| Age | Commit message (Collapse) | Author |
|---|
|
More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently
Signed-off-by: Tom Rini <[email protected]>
|
|
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <[email protected]>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <[email protected]>
|
|
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <[email protected]>
|
|
Add the documentation about binman sign option and providing an
example.
Signed-off-by: Ivan Mikhaylov <[email protected]>
Add a section about 'binman sign' at the bottom:
Signed-off-by: Simon Glass <[email protected]>
|
|
Prepare v2023.04-rc4
Signed-off-by: Tom Rini <[email protected]>
|
|
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <[email protected]>
|
|
Implement this feature since it is useful for updating FITs within an
image.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present these are handled as if they are allowed to be missing, but
this is only true if the -M flag is provided. Fix this and add a test.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add these flags for the 'replace' subcommand too, to aid debugging.
Signed-off-by: Simon Glass <[email protected]>
44 2023 -0700
|
|
These can be installed with 'pip' now. Add the details for those who are
interested.
Signed-off-by: Simon Glass <[email protected]>
|
|
Create the necessary files to build this new package.
It is not actually clear whether this is useful, since buildman has no
purpose outside U-Boot.
Move the main program into a function so that it can easily be called by
the PyPi-created script.
Signed-off-by: Simon Glass <[email protected]>
|
|
Use this function so that the help can be found even when binman is
running from a package.
Signed-off-by: Simon Glass <[email protected]>
|
|
It doesn't make much sense to expose tests when dtoc is running
outside of the U-Boot git checkout. Hide the option in this case.
Fix a long line while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
Put this code into a function so it is easy for it be run when packaged.
Signed-off-by: Simon Glass <[email protected]>
|
|
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.
To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.
Signed-off-by: Simon Glass <[email protected]>
|
|
This prints a message about the missing tee-os generated by the test. This
is confusing, so suppress it.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add a command-line argument for setting the tooldir, so that the default
can be overridden. Add this directory to the toolpath automatically.
Create the directory if it does not already exist.
Put the default in the argument parser instead of the class, so that it
is more obvious.
Update a few tests that expect the utility name to be provided without
any path (e.g. 'futility'), so they can accept a path, e.g.
/path/to/futility
Update the documentation and add a few tests.
Improve the help for --toolpath while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present binman writes tools into the ~/bin directory. This is
convenient but some may be concerned about downloading unverified
binaries and running them. Place then in a special ~/.binman-tools
directory instead.
Mention this in the documentation.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
We want to be able to change this directory. Use a class member to hold
the value, since changing a constant is not good.
Signed-off-by: Simon Glass <[email protected]>
|
|
This was not regenerated with recent changes. Update it.
Signed-off-by: Simon Glass <[email protected]>
|
|
Fix this typo.
Signed-off-by: Simon Glass <[email protected]>
|
|
Use correct argument name in docstrings.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Replace notes with nodes in code comments and docstrings.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Entry_blob_ext contains an implementation of SetAllowFakeBlob that is
identical to the one in the base Entry class, remove it.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add an entry flag called 'preserve' to indicate that an entry should be
preserved by firmware updates. Propagate this to FMAP too.
Signed-off-by: Simon Glass <[email protected]>
|
|
This is needed to download tools, but we may not need to do this. At
present binman fails to start if HOME is not set.
Use the current directory as a default to avoid this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This should fix a rendering oddity when viewing the docs online at
https://u-boot.readthedocs.io/en/latest/develop/package/binman.html
Signed-off-by: Ralph Siemsen <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Using the mkimage entry with the multiple-data-files prop and having a
missing external blob result in an unexpected ValueError exception using
the --allow-missing flag.
ValueError: Filename 'missing.bin' not found in input path (...)
Fix this by using _pathname that is resolved by ObtainContents for blob
entries, ObtainContents also handles allow missing for external blobs.
Mark mkimage entry as missing and return without running mkimage when
missing entries is reported by CheckMissing.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
|
|
The rockchip-tpl entry can be used when an external TPL binary should be
used instead of the normal U-Boot TPL.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
Tested-by: Eugen Hristev <[email protected]>
|
|
Prepare v2023.04-rc3
|
|
Add the 'missing-msg' for more detailed output
on missing system firmware.
Signed-off-by: Rick Chen <[email protected]>
Reviewed-by: Leo Yu-Chi Liang <[email protected]>
Reviewed-by: Yu Chien Peter Lin <[email protected]>
|
|
Update various build and test components to use the new schema.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present we show 'main section' as the top-level section name. It may
be more helpful to show the actual image name. This is tricky because
Image is a parent class of Entry_section, so there is no distinction
between an image and a section.
Update it to show the image name.
Signed-off-by: Simon Glass <[email protected]>
|
|
Unfortunately a recent patch snuck through without the require test
coverage. Fix it.
Signed-off-by: Simon Glass <[email protected]>
Fixes: 571bc4e67d3 ("binman: Support positioning an entry by and ELF symbol")
|
|
This property sets the minimum size of an entry, including padding but
not alignment. It can be used to reserve space for growth of an entry,
or to enforce a minimum offset for later entries in the section.
Signed-off-by: Samuel Holland <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.
Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.
Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
In some cases it is useful to position an entry over the top of a symbol
in an ELF file. For example, if the symbol holds a version string then it
allows the string to be accessed from the fdtmap.
Add support for this.
Suggested-by: Pali Rohár <[email protected]>
Suggested-by: Keith Short <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
The current support for updating variables in a binary is hard-coded to
work with U-Boot:
- It assumes the image starts at __image_copy_start
- It uses the existing U-Boot-specific entry types
It is useful for other projects to use these feature.
Add properties to enable writing symbols for any blob, a way of specifying
the base symbol and a way of providing the ELF filename to allow symbol
lookup to take place.
With this it is possible to update a Zephyr image, such as zephyr.bin
after it has been built.
Signed-off-by: Simon Glass <[email protected]>
|
|
In some cases it is useful to have an entry overlap with another in a
section, either to update the contents within a blob, or to add an entry
to the fdtmap that covers only part of the blob.
Add support for this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This appears in two places in the code. Use a shared function instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.
Add support for this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This means that the data is not yet available. Update some comments to
make this clearer.
Signed-off-by: Simon Glass <[email protected]>
|
|
This is a slightly different scenario from the existing testSections
tests. Add a new test for it.
Signed-off-by: Simon Glass <[email protected]>
|
|
Some blobs are actually not necessary for the board to work correctly. Add
a property to allow this to be indicated. Missing optional blobs do not
cause a build failure.
Signed-off-by: Simon Glass <[email protected]>
|
|
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.
Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).
Signed-off-by: Simon Glass <[email protected]>
|
|
Add a function which checks whether data is in ELF format or not. This
will be used by binman to check this for entries.
Signed-off-by: Simon Glass <[email protected]>
|
|
Support entries which can be optional depending on their contents. This
allows special entry types which appear in the image only when needed.
Signed-off-by: Simon Glass <[email protected]>
|
|
Several etypes have this reference in their documentation. Now that we are
using rST, link to the section directly.
Signed-off-by: Simon Glass <[email protected]>
Suggested-by: Quentin Schulz <[email protected]>
|
