u-boot.git/tools, branch next Unnamed repository; edit this file 'description' to name the repository. global: Update URL for U-Boot project 2026-05-25T15:30:47+00:00 Tom Rini trini@konsulko.com 2026-05-22T23:58:38+00:00 7c419d4b578492e9781d4d7e755809c78c2c3661 Our official domain is now u-boot-project.org, so update all in-tree references to use the correct domain. Reviewed-by: Tony Dinh <mibodhi@gmail.com> Reviewed-by: Peter Robinson <pbrobinson@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> 
Our official domain is now u-boot-project.org, so update all in-tree
references to use the correct domain.

Reviewed-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
tools: fwumdata: Fix use-after-free in parse_config() 2026-05-12T06:31:51+00:00 Kory Maincent kory.maincent@bootlin.com 2026-04-07T12:34:35+00:00 d5ea30b233e8162898d44da2c20dfc88e27d23db In parse_config(), devname is dynamically allocated by sscanf(). When sscanf() fails to fill enough fields (rc < 3), devname is freed and the loop continues to the next line. However, if the next call to sscanf() fails to match (rc == 0), devname is not written and still holds the stale freed pointer. The subsequent free(devname) then operates on already-freed memory. Fix this by resetting devname to NULL before each sscanf() call, so that a non-matching call leaves a NULL pointer and the subsequent free() becomes a harmless no-op. Reported-by: Coverity Scan Link: https://lists.denx.de/pipermail/u-boot/2026-April/614161.html Signed-off-by: Kory Maincent <kory.maincent@bootlin.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
In parse_config(), devname is dynamically allocated by sscanf().
When sscanf() fails to fill enough fields (rc < 3), devname is freed and
the loop continues to the next line. However, if the next call to sscanf()
fails to match (rc == 0), devname is not written and still holds the stale
freed pointer. The subsequent free(devname) then operates on
already-freed memory.

Fix this by resetting devname to NULL before each sscanf() call, so
that a non-matching call leaves a NULL pointer and the subsequent
free() becomes a harmless no-op.

Reported-by: Coverity Scan
Link: https://lists.denx.de/pipermail/u-boot/2026-April/614161.html
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
binman: Use bintool wrappers for PKCS#11 tools in tests 2026-05-11T18:05:10+00:00 Simon Glass sjg@chromium.org 2026-05-05T18:12:55+00:00 08bcf962c5fe1d2690ac3ff6dd75d3963325476b The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...) directly (and the equivalent for pkcs11-tool and p11-kit), even though the test setup has already constructed the corresponding Bintool instances. As Quentin Schulz observed on v1, the bintool wrapper for these tools is currently used only as an "is this installed?" probe. Route the eight remaining call sites in ftest.py through <bintool>.run_cmd(...), which the Bintool base class already provides. The change is test-side only; no production binman code calls these tools. Suggested-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...)
directly (and the equivalent for pkcs11-tool and p11-kit), even though
the test setup has already constructed the corresponding Bintool
instances. As Quentin Schulz observed on v1, the bintool wrapper for
these tools is currently used only as an "is this installed?" probe.

Route the eight remaining call sites in ftest.py through
<bintool>.run_cmd(...), which the Bintool base class already provides.
The change is test-side only; no production binman code calls these
tools.

Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
binman: Flesh out the softhsm2-util bintool docstring 2026-05-11T18:05:10+00:00 Simon Glass sjg@chromium.org 2026-05-05T18:12:54+00:00 44f9ccfdad47deadb1b61896dbbcf004b8c6fa0c The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what softhsm2-util does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.

Extend the docstring with a short description of what softhsm2-util
does and how binman uses it, so the generated documentation has useful
content.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
binman: Flesh out the pkcs11-tool bintool docstring 2026-05-11T18:05:10+00:00 Simon Glass sjg@chromium.org 2026-05-05T18:12:53+00:00 40c94fbf62b39a89171402054f0940d08fb05c9d The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what pkcs11-tool does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.

Extend the docstring with a short description of what pkcs11-tool does
and how binman uses it, so the generated documentation has useful
content.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
binman: Flesh out the p11-kit bintool docstring 2026-05-11T18:05:10+00:00 Simon Glass sjg@chromium.org 2026-05-05T18:12:52+00:00 4dc8f10edf90cab4d7f6b7106f5e52f6c23099ed The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what p11-kit does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.

Extend the docstring with a short description of what p11-kit does and
how binman uses it, so the generated documentation has useful content.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
patman: fix use in worktree 2026-05-11T18:05:10+00:00 Ludwig Nussel ludwig.nussel@siemens.com 2026-04-29T12:18:51+00:00 49fc812eb4303d833f413bd31c67d66a85e9d44c When using a worktree '.git' actually is a file and pygit2 init_repository() does not like that. The intention is not to create a new git repo anyway so use normal constructor instead of init_repository(). Signed-off-by: Ludwig Nussel <ludwig.nussel@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
When using a worktree '.git' actually is a file and pygit2
init_repository() does not like that. The intention is not to create
a new git repo anyway so use normal constructor instead of
init_repository().

Signed-off-by: Ludwig Nussel <ludwig.nussel@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge patch series "binman: Fix preload signing with encrypted FIT" 2026-05-05T16:37:16+00:00 Tom Rini trini@konsulko.com 2026-05-05T16:37:16+00:00 ae8987f4e690f397f507c4b1efabd68b3ed08db6 Yan WANG <yan.wang@softathome.com> says: This series improves the reliability and efficiency of binman preload header generation and test it against an encrypted FIT image signed with a preload header. When a preload header references other entries (e.g. an encrypted FIT) through the collection etype, the referenced entries may be rebuilt multiple times during binman processing. This becomes problematic when the referenced entry produces non-deterministic output, such as FIT encryption using random IVs or timestamps, since rebuilding the entry changes the data. This series ensures that referenced entries are built only once and that preload signing is performed after all data is collected. It also avoids unnecessary repacking or repeated signing operations by the preload. The changes include: * generate preload header placeholders in ObtainContents() and sign data only once in ProcessContentsUpdate() * mark referenced entries as build_done in the collection etype to avoid rebuilding data * add a functional test for signing an encrypted FIT with a preload header Link: https://lore.kernel.org/r/20260417083050.499955-1-yan.wang@softathome.com 
Yan WANG <yan.wang@softathome.com> says:

This series improves the reliability and efficiency of binman preload
header generation and test it against an encrypted FIT image signed with
a preload header.

When a preload header references other entries (e.g. an encrypted FIT)
through the collection etype, the referenced entries may be rebuilt
multiple times during binman processing. This becomes problematic when
the referenced entry produces non-deterministic output, such as FIT
encryption using random IVs or timestamps, since rebuilding the entry
changes the data.

This series ensures that referenced entries are built only once and that
preload signing is performed after all data is collected. It also avoids
unnecessary repacking or repeated signing operations by the preload.

The changes include:
  * generate preload header placeholders in ObtainContents() and sign
    data only once in ProcessContentsUpdate()
  * mark referenced entries as build_done in the collection etype to
    avoid rebuilding data
  * add a functional test for signing an encrypted FIT with a preload
    header

Link: https://lore.kernel.org/r/20260417083050.499955-1-yan.wang@softathome.com
tools: binman: Test signing an encrypted FIT with a preload header 2026-05-05T16:37:09+00:00 Paul HENRYS paul.henrys_ext@softathome.com 2026-04-17T08:30:50+00:00 b20d69e5f57bee299380bb30112856e51d8f26b0 Add a test to verify the preload header correctly signs an encrypted FIT. This test exercises the case where encryption uses random IVs that would change between mkimage calls. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Add a test to verify the preload header correctly signs an encrypted
FIT. This test exercises the case where encryption uses random IVs that
would change between mkimage calls.

Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
binman: collection: Set build_done on referenced entries 2026-05-05T16:37:09+00:00 yan wang yan.wang@softathome.com 2026-04-17T08:30:49+00:00 9ff82a771c44a8cf38bd52b556f685ddbc6f1a55 The collection etype uses phandles in the 'content' property to reference other entries. Mark each referenced entry with build_done to avoid rebuilding the same entry data multiple times. This is important for cases where rebuilding may change the data content, e.g. due to timestamps or random IVs in encryption. Refactor GetContentsByPhandle() to return both the entry object and its data. Signed-off-by: yan wang <yan.wang@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
The collection etype uses phandles in the 'content' property to
reference other entries. Mark each referenced entry with build_done
to avoid rebuilding the same entry data multiple times.

This is important for cases where rebuilding may change the data
content, e.g. due to timestamps or random IVs in encryption.

Refactor GetContentsByPhandle() to return both the entry object and
its data.

Signed-off-by: yan wang <yan.wang@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>