summaryrefslogtreecommitdiff
path: root/tools
AgeCommit message (Collapse)Author
4 daysmkimage: allow zynqmpbif to use a register initialization fileErich E. Hoover
The ZynqMP Boot Image Format allows specifying the register initialization file with the "[init]" attribute. Since this feature is already supported by the "zynqmpimage" backend, this commit leverages that existing capability to add support for the "[init]" attribute in the zynqmpbif backend: https://docs.amd.com/r/en-US/ug1283-bootgen-user-guide/init This currently uses the same register initialization file format as zynqmpimage (ASCII text hex values with each line composed of a pair of register address and value), for example: === 0xff003248 0x12345678 === It is not, yet, compatible with the format used by bootgen: https://docs.amd.com/r/en-US/ug1283-bootgen-user-guide/Initialization-Pairs-and-INT-File-Attribute Use this feature, with other zynqmpbif options, like so: === image : { [init] reginit.int [bootloader] fsbl.elf [pmufw_image] pmufw.elf [destination_cpu=a53-0, exception_level=el-3] bl31.elf [destination_cpu=a53-0, exception_level=el-2, load=0x08000000, startup=0x08000000] u-boot.bin } === Signed-off-by: Erich E. Hoover <[email protected]> Signed-off-by: Michal Simek <[email protected]> Link: https://lore.kernel.org/r/[email protected]
5 daysMerge branch 'next'Tom Rini
5 dayspatman: Remove the patch-management codeSimon Glass
Delete the command-line tool and its supporting modules, now that this functionality lives in the standalone patch-manager package. Keep the modules that buildman still imports (commit and patchstream, plus their dependencies series, get_maintainer and settings), along with the stub command. Trim __init__.py to match. Signed-off-by: Simon Glass <[email protected]>
5 dayspatman: Remove the test suiteSimon Glass
These tests cover the patch-management functionality, which is being removed from the tree in favour of the standalone patch-manager package. Drop the tests and their data files. Signed-off-by: Simon Glass <[email protected]>
5 dayspatman: Replace the tool with a stub for patch-managerSimon Glass
patman is now maintained as a standalone 'patch-manager' package, rather than in the U-Boot tree. Replace the command with a small stub which tells people how to install it. buildman still uses the shared modules commit and patchstream (and their dependencies), so leave those in place; the patches that follow remove the patch-management code itself. Signed-off-by: Simon Glass <[email protected]>
5 daystools: Stop packaging patman as a pip moduleSimon Glass
patman is no longer shipped from the U-Boot tree, so drop it from the 'make pip' target and from make_pip.sh, and remove its packaging files (setup.py, pyproject.toml, requirements.txt). Nothing else refers to them by this point in the series, so they can go. Also fix binman's pyproject.toml, which declares package-data for a 'patman' package (a copy-paste leftover); use 'binman' instead. Signed-off-by: Simon Glass <[email protected]>
5 daystools: docker: Drop patman from the CI imageSimon Glass
The CI runner image pre-caches pip packages by downloading each tool's requirements.txt from master. A later patch removes patman's requirements.txt from the tree, so stop fetching and installing it. The same step already installs setuptools explicitly (patman's requirements list it too), so this needs nothing further. This takes effect the next time someone rebuilds the image; the existing image keeps working in the meantime. Signed-off-by: Simon Glass <[email protected]>
5 daysdoc: Remove the patman documentationSimon Glass
The full patman manual now lives with the standalone patch-manager package, making the 1000-line copy in the tree redundant. Remove the in-tree manual, its README and the doc/develop/patman.rst toctree page. The sending-patches guide already introduces patman, so point it at the patch-manager package instead of the now-dead ':doc:' cross-reference and, with the manual gone, add a couple of lines on how the tool works. Point the SPI howto at that guide too, rather than repeating the install details. Signed-off-by: Simon Glass <[email protected]> Reviewed-by: Tom Rini <[email protected]> Reviewed-by: Mattijs Korpershoek <[email protected]>
8 daystreewide: change email links from mailman to patch.msgid.link with message-idNeil Armstrong
In preparation of the migration of the mailman mailing-list currently hosted on the denx.de infrastructure, migrate the links in the code, comments and documentation to https://patch.msgid.link to be future proof and always link to the expected content data and uses the message-id in the URL which will help find the appropriate e-mail in the future. Signed-off-by: Neil Armstrong <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-06-26binman: Add optee binary to i.MX9 platform typesMathieu Dubois-Briand
OP-TEE tee.bin is generated externally and might be missing during the build. Signed-off-by: Mathieu Dubois-Briand <[email protected]>
2026-06-22Merge tag 'v2026.07-rc5' into nextTom Rini
Prepare v2026.07-rc5
2026-06-17Merge patch series "dtc: Resync fdt_check_full function"Tom Rini
Tom Rini <[email protected]> says: As part of the resync to dtc version v1.7.2-35-g52f07dcca47c from the Linux Kernel, we missed updating the fdt_check_full function because it exists in its own file in upstream dtc and the kernel doesn't import it, as reported by Anton Ivanov. This short series brings in the upstream fdt_check.c file and then implements our size-saving option, but in the modern way. The size-saving portion has been upstreamed. Link: https://lore.kernel.org/r/[email protected]
2026-06-17dtc: Resync fdt_check_full() with upstream version v1.7.2-35-g52f07dcca47cTom Rini
In the upstream project, the function fdt_check_full has been moved from fdt_ro.c to its own file, fdt_check.c. This file is not included in the Linux kernel copy and so has not been synced over. As we do need and use the fdt_check_full function, bring that file over as of the current upstream we are synced to. Remove our copy of this function from fdt_ro.c and add fdt_check.o and 1-liner fdt_check.c where needed. Note that for now, this will increase size in some cases as upstream does not have a size reduction method here. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Tom Rini <[email protected]>
2026-06-13fdt: Check return value of fdt_get_name() callsAnton Ivanov
fdt_get_name() can return NULL and set len to a negative error code. fdt_find_regions() does not check for this, leading to a potential NULL pointer dereference and a buffer out-of-bounds write during signature verification of an untrusted FIT. fdt_next_region(), fdt_check_full(), and display_fdt_by_regions() also lack validation. Add NULL checks and propagate the error code from fdt_get_name() to the caller. Signed-off-by: Anton Ivanov <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-06-11Merge patch series "tools: mkimage: fix get_basename crash on paths with ↵Tom Rini
dotted directories" Aristo Chen <[email protected]> says: The get_basename() helper in tools/fit_image.c searches the entire input path independently for the last '/' and the last '.'. When the last '.' falls at an offset earlier than the last '/', for example "./mydt", "a.b/c" or "sub.d/leaf", 'end' points before 'start' and the computed length is negative. The size check uses signed comparison so the negative value flows unchanged into memcpy() (cast to size_t there) and mkimage segfaults during -f auto FIT generation. The helper is reached on every auto-FIT build via the -b, --fit-tee and --fit-tfa-bl31 file arguments. The first patch restricts the dot search to the substring that follows the last slash, which is the minimal fix and preserves the existing behaviour for typical inputs such as "arch/arm/dts/foo.dtb". The second patch adds a parametrized sandbox test under test/py/tests/test_fit_mkimage_validate.py that drives mkimage -f auto with each of the crashing inputs ("./mydt", "./sub.d/leaf", "./a.b/c") plus one control input ("./mydt.dtb"). The test reads the resulting /images/fdt-1 description back from the produced FIT via fdtget to verify get_basename()'s output matches the expected stripped basename. Reproducer that previously segfaulted and now produces a valid image: echo dummy > kernel.bin echo dummy > ./mydt ./tools/mkimage -f auto -A arm -O linux -T kernel -C none \ -a 0x80000000 -e 0x80000000 -n test \ -d kernel.bin -b ./mydt out.itb Verified by rebuilding tools/mkimage on master and running the command above with each of the four parametrized inputs. The three crash triggers all segfault before the fix and now produce the expected fdt-1 descriptions ("mydt", "leaf", "c"); the control input "./mydt.dtb" continues to produce "mydt" as before. Link: https://lore.kernel.org/r/[email protected]
2026-06-11tools: mkimage: fix get_basename crash on paths with dotted directoriesAristo Chen
The get_basename() helper in tools/fit_image.c searches the entire input path for the last '/' and the last '.' independently. When the last '.' falls at an offset earlier than the last '/' (for example "./mydt", "a.b/c", or "sub.d/leaf"), 'end' points before 'start' and the computed length is negative. The subsequent size check uses signed comparison so the negative value passes through unchanged, and memcpy() is then called with that length implicitly cast to size_t, which segfaults. Restrict the dot search to the substring that follows the last slash so that only an extension in the filename component can become the end of the basename. This matches the function's stated intent of stripping an extension from the leaf, and keeps the existing behaviour for typical inputs such as "arch/arm/dts/foo.dtb". Reproducer that previously segfaulted and now produces a valid image: echo dummy > kernel.bin echo dummy > ./mydt ./tools/mkimage -f auto -A arm -O linux -T kernel -C none \ -a 0x80000000 -e 0x80000000 -n test \ -d kernel.bin -b ./mydt out.itb Signed-off-by: Aristo Chen <[email protected]> Reviewed-by: Quentin Schulz <[email protected]>
2026-06-08Merge tag 'v2026.07-rc4' into nextTom Rini
Prepare v2026.07-rc4
2026-06-07dtoc: test: add missing escape in help textFrancesco Valla
A single percent sign might be interpreted as a string format directive and shall thus be escaped - doubling it - to actually indicate a percentage. Without the escape, pytest fails to run test_fdt.py with the following error: ValueError: Test coverage failure fdt code coverage: Traceback (most recent call last): File "/usr/lib64/python3.14/argparse.py", line 1748, in _check_help formatter._expand_help(action) ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 676, in _expand_help return help_string % params ~~~~~~~~~~~~^~~~~~~~ TypeError: %c requires an int or a unicode character, not dict The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/user/u-boot/./tools/dtoc/test_fdt", line 1002, in <module> sys.exit(main()) ~~~~^^ File "/home/user/u-boot/./tools/dtoc/test_fdt", line 987, in main parser.add_argument('-T', '--test-coverage', action='store_true', ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ default=False, ^^^^^^^^^^^^^^ help='run tests and check for 100% coverage') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 1562, in add_argument self._check_help(action) ~~~~~~~~~~~~~~~~^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 1750, in _check_help raise ValueError('badly formed help string') from exc ValueError: badly formed help string Fixes: 7640b166604e ("test_fdt: Convert to use argparse") Signed-off-by: Francesco Valla <[email protected]>
2026-06-04tools: imx8image: Fix FSPI alignment to 4 kiBMarek Vasut
The SPI NOR minimum subsector size is 4 kiB, update the alignment. THis is particularly important in case of embedded DUMMY_DDR, which must be at at least 4 kiB aligned offset. Fixes: a2b96ece5be1 ("tools: add i.MX8/8X image support") Signed-off-by: Marek Vasut <[email protected]> Reviewed-by: Peng Fan <[email protected]>
2026-06-04binman: imx8mimage: Handle nxp,boot-from = "fspi"Marek Vasut
Boot from FSPI requires additional 448 Byte long header, with U-Boot SPL starting at offset 0x1000. Currently, both i.MX8MM and i.MX8MN attempt to generate this header using fspi_conf_block with filename pointing at CONFIG_FSPI_CONF_FILE file. This does not work, for two reasons. First, the CONFIG_FSPI_CONF_FILE is generated by mkimage -T imx8mimage and may not be available yet when the fspi_conf_block is evaluated. That leads to a race condition where highly parallel builds fail to find the CONFIG_FSPI_CONF_FILE, which is usually called fspi_header.bin, on first build attempt. Second, binman gets confused and patches incorrect offset of DDR PHY firmware blobs into U-Boot SPL, the offset is incremented by exactly 0x1000 which is the size of fspi_conf_block. Fix both problems at once, make imx8mimage handle the generated FSPI header and prepend it in front of the imx8mimage processed data. This way, the race condition is solved, because the data generated by the imx8mimage are surely combined only after mkimage -T imx8mimage ran. The binman offset calculation is also solved, because there is no fspi_conf_block node in the DT anymore. Signed-off-by: Marek Vasut <[email protected]>
2026-05-27Merge patch series "fit: dm-verity support"Tom Rini
Daniel Golle <[email protected]> says: This series adds dm-verity support to U-Boot's FIT image infrastructure. It is the first logical subset of the larger OpenWrt boot method series posted as an RFC in February 2026 [1], extracted here for independent review and merging. OpenWrt's firmware model embeds a read-only squashfs or erofs root filesystem directly inside a uImage.FIT container as a FILESYSTEM-type loadable FIT image. At boot the kernel maps this sub-image directly from the underlying block device via the fitblk driver (/dev/fit0, /dev/fit1, ...), the goal is that the bootloader never even copies it to RAM. dm-verity enables the kernel to verify the integrity of those mapped filesystems at read time, with a Merkle hash tree stored contiguously in the same sub-image just after the data. Two kernel command-line parameters are required: dm-mod.create= -- the device-mapper target table for the verity device dm-mod.waitfor= -- a comma-separated list of block devices to wait for before dm-init sets up the targets (needed when fitblk probes late, e.g. because it depends on NVMEM calibration data) The FIT dm-verity node schema was upstreamed into the flat-image-tree specification [2], which this implementation tries to follow exactly. The runtime feature is guarded behind CONFIG_FIT_VERITY. If not enabled the resulting binary size remains unchanged. If enabled the binary size increases by about 3kB. [1] previous submissions: RFC: https://www.mail-archive.com/[email protected]/msg565945.html v1: https://www.mail-archive.com/[email protected]/msg569472.html v2: https://www.mail-archive.com/[email protected]/msg570599.html v3: https://www.mail-archive.com/[email protected]/msg573223.html v4: https://www.mail-archive.com/[email protected]/msg574000.html [2] flat-image-tree dm-verity node spec: https://github.com/open-source-firmware/flat-image-tree/commit/795fd5fd7f0121d0cb03efb1900aafc61c704771 Link: https://lore.kernel.org/r/[email protected]
2026-05-27tools: mkimage: add dm-verity Merkle-tree generationDaniel Golle
When mkimage encounters a dm-verity subnode inside a component image node it now automatically invokes veritysetup(8) with --no-superblock to generate the Merkle hash tree, screen-scrapes the Root hash and Salt from the tool output, and writes the computed properties back into the FIT blob. The user only needs to specify algorithm, data-block-size, and hash-block-size in the ITS; mkimage fills in digest, salt, num-data-blocks, and hash-start-block. Because --no-superblock is used, hash-start-block equals num-data-blocks with no off-by-one. The image data property is replaced with the expanded content (original data followed directly by the hash tree) so that subsequent hash and signature subnodes operate on the complete image. fit_image_add_verification_data() is restructured into two passes: dm-verity first (may grow data), then hashes and signatures. Signed-off-by: Daniel Golle <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-25global: Update URL for U-Boot projectTom Rini
Our official domain is now u-boot-project.org, so update all in-tree references to use the correct domain. Reviewed-by: Tony Dinh <[email protected]> Reviewed-by: Peter Robinson <[email protected]> Signed-off-by: Tom Rini <[email protected]>
2026-05-12tools: fwumdata: Fix use-after-free in parse_config()Kory Maincent
In parse_config(), devname is dynamically allocated by sscanf(). When sscanf() fails to fill enough fields (rc < 3), devname is freed and the loop continues to the next line. However, if the next call to sscanf() fails to match (rc == 0), devname is not written and still holds the stale freed pointer. The subsequent free(devname) then operates on already-freed memory. Fix this by resetting devname to NULL before each sscanf() call, so that a non-matching call leaves a NULL pointer and the subsequent free() becomes a harmless no-op. Reported-by: Coverity Scan Link: https://lists.denx.de/pipermail/u-boot/2026-April/614161.html Signed-off-by: Kory Maincent <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2026-05-11binman: Use bintool wrappers for PKCS#11 tools in testsSimon Glass
The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...) directly (and the equivalent for pkcs11-tool and p11-kit), even though the test setup has already constructed the corresponding Bintool instances. As Quentin Schulz observed on v1, the bintool wrapper for these tools is currently used only as an "is this installed?" probe. Route the eight remaining call sites in ftest.py through <bintool>.run_cmd(...), which the Bintool base class already provides. The change is test-side only; no production binman code calls these tools. Suggested-by: Quentin Schulz <[email protected]> Signed-off-by: Simon Glass <[email protected]>
2026-05-11binman: Flesh out the softhsm2-util bintool docstringSimon Glass
The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what softhsm2-util does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Simon Glass <[email protected]>
2026-05-11binman: Flesh out the pkcs11-tool bintool docstringSimon Glass
The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what pkcs11-tool does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Simon Glass <[email protected]>
2026-05-11binman: Flesh out the p11-kit bintool docstringSimon Glass
The Sphinx-generated bintools.rst currently produces an empty section for this bintool, since its class docstring is only a single line and so the body under the heading is blank. Extend the docstring with a short description of what p11-kit does and how binman uses it, so the generated documentation has useful content. Suggested-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Simon Glass <[email protected]>
2026-05-11patman: fix use in worktreeLudwig Nussel
When using a worktree '.git' actually is a file and pygit2 init_repository() does not like that. The intention is not to create a new git repo anyway so use normal constructor instead of init_repository(). Signed-off-by: Ludwig Nussel <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-05Merge patch series "binman: Fix preload signing with encrypted FIT"Tom Rini
Yan WANG <[email protected]> says: This series improves the reliability and efficiency of binman preload header generation and test it against an encrypted FIT image signed with a preload header. When a preload header references other entries (e.g. an encrypted FIT) through the collection etype, the referenced entries may be rebuilt multiple times during binman processing. This becomes problematic when the referenced entry produces non-deterministic output, such as FIT encryption using random IVs or timestamps, since rebuilding the entry changes the data. This series ensures that referenced entries are built only once and that preload signing is performed after all data is collected. It also avoids unnecessary repacking or repeated signing operations by the preload. The changes include: * generate preload header placeholders in ObtainContents() and sign data only once in ProcessContentsUpdate() * mark referenced entries as build_done in the collection etype to avoid rebuilding data * add a functional test for signing an encrypted FIT with a preload header Link: https://lore.kernel.org/r/[email protected]
2026-05-05tools: binman: Test signing an encrypted FIT with a preload headerPaul HENRYS
Add a test to verify the preload header correctly signs an encrypted FIT. This test exercises the case where encryption uses random IVs that would change between mkimage calls. Signed-off-by: Paul HENRYS <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-05binman: collection: Set build_done on referenced entriesyan wang
The collection etype uses phandles in the 'content' property to reference other entries. Mark each referenced entry with build_done to avoid rebuilding the same entry data multiple times. This is important for cases where rebuilding may change the data content, e.g. due to timestamps or random IVs in encryption. Refactor GetContentsByPhandle() to return both the entry object and its data. Signed-off-by: yan wang <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-05binman: Generate preload header and sign data only oncePaul HENRYS
To optimize preload generation, generate the header and signatures only after all data has been collected in ProcessContentsUpdate(). This avoids signing the data multiple times. Since header_size is known upfront (from __init__), create a placeholder in `ObtainContents()` to avoid an extra packing pass when ProcessContentsUpdate() detects a size change. This reduces unnecessary repacking and signing operations. Signed-off-by: Paul HENRYS <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-04-24tools/asn1_compiler: avoid -Wdiscarded-qualifiersHeinrich Schuchardt
Building with GCC 15.2 results in warnings: tools/asn1_compiler.c: In function ‘tokenise’: tools/asn1_compiler.c:442:37: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] 442 | dir = bsearch(&tokens[tix], directives, | ^ tools/asn1_compiler.c: In function ‘main’: tools/asn1_compiler.c:632:11: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] 632 | p = strchr(grammar_name, '.'); | ^ bsearch() is defined as void *bsearch(size_t n, size_t size; const void key[size], const void base[size * n], size_t n, size_t size, typeof(int (const void [size], const void [size])) *compar); * Use the correct type for dir. strchr() is defined as char *strchr(const char *s, int c). * Use a conversion for the assignment to p. Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-04-17binman: Remove pre-generated entries.rst and bintools.rstSimon Glass
These files are now auto-generated by the binman_docs Sphinx extension during the doc build, so the committed copies and their symlinks in doc/develop/package/ are no longer needed. Update binman.rst to reference the Sphinx extension instead of the manual generation commands. Signed-off-by: Simon Glass <[email protected]> Rebased to apply file deletions cleanly. Signed-off-by: Heinrich Schuchardt <[email protected]>
2026-04-09tools: u_boot_pylib: ensure all Python modules are installedPaul HENRYS
Add setuptools package configuration to pyproject.toml so that u_boot_pylib is installed as a proper Python package without changing the existing flat directory structure and making sure all modules are installed. Signed-off-by: Paul HENRYS <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-04-06Merge branch 'next'Tom Rini
2026-03-27doc/buildman: fix missing :: on examplesDavid Lechner
Fix 4 instances in buildman.rst where examples were missing :: for proper formatting. Three cases just had a single : and in one case, : didn't make grammatical sense, so it gets a stand-alone :: along with fixing the indent. Signed-off-by: David Lechner <[email protected]>
2026-03-27treewide: fix uImage.FIT document pathsDaniel Golle
Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the documentation in doc/uImage.FIT to doc/usage/fit, subsequently all documents and example sources have been converted to reStructuredText. Fix (almost) all of the remaining occurrences of the old path and filenames across the tree. The exception is doc/uImage.FIT/command_syntax_extensions.txt which apparently has been removed entirely, or at least I was unable to locate where that document is now. Signed-off-by: Daniel Golle <[email protected]>
2026-03-26tools: mkfwumdata: Remove dependency on fwu_mdata.h headerKory Maincent
The dependency on fwu_mdata.h creates unnecessary configuration requirements. To generate metadata V1, CONFIG_FWU_MDATA_V1 must be enabled, which in turn requires enabling FWU_MULTI_BANK_UPDATE, EFI_CAPSULE_ON_DISK, PARTITION_TYPE_GUID, and other unrelated configs. This is not suitable for a simple standalone tool. Additionally, even with the "-v 1" option to generate V1 metadata, the tool will still include the firmware store description if CONFIG_FWU_MDATA_V1 is not enabled. This structure should only be present in metadata V2. Replace the fwu_mdata.h dependency with the new fwumdata header to make the tool compatible with both V1 and V2 without requiring any defconfig changes. This also uses the access helper functions from the header to eliminate code duplication. Acked-by: Sughosh Ganu <[email protected]> Tested-by: Sughosh Ganu <[email protected]> Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-26tools: Add support for fwumdata toolKory Maincent
Add a new fwumdata tool to allows users to read, display, and modify FWU (Firmware Update) metadata from Linux userspace. It provides functionality similar to fw_printenv/fw_setenv but for FWU metadata. Users can view metadata, change active/previous bank indices, modify bank states, and set image acceptance flags. Configuration is done via fwumdata.config file. Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-26tools: mkfwumdata: Add bank count validation for FWU metadata v2Kory Maincent
The FWU metadata specification version 2 supports a maximum of 4 banks. Add validation to enforce this limit and prevent creation of non-compliant metadata structures when using version 2. Without this check, users could inadvertently create invalid metadata by specifying more than 4 banks, leading to potential compatibility issues with FWU-compliant firmware update implementations. Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-26tools: mkfwumdata: Improve error message specificityKory Maincent
Replace the generic error message with a more informative one. This helps users quickly understand the correct command-line argument format when the tool reports an error. Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-26tools: Reorganize mkfwumdata tool into fwumdata_src directoryKory Maincent
Update FWU metadata-related tools by moving mkfwumdata.c into a new tools/fwumdata_src/ directory structure. This refactoring prepares for the addition of the fwumdata runtime tool, which will allow editing FWU metadata directly from the target. The Kconfig and Makefile entries are also moved into separate files within the new directory (Kconfig and fwumdata.mk respectively) to keep all FWU metadata tool configurations together and improve maintainability. Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-26tools: gitignore: Add mkfwumdata to the git ignore fileKory Maincent
mkfwumdata is a built image. Add it to .gitignore. Signed-off-by: Kory Maincent <[email protected]> Tested-by: Dario Binacchi <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2026-03-18test: binman: Add test for pkcs11 signed capsuleWojciech Dubowik
Test pkcs11 URI support for UEFI capsule generation. Both public certificate and private key are used over pkcs11 protocol. Pkcs11-tool has been introduced as softhsm tool doesn't have functionality to import certificates in commonly distributed version (only in the latest). Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-03-18binman: DTS: Add dump-signature option for capsulesWojciech Dubowik
Mkeficapsule can dump signature for signed capsules. It can be used in test to validate signature i.e. with openssl. Add an entry for device tree node. Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-03-18binman: Add dump signature option to mkeficapsuleWojciech Dubowik
It will be used to capsule signature verification. Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-03-18tools: mkeficapsule: Fix dump signature long optionWojciech Dubowik
Only short option has been present. Also rename dump_sig to dump-sig to match with other parameter names. Fixes: 16abff246b40 ("tools: mkeficapsule: add firmware image signing") Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2026-03-18binman: Accept pkcs11 URI tokens for capsule updatesWojciech Dubowik
With pkcs11 support in mkeficapsule we can now accept URI tokens and not only files. Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Simon Glass <[email protected]>