From 357bfca5e616c7fc003cce1ddda44016660cf75f Mon Sep 17 00:00:00 2001 From: Brandon Maier Date: Tue, 4 Jun 2024 16:16:05 +0000 Subject: tools: binman: fix deprecated Python unittest methods The methods `unittest.assertEquals()` and `unittest.assertRegexpMatches()` are marked deprecated[1]. In Python 3.12 these aliases have been removed, so do a sed to replace them with their new names. [1] https://docs.python.org/3.11/library/unittest.html#deprecated-aliases Signed-off-by: Brandon Maier CC: Simon Glass CC: Alper Nebi Yasak Reviewed-by: Simon Glass --- tools/binman/entry_test.py | 6 +++--- tools/binman/fdt_test.py | 48 +++++++++++++++++++++++----------------------- tools/binman/ftest.py | 42 ++++++++++++++++++++-------------------- 3 files changed, 48 insertions(+), 48 deletions(-) (limited to 'tools/binman') diff --git a/tools/binman/entry_test.py b/tools/binman/entry_test.py index ac6582cf86a..40d74d401a2 100644 --- a/tools/binman/entry_test.py +++ b/tools/binman/entry_test.py @@ -103,7 +103,7 @@ class TestEntry(unittest.TestCase): ent = entry.Entry.Create(None, self.GetNode(), 'missing', missing_etype=True) self.assertTrue(isinstance(ent, Entry_blob)) - self.assertEquals('missing', ent.etype) + self.assertEqual('missing', ent.etype) def testDecompressData(self): """Test the DecompressData() method of the base class""" @@ -111,8 +111,8 @@ class TestEntry(unittest.TestCase): base.compress = 'lz4' bintools = {} base.comp_bintool = base.AddBintool(bintools, '_testing') - self.assertEquals(tools.get_bytes(0, 1024), base.CompressData(b'abc')) - self.assertEquals(tools.get_bytes(0, 1024), base.DecompressData(b'abc')) + self.assertEqual(tools.get_bytes(0, 1024), base.CompressData(b'abc')) + self.assertEqual(tools.get_bytes(0, 1024), base.DecompressData(b'abc')) def testLookupOffset(self): """Test the lookup_offset() method of the base class""" diff --git a/tools/binman/fdt_test.py b/tools/binman/fdt_test.py index 7ef87295463..564c1770820 100644 --- a/tools/binman/fdt_test.py +++ b/tools/binman/fdt_test.py @@ -44,43 +44,43 @@ class TestFdt(unittest.TestCase): fname = self.GetCompiled('045_prop_test.dts') dt = FdtScan(fname) node = dt.GetNode('/binman/intel-me') - self.assertEquals('intel-me', node.name) + self.assertEqual('intel-me', node.name) val = fdt_util.GetString(node, 'filename') - self.assertEquals(str, type(val)) - self.assertEquals('me.bin', val) + self.assertEqual(str, type(val)) + self.assertEqual('me.bin', val) prop = node.props['intval'] - self.assertEquals(fdt.Type.INT, prop.type) - self.assertEquals(3, fdt_util.GetInt(node, 'intval')) + self.assertEqual(fdt.Type.INT, prop.type) + self.assertEqual(3, fdt_util.GetInt(node, 'intval')) prop = node.props['intarray'] - self.assertEquals(fdt.Type.INT, prop.type) - self.assertEquals(list, type(prop.value)) - self.assertEquals(2, len(prop.value)) - self.assertEquals([5, 6], + self.assertEqual(fdt.Type.INT, prop.type) + self.assertEqual(list, type(prop.value)) + self.assertEqual(2, len(prop.value)) + self.assertEqual([5, 6], [fdt_util.fdt32_to_cpu(val) for val in prop.value]) prop = node.props['byteval'] - self.assertEquals(fdt.Type.BYTE, prop.type) - self.assertEquals(chr(8), prop.value) + self.assertEqual(fdt.Type.BYTE, prop.type) + self.assertEqual(chr(8), prop.value) prop = node.props['bytearray'] - self.assertEquals(fdt.Type.BYTE, prop.type) - self.assertEquals(list, type(prop.value)) - self.assertEquals(str, type(prop.value[0])) - self.assertEquals(3, len(prop.value)) - self.assertEquals([chr(1), '#', '4'], prop.value) + self.assertEqual(fdt.Type.BYTE, prop.type) + self.assertEqual(list, type(prop.value)) + self.assertEqual(str, type(prop.value[0])) + self.assertEqual(3, len(prop.value)) + self.assertEqual([chr(1), '#', '4'], prop.value) prop = node.props['longbytearray'] - self.assertEquals(fdt.Type.INT, prop.type) - self.assertEquals(0x090a0b0c, fdt_util.GetInt(node, 'longbytearray')) + self.assertEqual(fdt.Type.INT, prop.type) + self.assertEqual(0x090a0b0c, fdt_util.GetInt(node, 'longbytearray')) prop = node.props['stringval'] - self.assertEquals(fdt.Type.STRING, prop.type) - self.assertEquals('message2', fdt_util.GetString(node, 'stringval')) + self.assertEqual(fdt.Type.STRING, prop.type) + self.assertEqual('message2', fdt_util.GetString(node, 'stringval')) prop = node.props['stringarray'] - self.assertEquals(fdt.Type.STRING, prop.type) - self.assertEquals(list, type(prop.value)) - self.assertEquals(3, len(prop.value)) - self.assertEquals(['another', 'multi-word', 'message'], prop.value) + self.assertEqual(fdt.Type.STRING, prop.type) + self.assertEqual(list, type(prop.value)) + self.assertEqual(3, len(prop.value)) + self.assertEqual(['another', 'multi-word', 'message'], prop.value) diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 8a44bc051b3..567849bbab0 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -2095,7 +2095,7 @@ class TestFunctional(unittest.TestCase): dtb.Scan() props = self._GetPropTree(dtb, ['size', 'uncomp-size']) orig = self._decompress(data) - self.assertEquals(COMPRESS_DATA, orig) + self.assertEqual(COMPRESS_DATA, orig) # Do a sanity check on various fields image = control.images['image'] @@ -2809,9 +2809,9 @@ class TestFunctional(unittest.TestCase): orig_entry = orig_image.GetEntries()['fdtmap'] entry = image.GetEntries()['fdtmap'] - self.assertEquals(orig_entry.offset, entry.offset) - self.assertEquals(orig_entry.size, entry.size) - self.assertEquals(orig_entry.image_pos, entry.image_pos) + self.assertEqual(orig_entry.offset, entry.offset) + self.assertEqual(orig_entry.size, entry.size) + self.assertEqual(orig_entry.image_pos, entry.image_pos) def testReadImageNoHeader(self): """Test accessing an image's FDT map without an image header""" @@ -3895,7 +3895,7 @@ class TestFunctional(unittest.TestCase): mat = re_line.match(line) vals[mat.group(1)].append(mat.group(2)) - self.assertEquals('FIT description: test-desc', lines[0]) + self.assertEqual('FIT description: test-desc', lines[0]) self.assertIn('Created:', lines[1]) self.assertIn('Image 0 (kernel)', vals) self.assertIn('Hash value', vals) @@ -4012,7 +4012,7 @@ class TestFunctional(unittest.TestCase): fit_pos, fdt_util.fdt32_to_cpu(fnode.props['data-position'].value)) - self.assertEquals(expected_size, len(data)) + self.assertEqual(expected_size, len(data)) actual_pos = len(U_BOOT_DATA) + fit_pos self.assertEqual(U_BOOT_DATA + b'aa', data[actual_pos:actual_pos + external_data_size]) @@ -4431,7 +4431,7 @@ class TestFunctional(unittest.TestCase): props = self._GetPropTree(dtb, ['offset', 'image-pos', 'size', 'uncomp-size']) orig = self._decompress(data) - self.assertEquals(COMPRESS_DATA + U_BOOT_DATA, orig) + self.assertEqual(COMPRESS_DATA + U_BOOT_DATA, orig) # Do a sanity check on various fields image = control.images['image'] @@ -4475,7 +4475,7 @@ class TestFunctional(unittest.TestCase): 'uncomp-size']) orig = self._decompress(data) - self.assertEquals(COMPRESS_DATA + COMPRESS_DATA + U_BOOT_DATA, orig) + self.assertEqual(COMPRESS_DATA + COMPRESS_DATA + U_BOOT_DATA, orig) # Do a sanity check on various fields image = control.images['image'] @@ -4519,7 +4519,7 @@ class TestFunctional(unittest.TestCase): props = self._GetPropTree(dtb, ['offset', 'image-pos', 'size', 'uncomp-size']) orig = self._decompress(data) - self.assertEquals(COMPRESS_DATA + U_BOOT_DATA, orig) + self.assertEqual(COMPRESS_DATA + U_BOOT_DATA, orig) expected = { 'section/blob:offset': 0, 'section/blob:size': len(COMPRESS_DATA), @@ -4545,7 +4545,7 @@ class TestFunctional(unittest.TestCase): props = self._GetPropTree(dtb, ['offset', 'image-pos', 'size', 'uncomp-size']) orig = self._decompress(data) - self.assertEquals(COMPRESS_DATA + U_BOOT_DATA, orig) + self.assertEqual(COMPRESS_DATA + U_BOOT_DATA, orig) expected = { 'section/blob:offset': 0, 'section/blob:size': len(COMPRESS_DATA), @@ -4580,7 +4580,7 @@ class TestFunctional(unittest.TestCase): 'uncomp-size']) base = data[len(U_BOOT_DATA):] - self.assertEquals(U_BOOT_DATA, base[:len(U_BOOT_DATA)]) + self.assertEqual(U_BOOT_DATA, base[:len(U_BOOT_DATA)]) rest = base[len(U_BOOT_DATA):] # Check compressed data @@ -4588,22 +4588,22 @@ class TestFunctional(unittest.TestCase): expect1 = bintool.compress(COMPRESS_DATA + U_BOOT_DATA) data1 = rest[:len(expect1)] section1 = self._decompress(data1) - self.assertEquals(expect1, data1) - self.assertEquals(COMPRESS_DATA + U_BOOT_DATA, section1) + self.assertEqual(expect1, data1) + self.assertEqual(COMPRESS_DATA + U_BOOT_DATA, section1) rest1 = rest[len(expect1):] expect2 = bintool.compress(COMPRESS_DATA + COMPRESS_DATA) data2 = rest1[:len(expect2)] section2 = self._decompress(data2) - self.assertEquals(expect2, data2) - self.assertEquals(COMPRESS_DATA + COMPRESS_DATA, section2) + self.assertEqual(expect2, data2) + self.assertEqual(COMPRESS_DATA + COMPRESS_DATA, section2) rest2 = rest1[len(expect2):] expect_size = (len(U_BOOT_DATA) + len(U_BOOT_DATA) + len(expect1) + len(expect2) + len(U_BOOT_DATA)) - #self.assertEquals(expect_size, len(data)) + #self.assertEqual(expect_size, len(data)) - #self.assertEquals(U_BOOT_DATA, rest2) + #self.assertEqual(U_BOOT_DATA, rest2) self.maxDiff = None expected = { @@ -4695,7 +4695,7 @@ class TestFunctional(unittest.TestCase): u_boot = image.GetEntries()['section'].GetEntries()['u-boot'] - self.assertEquals(U_BOOT_DATA, u_boot.ReadData()) + self.assertEqual(U_BOOT_DATA, u_boot.ReadData()) def testTplNoDtb(self): """Test that an image with tpl/u-boot-tpl-nodtb.bin can be created""" @@ -5526,7 +5526,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap segments, entry = elf.read_loadable_segments(elf_data) # We assume there are two segments - self.assertEquals(2, len(segments)) + self.assertEqual(2, len(segments)) atf1 = dtb.GetNode('/images/atf-1') _, start, data = segments[0] @@ -6107,7 +6107,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap data = bintool.compress(COMPRESS_DATA) self.assertNotEqual(COMPRESS_DATA, data) orig = bintool.decompress(data) - self.assertEquals(COMPRESS_DATA, orig) + self.assertEqual(COMPRESS_DATA, orig) def testCompUtilVersions(self): """Test tool version of compression algorithms""" @@ -6125,7 +6125,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap self.assertNotEqual(COMPRESS_DATA, data) data += tools.get_bytes(0, 64) orig = bintool.decompress(data) - self.assertEquals(COMPRESS_DATA, orig) + self.assertEqual(COMPRESS_DATA, orig) def testCompressDtbZstd(self): """Test that zstd compress of device-tree files failed""" -- cgit v1.3.1 From e344f836fe039701844ae1693f0e196d0915d5c6 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:02 -0600 Subject: binman: efi: Correct entry docs Somehow the class documentation has got out of sync with the generated entries.rst file. Regenerating it causes errors, so correct these and regenerate the entries.rst file. Signed-off-by: Simon Glass Fixes: 809f28e7213 ("binman: capsule: Use dumped capsule header...") --- tools/binman/entries.rst | 58 ++++++++++++++++----------------- tools/binman/etype/efi_capsule.py | 40 +++++++++++------------ tools/binman/etype/efi_empty_capsule.py | 22 +++++++------ 3 files changed, 61 insertions(+), 59 deletions(-) (limited to 'tools/binman') diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 254afe76074..dc42a9cb97d 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -470,11 +470,11 @@ updating the EC on startup via software sync. .. _etype_efi_capsule: -Entry: capsule: Entry for generating EFI Capsule files ------------------------------------------------------- +Entry: efi-capsule: Generate EFI capsules +----------------------------------------- -The parameters needed for generation of the capsules can be provided -as properties in the entry. +The parameters needed for generation of the capsules can +be provided as properties in the entry. Properties / Entry arguments: - image-index: Unique number for identifying corresponding @@ -495,9 +495,9 @@ Properties / Entry arguments: file. Mandatory property for generating signed capsules. - oem-flags - OEM flags to be passed through capsule header. - Since this is a subclass of Entry_section, all properties of the parent - class also apply here. Except for the properties stated as mandatory, the - rest of the properties are optional. +Since this is a subclass of Entry_section, all properties of the parent +class also apply here. Except for the properties stated as mandatory, the +rest of the properties are optional. For more details on the description of the capsule format, and the capsule update functionality, refer Section 8.5 and Chapter 23 in the `UEFI @@ -510,17 +510,17 @@ provided as a subnode of the capsule entry. A typical capsule entry node would then look something like this:: capsule { - type = "efi-capsule"; - image-index = <0x1>; - /* Image GUID for testing capsule update */ - image-guid = SANDBOX_UBOOT_IMAGE_GUID; - hardware-instance = <0x0>; - private-key = "path/to/the/private/key"; - public-key-cert = "path/to/the/public-key-cert"; - oem-flags = <0x8000>; + type = "efi-capsule"; + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-guid = SANDBOX_UBOOT_IMAGE_GUID; + hardware-instance = <0x0>; + private-key = "path/to/the/private/key"; + public-key-cert = "path/to/the/public-key-cert"; + oem-flags = <0x8000>; - u-boot { - }; + u-boot { + }; }; In the above example, the capsule payload is the U-Boot image. The @@ -534,8 +534,8 @@ payload using the blob-ext subnode. .. _etype_efi_empty_capsule: -Entry: efi-empty-capsule: Entry for generating EFI Empty Capsule files ----------------------------------------------------------------------- +Entry: efi-empty-capsule: Generate EFI empty capsules +----------------------------------------------------- The parameters needed for generation of the empty capsules can be provided as properties in the entry. @@ -551,22 +551,22 @@ update functionality, refer Section 8.5 and Chapter 23 in the `UEFI specification`_. For more information on the empty capsule, refer the sections 2.3.2 and 2.3.3 in the `Dependable Boot specification`_. -A typical accept empty capsule entry node would then look something -like this:: +A typical accept empty capsule entry node would then look something like +this:: empty-capsule { - type = "efi-empty-capsule"; - /* GUID of the image being accepted */ - image-type-id = SANDBOX_UBOOT_IMAGE_GUID; - capsule-type = "accept"; + type = "efi-empty-capsule"; + /* GUID of image being accepted */ + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + capsule-type = "accept"; }; -A typical revert empty capsule entry node would then look something -like this:: +A typical revert empty capsule entry node would then look something like +this:: empty-capsule { - type = "efi-empty-capsule"; - capsule-type = "revert"; + type = "efi-empty-capsule"; + capsule-type = "revert"; }; The empty capsules do not have any input payload image. diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py index e3203717822..751f654bf31 100644 --- a/tools/binman/etype/efi_capsule.py +++ b/tools/binman/etype/efi_capsule.py @@ -36,23 +36,23 @@ class Entry_efi_capsule(Entry_section): be provided as properties in the entry. Properties / Entry arguments: - - image-index: Unique number for identifying corresponding - payload image. Number between 1 and descriptor count, i.e. - the total number of firmware images that can be updated. Mandatory - property. - - image-guid: Image GUID which will be used for identifying the - updatable image on the board. Mandatory property. - - hardware-instance: Optional number for identifying unique - hardware instance of a device in the system. Default value of 0 - for images where value is not to be used. - - fw-version: Value of image version that can be put on the capsule - through the Firmware Management Protocol(FMP) header. - - monotonic-count: Count used when signing an image. - - private-key: Path to PEM formatted .key private key file. Mandatory - property for generating signed capsules. - - public-key-cert: Path to PEM formatted .crt public key certificate - file. Mandatory property for generating signed capsules. - - oem-flags - OEM flags to be passed through capsule header. + - image-index: Unique number for identifying corresponding + payload image. Number between 1 and descriptor count, i.e. + the total number of firmware images that can be updated. Mandatory + property. + - image-guid: Image GUID which will be used for identifying the + updatable image on the board. Mandatory property. + - hardware-instance: Optional number for identifying unique + hardware instance of a device in the system. Default value of 0 + for images where value is not to be used. + - fw-version: Value of image version that can be put on the capsule + through the Firmware Management Protocol(FMP) header. + - monotonic-count: Count used when signing an image. + - private-key: Path to PEM formatted .key private key file. Mandatory + property for generating signed capsules. + - public-key-cert: Path to PEM formatted .crt public key certificate + file. Mandatory property for generating signed capsules. + - oem-flags - OEM flags to be passed through capsule header. Since this is a subclass of Entry_section, all properties of the parent class also apply here. Except for the properties stated as mandatory, the @@ -66,9 +66,9 @@ class Entry_efi_capsule(Entry_section): properties in the entry. The payload to be used in the capsule is to be provided as a subnode of the capsule entry. - A typical capsule entry node would then look something like this + A typical capsule entry node would then look something like this:: - capsule { + capsule { type = "efi-capsule"; image-index = <0x1>; /* Image GUID for testing capsule update */ @@ -80,7 +80,7 @@ class Entry_efi_capsule(Entry_section): u-boot { }; - }; + }; In the above example, the capsule payload is the U-Boot image. The capsule entry would read the contents of the payload and put them diff --git a/tools/binman/etype/efi_empty_capsule.py b/tools/binman/etype/efi_empty_capsule.py index 064bf9a77f0..1d99fbfb3bb 100644 --- a/tools/binman/etype/efi_empty_capsule.py +++ b/tools/binman/etype/efi_empty_capsule.py @@ -19,31 +19,33 @@ class Entry_efi_empty_capsule(Entry_section): be provided as properties in the entry. Properties / Entry arguments: - - image-guid: Image GUID which will be used for identifying the - updatable image on the board. Mandatory for accept capsule. - - capsule-type - String to indicate type of capsule to generate. Valid - values are 'accept' and 'revert'. + - image-guid: Image GUID which will be used for identifying the + updatable image on the board. Mandatory for accept capsule. + - capsule-type - String to indicate type of capsule to generate. Valid + values are 'accept' and 'revert'. For more details on the description of the capsule format, and the capsule update functionality, refer Section 8.5 and Chapter 23 in the `UEFI specification`_. For more information on the empty capsule, refer the sections 2.3.2 and 2.3.3 in the `Dependable Boot specification`_. - A typical accept empty capsule entry node would then look something like this + A typical accept empty capsule entry node would then look something like + this:: - empty-capsule { + empty-capsule { type = "efi-empty-capsule"; /* GUID of image being accepted */ image-type-id = SANDBOX_UBOOT_IMAGE_GUID; capsule-type = "accept"; - }; + }; - A typical revert empty capsule entry node would then look something like this + A typical revert empty capsule entry node would then look something like + this:: - empty-capsule { + empty-capsule { type = "efi-empty-capsule"; capsule-type = "revert"; - }; + }; The empty capsules do not have any input payload image. -- cgit v1.3.1 From e1b59477059449bfdfb2882ebf0d3c1b9d156b3b Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:03 -0600 Subject: binman: Regenerate nxp docs Regenerate the entries.rst file to include this recent addition. Note that more docs are needed here, to actually describe the entry type. Note also that the entry type needs Binman tests added. Signed-off-by: Simon Glass --- tools/binman/entries.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'tools/binman') diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index dc42a9cb97d..1b9b868e33f 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1521,6 +1521,28 @@ byte. +.. _etype_nxp_imx8mcst: + +Entry: nxp-imx8mcst: NXP i.MX8M CST .cfg file generator and cst invoker +----------------------------------------------------------------------- + +Properties / Entry arguments: + - nxp,loader-address - loader address (SPL text base) + + + +.. _etype_nxp_imx8mimage: + +Entry: nxp-imx8mimage: NXP i.MX8M imx8mimage .cfg file generator and mkimage invoker +------------------------------------------------------------------------------------ + +Properties / Entry arguments: + - nxp,boot-from - device to boot from (e.g. 'sd') + - nxp,loader-address - loader address (SPL text base) + - nxp,rom-version - BootROM version ('2' for i.MX8M Nano and Plus) + + + .. _etype_opensbi: Entry: opensbi: RISC-V OpenSBI fw_dynamic blob -- cgit v1.3.1 From 638aa113e083b2d33740a620f9d9a0002d7303f5 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:04 -0600 Subject: binman: ti: Regenerate entry docs Correct formatting errors in the documentation. Regenerate the entries.rst file to include this recent addition. Signed-off-by: Simon Glass --- tools/binman/entries.rst | 35 ++++++++++++++++++++++++++++++++ tools/binman/etype/ti_secure.py | 45 +++++++++++++++++++++-------------------- 2 files changed, 58 insertions(+), 22 deletions(-) (limited to 'tools/binman') diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 1b9b868e33f..bdda1ef2855 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1951,6 +1951,12 @@ Properties / Entry arguments: - content: List of phandles to entries to sign - keyfile: Filename of file containing key to sign binary with - sha: Hash function to be used for signing + - auth-in-place: This is an integer field that contains two pieces + of information: + + - Lower Byte - Remains 0x02 as per our use case + ( 0x02: Move the authenticated binary back to the header ) + - Upper Byte - The Host ID of the core owning the firewall Output files: - input. - input file passed to openssl @@ -1959,6 +1965,35 @@ Output files: - cert. - output file generated by openssl (which is used as the entry contents) +Depending on auth-in-place information in the inputs, we read the +firewall nodes that describe the configurations of firewall that TIFS +will be doing after reading the certificate. + +The syntax of the firewall nodes are as such:: + + firewall-257-0 { + id = <257>; /* The ID of the firewall being configured */ + region = <0>; /* Region number to configure */ + + control = /* The control register */ + <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>; + + permissions = /* The permission registers */ + <((FWPRIVID_ALL << FWPRIVID_SHIFT) | + FWPERM_SECURE_PRIV_RWCD | + FWPERM_SECURE_USER_RWCD | + FWPERM_NON_SECURE_PRIV_RWCD | + FWPERM_NON_SECURE_USER_RWCD)>; + + /* More defines can be found in k3-security.h */ + + start_address = /* The Start Address of the firewall */ + <0x0 0x0>; + end_address = /* The End Address of the firewall */ + <0xff 0xffffffff>; + }; + + openssl signs the provided data, using the TI templated config file and writes the signature in this entry. This allows verification that the data is genuine. diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py index 704dcf8a381..420ee263e4f 100644 --- a/tools/binman/etype/ti_secure.py +++ b/tools/binman/etype/ti_secure.py @@ -53,10 +53,11 @@ class Entry_ti_secure(Entry_x509_cert): - keyfile: Filename of file containing key to sign binary with - sha: Hash function to be used for signing - auth-in-place: This is an integer field that contains two pieces - of information - Lower Byte - Remains 0x02 as per our use case - ( 0x02: Move the authenticated binary back to the header ) - Upper Byte - The Host ID of the core owning the firewall + of information: + + - Lower Byte - Remains 0x02 as per our use case + ( 0x02: Move the authenticated binary back to the header ) + - Upper Byte - The Host ID of the core owning the firewall Output files: - input. - input file passed to openssl @@ -69,29 +70,29 @@ class Entry_ti_secure(Entry_x509_cert): firewall nodes that describe the configurations of firewall that TIFS will be doing after reading the certificate. - The syntax of the firewall nodes are as such: + The syntax of the firewall nodes are as such:: - firewall-257-0 { - id = <257>; /* The ID of the firewall being configured */ - region = <0>; /* Region number to configure */ + firewall-257-0 { + id = <257>; /* The ID of the firewall being configured */ + region = <0>; /* Region number to configure */ - control = /* The control register */ - <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>; + control = /* The control register */ + <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>; - permissions = /* The permission registers */ - <((FWPRIVID_ALL << FWPRIVID_SHIFT) | - FWPERM_SECURE_PRIV_RWCD | - FWPERM_SECURE_USER_RWCD | - FWPERM_NON_SECURE_PRIV_RWCD | - FWPERM_NON_SECURE_USER_RWCD)>; + permissions = /* The permission registers */ + <((FWPRIVID_ALL << FWPRIVID_SHIFT) | + FWPERM_SECURE_PRIV_RWCD | + FWPERM_SECURE_USER_RWCD | + FWPERM_NON_SECURE_PRIV_RWCD | + FWPERM_NON_SECURE_USER_RWCD)>; - /* More defines can be found in k3-security.h */ + /* More defines can be found in k3-security.h */ - start_address = /* The Start Address of the firewall */ - <0x0 0x0>; - end_address = /* The End Address of the firewall */ - <0xff 0xffffffff>; - }; + start_address = /* The Start Address of the firewall */ + <0x0 0x0>; + end_address = /* The End Address of the firewall */ + <0xff 0xffffffff>; + }; openssl signs the provided data, using the TI templated config file and -- cgit v1.3.1 From d552564e1a0a8096aa25812e5ca874967d34f09a Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:05 -0600 Subject: binman: Update the entrydocs header Reduce the length of the underline for this header, to match the heading itself. Signed-off-by: Simon Glass --- tools/binman/entry.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/binman') diff --git a/tools/binman/entry.py b/tools/binman/entry.py index 42e0b7b9145..2ed65800d22 100644 --- a/tools/binman/entry.py +++ b/tools/binman/entry.py @@ -812,7 +812,7 @@ class Entry(object): as missing """ print('''Binman Entry Documentation -=========================== +========================== This file describes the entry types supported by binman. These entry types can be placed in an image one by one to build up a final firmware image. It is -- cgit v1.3.1 From 404936e5731ee366a513b0452e2306e799de59cb Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:06 -0600 Subject: binman: Support an assumed size for missing binaries Binman has a the useful feature of handling missing external blobs gracefully, including allowing them to be missing, deciding whether the resulting image is functional or not and faking blobs when this is necessary for particular tools (e.g. mkimage). This feature is widely used in CI. One drawback is that if U-Boot grows too large to fit along with the required blobs, then this is not discovered until someone does a 'real' build which includes the blobs. Add a 'assume-size' property to entries to allow Binman to reserve a given size for missing external blobs. Signed-off-by: Simon Glass --- tools/binman/binman.rst | 7 +++++++ tools/binman/entry.py | 1 + tools/binman/etype/blob.py | 7 ++++++- tools/binman/ftest.py | 28 ++++++++++++++++++++++++++++ tools/binman/test/326_assume_size.dts | 16 ++++++++++++++++ tools/binman/test/327_assume_size_ok.dts | 16 ++++++++++++++++ 6 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 tools/binman/test/326_assume_size.dts create mode 100644 tools/binman/test/327_assume_size_ok.dts (limited to 'tools/binman') diff --git a/tools/binman/binman.rst b/tools/binman/binman.rst index 230e055667f..872e9746c8c 100644 --- a/tools/binman/binman.rst +++ b/tools/binman/binman.rst @@ -711,6 +711,13 @@ missing-msg: information about what needs to be fixed. See missing-blob-help for the message for each tag. +assume-size: + Sets the assumed size of a blob entry if it is missing. This allows for a + check that the rest of the image fits into the available space, even when + the contents are not available. If the entry is missing, Binman will use + this assumed size for the entry size, including creating a fake file of that + size if requested. + no-expanded: By default binman substitutes entries with expanded versions if available, so that a `u-boot` entry type turns into `u-boot-expanded`, for example. The diff --git a/tools/binman/entry.py b/tools/binman/entry.py index 2ed65800d22..219d5dcecab 100644 --- a/tools/binman/entry.py +++ b/tools/binman/entry.py @@ -315,6 +315,7 @@ class Entry(object): self.overlap = fdt_util.GetBool(self._node, 'overlap') if self.overlap: self.required_props += ['offset', 'size'] + self.assume_size = fdt_util.GetInt(self._node, 'assume-size', 0) # This is only supported by blobs and sections at present self.compress = fdt_util.GetString(self._node, 'compress', 'none') diff --git a/tools/binman/etype/blob.py b/tools/binman/etype/blob.py index 064fae50365..041e1122953 100644 --- a/tools/binman/etype/blob.py +++ b/tools/binman/etype/blob.py @@ -48,11 +48,16 @@ class Entry_blob(Entry): self.external and (self.optional or self.section.GetAllowMissing())) # Allow the file to be missing if not self._pathname: + if not fake_size and self.assume_size: + fake_size = self.assume_size self._pathname, faked = self.check_fake_fname(self._filename, fake_size) self.missing = True if not faked: - self.SetContents(b'') + content_size = 0 + if self.assume_size: # Ensure we get test coverage on next line + content_size = self.assume_size + self.SetContents(tools.get_bytes(0, content_size)) return True self.ReadBlobContents() diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 567849bbab0..e4da04030a5 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -7460,5 +7460,33 @@ fdt fdtmap Extract the devicetree blob from the fdtmap with self.assertRaises(ValueError) as e: self._DoReadFile('323_capsule_accept_revert_missing.dts') + def test_assume_size(self): + """Test handling of the assume-size property for external blob""" + with self.assertRaises(ValueError) as e: + self._DoTestFile('326_assume_size.dts', allow_missing=True, + allow_fake_blobs=True) + self.assertIn("contents size 0xa (10) exceeds section size 0x9 (9)", + str(e.exception)) + + def test_assume_size_ok(self): + """Test handling of the assume-size where it fits OK""" + with test_util.capture_sys_output() as (stdout, stderr): + self._DoTestFile('327_assume_size_ok.dts', allow_missing=True, + allow_fake_blobs=True) + err = stderr.getvalue() + self.assertRegex( + err, + "Image '.*' has faked external blobs and is non-functional: .*") + + def test_assume_size_no_fake(self): + """Test handling of the assume-size where it fits OK""" + with test_util.capture_sys_output() as (stdout, stderr): + self._DoTestFile('327_assume_size_ok.dts', allow_missing=True) + err = stderr.getvalue() + self.assertRegex( + err, + "Image '.*' is missing external blobs and is non-functional: .*") + + if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/326_assume_size.dts b/tools/binman/test/326_assume_size.dts new file mode 100644 index 00000000000..4c5f8b418d8 --- /dev/null +++ b/tools/binman/test/326_assume_size.dts @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + size = <9>; + blob-ext { + filename = "assume_blob"; + assume-size = <10>; + }; + }; +}; diff --git a/tools/binman/test/327_assume_size_ok.dts b/tools/binman/test/327_assume_size_ok.dts new file mode 100644 index 00000000000..00ed726f872 --- /dev/null +++ b/tools/binman/test/327_assume_size_ok.dts @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + size = <10>; + blob-ext { + filename = "assume_blob"; + assume-size = <10>; + }; + }; +}; -- cgit v1.3.1 From 0f851e234172cf3d874ae16d61a641cb9d793c73 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 23 Jun 2024 11:55:07 -0600 Subject: binman: Make Intel ME default to position 0x1000 This cannot ever go at offset 0 since the descriptor is there. Use a better offset for the ME, as used by link and coral, for example. This matters when we start using assumed sizes for missing blobs. Signed-off-by: Simon Glass --- tools/binman/etype/intel_descriptor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/binman') diff --git a/tools/binman/etype/intel_descriptor.py b/tools/binman/etype/intel_descriptor.py index 7fe88a9ec1a..3ce967fe81a 100644 --- a/tools/binman/etype/intel_descriptor.py +++ b/tools/binman/etype/intel_descriptor.py @@ -59,7 +59,7 @@ class Entry_intel_descriptor(Entry_blob_ext): if self.missing: # Return zero offsets so that these entries get placed somewhere if self.HasSibling('intel-me'): - info['intel-me'] = [0, None] + info['intel-me'] = [0x1000, None] return info offset = self.data.find(FD_SIGNATURE) if offset == -1: -- cgit v1.3.1