With all files that had included this file directly having been updated,
we can now remove this file.

Signed-off-by: Tom Rini <trini@konsulko.com>

Marek Vasut authored 10 months ago and Tom Rini committed 10 months ago

Fix a typo, no functional change.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>

Heinrich Schuchardt authored 11 months ago and Tom Rini committed 10 months ago

%s/arguemnts/arguemnts/

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Add new binman etype derived from mkimage etype which generates configuration
input file for mkimage -T imx8mimage, and runs the mkimage on input data. The
mkimage -T imx8mimage is used to generate combined image with SPL and DDR PHY
blobs which is bootable on i.MX8M.

The configuration file generated here is equivalent of imx8mimage.cfg, which
is the file passed to '$ mkimage -T imx8mimage -n imx8mimage.cfg ...' . The
settings generated into the imx8mimage.cfg file are configured via supported
binman DT properties, nxp,boot-from, nxp,loader-address, nxp,rom-version.

Signed-off-by: Marek Vasut <marex@denx.de>

Ahelenia Ziemiańska authored 11 months ago and Tom Rini committed 11 months ago

This is a trivial but significant optimization:
mkimage took >200ms (and 49489 writes (of which 49456 512)),
now it takes  110ms (and   419 writes (of which   386 64k)).

sendfile is much more appropriate for this and is done in one syscall,
but doesn't bring any significant speedups over 64k r/w
at the 13M size ranges, so there's no need to introduce
	#if __linux__
	while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0)
		;
	if(size != -1) {
		ret = 0;
		goto out;
	}
	#endif

Also extract the buffer size to a macro.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>

Hugo Cornelis authored 1 year ago and Tom Rini committed 11 months ago

A recent refactoring in image-host.c messed up the return values of
the function that reads the encryptiong keys.  This patch fixes this
and also makes sure that error output goes to stderr instead of to
stdout.

Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>

Michael Walle authored 11 months ago and Tom Rini committed 11 months ago

When there is a lint error the user gets the following cryptic message:

  binman: Node '/path/to/some/node': Yamllint error: 18: comments

This isn't very helpful. Improve the message to tell the user that the
number is actually a line number and also tell the user in which file
they have to look.

Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>

Manorit Chawdhry authored 11 months ago and Tom Rini committed 11 months ago

To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.

Add the debug extension and enable it by default.

Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext


Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>

Vincent Stehlé authored 11 months ago and Tom Rini committed 11 months ago

The str[] buffer declared in make_flamegraph() is used to hold strings
representing the full call-stacks recorded in traces. The size of this
buffer is currently 500 characters and this works well for the documented
examples.

However, it is possible to exhaust this buffer when processing traces
captured when running the UEFI shell on aarch64 sandbox for example.
Indeed, the maximum length needed for such traces can reach 780 characters.

As it is difficult to evaluate the maximum size that would ever be needed
for all the possible traces, let's use a dynamically allocated `abuf'
instead, which we reallocate when needed.

This fixes the following error:

  String too short (500 chars)

While at it, fix a few typos in strings and comments.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>

Ahelenia Ziemiańska authored 1 year ago and Tom Rini committed 11 months ago

Open for reading as O_RDONLY instead of O_RDWR:
the only usage of the fd is for the single read() below;
this prevented
	mkimage -f auto -A arm64 \
		-T kernel -C lz4 -d Image-6.6.15.lz4 \
		-b mt8173-elm-hana-6.6.15.dtb outf
when the inputs were unwritable.

Link: https://bugs.debian.org/1063097


Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>

Douglas Anderson authored 1 year ago and Heinrich Schuchardt committed 1 year ago

The "Series-patchwork-url:" tag description says that it overrides the
settings file but doesn't specify the name of the setting. Elsewhere
in the documentation about the "useful" settings we see a setting that
sounds promising called "patchwork_server" that's actually not a valid
setting. It should be "patchwork_url".

Fix these problems so the doc is right and more useful.

Signed-off-by: Douglas Anderson <dianders@chromium.org>

This moves us to our latest container image, which is now based on the
current "Jammy" tag.

Signed-off-by: Tom Rini <trini@konsulko.com>

In order to support the reset pytest on QEMU on m68k platforms we need
to grab this change from upstream.

Signed-off-by: Tom Rini <trini@konsulko.com>

Currently, llvm-17 is the stable release. Update our container and CI to
fetch and use that.

Signed-off-by: Tom Rini <trini@konsulko.com>

Heinrich Schuchardt authored 1 year ago and Tom Rini committed 1 year ago

Bootgen is used in a binman test. The test is skipped without the binary.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Heinrich Schuchardt authored 1 year ago and Tom Rini committed 1 year ago

Fiptool is used in a binman test. The test is skipped without the binary.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

If the optional `tee.bin` OP-TEE binary is missing, the image will still be
functional. Adapt the warning message accordingly.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

Heinrich Schuchardt authored 1 year ago and Tom Rini committed 1 year ago

\s is not a valid escape sequence in strings.
Mark regular expressions with r''.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

This moves us to our latest container image, which is now based on the
current "Jammy" tag.

Signed-off-by: Tom Rini <trini@konsulko.com>

To make CI runs rely less on external servers, build a coreboot release
from source and populate /opt/coreboot with the output.

Signed-off-by: Tom Rini <trini@konsulko.com>

Jesse Taube authored 1 year ago and Fabio Estevam committed 1 year ago

Modify imx8m Flex SPI Configuration Block to work with imxrt.
Add more Flex SPI configuration options to Kconfig.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Tested-by:  Adam Ford <aford173@gmail.com> #imx8mn-beacon

Quentin Schulz authored 1 year ago and Tom Rini committed 1 year ago

SafeConfigParser was renamed back in Python 3.2 (yes, no typo) to
ConfigParser[1], but it was still working as an alias until it got
removed in 3.12[2].

[1] https://docs.python.org/3.8/whatsnew/3.2.html#configparser
[2] https://github.com/python/cpython/pull/92503



Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>

As we have had this file for a while now, we should include installing
and populating our pip cache from here as well.

Signed-off-by: Tom Rini <trini@konsulko.com>

Hugo Cornelis authored 1 year ago and Tom Rini committed 1 year ago

This patch adds a function fit_image_read_key_iv_data that checks the
return value of snprintf and allows to generate a sensible error
message when generating binary images using filenames that are too
long for the OS to handle.

This is especially relevant for automated builds such as Buildroot and
Yocto builds.

Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>

Neha Malcom Francis authored 1 year ago and Tom Rini committed 1 year ago

Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Suggested-by: Nishanth Menon <nm@ti.com>

Move to the latest "Jammy" tag from Ubuntu.

Signed-off-by: Tom Rini <trini@konsulko.com>

Heinrich Schuchardt authored 1 year ago and Tom Rini committed 1 year ago

ACPI support for RISC-V requires a recent QEMU.

Upgrade the used QEMU to v8.2.0.

QEMU commit 0c7ffc977195 ("hw/net: cadence_gem: Fix MDIO_OP_xxx values")
is needed to fix the Ethernet PHY driver used by the emulated SiFive
Unleashed Board emulation.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Grzegorz Szymaszek authored 1 year ago and Heinrich Schuchardt committed 1 year ago

The "Sending patches" and "Patman patch manager" documents refer to the
three-dash, "---", that separates patch parts. The symbol is written in
the documentation in the same form as it is in actual patches: as three
U+002D HYPHEN-MINUS characters. When building the documentation, Sphinx
converts this symbol to a U+2014 EM DASH, that is invalid in this case.

Make the three-dash symbol a reStructuredText inline literal to prevent
its conversion; that is, enclose it in a pair of double backquotes (`).

Signed-off-by: Grzegorz Szymaszek <gszymaszek@short.pl>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>

Paul-Erwan Rio authored 1 year ago and Tom Rini committed 1 year ago

Commit cb9faa6f ("tools: Use a single target-independent config to
enable OpenSSL") introduced a target-independent configuration to build
crypto features in host tools.

But since commit 2c21256b ("hash: Use Kconfig to enable hashing in
host tools and SPL") the build without OpenSSL is broken, due to FIT
signature/encryption features. Add missing conditional compilation
tokens to fix this.

Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
Tested-by: Alexander Dahl <ada@thorsis.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Alexander Dahl authored 1 year ago and Tom Rini committed 1 year ago

Some users want to build with CONFIG_TOOLS_LIBCRYPTO disabled, which in
general is possible for at least some boards.  32-bit mvebu however
requires kwbimage for building SPL, and kwbimage has a hard dependency
to host OpenSSL.

The new symbol CONFIG_TOOLS_KWBIMAGE allows disabling kwbimage build on
non-mvebu platforms, and thus building without host libcrypto from
OpenSSL.

Based on previous work and discussions, see links below.

Link: https://lore.kernel.org/u-boot/20211021093304.25399-1-pali@kernel.org/
Link: https://lore.kernel.org/u-boot/20220111153120.1276641-1-marex@denx.de/
Link: https://lore.kernel.org/u-boot/20230121154743.667253-2-paulerwan.rio@gmail.com/


Cc: Marek Vasut <marex@denx.de>
Cc: Paul-Erwan Rio <paulerwan.rio@gmail.com>
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Each partition may belong to an image, which has a name. That name can
be useful for debugging as it helps identify where the partition came
from.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-4-brandon.maier@collins.com


Signed-off-by: Michal Simek <michal.simek@amd.com>

Extract partitions from a Xilinx Boot Image using dumpimage.

Add helper for_each_zynqmp_part() to reuse the partition walking code
between the printing and extracting functions.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-3-brandon.maier@collins.com


Signed-off-by: Michal Simek <michal.simek@amd.com>

Two of the partition size fields are not printed. Currently only the
"total" size is displayed, which is the size of the image data
(encrypted), padding, expansion, and authentication data. Add the
"unencrypted data" size, which is the original size of the data before
being encrypted. And "encrypted data" size, which is just the encrypted
data.

To avoid printing useless information, only print the encrypted and
unencrypted sizes if they are different from the total.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-2-brandon.maier@collins.com


Signed-off-by: Michal Simek <michal.simek@amd.com>

The zynqmpimage_print_header() skips printing the first partition. This
is because the image header can contain duplicate fields as the first
partition. However some fields, like the partition attributes, are only
present in the partition table. It is also possible for the first
partition to not be declared in the image header, if the image is not a
bootloader image.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-1-brandon.maier@collins.com


Signed-off-by: Michal Simek <michal.simek@amd.com>

Add dedicated Makefile targets for the i.MX93 and a new imx93-u-boot.dtsi
device-tree to create binman images.

Signed-off-by: Mathieu Othacehe <m.othacehe@gmail.com>

Anthony Loiseau authored 1 year ago and Tom Rini committed 1 year ago

As already done for NOR chips, if device ESIZE and ENVSECTORS static
configurations are both zero, then autodetect them at runtime.

Cc: Joe Hershberger <joe.hershberger@ni.com>
cc: Stefan Agner <stefan@agner.ch>
cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Anthony Loiseau <anthony.loiseau@allcircuits.com>

Rafał Miłecki authored 1 year ago and Tom Rini committed 1 year ago

It's totally valid for read() to provide less bytes than requested
maximum. It may happen if there is no more data available yet or source
pushes data in small chunks.

This actually happens when trying to read env data from NVMEM device.
Kernel may provide NVMEM content in page size parts (like 4096 B).

This fixes warnings like:
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 16384 bytes but got 4096
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 12288 bytes but got 4096
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 8192 bytes but got 4096

Since the main loop in flash_read_buf() is used to read blocks this
patch adds a new nested one.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Rafał Miłecki authored 1 year ago and Tom Rini committed 1 year ago

Rename "addr0" and "addr1" to "buf0" and "buf1" accordingly. Name "addr"
suggests that variable contains a numeric value being some kind of
address. Name "buf" is de facto a standard name for pointer to allocated
memory for reading data to.

While at it drop redundant checks for NULL before calling free().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Rafał Miłecki authored 1 year ago and Tom Rini committed 1 year ago

Call to fread() was changed to check for return value. The problem is it
can't be checked for returning 1 (as it is) to determine success.

We call fread() with buffer size as "size" argument. Reading any
"compatible" value shorter than buffer size will result in returning 0
even on success.

Modify code to use fstat() to determine expected read length.

This fixes regression that broke using fw_env with NVMEM devices.

Fixes: c059a22b ("tools: env: fw_env: Fix unused-result warning")
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Manorit Chawdhry authored 1 year ago and Tom Rini committed 1 year ago

Add test for TI firewalling node in ti-secure.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>