| Age | Commit message (Collapse) | Author |
|---|
|
fsstub seems to be unused and should be removed.
Suggested-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
commit 23d2ef91efa40d525a4a5557704184bcfd64ca16 upstream
K3 devices introduces the concept of centralized power, resource and
security management to System Firmware. This is to overcome challenges
by the traditional approach that implements system control functions on
each of the processing units.
The software interface for System Firmware is split into TIFS and DM. DM
(Device Manager) is responsible for resource and power management from
secure and non-secure hosts. This additional binary is necessary for
specific platforms' ROM boot images and is to be packaged into tispl.bin
Add an entry for DM. The entry can be used for the packaging of
tispl.bin by binman along with ATF and TEE.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
|
|
Support bootcore_opts field in x509 template. The bootcore_opts argument
had been defined earlier but not utilised into the final certificate.
Fixes: d43c636437d1 ("binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts")
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
Add test for TI firewalling node in ti-secure.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
ObtainContents and ProcessContents are called multiple times during
image packing in a multi pass assembly, dont regenerate cert data
every-time, else we end up creating racy updates that can mess up
already packed partial images.
This can easily be observed with
export BINMAN_DEBUG=1
export BINMAN_VERBOSE=5
where openssl x509 cert generation happens multiple times per image.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
|
|
Add Support for signing of FSSTUB images, which is very similar to
signing of non-combined images from legacy boot flow.
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
|
|
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The header binman_sym.h depends on ulong typedef but does not include
types.h. This means the header must be included after including types.h
or a header that includes it.
We could include types.h but instead let's just switch from ulong
to directly using unsigned long. This removes the need for typedef'ing
it in some of the tests, so also remove those.
Link: https://lists.denx.de/pipermail/u-boot/2023-April/514400.html
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
commit 4583c00236efd4ee768ff874f92526c229891a05 upstream
The patman directory has a number of modules which are used by other tools
in U-Boot. This makes it hard to package the tools using pypi since the
common files must be copied along with the tool that uses them.
To address this, move these files into a new u_boot_pylib library. This
can be packaged separately and listed as a dependency of each tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
commit 953d4177afa0bee0ba0db4b81036d3197595b997 upstream
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
|
|
Update various build and test components to use the new schema.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
|
|
This should fix a rendering oddity when viewing the docs online at
https://u-boot.readthedocs.io/en/latest/develop/package/binman.html
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Using the mkimage entry with the multiple-data-files prop and having a
missing external blob result in an unexpected ValueError exception using
the --allow-missing flag.
ValueError: Filename 'missing.bin' not found in input path (...)
Fix this by using _pathname that is resolved by ObtainContents for blob
entries, ObtainContents also handles allow missing for external blobs.
Mark mkimage entry as missing and return without running mkimage when
missing entries is reported by CheckMissing.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
|
|
The rockchip-tpl entry can be used when an external TPL binary should be
used instead of the normal U-Boot TPL.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Eugen Hristev <eugen.hristev@collabora.com>
|
|
Add the 'missing-msg' for more detailed output
on missing system firmware.
Signed-off-by: Rick Chen <rick@andestech.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
|
|
At present we show 'main section' as the top-level section name. It may
be more helpful to show the actual image name. This is tricky because
Image is a parent class of Entry_section, so there is no distinction
between an image and a section.
Update it to show the image name.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Unfortunately a recent patch snuck through without the require test
coverage. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 571bc4e67d3 ("binman: Support positioning an entry by and ELF symbol")
|
|
This property sets the minimum size of an entry, including padding but
not alignment. It can be used to reserve space for growth of an entry,
or to enforce a minimum offset for later entries in the section.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
In some cases it is desired for SPL to start TF-A instead of U-Boot
proper. Add support for a new property fit,firmware that picks a
valid entry and prepends the remaining valid entries to the
loadables list generated by the split-elf generator.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.
Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add support to indicate what alignment to use for the FIT and its
external data. Pass the alignment to mkimage via the -B flag.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
In some cases it is useful to position an entry over the top of a symbol
in an ELF file. For example, if the symbol holds a version string then it
allows the string to be accessed from the fdtmap.
Add support for this.
Suggested-by: Pali Rohár <pali@kernel.org>
Suggested-by: Keith Short <keithshort@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The current support for updating variables in a binary is hard-coded to
work with U-Boot:
- It assumes the image starts at __image_copy_start
- It uses the existing U-Boot-specific entry types
It is useful for other projects to use these feature.
Add properties to enable writing symbols for any blob, a way of specifying
the base symbol and a way of providing the ELF filename to allow symbol
lookup to take place.
With this it is possible to update a Zephyr image, such as zephyr.bin
after it has been built.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In some cases it is useful to have an entry overlap with another in a
section, either to update the contents within a blob, or to add an entry
to the fdtmap that covers only part of the blob.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This appears in two places in the code. Use a shared function instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
It is sometimes useful to define an entry which does not have its own
contents but does appear in the image. The contents are set by the section
which contains it, even though it appears as an entry in the fdtmap.
Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This means that the data is not yet available. Update some comments to
make this clearer.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This is a slightly different scenario from the existing testSections
tests. Add a new test for it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some blobs are actually not necessary for the board to work correctly. Add
a property to allow this to be indicated. Missing optional blobs do not
cause a build failure.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
OP-TEE has a format with a binary header that can be used instead of the
ELF file. With newer versions of OP-TEE this may be required on some
platforms.
Add support for this in binman. First, add a method to obtain the ELF
sections from an entry, then use that in the FIT support. We then end up
with the ability to support both types of OP-TEE files, depending on which
one is passed in with the entry argument (TEE=xxx in the U-Boot build).
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add a function which checks whether data is in ELF format or not. This
will be used by binman to check this for entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Support entries which can be optional depending on their contents. This
allows special entry types which appear in the image only when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Several etypes have this reference in their documentation. Now that we are
using rST, link to the section directly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
|
|
These have got out of data recently. Regenerate them.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Expand this comment to cover both cases that are supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present only the image (which is a section) has a filename. Move this
implementation to the entry_Section class so that any section can have a
filename. With this, the section data is written to a file.
This allows parts of an image to be written, along with the entire image.
Make a note that this can be used to include the contents of a section in
one image in another (later) image.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Perform a simple rename of CONFIG_X86_MRC_ADDR to CFG_X86_MRC_ADDR
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Add command-line documentation for binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
These are documented in various several sections. Add a new section that
mentions them all in one place so it is easier to see what environment
variables can be used to control U-Boot's use of binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
At present binman returns success when told to handle missing/faked blobs
or missing bintools. This is confusing since in fact the resulting image
cannot work.
Use exit code 103 to signal this problem, with a -W option to convert
it to a warning.
Rename the flag to --ignore-missing since it controls bintools also.
Add documentation about exit codes while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This reverts commit daa2da754afe1bac777f6cb0f05233e0de7b325d.
This commit is not needed anymore since the btool_ prefix is
automatically stripped by bintool.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The binary is looked on the system by the suffix of the packer class.
This means binman was looking for btool_gzip on the system and not gzip.
Since a btool can have its btool_ prefix missing but its module and
binary presence on the system appropriately found, there's no need to
actually keep this prefix after listing all possible btools, so let's
remove it.
This fixes gzip btool by letting Bintool.find_bintool_class handle the
missing prefix and still return the correct class which is then init
with gzip name instead of btool_gzip.
Additionally, there was an issue with the cached module global variable.
The variable only stores the module and not the associated class name
when calling find_bintool_class.
This means that when caching the module on the first call to
find_bintool_class, class_name would be set to Bintoolbtool_gzip but the
module_name gzip only, adding the module in the gzip key in the module
dictionary. When hitting the cache on next calls, the gzip key would be
found, so its value (the module) is used. However the default class_name
(Bintoolgzip) is used, failing the getattr call.
Instead, let's enforce the same class name: Bintool<packer>, whatever
the filename it is contained in.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
In some cases the ELF version of SPL builds may be packaged, rather
than a binary .bin file. Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This feature is used by several etypes and we plan to add more that use
it. Make symbol writing a feature of the base class to reduce the code
duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this code into its own function so it can be used from tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Provide a function to obtain the integer value of an ELF symbol. This will
be used
Signed-off-by: Simon Glass <sjg@chromium.org>
|
