| Age | Commit message (Collapse) | Author |
|---|
|
Add snmp and rsync to the normal docker image. While these tools are
only required for the lab on sage, I think it's a small enough addition
to be worth always including at this point. A higher level TODO I think
may be to see if we can / should split the resulting container up, or
if there's host tooling we can remove at a later step, after building
all the software we require.
Signed-off-by: Tom Rini <[email protected]>
|
|
In order to add pine64_plus to the sage lab we will need to have a build
of TF-A available for it as bl31.bin. Add this to the existing build
loop of TF-A targets.
Signed-off-by: Tom Rini <[email protected]>
|
|
Since turning from old build flow.
New Altera SoCFPGA requires converting handsoff
conversion via the python script. This is from
official provided, and now sync to U-Boot with
better location at tools/cv_xxxx. Meantime,
requirement.txt is also provided to further
explain the libraries require for these scripts.
Signed-off-by: Brian Sune <[email protected]>
Reviewed-by: Tien Fong Chee <[email protected]>
|
|
coreboot buildgcc script downloads GNU dependencies from GNU FTP server.
For some reason, this is also as unreliable as their git main server.
There's no option to use a GNU mirror (and I'm not even sure if there's
one for FTP), so we simply pass --mirror to the buildgcc script via the
BUILDGCC_OPTIONS variable so that it makes use of coreboot's mirror.
Hopefully, this proves more reliable than GNU original FTP server.
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Quentin Schulz <[email protected]>
|
|
grub bootstrap script downloads gnulib from a non-mirror URL and thus is
unreliable.
One can specify the URL to fetch from with GNULIB_URL environment
variable, so let's make this variable point at a mirror URL.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
GNU announced they activated mirrors for git servers[1] in May this
year.
The main git server keeps being very unreliable and switching to those
mirrors seems to improve reliability (albeit somewhat slow).
Yes, the URL in this patch has nothing in common with the URL in the
linked mail, it was extracted from the Clone section in the mirrored
cgit page[2].
While at it, switch to the HTTPS clone which is "more secure" than git
protocol.
[1] https://lists.gnu.org/archive/html/savannah-users/2025-05/msg00002.html
[2] https://cgit.git.savannah.gnu.org/cgit/grub.git/
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Quentin Schulz <[email protected]>
|
|
- Move to jammy-20251013 tag
- Bring in tkinter so that FATtools should run and more tests should be
run.
- Update to QEMU 10.0.6
- Pick tags for (most of) trace-cmd
Signed-off-by: Tom Rini <[email protected]>
|
|
We have not been picking a tag for the trace-cmd build process.
Currently the tip of libtraceevent fails to build. Address both problems
here by picking recent stable tags for libtraceevent and libtracefs
(trace-cmd has no recent tags). Further, as it is often reported that
this fails to build due to a race, stop using "make -j$(nproc)" as this
is also small enough of a set of builds to not be an issue.
Signed-off-by: Tom Rini <[email protected]>
|
|
In some cases our tests for exFAT don't run because we fail to be able
to create the underlying image. This is in turn because while creation
of the image succeeds, it seems that some way of how we invoke FATtools
wants to import tkinter, that fails and so the test stops there. Having
tkinter available (and then presumably a fallback to non-GUI because
it's not available) leads to the tests running as expected.
Reviewed-by: Marek Vasut <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
The QEMU project has the 10.0.x series as an LTS release. While we are
not doing an LTS ourselves, we can be confident in the changes between
10.0.2 and 10.0.6, so update ourselves.
Signed-off-by: Tom Rini <[email protected]>
|
|
Prepare v2026.01-rc3
|
|
The Dockerfile is using linux/arm64 without the /v8 suffix.
Signed-off-by: Bin Meng <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Quentin Schulz <[email protected]> says:
While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.
Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.
Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.
Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.
Link: https://lore.kernel.org/r/[email protected]
|
|
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.
It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
The current stable release for LLVM is 20, so update to that from 18. No
issues seen in CI.
Signed-off-by: Tom Rini <[email protected]>
|
|
The changes here are that we need to ensure python setuptools are
in our build virtual environments as they will no longer come in via
python even in a virtual environment. As part of this ensure setuptools
is in our cache and also include pytest-azurepipelines as we should have
been doing. Next, we move away from using apt-key directly and move that
stanza towards the rest of the apt work. This also lets us drop
directly installing gnupg2. These steps are not strictly required for
24.04 but will be for later releases and are valid now. Finally, we drop
the unused PTYHONPATH ENV line.
In order to use these containers however, we need to stop running the
event_dump test as the 'addr2line' tool provided by binutils no longer
is able to decode those specific events in most cases. As this is a
problem with binutils and present for some time now, disabling the test
until someone has time to work with upstream this seems reasonable.
Signed-off-by: Tom Rini <[email protected]>
|
|
Support for using "u-boot,dm-..." rather than "bootph-..." has been
deprecated since February 2023. Any platforms using this have had a
console message saying to migrate by 2023.07. Go and remove all support
here now, for the v2026.01 release.
The results of this change that aren't clear from the above are that we
still have a checkpatch.pl error message, and document in
doc/develop/spl.rst that they have been migrated since 2023. We also
change the key2dtsi.py tool to use the correct bootph phase rather than
the legacy phase.
Signed-off-by: Tom Rini <[email protected]>
|
|
Align the implementation to rsa_add_verify_data() by writing the modulus
and r-squared properties with the same length as the key itself. This
fixes signature verification issues when one of the parameters has
leading zeros.
Reported-by: Hans Gfirtner (Nokia) <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
|
|
This also incorporates the following commits to the Dockerfile:
da7942de29f7 Dockerfile: remove Python 2.7
183299d9a400 docker: add OP-TEE and TF-A build for testing Firmware Handoff
Signed-off-by: Tom Rini <[email protected]>
|
|
We don't use Python 2 anywhere. Remove the package from our Docker image.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Raymond Mao <[email protected]> says:
This patch series enable Firmware Handoff [1] CI tests on qemu_arm64 by:
1. fetch MbedTLS (v3.6), OP-TEE (v4.7.0) and TF-A (v2.13.0);
2. build bl1 and fip with both Firmware Handoff and Measured Boot
enabled;
3. pytest to validate the Firmware Handoff feature via bloblist by
checking the existence of expected FDT nodes and TPM events generated
and handed over from TF-A/OP-TEE.
[1] https://github.com/FirmwareHandoff/firmware_handoff
Link: https://lore.kernel.org/r/[email protected]
|
|
Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
bl1 and fip with both Firmware Handoff and Measured Boot enabled.
Signed-off-by: Raymond Mao <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
Commit 65e2c14d5a5a ("binman: btool: mkimage: use Bintool.version")
removed the version argument from the run method but forgot to remove it
from the method docstring, so let's fix this oversight.
Fixes: 65e2c14d5a5a ("binman: btool: mkimage: use Bintool.version")
Signed-off-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
|
|
Change the formatting of binman.rst so that the compiled HTML output
becomes more readable. Changes include enumerations and the escaping of
arguments starting with a double dash (e.g. --debug).
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Wolfgang Wallner <[email protected]>
|
|
Fix some typos in binman.rst.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Wolfgang Wallner <[email protected]>
|
|
When importing data, the data-offset property is removed and the data
content is imported inside the data property of the node.
When mkimage is run twice on the same FIT, data-size property is already
set in the second run, from the first run (via the fit_export_data
function). If we don't remove the data-size property, nothing guarantees
it matches the actual size of data within the data property. To avoid
possible mistakes when handling the data property, let's simply remove
the data-size property as well.
This also fixes an ordering issue of the data-size and data-offset
properties in FIT when comparing the FIT after one run of mkimage and a
second run. This is due to fit_export_data setting data-offset property
first (it doesn't exist so it's added) and then data-size (it doesn't
exist so it's added) for the first run, while it sets data-offset
property first (removed in fit_import_data, so it doesn't exist so it's
added) and then data-size (it exists already from the first run, so it's
simply modified) for the second run.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
All explicit calls to fdt_setprop* in tools/ are checked except those
three. Let's add a check for the return code of fdt_setprop_u32() calls.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
The return code of fdt_setprop is overwritten by the one from
fdt_delprop meaning we could very well have an issue when setting the
property that would be ignored if the deletion of the property that
comes right after passes.
Let's add a separate check for each.
Fixes: 4860ee9b09e0 ("mkimage: allow internalization of data-position")
Signed-off-by: Quentin Schulz <[email protected]>
|
|
Add missing help text for the -y and -Y parameters of mkimage.
Fixes: 6dfd14e1228e ("mkimage: Add support for bundling TFA BL31 in mkimage -f auto")
Signed-off-by: Marek Vasut <[email protected]>
|
|
and fix related test/DTS issues""
This reverts commit 4d84fa1261eb27d57687f2e4c404a78b8653c183, reversing
changes made to b82a1fa7ddc7f3be2f3b75898d5dc44c34420bdd.
I had missed some feedback on this series from earlier, and we have
since had reports of regressions due to this as well. For now, revert
this.
Signed-off-by: Tom Rini <[email protected]>
|
|
related test/DTS issues"
Aristo Chen <[email protected]> says:
This patch series enhances FIT image robustness by adding **memory
region overlap detection** to `mkimage` and fixing existing overlaps
in DTS files and `binman` tests.
The primary goal is to prevent runtime memory corruption from
conflicting load addresses in FIT images.
Key Changes:
1. `mkimage` Overlap Detection: A new validation in
`tools/fit_image.c` checks for overlapping load addresses
within FIT configurations. `mkimage` now errors out with
detailed info on conflicts, preventing bad FIT image creation.
2. New Test Case: A Python test verifies the new detection.
It intentionally creates an overlap (kernel and FDT)
to confirm correct error handling.
3. Fixes for Existing Overlaps:
* Board DTS (k3-am6xx): Adjusted load addresses for TI
firmware stubs to prevent conflicts. This resolves
previously undetected overlaps.
* `binman` Tests: Fixed several tests. U-Boot load
addresses were shifted to avoid ATF conflicts. A new
linker script for TEE ELF sections ensures distinct
memory layouts.
4. Documentation: Added guidance for developers on how to
determine ELF load addresses using readelf, linker scripts,
and objdump when working with binman FIT images.
Impact:
This series improves FIT image reliability by catching overlaps
at build time, helping developers resolve issues before runtime
failures.
Link: https://lore.kernel.org/r/[email protected]
|
|
Add documentation to help users understand how to determine where ELF
files will be loaded when using binman's 'fit,load' property. This
addresses the common confusion about how load addresses are determined
from ELF files.
The documentation explains three methods:
1. Using readelf to examine program headers
2. Checking the linker script (.lds file)
3. Using objdump to see section addresses
Also includes a specific example from binman tests showing how
elf_sections.lds sets ATF load address to 0x00000010 and
elf_sections_tee.lds sets TEE load address to 0x00100010 to avoid
memory overlap conflicts.
This helps users debug memory layout conflicts more efficiently when
working with FIT images containing multiple ELF components.
Signed-off-by: Aristo Chen <[email protected]>
|
|
This patch adds a validation step in mkimage to detect memory region
overlaps between images specified in the same configuration of a
FIT image. If any overlaps are found, the tool prints an error and
aborts the build.
This helps prevent runtime memory corruption caused by conflicting
load addresses between images.
Signed-off-by: Aristo Chen <[email protected]>
|
|
Fix one binman test that has memory region overlap issue, the test case
needed to be updated to use non-overlapping memory layouts.
* Tests fixed:
- testFitSplitElf
* Changes made:
1. ELF section layouts: added elf_sections_tee.lds with different
address for TEE to avoid overlap with ATF address defined in
elf_sections.lds
2. Makefile to properly build elf_sections_tee binary
3. Updat ftest.py to use separate ELF files for TEE vs ATF components
in split-elf operations.
An upcoming commit will validate if the memory region is overlapped
Signed-off-by: Aristo Chen <[email protected]>
|
|
Fix three binman tests that has memory region overlap issue, the test
cases needed to be updated to use non-overlapping memory layouts.
* Tests fixed:
- testFitFirmwareLoadables
- testFitSignSimple
- testFitSignNoSignatureNodes
* Changes made:
Updated DTB test files to change U-Boot load addresses from 0x0 to
0x2000 to avoid overlapping with ATF in the 0x10-0xfc range:
- 276_fit_firmware_loadables.dts
- 340_fit_signature.dts
- 342_fit_signature.dts
An upcoming commit will validate if the memory region is overlapped
Signed-off-by: Aristo Chen <[email protected]>
Reviewed-by: Neha Malcom Francis <[email protected]>
|
|
Fix typo from `Singature` to `Signature`
Signed-off-by: Aristo Chen <[email protected]>
Reviewed-by: Dhruva Gole <[email protected]>
|
|
Prepare v2025.10-rc5
|
|
platform
To support passing specific commands defined in enum imx8image_cmd to
the imx8image_copy_image() function, this patch introduces a new entry
type nxp-imx9image. This entry generates a plain text data file
containing the relevant commands, enabling flexible configuration during
image creation.
Signed-off-by: Alice Guo <[email protected]>
|
|
Javier Tia <[email protected]> says:
This patch series modernizes U-Boot's code formatting infrastructure by
with current Linux kernel practices and providing a more robust and
comprehensive formatting solution.
Link: https://lore.kernel.org/r/[email protected]
|
|
Replace the use of scripts/Lindent with clang-format in
zynqmp_psu_init_minimize.sh. This change is made to align with the rest
of the codebase that uses clang-format for code formatting. This ensures
consistency across all scripts in terms of code style and formatting.
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Javier Tia <[email protected]>
|
|
Introduce two new parameters to be used with mkimage -f auto to bundle
TFA BL31 image into fitImage, using auto-generated fitImage. Add -y to
specify TFA BL31 file name and -Y to specify TFA BL31 load and entry
point address. This is meant to be used with systems which boot all of
TFA BL31, Linux and its DT from a single fitImage, all booted by U-Boot.
Example invocation:
"
$ mkimage -E -A arm64 -C none -e 0x50200000 -a 0x50200000 -f auto \
-d arch/arm64/boot/Image \
-b arch/arm64/boot/dts/renesas/r8a779g3-sparrow-hawk.dtb \
-y ../tfa/build/rcar_gen4/release/bl31.bin -Y 0x46400000 \
/path/to/output/fitImage
"
Documentation update and test are also included, the test validates
both positive and negative test cases, where fitImage does not include
TFA BL31 and does include TFA BL31 blobs.
Signed-off-by: Marek Vasut <[email protected]>
|
|
This cannot work (unless qemu-user is registered in binfmt_misc) as the
tools will be for a different architecture.
Fixes "make cross_tools" in case CONFIG_VIDEO_LOGO is enabled.
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
This series from Ilias Apalodimas <[email protected]> lays
some of the groundwork for being able to enable the -Wmissing-prototypes
compiler flag while building U-Boot by fixing the obvious problems in
the tools directory.
Link: https://lore.kernel.org/r/[email protected]
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The function is only used locally. Enabling -Wmissing-prototypes
triggers a warning. Mark it as static.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
