Add a comment about this entry type being expanded, to match the comment
for SPL and TPL. Drop an unwanted line in the SPL and TPL docs while
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
When an entry is compressed, write the compressed contents to a file so
that it is possible to see what was produced. This aids debugging with
new images.
Signed-off-by: Simon Glass <sjg@chromium.org>
When symbol-writing does not appear to work, it can sometimes be hard to
figure out what is going on. Add some more debugging to help.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update to a newer version of this tool, 4.22.01. This runs OK with the
current binman tests and matches the one in CI.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
This cannot ever go at offset 0 since the descriptor is there. Use a
better offset for the ME, as used by link and coral, for example.
This matters when we start using assumed sizes for missing blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Binman has a the useful feature of handling missing external blobs
gracefully, including allowing them to be missing, deciding whether the
resulting image is functional or not and faking blobs when this is
necessary for particular tools (e.g. mkimage).
This feature is widely used in CI. One drawback is that if U-Boot grows
too large to fit along with the required blobs, then this is not
discovered until someone does a 'real' build which includes the blobs.
Add a 'assume-size' property to entries to allow Binman to reserve a
given size for missing external blobs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Correct formatting errors in the documentation.
Regenerate the entries.rst file to include this recent addition.
Signed-off-by: Simon Glass <sjg@chromium.org>
Regenerate the entries.rst file to include this recent addition.
Note that more docs are needed here, to actually describe the entry
type.
Note also that the entry type needs Binman tests added.
Signed-off-by: Simon Glass <sjg@chromium.org>
Somehow the class documentation has got out of sync with the generated
entries.rst file. Regenerating it causes errors, so correct these and
regenerate the entries.rst file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 809f28e7213 ("binman: capsule: Use dumped capsule header...")
The methods `unittest.assertEquals()` and
`unittest.assertRegexpMatches()` are marked deprecated[1].
In Python 3.12 these aliases have been removed, so do a sed to replace
them with their new names.
[1] https://docs.python.org/3.11/library/unittest.html#deprecated-aliases
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
CC: Simon Glass <sjg@chromium.org>
CC: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add new binman etype which allows signing both the SPL and fitImage sections
of i.MX8M flash.bin using CST. There are multiple DT properties which govern
the signing process, nxp,loader-address is the only mandatory one which sets
the SPL signature start address without the imx8mimage header, this should be
SPL text base. The key material can be configured using optional DT properties
nxp,srk-table, nxp,csf-crt, nxp,img-crt, all of which default the key material
names generated by CST tool scripts. The nxp,unlock property can be used to
unlock CAAM access in SPL section.
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add new binman etype derived from mkimage etype which generates configuration
input file for mkimage -T imx8mimage, and runs the mkimage on input data. The
mkimage -T imx8mimage is used to generate combined image with SPL and DDR PHY
blobs which is bootable on i.MX8M.
The configuration file generated here is equivalent of imx8mimage.cfg, which
is the file passed to '$ mkimage -T imx8mimage -n imx8mimage.cfg ...' . The
settings generated into the imx8mimage.cfg file are configured via supported
binman DT properties, nxp,boot-from, nxp,loader-address, nxp,rom-version.
Signed-off-by: Marek Vasut <marex@denx.de>
When there is a lint error the user gets the following cryptic message:
binman: Node '/path/to/some/node': Yamllint error: 18: comments
This isn't very helpful. Improve the message to tell the user that the
number is actually a line number and also tell the user in which file
they have to look.
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Suggested-by: Nishanth Menon <nm@ti.com>
Manorit Chawdhry <m-chawdhry@ti.com> says:
K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle.
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/4cead2fb3a19eb5d19005b3f54682627
CICD Run: https://github.com/u-boot/u-boot/pull/442
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Pytest 7.4.3 complains if a variable is used in a finally clause without
having been initialized before the try clause.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
old_val can only be assumed initialized in the finally block
if it is assigned a value before the try statement.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
K3 devices introduces the concept of centralized power, resource and
security management to System Firmware. This is to overcome challenges
by the traditional approach that implements system control functions on
each of the processing units.
The software interface for System Firmware is split into TIFS and DM. DM
(Device Manager) is responsible for resource and power management from
secure and non-secure hosts. This additional binary is necessary for
specific platforms' ROM boot images and is to be packaged into tispl.bin
Add an entry for DM. The entry can be used for the packaging of
tispl.bin by binman along with ATF and TEE.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
A new release has been done with this version, so update it. Use the
version numbers in dependencies also.
Signed-off-by: Simon Glass <sjg@chromium.org>
Title underlines should match the length of the title. Unfortunately
docutils only catches underlines that are too short.
Add some missing empty lines after titles.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
cbfsutil completely changed the way that stages are formatted in CBFS.
Adjust the binman implementation to do the same.
This mirrors commit 81dc20e744 in coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
cbfsutil changed to 4-byte alignment for filenames instead of 16.
Adjust the binman implementation to do the same.
This mirrors commit 5779ca718c in coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
cbfsutil changed to write zero bytes instead of 0xff when a small
padding must be added. Adjust the binman implementation to do the same.
Drop the code which looks for an unused attribute tag, since it is not
used. A future patch moves the attributes to the end of the header in
any case, so no data will follow the attributes.
This mirrors commit f0cc7adb2f in coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
cbfsutil changed to skip adding a compression attribute if there is no
compression. Adjust the binman implementation to do the same.
This mirrors commit 105cdf5625 in coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
For tests which fake bintools being missing, we need to reset the list
afterwards, to ensure that future tests do not also see the bintools as
missing.
Reset the list when processing is complete.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Add support in binman for generating EFI empty capsules. These
capsules are used in the FWU A/B update feature. Also add test cases
in binman for the corresponding code coverage.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a method to the mkeficapsule bintool to generate empty
capsules. These are capsules needed for the FWU A/B update feature.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The various fields of a generated capsule are currently verified
through hard-coded offsets. Use the dump-capsule feature for dumping
the capsule header contents and use those for capsule verification.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The #address-cells and #size-cells are not needed for running the
capsule generation binman tests. Remove the superfluous properties.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The argument type of `build_from_git` was changed from string to list
in d71e7116997f14097735f04cc7847f0a68dbc485.
This commit adapts the argument type of all bintools using this
function.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Reproduct warning:
$ git clean -dfx
$ make CROSS_COMPILE="" qemu-x86_64_defconfig
$ make -j8
...
u-boot/tools/binman/etype/section.py:25:
SyntaxWarning: invalid escape sequence '\('
"""Entry that contains other entries
Signed-off-by: Rong Tao <rongtao@cestc.cn>
Move BinmanLogging reference tag after section "Signing FIT container
with private key in an image" and just before section "Logging".
Fixes: 0f40e23fd22 ("binman: add documentation for binman sign option")
Signed-off-by: Massimo Pegorer <massimo.pegorer+oss@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
