There is no need to remove input files. It makes it harder to diagnose
failures. Keep the payload file.
There is no test for this condition, but one could be added.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tools cannot be assumed to be present. Add a check for this with the
mkeficpasule tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: b617611b27 ("binman: capsule: Add support for generating...")
Pass CONFIG_OF_SPL_REMOVE_PROPS to binman so that it can remove
properties correctly when producing FITs for SPL phases.
Signed-off-by: Simon Glass <sjg@chromium.org>
When using FIT to load firmware builds for multiple models, the FIT must
include a common binary along with a number of devicetree blobs, one for
each model. This is the same mechanism as is used for loading an OS.
However, SPL builds do not normally use the full devicetree, but instead
a cut-down version which various nodes and properties removed.
Add a new fit,fdt-phase property to allow binman to produce these
devicetree blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
FIT allows the FDT's root-node compatible string to be placed in a
configuration node to simplify and speed up finding the best match for
booting.
Add a new property to support this.
Signed-off-by: Simon Glass <sjg@chromium.org>
In some cases the list of available FDT files is not available in an
entryarg. Provide an option to point to a directory containing them
instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
FIT provides a way to select between different devicetree blobs
depending on the model. This works fine for U-Boot proper and allows SPL
to select the correct blob for the current board at runtime. The boot
sequence (SPL->U-Boot proper) is therefore covered by the existing
feature set.
The first boot phase (typically TPL) cannot use FIT since SoC boot ROMs
don't currently support it. Therefore the TPL image must be specific to
each model it boots on.
To support booting on mulitple models, binman must therefore produce a
separate TPL image for each model, even if the images for the rest of
the phases are identical.
TPL needs to be packaged as an executable binary along with a reduced
devicetree. When multiple models are supported, a reduced devicetree
must be provided for each model.
U-Boot's build system is designed to build a single devicetree for SPL
builds, so does not support this requirement.
Add a new 'alternatives' feature to Binman, allowing it to automatically
subset a devicetree to produce the reduced devicetree for a particular
phase for each supported model. With this it is possible to produce a
separate TPL image for each of the models. The correct one can then be
loaded onto a board, along with the common FIT image(s).
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the contents of an FDT (for each phase) are fixed,
determined by the build and provided to Binman as input files.
Provide a means for entry types to provide their own FDT, so that it can
be processed, if needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a comment about this entry type being expanded, to match the comment
for SPL and TPL. Drop an unwanted line in the SPL and TPL docs while
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This cannot ever go at offset 0 since the descriptor is there. Use a
better offset for the ME, as used by link and coral, for example.
This matters when we start using assumed sizes for missing blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman has a the useful feature of handling missing external blobs
gracefully, including allowing them to be missing, deciding whether the
resulting image is functional or not and faking blobs when this is
necessary for particular tools (e.g. mkimage).
This feature is widely used in CI. One drawback is that if U-Boot grows
too large to fit along with the required blobs, then this is not
discovered until someone does a 'real' build which includes the blobs.
Add a 'assume-size' property to entries to allow Binman to reserve a
given size for missing external blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Correct formatting errors in the documentation.
Regenerate the entries.rst file to include this recent addition.
Signed-off-by: Simon Glass <sjg@chromium.org>
Somehow the class documentation has got out of sync with the generated
entries.rst file. Regenerating it causes errors, so correct these and
regenerate the entries.rst file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 809f28e721 ("binman: capsule: Use dumped capsule header...")
Add new binman etype which allows signing both the SPL and fitImage sections
of i.MX8M flash.bin using CST. There are multiple DT properties which govern
the signing process, nxp,loader-address is the only mandatory one which sets
the SPL signature start address without the imx8mimage header, this should be
SPL text base. The key material can be configured using optional DT properties
nxp,srk-table, nxp,csf-crt, nxp,img-crt, all of which default the key material
names generated by CST tool scripts. The nxp,unlock property can be used to
unlock CAAM access in SPL section.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add new binman etype derived from mkimage etype which generates configuration
input file for mkimage -T imx8mimage, and runs the mkimage on input data. The
mkimage -T imx8mimage is used to generate combined image with SPL and DDR PHY
blobs which is bootable on i.MX8M.
The configuration file generated here is equivalent of imx8mimage.cfg, which
is the file passed to '$ mkimage -T imx8mimage -n imx8mimage.cfg ...' . The
settings generated into the imx8mimage.cfg file are configured via supported
binman DT properties, nxp,boot-from, nxp,loader-address, nxp,rom-version.
Signed-off-by: Marek Vasut <marex@denx.de>
When there is a lint error the user gets the following cryptic message:
binman: Node '/path/to/some/node': Yamllint error: 18: comments
This isn't very helpful. Improve the message to tell the user that the
number is actually a line number and also tell the user in which file
they have to look.
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Suggested-by: Nishanth Menon <nm@ti.com>
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
K3 devices introduces the concept of centralized power, resource and
security management to System Firmware. This is to overcome challenges
by the traditional approach that implements system control functions on
each of the processing units.
The software interface for System Firmware is split into TIFS and DM. DM
(Device Manager) is responsible for resource and power management from
secure and non-secure hosts. This additional binary is necessary for
specific platforms' ROM boot images and is to be packaged into tispl.bin
Add an entry for DM. The entry can be used for the packaging of
tispl.bin by binman along with ATF and TEE.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support in binman for generating EFI empty capsules. These
capsules are used in the FWU A/B update feature. Also add test cases
in binman for the corresponding code coverage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The various fields of a generated capsule are currently verified
through hard-coded offsets. Use the dump-capsule feature for dumping
the capsule header contents and use those for capsule verification.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reproduct warning:
$ git clean -dfx
$ make CROSS_COMPILE="" qemu-x86_64_defconfig
$ make -j8
...
u-boot/tools/binman/etype/section.py:25:
SyntaxWarning: invalid escape sequence '\('
"""Entry that contains other entries
Signed-off-by: Rong Tao <rongtao@cestc.cn>
Add support in binman for generating EFI capsules. The capsule
parameters can be specified through the capsule binman entry. Also add
test cases in binman for testing capsule generation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.
The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.
Here is an example of the etype in use:
spl {
filename = "boot.signed.bin";
xilinx-bootgen {
pmufw-filename = "pmu-firmware.elf";
psk-key-name-hint = "psk0";
ssk-key-name-hint = "ssk0";
auth-params = "ppk_select=0", "spk_id=0x00000000";
u-boot-spl-nodtb {
};
u-boot-spl-dtb {
};
};
};
For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.
For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Missing optional blobs was not reported for generated entries, e.g.
tee-os on rockchip targets. Implement a CheckOptional to fix this.
After this the following can be shown:
Image 'simple-bin' is missing optional external blobs but is still functional: tee-os
/binman/simple-bin/fit/images/@tee-SEQ/tee-os (tee-os):
See the documentation for your board. You may need to build Open Portable
Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Add support for writing symbols and determining the assumed position of
binaries inside a mkimage image. This is useful as an example for other
entry types which might want to do the same thing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collections can used to collect the contents of other entries into a
single entry, but they result in a single entry, with the original entries
'left behind' in their old place.
It is useful to be able to specific a set of entries ones and have it used
in multiple images, or parts of an image.
Implement this mechanism.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the check for the __bss_size symbol, since it may be 0. Unfortunately
there was no test coverage for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes multiple boards are built with binman and it is useful to
specify a different FDT list for each. At present this is not possible
without providing multiple values of the of-list entryarg (which is not
supported in the U-Boot build system).
Allow a fit,fdt-list-val string-list property to be used instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is needed to handle mkimage with inner section located itself in a
section.
Signed-off-by: Marek Vasut <marex@denx.de>
Use BuildSectionData() instead of ObtainContents(), add tests and a few
other minor fixes:
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boards don't use symbol writing but do access the symbols in SPL.
Provide an option to work around this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some section types don't have a simple _entries list. Use the GetEntries()
method in GetEntryContents() and other places to handle this.
This makes the behaviour more consistent.
Signed-off-by: Simon Glass <sjg@chromium.org>
This should be set up in the init function, to avoid a warning about a
property not set up there. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Allow symbol writing in these cases so that U-Boot can find the position
and size of U-Boot at runtime.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Add the test which provides sequence of actions:
1. create the image from binman dts
2. create public and private keys
3. add public key into dtb with fdt_add_pubkey
4. 1. sign FIT container with new sign option with extracting from
image
2. sign exact FIT container with replacing of it in image
5. check with fit_check_sign
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Renumber test file from 277 to 280;
Move UpdateSignatures() to Entry base class;
Don't allow missing mkimage as it doesn't make sense;
Propagate --toolpath for CI;
Call mark_build_done() to avoid regenerating FIT:
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce proof of concept for binman's new option which provides sign
and replace FIT containers in binary images.
Usage as example:
from:
mkimage -G privateky -r -o sha256,rsa4096 -F fit
binman replace -i flash.bin -f fit.fit fit
to:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
and to this one if it's need to be extracted, signed with key and put it
back in image:
binman sign -i flash.bin -k privatekey -a sha256,rsa4096 fit
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
