TOC1 is an container format used by Allwinner's boot0 that can hold
multiple images. It supports encryption and signatures, but that
functionality is not implemented, only the basic "non-secure" subset.
A config file is used to provide the list of data files to include. Its
path is passed as the argument to "-d". It contains sections of the
following form:
[name]
file = /path/to/file
addr = 0x12345678
Specific well-known names, such as "dtb", "opensbi", and "u-boot", are
used by the bootloader to distinguish the items inside the image.
Cover-letter:
tools: mkimage: Add Allwinner TOC1 support
The SPL port for the Allwinner D1 RISC-V SoC will probably take a while
longer than porting U-Boot proper, as none of the relevant drivers are
set up for DM in SPL. In the meantime, we are using[1][2] a fork[3] of
Allwinner's boot0 loader, which they also call "spl" in their BSP. boot0
uses this TOC1 image format.
The vendor tools for generating TOC1 images require a binary config file
generated by their FEX compiler. Instead of trying to support that, I
made up a simple human-readable config file format. I didn't see any
existing platform-agnostic parser for multi-image containers in mkimage.
I am sending this as RFC because it is only of temporary/limited use.
It only works with one specific fork of boot0 which was modified to
"behave" (the the original vendor version monkey-patches a custom header
inside the U-Boot image during boot). So it will be obsolete once U-Boot
SPL is ported. And it is Yet Another Image Format. On the other hand, it
does work, and it is currently being used.
[1]: https://linux-sunxi.org/Allwinner_Nezha#U-Boot
[2]: https://fedoraproject.org/wiki/Architectures/RISC-V/Allwinner
[3]: https://github.com/smaeul/sun20i_d1_spl
END
Series-prefix: RFC
Series-to: sunxi
Signed-off-by: Samuel Holland <samuel@sholland.org>
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Series-changes: 2
- Moved certificate and key item structures out of sunxi_image.h
- Renamed "main" and "item" variables for clarity
- Improved error messages, and added a hint about key generation
- Added a comment explaining the purpose of the various key files
- Mentioned testing this code on A50 in the commit message
Series-changes: 3
- Removed TOOLS_LIBCRYPTO selection for sunxi, since most boards
do not need it
- Added __packed to all new "ABI" structs
- Added entry to MAINTAINERS for sunxi tools
Signed-off-by: Samuel Holland <samuel@sholland.org>
Compiler is not happy:
common/image-board.c: In function ‘boot_get_kbd’:
common/image-board.c:902:17: warning: implicit declaration of function ‘do_bdinfo’ [-Wimplicit-function-declaration]
902 | do_bdinfo(NULL, 0, 0, NULL);
| ^~~~~~~~~
Move the forward declaration to a header.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The last board that used to set CONFIG_LYNXKDI has been removed in
commit 242836a893ae ("powerpc: ppc4xx: remove pcs440ep support"),
doc/README.lynxkdi only talks about a MPC8260 board being supported,
and the mpc8260 support has been removed four years ago in commit
2eb48ff7a210d ("powerpc, 8260: remove support for mpc8260") already,
and common/lynxkdi.c only consists of an "#error" statement these
days, so it seems like the LYNX KDI code is dead code nowadays.
Let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
