| Age | Commit message (Collapse) | Author |
|---|
|
Test pkcs11 URI support for UEFI capsule generation. Both
public certificate and private key are used over pkcs11
protocol.
Pkcs11-tool has been introduced as softhsm tool doesn't have
functionality to import certificates in commonly distributed
version (only in the latest).
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Three files are currently missing test coverage: nxp_imx8mcst,
nxp_imx8mimage and cst
Add test methods to cover all missing code paths, trying to reuse the
same .dts files where possible.
This brings all three files to 100% coverage.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move key.key and key.pem into the security/ subdirectory. These are
used by security, vendor, and capsule tests but security is the most
natural home for key material. Update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the signing-related test data (keys, certificates, OpenSSL and
SoftHSM2 configuration, dummy engine source) into the fit/ subdirectory
alongside the FIT DTS test files. Drop the 340_ prefix from files that
had it. Update the Makefile and all ftest.py references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move descriptor.bin, fitimage.bin.gz and ifwi.bin.gz into the x86/
subdirectory alongside the x86 DTS test files and update all
references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the remaining 60 or so test files into an entry/ subdirectory.
These cover general entry types and features: entry args, fill, text,
env, compress, replace, template, collection, ELF, overlap, listing,
sections, symlink, TEE OS, and other miscellaneous entries. Drop the
numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 10 test files for binman symbol patching into a symbols/
subdirectory. Drop the numeric prefixes and the redundant symbols_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 20 test files for vendor-specific platform support (TI, NXP
i.MX, Renesas R-Car, Rockchip, PowerPC MPC85xx) into a vendor/
subdirectory. Drop the numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for UEFI capsule creation (signed,
versioned, accept, revert) into a capsule/ subdirectory. Drop the
numeric prefixes and the redundant capsule_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 15 test files for ARM Trusted Firmware FIP, ATF BL31, SCP,
OpenSBI, and BL1 entries into a fip/ subdirectory. Drop the numeric
prefixes and the redundant fip_ filename prefix, and update all
references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for mkimage entries into a mkimage/
subdirectory. Drop the numeric prefixes and the redundant mkimage_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 10 test files for ChromeOS entries (GBB, vblock, FMAP)
into a cros/ subdirectory. Drop the numeric prefixes and update all
references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about a dozen test files for Coreboot File System entries into a
cbfs/ subdirectory. Drop the numeric prefixes and the redundant cbfs_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 20 test files for signing, encryption, hash, pre-load,
x509, and Xilinx bootgen entries into a security/ subdirectory. Drop
the numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for blob, blob-ext, blob-ext-list,
fake-blob, and blob-symbol entries into a blob/ subdirectory. Drop
the numeric prefixes and the redundant blob_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 30 test files for FDT update, fdtmap, DTB compression,
alternates, and bootph into an fdt/ subdirectory. Drop the numeric
prefixes and the redundant fdt_ filename prefix, and update all
references.
Remove the unused no_alt_format.dts which has no references in any
test.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 40 test files for FIT images (signing, external data,
split-elf, encryption, alignment, firmware loadables, templates) into
a fit/ subdirectory. Drop the numeric prefixes and the redundant fit_
filename prefix, and update all references.
Rename the three signature.dts variants to have unique names:
signature.dts, signature_multi_key.dts and signature_no_nodes.dts.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about 40 test files for x86 and Intel platform support (ROM,
microcode, ME, IFWI, FSP, descriptor, reset16, start16, FIT) into an
x86/ subdirectory. Drop the numeric prefixes and the redundant x86_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about a dozen test files for U-Boot image variants (SPL, TPL,
VPL, DTB, nodtb, bss-pad) into an xpl/ subdirectory. Drop the
numeric prefixes and the redundant u_boot_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 50 test files related to basic layout, packing, alignment,
sections, and image structure into a pack/ subdirectory. Drop the
numeric prefixes from the filenames and update all references in
ftest.py, entry_test.py, and binman_tests.rst
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
The test certificate expired on Feb 13, 2024. This just used for
testing, so regenerate it with a 100-year validity period.
Suggested-by: Quentin Schulz <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
This adds a test that signs a FIT and verifies the signature with
fit_check_sign.
OpenSSL engines are typically for signing with external HW so it's not
that straight-forward to simulate.
For a simple RSA OpenSSL engine, a dummy engine with a hardcoded RSA
4096 private key is made available. It can be selected by setting the
OpenSSL engine argument to dummy-rsa-engine. This can only be done if
the engine is detected by OpenSSL, which works by setting the
OPENSSL_ENGINES environment variable. I have no clue if dummy-rsa-engine
is properly implementing what is expected from an RSA engine, but it
seems to be enough for testing.
For a simple PKCS11 engine, SoftHSMv2 is used, which allows to do PKCS11
without specific hardware. The keypairs and tokens are generated on the
fly. The "prod" token is generated with a different PIN (1234 instead of
1111) to also test MKIMAGE_SIGN_PIN env variable while we're at it.
Binman will not mess with the local SoftHSMv2 setup as it will only use
tokens from a per-test temporary directory enforced via the temporary
configuration file set via SOFTHSM2_CONF env variable in the tests. The
files created in the input dir should NOT be named the same as it is
shared between all tests in the same process (which is all tests when
running binman with -P 1 or with -T).
Once signed, it's checked with fit_check_sign with the associated
certificate.
Finally, a new softhsm2_util bintool is added so that we can initialize
the token and import keypairs. On Debian, the package also brings
libsofthsm2 which is required for OpenSSL to interact with SoftHSMv2. It
is not the only package required though, as it also needs p11-kit and
libengine-pkcs11-openssl (the latter bringing the former). We can detect
if it's properly installed by running openssl engine dynamic -c pkcs11.
If that fails, we simply skip the test.
The package is installed in the CI container by default.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
platform
To support passing specific commands defined in enum imx8image_cmd to
the imx8image_copy_image() function, this patch introduces a new entry
type nxp-imx9image. This entry generates a plain text data file
containing the relevant commands, enabling flexible configuration during
image creation.
Signed-off-by: Alice Guo <[email protected]>
|
|
Add new etype which generates the Renesas R-Car Gen4 SA0 header.
This header is placed at the beginning of SPI NOR and describes
where should data from SPI NOR offset 0x40000 be loaded to, and
how much data should be loaded there. In case of U-Boot, this is
used to load SPL and possibly other payload(s) into RT-VRAM.
Signed-off-by: Marek Vasut <[email protected]>
|
|
key-name-hint in signature nodes"
Quentin Schulz <[email protected]> says:
I misunderstood the documentation and put the signing key in a keys/
directory while setting key-name-hint property in the signature node and
u-boot-spl-pubkey-dtb to a path.
mkimage doesn't fail if it cannot find the public key when signing a
FIT but returns something on stderr to notify the user it couldn't find
the key. The issue is that bintool currently discards stderr if the
command successfully returns, so the FIT is not signed AND the user
isn't made aware of it unless the image is manually inspected.
mkimage does fail when trying to insert a public key in a DTB if it
isn't found but we can have a better error message.
Link: https://lore.kernel.org/r/[email protected]
|
|
key-name-hint with path
key-name-hint property in u-boot-spl-pubkey-dtb binman entry may contain
a path instead of a filename due to user mistake.
Because we currently assume it is a filename instead of a path, binman
will find the full path to the key based on that path, and return the
dirname of the full path but keeps the path in key-name-hint instead of
stripping the directories from it.
This means mkimage will fail with the following error message if we have
key-name-hint set to keys/dev:
binman: Error 1 running 'fdt_add_pubkey -a sha256,rsa2048 -k /home/qschulz/work/upstream/u-boot/keys -n keys/dev -r conf /home/qschulz/work/upstream/u-boot/build/ringneck/u-boot-spl-dtbdhsfx3mf': Couldn't open RSA certificate: '/home/qschulz/work/upstream/u-boot/keys/keys/dev.crt': No such file or directory
Let's make it a bit more obvious what the error is by erroring out in
binman if a path is provided in key-name-hint (it is named key-name-hint
and not key-path-hint after all).
Fixes: 5609843b57a4 ("binman: etype: Add u-boot-spl-pubkey-dtb etype")
Signed-off-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
mkimage doesn't fail if it cannot find the public key but it prints to
stderr. Considering that btool.run() discards stderr, it means binman
happily returns an unsigned FIT and doesn't tell you something went
wrong.
Binman will actually find the file if there's a path in the
key-name-hint property but the current logic expects key-name-hint to be
a filename and thus returns the dirname of the found path for the key,
but with the original key-name-hint appended. This means we can have the
following:
- key-name-hint = "keys/dev"
- name = "/home/qschulz/work/upstream/u-boot/keys/"
so we pass /home/qschulz/work/upstream/u-boot/keys/ to the -k option of
mkimage but the FIT still contains "keys/dev" in key-name-hint which
means mkimage will try to find the key at
/home/qschulz/work/upstream/u-boot/keys/keys/, which doesn't exist.
Let's assume paths are simply not supported (it is named key-name-hint
and not key-path-hint after all) and raise an error if the property
contains a path so that the build fails and not quietly.
Fixes: 133c000ca334 ("binman: implement signing FIT images during image build")
Signed-off-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
supernodes"
Moteen Shah <[email protected]> says:
In the U-Boot pre-relocation stage, if the parent node lacks
bootph-all/bootph-some-ram property and the driver lacks a pre-reloc
flag, all of its subsequent subnodes gets skipped over from driver
binding—even if they have a bootph* property.
This series addresses the issue by scanning through all the nodes during
build time and propagating the applicable property to all of its supernode.
Link: https://lore.kernel.org/r/[email protected]
|
|
Add a testcase to ensure that scan_and_prop_bootph() actually
propagates bootph-* properties to supernodes.
Signed-off-by: Moteen Shah <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Aristo Chen <[email protected]> says:
This series introduces a validation step in mkimage to ensure that all image
names referenced under the /configurations node of a FIT source (ITS) are
actually defined under the /images node.
### Motivation
When using mkimage to build FIT images, it's easy to mistakenly reference
nonexistent image nodes in configurations (e.g., referencing a missing `fdt` or
`firmware` node). Such issues are often not caught until runtime in U-Boot.
This series aims to catch these errors early during FIT image creation by
validating the configuration references in mkimage itself.
Link: https://lore.kernel.org/r/[email protected]
|
|
Several binman FIT test device trees reference image nodes such as atf
and uboot in their /configurations sections, but those image nodes
were not actually defined in the /images node. This mismatch can lead
to validation errors when stricter consistency checks are introduced.
This patch adds minimal definitions for atf and uboot under the
/images node in all relevant test DTS files.
Signed-off-by: Aristo Chen <[email protected]>
|
|
Some SoCs require a Trusted Firmware-A (TF-A) AP Trusted ROM (BL1) to
initialize the SoC before U-Boot can run properly. Add an atf-bl1 etype
so we can properly package BL1 into a final binary
Signed-off-by: Bryan Brattlof <[email protected]>
Acked-by: Simon Glass <[email protected]>
|
|
i.MX95 needs to combine DDR PHY firmware images and their byte counts
together, so add a new entry type nxp-header-ddrfw for this requirement.
Signed-off-by: Alice Guo <[email protected]>
|
|
Newer lz4 util is not happy with any padding at end of file,
it would abort with error message like:
Stream followed by undecodable data at position 43.
Workaround by skipping testCompUtilPadding test case and manually
strip padding in testCompressSectionSize test case.
Signed-off-by: Jiaxun Yang <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
Tested-by: Mattijs Korpershoek <[email protected]>
|
|
Dynamically going through the subnode array and deleting leads to
templates being skipped from deletion when templates are consecutive in
the subnode list. Prevent this from happening by first parsing the DT
and then deleting the nodes. Add a testcase as well for this cornercase.
Signed-off-by: Neha Malcom Francis <[email protected]>
|
|
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Test the property 'fit,encrypt' to encrypt FIT data.
Signed-off-by: Paul HENRYS <[email protected]>
|
|
The patch implement new property 'fit,sign' that can be declared
at the top-level 'fit' node. If that option is declared, fit tryies
to detect private keys directory among binman include directories.
That directory than passed to mkimage using '-k' flag and that enable
signing of FIT.
Signed-off-by: Alexander Kochetkov <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Renumbered files, moved new tests to end:
Signed-off-by: Simon Glass <[email protected]>
|
|
This patch is for Marek, to provide a starting point.
To try it, use 'binman test -T' and see the missing coverage.
Signed-off-by: Simon Glass <[email protected]>
|
|
Some images do not have an image_pos value, for example an image which
is part of a compressed section and therefore cannot be accessed
directly.
Handle this case, returning None as the value.
Signed-off-by: Simon Glass <[email protected]>
|
|
The base address of the ELF containing symbols is normally added to
any symbols written, so that the value points to the correct address in
memory when everything is loaded. When the binary resides on disk, a
different offset may be needed, typically 0. Provide a way to specify
this.
Signed-off-by: Simon Glass <[email protected]>
|
|
When using FIT to load firmware builds for multiple models, the FIT must
include a common binary along with a number of devicetree blobs, one for
each model. This is the same mechanism as is used for loading an OS.
However, SPL builds do not normally use the full devicetree, but instead
a cut-down version which various nodes and properties removed.
Add a new fit,fdt-phase property to allow binman to produce these
devicetree blobs.
Signed-off-by: Simon Glass <[email protected]>
|
|
FIT allows the FDT's root-node compatible string to be placed in a
configuration node to simplify and speed up finding the best match for
booting.
Add a new property to support this.
Signed-off-by: Simon Glass <[email protected]>
|
|
In some cases the list of available FDT files is not available in an
entryarg. Provide an option to point to a directory containing them
instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
FIT provides a way to select between different devicetree blobs
depending on the model. This works fine for U-Boot proper and allows SPL
to select the correct blob for the current board at runtime. The boot
sequence (SPL->U-Boot proper) is therefore covered by the existing
feature set.
The first boot phase (typically TPL) cannot use FIT since SoC boot ROMs
don't currently support it. Therefore the TPL image must be specific to
each model it boots on.
To support booting on mulitple models, binman must therefore produce a
separate TPL image for each model, even if the images for the rest of
the phases are identical.
TPL needs to be packaged as an executable binary along with a reduced
devicetree. When multiple models are supported, a reduced devicetree
must be provided for each model.
U-Boot's build system is designed to build a single devicetree for SPL
builds, so does not support this requirement.
Add a new 'alternatives' feature to Binman, allowing it to automatically
subset a devicetree to produce the reduced devicetree for a particular
phase for each supported model. With this it is possible to produce a
separate TPL image for each of the models. The correct one can then be
loaded onto a board, along with the common FIT image(s).
Signed-off-by: Simon Glass <[email protected]>
|
|
Binman has a the useful feature of handling missing external blobs
gracefully, including allowing them to be missing, deciding whether the
resulting image is functional or not and faking blobs when this is
necessary for particular tools (e.g. mkimage).
This feature is widely used in CI. One drawback is that if U-Boot grows
too large to fit along with the required blobs, then this is not
discovered until someone does a 'real' build which includes the blobs.
Add a 'assume-size' property to entries to allow Binman to reserve a
given size for missing external blobs.
Signed-off-by: Simon Glass <[email protected]>
|
|
Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.
Signed-off-by: Neha Malcom Francis <[email protected]>
Suggested-by: Nishanth Menon <[email protected]>
|
|
Add test for TI firewalling node in ti-secure.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Manorit Chawdhry <[email protected]>
|
|
K3 devices introduces the concept of centralized power, resource and
security management to System Firmware. This is to overcome challenges
by the traditional approach that implements system control functions on
each of the processing units.
The software interface for System Firmware is split into TIFS and DM. DM
(Device Manager) is responsible for resource and power management from
secure and non-secure hosts. This additional binary is necessary for
specific platforms' ROM boot images and is to be packaged into tispl.bin
Add an entry for DM. The entry can be used for the packaging of
tispl.bin by binman along with ATF and TEE.
Signed-off-by: Neha Malcom Francis <[email protected]>
Reviewed-by: Andrew Davis <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
