| Age | Commit message (Collapse) | Author |
|---|
|
Bring this file into the documentation. For now it is not in the correct
format for a command, but it is valid rST. Futher work will improve this.
Signed-off-by: Simon Glass <[email protected]>
|
|
Bring this file into the documentation.
Signed-off-by: Simon Glass <[email protected]>
|
|
Bring this file into the documentation.
Signed-off-by: Simon Glass <[email protected]>
|
|
Bring these files into the documentation.
Fix 'wtih' and 'it' typos and repeated 'could' while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
Bring this file into the documentation.
Signed-off-by: Simon Glass <[email protected]>
|
|
Convert these to rST format and add them to the index.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this document and convert it to rST. Make minimal changes, enough
for it to build successfully.
Future patches will tidy this up.
Signed-off-by: Simon Glass <[email protected]>
|
|
Since U-Boot supports more RSA/SHA variants, as well as ECDSA, remove
these items from the TODO list.
Signed-off-by: Baruch Siach <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Signed-off-by: Baruch Siach <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
Signed-off-by: Baruch Siach <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
U-Boot supports more hash and verification algorithms these days.
Signed-off-by: Baruch Siach <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/[email protected]/
[2] https://lore.kernel.org/u-boot/[email protected]/
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add support for filtering out FIT images by phase. Rather than adding yet
another argument to this already overloaded function, use a composite
value, where the phase is only added in if needed.
The FIT config is still selected (and verified) as normal, but the images
are selected based on the phase.
Tests for this come in a little later, as part of the updated VPL test.
Signed-off-by: Simon Glass <[email protected]>
|
|
We want to be able to mark an image as related to a phase, so we can
easily load all the images for SPL or for U-Boot proper.
Add this to the FIT specification, along with some access functions.
Signed-off-by: Simon Glass <[email protected]>
|
|
This is not needed and we should avoid typedefs. Use the struct instead
and rename it to indicate that it really is a legacy struct.
Signed-off-by: Simon Glass <[email protected]>
|
|
Describe exactly which bytes are hashed and in what order
when signing a configuration.
Signed-off-by: Martin Bonner <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to
handle loading encrypted bitfiles.
This feature requires encrypted FSBL, as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM
or eFUSEs, as a key source to the AES engine if the FSBL is not
encrypted. This prevents using the BBRAM or eFUSE as the key source
to the AES engine during run-time applications."
Signed-off-by: Adrian Fiergolski <[email protected]>
Co-developed-by: Oleksandr Suvorov <[email protected]>
Signed-off-by: Oleksandr Suvorov <[email protected]>
Tested-by: Adrian Fiergolski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Michal Simek <[email protected]>
|
|
Add supporting new compatible string "u-boot,zynqmp-fpga-ddrauth" to
handle loading authenticated images (DDR).
Based on solution by Jorge Ramirez-Ortiz <[email protected]>
Signed-off-by: Oleksandr Suvorov <[email protected]>
Tested-by: Ricardo Salveti <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Michal Simek <[email protected]>
|
|
This patch adds the possibility to pass the PIN the OpenSSL Engine
used during signing via the environment variable MKIMAGE_SIGN_PIN.
This follows the approach used during kernel module
signing ("KBUILD_SIGN_PIN") or UBIFS image
signing ("MKIMAGE_SIGN_PIN").
Signed-off-by: Marc Kleine-Budde <[email protected]>
|
|
Fix value fields in signature nodes.
Signed-off-by: Thomas Perrot <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The new correct way to load an FPGA image is to declare it in the list
of "loadables". multi-with-fpga.its used the now deprecated "fpga"
property. Since this example most likely intended to use u-boot's
generic FPGA loading code, compatible = "u-boot,fpga-legacy" is also
appropriate here.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Commit 4afc4f37c70e ("doc: FIT image: Clarify format and simplify
syntax") introduced a "compatible" property for loadable images.
It did not define its contents. Use "u-boot,fpga-legacy" compatible
string to specify that fpga_load() should be used to load the image.
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
After lots of debating, this documents how we'd like mkimage to treat
'keydir' and 'keyfile' arguments. The rest is in the docs.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
** Introduction
There are currently four ways to load an OS image with u-boot
1. SPL -> u-boot -> bootm
2. SPL blue falcon mode
3. "Basic" FIT image (CONFIG_LOAD_FIT)
4. "Full-featured" FIT image (CONFIG_LOAD_FIT_FULL)
These four code paths were developed independently, and share very
little code. (3) and (4), behave very differently, are littered with
special cases. They even have different DTS syntax and properties.
The cause of this divergence is that the FIT format specification
leaves a number of things open to interpretation. The purpose of this
change is to enable the reduction of code size, duplication, and
complexity by updating and streamlining the FIT format.
We are only marginally concerned with backwards compatibility, because
we don't have inter-compatibility. For example, CONFIG_LOAD_FIT is
able to load images that CONFIG_LOAD_FIT_FULL won't. This is a direct
result of the incompatible syntax between the two implementations.
Ideally, these changes would enable "simple" FIT to be a subset of the
"full" fit implementation, and share most code. These changes should
also eliminate the need for falcon mode (although we are not
advocating for the removal of falcon mode at this time).
** Description of changes
* The "configurations" node is now mandatory
Guessing how to load components based on their "os" and "type" invites
confusion and superfluous heuristics. Instead, require each FIT image
to be explicit on how components should be loaded.
* Eliminate "ramdisk", "setup", "standalone", and "fpga" properties
Having too many special purpose properties requires special-casing
FIT loading code. When a special property can be handled by another
property, it is redundant.
- A "ramdisk" is identical to a loadable. Thus ramdisk images should
be placed under "loadables".
- A "setup" node can be achieved by using a "kernel" or "firmware"
property instead.
- "standalone" is used for u-boot nodes. The correct property to use
in this case is "firmware".
- "fpga" is a loadable
* Prioritize control between "firmware" and "kernel"
"firmware" and "kernel" are special nodes in that control is passed
to the "entry-point" of the image. Both can be present, for example,
an OP-TEE firmware with a linux kernel. When both are present,
control is passed to the "firmware" image.
** Further generalizations (not included herein)
The "firmware" and "kernel" properties could be generalized as a
"next-boot-stage", or similar name. This "next" stage would be special
in that it is both executable, and is the stage that is passed
control. For example, "next-stage" could be an op-tee image, with
linux as a loadable, or a u-boot image.
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
u_boot should be u-boot
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
Reviewed-by: Jagan Teki <[email protected]>
|
|
SPL is creating fit-images DT node when loadables are recorded in selected
configuration. Entries which are created are using entry-point and
load-addr property names. But there shouldn't be a need to use non standard
properties because entry/load are standard FIT properties. But using
standard FIT properties enables option to use generic FIT functions to
descrease SPL size. Here is result for ZynqMP virt configuration:
xilinx_zynqmp_virt: spl/u-boot-spl:all -82 spl/u-boot-spl:rodata -22 spl/u-boot-spl:text -60
The patch causes change in run time fit image record.
Before:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry-point = <0x8000000>;
load-addr = <0x8000000>;
};
};
After:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry = <0x8000000>;
load = <0x8000000>;
};
};
Replacing calling fdt_getprop_u32() by fit_image_get_entry/load() also
enables support for reading entry/load properties recorded in 64bit format.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add documentation about 'required-mode' property in /signature node
in U-Boot's control FDT.
Signed-off-by: Thirupathaiah Annapureddy <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
When update_uboot.its is used directly there is syntax error for no reason.
Error report:
mkimage -f update_uboot.its boot
Error: update_uboot.its:18.12-13 syntax error
FATAL ERROR: Unable to parse input tree
mkimage: Can't read boot.tmp: Invalid argument
Fixes: 4bae90904b69 ("Automatic software update from TFTP server")
Signed-off-by: Michal Simek <[email protected]>
|
|
When building U-Boot we select the architecture via Kconfig and not ARCH
being passed in via the environment or make cmdline.
Cc: Lokesh Vutla <[email protected]>
Cc: Vitaly Andrianov <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.
Signed-off-by: Jan Luebbe <[email protected]>
Signed-off-by: Bastian Krause <[email protected]>
Reviewed-by: George McCollister <[email protected]>
|
|
The image is usually stored in block device like emmc, SD card, make the
offset of image data aligned to block(512 byte) can avoid data copy
during boot process.
eg. SPL boot from FIT image with external data:
- SPL read the first block of FIT image, and then parse the header;
- SPL read image data separately;
- The first image offset is the base_offset which is the header size;
- The second image offset is just after the first image;
- If the offset of imge does not aligned, SPL will do memcpy;
The header size is a ramdon number, which is very possible not aligned, so
add '-B size'to specify the align size in hex for better performance.
example usage:
./tools/mkimage -E -f u-boot.its -B 0x200 u-boot.itb
Signed-off-by: Kever Yang <[email protected]>
Reviewed-by: Punit Agrawal <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
This patch adds an example FIT image description file demonstrating
the usage of bootm command to securely launch UEFI binaries.
Signed-off-by: Cristian Ciocaltea <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Describe that a signature node can be added to a binary device tree using
the mkimage tool.
Provide an example device tree node.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Signed-off-by: Thomas Hebb <[email protected]>
|
|
This patch adds support for an optional optimization to compatible
string matching where the compatible string property from the root node
of the kernel FDT can be copied into the configuration node of the FIT
image. This is most useful when using compressed FDTs or when using FDT
overlays, where the traditional extraction of the compatible string from
the kernel FDT itself is not easily possible.
Signed-off-by: Julius Werner <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add missing newline before title and subtitle.
Signed-off-by: Mickaël Tansorier <[email protected]>
|
|
Increment conf id to avoid to have two same conf name
into one configuration description.
Signed-off-by: Mickaël Tansorier <[email protected]>
|
|
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.
Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.
Signed-off-by: Vesa Jääskeläinen <[email protected]>
Cc: Tom Rini <[email protected]>
|
|
The name CONFIG_LEGACY_IMAGE_FORMAT reads slightly better along with
allowing us to avoid a rather nasty Kbuild/Kconfig issue down the line
with CONFIG_IS_ENABLED(IMAGE_FORMAT_LEGACY). In a few places outside of
cmd/ switch to using CONFIG_IS_ENABLED() to test what is set.
Signed-off-by: Tom Rini <[email protected]>
|
|
Signed-off-by: Philippe Reynes <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Fix typo in beaglebone verified boot documentation.
Signed-off-by: Pierre-Jean Texier <[email protected]>
|
|
Compressed images should have their compression property
set to "none" if U-Boot should leave them compressed.
This is especially the case for compressed ramdisks that
should be uncompressed by the kernel only.
Signed-off-by: Simon Goldschmidt <[email protected]>
|
|
Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.
Signed-off-by: Sumit Garg <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
The DT spec demands a unit-address of a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image example files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <[email protected]>
|
|
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <[email protected]>
|
|
For external data, FIT has a optional property "data-position" which
can set the external data to a fixed offset to FIT beginning.
Add the support for this property in SPL FIT.
Signed-off-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Tomas Melin <[email protected]>
Cc: Pantelis Antoniou <[email protected]>
Cc: "Andrew F. Davis" <[email protected]>
Cc: Igor Grinberg <[email protected]>
Cc: "[email protected]" <[email protected]>
Cc: Kever Yang <[email protected]>
Cc: Andre Przywara <[email protected]>
Cc: York Sun <[email protected]>
Cc: Lokesh Vutla <[email protected]>
Cc: "Cooper Jr., Franklin" <[email protected]>
Cc: George McCollister <[email protected]>
Cc: Tuomas Tynkkynen <[email protected]>
Cc: Jean-Jacques Hiblot <[email protected]>
Cc: Rick Altherr <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Lokesh Vutla <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
As you see in crypto_algos in common/image-sig.c, the algorithm
should be either "rsa2048" or "rsa4096". "rs2048" is a typo.
Signed-off-by: Masahiro Yamada <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Pull some information regarding overlays from commit messages and
put them directly within the documentation. Also add some information
regarding required dtc version to properly use overlays.
Signed-off-by: Franklin S Cooper Jr <[email protected]>
Acked-by: Simon Glass <[email protected]>
|
|
Signed-off-by: Pantelis Antoniou <[email protected]>
Reviewed-by: Łukasz Majewski
Acked-by: Simon Glass <[email protected]>
|
