| Age | Commit message (Collapse) | Author |
|---|
|
This series from Leonard Anderweit <[email protected]> provides some
improvements to the binman tool and i.MX specific tooling then makes use
of it.
Link: https://lore.kernel.org/r/[email protected]
|
|
Build the imx code singing tool from source instead of relying on the
distro to provide the tool.
Use the debian/unstable branch because the default branch is outdated.
The binary is supposed to be build with docker, work around that by selecting
the correct Makefile directly.
Also append the description and add a link to documentation.
Signed-off-by: Leonard Anderweit <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add optional argument make_path to build_from git. The new argument
allows specifying the path to a Makefile in case it is not in the root
of the git repo.
Also adjust the corresponding test.
Signed-off-by: Leonard Anderweit <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add optional argument git_branch to build_from_git. The new argument
allows specifying which branch of the repo to use.
Signed-off-by: Leonard Anderweit <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This uses Heinrich's merge of lib/efi_loader/efi_net.c which results in
no changes.
|
|
Simon Glass <[email protected]> says:
This series adds comments and fixes pylint warnings in the command
library. It also introduces a new, simpler way of running a single
command.
Link: https://lore.kernel.org/r/[email protected]
|
|
Add a helper to avoid needing to use a list within a list for this
simple case.
Update existing users of runpipe() to use this where possible.
Signed-off-by: Simon Glass <[email protected]>
|
|
This should be in capitals and defined at the start of the file. Update
it.
Signed-off-by: Simon Glass <[email protected]>
|
|
A discussion on the mailing list about dealing with block offsets and
binman symbols made me think that something is wrong with how Binman
deals with the skip-at-start property.
The feature was originally designed to handle x86 ROMs, which are mapped
at the top of the address space. That seemed too specific, whereas
skipping some space at the start seemed more generally useful.
It has proved useful. For example, rockchip images start at block 64,
so a skip-at-start of 0x8000 deals with this.
But it doesn't actually work correctly, since the image_pos value does
not give the actual position on the media.
Fix this and update the documentation, moving it into the 'section'
section.
Signed-off-by: Simon Glass <[email protected]>
|
|
The property is named end_at_4gb so name the variable the same, to avoid
confusion.
Signed-off-by: Simon Glass <[email protected]>
|
|
builds"
Paul HENRYS <[email protected]> says:
This serie of patches adds a new tool to authenticate files signed with
a preload header. This tool is also used in the tests to actually
verify the authenticity of the file signed with such a preload header.
Link: https://lore.kernel.org/r/[email protected]
|
|
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS <[email protected]>
|
|
This reverts commit c8750efe02c20725388dd4279896aaf306acfad4, reversing
changes made to 8c6cf8aeea7e57ca686de8b765e4baf3a7ef1fa7.
Unfortunately these changes do not build on macOS hosts.
Signed-off-by: Tom Rini <[email protected]>
|
|
Paul HENRYS <[email protected]> says:
This serie of patches adds a new tool to authenticate files signed
with a preload header.
This tool is also used in the tests to actually verify the
authenticity of the file signed with such a preload header.
Link: https://lore.kernel.org/r/[email protected]
|
|
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS <[email protected]>
|
|
This newer pylint produces errors about variables possibly being used
before being set. Adjust the code to pass these checks.
Signed-off-by: Simon Glass <[email protected]>
Reported-by: Tom Rini <[email protected]>
|
|
With a newer pylint, we get a warning that 'br' could be used before
assignment. Fix this by declaring br first as an empty bytearray.
Reviewed-by: Neha Malcom Francis <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
With the distutils module having been removed with Python 3.12, switch
to using setuptools instead.
Signed-off-by: Tom Rini <[email protected]>
|
|
Rather than have a requirements.txt file that's shared between multiple
python projects within U-Boot, create one for each using "pipreqs".
Signed-off-by: Tom Rini <[email protected]>
|
|
Fix some typos and duplicate words in binman.rst.
Signed-off-by: Lothar Rubusch <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Prepare v2025.01-rc5
|
|
There have been a few changes to the areas that this file documents
without having regenerated the file. Do so now.
Signed-off-by: Tom Rini <[email protected]>
|
|
When specifying a directory containing DTBs with 'fit,fdt-list-dir', it can be
handy not to have to also specify this directory to the input directories of
binman with '-I' option and use the method tools.append_input_dirs() append it.
This avoids to have to specify the DTB directory in both the device tree
provided to binman and through '-I' option to binman.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Test the property 'fit,encrypt' to encrypt FIT data.
Signed-off-by: Paul HENRYS <[email protected]>
|
|
mkimage can be used for both signing the FIT or encrypt its content and the
option '-k' can be used to pass a directory where both signing and encryption
keys can be retrieved. Adding 'fit,encrypt' property to the 'fit' node, leads to
try to find keys directory among binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Loading flash.bin using uuu fails when flash.bin does not have the
right size.
When flash.bin is loaded from some storage medium (sd card/emmc), SPL
just loads some random garbage bytes from beyond what has been
populated when flash.bin was written, but when loaded via uuu, SPL
hangs waiting for the host to send the expected number of bytes. Which
is (size of FIT image aligned to 0x1000)+CONFIG_CSF_SIZE. The
alignment to 0x1000 is already done and is necessary in all cases
because that's the exact expected location of the 32 byte IVT
header. But the IVT+CSF blob tacked onto the end must be a total of
CONFIG_CSF_SIZE.
This is exactly the same fix as 89f19f45d650, except that this time
around I don't know how to cleanly get CONFIG_CSF_SIZE.
Fixes: bc6beae7c55f (binman: Add nxp_imx8mcst etype for i.MX8M flash.bin signing)
Signed-off-by: Rasmus Villemoes <[email protected]>
Tested-by: Heiko Schocher <[email protected]>
|
|
Provide a short description of how tests work, why they are so critical
and how to resolve gaps in Binman's test coverage.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
|
|
Pass the arguments through to test_util so that a single test can be
used.
Update the docs and add some missing backquotes in the same section.
Signed-off-by: Simon Glass <[email protected]>
|
|
The patch implement new property 'fit,sign' that can be declared
at the top-level 'fit' node. If that option is declared, fit tryies
to detect private keys directory among binman include directories.
That directory than passed to mkimage using '-k' flag and that enable
signing of FIT.
Signed-off-by: Alexander Kochetkov <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Renumbered files, moved new tests to end:
Signed-off-by: Simon Glass <[email protected]>
|
|
FIT use mkimage from BuildSectionData() to build FIT entry contents.
BuildSectionData() get called several times during building FIT image.
Currently when fit inserts loadables, it use self._loadables property that
contain loadables computed during previuos BuildSectionData() invocation.
So for the first run it use empty list and pass no loadables to mkimage.
That makes problem for adding signature to FIT image because mkimage
fails to add signature and aborts building FIT if no loadables provided.
The patch fixes described behaviour in a way that BuildSectionData() uses
recently calculated loadables value, not previosly calculated.
Signed-off-by: Alexander Kochetkov <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Using the PKI tree with SRKs as intermediate CA isn't necessary or even
desirable in some situations (boot time, for example). Add the possibility
to use the "fast authentication" method where the image and CSF are both
signed using the SRK [1, p.63].
[1] https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
Signed-off-by: Brian Ruley <[email protected]>
Cc: Marek Vasut <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Simplify code and conform to the style guide used in the project by
making the following changes:
* Capitalize global constants
* Use single quotes for multiline strings (except docstrings)
* Fix line width to 79 cols
* Use f-string instead of formatting a regular string or using a
complicated concatenation
* Move common suffix used in keys to a global variable "KEY_NAME"
to reduce the likelihood of typos and making future changes
easier
Signed-off-by: Brian Ruley <[email protected]>
Cc: Marek Vasut <[email protected]>
|
|
|
|
The TF-A URL was updated, as a result the name of the
directory changed as part of the new git URL and not
all the referenced directories were updated.
Fixes: 0ec0207fe07 ("Update the ARM trusted firmware git URL")
Signed-off-by: Peter Robinson <[email protected]>
|
|
The primary upstream URL for tf-a has moved, in some cases
things like tags are not always pushed to the old URL so
update the URLs to the primary upstream project URL.
Signed-off-by: Peter Robinson <[email protected]>
|
|
This patch is for Marek, to provide a starting point.
To try it, use 'binman test -T' and see the missing coverage.
Signed-off-by: Simon Glass <[email protected]>
|
|
Some images do not have an image_pos value, for example an image which
is part of a compressed section and therefore cannot be accessed
directly.
Handle this case, returning None as the value.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the check for this further out, so that base_addr is computed in
Entry.WriteSymbols() rather than at lower levels.
Signed-off-by: Simon Glass <[email protected]>
|
|
The base address of the ELF containing symbols is normally added to
any symbols written, so that the value points to the correct address in
memory when everything is loaded. When the binary resides on disk, a
different offset may be needed, typically 0. Provide a way to specify
this.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add a clarification to the documentation and add a missing comment. Also
update the test so that when it fails it is easier to see what is going
on, rather than having to decode hex strings.
Signed-off-by: Simon Glass <[email protected]>
|
|
These functions get the value of a symbol. The reference to ELF files
is confusing since they are reading the position/size of entries, not
ELF symbols. Rename the functions and adjust the comments also.
Signed-off-by: Simon Glass <[email protected]>
|
|
With OF_UPSTREAM the dts files are in an SoC-specific subdirectory,
meaning that the resulting dtb files all end up in a similar
subdirectory.
We don't want the subdirectory name to appear as a node name in the FIT,
so handle this as a special case.
Also the default devicetree may have a directory-name prefix, so handle
that when searching through the available devicetree files.
Signed-off-by: Simon Glass <[email protected]>
|
|
The section etype has its own implementation of SetImagePos(), most of
which is not useful since the code is included here. So call
Entry.SetImagePos() which has the only piece of this which we actually
want.
Signed-off-by: Simon Glass <[email protected]>
|
|
Use the more generic variable name 'entry' to avoid confusion.
Signed-off-by: Simon Glass <[email protected]>
|
|
Since the files are known to be in the provided directory, use that
instead of requiring it to be added to the list of input directories.
Signed-off-by: Simon Glass <[email protected]>
|
|
Two places set this attribute directly. Update them to use the function
provided.
Signed-off-by: Simon Glass <[email protected]>
|
|
Update this entry type to resolve some pylint warnings and make sure
that functions and members are fully commented.
Signed-off-by: Simon Glass <[email protected]>
|
|
Improve the comments for this function.
Signed-off-by: Simon Glass <[email protected]>
|
