Philippe Reynes <philippe.reynes@softathome.com> says:
This serie adds the support of sha256_hmac and sha256_hkdf.
A first version was sent several months ago just before the
integration of mbedtls. This new version is based on mbedtls.
The first patch of this serie add the support of hkdf
using mbedtls.
Link: https://lore.kernel.org/r/20241219130554.49825-1-philippe.reynes@softathome.com
The function sha256_csum_wd is defined in lib/sha256.c
and in lib/mbedtls/sha256.c. To avoid duplicating this
function (and future function), we move this function
to the file lib/sha256_common.c
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/renesas_spkgimage.h but this attribute is
already defined in linux/compiler_attributes.h.
So we include <linux/compiler_attributes.h.h>
and do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/kwbimage.h but this attribute is already
defined in linux/compiler_attributes.h. So we
include <linux/compiler_attributes.h.h> and
do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
When using qconfig.py to resync defconfig files and commit the result,
update it to say:
Resync all defconfig files using qconfig.py
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
When converting a U-Boot trace records file to ftrace function graph
format for use by trace-cmd ('proftool -f funcgraph dump-ftrace'), the
time associated to each function is incorrectly saved in microseconds
instead of nanoseconds. Multuply the value by 1000 to fix the issue.
With this change, the trace-cmd output looks consistent. Here is an
example with udelay(25) added to mem_malloc_init() as a test case:
$ ./tools/proftool -m System.map -t /tmp/trace.bin -f funcgraph \
dump-ftrace -o /tmp/trace.dat
$ trace-cmd report /tmp/trace.dat >/tmp/trace.log
$ vi /tmp/trace.log
[...]
u-boot-1 [000] 6.719659: funcgraph_entry: | mem_malloc_init() {
u-boot-1 [000] 6.719659: funcgraph_entry: | udelay() {
u-boot-1 [000] 6.719660: funcgraph_entry: | schedule() {
u-boot-1 [000] 6.719660: funcgraph_entry: | cyclic_run() {
u-boot-1 [000] 6.719660: funcgraph_entry: 1.000 us | cyclic_get_list();
u-boot-1 [000] 6.719661: funcgraph_exit: 1.000 us | }
u-boot-1 [000] 6.719661: funcgraph_exit: 1.000 us | }
u-boot-1 [000] 6.719661: funcgraph_entry: | __udelay() {
u-boot-1 [000] 6.719662: funcgraph_entry: 0.000 us | usec_to_tick();
u-boot-1 [000] 6.719687: funcgraph_exit: + 26.000 us | }
u-boot-1 [000] 6.719687: funcgraph_exit: + 28.000 us | }
u-boot-1 [000] 6.719687: funcgraph_entry: # 37971.000 us | memset();
u-boot-1 [000] 6.757658: funcgraph_exit: # 37999.000 us | }
u-boot-1 [000] 6.757658: funcgraph_exit: # 38000.000 us | }
In the above dump, the udelay() call is reported as taking 26 us which
is consistent with the timestamps (6.719687 - 6.719659 = 0.000026).
Without this patch we would have "0.026 us" instead of "+ 26.000 us".
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We should always look in our downloaded toolchains first and then for
host-provided toolchains.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We do not want to use the host toolchain for building our platforms in
CI (it is both too old, and would be inconsistent with our CI
practices). To do this we need to set the toolchain-prefix so that we
don't end up guessing "/opt/.../aarch64-linux-aarch64-linux-" as the
prefix.
Link: https://source.denx.de/u-boot/custodians/u-boot-dm/-/issues/32
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove the rest of the places where we hard-code the version of the
toolchain we're using.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The xtensa architecture is interesting in that the platforms we support
are only valid on the binary-only toolchains as the DC233C instruction
set requires those toolchains (and not the FSF instruction set). Only
install the binary toolchain on amd64 hosts and only run the tests on
them as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There have been a few changes to the areas that this file documents
without having regenerated the file. Do so now.
Signed-off-by: Tom Rini <trini@konsulko.com>
When specifying a directory containing DTBs with 'fit,fdt-list-dir', it can be
handy not to have to also specify this directory to the input directories of
binman with '-I' option and use the method tools.append_input_dirs() append it.
This avoids to have to specify the DTB directory in both the device tree
provided to binman and through '-I' option to binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
append_input_dirs() can be used to append a list of input directories to indir
global list.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
An optional list of input directories can be passed to EnsureCompiled() which
allows to pass a list of directories where input files can be searched.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage can be used for both signing the FIT or encrypt its content and the
option '-k' can be used to pass a directory where both signing and encryption
keys can be retrieved. Adding 'fit,encrypt' property to the 'fit' node, leads to
try to find keys directory among binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Refactor the code to support downloading toolchains for arm64 as well as
x86_64
There doesn't seem to be an xtensa toolchain for arm64 at the same
location, so download that only on x86
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Fix a warning due to the syntax used for PYTHONPATH:
LegacyKeyValueFormat: "ENV key=value" should be used instead of
legacy "ENV key value" format (line 304)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
We no longer need to install libc6-i386 so we can drop that. Switch to
installing linux-image-generic as that will be available on all hosts,
to provide the /boot/vmlinu* file that's requires for various tools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add instructions on how to build the file for multiple architectures.
Add a message indicating what is happening.
Update the documentation as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Instead of deleting /var/lib/apt/lists after each relevant RUN line, use
a cache mount as is the current best practices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
For consistency now, and future ease of testing with non-amd64 hosts,
build grub for all architectures rather than relying on host binaries
for i386/x86_64.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The current release of grub is 2.12 and it will be good to pick this up
now so that we can update other parts of our stack.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
We had a few places that were not using "make -j$(nproc)" but instead
just plain "make" and so slowing down the overall build.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Add in the x86_64 toolchain, but do not enforce using it for sandbox.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
when building U-Boot on imx8qxp and the board port uses
SPL, U-boot build shows
WARNING '.../spl/u-boot-spl.bin' not found, resulting binary is not-functional
This is because U-Boot binary is build first and Makefile
calls script imx_cntr_image.sh which checks if files
exists... but of course as spl is not yet build the
file `spl/u-boot-spl.bin` does not exist yet, so prevent
this warning.
Signed-off-by: Heiko Schocher <hs@denx.de>
Improve error message "header tag mismatched"
Add filename to error message to see, which file
is wrong.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Simon Glass <sjg@chromium.org> says:
This series updates buildman to process #include lines in defconfig
files. With this, it is no-longer necessary to duplicate lines certain
lines from the include-file in the defconfig, e.g. CONFIG_ARM and
CONFIG_SOC_...
Link: https://lore.kernel.org/r/20241108152350.3686274-1-sjg@chromium.org
This is used by some boards in U-Boot and is a convenient way to deal
with common settings where using a Kconfig files is not desirable.
Detect #include files and process them as if they were part of the
original file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: https://source.denx.de/u-boot/custodians/u-boot-dm/-/issues/30
This code is tested by test_scan_defconfigs() but it is useful to have
some specific tests for the KconfigScanner's operation in U-Boot. Add
a test which checks that the values are obtained correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/23262
- Improve imx9 boot medium autodection.
- Add possibility to skip DCD on i.MX8.
- Switch to using upstream DT on DH i.MX6 DHCOM.
- Add support for i.MX6DL DHCOM SoM on PDK2 carrier board.
- Handle FIELD_RETURN on i.MX HAB.
Currently U-Boot always adds DCD Image to boot container.
On imx8qxp SoC it is possible to init RAM from within SCFW,
and adding a DCD image type to the boot container in this case
breaks booting (No debug output anymore from SCFW! Nor any
output from SPL), so we need to configure a dcd skip somehow.
This patch adds a new imx8image_cmd entry CMD_DCD_SKIP and a
new entry in imximage.cfg "DCD_SKIP". If set to "true"
no DCD image type will be added to the container.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
For printing a ssize_t variable we must use %zd and not %ld to avoid
a -Wformat error on 32-bit systems.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Loading flash.bin using uuu fails when flash.bin does not have the
right size.
When flash.bin is loaded from some storage medium (sd card/emmc), SPL
just loads some random garbage bytes from beyond what has been
populated when flash.bin was written, but when loaded via uuu, SPL
hangs waiting for the host to send the expected number of bytes. Which
is (size of FIT image aligned to 0x1000)+CONFIG_CSF_SIZE. The
alignment to 0x1000 is already done and is necessary in all cases
because that's the exact expected location of the 32 byte IVT
header. But the IVT+CSF blob tacked onto the end must be a total of
CONFIG_CSF_SIZE.
This is exactly the same fix as 89f19f45d650, except that this time
around I don't know how to cleanly get CONFIG_CSF_SIZE.
Fixes: bc6beae7c55f (binman: Add nxp_imx8mcst etype for i.MX8M flash.bin signing)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Tested-by: Heiko Schocher <hs@denx.de>
In v2024.10, "make envtools" is broken for at least these defconfigs:
am335x_evm_defconfig
rpi_3_defconfig
rpi_4_defconfig
mx7dsabresd_defconfig
wandboard_defconfig
imx8mp_evk_defconfig
The only defconfig we use for which it is not broken is
stm32mp13_defconfig. They all work just fine in v2024.07.
The symptoms are slightly different, but all related to the fact that
some transitively included header uses IS_ENABLED or CONFIG_IS_ENABLED
without linux/kconfig.h having already been included.
A simple git bisect doesn't produce anything sensible, it ends up at
3a9f642ca94 (crypto: nuvoton: npcm_sha: Support SHA 384/512) which
clearly has nothing to do with this. But digging deeper, one
eventually finds 0f92fa45603 ("env: Remove <common.h> and add needed
includes").
So at first I tried adding "#include <linux/kconfig.h>" in
include/env_default.h and include/env_flags.h. That fixes it for some,
but not all, of the above. For example rpi_3_defconfig still fails,
then in log.h complaining about BIT() and u8 not being defined. At
least BIT() is should have gotten from bitops.h, except that that's
behind ifdef __KERNEL__, so not set for the envtools build.
It turns out that the envtools source code in fw_env_private.h already
has some hackery to deal with all this, in the form of the __ASSEMBLY__
games it plays before including config.h. It seems that if we just
make sure to do that include early enough, so that config.h is indeed
parsed with that __ASSEMBLY__ hackery in place, everything builds
fine.
Fixes: 0f92fa45603 ("env: Remove <common.h> and add needed includes")
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Chia-Wei Wang <chiawei_wang@aspeedtech.com> says:
Aspeed AST2700 SoCs integrates the Caliptra secure IP, where an ECDSA384
signature verification HW interface is exported for SoC crypto needs.
This patch series firstly extends the FIT image signing/verify common
code to support the ECDSA384 algorithm. For better convenience, the
device tree for ECDSA public key storage is also revised by referring
to RSA implementations.
After the FIT common code revision, the driver is implemented for
AST2700 to leverage the Caliptra ECDSA384 signature verification.
These are verified by signed FIT images with the algorithm "sha384,ecdsa384".
Link: https://lore.kernel.org/r/20241014095620.216936-1-chiawei_wang@aspeedtech.com
Add ECDSA384 algorithm support for image signing and verification.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>