| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Tom Rini <[email protected]>
|
|
This is the difference between version 1 and 2 of Massimo's patch:
binman: doc: fix reference tag placement for Logging section
v2: https://lore.kernel.org/u-boot/[email protected]/
v1: https://lore.kernel.org/u-boot/[email protected]/
Fixes: 0f40e23fd22 ("binman: add documentation for binman sign option")
Signed-off-by: Massimo Pegorer <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Acked-by: Massimo Pegorer <[email protected]>
|
|
Reproduct warning:
$ git clean -dfx
$ make CROSS_COMPILE="" qemu-x86_64_defconfig
$ make -j8
...
u-boot/tools/binman/etype/section.py:25:
SyntaxWarning: invalid escape sequence '\('
"""Entry that contains other entries
Signed-off-by: Rong Tao <[email protected]>
|
|
Move BinmanLogging reference tag after section "Signing FIT container
with private key in an image" and just before section "Logging".
Fixes: 0f40e23fd22 ("binman: add documentation for binman sign option")
Signed-off-by: Massimo Pegorer <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Prepare v2023.10-rc4
|
|
Add support in binman for generating EFI capsules. The capsule
parameters can be specified through the capsule binman entry. Also add
test cases in binman for testing capsule generation.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add a bintool for generating EFI capsules. This calls the mkeficapsule
tool which generates the capsules.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add support to build a tool from source with a list of commands. This
is useful when a tool can be built with multiple commands instead of a
single command.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The affected boards have been fixed, so drop this hack.
This reverts commit 288ae53cb73605500b7fc01e5919753c878466be.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Tim Harvey <[email protected]>
|
|
Add test for the 'xilinx-bootgen' etype
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Allow missing bootgen tool; comment testXilinxBootgenMissing() comment:
Signed-off-by: Simon Glass <[email protected]>
|
|
This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.
The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.
Here is an example of the etype in use:
spl {
filename = "boot.signed.bin";
xilinx-bootgen {
pmufw-filename = "pmu-firmware.elf";
psk-key-name-hint = "psk0";
ssk-key-name-hint = "ssk0";
auth-params = "ppk_select=0", "spk_id=0x00000000";
u-boot-spl-nodtb {
};
u-boot-spl-dtb {
};
};
};
For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.
For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add the Xilinx Bootgen as bintool. Xilinx Bootgen is used to create
bootable SPL (FSBL in Xilinx terms) images for Zynq/ZynqMP devices. The
btool creates a signed version of the SPL. Additionally to signing the
key source for the decryption engine can be passend to the boot image.
Signed-off-by: Lukas Funke <[email protected]>
|
|
These have ended up with the same numbers as earlier files. Fix them.
Signed-off-by: Simon Glass <[email protected]>
|
|
Three boards use a phandle in a FIT generator and the maintainer is
away. For now, add a hack to allow this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This provides support for phandles to be copied over from templates. This
is not quite safe, since if the template is instantiated twice (i.e. in
two different nodes), then duplicate phandles will be found. This will
result in an error.
Signed-off-by: Simon Glass <[email protected]>
|
|
It is not necessary to keep templates around after they have been
processed. They can cause confusion and potentially duplicate phandles.
Remove them.
Use the same means of detecting a template node in _ReadImageDesc so that
the two places are consistent.
Signed-off-by: Simon Glass <[email protected]>
|
|
This file aids debugging when binman fails to get far enough to write out
the final devicetree file. Write it immediate after template processing.
Signed-off-by: Simon Glass <[email protected]>
|
|
Show the filename next to the node path in missing blob help messages,
also show a generic missing blob message when there was no help message
for the help tag.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
There is no blank line between last missing blob help message and the
header line for optional blob help messages.
Image 'simple-bin' is missing external blobs and is non-functional: atf-bl31
/binman/simple-bin/fit/images/@atf-SEQ/atf-bl31:
See the documentation for your board. You may need to build ARM Trusted
Firmware and build with BL31=/path/to/bl31.bin
Image 'simple-bin' is missing external blobs but is still functional: tee-os
/binman/simple-bin/fit/images/@tee-SEQ/tee-os:
See the documentation for your board. You may need to build Open Portable
Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid
With this a blank line is inserted to make the text more readable.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Missing optional blobs was not reported for generated entries, e.g.
tee-os on rockchip targets. Implement a CheckOptional to fix this.
After this the following can be shown:
Image 'simple-bin' is missing optional external blobs but is still functional: tee-os
/binman/simple-bin/fit/images/@tee-SEQ/tee-os (tee-os):
See the documentation for your board. You may need to build Open Portable
Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Print missing external blobs using error level and missing optional
external blobs using warning level. Also change to only print the header
line in color, red for missing and yellow for optional.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Make it more clear that the missing external blob is optional in the
printed warning message.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Make it a little bit more clear that it is U-Boot that should be built
with TEE=/path/to/tee.bin and not OP-TEE itself.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Check if elf tools are available when running DecodeElf(). Also
remove superfuous semicolon at line ending.
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Revert part of patch to make binman test pass
Signed-off-by: Simon Glass <[email protected]>
|
|
Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the
dtb and checks if the required nodes will be added to the images dtb.
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add documentation for the 'bootgen' bintool
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add documentation for btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.
While singing there is no reason to decompress data. Thus, decompression
should be disabled.
Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.
Signed-off-by: Lukas Funke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Rerun 'binman bintool-docs' to regenerate bintools.rst
Signed-off-by: Simon Glass <[email protected]>
|
|
These have ended up with the same numbers as earlier files. Fix them.
Signed-off-by: Simon Glass <[email protected]>
|
|
These have ended up with the same numbers as earlier files. Fix them.
Signed-off-by: Simon Glass <[email protected]>
|
|
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <[email protected]>
[[email protected]: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <[email protected]>
|
|
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <[email protected]>
[[email protected]: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <[email protected]>
Signed-off-by: Neha Malcom Francis <[email protected]>
|
|
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Neha Malcom Francis <[email protected]>
|
|
These are not very important message. Change them to use the 'debug' level
instead of 'detail'.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.
Signed-off-by: Simon Glass <[email protected]>
|
|
Allow templates to be used inside a section, not just in the top-level
/binman node.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add this as a separate test case.
Signed-off-by: Simon Glass <[email protected]>
|
|
Allow a template to appear in the top level description when using
multiple images.
Signed-off-by: Simon Glass <[email protected]>
|
|
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.
It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.
Implement this mechanism.
Signed-off-by: Simon Glass <[email protected]>
|
|
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This is not needed since the linker script sets it up. Drop the variable
to avoid confusion.
Fix the prototype for main() while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).
Allow a fit,fdt-list-val string-list property to be used instead.
Signed-off-by: Simon Glass <[email protected]>
|
