround for SAMA5D2 who doesn't drive CMD if using GPIO for card
detection.
Signed-off-by: Zixun LI <zli@ogga.fr>
Reviewed-by: Eugen Hristev <eugen.hristev@collabora.com>
arm-none-linux-gnueabihf-ld.bfd: u-boot-spl section `__u_boot_list' will not fit in region `.sram'
arm-none-linux-gnueabihf-ld.bfd: region `.sram' overflowed by 100 bytes
SPL is at limit so to stop seeing above error in built, enable
link time optimizations CONFIG_LTO.
Signed-off-by: Eugen Hristev <eugen.hristev@collabora.com>
Tested-by: Mihai Sain <mihai.sain@microchip.com>
Adding just a tiny bit more code for sama5d2_icp_mmc leads to a SRAM
image overflow. Fix this by enabling LTO for this board, so that such
changes still can be made to the common U-Boot code.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Pali Rohár <pali@kernel.org>
Tested-by: Mihai Sain <mihai.sain@microchip.com>
[eugen.hristev@microchip.com: restrict patch just to CONFIG_LTO]
Signed-off-by: Eugen Hristev <eugen.hristev@collabora.com>
The USB 3.0 driver xhci-mem.c requires CONFIG_SYS_CACHELINE_SIZE to be set.
Define the cache line size for QEMU on RISC-V to be 64 bytes.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Apply the trailing space changes in the guide document.
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Adds a trailing space to SYS_PROMPT to make it easier to distinguish
between commands and the prompt.
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
The clock id needs to be changed to be consistent with Linux.
Signed-off-by: Xingyu Wu <xingyu.wu@starfivetech.com>
Signed-off-by: Hal Feng <hal.feng@starfivetech.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Drop the PLL part in SYSCRG driver and separate to be a single
PLL driver of which the compatible is "starfive,jh7110-pll".
Signed-off-by: Xingyu Wu <xingyu.wu@starfivetech.com>
Signed-off-by: Hal Feng <hal.feng@starfivetech.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Harts need to use per-hart stack before any function call, even if that
function is a simple one. When the callee uses stack for register save/
restore, especially RA, if nested call, concurrent access by multiple
harts on the same stack will cause data-race.
This patch sets up SP before `board_init_f_alloc_reserve`. A side effect
of this is that the memory layout has changed as the following:
+----------------+ +----------------+ <----- SPL_STACK/
| ...... | | hart 0 stack | SYS_INIT_SP_ADDR
| malloc_base | +----------------+
+----------------+ | hart 1 stack |
| GD | +----------------+ If not SMP, N=1
+----------------+ | ...... |
| hart 0 stack | +----------------+
+----------------+ ==> | hart N-1 stack|
| hart 1 stack | +----------------+
+----------------+ | ...... |
| ...... | | malloc_base |
+----------------+ +----------------+
| hart N-1 stack| | GD |
+----------------+ +----------------+
| | | |
Signed-off-by: Bo Gan <ganboing@gmail.com>
Cc: Rick Chen <rick@andestech.com>
Cc: Leo <ycliang@andestech.com>
Cc: Sean Anderson <seanga2@gmail.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Do not limit the maximum size of the buffer that is used to decompress
the OS image in to, this causes issue while inflating the image, if image
size is greater than the buffer.
Remove CONFIG_SYS_BOOTM_LEN
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Enabling FIT_SIGNATURE required the old authentication method to be
disabled so disable this for K3 SOCs and enable FIT_SIGNATURE for K3
Platforms.
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
[ cleanup the patch ]
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
We are using our custMpk for signing that is a 4096 bit key, 4096 bit
rsa key requires a SHA512 hashing algorithm to be enabled as per the
source. Even though it is not mandated but this is how it works and is
tested.
Enables SHA512 if fit signature is enabled on K3 platforms.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
FIT signature requires the updates to u-boot.dtb and the DTB that we
pack don't get updates with the changes of the signature node.
Pack u-boot.dtb as the default DTB so that the signature node changes
can be reflected in them.
(Note, this is only packaging the primary platform and the secondary
platform will require manual changes for the FIT signature enablement)
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
[ add additional boards that were missing ]
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fit signature mechanism through the standards require the presence of
.key and .crt in the folder with the same name, since we are using our
custMpk only for the signing, update the format to that of standards to
be compatible for packaging easily.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Default to common bootcmd that is set across all k3 devices.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Since K3 devices are moving towards distroboot, remove duplicates and
add it in common file to import from.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
[trini: Add am65x_evm to this patch]
Signed-off-by: Tom Rini <trini@konsulko.com>
The 'gsub' setexpr sub command is using when creating the FIT image
configuration string on K3 devices. Enable this for K3.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
This is used when building the FIT image configuration string. Enable
it for all FIT using TI platforms.
Signed-off-by: Andrew Davis <afd@ti.com>
[ extend to other k3 boards ]
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Since get_fdt_mmc is common, factor it out into mmc.env and remove
it from each platform env file along with changing the directory path to
reflect the standards. Use it in mmcloados but keep loadfdt
defined in case it is still used by some external uEnv.txt script.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
In Linux the ARM64 DTSs are stored in vendor directories to help organize
the files and prevent naming collisions. The deployed DTBs will mirror
this and so the vendor prefix should be added to the variable used to
locate these files.
Suggested-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Nikhil M Jain <n-jain1@ti.com>
Having saved environments usually causes inconsistencies while in
development workflow. The saved environments conflict with the
default ones that U-boot should be updating during development
but that doesn't happen and the saved environments need to be
reset during bootups to test the changes causing extra debugs.
Remove the saved environments as a default. Environments can always
be re-enabled locally if one does like them or needs them for
some production environment. Optionally, Uenv.txt can also be used on
some of the boot media.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
The background firewall calculations were wrong, fix that to determine
both the background and foreground correctly.
Fixes: 8bfce2f998 ("arm: mach-k3: common: reorder removal of firewalls")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Set fdtfile env variable similar to other k3 socs.
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Nikhil M Jain <n-jain1@ti.com>
Fix the regression that occurred during the alignment of binman series
merges along with these HS fixes that caused silent regression in this.
Fixes: 30a7ee87fd ("Kconfig: j721s2: Change K3_MCU_SCRATCHPAD_BASE to non firewalled region")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Fix regression occurred during refactoring for the mentioned commit.
Fixes: bd6a247593 ("arm: mach-k3: security: separate out validating binary logic")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Now that buildman has a requirements.txt file we need to make use of it.
Reviewed-by: Simon Glass <sjg@chromium.org>
[n-francis@ti.com: Adding missing command from .azure-pipelines.yml]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point, buildman requires a few different modules and so we need
a requirements.txt to track what modules are needed.
Cc: Simon Glass <sjg@chromium.org>
Cc: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Earlier documentation specified builds for generating bootloader images
using an external TI repository k3-image-gen and core-secdev-k3. Modify
this to using the binman flow so that user understands how to build the
final boot images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>