This program generates raw SPL images that can be flashed on the NAND with
the ECC and randomizer properly set up.
This has been copied (and tweaked to find the right headers) from the
sunxi-tools (https://github.com/linux-sunxi/sunxi-tools) upstream
repository, commit 1c3a6ca5.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
To simplify the creation of AArch64 SPL images for the RK3399, we
use the ENABLE_ARM_SOC_BOOT0_HOOK option and prepend 4 bytes of
padding at the start of the text section. This makes it easy for
mkimage to rewrite this word with the 'RK33' boot magic.
This change brings logic to calculate the header size and allocate
the header back in sync. For the RK3399 we now limit the header to
before the payload (i.e. the 'header0' and the padding up to the
actual image) and overwrite the first word (inserted by the
boot0-hook for this purpose) with the 'RK33' magic in-place.
X-AffectedPlatforms: RK3399-Q7
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Tested-by: Klaus Goger <klaus.goger@theobroma-systems.com>
The RK3399 boot code (running as AArch64) poses a bit of a challenge
for SPL image generation:
* The BootROM will start execution right after the 4-byte header (at
the odd instruction word loaded into SRAM at 0xff8c2004, with the
'RK33' boot magic residing at 0xff8c2000).
* The default padding (during ELF generation) for AArch64 is 0x0,
which is an illegal instruction and the .text section needs to be
naturally aligned (someone might locate a 64bit constant relative
to the section start and unaligned loads trigger a fault for all
privileged modes of an ARMv8)... so we can't simply define the
CONFIG_SPL_TEXT_BASE option to the odd address (0xff8c2004).
* Finally, we don't want to change the values used for padding of
the SPL .text section for all ARMv8 targets to the instruction
word encoding 'nop', as this would affect all padding in this
section and might hide errors that would otherwise quickly trigger
an illegal insn exception.
To deal with this situation, we modify the rkimage generation to
- understand the fact that the RK3399 needs to pad the header to an
8 byte boundary using an AArch64 'nop'
- the necessary logic to adjust the header_size (which controls the
location where the payload is copied into the image) and to insert
this padding (AArch64 insn words are always little-endian) into
the image following the 4-byte header magic.
X-AffectedPlatforms: RK3399-Q7
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Tested-by: Klaus Goger <klaus.goger@theobroma-systems.com>
The RC4 encoding works on full blocks, but the calculation of the
starting offset and size are needlessly complicated by using a
reference value known to be offset into a block by the size of the
header and then correcting for the (hard-coded) size of the header
(i.e. 4 bytes).
We change this over to use the RK_SPL_HDR_START directly (which is
known to be on a block boundary).
X-AffectedPlatforms: RK3399-Q7
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Tested-by: Klaus Goger <klaus.goger@theobroma-systems.com>
some system will not generate pbl format u-boot, but require rcw.
Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
Reviewed-by: Alison Wang <alison.wang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Previously, dtoc could only process the top-level nodes which led to
device nodes in hierarchical trees to be ignored. E.g. the mmc0 node
in the following example would be ignored, as only the soc node was
processed:
/ {
soc {
mmc0 {
/* ... */
};
};
};
This introduces a recursive helper method ScanNode, which is used by
ScanTree to recursively parse the entire tree hierarchy.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When building u-boot tools in cross-build environment CFLAGS environment
variable set up for target is taken into an account when building code
for host. Make it empty on invocation of python.
This fixes the following build errors when cross-compiling for xtensa:
cc1: error: unrecognized command line option "-mlongcalls"
cc1: error: unrecognized command line option "-mauto-litpools"
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add the entry for the rk3188 requiring rc4-encryption of the SPL.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Rockchip SoCs allow the spl code to be rc4-encoded, not only the
image header, but only newer SoCs allow this encoding to be disabled.
The rk3188 is not part of those and requires its boot code to be
rc4-encoded with the regular key. So add the ability to do this
encoding via a setting on a per-soc basis when building spl images.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Kever Yang <kever.yang@rock-chips.com>
Right now the u-boot,dm-pre-reloc flag will make each marked node
always appear in both spl and tpl. But systems needing an additional
tpl might have special constraints for each, like the spl needing to
be very tiny.
So introduce two additional flags to mark nodes for only spl or tpl
environments and introduce a function dm_fdt_pre_reloc to automate
the necessary checks in code instances checking for pre-relocation
flags.
The behaviour of the original flag stays untouched and still marks
a node for both spl and tpl.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Kever Yang <kever.yang@rock-chips.com>
Richard reported U-Boot tools issues in OpenEmbedded/Yocto project.
OE needs to be able to change the default compiler. If we pass in
HOSTCC through the make command, it overwrites all HOSTCC instances,
including ones in tools/Makefile and tools/env/Makefile, which breaks
"make cross_tools" and "make env", respectively.
Add "override" directives to avoid overriding HOSTCC instances that
really need to point to the cross-compiler.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The size field in GP header that is expected by ROM is size of the
image + size of the header. But omapimage generates a gp header
only with size of the image as size field. Fix it
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
This tool does not work with Python 3. Change the shebang to make sure the
script is run by a Python 2 interpreter.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Currently upstream does not yet understand the imply keyword. For what
we use kconfiglib.py for today, this is OK. We only need to be able to
evaluate in order to make boards.cfg and none of those choices will
depend on how imply evaluates out.
Signed-off-by: Tom Rini <trini@konsulko.com>
This define is not used in tools sources and can be removed
to avoid unnecessary link between tools and defconfig
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit 94084eea3b ("tools: kwbimage: Fix dest addr") changed kwbimage
to do this adjustment. So now the adjustment in kwboot is not needed
(and would prevent UART booting for images generated by the new
kwbimage). Remove the destaddr adjustment in kwboot.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
The return value of fstat was not checked in kwbimage, and in the case
of an error, the already open file was not closed. Fix both errors.
Reported-by: Coverity (CID: 155971)
Reported-by: Coverity (CID: 155969)
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Signed-off-by: Stefan Roese <sr@denx.de>
The previous commit ("add a new command to show .config contents")
improves the basic infrastructure of "embed a compressed file into
the U-Boot image, and print it by a command". The same pattern for
the "license" command.
This commit reworks the command to improve the following:
[1] Improve log style
Kbuild style log
GZIP cmd/license_data.gz
CHK cmd/license_data_gz.h
UPD cmd/license_data_gz.h
CHK cmd/license_data_size.h
UPD cmd/license_data_size.h
instead of the bare Make log:
cat ./Licenses/gpl-2.0.txt | gzip -9 -c | \
tools/bin2header license_gzip > ./include/license.h
[2] Collect related code into the "cmd" directory
Prior to this commit, the license.h was created by tools/Makefile,
placed under the "include" directory, included from cmd/license.c,
and deleted by the top-level Makefile. It is not a good idea to
scatter related code.
[3] Drop the fixed-malloc size LICENSE_MAX
Just allocate the minimum required size of buffer because we know
the size of the original gpl-2.0.txt.
[4] Fix more issues
Terminate the buffer with zero to prevent puts() from over-running.
Add "static" to do_license.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When gathering addresses for the Cc list patman would encounter a
UnicodeDecodeError due to non-ascii characters in the author name.
Address this by explicitly using utf-8 when building the Cc list.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
As well as showing the number of boards, allow showing the actual list of
boards that would be built, if -v is provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is convenient to be able to deal with checkpatch warnings in the same
way as build warnings. Tools such as emacs and kate can quickly locate
the source file and line automatically.
To achieve this, adjust the format to match the C compiler, and output to
stderr.
Signed-off-by: Simon Glass <sjg@chromium.org>
If there is a '.' in a compatible string, then dtoc will produce a struct
with a name containing a '.'. This won't work, so replace it with '_'.
Also add a suitable test to the sandbox device tree to catch this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This patch adds a little tool that takes a generic MAC address and
generates a CRC byte for it. The output is the full MAC address without
any separators, ready written into an EEPROM.
Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This patch enables crc8 to be used from within the tools directory using
u-boot/crc.h.
Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
On platforms which do not require microcode in SPL, handle such
case like U-Boot proper.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
u_boot_spl_with_ucode_ptr is derived from u_boot_with_ucode_ptr,
hence it should call its parent's init.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To troubleshoot unexpected bhavior during building and what's more
important during execution it is strongly recommended to use recent
ARC toolchain, and so we're now referring to arc-2016.09 which is the
latest as of today.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We can use the same header length calculations for both imximage v1 and
v2. This addresses TODO comments about imximage v1 in the current code.
With this patch applied, *header_size_ptr in imximage_set_header() will
have the correct value for both imximage v1 and v2. This is necessary
for people wanting to add proprietary data behind the created imximage.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Cc: sbabic@denx.de
When we have python building tools for the host it will not check HOSTXX
variables but only XX variables, for example LDFLAGS and not
HOSTLDFLAGS.
Cc: Simon Glass <sjg@chromium.org>
Reported-by: Heiko Schocher <hs@denx.de>
Fixes: 1905c8fc71 ("build: Always build the libfdt python module")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Tested-by: Heiko Schocher <hs@denx.de>
The built _libfdt.so is placed in the /tools dir and need to say here
as it contains relative paths.
Add the directory to the python path so binman can use this module.
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
Do not rely on CONFIG_SPL_OF_PLATDATA to build the libfdt python module.
If swig is present, this will be build
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Some OS (all BSD and probably others) do not have python in /usr/bin
but in another directory.
It is a common usage to use /usr/bin/env python as shebang for python
scripts so use this for binman.
Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
This patch is fixing missing fclose() calls
in error patch introduced by:
"tools: mkimage: Use fstat instead of stat to avoid malicious hacks"
(sha1: ebe0f53f48)
Reported-by: Coverity (CID: 155064, 155065)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>