Refactor the code to support downloading toolchains for arm64 as well as
x86_64
There doesn't seem to be an xtensa toolchain for arm64 at the same
location, so download that only on x86
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Fix a warning due to the syntax used for PYTHONPATH:
LegacyKeyValueFormat: "ENV key=value" should be used instead of
legacy "ENV key value" format (line 304)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
We no longer need to install libc6-i386 so we can drop that. Switch to
installing linux-image-generic as that will be available on all hosts,
to provide the /boot/vmlinu* file that's requires for various tools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add instructions on how to build the file for multiple architectures.
Add a message indicating what is happening.
Update the documentation as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Instead of deleting /var/lib/apt/lists after each relevant RUN line, use
a cache mount as is the current best practices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
For consistency now, and future ease of testing with non-amd64 hosts,
build grub for all architectures rather than relying on host binaries
for i386/x86_64.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The current release of grub is 2.12 and it will be good to pick this up
now so that we can update other parts of our stack.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
We had a few places that were not using "make -j$(nproc)" but instead
just plain "make" and so slowing down the overall build.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Add in the x86_64 toolchain, but do not enforce using it for sandbox.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
when building U-Boot on imx8qxp and the board port uses
SPL, U-boot build shows
WARNING '.../spl/u-boot-spl.bin' not found, resulting binary is not-functional
This is because U-Boot binary is build first and Makefile
calls script imx_cntr_image.sh which checks if files
exists... but of course as spl is not yet build the
file `spl/u-boot-spl.bin` does not exist yet, so prevent
this warning.
Signed-off-by: Heiko Schocher <hs@denx.de>
Improve error message "header tag mismatched"
Add filename to error message to see, which file
is wrong.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Simon Glass <sjg@chromium.org> says:
This series updates buildman to process #include lines in defconfig
files. With this, it is no-longer necessary to duplicate lines certain
lines from the include-file in the defconfig, e.g. CONFIG_ARM and
CONFIG_SOC_...
Link: https://lore.kernel.org/r/20241108152350.3686274-1-sjg@chromium.org
This is used by some boards in U-Boot and is a convenient way to deal
with common settings where using a Kconfig files is not desirable.
Detect #include files and process them as if they were part of the
original file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: https://source.denx.de/u-boot/custodians/u-boot-dm/-/issues/30
This code is tested by test_scan_defconfigs() but it is useful to have
some specific tests for the KconfigScanner's operation in U-Boot. Add
a test which checks that the values are obtained correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/23262
- Improve imx9 boot medium autodection.
- Add possibility to skip DCD on i.MX8.
- Switch to using upstream DT on DH i.MX6 DHCOM.
- Add support for i.MX6DL DHCOM SoM on PDK2 carrier board.
- Handle FIELD_RETURN on i.MX HAB.
Currently U-Boot always adds DCD Image to boot container.
On imx8qxp SoC it is possible to init RAM from within SCFW,
and adding a DCD image type to the boot container in this case
breaks booting (No debug output anymore from SCFW! Nor any
output from SPL), so we need to configure a dcd skip somehow.
This patch adds a new imx8image_cmd entry CMD_DCD_SKIP and a
new entry in imximage.cfg "DCD_SKIP". If set to "true"
no DCD image type will be added to the container.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
For printing a ssize_t variable we must use %zd and not %ld to avoid
a -Wformat error on 32-bit systems.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Loading flash.bin using uuu fails when flash.bin does not have the
right size.
When flash.bin is loaded from some storage medium (sd card/emmc), SPL
just loads some random garbage bytes from beyond what has been
populated when flash.bin was written, but when loaded via uuu, SPL
hangs waiting for the host to send the expected number of bytes. Which
is (size of FIT image aligned to 0x1000)+CONFIG_CSF_SIZE. The
alignment to 0x1000 is already done and is necessary in all cases
because that's the exact expected location of the 32 byte IVT
header. But the IVT+CSF blob tacked onto the end must be a total of
CONFIG_CSF_SIZE.
This is exactly the same fix as 89f19f45d6, except that this time
around I don't know how to cleanly get CONFIG_CSF_SIZE.
Fixes: bc6beae7c5 (binman: Add nxp_imx8mcst etype for i.MX8M flash.bin signing)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Tested-by: Heiko Schocher <hs@denx.de>
In v2024.10, "make envtools" is broken for at least these defconfigs:
am335x_evm_defconfig
rpi_3_defconfig
rpi_4_defconfig
mx7dsabresd_defconfig
wandboard_defconfig
imx8mp_evk_defconfig
The only defconfig we use for which it is not broken is
stm32mp13_defconfig. They all work just fine in v2024.07.
The symptoms are slightly different, but all related to the fact that
some transitively included header uses IS_ENABLED or CONFIG_IS_ENABLED
without linux/kconfig.h having already been included.
A simple git bisect doesn't produce anything sensible, it ends up at
3a9f642ca9 (crypto: nuvoton: npcm_sha: Support SHA 384/512) which
clearly has nothing to do with this. But digging deeper, one
eventually finds 0f92fa4560 ("env: Remove <common.h> and add needed
includes").
So at first I tried adding "#include <linux/kconfig.h>" in
include/env_default.h and include/env_flags.h. That fixes it for some,
but not all, of the above. For example rpi_3_defconfig still fails,
then in log.h complaining about BIT() and u8 not being defined. At
least BIT() is should have gotten from bitops.h, except that that's
behind ifdef __KERNEL__, so not set for the envtools build.
It turns out that the envtools source code in fw_env_private.h already
has some hackery to deal with all this, in the form of the __ASSEMBLY__
games it plays before including config.h. It seems that if we just
make sure to do that include early enough, so that config.h is indeed
parsed with that __ASSEMBLY__ hackery in place, everything builds
fine.
Fixes: 0f92fa4560 ("env: Remove <common.h> and add needed includes")
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Chia-Wei Wang <chiawei_wang@aspeedtech.com> says:
Aspeed AST2700 SoCs integrates the Caliptra secure IP, where an ECDSA384
signature verification HW interface is exported for SoC crypto needs.
This patch series firstly extends the FIT image signing/verify common
code to support the ECDSA384 algorithm. For better convenience, the
device tree for ECDSA public key storage is also revised by referring
to RSA implementations.
After the FIT common code revision, the driver is implemented for
AST2700 to leverage the Caliptra ECDSA384 signature verification.
These are verified by signed FIT images with the algorithm "sha384,ecdsa384".
Link: https://lore.kernel.org/r/20241014095620.216936-1-chiawei_wang@aspeedtech.com
Add ECDSA384 algorithm support for image signing and verification.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Update to a newer version which supports settings in CMOS RAM and
linear framebuffer.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Set aside some expo IDs for 'save' and 'discard' buttons. This avoids
needing to store the IDs for these. Adjust the documentation and expo
tool for the new EXPOID_BASE_ID value.
Ignore these objects when saving and loading the cedit, since they do
not contain real data.
Adjust 'cedit run' to return failure when the user exits the expo
without saving. Update the test for this change as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a short description of how tests work, why they are so critical
and how to resolve gaps in Binman's test coverage.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Pass the arguments through to test_util so that a single test can be
used.
Update the docs and add some missing backquotes in the same section.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present run_test_coverage() assumes you want code coverage for the
entire code base. This is the normal situation, but sometimes it is
useful to see the coverage provided by just a single test. Add support
for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
The patch implement new property 'fit,sign' that can be declared
at the top-level 'fit' node. If that option is declared, fit tryies
to detect private keys directory among binman include directories.
That directory than passed to mkimage using '-k' flag and that enable
signing of FIT.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Renumbered files, moved new tests to end:
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix error message like this:
Can't add verification data for node 'fdt-1' (<unknown error>)
We get unknown error because we decode error as fdt error
but actually it is system error.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
FIT use mkimage from BuildSectionData() to build FIT entry contents.
BuildSectionData() get called several times during building FIT image.
Currently when fit inserts loadables, it use self._loadables property that
contain loadables computed during previuos BuildSectionData() invocation.
So for the first run it use empty list and pass no loadables to mkimage.
That makes problem for adding signature to FIT image because mkimage
fails to add signature and aborts building FIT if no loadables provided.
The patch fixes described behaviour in a way that BuildSectionData() uses
recently calculated loadables value, not previosly calculated.
Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Using the PKI tree with SRKs as intermediate CA isn't necessary or even
desirable in some situations (boot time, for example). Add the possibility
to use the "fast authentication" method where the image and CSF are both
signed using the SRK [1, p.63].
[1] https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/202591/1/CST_UG.pdf
Signed-off-by: Brian Ruley <brian.ruley@gehealthcare.com>
Cc: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Simplify code and conform to the style guide used in the project by
making the following changes:
* Capitalize global constants
* Use single quotes for multiline strings (except docstrings)
* Fix line width to 79 cols
* Use f-string instead of formatting a regular string or using a
complicated concatenation
* Move common suffix used in keys to a global variable "KEY_NAME"
to reduce the likelihood of typos and making future changes
easier
Signed-off-by: Brian Ruley <brian.ruley@gehealthcare.com>
Cc: Marek Vasut <marex@denx.de>
Simon Glass <sjg@chromium.org> says:
When the SPL build-phase was first created it was designed to solve a
particular problem (the need to init SDRAM so that U-Boot proper could
be loaded). It has since expanded to become an important part of U-Boot,
with three phases now present: TPL, VPL and SPL
Due to this history, the term 'SPL' is used to mean both a particular
phase (the one before U-Boot proper) and all the non-proper phases.
This has become confusing.
For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL'
phases, not just SPL. So code which can only be compiled for actual SPL,
for example, must use something like this:
#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD)
In Makefiles we have similar issues. SPL_ has been used as a variable
which expands to either SPL_ or nothing, to chose between options like
CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable
was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was
updated to support 'VPL_' as well.
This series starts a change in terminology and usage to resolve the
above issues:
- The word 'xPL' is used instead of 'SPL' to mean a non-proper build
- A new CONFIG_XPL_BUILD define indicates that the current build is an
'xPL' build
- The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now
defined for TPL and VPL phases
- The existing SPL_ Makefile variable is renamed to SPL_
- The existing SPL_TPL Makefile variable is renamed to PHASE_
It should be noted that xpl_phase() can generally be used instead of
the above CONFIGs without a code-space or run-time penalty.
This series does not attempt to convert all of U-Boot to use this new
terminology but it makes a start. In particular, renaming spl.h and
common/spl seems like a bridge too far at this point.
The series is fully bisectable. It has also been checked to ensure there
are no code-size changes on any commit.
Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.
Update the comment in bootstage to refer to this symbol, instead of
SPL_
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that SPL means SPL (only) and is not defined for other phases,
update kconfig rules.
This is done in one patch since otherwise many Binman tests fail.
Signed-off-by: Simon Glass <sjg@chromium.org>
Complete this rename for all directories outside arch/ board/ drivers/
and include/
Use the new symbol to refer to any 'SPL' build, including TPL and VPL
Signed-off-by: Simon Glass <sjg@chromium.org>
The TF-A URL was updated, as a result the name of the
directory changed as part of the new git URL and not
all the referenced directories were updated.
Fixes: 0ec0207fe0 ("Update the ARM trusted firmware git URL")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The primary upstream URL for tf-a has moved, in some cases
things like tags are not always pushed to the old URL so
update the URLs to the primary upstream project URL.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Adds support for the secp521r1 ECDSA algorithm to mkimage.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
