Due to a bug in the H3 SoC, where the CPU 0 hotplug flag cannot be
written, resuming CPU 0 requires using the "Super Standby" code path in
the BROM instead of the hotplug path. This path requires jumping to an
eGON image in SRAM.
This resume image, whose single purpose is to jump back to the secure
monitor, only needs to contain a single instruction. Padding the image
to 8 KiB would be wasteful of SRAM. Hook up the -B (block size) option
so users can set the block/padding size.
Series-to: sunxi
Signed-off-by: Samuel Holland <samuel@sholland.org>
TOC1 is an container format used by Allwinner's boot0 that can hold
multiple images. It supports encryption and signatures, but that
functionality is not implemented, only the basic "non-secure" subset.
A config file is used to provide the list of data files to include. Its
path is passed as the argument to "-d". It contains sections of the
following form:
[name]
file = /path/to/file
addr = 0x12345678
Specific well-known names, such as "dtb", "opensbi", and "u-boot", are
used by the bootloader to distinguish the items inside the image.
Cover-letter:
tools: mkimage: Add Allwinner TOC1 support
The SPL port for the Allwinner D1 RISC-V SoC will probably take a while
longer than porting U-Boot proper, as none of the relevant drivers are
set up for DM in SPL. In the meantime, we are using[1][2] a fork[3] of
Allwinner's boot0 loader, which they also call "spl" in their BSP. boot0
uses this TOC1 image format.
The vendor tools for generating TOC1 images require a binary config file
generated by their FEX compiler. Instead of trying to support that, I
made up a simple human-readable config file format. I didn't see any
existing platform-agnostic parser for multi-image containers in mkimage.
I am sending this as RFC because it is only of temporary/limited use.
It only works with one specific fork of boot0 which was modified to
"behave" (the the original vendor version monkey-patches a custom header
inside the U-Boot image during boot). So it will be obsolete once U-Boot
SPL is ported. And it is Yet Another Image Format. On the other hand, it
does work, and it is currently being used.
[1]: https://linux-sunxi.org/Allwinner_Nezha#U-Boot
[2]: https://fedoraproject.org/wiki/Architectures/RISC-V/Allwinner
[3]: https://github.com/smaeul/sun20i_d1_spl
END
Series-prefix: RFC
Series-to: sunxi
Signed-off-by: Samuel Holland <samuel@sholland.org>
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Series-changes: 2
- Moved certificate and key item structures out of sunxi_image.h
- Renamed "main" and "item" variables for clarity
- Improved error messages, and added a hint about key generation
- Added a comment explaining the purpose of the various key files
- Mentioned testing this code on A50 in the commit message
Series-changes: 3
- Removed TOOLS_LIBCRYPTO selection for sunxi, since most boards
do not need it
- Added __packed to all new "ABI" structs
- Added entry to MAINTAINERS for sunxi tools
Signed-off-by: Samuel Holland <samuel@sholland.org>
Some image types (kwbimage and mxsimage) always depend on OpenSSL, so
they can only be included in mkimage when TOOLS_LIBCRYPTO is selected.
Use Makefile logic to conditionally link the files.
Series-changes: 2
- Refactored the first patch on top of TOOLS_LIBCRYPTO
Series-changes: 3
- Selected TOOLS_LIBCRYPTO on all platforms that use kwbimage (as best
as I can tell, using the suggestions from Pali Rohár)
Series-changes: 4
- Do not select TOOLS_LIBCRYPTO anywhere
Patch-cc: Jernej Skrabec <jernej.skrabec@gmail.com>
Series-cc: Alex G. <mr.nuke.me@gmail.com>
Series-cc: Pali Rohár <pali@kernel.org>
Signed-off-by: Samuel Holland <samuel@sholland.org>
There's now a sun20i family in sunxi, which uses RISC-V CPU.
Add support for making eGON.BT0 image for RISC-V.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Refactor some functions in mkimage sunxi_egon type, in order to prepare
for adding support for more CPU architectures (e.g. RISC-V). In
addition, compatibility for operation w/o specified architecture is
kept, in this case the architecture is assumed as ARM.
Series-changes: 3
- Factor out an egon_get_arch() function as suggested by Andre
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Samuel Holland <samuel@sholland.org>
The sunxi_egon type used to take no -A argument (because we assume sunxi
targets are all ARM). However, as Allwinner D1 appears as the first
RISC-V sunxi target, we need to support -A; in addition, as external
projects rely on U-Boot mkimage to generate sunxi eGON.BT0 header, we
need to keep compatibility with command line without -A.
As the default value of arch in mkimage is not proper (IH_ARCH_PPC
instead of IH_ARCH_INVALID), to keep more compatibility, add an Aflag
field to image parameters to describe whether an architecture is
explicitly specified.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, if the "offset" property is given for an entry, the section's
running offset is completely ignored. This causes entries to overlap if
the provided offset is less than the size of the entries earlier in the
section. Avoid the overlap by only using the provided offset when it is
greater than the running offset.
The motivation for this change is the rule used by SPL to find U-Boot on
sunxi boards: U-Boot starts 32 KiB after the start of SPL, unless SPL is
larger than 32 KiB, in which case U-Boot immediately follows SPL.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Cap end of relocations by the binary size.
Linkers like to insert some auxiliary sections between .rela.dyn and
.bss_start. These sections don't make their way to the final binary, but
reloc_rela still tries to relocate them, resulting in attempted read
past the end of file.
When linking U-Boot with ld.lld, the STATIC_RELA feature (enabled by
default on arm64) breaks the build. After this patch, U-Boot can be
linked successfully with and without CONFIG_STATIC_RELA.
Originally-from: Elena Petrova <lenaptr@google.com>
Signed-off-by: Alistair Delva <adelva@google.com>
Cc: David Brazdil <dbrazdil@google.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Tom Rini <trini@konsulko.com>
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool
swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
WIth EFI we must embed the devicetree in an ELF image so that it is loaded
as part of the executable file. We want it to include the binman
definition in there also, which in some cases cannot be created until the
ELF (u-boot) is built. Add an option to binman to support writing the
updated dtb to the ELF file u-boot.out
This is useful with the EFI app, which is always packaged as an ELF file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman needs to be able to update the contents of an ELF file after it has
been build. To support this, add a function to locate the position of a
symbol's contents within the file.
Fix the comments on bss_data.c and Symbol while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present any error from the 'make' command is silently swallowed by the
test system. Fix this by showing it when detected.
Signed-off-by: Simon Glass <sjg@chromium.org>
The Exception base class is a very vague and could be confusing to the
test system. Use the more specific ValueError exception instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Field srcaddr in kwbimage v0 needs to be adjusted similarly like in v1.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Kwbimage v0 has similar alignment requirements as v1.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Fill the real header size without padding into the main header
This allows to reduce final image when converting image to another format
which does not need additional padding.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Currently kwbimage header is always aligned to 4096 bytes. But it does not
have to be aligned to such a high value.
The header needs to be just 4-byte aligned, while some image types have
additional alignment restrictions.
This change reduces size of kwbimage binaries by removing extra padding
between header and data part.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This change allows to convert image from one format to another without need
to include unnecessary padding (e.g. when target image format has smaller
alignment requirement as source image format).
Do it by storing real image data size without padding to the kwbimage
header.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
xmodem block size is 128 bytes, therefore it is possible to transfer only
images with size multiple of 128 bytes. kwboot automatically pads image
with zero bytes at the end to align it to 128 bytes boundary.
Do this padding when generating image to allow uploading with other xmodem
tools or older kwboot versions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
There are more unused enums and function prototypes. Remove them. The
function kwbimage_check_params() does not return enum kwbimage_cmd_types,
but a boolean value returned as int.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
kwbimage v0 sldo has 32-bit data checksum at the end like kwbimage v1.
Use same data checksum validation for both v0 and v1 image types.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
kwbimage must have valid blockid member instead of zero value. Thus if
config file does not contain BOOT_FROM command, use by default the value
for SPI booting (which is probably the most common).
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
For documentation purposes update struct main_hdr_v0 to include information
where version of the image must be stored. For kwbimage v0 it obviously
must be 0. By default all image header memory is initialized to zero,
therefore this change has no functional effect.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
These two commands allow to specify custom setting of UART port used for
printing BootROM messages.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
It is useful to see kwboot version in the boot log output for debugging
purposes.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Properly calculate and align image header size to xmodem block size.
Kirkwood v0 images do not have stored total size of header in header
structure itself like it is for v1 images. So kwbheader_size() calculates
size by traversing image structure itself. Aligning is done in kwboot by
putting zero padding bytes between the header and data part.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
After successful transfer of whole image only two things can happen:
- BootROM starts execution of data block, which changes UART baudrate
back to 115200 Bd,
- board crashes and causes CPU reset
In both cases UART baudrate is reset to the default speed. So there is
no need to send special magic sequence to inform kwboot that baudrate is
going to be reset and kwboot does not need to wait for this event and
can do it immediately after BootROM acknowledges end of xmodem transfer.
Move ARM code for sending magic sequence from main baudrate change
section to binhdr_pre section which is executed only before changing
baudrate from the default value of 115200 Bd to some new value. Remove
kwboot code waiting for magic sequence after successful xmodem transfer.
Rationale: sometimes when using very high UART speeds, magic sequence is
damaged and kwboot fails at this last stage. Removal of this magic
sequence makes booting more stable.
Data transfer protocol (xmodem) is using checksums and retransmit, so it
already deals with possible errors on transfer line.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The ARM code we inject into the image to change baudrate back to the
default value of 115200 Baud, which is run after successful UART transfer
of the whole image, cannot use stack as at this stage stack pointer is not
initialized yet.
Stack can only be used when BootROM is executing binary header, to
preserve state of registers, since BootROM expects that.
Change the ARM baudrate code to not use stack at all and put binary
header specific pre + post code (which stores and restores registers) into
separate arrays.
The baudrate change code now jumps at it's end and expects that there is
either code which returns to the BootROM or jumps to the original exec
address.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Older Armada SoCs have custom ARMv5te compatible core which does not
support movt instruction. So replace mov + movt instruction pair used for
immediate move construction by mov + orr instructions which are supported
also by ARMv5te.
After this change kwboot ARM code should be compatible with any 32-bit ARM
core compatible by ARMv2 or new. At least GNU AS does not throw any error
or warning.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Increase loop cycles from 600000 to 2998272, which should increase delay
from 1ms to about 5ms on 1200 MHz CPU.
The Number 2998272 was chosen as the nearest value around 3000000 which can
be encoded into one ARM mov instruction. It avoids usage of movt instruction
which is not supported by ARMv5te cores.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Kwboot puts each xmodem packet to kernel queue, then waits until all bytes
of that packet are transmitted over UART and then waits for xmodem reply
until it is received into kernel queue.
If some reply is received during the time we are waiting until all bytes
are transmitted, then kernel puts them into the queue and returns it to
kwboot in next read() call.
So there is no need to wait (with tcdrain() function) until all bytes from
xmodem packet are transmitted over UART, since any reply received either
during that time or after is returned to kwboot with the next read().
Therefore do not call tcdrain() after each xmodem packet sent. Instead
directly wait for any reply after putting xmodem packet into write kernel
queue.
This change could speed up xmodem transfer in case tcdrain() function waits
for a longer time.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
After the trasfer of last header packet, it is possible that baudrate
change pattern is received, and also that NAK byte is received so that
the packet should be sent again.
Thus we should not clear the baudrate change state when sending retry
of that packet.
Move code for initializing state variables from kwboot_xm_recv_reply()
to kwboot_xm_sendblock().
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Currently when kwboot receive some garbage reply which does not understand,
it waits 1s before it tries to resend packet again.
The most common error on UART is that receiver sees some bit flipped which
results in invalid reply.
This behavior slows down xmodem transfer over UART as basically on every
error kwboot is waiting one second.
To fix this, try to resend xmodem packet for first 3 attempts immediately
without any delay. If broken reply is received also after the 3 attempts,
continue retrying with 1s delay like it was before.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This patch does not change behavior of the code, just allows to implement
new changes more easily.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Size of the header stored in kwbimage may be larger than real used size in
the kwbimage header. If there is unused space in kwbimage header then use
it for growing it. So update code to calculate used space of kwbimage
header.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This ensures that kwboot_img_grow_hdr() function still sees valid kwbimage
header.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Expression (hdrsz % KWBOOT_XM_BLKSZ) is non-zero therefore expression
(KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) is always less than value
KWBOOT_XM_BLKSZ. So there is no need to add another modulo. Also rename
variable `offset` to `grow` which better describes what is stored in
this variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
It is hard to debug why kwboot is failing when the last message is
'Finishing transfer' and no additional output. So show verbose message when
kwboot finished transfer and is waiting for baudrate change magic sequence.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
For kwbimage v1, tell BootROM to send BootROM messages to UART port number
0 (used also for UART booting) with default baudrate (which should be
115200) and do not touch UART MPP configuration.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
If data part of image is modified, update 4-byte data checksum.
It looks like A385 BootROM does not verify this checksum for image
loaded via UART, but we do not know if other BootROMs are also ignoring
it. It is always better to provide correct checksum.
Signed-off-by: Pali Rohár <pali@kernel.org>
[ refactored ]
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Some vendor U-Boot kwbimage binaries (e.g. those for A375) have load
address set to zero. Therefore it is not possible to inject code which
changes baudrate back to 115200 Bd before the data part.
So instead inject it after the data part and change kwbimage execution
address to that offset. Also store original execution address into
baudrate change code, so after it changes baudrate back to 115200 Bd, it
can jump to orignal address.
Signed-off-by: Pali Rohár <pali@kernel.org>
[ refactored ]
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Data part of the image contains 4-byte checksum. Validate it when
processing the image.
Signed-off-by: Pali Rohár <pali@kernel.org>
[ refactored ]
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
