Other than the top-level MAINTAINERS file, all maintainer entries should
actually reference a target. Add a warning to detect those that do not.
Signed-off-by: Simon Glass <sjg@chromium.org>
Create a new function which has the non-UI parts of ensure_board_list().
Add some tests for everything except the N: tag.
While we are here, fix the confusing usage of fname inside a loops that
also uses fname.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a test for this code. It requires some defconfig files and a test
Kconfig to work with, so copy these into the temporary directory at the
start.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than using the global thoughout each function, pass in these
values. This allows tests to use different values when testing the same
functions.
Improve a few comments while we are here.
No functional change is intended.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed anymore, so drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 252ed872 ("kconfig: remove meaningless prefixes in defconfig files")
The -D option is used, but plumb it through --debug to enable a full
traceback when something goes wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the
dtb and checks if the required nodes will be added to the images dtb.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add documentation for btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.
While singing there is no reason to decompress data. Thus, decompression
should be disabled.
Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
At this point, buildman requires a few different modules and so we need
a requirements.txt to track what modules are needed.
Cc: Simon Glass <sjg@chromium.org>
Cc: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Since binman is used to package bootloader images for all K3 devices, we
do not have to rely on the earlier methods to package them.
Scripts that were used to generate x509 certificate for tiboot3.bin and
generate tispl.bin, u-boot.img have been removed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZLqHzgAKCRDKSWXLKUoM
IcdEAKCSgy0lMxb1c0adCjpkQR9x63oKbQCdGiioU+W+0moznHdI7+W2UptNt3w=
=Uzn8
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2023.10-rc1-v2' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2023.10-rc1 v2
axi_emac:
- Change return value if RX packet is not ready
cadence_qspi:
- Enable flash reset for Versal NET
dt:
- Various DT syncups with Linux kernel
- SOM - reserved pmufw memory location
fpga:
- Add load event
mtd:
- Add missing dependency for FLASH_CFI_MTD
spi/nand:
- Minor cleanup in Xilinx drivers
versal-net:
- Prioritize boot device in boot_targets
- Wire mini ospi/qspi/emmc configurations
watchdog:
- Use new versal-wwdt property
xilinx:
- fix sparse warnings in various places ps7_init*
- add missing headers
- consolidate code around zynqmp_mmio_read/write
- switch to amd.com email
zynqmp_clk:
- Add handling for gem rx/tsu clocks
zynq_gem:
- Configure mdio clock at run time
zynq:
- Enable fdt overlay support
zynq_sdhci:
- Call dll reset only for ZynqMP SOCs
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.
It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.
Implement this mechanism.
Signed-off-by: Simon Glass <sjg@chromium.org>
This permits implementation of a simple templating system, where a node
can be reused as a base for others.
For now this adds new subnodes after any existing ones.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed since the linker script sets it up. Drop the variable
to avoid confusion.
Fix the prototype for main() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).
Allow a fit,fdt-list-val string-list property to be used instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is needed to handle mkimage with inner section located itself in a
section.
Signed-off-by: Marek Vasut <marex@denx.de>
Use BuildSectionData() instead of ObtainContents(), add tests and a few
other minor fixes:
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the LookupAndWriteSymbols() function to return the number of
symbols written. Also add some logging for when debugging is not
enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boards don't use symbol writing but do access the symbols in SPL.
Provide an option to work around this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some section types don't have a simple _entries list. Use the GetEntries()
method in GetEntryContents() and other places to handle this.
This makes the behaviour more consistent.
Signed-off-by: Simon Glass <sjg@chromium.org>
This should be set up in the init function, to avoid a warning about a
property not set up there. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When building from source, setuptools would complain about not finding
package via its auto-discovery mechanism. Manually specify how to
locate the files, relative to the package's directory.
* tools/u_boot_pylib/pyproject.toml: New tool.setuptools.packages.find
section.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As this is the current version of the public cross toolchains we use,
upgrade to this now.
Suggested-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Back in the day we relied a lot on Synopsys own build of the GNU tools
for ARC processors, but since then we worked hard on getting all our changes
upstream and for a couple of years now we have ARCompact (AKA ARCv1)
and ARCv2 processors supported very well in upstream GCC, Binutils, GDB etc.
And so there's no need to use Synopsys forks any longer, thus we remove
all the references to that form and use upstream components as majority
of other architectures in U-Boot.
Thanks to Tom for pointing to that left-over!
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building qemu, all required submodules (of which we need more than
just dtc) are handled automatically. Currently trying to init the
submodule the way we do results in a git failure.
Reported-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a pragma to deal with the code-coverage gap which drops binman down to
90% coverage.
Fixes: de65b122a2 (tools: Fall back to importlib_resources on Python 3.6)
Signed-off-by: Simon Glass <sjg@chromium.org>
The data type of item_offset_list shall be UINT64 according to the UEFI [1]
specifications.
In include/efi_api.h the correct data type is used. The bug was probably
never noticed because of little endianness.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
On 'make clean', generated C files in tools/env/ and tools/boot/ are
currently not removed, but they should.
Auto-generation for shared sources was first introduced with
ad80c4a322 ("kbuild, tools: generate wrapper C sources automatically
by Makefile"). Cleanup later regressed (see Fixes:), because shared
files were moved out of lib/ and common/, but 'clean-dirs := lib common'
was not adjusted accordingly. Further, the generated
tools/env/embedded.c became a sibling to project files, which prevents
directory-wise cleanup at all.
To solve it, we establishe tools/generated/ as the sole place for
generated sources. Wrappers are now generated as
tools/generated/<orig_dirname>/<orig_filename>, and 'make clean' can
remove tools/generated/ as a whole (Linux Makefile.asm-generic headers
are cleaned similarly). This way we don't have to maintain separate
clean-files or clean-dirs entries for each single added or moved wrapper
file.
Fixes: 0649cd0d49 ("Move environment files from common/ to env/")
Fixes: 19a91f2464 ("Create a new boot/ directory")
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
[trini: Correct mkfwupdate case]
Signed-off-by: Tom Rini <trini@konsulko.com>
Compiling on armv7 results in:
tools/renesas_spkgimage.c: In function ‘spkgimage_parse_config_line’:
tools/renesas_spkgimage.c:76:66: warning: format ‘%ld’ expects
argument of type ‘long int’, but argument 3 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
76 | "config error: unknown keyword on line %ld\n",
| ~~^
| |
| long int
| %d
77 | line_num);
| ~~~~~~~~
| |
| size_t {aka unsigned int}
The correct printf specifier for size_t is '%zu'.
Fixes: afdfcb11f9 ("tools: spkgimage: add Renesas SPKG format")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Fixed when build xilinx_zynqmp in long directory ( >256):
| /buildarea1/testtest/wr_build/wr1023test_secureboot/test1-what/test2-what/test3-what/test4-what/test5-what/test6-what/test7-what/test8-what/test9-what/test10-what/test11-what/test12-what/build/tmp-glibc/work/xilinx_zynqmp-wrs-linux/u-boot-xlnx/1_v2023.01-xilinx-v2023.1+gitAUTOINC+40a08d69e7-r0/build/fitImage-linux: Image file name (uboot-mkimage) too long, can't create tmpfile.
| Error: Bad parameters for FIT image type
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Add 'mkfwumdata' tool to generate FWU metadata image for the meta-data
partition to be used in A/B Update imeplementation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.
This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.
When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.
The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Renesas RZ/N1 devices contain BootROM code that loads a custom SPKG
image from QSPI, NAND or USB DFU. Support this format in mkimage tool.
SPKGs can optionally be signed, however creation of signed SPKG is not
currently supported.
Example of how to use it:
tools/mkimage -n board/schneider/rzn1-snarc/spkgimage.cfg \
-T spkgimage -a 0x20040000 -e 0x20040000 \
-d u-boot.bin u-boot.bin.spkg
The config file (spkgimage.cfg in this example) contains additional
parameters such as NAND ECC settings.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Allow symbol writing in these cases so that U-Boot can find the position
and size of U-Boot at runtime.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The host compiler is not failing on warnings at present, when the
-E flag is used in buildman. Add the required flag to fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com>
Variable old_outdir cannot be used before assignment.
The assignment must occur before the try block.
tools/dtoc/test_fdt.py:796:26:
E0601: Using variable 'old_outdir' before assignment
(used-before-assignment)
Add missing space in assignment.
Fixes: a004f29464 ("binman: Tidy up _SetupDtb() to use its own temporary file")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
importlib.resources became part of 3.7 only. Allow using distros with
3.6 and the importlib_resources backport.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Variable orig_dir cannot be used in the finally block if it has not be
assigned outside of the try block.
tools/patman/func_test.py:523:21:
E0601: Using variable 'orig_dir' before assignment
(used-before-assignment)
tools/patman/func_test.py:691:21:
E0601: Using variable 'orig_dir' before assignment
(used-before-assignment)
Fixes: fd70986a62 ("patman: Add a test that uses gitpython")
Fixes: be051c0c77 ("patman: Detect missing upstream in CountCommitsToBranch")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The header binman_sym.h depends on ulong typedef but does not include
types.h. This means the header must be included after including types.h
or a header that includes it.
We could include types.h but instead let's just switch from ulong
to directly using unsigned long. This removes the need for typedef'ing
it in some of the tests, so also remove those.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit aeb40f1166 ("tools: env: use /run to store lockfile") updated the
path to the lockfile but did not update the documentation to match.
Use the new path in the documentation.
Fixes: aeb40f1166 ("tools: env: use /run to store lockfile")
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This member is used in series.MakeCcFile() so should be declared in the
Series class.
Add a declaration to silence the warning.
Signed-off-by: Simon Glass <sjg@chromium.org>
The codes forget to call munmap() to unmap the ELF image that was
mapped by previous mmap().
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Currently kwboot expected that sector size for SATA image is always 512
bytes. If SATA image cannot be parsed with sector size of 512 bytes, try
larger sector sizes which are power of two and up to the 32 kB. Maximal
theoretical value is 32 kB because ATA IDENTIFY command returns sector size
as 16-bit number.
Signed-off-by: Pali Rohár <pali@kernel.org>
SATA kwbimage contains offsets in block size unit, not in bytes.
Until now kwbimage expected that SATA disk always have block size of 512
bytes. But there are 4K Native SATA disks with block size of 4096 bytes.
New SATA_BLKSZ command allows to specify different block size than 512
bytes and therefore allows to generate kwbimage for disks with different
block sizes.
This change add support for generating SATA images with different block
size. Also it add support for verifying and dumping such images.
Because block size itself is not stored in SATA kwbimage, image
verification is done by checking every possible block size (it is any
power of two value between 512 and 32 kB).
Signed-off-by: Pali Rohár <pali@kernel.org>
This allows image type print_header() callback to access struct
image_tool_params *params.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building with -Wimplicit-fallthrough we get a warning
tools/fdt_add_pubkey.c:52:25: warning:
this statement may fall through [-Wimplicit-fallthrough=]
52 | print_help();
|
Explicitly declare which functions don't return.
Fixes: 30238e9961 ("tools: add fdt_add_pubkey")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
According this issue https://github.com/ppp-project/ppp/issues/339.
Eventually, the dt-utils changed lock directory to fix missing /var/lock
directory error then make dt-utils can run normally.
We also have a similar issue with these two utilities fw_printenv and
fw_setenv will failed when the directory /var/lock is non-existent.
We have a custom linux distribution built with yocto (OpenBMC) that
use systemd and it deprecated the /var/lock directory.
More discussion in systemd/systemd#15668.
Thus, we sync with community's solution for uboot/tools/env utilities:
The current location /var/lock is considered legacy (at least by systemd).
Just use /run to store the lockfile and append the usual .lock suffix.
Tested:
Verified /run/lock is now present and fw_printenv can work in OpenBMC.
Signed-off-by: Tim Lee <timlee660101@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
mkbootimg tool is part of the Android project and it is
used to pack Android boot images such as boot image
and vendor_boot image.
Use the following command to run mkbootimg:
$ python3 -m mkbootimg
Add mkbootimg to the docker file
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
As this is now the stable release, move to using that now for our tests.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Given the number of jobs in CI we have which use python and pip install
packages, we should do this once in the Dockerfile, in order to populate
the cache. We let each job continue to create and use the virtual
environments they need to facilitate making updates to these
environments easier.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The toolchain test causes the settings file to be overwritten, which is
annoying for local development. Fix it by passing None as the filename.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use external blob otpcmd.bin to replace the 0xff filled OTP programming
command block to create a firmware image that provisions the OTP on
first boot. This otpcmd.bin is generated from the customer keys using
steps described in the meta-iot2050 integration layer for the device.
Based on original patch by Baocheng Su.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
There are many ways to get a signed firmware for the IOT2050 devices,
namely for the parts under user-control. This script documents one way
of doing it, given a signing key. Augment the board documentation with
the required procedure around it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Allows to create a public key device tree dtsi for inclusion into U-Boot
SPL and proper during first build already. This can be achieved via
CONFIG_DEVICE_TREE_INCLUDES.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The latest version of the binary-only firmware parts come in a combined
form of FSBL and sysfw containers. This implies some layout changes to
the generated firmware image but also makes handling of artifacts much
simpler (4 files less). The env locations will not change, just the
space reserved for U-Boot will shrink from 4 to 3 MB - still plenty of
space left in practice.
Adjust configuration and documentation accordingly.
Along this change, add a new reservation for update commands of the
user-controlled OTP part. A specific userspace tool will fill it, and
the FSBL will evaluate it during boot. This reservation will use 64K of
the former sysfw section.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
A38x BootROM has a bug which cause that BootROM loads data part of UART
image into RAM target address increased by one byte when source address
and header size stored in the image header are not same.
Workaround this bug by completely removing a gap between header and data
part of the UART image. Without gap, this BootROM bug is not triggered.
This gap can be present in SDIO or SATA image types which have aligned
start of the data part to the media sector size. With this workaround
kwboot should be able to convert and send SDIO or SATA images for UART
booting.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Sending of very small images (smaller than 128 bytes = xmodem block size)
cause out-of-bound memory read access. Fix this issue by ensuring that
hdrsz when sending image is not larger than total size of the image.
Issue was introduced in commit f8017c3779 ("tools: kwboot: Fix sending
Kirkwood v0 images"). Special case when total image is smaller than header
size aligned to multiply of xmodem size is already handled since that
commit.
Fixes: f8017c3779 ("tools: kwboot: Fix sending Kirkwood v0 images")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Commit 7665ed2fa0 ("tools: kwboot: Fix parsing UART image without data
checksum") added fixup code to insert place for data checksum if UART image
does not have it. Together with option -B (change baudrate), kwboot
calculates this checksum. Without option -B, it inserts only place for
checksum but does not calculate it.
This commit fix above logic and calculate data checksum also when kwboot is
used without -B option.
Fixes: 7665ed2fa0 ("tools: kwboot: Fix parsing UART image without data checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Ensure that UART aligned header size is always stored into kwbimage v1
header. It is needed for proper UART booting. Calculation of headersz field
was broken in commit d656f5a0ee ("tools: kwboot: Calculate real used
space in kwbimage header when calling kwboot_img_grow_hdr()") which
introduced optimization of kwboot_img_grow_hdr() function.
Fixes: d656f5a0ee ("tools: kwboot: Calculate real used space in kwbimage header when calling kwboot_img_grow_hdr()")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 385 BootROM ignores low 7 bits of headersz when parsing kwbimage
header of UART type, which effectively means that headersz is rounded down
to multiply of 128 bytes. For all other image types BootROM reads and use
all bits of headersz. Therefore fill into UART type of kwbimage v1 headersz
aligned to 128 bytes.
Fixes: 2b0980c240 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
With clang-15 we now get reported that in the make_flame_tree function,
neither the missing_count nor depth variables are used, only
incremenete/decremented. Remove these.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
With clang-15, it is now reported that cont_img_count is unused. This is
true as the code will increment / reset this counter, but never
functionally use it. Remove it.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Given efforts to add an m68k target to CI, build qemu for it.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
binman signing feature
fix buildman -A bug introduced recently
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmQQ8KIRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYRmwgA1XAHafEOfhaya54nalUgW9qYZe5Ntfqd
4Tg7zj3gadZuv82LuyskEyBKptwRCzgX0Tyx62V3Oop9vJ/cCwjIB4AGhCsMKERf
NqcMd8fbGbJ9jJzOp7gNTHzV4vSmwKM0lRkxbClMFcvMsfVdKcBRPswLLghk5/xL
Uu4Ww4yfe7UCqgBm9uouVaIbcNNcl8p0QnSJT9HvwjGKawPT6uSHOHK9Wpkud0q1
ZyrPpCMA29mifhIU8aH5CJH5G61UbGcVSDhm9lIKwqZg+KJGuYf64JbZoY9JI2/z
pOUHLZx7fVHoFyWKWfVkA9l6HRjZTRc0nJhYFx5HyNUOU50hMENeTQ==
=ko2P
-----END PGP SIGNATURE-----
Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next
More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently
Signed-off-by: Tom Rini <trini@konsulko.com>
The previous attempt at fixing this broke the normal usage of the -A
flag.
At present, 'buildman -A sandbox' adds the path containing the
toolchain. We can assume that this is in the path and we don't want to
set CROSS_COMPILE=/bin/
Change this to align with what MakeEnvironment() does, but only for
sandbox boards.
Signed-off-by: Simon Glass <sjg@chromium.org>
Having to use the -K option to mkimage to populate U-Boot's .dtb with the
public key while signing the kernel FIT image is often a little
awkward. In particular, when using a meta-build system such as
bitbake/Yocto, having the tasks of the kernel and U-Boot recipes
intertwined, modifying deployed artifacts and rebuilding U-Boot with
an updated .dtb is quite cumbersome. Also, in some scenarios one may
wish to build U-Boot complete with the public key(s) embedded in the
.dtb without the corresponding private keys being present on the same
build host.
So this adds a simple tool that allows one to disentangle the kernel
and U-Boot builds, by simply copy-pasting just enough of the mkimage
code to allow one to add a public key to a .dtb. When using mkimage,
some of the information is taken from the .its used to build the
kernel (algorithm and key name), so that of course needs to be
supplied on the command line.
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add the documentation about binman sign option and providing an
example.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <sjg@chromium.org>
Currently, a microblaze build with CONFIG_SYS_BIG_ENDIAN=y and
CONFIG_STATIC_RELA=y fails with:
tools/relocate-rela: Not supported machine type
ELF decoding failed
make[2]: *** [u-boot/Makefile:1306: u-boot-nodtb.bin] Error 1
To fix this, convert the 32-bit codepath to use the previously added
elf{16,32}_to_cpu() functions. The aarch64 codepath is left untouched.
This commit ensures that CI doesn't fail for the next patches which enable
runtime relocation by default for microblaze.
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-3-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
Add elf16_to_cpu() and elf32_to_cpu() functions that allow to read data in
both big-endian and little-endian formats.
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-2-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
The sh_addr/sh_offset/sh_size fields in Elf32_Shdr are 32-bits wide, so
use le32_to_cpu() instead of the 64-bit variant.
Fixes: 5e0e1a86d3 ("tools: relocate-rela: Fix ELF decoding on big-endian hosts")
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ovidiu Panait <ovpanait@gmail.com>
Link: https://lore.kernel.org/r/20230311173838.521804-1-ovpanait@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present these are handled as if they are allowed to be missing, but
this is only true if the -M flag is provided. Fix this and add a test.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present, 'buildman -A sandbox' adds the path containing the
toolchain at present. We can assume that this is in the path and
we don't want to set CROSS_COMPILE=/bin/ so change this to align
with what MakeEnvironment() does.
Signed-off-by: Simon Glass <sjg@chromium.org>
For large series this can take a while. Run checkpatch in parallel to
try to reduce the time. The checkpatch information is still reported in
sequential order, so a very slow patch at the start can still slow
things down. But overall this gives good results.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
This script can take ages on some series. Try to limit the time by
using threads. If a few stubborn patches remain, show progress so the
user has some idea what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
This function is quite long. Moving the handling of a commit into a
separate function. This will make it easier to do the work in parallel.
Update function comments while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Patman does not do this anymore, as of this commit:
7428dc14b0 ("patman: Remove the -a option")
Drop the comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Create the necessary files to build this new package.
It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.
Fix a long line while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Create the necessary files to build this new package.
This is needed for binman.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update this so that the directory being used is declared at the top of
the file. Use pathlib as it seems to be more modern.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Create the necessary files to build this new package.
It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot. It is included for completeness, since adding
this later would be more trouble.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <sjg@chromium.org>
Using 'str' as a variable makes it impossible to use it as a type in the
same function. Fix this by using a different name.
Signed-off-by: Simon Glass <sjg@chromium.org>
It doesn't make much sense to expose tests when buildman is running
outside of the U-Boot git checkout. Hide the option in this case
Signed-off-by: Simon Glass <sjg@chromium.org>
Tests are not packaged with patman so this file will not be accessible
when installing with pip. Move the import later in the file, when we
know the file is present.
Signed-off-by: Simon Glass <sjg@chromium.org>
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.
To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
While our version is better, it is tricky to use it when we are trying
to package things with pip. Drop it.
Somewhat reduced functionality is provided by the upstream version[1],
along with a rather annoying message each time it is used[2] [3].
[1] pip install concurrencytest
[2] https://github.com/cgoldberg/concurrencytest/issues/12
[3] https://github.com/cgoldberg/concurrencytest/pull/14
Signed-off-by: Simon Glass <sjg@chromium.org>