| Age | Commit message (Collapse) | Author |
|---|
|
fsstub seems to be unused and should be removed.
Suggested-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
commit 23d2ef91efa40d525a4a5557704184bcfd64ca16 upstream
K3 devices introduces the concept of centralized power, resource and
security management to System Firmware. This is to overcome challenges
by the traditional approach that implements system control functions on
each of the processing units.
The software interface for System Firmware is split into TIFS and DM. DM
(Device Manager) is responsible for resource and power management from
secure and non-secure hosts. This additional binary is necessary for
specific platforms' ROM boot images and is to be packaged into tispl.bin
Add an entry for DM. The entry can be used for the packaging of
tispl.bin by binman along with ATF and TEE.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
|
|
Support bootcore_opts field in x509 template. The bootcore_opts argument
had been defined earlier but not utilised into the final certificate.
Fixes: d43c636437d1 ("binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts")
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
ObtainContents and ProcessContents are called multiple times during
image packing in a multi pass assembly, dont regenerate cert data
every-time, else we end up creating racy updates that can mess up
already packed partial images.
This can easily be observed with
export BINMAN_DEBUG=1
export BINMAN_VERBOSE=5
where openssl x509 cert generation happens multiple times per image.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
|
|
Add Support for signing of FSSTUB images, which is very similar to
signing of non-combined images from legacy boot flow.
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
commit 4583c00236efd4ee768ff874f92526c229891a05 upstream
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.
To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
commit 953d4177afa0bee0ba0db4b81036d3197595b997 upstream
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
Using the mkimage entry with the multiple-data-files prop and having a
missing external blob result in an unexpected ValueError exception using
the --allow-missing flag.
ValueError: Filename 'missing.bin' not found in input path (...)
Fix this by using _pathname that is resolved by ObtainContents for blob
entries, ObtainContents also handles allow missing for external blobs.
Mark mkimage entry as missing and return without running mkimage when
missing entries is reported by CheckMissing.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
|
|
The rockchip-tpl entry can be used when an external TPL binary should be
used instead of the normal U-Boot TPL.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Eugen Hristev <eugen.hristev@collabora.com>
|
|
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.
Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The current support for updating variables in a binary is hard-coded to
work with U-Boot:
- It assumes the image starts at __image_copy_start
- It uses the existing U-Boot-specific entry types
It is useful for other projects to use these feature.
Add properties to enable writing symbols for any blob, a way of specifying
the base symbol and a way of providing the ELF filename to allow symbol
lookup to take place.
With this it is possible to update a Zephyr image, such as zephyr.bin
after it has been built.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In some cases it is useful to have an entry overlap with another in a
section, either to update the contents within a blob, or to add an entry
to the fdtmap that covers only part of the blob.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This appears in two places in the code. Use a shared function instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This means that the data is not yet available. Update some comments to
make this clearer.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some blobs are actually not necessary for the board to work correctly. Add
a property to allow this to be indicated. Missing optional blobs do not
cause a build failure.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.
Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Support entries which can be optional depending on their contents. This
allows special entry types which appear in the image only when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Several etypes have this reference in their documentation. Now that we are
using rST, link to the section directly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
|
|
These have got out of data recently. Regenerate them.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Expand this comment to cover both cases that are supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present only the image (which is a section) has a filename. Move this
implementation to the entry_Section class so that any section can have a
filename. With this, the section data is written to a file.
This allows parts of an image to be written, along with the entire image.
Make a note that this can be used to include the contents of a section in
one image in another (later) image.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In some cases the ELF version of SPL builds may be packaged, rather
than a binary .bin file. Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This feature is used by several etypes and we plan to add more that use
it. Make symbol writing a feature of the base class to reduce the code
duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this code into its own function so it can be used from tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add support for U-Boot's Verifying Program Loader phase.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
mkimage entry currently creates a file whose name is derived from the
section name containing said entry.
Let's allow the user to define a filename for the mkimage-generated
binary by using the 'filename' DT property.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Some image types handled by mkimage require the datafiles to be passed
independently (-d data1:data2) for specific handling of each. A
concatenation of datafiles prior to passing them to mkimage wouldn't
work.
That is the case for rkspi for example which requires page alignment
and only writing 2KB every 4KB.
This adds the ability to tell binman to pass the datafiles without
prior concatenation to mkimage, by adding the multiple-data-files
boolean property to the mkimage node.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add zstd bintool to binman to support on-the-fly compression.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add an optional length header attribute to the device tree blob entry
class based on the compressed data header from the utilities to compress
and decompress data.
If needed the header could be enabled with the following
attribute beside the compress attribute:
prepend = "length";
The header was introduced as part of commit eb0f4a4cb402 ("binman:
Support replacing data in a cbfs") to allow device tree entries to be
larger than the compressed contents. Regarding the commit "this is
necessary to cope with a compressed device tree being updated in such a
way that it shrinks after the entry size is already set (an obscure
case)". This case need to be fixed without influence any compressed data
by itself.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add a DecompressData function to entry class to allow override in child
classes and to centralize the compress and decompress in a single class.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Forward AddBintools calls to base class to collect bintools of base
class.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Forward AddBintools calls to sub entries in cbfs_util to collect
bintools of sub entries.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
At present the collections etype only works with entries in the same
section. This can be limiting, since in some cases the data may be inside
a subsection, e.g. if there are alignment constraints.
Add a function to find the entries in an etype and have it search
recursively. Make use of this for mkimage also.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Also control over what goes in the file passed with -n using a separate
imagename subnode. This can include a section or any other entry type.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some image types use the -n parameter to pass in the data file. Add
support for this, with a new property.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Expand this a little to make things clearer. Also drop the invalid
entry arg.
Series-changes 2
- Make it clear that -d data is concatenated/collected by binman
- Fix mulitple typoe
- Reword a sentence for grammar
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Since this is implemented as a section, it should really be split into
several functions, one to read the node and one to read the entries. Do
this so that it matches how Entry_section works.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some new entries are likely to have required properties. Support this in a
standard way, with a list of required properties which can be set up by
base classes. Check for missing properties when the entry is read.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This has got out of sync and needs a line wrap. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Currently the fitImage data area is resized in 1 kiB steps. This works
when bundling smaller images below some 1 MiB, but when bundling large
images into the fitImage, this make binman spend extreme amount of time
and CPU just spinning in pylibfdt FdtSw.check_space() until the size
grows enough for the large image to fit into the data area. Increase
the default step to 64 kiB, which is a reasonable compromise -- the
U-Boot blobs are somewhere in the 64kiB...1MiB range, DT blob are just
short of 64 kiB, and so are the other blobs. This reduces binman runtime
with 32 MiB blob from 2.3 minutes to 5 seconds.
The following can be used to trigger the problem if rand.bin is some 32 MiB.
"
/ {
itb {
fit {
images {
test {
compression = "none";
description = "none";
type = "flat_dt";
blob {
filename = "rand.bin";
type = "blob-ext";
};
};
};
};
};
configurations {
binman_configuration: config {
loadables = "test";
};
};
};
"
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Binman interfaces allow attempts to replace any entry in the image with
arbitrary data. When trying to replace sections, the changes in the
section entry's data are not propagated to its child entries. This,
combined with how sections rebuild their contents from its children,
eventually causes the replaced contents to be silently overwritten by
rebuilt contents equivalent to the original data.
Add a simple test for replacing a section that is currently failing due
to this behaviour, and mark it as an expected failure. Also, raise an
error when replacing a section instead of silently pretending it was
replaced.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When reading images from a file, each entry's data is read from its
parent section as specified in the Entry.Create() call that created it.
The FIT entry type has been creating its subentries under its parent
(their grandparent), as creating them under the FIT entry resulted in an
error until FIT was converted into a proper section.
FIT subentries have their offsets relative to the FIT section, and
reading those offsets in the parent section results in wrong data. The
subentries rightfully belong under the FIT entries, so create them
there. Add tests checking that we can extract the correct data for a FIT
entry and its subentries.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
