Add a testcase to ensure that scan_and_prop_bootph() actually
propagates bootph-* properties to supernodes.
Signed-off-by: Moteen Shah <m-shah@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reduce subject below 60-char limit:
Signed-off-by: Simon Glass <sjg@chromium.org>
As per bootph schema, bootph-* property in child node should be
implied in their parent, but this feature is not implemented in
the U-Boot proper stage (before relocation) resulting in devices
not being bound because of the missing bootph-all or bootph-some-ram
property in the parent node.
To mitigate this issue, add a function to scan through all the nodes
in the device-tree for bootph-all and bootph-some-ram properties. If
found, propagate it to all of its parent nodes up the hierarchy.
Signed-off-by: Moteen Shah <m-shah@ti.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reduce subject below 60-char limit:
Signed-off-by: Simon Glass <sjg@chromium.org>
Some SoCs require a Trusted Firmware-A (TF-A) AP Trusted ROM (BL1) to
initialize the SoC before U-Boot can run properly. Add an atf-bl1 etype
so we can properly package BL1 into a final binary
Signed-off-by: Bryan Brattlof <bb@ti.com>
Acked-by: Simon Glass <sjg@chromium.org>
key-name-hint property in u-boot-spl-pubkey-dtb binman entry may contain
a path instead of a filename due to user mistake.
Because we currently assume it is a filename instead of a path, binman
will find the full path to the key based on that path, and return the
dirname of the full path but keeps the path in key-name-hint instead of
stripping the directories from it.
This means mkimage will fail with the following error message if we have
key-name-hint set to keys/dev:
binman: Error 1 running 'fdt_add_pubkey -a sha256,rsa2048 -k /home/qschulz/work/upstream/u-boot/keys -n keys/dev -r conf /home/qschulz/work/upstream/u-boot/build/ringneck/u-boot-spl-dtbdhsfx3mf': Couldn't open RSA certificate: '/home/qschulz/work/upstream/u-boot/keys/keys/dev.crt': No such file or directory
Let's make it a bit more obvious what the error is by erroring out in
binman if a path is provided in key-name-hint (it is named key-name-hint
and not key-path-hint after all).
Fixes: 5609843b57 ("binman: etype: Add u-boot-spl-pubkey-dtb etype")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reduce subject below 60-char limit
Signed-off-by: Simon Glass <sjg@chromium.org>
mkimage doesn't fail if it cannot find the public key but it prints to
stderr. Considering that btool.run() discards stderr, it means binman
happily returns an unsigned FIT and doesn't tell you something went
wrong.
Binman will actually find the file if there's a path in the
key-name-hint property but the current logic expects key-name-hint to be
a filename and thus returns the dirname of the found path for the key,
but with the original key-name-hint appended. This means we can have the
following:
- key-name-hint = "keys/dev"
- name = "/home/qschulz/work/upstream/u-boot/keys/"
so we pass /home/qschulz/work/upstream/u-boot/keys/ to the -k option of
mkimage but the FIT still contains "keys/dev" in key-name-hint which
means mkimage will try to find the key at
/home/qschulz/work/upstream/u-boot/keys/keys/, which doesn't exist.
Let's assume paths are simply not supported (it is named key-name-hint
and not key-path-hint after all) and raise an error if the property
contains a path so that the build fails and not quietly.
Fixes: 133c000ca3 ("binman: implement signing FIT images during image build")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
i.MX95 needs to combine DDR PHY firmware images and their byte counts
together, so add a new entry type nxp-header-ddrfw for this requirement.
Signed-off-by: Alice Guo <alice.guo@nxp.com>
It is convenient to be able to print a message and exit. Add a new
'fatal' level to support this.
Update some assumptions about the level, so that the tools continue to
work as now.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is sometimes useful outside tests. Also it can affect how
terminal output is done, e.g. whether ANSI characters should be emitted
or not.
Move it out of the test_util package and into terminal.
Signed-off-by: Simon Glass <sjg@chromium.org>
Dynamically going through the subnode array and deleting leads to
templates being skipped from deletion when templates are consecutive in
the subnode list. Prevent this from happening by first parsing the DT
and then deleting the nodes. Add a testcase as well for this cornercase.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
This reverts commit c8750efe02, reversing
changes made to 8c6cf8aeea.
Unfortunately these changes do not build on macOS hosts.
Signed-off-by: Tom Rini <trini@konsulko.com>
Rather than have a requirements.txt file that's shared between multiple
python projects within U-Boot, create one for each using "pipreqs".
Signed-off-by: Tom Rini <trini@konsulko.com>
Build the imx code singing tool from source instead of relying on the
distro to provide the tool.
Use the debian/unstable branch because the default branch is outdated.
The binary is supposed to be build with docker, work around that by selecting
the correct Makefile directly.
Also append the description and add a link to documentation.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Add optional argument make_path to build_from git. The new argument
allows specifying the path to a Makefile in case it is not in the root
of the git repo.
Also adjust the corresponding test.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Add optional argument git_branch to build_from_git. The new argument
allows specifying which branch of the repo to use.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Newer lz4 util is not happy with any padding at end of file,
it would abort with error message like:
Stream followed by undecodable data at position 43.
Workaround by skipping testCompUtilPadding test case and manually
strip padding in testCompressSectionSize test case.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
The CheckAddHashValue() function is always called before this one, so
the algorithm check is never used. Replace it with an assert to avoid a
coverage error.
Signed-off-by: Simon Glass <sjg@chromium.org>
When specifying a directory containing DTBs with 'fit,fdt-list-dir', it can be
handy not to have to also specify this directory to the input directories of
binman with '-I' option and use the method tools.append_input_dirs() append it.
This avoids to have to specify the DTB directory in both the device tree
provided to binman and through '-I' option to binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage can be used for both signing the FIT or encrypt its content and the
option '-k' can be used to pass a directory where both signing and encryption
keys can be retrieved. Adding 'fit,encrypt' property to the 'fit' node, leads to
try to find keys directory among binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
There have been a few changes to the areas that this file documents
without having regenerated the file. Do so now.
Signed-off-by: Tom Rini <trini@konsulko.com>
This newer pylint produces errors about variables possibly being used
before being set. Adjust the code to pass these checks.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Tom Rini <trini@konsulko.com>
With a newer pylint, we get a warning that 'br' could be used before
assignment. Fix this by declaring br first as an empty bytearray.
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The end-at-4gb property implies a value for skip-at-start so add it into
the output FDT so that U-Boot can read it.
Now that skip-at-start is implemented, we can drop the workarounds used
in the x86 code to obtain the correct image-pos value.
Signed-off-by: Simon Glass <sjg@chromium.org>
A discussion on the mailing list about dealing with block offsets and
binman symbols made me think that something is wrong with how Binman
deals with the skip-at-start property.
The feature was originally designed to handle x86 ROMs, which are mapped
at the top of the address space. That seemed too specific, whereas
skipping some space at the start seemed more generally useful.
It has proved useful. For example, rockchip images start at block 64,
so a skip-at-start of 0x8000 deals with this.
But it doesn't actually work correctly, since the image_pos value does
not give the actual position on the media.
Fix this and update the documentation, moving it into the 'section'
section.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a helper to avoid needing to use a list within a list for this
simple case.
Update existing users of runpipe() to use this where possible.
Signed-off-by: Simon Glass <sjg@chromium.org>
Loading flash.bin using uuu fails when flash.bin does not have the
right size.
When flash.bin is loaded from some storage medium (sd card/emmc), SPL
just loads some random garbage bytes from beyond what has been
populated when flash.bin was written, but when loaded via uuu, SPL
hangs waiting for the host to send the expected number of bytes. Which
is (size of FIT image aligned to 0x1000)+CONFIG_CSF_SIZE. The
alignment to 0x1000 is already done and is necessary in all cases
because that's the exact expected location of the 32 byte IVT
header. But the IVT+CSF blob tacked onto the end must be a total of
CONFIG_CSF_SIZE.
This is exactly the same fix as 89f19f45d6, except that this time
around I don't know how to cleanly get CONFIG_CSF_SIZE.
Fixes: bc6beae7c5 (binman: Add nxp_imx8mcst etype for i.MX8M flash.bin signing)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Tested-by: Heiko Schocher <hs@denx.de>
Provide a short description of how tests work, why they are so critical
and how to resolve gaps in Binman's test coverage.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Pass the arguments through to test_util so that a single test can be
used.
Update the docs and add some missing backquotes in the same section.
Signed-off-by: Simon Glass <sjg@chromium.org>
The patch implement new property 'fit,sign' that can be declared
at the top-level 'fit' node. If that option is declared, fit tryies
to detect private keys directory among binman include directories.
That directory than passed to mkimage using '-k' flag and that enable
signing of FIT.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Renumbered files, moved new tests to end:
Signed-off-by: Simon Glass <sjg@chromium.org>
FIT use mkimage from BuildSectionData() to build FIT entry contents.
BuildSectionData() get called several times during building FIT image.
Currently when fit inserts loadables, it use self._loadables property that
contain loadables computed during previuos BuildSectionData() invocation.
So for the first run it use empty list and pass no loadables to mkimage.
That makes problem for adding signature to FIT image because mkimage
fails to add signature and aborts building FIT if no loadables provided.
The patch fixes described behaviour in a way that BuildSectionData() uses
recently calculated loadables value, not previosly calculated.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Simplify code and conform to the style guide used in the project by
making the following changes:
* Capitalize global constants
* Use single quotes for multiline strings (except docstrings)
* Fix line width to 79 cols
* Use f-string instead of formatting a regular string or using a
complicated concatenation
* Move common suffix used in keys to a global variable "KEY_NAME"
to reduce the likelihood of typos and making future changes
easier
Signed-off-by: Brian Ruley <brian.ruley@gehealthcare.com>
Cc: Marek Vasut <marex@denx.de>
The TF-A URL was updated, as a result the name of the
directory changed as part of the new git URL and not
all the referenced directories were updated.
Fixes: 0ec0207fe0 ("Update the ARM trusted firmware git URL")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
