u-boot.git/tools/Makefile, branch v2021.04 Unnamed repository; edit this file 'description' to name the repository. arm: mvebu: a38x: Remove dead code ARMADA_39X 2021-03-12T06:44:21+00:00 Pali Rohár pali@kernel.org 2021-03-05T14:52:42+00:00 15942805b7efe47e186d8b30ec378666561ad1f9 Config option ARMADA_39X is never set so remove all dead code hidden under ifdef CONFIG_ARMADA_39X blocks. Also remove useless checks for CONFIG_ARMADA_38X define as this macro is always defined for a38x code path. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> 
Config option ARMADA_39X is never set so remove all dead code hidden under
ifdef CONFIG_ARMADA_39X blocks.

Also remove useless checks for CONFIG_ARMADA_38X define as this macro is
always defined for a38x code path.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
tools/Makefile: FIT_CIPHER requires libssl 2021-01-22T21:17:52+00:00 Joel Stanley joel@jms.id.au 2020-12-08T04:12:13+00:00 5d40d5f12edac9ffccce955509f4cb4a7aa763a2 If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then mkimage/dumpimage will fail to link: /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data': image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc' /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt': aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new' /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex' /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate' /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free' /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex' collect2: error: ld returned 1 exit status Signed-off-by: Joel Stanley <joel@jms.id.au> 
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then
mkimage/dumpimage will fail to link:

 /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
 image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc'
 /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt':
 aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new'
 /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex'
 /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate'
 /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free'
 /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex'
 collect2: error: ld returned 1 exit status

Signed-off-by: Joel Stanley <joel@jms.id.au>
tools: mkimage: Add Allwinner eGON support 2021-01-11T23:19:33+00:00 Andre Przywara andre.przywara@arm.com 2018-12-20T01:15:18+00:00 6d295099cc96ed39cd2229dad376ab00baba9a5d So far we used the separate mksunxiboot tool for generating a bootable image for Allwinner SPLs, probably just for historical reasons. Use the mkimage framework to generate a so called eGON image the Allwinner BROM expects. The new image type is called "sunxi_egon", to differentiate it from the (still to be implemented) secure boot TOC0 image. Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net> Reviewed-by: Samuel Holland <samuel@sholland.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.

Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge tag 'v2021.01-rc5' into next 2021-01-05T21:20:26+00:00 Tom Rini trini@konsulko.com 2021-01-05T21:20:26+00:00 720620e6916ba40b9a173bb07706d2c73f3c23e7 Prepare v2021.01-rc5 Signed-off-by: Tom Rini <trini@konsulko.com> 
Prepare v2021.01-rc5

Signed-off-by: Tom Rini <trini@konsulko.com>
mkeficapsule: Add support for embedding public key in a dtb 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:56:59+00:00 322c813f4becb6a256e0eeedd8e6a856bb075dfc Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
tools: add mkeficapsule command for UEFI capsule update 2020-12-03T20:22:50+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-11-30T09:12:15+00:00 fab430be2f48a61eea470468ec57b0454707e2b4 This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This is a utility mainly for test purpose.
  mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
mips: octeon: tools: Add update_octeon_header tool 2020-11-30T17:32:09+00:00 Stefan Roese sr@denx.de 2020-11-30T12:14:23+00:00 540a2bcec1389a3a31c23b5275e73186be6102b2 Add a tool to update or insert an Octeon specific header into the U-Boot image. This is needed e.g. for booting via SPI NOR, eMMC and NAND. While working on this, move enum cvmx_board_types_enum and cvmx_board_type_to_string() to cvmx-bootloader.h and remove the unreferenced (unsupported) board definition. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Aaron Williams <awilliams@marvell.com> Cc: Chandrakala Chavva <cchavva@marvell.com> Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> 
Add a tool to update or insert an Octeon specific header into the U-Boot
image. This is needed e.g. for booting via SPI NOR, eMMC and NAND.

While working on this, move enum cvmx_board_types_enum and
cvmx_board_type_to_string() to cvmx-bootloader.h and remove the
unreferenced (unsupported) board definition.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Aaron Williams <awilliams@marvell.com>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Add support for SHA384 and SHA512 2020-06-12T17:14:07+00:00 Reuben Dowle reubendowle0@gmail.com 2020-04-16T05:36:52+00:00 d16b38f42704fe3cc94fbee1601be96045013151 The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com> 
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
rename symbol: CONFIG_KIRKWOOD -> CONFIG_ARCH_KIRKWOOD 2020-05-15T18:47:35+00:00 Trevor Woerner twoerner@gmail.com 2020-05-06T12:02:40+00:00 bb0fb4c0f40803eaffd7a4fc0ec3a9fe4a8be0f0 Have this symbol follow the pattern of all other such symbols. This patch also removes a TODO from the code. Reviewed-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Trevor Woerner <twoerner@gmail.com> 
Have this symbol follow the pattern of all other such symbols.
This patch also removes a TODO from the code.

Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
fdt_region: move fdt_region.c to common/ from lib/libfdt/ 2020-04-26T20:23:55+00:00 Masahiro Yamada masahiroy@kernel.org 2020-04-16T09:30:17+00:00 3e69db1223b9db82705fcc96b76caf0d8a468d12 My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is, make lib/libfdt/ contain only wrapper files. fdt_region.c was written only for U-Boot to implement the verified boot. So, this belongs to the same group as common/fdt_support.c, which is a collection of U-Boot own fdt helpers. Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.

fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.

Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>