| Age | Commit message (Collapse) | Author |
|---|
|
Our official domain is now u-boot-project.org, so update all in-tree
references to use the correct domain.
Reviewed-by: Tony Dinh <[email protected]>
Reviewed-by: Peter Robinson <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
In parse_config(), devname is dynamically allocated by sscanf().
When sscanf() fails to fill enough fields (rc < 3), devname is freed and
the loop continues to the next line. However, if the next call to sscanf()
fails to match (rc == 0), devname is not written and still holds the stale
freed pointer. The subsequent free(devname) then operates on
already-freed memory.
Fix this by resetting devname to NULL before each sscanf() call, so
that a non-matching call leaves a NULL pointer and the subsequent
free() becomes a harmless no-op.
Reported-by: Coverity Scan
Link: https://lists.denx.de/pipermail/u-boot/2026-April/614161.html
Signed-off-by: Kory Maincent <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...)
directly (and the equivalent for pkcs11-tool and p11-kit), even though
the test setup has already constructed the corresponding Bintool
instances. As Quentin Schulz observed on v1, the bintool wrapper for
these tools is currently used only as an "is this installed?" probe.
Route the eight remaining call sites in ftest.py through
<bintool>.run_cmd(...), which the Bintool base class already provides.
The change is test-side only; no production binman code calls these
tools.
Suggested-by: Quentin Schulz <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what softhsm2-util
does and how binman uses it, so the generated documentation has useful
content.
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what pkcs11-tool does
and how binman uses it, so the generated documentation has useful
content.
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what p11-kit does and
how binman uses it, so the generated documentation has useful content.
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
When using a worktree '.git' actually is a file and pygit2
init_repository() does not like that. The intention is not to create
a new git repo anyway so use normal constructor instead of
init_repository().
Signed-off-by: Ludwig Nussel <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Yan WANG <[email protected]> says:
This series improves the reliability and efficiency of binman preload
header generation and test it against an encrypted FIT image signed with
a preload header.
When a preload header references other entries (e.g. an encrypted FIT)
through the collection etype, the referenced entries may be rebuilt
multiple times during binman processing. This becomes problematic when
the referenced entry produces non-deterministic output, such as FIT
encryption using random IVs or timestamps, since rebuilding the entry
changes the data.
This series ensures that referenced entries are built only once and that
preload signing is performed after all data is collected. It also avoids
unnecessary repacking or repeated signing operations by the preload.
The changes include:
* generate preload header placeholders in ObtainContents() and sign
data only once in ProcessContentsUpdate()
* mark referenced entries as build_done in the collection etype to
avoid rebuilding data
* add a functional test for signing an encrypted FIT with a preload
header
Link: https://lore.kernel.org/r/[email protected]
|
|
Add a test to verify the preload header correctly signs an encrypted
FIT. This test exercises the case where encryption uses random IVs that
would change between mkimage calls.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The collection etype uses phandles in the 'content' property to
reference other entries. Mark each referenced entry with build_done
to avoid rebuilding the same entry data multiple times.
This is important for cases where rebuilding may change the data
content, e.g. due to timestamps or random IVs in encryption.
Refactor GetContentsByPhandle() to return both the entry object and
its data.
Signed-off-by: yan wang <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
To optimize preload generation, generate the header and signatures only
after all data has been collected in ProcessContentsUpdate(). This
avoids signing the data multiple times.
Since header_size is known upfront (from __init__), create a placeholder
in `ObtainContents()` to avoid an extra packing pass when
ProcessContentsUpdate() detects a size change.
This reduces unnecessary repacking and signing operations.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Building with GCC 15.2 results in warnings:
tools/asn1_compiler.c: In function ‘tokenise’:
tools/asn1_compiler.c:442:37: warning:
assignment discards ‘const’ qualifier from pointer target type
[-Wdiscarded-qualifiers]
442 | dir = bsearch(&tokens[tix], directives,
| ^
tools/asn1_compiler.c: In function ‘main’:
tools/asn1_compiler.c:632:11: warning:
assignment discards ‘const’ qualifier from pointer target type
[-Wdiscarded-qualifiers]
632 | p = strchr(grammar_name, '.');
| ^
bsearch() is defined as
void *bsearch(size_t n, size_t size;
const void key[size], const void base[size * n],
size_t n, size_t size,
typeof(int (const void [size], const void [size]))
*compar);
* Use the correct type for dir.
strchr() is defined as
char *strchr(const char *s, int c).
* Use a conversion for the assignment to p.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
These files are now auto-generated by the binman_docs Sphinx extension
during the doc build, so the committed copies and their symlinks in
doc/develop/package/ are no longer needed.
Update binman.rst to reference the Sphinx extension instead of the
manual generation commands.
Signed-off-by: Simon Glass <[email protected]>
Rebased to apply file deletions cleanly.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Add setuptools package configuration to pyproject.toml so that
u_boot_pylib is installed as a proper Python package without changing
the existing flat directory structure and making sure all modules are
installed.
Signed-off-by: Paul HENRYS <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
|
|
Fix 4 instances in buildman.rst where examples were missing :: for
proper formatting. Three cases just had a single : and in one case,
: didn't make grammatical sense, so it gets a stand-alone :: along
with fixing the indent.
Signed-off-by: David Lechner <[email protected]>
|
|
Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the
documentation in doc/uImage.FIT to doc/usage/fit, subsequently all
documents and example sources have been converted to reStructuredText.
Fix (almost) all of the remaining occurrences of the old path and
filenames across the tree.
The exception is doc/uImage.FIT/command_syntax_extensions.txt which
apparently has been removed entirely, or at least I was unable to
locate where that document is now.
Signed-off-by: Daniel Golle <[email protected]>
|
|
The dependency on fwu_mdata.h creates unnecessary configuration
requirements. To generate metadata V1, CONFIG_FWU_MDATA_V1 must be
enabled, which in turn requires enabling FWU_MULTI_BANK_UPDATE,
EFI_CAPSULE_ON_DISK, PARTITION_TYPE_GUID, and other unrelated configs.
This is not suitable for a simple standalone tool.
Additionally, even with the "-v 1" option to generate V1 metadata, the
tool will still include the firmware store description if
CONFIG_FWU_MDATA_V1 is not enabled. This structure should only be
present in metadata V2.
Replace the fwu_mdata.h dependency with the new fwumdata header to make
the tool compatible with both V1 and V2 without requiring any defconfig
changes. This also uses the access helper functions from the header to
eliminate code duplication.
Acked-by: Sughosh Ganu <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Add a new fwumdata tool to allows users to read, display, and modify FWU
(Firmware Update) metadata from Linux userspace. It provides functionality
similar to fw_printenv/fw_setenv but for FWU metadata. Users can view
metadata, change active/previous bank indices, modify bank states, and set
image acceptance flags. Configuration is done via fwumdata.config file.
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The FWU metadata specification version 2 supports a maximum of 4 banks.
Add validation to enforce this limit and prevent creation of non-compliant
metadata structures when using version 2.
Without this check, users could inadvertently create invalid metadata by
specifying more than 4 banks, leading to potential compatibility issues
with FWU-compliant firmware update implementations.
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Replace the generic error message with a more informative one.
This helps users quickly understand the correct command-line argument
format when the tool reports an error.
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Update FWU metadata-related tools by moving mkfwumdata.c into a new
tools/fwumdata_src/ directory structure. This refactoring prepares for the
addition of the fwumdata runtime tool, which will allow editing FWU
metadata directly from the target.
The Kconfig and Makefile entries are also moved into separate files within
the new directory (Kconfig and fwumdata.mk respectively) to keep all FWU
metadata tool configurations together and improve maintainability.
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
mkfwumdata is a built image. Add it to .gitignore.
Signed-off-by: Kory Maincent <[email protected]>
Tested-by: Dario Binacchi <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Test pkcs11 URI support for UEFI capsule generation. Both
public certificate and private key are used over pkcs11
protocol.
Pkcs11-tool has been introduced as softhsm tool doesn't have
functionality to import certificates in commonly distributed
version (only in the latest).
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Mkeficapsule can dump signature for signed capsules. It can
be used in test to validate signature i.e. with openssl.
Add an entry for device tree node.
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
It will be used to capsule signature verification.
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Only short option has been present. Also rename dump_sig
to dump-sig to match with other parameter names.
Fixes: 16abff246b40 ("tools: mkeficapsule: add firmware image signing")
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
With pkcs11 support in mkeficapsule we can now accept URI
tokens and not only files.
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
With pkcs11 support it's now possible to specify keys
with URI format. To use this feature the filename must
begin "pkcs11:.." and have valid URI pointing to certificate
and private key in HSM.
The environment variable PKCS11_MODULE_PATH must point to the
right pkcs11 provider i.e. with softhsm:
export PKCS11_MODULE_PATH=<path>/libsofthsm2.so
Example command line:
tools/mkeficapsule --monotonic-count 1 \
--private-key "pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt" \
--certificate "pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt" \
--index 1 \
--guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \
"capsule-payload" \
"capsule.cap"
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The allow_failures parameter in run_test_coverage() is no longer used
by any caller.
Drop it.
Signed-off-by: Simon Glass <[email protected]>
|
|
Now that iMX8 has full coverage the allow_failures list in
RunTestCoverage() is no longer needed.
Drop the list.
Signed-off-by: Simon Glass <[email protected]>
|
|
Three files are currently missing test coverage: nxp_imx8mcst,
nxp_imx8mimage and cst
Add test methods to cover all missing code paths, trying to reuse the
same .dts files where possible.
This brings all three files to 100% coverage.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move key.key and key.pem into the security/ subdirectory. These are
used by security, vendor, and capsule tests but security is the most
natural home for key material. Update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the signing-related test data (keys, certificates, OpenSSL and
SoftHSM2 configuration, dummy engine source) into the fit/ subdirectory
alongside the FIT DTS test files. Drop the 340_ prefix from files that
had it. Update the Makefile and all ftest.py references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move descriptor.bin, fitimage.bin.gz and ifwi.bin.gz into the x86/
subdirectory alongside the x86 DTS test files and update all
references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the remaining 60 or so test files into an entry/ subdirectory.
These cover general entry types and features: entry args, fill, text,
env, compress, replace, template, collection, ELF, overlap, listing,
sections, symlink, TEE OS, and other miscellaneous entries. Drop the
numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 10 test files for binman symbol patching into a symbols/
subdirectory. Drop the numeric prefixes and the redundant symbols_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 20 test files for vendor-specific platform support (TI, NXP
i.MX, Renesas R-Car, Rockchip, PowerPC MPC85xx) into a vendor/
subdirectory. Drop the numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for UEFI capsule creation (signed,
versioned, accept, revert) into a capsule/ subdirectory. Drop the
numeric prefixes and the redundant capsule_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 15 test files for ARM Trusted Firmware FIP, ATF BL31, SCP,
OpenSBI, and BL1 entries into a fip/ subdirectory. Drop the numeric
prefixes and the redundant fip_ filename prefix, and update all
references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for mkimage entries into a mkimage/
subdirectory. Drop the numeric prefixes and the redundant mkimage_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 10 test files for ChromeOS entries (GBB, vblock, FMAP)
into a cros/ subdirectory. Drop the numeric prefixes and update all
references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about a dozen test files for Coreboot File System entries into a
cbfs/ subdirectory. Drop the numeric prefixes and the redundant cbfs_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 20 test files for signing, encryption, hash, pre-load,
x509, and Xilinx bootgen entries into a security/ subdirectory. Drop
the numeric prefixes and update all references.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about a dozen test files for blob, blob-ext, blob-ext-list,
fake-blob, and blob-symbol entries into a blob/ subdirectory. Drop
the numeric prefixes and the redundant blob_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 30 test files for FDT update, fdtmap, DTB compression,
alternates, and bootph into an fdt/ subdirectory. Drop the numeric
prefixes and the redundant fdt_ filename prefix, and update all
references.
Remove the unused no_alt_format.dts which has no references in any
test.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 40 test files for FIT images (signing, external data,
split-elf, encryption, alignment, firmware loadables, templates) into
a fit/ subdirectory. Drop the numeric prefixes and the redundant fit_
filename prefix, and update all references.
Rename the three signature.dts variants to have unique names:
signature.dts, signature_multi_key.dts and signature_no_nodes.dts.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move about 40 test files for x86 and Intel platform support (ROM,
microcode, ME, IFWI, FSP, descriptor, reset16, start16, FIT) into an
x86/ subdirectory. Drop the numeric prefixes and the redundant x86_
filename prefix, and update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about a dozen test files for U-Boot image variants (SPL, TPL,
VPL, DTB, nodtb, bss-pad) into an xpl/ subdirectory. Drop the
numeric prefixes and the redundant u_boot_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
Move about 50 test files related to basic layout, packing, alignment,
sections, and image structure into a pack/ subdirectory. Drop the
numeric prefixes from the filenames and update all references in
ftest.py, entry_test.py, and binman_tests.rst
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
