| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
U-Boot configured for verified boot with the "required" option set to
"conf" also checks scripts put in FIT images for a valid signature, and
refuses to source and run such a script if the signature for the
configuration is bad or missing. Such a script could not be packaged
before, because mkimage failed like this:
% tools/mkimage -T script -C none -d tmp/my.scr -f auto-conf -k tmp -g dev -o sha256,rsa4096 my.uimg
Failed to find any images for configuration 'conf-1/signature'
tools/mkimage Can't add hashes to FIT blob: -1
Error: Bad parameters for FIT image type
This is especially unfortunate if LEGACY_IMAGE_FORMAT is disabled as
recommended.
Listing the script configuration in a "sign-images" subnode instead,
would have added even more complexity to the already complex auto fit
generation code.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
|
|
When running within a Python venv we must use the 'coverage' tool (which
is within the venv) so that the venv packages are used in preference to
system packages. Otherwise the coverage tests run in a different
environment from the normal tests and may fail due to missing packages.
Handle this by detecting the venv and changing the tool name.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The feature to set the toolchain path does not seem to be needed. It
causes problems with venv (see [1]). Let's remove it.
Add some tests while we are here.
It does not look like any docs changes are needed for this.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20240621131423.2363294-6-sjg@chromium.org/
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andrejs Cainikovs <andrejs.cainikovs@toradex.com>
|
|
Fix 'Thie' and capitalise 'unicode'.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
This is used by some Binman entry types, so add it to allow more tests
to pass.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Add this package so we can run code-coverage tests for Binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Buildman uses all available CPUs by default, so running more than one or
two concurrent processes is not normally useful.
However in some CI cases we want to be able to run several jobs at once
to save time. For example, in a lab situation we may want to run a test
on 20 boards at a time, since only the build step actually takes much
CPU.
Add an option which allows such a limit. When buildman starts up, it
waits until the number of running processes goes below the limit, then
claims a spot in the list. The list is maintained with a temporary file.
Note that the temp file is user-specific, since it is hard to create a
locked temporary file which can be accessed by any user. In most cases,
only one user is running jobs on a machine, so this should not matter.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When a file is removed by a commit (e.g. include/common.h yay!) it can
cause incremental build failures since one of the dependency files from
a previous build may mention the file.
Add an option to run 'make mrproper' automatically when a build fails.
This can be used to automatically resolve the problem, without always
adding the large overhead of 'make mrproper' to every build.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When this flag is enabled, 'make mrproper' is always used when
reconfiguring, so there is no point in doing it again.
Update this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Pass this in so the caller can change it independently of the member
variable.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Pass this in so the caller can change it independently of the member
variable.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Pass this in so the caller can change it independently of the member
variable.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This cannot ever go at offset 0 since the descriptor is there. Use a
better offset for the ME, as used by link and coral, for example.
This matters when we start using assumed sizes for missing blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Binman has a the useful feature of handling missing external blobs
gracefully, including allowing them to be missing, deciding whether the
resulting image is functional or not and faking blobs when this is
necessary for particular tools (e.g. mkimage).
This feature is widely used in CI. One drawback is that if U-Boot grows
too large to fit along with the required blobs, then this is not
discovered until someone does a 'real' build which includes the blobs.
Add a 'assume-size' property to entries to allow Binman to reserve a
given size for missing external blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Reduce the length of the underline for this header, to match the
heading itself.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Correct formatting errors in the documentation.
Regenerate the entries.rst file to include this recent addition.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Regenerate the entries.rst file to include this recent addition.
Note that more docs are needed here, to actually describe the entry
type.
Note also that the entry type needs Binman tests added.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Somehow the class documentation has got out of sync with the generated
entries.rst file. Regenerating it causes errors, so correct these and
regenerate the entries.rst file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 809f28e7213 ("binman: capsule: Use dumped capsule header...")
|
|
The method `ConfigParser.readfp()` is marked deprecated[1].
In Python 3.12 this method have been removed, so replace it with
`ConfigParser.read_file()`.
[1] https://docs.python.org/3.11/library/configparser.html#configparser.ConfigParser.readfp
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The method `ConfigParser.readfp()` is marked deprecated[1].
In Python 3.12 this method have been removed, so replace it with
`ConfigParser.read_file()`.
[1] https://docs.python.org/3.11/library/configparser.html#configparser.ConfigParser.readfp
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The methods `unittest.assertEquals()` and
`unittest.assertRegexpMatches()` are marked deprecated[1].
In Python 3.12 these aliases have been removed, so do a sed to replace
them with their new names.
[1] https://docs.python.org/3.11/library/unittest.html#deprecated-aliases
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
CC: Simon Glass <sjg@chromium.org>
CC: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When a patch is added to a series after the initial version, there are no
changes to note except that it is new. This is typically done to suppress
the "(no changes in vN)" message. It's also nice to add a change to the
cover letter so reviewers know there is an additional patch. Add a tag to
automate this process a bit.
There are two nits with the current approach:
- It favors '-' as a bullet point, but some people may prefer '*' (or
something else)
- Tags (e.g. 'patman: ' in 'patman: foo bar') are not stripped. They are
probably just noise in most series, but they may be useful for treewide
series to distinguish 'gpio: frobnicate' from 'reset: frobnicate', so
I've left them in.
Suggestions for the above appreciated.
Suggested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
|
|
Most tags referring to commits (or patches) are named Commit-something. The
exception is Patch-cc. Add a Commit-cc alias so we can use whichever one is
convenient.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
|
|
If add_maintainers is set to False in the user's ~/.patman config, it will
cause the custom_get_maintainer_script to fail since that test expects
maintainers to be added. Set add_maintainer to True in the .patman config
to prevent this.
Fixes: 8c042fb7f9f ("patman: add '--get-maintainer-script' argument")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Prepare v2024.07-rc5
|
|
Trigger the building of the mkeficapsule tool if EFI_LOADER is enabled.
Previously it was triggered on EFI_CAPSULE_ON_DISK, but mkeficapsule is
needed when a capsule is being generated for a bootloader stage, not just
from the stage applying them. EFI_LOADER is a more accurate approximation
of when a capsule may need to be generated.
Signed-off-by: Jonathan Humphreys <j-humphreys@ti.com>
|
|
There are two paths to reach this function, either through mkimage -l or
through dumpimage -l. The latter passes a NULL imagename while the
former passes an empty string. Therefore, let's make both tools behave
the same by handling the empty string the same way as for NULL.
Without this, the only way to get some information out of mkimage -l is
to provide "-n rk3399" for example, which isn't documented in the usage
of the tool.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
|
|
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The following patch series adds support for version 2 of the FWU
metadata. The version 2 metadata structure is defined in the latest
revision of the FWU specification [1].
The earlier versions of these patches were migrating to a version 2
only support in U-Boot, similar to TF-A. However, based on feedback
from ST [2], this series has been updated to support both versions. A
platform would still be needed to enable one of the two versions of
metadata through a config symbol.
TF-A has code which reads the FWU metadata and boots the platform from
the active partition. TF-A has decided to migrate the FWU code to a
version 2 only support. These changes have been merged in upstream
TF-A.
These changes have been tested on the ST DK2 board, which uses the GPT
based partitioning scheme. Both V1 and V2 metadata versions have been
tested on the DK2 board.
These changes need to be tested on platforms with MTD partitioned
storage devices.
|
|
The version 2 of the FWU metadata allows for appending opaque vendor
specific data to the metadata structure. Add support for appending
this data to the metadata. The vendor specific data needs to be
provided through a file, passed through a command-line parameter. Make
corresponding changes to the tool's manpage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
|
|
Add support for generating the FWU metadata version 2. The tool now
requires the version to be provided as a command-line option. Make
corresponding changes to the tool's manpage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
|
|
The fwrite call returns the number of bytes transferred as part of the
write only when the size parameter is 1. Pass the size parameter to
the library call as 1 so that the correct number of bytes transferred
are returned.
Fixes: fdd56bfd3ad ("tools: Add mkfwumdata tool for FWU metadata image")
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
|
|
Add new binman etype which allows signing both the SPL and fitImage sections
of i.MX8M flash.bin using CST. There are multiple DT properties which govern
the signing process, nxp,loader-address is the only mandatory one which sets
the SPL signature start address without the imx8mimage header, this should be
SPL text base. The key material can be configured using optional DT properties
nxp,srk-table, nxp,csf-crt, nxp,img-crt, all of which default the key material
names generated by CST tool scripts. The nxp,unlock property can be used to
unlock CAAM access in SPL section.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
With all files that had included this file directly having been updated,
we can now remove this file.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Fix a typo, no functional change.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
|
|
%s/arguemnts/arguemnts/
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Add new binman etype derived from mkimage etype which generates configuration
input file for mkimage -T imx8mimage, and runs the mkimage on input data. The
mkimage -T imx8mimage is used to generate combined image with SPL and DDR PHY
blobs which is bootable on i.MX8M.
The configuration file generated here is equivalent of imx8mimage.cfg, which
is the file passed to '$ mkimage -T imx8mimage -n imx8mimage.cfg ...' . The
settings generated into the imx8mimage.cfg file are configured via supported
binman DT properties, nxp,boot-from, nxp,loader-address, nxp,rom-version.
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
This is a trivial but significant optimization:
mkimage took >200ms (and 49489 writes (of which 49456 512)),
now it takes 110ms (and 419 writes (of which 386 64k)).
sendfile is much more appropriate for this and is done in one syscall,
but doesn't bring any significant speedups over 64k r/w
at the 13M size ranges, so there's no need to introduce
#if __linux__
while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0)
;
if(size != -1) {
ret = 0;
goto out;
}
#endif
Also extract the buffer size to a macro.
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
|
|
A recent refactoring in image-host.c messed up the return values of
the function that reads the encryptiong keys. This patch fixes this
and also makes sure that error output goes to stderr instead of to
stdout.
Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>
|
|
When there is a lint error the user gets the following cryptic message:
binman: Node '/path/to/some/node': Yamllint error: 18: comments
This isn't very helpful. Improve the message to tell the user that the
number is actually a line number and also tell the user in which file
they have to look.
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.
Add the debug extension and enable it by default.
Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
The str[] buffer declared in make_flamegraph() is used to hold strings
representing the full call-stacks recorded in traces. The size of this
buffer is currently 500 characters and this works well for the documented
examples.
However, it is possible to exhaust this buffer when processing traces
captured when running the UEFI shell on aarch64 sandbox for example.
Indeed, the maximum length needed for such traces can reach 780 characters.
As it is difficult to evaluate the maximum size that would ever be needed
for all the possible traces, let's use a dynamically allocated `abuf'
instead, which we reallocate when needed.
This fixes the following error:
String too short (500 chars)
While at it, fix a few typos in strings and comments.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
|
|
Open for reading as O_RDONLY instead of O_RDWR:
the only usage of the fd is for the single read() below;
this prevented
mkimage -f auto -A arm64 \
-T kernel -C lz4 -d Image-6.6.15.lz4 \
-b mt8173-elm-hana-6.6.15.dtb outf
when the inputs were unwritable.
Link: https://bugs.debian.org/1063097
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
|
|
Prepare v2024.04-rc5
|
|
The "Series-patchwork-url:" tag description says that it overrides the
settings file but doesn't specify the name of the setting. Elsewhere
in the documentation about the "useful" settings we see a setting that
sounds promising called "patchwork_server" that's actually not a valid
setting. It should be "patchwork_url".
Fix these problems so the doc is right and more useful.
Signed-off-by: Douglas Anderson <dianders@chromium.org>
|
|
This moves us to our latest container image, which is now based on the
current "Jammy" tag.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
In order to support the reset pytest on QEMU on m68k platforms we need
to grab this change from upstream.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Currently, llvm-17 is the stable release. Update our container and CI to
fetch and use that.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Bootgen is used in a binman test. The test is skipped without the binary.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
