- Feb 16, 2021
-
-
At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by:
Simon Glass <sjg@chromium.org> Reported-by:
Bruce Monroe <bruce.monroe@intel.com> Reported-by:
Arie Haenel <arie.haenel@intel.com> Reported-by:
Julien Lenoir <julien.lenoir@intel.com>
-
- Feb 14, 2021
-
-
Heinrich Schuchardt authored
The isAlive() method was deprecated in Python 3.8 and has been removed in Python 3.9. See https://bugs.python.org/issue37804 . Use is_alive() instead. Since Python 2.6 is_alive() has been a synonym for isAlive(). So there should be no problems for users using elder Python 3 versions. Signed-off-by:
Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by:
-
- Feb 01, 2021
-
-
Add "-c" option to set the configuration name when checking the FIT image signature. Signed-off-by:Ilies CHERGUI <ilies.chergui@gmail.com>
-
- Jan 30, 2021
-
-
Simon Glass authored
The offset of an entry needs to be adjusted by its skip-at-start value. This is currently missing when reading entry data. Fix it. Signed-off-by: -
Simon Glass authored
When packing files it is sometimes useful to align the start of each file, e.g. if the flash driver can only access 32-bit-aligned data. Provides a new property to support this. Signed-off-by: -
Simon Glass authored
At present if a devicetree blob is included in a vblock it does not deal with updates. This is because the vblock is created once at the start and does not have a method to update itself later, after all the entry contents are finalised. Fix this by adjusting how the vblock is created. Also simplify Image.ProcessEntryContents() since it effectively duplicates the code in Section.ProcessContents(). Signed-off-by: -
Simon Glass authored
Normally when an entry is created, any entry arguments it has are required to be provided, so it can actually generate its contents correctly. However when an existing image is read, Entry objects are created for each of the entries in the image. This happens as part of the process of reading the image into binman. In this case we don't need the entry arguments, since we do not intend to regenerate the entries, or at least not unless requested. So there is no sense in reporting an error for missing entry arguments. Add a new property for the Image to handle this case. Update the error reporting to be conditional on this property. Signed-off-by: -
Simon Glass authored
At present binman only supports resolving symbols in the same section as the binary that uses it. This is quite limited because we often need to group entries into different sections. Enhance the algorithm to search the entire image for symbols. Signed-off-by: -
Simon Glass authored
Two files have the wrong comment at the top of them. Fix this. Signed-off-by: -
Simon Glass authored
Update the log output to show the size, since this is useful information. Signed-off-by: -
Simon Glass authored
Two of the items have been completed and I thought of another one. Update the list. Signed-off-by: -
Simon Glass authored
At present on large files, lz4 uses a larger block size (e.g. 256KB) than the 64KB supported by the U-Boot decompression implementation. Also it is optimised for maximum compression speed, producing larger output than we would like. Update the parameters to correct these problems. Signed-off-by: -
Simon Glass authored
Drop a few more Python 2 relics that are no-longer needed. Signed-off-by:
-
- Jan 29, 2021
-
-
Heinrich Schuchardt authored
mkeficapsule is a build product. Add it to .gitignore Signed-off-by:
-
- Jan 23, 2021
-
-
Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by:Sughosh Ganu <sughosh.ganu@linaro.org>
-
Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by:
AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by:
-
- Jan 22, 2021
-
-
The UBI_IOCVOLUP ioctl can fail if exclusive access to the volume isn't obtained. If this happens, the flush operation doesn't return error, leaving the caller without knowledge of missing flush. Fix this by forwarding the error (-1) from ubi_update_start(). Fixes: 34255b92 ("tools: env: Add support for direct read/write UBI volumes") Signed-off-by:
Martin Hundebøll <martin@geanix.com>
-
These commands were disabled when CONFIG_FIT_SIGNATURE is disabled, but they do not depend on crypto support so they can be unconditionally enabled. Signed-off-by:Joel Stanley <joel@jms.id.au>
-
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then mkimage/dumpimage will fail to link: /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data': image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc' /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt': aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new' /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex' /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate' /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free' /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex' collect2: error: ld returned 1 exit status Signed-off-by: -
The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by:Philippe Reynes <philippe.reynes@softathome.com>
-
This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by:
-
- Jan 18, 2021
-
-
mkimage is only able to package aarch32 binaries. Add support for AArch64 images. One can create a ARM64 image using the following command line: mkimage -T mtk_image -a 0x201000 -e 0x201000 -n "media=emmc;arm64=1" -d bl2.bin bl2.img Signed-off-by:Fabien Parent <fparent@baylibre.com>
-
- Jan 15, 2021
-
-
Ley Foon Tan authored
The existing socfpgaimage always pads the image to the maximum size of OCRAM size. This will break in the encryption flow where it expects the image to be un-padded. The encryption tool will do the encryption for the whole image and append the signature key at end of the image. The signature key will append to beyond the size of OCRAM if the image is padded with the maximum size before encryption. Move the padding step from socfpgaimage to Makefile and pads with objcopy command. socfpgaimage will pad the image with 16 bytes aligned (including CRC word), this is a requirement in encryption flow. Signed-off-by:Ley Foon Tan <ley.foon.tan@intel.com>
-
Ley Foon Tan authored
Print image header information if the header is verified. Example output from mkimage "-l" option: $ ./tools/mkimage -l spl/u-boot-spl.sfp Image Type : Cyclone V / Arria V SoC Image Validation word : 0x31305341 Version : 0x00000000 Flags : 0x00000000 Program length : 0x00003a59 Header checksum : 0x00000188 $ ./tools/mkimage -l spl/u-boot-spl.sfp Image Type : Arria 10 SoC Image Validation word : 0x31305341 Version : 0x00000001 Flags : 0x00000000 Header length : 0x00000014 Program length : 0x000138e0 Program entry : 0x00000014 Header checksum : 0x00000237 Signed-off-by:
-
- Jan 13, 2021
-
-
Heinrich Schuchardt authored
Unused variables should be called '_'. Signed-off-by:
Paulo Alcantara (SUSE) <pc@cjr.nz>
-
Heinrich Schuchardt authored
When deleting a variable we must check that the GUID provided by the user matches the GUID of the variable. Signed-off-by:
-
Heinrich Schuchardt authored
According to https://pep8.org/#indentation we should use 4 spaces per indentation level. Signed-off-by:
-
Heinrich Schuchardt authored
When tools: efivar.py is called without arguments an error occurs: Traceback (most recent call last): File "tools/efivar.py", line 380, in <module> main() File "tools/efivar.py", line 360, in main args.func(args) AttributeError: 'Namespace' object has no attribute 'func' Show the online help if the arguments do not specify a function. Signed-off-by:
-
- Jan 11, 2021
-
-
André Przywara authored
So far we used the separate mksunxiboot tool for generating a bootable image for Allwinner SPLs, probably just for historical reasons. Use the mkimage framework to generate a so called eGON image the Allwinner BROM expects. The new image type is called "sunxi_egon", to differentiate it from the (still to be implemented) secure boot TOC0 image. Signed-off-by:
Andre Przywara <andre.przywara@arm.com> Reviewed-by:
Jernej Skrabec <jernej.skrabec@siol.net> Reviewed-by:
Samuel Holland <samuel@sholland.org> Reviewed-by:
-
- Jan 05, 2021
-
-
Simon Glass authored
Some of these tests don't actually check anything. Add a few more checks to complete the tests. Also add a simple scan test that does the basics. Signed-off-by: -
Simon Glass authored
Move the tests related to scanning into their own class, updating them to avoid using dtb_platdata as a pass-through. Signed-off-by: -
Simon Glass authored
Before expanding the scanning features any more, move this into a separate file. This will make it easier to maintain in the future. In particular, it reduces the size of dtb_platdata.py and allows us to add tests specifically for scanning, without going through that file. The pieces moved are the Driver class, the scanning code and the various naming functions, since they mostly depend on the scanning results. So far there is are no separate tests for src_scan. These will be added as new functionality appears. This introduces no functional change. Signed-off-by: -
Simon Glass authored
This has not been needed since parent information was added and we started using indicies for references to other drivers instead of pointers. It was kept around in the expectation that it might be needed later. However with the latest updates, it doesn't seem likely that we'll need this in the foreseeable future. Drop dm_populate_phandle_data() from dtoc and driver model. Signed-off-by: -
Simon Glass authored
Previously we had to worry about nodes being output before those that they depended on, thus causing build errors. So the current algorithm is careful to output nodes in the right order. We now use a different method for outputting phandles that does not involve pointers. Also we plan to add a 'declarations' header file to declare all drivers as 'extern'. Update the code to drop the dependency checking and output in a simple loop. This makes the output easier to follow since drivers are in order of thier indices (0, 1, ...), which is also the order it appears in in the linker list. Signed-off-by: -
Simon Glass authored
The base directory of U-Boot, where the source is, it currently calculated from the directory of the dtb_platdata.py script. If this is installed elsewhere that will not work. Also it is inconvenient for tests. Add a parameter to allow specifying this base directory. To test this, pass a temporary directory with some files in it and check that they are passed to scan_driver(). Signed-off-by: -
Simon Glass authored
Rather than the if/else construct, update OutputFile with the method to call to process each command. This is easier to maintain as the number of commands increases. Rename generate_tables to generate_plat since it better describes what is being generated ('plat' is the U-Boot name for platform data). With this, each output method needs to have the same signature. Store the output structures in a member variable instead of using parameters, to accomplish this. Signed-off-by: -
Simon Glass authored
Use this new name to be consistent with the rest of U-Boot, which talks about 'plat' for the platform data, which is what this file holds. Signed-off-by: -
Simon Glass authored
It is currently fairly obvious what the two generated files are for, but this will change as more are added. It is helpful for readers to describe the purpose of each file. Add a header commment field to OutputFile and use it to generate a comment at the top of each file. Signed-off-by: -
Simon Glass authored
Use the standard function for running tests and reported results. This allows the tests to run in parallel, which is a significant speed-up on most machines (e.g. 4.5 seconds -> 1.5s on mine). Signed-off-by: -
Simon Glass authored
This gives a warning in some situations: File "tools/dtoc/../concurrencytest/concurrencytest.py", line 95, in do_fork stream = os.fdopen(c2pread, 'rb', 1) File "/usr/lib/python3.8/os.py", line 1023, in fdopen return io.open(fd, *args, **kwargs) RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used Fix this by dropping the line-buffer parameter. Signed-off-by:
-
