| Age | Commit message (Collapse) | Author |
|---|
|
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.
It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
The current stable release for LLVM is 20, so update to that from 18. No
issues seen in CI.
Signed-off-by: Tom Rini <[email protected]>
|
|
The changes here are that we need to ensure python setuptools are
in our build virtual environments as they will no longer come in via
python even in a virtual environment. As part of this ensure setuptools
is in our cache and also include pytest-azurepipelines as we should have
been doing. Next, we move away from using apt-key directly and move that
stanza towards the rest of the apt work. This also lets us drop
directly installing gnupg2. These steps are not strictly required for
24.04 but will be for later releases and are valid now. Finally, we drop
the unused PTYHONPATH ENV line.
In order to use these containers however, we need to stop running the
event_dump test as the 'addr2line' tool provided by binutils no longer
is able to decode those specific events in most cases. As this is a
problem with binutils and present for some time now, disabling the test
until someone has time to work with upstream this seems reasonable.
Signed-off-by: Tom Rini <[email protected]>
|
|
Support for using "u-boot,dm-..." rather than "bootph-..." has been
deprecated since February 2023. Any platforms using this have had a
console message saying to migrate by 2023.07. Go and remove all support
here now, for the v2026.01 release.
The results of this change that aren't clear from the above are that we
still have a checkpatch.pl error message, and document in
doc/develop/spl.rst that they have been migrated since 2023. We also
change the key2dtsi.py tool to use the correct bootph phase rather than
the legacy phase.
Signed-off-by: Tom Rini <[email protected]>
|
|
Align the implementation to rsa_add_verify_data() by writing the modulus
and r-squared properties with the same length as the key itself. This
fixes signature verification issues when one of the parameters has
leading zeros.
Reported-by: Hans Gfirtner (Nokia) <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
|
|
This also incorporates the following commits to the Dockerfile:
da7942de29f7 Dockerfile: remove Python 2.7
183299d9a400 docker: add OP-TEE and TF-A build for testing Firmware Handoff
Signed-off-by: Tom Rini <[email protected]>
|
|
We don't use Python 2 anywhere. Remove the package from our Docker image.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Raymond Mao <[email protected]> says:
This patch series enable Firmware Handoff [1] CI tests on qemu_arm64 by:
1. fetch MbedTLS (v3.6), OP-TEE (v4.7.0) and TF-A (v2.13.0);
2. build bl1 and fip with both Firmware Handoff and Measured Boot
enabled;
3. pytest to validate the Firmware Handoff feature via bloblist by
checking the existence of expected FDT nodes and TPM events generated
and handed over from TF-A/OP-TEE.
[1] https://github.com/FirmwareHandoff/firmware_handoff
Link: https://lore.kernel.org/r/[email protected]
|
|
Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
bl1 and fip with both Firmware Handoff and Measured Boot enabled.
Signed-off-by: Raymond Mao <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
Commit 65e2c14d5a5a ("binman: btool: mkimage: use Bintool.version")
removed the version argument from the run method but forgot to remove it
from the method docstring, so let's fix this oversight.
Fixes: 65e2c14d5a5a ("binman: btool: mkimage: use Bintool.version")
Signed-off-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
|
|
Change the formatting of binman.rst so that the compiled HTML output
becomes more readable. Changes include enumerations and the escaping of
arguments starting with a double dash (e.g. --debug).
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Wolfgang Wallner <[email protected]>
|
|
Fix some typos in binman.rst.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Wolfgang Wallner <[email protected]>
|
|
When importing data, the data-offset property is removed and the data
content is imported inside the data property of the node.
When mkimage is run twice on the same FIT, data-size property is already
set in the second run, from the first run (via the fit_export_data
function). If we don't remove the data-size property, nothing guarantees
it matches the actual size of data within the data property. To avoid
possible mistakes when handling the data property, let's simply remove
the data-size property as well.
This also fixes an ordering issue of the data-size and data-offset
properties in FIT when comparing the FIT after one run of mkimage and a
second run. This is due to fit_export_data setting data-offset property
first (it doesn't exist so it's added) and then data-size (it doesn't
exist so it's added) for the first run, while it sets data-offset
property first (removed in fit_import_data, so it doesn't exist so it's
added) and then data-size (it exists already from the first run, so it's
simply modified) for the second run.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
All explicit calls to fdt_setprop* in tools/ are checked except those
three. Let's add a check for the return code of fdt_setprop_u32() calls.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
The return code of fdt_setprop is overwritten by the one from
fdt_delprop meaning we could very well have an issue when setting the
property that would be ignored if the deletion of the property that
comes right after passes.
Let's add a separate check for each.
Fixes: 4860ee9b09e0 ("mkimage: allow internalization of data-position")
Signed-off-by: Quentin Schulz <[email protected]>
|
|
Add missing help text for the -y and -Y parameters of mkimage.
Fixes: 6dfd14e1228e ("mkimage: Add support for bundling TFA BL31 in mkimage -f auto")
Signed-off-by: Marek Vasut <[email protected]>
|
|
and fix related test/DTS issues""
This reverts commit 4d84fa1261eb27d57687f2e4c404a78b8653c183, reversing
changes made to b82a1fa7ddc7f3be2f3b75898d5dc44c34420bdd.
I had missed some feedback on this series from earlier, and we have
since had reports of regressions due to this as well. For now, revert
this.
Signed-off-by: Tom Rini <[email protected]>
|
|
related test/DTS issues"
Aristo Chen <[email protected]> says:
This patch series enhances FIT image robustness by adding **memory
region overlap detection** to `mkimage` and fixing existing overlaps
in DTS files and `binman` tests.
The primary goal is to prevent runtime memory corruption from
conflicting load addresses in FIT images.
Key Changes:
1. `mkimage` Overlap Detection: A new validation in
`tools/fit_image.c` checks for overlapping load addresses
within FIT configurations. `mkimage` now errors out with
detailed info on conflicts, preventing bad FIT image creation.
2. New Test Case: A Python test verifies the new detection.
It intentionally creates an overlap (kernel and FDT)
to confirm correct error handling.
3. Fixes for Existing Overlaps:
* Board DTS (k3-am6xx): Adjusted load addresses for TI
firmware stubs to prevent conflicts. This resolves
previously undetected overlaps.
* `binman` Tests: Fixed several tests. U-Boot load
addresses were shifted to avoid ATF conflicts. A new
linker script for TEE ELF sections ensures distinct
memory layouts.
4. Documentation: Added guidance for developers on how to
determine ELF load addresses using readelf, linker scripts,
and objdump when working with binman FIT images.
Impact:
This series improves FIT image reliability by catching overlaps
at build time, helping developers resolve issues before runtime
failures.
Link: https://lore.kernel.org/r/[email protected]
|
|
Add documentation to help users understand how to determine where ELF
files will be loaded when using binman's 'fit,load' property. This
addresses the common confusion about how load addresses are determined
from ELF files.
The documentation explains three methods:
1. Using readelf to examine program headers
2. Checking the linker script (.lds file)
3. Using objdump to see section addresses
Also includes a specific example from binman tests showing how
elf_sections.lds sets ATF load address to 0x00000010 and
elf_sections_tee.lds sets TEE load address to 0x00100010 to avoid
memory overlap conflicts.
This helps users debug memory layout conflicts more efficiently when
working with FIT images containing multiple ELF components.
Signed-off-by: Aristo Chen <[email protected]>
|
|
This patch adds a validation step in mkimage to detect memory region
overlaps between images specified in the same configuration of a
FIT image. If any overlaps are found, the tool prints an error and
aborts the build.
This helps prevent runtime memory corruption caused by conflicting
load addresses between images.
Signed-off-by: Aristo Chen <[email protected]>
|
|
Fix one binman test that has memory region overlap issue, the test case
needed to be updated to use non-overlapping memory layouts.
* Tests fixed:
- testFitSplitElf
* Changes made:
1. ELF section layouts: added elf_sections_tee.lds with different
address for TEE to avoid overlap with ATF address defined in
elf_sections.lds
2. Makefile to properly build elf_sections_tee binary
3. Updat ftest.py to use separate ELF files for TEE vs ATF components
in split-elf operations.
An upcoming commit will validate if the memory region is overlapped
Signed-off-by: Aristo Chen <[email protected]>
|
|
Fix three binman tests that has memory region overlap issue, the test
cases needed to be updated to use non-overlapping memory layouts.
* Tests fixed:
- testFitFirmwareLoadables
- testFitSignSimple
- testFitSignNoSignatureNodes
* Changes made:
Updated DTB test files to change U-Boot load addresses from 0x0 to
0x2000 to avoid overlapping with ATF in the 0x10-0xfc range:
- 276_fit_firmware_loadables.dts
- 340_fit_signature.dts
- 342_fit_signature.dts
An upcoming commit will validate if the memory region is overlapped
Signed-off-by: Aristo Chen <[email protected]>
Reviewed-by: Neha Malcom Francis <[email protected]>
|
|
Fix typo from `Singature` to `Signature`
Signed-off-by: Aristo Chen <[email protected]>
Reviewed-by: Dhruva Gole <[email protected]>
|
|
Prepare v2025.10-rc5
|
|
platform
To support passing specific commands defined in enum imx8image_cmd to
the imx8image_copy_image() function, this patch introduces a new entry
type nxp-imx9image. This entry generates a plain text data file
containing the relevant commands, enabling flexible configuration during
image creation.
Signed-off-by: Alice Guo <[email protected]>
|
|
Javier Tia <[email protected]> says:
This patch series modernizes U-Boot's code formatting infrastructure by
with current Linux kernel practices and providing a more robust and
comprehensive formatting solution.
Link: https://lore.kernel.org/r/[email protected]
|
|
Replace the use of scripts/Lindent with clang-format in
zynqmp_psu_init_minimize.sh. This change is made to align with the rest
of the codebase that uses clang-format for code formatting. This ensures
consistency across all scripts in terms of code style and formatting.
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Javier Tia <[email protected]>
|
|
Introduce two new parameters to be used with mkimage -f auto to bundle
TFA BL31 image into fitImage, using auto-generated fitImage. Add -y to
specify TFA BL31 file name and -Y to specify TFA BL31 load and entry
point address. This is meant to be used with systems which boot all of
TFA BL31, Linux and its DT from a single fitImage, all booted by U-Boot.
Example invocation:
"
$ mkimage -E -A arm64 -C none -e 0x50200000 -a 0x50200000 -f auto \
-d arch/arm64/boot/Image \
-b arch/arm64/boot/dts/renesas/r8a779g3-sparrow-hawk.dtb \
-y ../tfa/build/rcar_gen4/release/bl31.bin -Y 0x46400000 \
/path/to/output/fitImage
"
Documentation update and test are also included, the test validates
both positive and negative test cases, where fitImage does not include
TFA BL31 and does include TFA BL31 blobs.
Signed-off-by: Marek Vasut <[email protected]>
|
|
This cannot work (unless qemu-user is registered in binfmt_misc) as the
tools will be for a different architecture.
Fixes "make cross_tools" in case CONFIG_VIDEO_LOGO is enabled.
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
This series from Ilias Apalodimas <[email protected]> lays
some of the groundwork for being able to enable the -Wmissing-prototypes
compiler flag while building U-Boot by fixing the obvious problems in
the tools directory.
Link: https://lore.kernel.org/r/[email protected]
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Introduced by 245b1029e1af, probably a debug left-over.
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Heiko Schocher <[email protected]>
|
|
Prepare v2025.10-rc4
|
|
We are trying to enable -Wmissing-prototypes and this functiion is only
used locally. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
Acked-by: Peng Fan <[email protected]>
|
|
This consistency reads a bit nicer.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
It was "... doing the same build ... will not trigger a rebuild".
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
Reads better.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
It might not be clear what is meant with "to make sure the shell leaves it alone".
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
It reads a bit nicer.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
riscv was missing from the list.
To some, the architecture's name may not be obvious from the code name.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
Strictly speaking, "has" doesn't make sense.
"supports" seems like a better word and it probably was what the original author meant.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
Otherwise, the two dashes are rendered as just one.
Signed-off-by: Adriano Carvalho <[email protected]>
|
|
These are fixes to what looks like obvious typos.
Some minor improvments are also included, such as:
- Write "symbolic link" instead of symlink
- Correct capitalization for LLVM (all caps)
- Remove dead link and surrounding sentence
Signed-off-by: Adriano Carvalho <[email protected]>
|
