The header of the StarFive U-Boot SPL file u-boot-spl.normal.out has a
field indicating the payload size. When copying U-Boot SPL from a
partition the copied file might be too long.
Currently in this situation a misleading error message 'Incorrect CRC32' is
written.
We must use the payload size and not the file size when calculating the
CRC32.
Write a warning if the file is too long indicating the correct size. This
enables the user to truncate the file accordingly.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
A discussion on the mailing list about dealing with block offsets and
binman symbols made me think that something is wrong with how Binman
deals with the skip-at-start property.
The feature was originally designed to handle x86 ROMs, which are mapped
at the top of the address space. That seemed too specific, whereas
skipping some space at the start seemed more generally useful.
It has proved useful. For example, rockchip images start at block 64,
so a skip-at-start of 0x8000 deals with this.
But it doesn't actually work correctly, since the image_pos value does
not give the actual position on the media.
Fix this and update the documentation, moving it into the 'section'
section.
Signed-off-by: Simon Glass <sjg@chromium.org>
The PRNG implementing the random() function only has 2^31 states and
therefore is unsafe to use for cryptography. Use arc4random() instead.
Fixes: cc34f04efd ("tools: image-host.c: use random instead of rand")
Addresses-Coverity-ID: 312953 Calling risky function
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This code is not necessarily needed in VPL, even if SPL uses it, so
adjust the rules to allow it to be dropped.
Do the same for the hash API.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Return value of function 'lseek', called at pblimage.c:211,
is not checked, but it is usually checked for this function.
This trigger was found using the Svace static analyzer.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Buildman has always treated the lack of a toolchain as an infrastructure
problem rather than a build failure.
However the logic for this is not correct, since it does not write a
'done' file in this case.
As a result, one of two things can happen.
1. If a previous build ran in the same (output) directory, the outcome
of *that* build is recorded as the outcome of this one
2. Otherwise, no outcome is recorded
Obviously this inconsistency is not ideal. While (2) is rare, it can be
very confusing as the build sort-of fails but does not produce any
summary output with 'buildman -s'
Overall it seems better to attribute a toolchain issue to the boards
that it affects. This results in clear failures which can be examined,
no matter what happened in the .bm-work directory previously.
So write a 'done' file for each build when a toolchain is missing.
The end result of this patch is to make missing toolchains much more
obvious. It should be things a bit easier for novice users.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not actually used but its presence suggests that it is the
filename for the board database. Drop it to avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is really just getting the data. The size comes along for
the ride. In fact this function is only reliable way to obtain the data
for an image in a FIT, since the FIT may use external data.
Rename it to fit_image_get_data()
Signed-off-by: Simon Glass <sjg@chromium.org>
This function can only be used with FITs that use embedded data. Rename
it so this is clear.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update the version of this function in mkimage so that it uses a const
pointer, as is done in the mapmem.h header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Philippe Reynes <philippe.reynes@softathome.com> says:
This serie adds the support of sha256_hmac and sha256_hkdf.
A first version was sent several months ago just before the
integration of mbedtls. This new version is based on mbedtls.
The first patch of this serie add the support of hkdf
using mbedtls.
Link: https://lore.kernel.org/r/20241219130554.49825-1-philippe.reynes@softathome.com
The function sha256_csum_wd is defined in lib/sha256.c
and in lib/mbedtls/sha256.c. To avoid duplicating this
function (and future function), we move this function
to the file lib/sha256_common.c
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/renesas_spkgimage.h but this attribute is
already defined in linux/compiler_attributes.h.
So we include <linux/compiler_attributes.h.h>
and do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/kwbimage.h but this attribute is already
defined in linux/compiler_attributes.h. So we
include <linux/compiler_attributes.h.h> and
do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
When using qconfig.py to resync defconfig files and commit the result,
update it to say:
Resync all defconfig files using qconfig.py
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
When converting a U-Boot trace records file to ftrace function graph
format for use by trace-cmd ('proftool -f funcgraph dump-ftrace'), the
time associated to each function is incorrectly saved in microseconds
instead of nanoseconds. Multuply the value by 1000 to fix the issue.
With this change, the trace-cmd output looks consistent. Here is an
example with udelay(25) added to mem_malloc_init() as a test case:
$ ./tools/proftool -m System.map -t /tmp/trace.bin -f funcgraph \
dump-ftrace -o /tmp/trace.dat
$ trace-cmd report /tmp/trace.dat >/tmp/trace.log
$ vi /tmp/trace.log
[...]
u-boot-1 [000] 6.719659: funcgraph_entry: | mem_malloc_init() {
u-boot-1 [000] 6.719659: funcgraph_entry: | udelay() {
u-boot-1 [000] 6.719660: funcgraph_entry: | schedule() {
u-boot-1 [000] 6.719660: funcgraph_entry: | cyclic_run() {
u-boot-1 [000] 6.719660: funcgraph_entry: 1.000 us | cyclic_get_list();
u-boot-1 [000] 6.719661: funcgraph_exit: 1.000 us | }
u-boot-1 [000] 6.719661: funcgraph_exit: 1.000 us | }
u-boot-1 [000] 6.719661: funcgraph_entry: | __udelay() {
u-boot-1 [000] 6.719662: funcgraph_entry: 0.000 us | usec_to_tick();
u-boot-1 [000] 6.719687: funcgraph_exit: + 26.000 us | }
u-boot-1 [000] 6.719687: funcgraph_exit: + 28.000 us | }
u-boot-1 [000] 6.719687: funcgraph_entry: # 37971.000 us | memset();
u-boot-1 [000] 6.757658: funcgraph_exit: # 37999.000 us | }
u-boot-1 [000] 6.757658: funcgraph_exit: # 38000.000 us | }
In the above dump, the udelay() call is reported as taking 26 us which
is consistent with the timestamps (6.719687 - 6.719659 = 0.000026).
Without this patch we would have "0.026 us" instead of "+ 26.000 us".
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We should always look in our downloaded toolchains first and then for
host-provided toolchains.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We do not want to use the host toolchain for building our platforms in
CI (it is both too old, and would be inconsistent with our CI
practices). To do this we need to set the toolchain-prefix so that we
don't end up guessing "/opt/.../aarch64-linux-aarch64-linux-" as the
prefix.
Link: https://source.denx.de/u-boot/custodians/u-boot-dm/-/issues/32
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove the rest of the places where we hard-code the version of the
toolchain we're using.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The xtensa architecture is interesting in that the platforms we support
are only valid on the binary-only toolchains as the DC233C instruction
set requires those toolchains (and not the FSF instruction set). Only
install the binary toolchain on amd64 hosts and only run the tests on
them as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There have been a few changes to the areas that this file documents
without having regenerated the file. Do so now.
Signed-off-by: Tom Rini <trini@konsulko.com>
When specifying a directory containing DTBs with 'fit,fdt-list-dir', it can be
handy not to have to also specify this directory to the input directories of
binman with '-I' option and use the method tools.append_input_dirs() append it.
This avoids to have to specify the DTB directory in both the device tree
provided to binman and through '-I' option to binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
append_input_dirs() can be used to append a list of input directories to indir
global list.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
An optional list of input directories can be passed to EnsureCompiled() which
allows to pass a list of directories where input files can be searched.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage can be used for both signing the FIT or encrypt its content and the
option '-k' can be used to pass a directory where both signing and encryption
keys can be retrieved. Adding 'fit,encrypt' property to the 'fit' node, leads to
try to find keys directory among binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Refactor the code to support downloading toolchains for arm64 as well as
x86_64
There doesn't seem to be an xtensa toolchain for arm64 at the same
location, so download that only on x86
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Fix a warning due to the syntax used for PYTHONPATH:
LegacyKeyValueFormat: "ENV key=value" should be used instead of
legacy "ENV key value" format (line 304)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
We no longer need to install libc6-i386 so we can drop that. Switch to
installing linux-image-generic as that will be available on all hosts,
to provide the /boot/vmlinu* file that's requires for various tools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add instructions on how to build the file for multiple architectures.
Add a message indicating what is happening.
Update the documentation as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Instead of deleting /var/lib/apt/lists after each relevant RUN line, use
a cache mount as is the current best practices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
For consistency now, and future ease of testing with non-amd64 hosts,
build grub for all architectures rather than relying on host binaries
for i386/x86_64.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The current release of grub is 2.12 and it will be good to pick this up
now so that we can update other parts of our stack.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
We had a few places that were not using "make -j$(nproc)" but instead
just plain "make" and so slowing down the overall build.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Add in the x86_64 toolchain, but do not enforce using it for sandbox.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
when building U-Boot on imx8qxp and the board port uses
SPL, U-boot build shows
WARNING '.../spl/u-boot-spl.bin' not found, resulting binary is not-functional
This is because U-Boot binary is build first and Makefile
calls script imx_cntr_image.sh which checks if files
exists... but of course as spl is not yet build the
file `spl/u-boot-spl.bin` does not exist yet, so prevent
this warning.
Signed-off-by: Heiko Schocher <hs@denx.de>
Improve error message "header tag mismatched"
Add filename to error message to see, which file
is wrong.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Simon Glass <sjg@chromium.org> says:
This series updates buildman to process #include lines in defconfig
files. With this, it is no-longer necessary to duplicate lines certain
lines from the include-file in the defconfig, e.g. CONFIG_ARM and
CONFIG_SOC_...
Link: https://lore.kernel.org/r/20241108152350.3686274-1-sjg@chromium.org
