<feed xmlns='http://www.w3.org/2005/Atom'>
<title>u-boot.git/tools/binman/etype, branch master</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>http://cgit.235523.xyz/u-boot.git/atom/tools/binman/etype?h=master</id>
<link rel='self' href='http://cgit.235523.xyz/u-boot.git/atom/tools/binman/etype?h=master'/>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/'/>
<updated>2026-06-26T20:08:59Z</updated>
<entry>
<title>binman: Add optee binary to i.MX9 platform types</title>
<updated>2026-06-26T20:08:59Z</updated>
<author>
<name>Mathieu Dubois-Briand</name>
<email>mathieu.dubois-briand@bootlin.com</email>
</author>
<published>2026-06-10T14:17:09Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=223d0f0de8bd05a5957a1e2ff1d73314d34343cd'/>
<id>urn:sha1:223d0f0de8bd05a5957a1e2ff1d73314d34343cd</id>
<content type='text'>
OP-TEE tee.bin is generated externally and might be missing during the
build.

Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
</content>
</entry>
<entry>
<title>binman: imx8mimage: Handle nxp,boot-from = "fspi"</title>
<updated>2026-06-04T20:26:40Z</updated>
<author>
<name>Marek Vasut</name>
<email>marex@nabladev.com</email>
</author>
<published>2026-05-30T17:08:24Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=822a98588d16e5542b4e4d9d23c19a8ee7e93040'/>
<id>urn:sha1:822a98588d16e5542b4e4d9d23c19a8ee7e93040</id>
<content type='text'>
Boot from FSPI requires additional 448 Byte long header, with U-Boot SPL
starting at offset 0x1000. Currently, both i.MX8MM and i.MX8MN attempt
to generate this header using fspi_conf_block with filename pointing at
CONFIG_FSPI_CONF_FILE file. This does not work, for two reasons.

First, the CONFIG_FSPI_CONF_FILE is generated by mkimage -T imx8mimage
and may not be available yet when the fspi_conf_block is evaluated. That
leads to a race condition where highly parallel builds fail to find the
CONFIG_FSPI_CONF_FILE, which is usually called fspi_header.bin, on first
build attempt.

Second, binman gets confused and patches incorrect offset of DDR PHY
firmware blobs into U-Boot SPL, the offset is incremented by exactly
0x1000 which is the size of fspi_conf_block.

Fix both problems at once, make imx8mimage handle the generated FSPI
header and prepend it in front of the imx8mimage processed data. This
way, the race condition is solved, because the data generated by the
imx8mimage are surely combined only after mkimage -T imx8mimage ran.
The binman offset calculation is also solved, because there is no
fspi_conf_block node in the DT anymore.

Signed-off-by: Marek Vasut &lt;marex@nabladev.com&gt;
</content>
</entry>
<entry>
<title>global: Update URL for U-Boot project</title>
<updated>2026-05-25T15:30:47Z</updated>
<author>
<name>Tom Rini</name>
<email>trini@konsulko.com</email>
</author>
<published>2026-05-22T23:58:38Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=7c419d4b578492e9781d4d7e755809c78c2c3661'/>
<id>urn:sha1:7c419d4b578492e9781d4d7e755809c78c2c3661</id>
<content type='text'>
Our official domain is now u-boot-project.org, so update all in-tree
references to use the correct domain.

Reviewed-by: Tony Dinh &lt;mibodhi@gmail.com&gt;
Reviewed-by: Peter Robinson &lt;pbrobinson@gmail.com&gt;
Signed-off-by: Tom Rini &lt;trini@konsulko.com&gt;
</content>
</entry>
<entry>
<title>binman: collection: Set build_done on referenced entries</title>
<updated>2026-05-05T16:37:09Z</updated>
<author>
<name>yan wang</name>
<email>yan.wang@softathome.com</email>
</author>
<published>2026-04-17T08:30:49Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=9ff82a771c44a8cf38bd52b556f685ddbc6f1a55'/>
<id>urn:sha1:9ff82a771c44a8cf38bd52b556f685ddbc6f1a55</id>
<content type='text'>
The collection etype uses phandles in the 'content' property to
reference other entries. Mark each referenced entry with build_done
to avoid rebuilding the same entry data multiple times.

This is important for cases where rebuilding may change the data
content, e.g. due to timestamps or random IVs in encryption.

Refactor GetContentsByPhandle() to return both the entry object and
its data.

Signed-off-by: yan wang &lt;yan.wang@softathome.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>binman: Generate preload header and sign data only once</title>
<updated>2026-05-05T16:37:09Z</updated>
<author>
<name>Paul HENRYS</name>
<email>paul.henrys_ext@softathome.com</email>
</author>
<published>2026-04-17T08:30:48Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=5006121b44a2d147e7e426c74537b3566407e853'/>
<id>urn:sha1:5006121b44a2d147e7e426c74537b3566407e853</id>
<content type='text'>
To optimize preload generation, generate the header and signatures only
after all data has been collected in ProcessContentsUpdate(). This
avoids signing the data multiple times.

Since header_size is known upfront (from __init__), create a placeholder
in `ObtainContents()` to avoid an extra packing pass when
ProcessContentsUpdate() detects a size change.

This reduces unnecessary repacking and signing operations.

Signed-off-by: Paul HENRYS &lt;paul.henrys_ext@softathome.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>binman: DTS: Add dump-signature option for capsules</title>
<updated>2026-03-18T12:14:17Z</updated>
<author>
<name>Wojciech Dubowik</name>
<email>Wojciech.Dubowik@mt.com</email>
</author>
<published>2026-02-20T09:15:15Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=e2c46d33cfbb92f493b520524a099fdf9af0a056'/>
<id>urn:sha1:e2c46d33cfbb92f493b520524a099fdf9af0a056</id>
<content type='text'>
Mkeficapsule can dump signature for signed capsules. It can
be used in test to validate signature i.e. with openssl.
Add an entry for device tree node.

Signed-off-by: Wojciech Dubowik &lt;Wojciech.Dubowik@mt.com&gt;
Reviewed-by: Simon Glass &lt;simon.glass@canonical.com&gt;
</content>
</entry>
<entry>
<title>binman: Accept pkcs11 URI tokens for capsule updates</title>
<updated>2026-03-18T12:14:17Z</updated>
<author>
<name>Wojciech Dubowik</name>
<email>Wojciech.Dubowik@mt.com</email>
</author>
<published>2026-02-20T09:15:12Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=a8c8ebc8064183921ed419130df229a9d5d43192'/>
<id>urn:sha1:a8c8ebc8064183921ed419130df229a9d5d43192</id>
<content type='text'>
With pkcs11 support in mkeficapsule we can now accept URI
tokens and not only files.

Signed-off-by: Wojciech Dubowik &lt;Wojciech.Dubowik@mt.com&gt;
Reviewed-by: Simon Glass &lt;simon.glass@canonical.com&gt;
</content>
</entry>
<entry>
<title>binman: blob_dtb: improve error message when SPL is not found</title>
<updated>2025-12-10T19:45:29Z</updated>
<author>
<name>Jérémie Dautheribes</name>
<email>jeremie.dautheribes@bootlin.com</email>
</author>
<published>2025-11-28T11:03:04Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=66be03b7ee19444b23aae3990a434a7470fc1641'/>
<id>urn:sha1:66be03b7ee19444b23aae3990a434a7470fc1641</id>
<content type='text'>
When using binman with the '-a spl-dtb=y' flag, if the SPL blob is not
found, binman throws a cryptic error message:
binman: 'NoneType' object has no attribute 'startswith'

Let's improve the error message to explicitly state which SPL blob is
missing.
This is particularly useful when binman is used as a standalone tool
outside the U-Boot source tree.

Signed-off-by: Jérémie Dautheribes &lt;jeremie.dautheribes@bootlin.com&gt;
[trini: Add '# pragma: no cover' because coverage doesn't seem to like
the documentation about this error]
Signed-off-by: Tom Rini &lt;trini@konsulko.com&gt;
</content>
</entry>
<entry>
<title>tools: binman: fit: add support for OpenSSL engines</title>
<updated>2025-12-06T17:43:08Z</updated>
<author>
<name>Quentin Schulz</name>
<email>quentin.schulz@cherry.de</email>
</author>
<published>2025-11-21T17:14:59Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=fc75d216f0162d4a85b60fefa9938b8690480e27'/>
<id>urn:sha1:fc75d216f0162d4a85b60fefa9938b8690480e27</id>
<content type='text'>
This adds support for using an OpenSSL engine for signing a FIT image.
To use it, one should set the fit,engine property at the FIT node level
with the engine to use. This will in turn call mkimage with the -N
option.

The -k argument to mkimage can be specified via fit,engine-keydir. If
not specified, -k is not passed to mkimage. This property is especially
useful for pkcs11 engine to specify slots, token label, etc...

As far as I could tell, mkimage encrypts and signs a FIT in one go, thus
the -k argument applies to both signing and encrypting. Considering we
reuse the -k argument for two different meanings (info to pass to the
engine when using an engine otherwise the directory where keys are
stored), we cannot reasonably encrypt using local keys and signing with
an engine, hence the enforced check. I believe it should be possible to
support encrypting and signing with the same engine (using different
key pairs of course, via different key-name-hint likely), but this is
left for the next person to implement.
This is why the property is named fit,engine and not fit,sign-engine.
Ditto for fit,engine-keydir.

The public key (with .crt extension) is still required if it needs to be
embedded in the SPL DTB for example. We could probably support
retrieving the public key from an engine, but this is a change to make
to fdt_add_pubkey.c.

Signed-off-by: Quentin Schulz &lt;quentin.schulz@cherry.de&gt;
</content>
</entry>
<entry>
<title>binman: add a new entry type to support .bin file generation for the i.MX95 platform</title>
<updated>2025-09-17T11:16:04Z</updated>
<author>
<name>Alice Guo</name>
<email>alice.guo@nxp.com</email>
</author>
<published>2025-09-05T18:22:03Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=5c389e61902d12bf295c3ab1db221da3fb034519'/>
<id>urn:sha1:5c389e61902d12bf295c3ab1db221da3fb034519</id>
<content type='text'>
To support passing specific commands defined in enum imx8image_cmd to
the imx8image_copy_image() function, this patch introduces a new entry
type nxp-imx9image. This entry generates a plain text data file
containing the relevant commands, enabling flexible configuration during
image creation.

Signed-off-by: Alice Guo &lt;alice.guo@nxp.com&gt;
</content>
</entry>
</feed>
