Commit Graph

464 Commits

Author SHA1 Message Date
Gerhard Sittig
c8605bb4d8 patman: README documentation nits (unit test)
adjust instructions for the invocation of Patman's self test: the -t
flag appears to have a different meaning now, refer to the --test option
for the builtin unit test; adjust a directory location and make sure to
run the file which resides in the source directory

Signed-off-by: Gerhard Sittig <gsi@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2013-07-15 17:06:09 -04:00
Tom Rini
fbbbc86e8e Merge branch 'master' of git://git.denx.de/u-boot-arm
Fix a trivial conflict in arch/arm/dts/exynos5250.dtsi about gpio and
serial.

Conflicts:
	arch/arm/dts/exynos5250.dtsi

Signed-off-by: Tom Rini <trini@ti.com>
2013-07-12 10:36:48 -04:00
Andreas Bießmann
d4125ebc8d tools/proftool: remove REG_NOERROR
Remove non portable usage of REG_NOERROR.
BSD (like OS X) variants of regex.h do not declare REG_NOERROR, even GNU
regex(3) does not mention REG_NOERROR, just remove it.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Acked-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2013-07-03 09:35:37 -04:00
Simon Glass
29ce737d6f mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-28 16:26:52 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
399c744b22 mkimage: Add -r option to specify keys that must be verified
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.

But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.

Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.

If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
4f61042701 mkimage: Add -c option to specify a comment for key signing
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
95d77b4479 mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
e29495d37f mkimage: Add -K to write public keys to an FDT blob
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
80e4df8ac6 mkimage: Add -k option to specify key directory
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.

Also update the mkimage man page with this information and a clearer list
of available commands.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-06-26 10:18:56 -04:00
Simon Glass
19c402afa2 image: Add RSA support for image signing
RSA provides a public key encryption facility which is ideal for image
signing and verification.

Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.

This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
3e569a6b1e image: Add signing infrastructure
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
6c887b2acb Add proftool to decode profile data
This tool provides the facility to decode U-Boot trace data and write out
a text file in Linux ftrace format for use with pytimechart.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:16:41 -04:00
Mike Dunn
3497d43215 pxa: palmtreo680 flash programming utility
This adds a userspace linux utility that writes the u-boot image to an mtd
partition on the docg4 nand flash.

A special utility is required to do this because u-boot is partially loaded by
an initial program loader (IPL) that is permanently programmed to the boot
region of the flash.  This IPL expects the image to be written in a unique
format. The characteristics of this format can be summarized as follows:
  - Flash blocks to be loaded must have a magic number in the oob bytes of the
    first page of the block.
  - Each page must be written redundantly in the subsequent page.
  - The integrated flash controller's "reliable mode" is used, requiring that
    alternate 2k regions (4 pages) are skipped when writing.
For these reasons, a u-boot image can not be written using nandwrite from
mtd-utils.

Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
2013-06-22 15:25:28 +02:00
Chris Packham
0d3efd8056 powerpc/CoreNet: Allow pbl images to take u-boot images != 512K
Instead of assuming that SYS_TEXT_BASE is 0xFFF80000 calculate the initial
pbl command offset by subtracting the image size from the top of the
24-bit address range. Also increase the size of the memory buffer to
accommodate a larger output image.

Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: Andy Fleming <afleming@freescale.com>
2013-06-20 17:08:52 -05:00
Tom Rini
41341221d1 Merge branch 'master' of git://git.denx.de/u-boot-arm
Small conflict over DRA7XX updates and adding SRAM_SCRATCH_SPACE_ADDR

Conflicts:
	arch/arm/include/asm/arch-omap5/omap.h

Signed-off-by: Tom Rini <trini@ti.com>
2013-06-13 15:16:15 -04:00
Albert ARIBAUD
10e167329b Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'
Conflicts:
	drivers/serial/Makefile
2013-06-08 14:35:10 +02:00
Tom Rini
397bfd4642 checkpatch.pl: Add 'printf' to logFunctions
Signed-off-by: Tom Rini <trini@ti.com>
2013-06-06 09:28:19 -04:00
Simon Glass
2434c66da0 mkimage: Add map_sysmem() and IH_ARCH_DEFAULT to simplfy building
These are not actually used in mkimage itself, but the image code (which
is common with mkimage) does use them. To avoid #ifdefs in the image code
just for mkimage, define dummy version of these here. The compiler will
eliminate the dead code anyway.

A better way to handle this might be to split out more things from common.h
so that mkimage can include them. At present any file that mkimage uses
has to be very careful what headers it includes.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Otavio Salvador
a7efb02636 wandboard: Add Boot Splash image with Wandboard logo
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2013-06-03 14:26:22 +02:00
Otavio Salvador
96903dae0e build: Use generic boot logo matching
The boot logo matching is now done in following way:

 - use LOGO_BMP if it is set, or
 - use $(BOARD).bmp if it exists in tools/logos, or
 - use $(VENDOR).bmp if it exists in tools/logos, or
 - use denx.bmp otherwise.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Acked-by: Wolfgang Denk <wd@denx.de>
2013-06-03 14:18:28 +02:00
Albert ARIBAUD
a19b0dd62d Merge branch 'u-boot/master' into 'u-boot-arm/master'
Conflicts:
	common/cmd_fpga.c
	drivers/usb/host/ohci-at91.c
2013-05-30 14:45:06 +02:00
Simon Glass
cce717a96c buildman: Produce a sensible error message when branch is missing
Rather than a backtrace, produce a nice error message when an invalid
branch is provided to buildman.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:58 -04:00
Simon Glass
aa6d6db4d4 mkimage: Put FIT loading in function and tidy error handling
The fit_handle_file() function is quite long - split out the part that
loads and checks a FIT into its own function. We will use this
function for storing public keys into a destination FDT file.

The error handling is currently a bit repetitive - tidy it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
bbb467dc3c image: Rename fit_add_hashes() to fit_add_verification_data()
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
b7260910dc image: Convert fit_image_hash_set_value() to static, and rename
This function doesn't need to be exported, and with verification
we want to use it for setting the 'value' property in any node,
so rename it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
94e5fa46a0 image: Split hash node processing into its own function
This function has become quite long and much of the body is indented quite
a bit. Move it into a separate function to make it easier to work with.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
604f23dde0 image: Move HOSTCC image code to tools/
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
53fbb7e885 image: Split FIT code into new image-fit.c
The FIT code is about half the size of the >3000-line image.c. Split this
code into its own file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
816cb037ad mkimage: Move ARRAY_SIZE to header file
Move this definition from aisimage.c to mkimage.h so that it is available
more widely.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:24 -04:00
Albert ARIBAUD
ec7023db8d Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'
Conflicts:
	drivers/mtd/nand/mxc_nand_spl.c
	include/configs/m28evk.h
2013-05-11 09:25:36 +02:00
Michal Simek
e85707570c patman: Do not hardcode python path
Patman requires python 2.7.4 to run but it doesn't
need to be placed in /usr/bin/python.
Use env to ensure that the interpreter used is
the first one on environment's $PATH on system
with several versions of Python installed.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@ti.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-05-09 14:27:41 -07:00
Simon Glass
f0b739f15f buildman: Allow conflicting tags to avoid spurious errors
Conflicting tags can prevent buildman from building two series which exist
one after the other in a branch. There is no reason not to allow this sort
of workflow with buildman, so ignore conflicting tags in buildman.

Change-Id: I2231d04d8684fe0f8fe77f8ea107e5899a3da5e8
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@ti.com>
2013-05-09 14:27:38 -07:00
Marek Vasut
895d996676 imx: Align the imximage header and payload to multiples of 4k
The MX53 ROM loads the data from NAND in multiples of pages and
supports maximum page size of 4k. Thus, align the image and header
to 4k to be safe from ROM bugs.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Tom Rini <trini@ti.com>
2013-05-05 17:45:04 +02:00
Marek Vasut
6cb83829a0 tools: arm: imx: Implement BOOT_OFFSET command for imximage
Implement BOOT_OFFSET command for imximage. This command is parallel
to current BOOT_FROM command, but allows more flexibility in configuring
arbitrary image header offset. Also add an imximage.cfg with default
offset values into arm/arch/imx-common/ so the board-specific imximage.cfg
can include this file to avoid magic constants.

The syntax of BOOT_OFFSET command is "BOOT_OFFSET <u32 offset>".

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Tom Rini <trini@ti.com>
Acked-by: Stefano Babic <sbabic@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
2013-04-28 11:18:03 +02:00
Otavio Salvador
8de16794a0 mxs: mxsboot: Move sdcard BCB header to 4 sectors offset
The MX23 Boot ROM does blindly load from 2048 offset while the MX28
does parse the BCB header to known where to load the image from. We
move the BCB header to 4 sectors offset so same code can be used by
both SoCs avoiding code duplication.

This idea was given by Marek Vasut <marex@denx.de>

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Tested-by: Marek Vasut <marex@denx.de>
2013-04-26 09:16:48 +02:00
Andreas Bießmann
2386060c16 patman: fix gitutil for decorations
The git config parameter log.decorate is quite useful when working with git.
Patman, however can not handle the decorated output when parsing the commit.
To prevent this use the '--no-decorate' switch for git-log.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-04-18 16:16:32 -04:00
Simon Glass
669dfc2ed8 fdt: Ensure that libfdt_env.h comes from U-Boot
When building host utilities, we include libfdt.h from the host, not from
U-Boot. This in turn brings in libfdt_env.h from the host, which can mess
up the types and cause a build failure, depending on the host environment.
To fix this, force inclusion of U-Boot's libfdt_env.h so that the types
are correct.

Another way to fix this is to use -nostdinc and -idirafter to ensure that
system includes are included after U-Boot ones. Unfortunately this means
that U-Boot's errno.h gets included instead of the system one. This in
turn requires a hack to errno.h to redirect things, so all in all the
solution in this patch is probably cleaner.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-04-17 10:58:51 -04:00
Albert ARIBAUD
1812201997 Merge branch 'u-boot/master' into 'u-boot-arm/master'
Conflicts:
	drivers/video/exynos_fb.c
2013-04-12 22:07:57 +02:00
Benoît Thébaudeau
2979b26323 autoconfig.mk: Make it possible to define configs from other configs
Give more flexibility to define configs that can be interpreted by make, e.g. to
define fallback values of configs like in the example below.

Before this change, the config lines:
 #define CONFIG_SPL_MAX_SIZE	2048
 #define CONFIG_SPL_PAD_TO	CONFIG_SPL_MAX_SIZE
would have been changed in autoconfig.mk into:
 CONFIG_SPL_MAX_SIZE=2048
 CONFIG_SPL_PAD_TO="CONFIG_SPL_MAX_SIZE"

Hence, a make recipe using as an argument to $(OBJCOPY):
 --pad-to=$(CONFIG_SPL_PAD_TO)
would have issued:
 --pad-to="CONFIG_SPL_MAX_SIZE"
which means nothing for $(OBJCOPY) and makes it fail.

Thanks to this change, the config lines above are changed in autoconfig.mk into:
 CONFIG_SPL_MAX_SIZE=2048
 CONFIG_SPL_PAD_TO=$(CONFIG_SPL_MAX_SIZE)

Hence, the make recipe above now issues:
 --pad-to=2048
as expected from the defined config.

Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Reviewed-by: Tom Rini <trini@ti.com>
2013-04-12 07:55:06 +02:00
Joe Hershberger
785881f775 env: Add redundant env support to UBI env
Allow the user to specify two UBI volumes to use for the environment

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2013-04-11 15:52:55 -04:00
Joe Hershberger
2b74433f36 env: Add support for UBI environment
UBI is a better place for the environment on NAND devices because it
handles wear-leveling and bad blocks.

Gluebi is needed in Linux to access the env as an MTD partition.

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2013-04-11 15:52:55 -04:00
Simon Glass
645b271a60 patman: Add Series-process-log tag to sort/uniq change logs
For some series with lots of changes it is annoying that duplicate change
log items are not caught. It is also helpful sometimes to sort the change
logs.

Add a Series-process-log tag to enable this, which can be placed in a
commit to control this.

The change to the Cc: line is to fix a checkpatch warning.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
2013-04-08 15:21:22 -07:00
Simon Glass
902a9715ea patman: Add -a option to refrain from test-applying the patches
Especially with the Linux kernel, it takes a long time (a minute or more)
to test-apply the patches, so patman becomes significantly less useful.
The only real problem that is found with this apply step is trailing spaces.
Provide a -a option to skip this step, for those working with clean patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
2013-04-08 15:21:22 -07:00
Doug Anderson
68618281e5 patman: Don't barf if the word 'commit' starts a line
Patman's regular expression for detecting the start of a
commit in a git log was a little simplistic and could be
confused if the git log itself had the word "commit" as
the start of a line (as this commit does).  Make patman
a little more robust.

Signed-off-by: Doug Anderson <dianders@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2013-04-08 15:21:20 -07:00
Simon Glass
a1318f7cdc patman: Provide option to ignore bad aliases
Often it happens that patches include tags which don't have aliases. It
is annoying that patman fails in this case, and provides no option to
continue other than adding empty tags to the .patman file.

Correct this by adding a '-t' option to ignore tags that don't exist.
Print a warning instead.

Since running the tests is not a common operation, move this to --test
instead, to reserve -t for this new option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
2013-04-08 15:09:03 -07:00
Josh Wu
8bf3c32285 logo: update to the new logo for ATMEL
Atmel change to new logo since 2012. This patch update the logo to new one.

Signed-off-by: Josh Wu <josh.wu@atmel.com>
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
2013-04-05 21:49:37 +02:00
Simon Glass
fc3fe1c287 buildman - U-Boot multi-threaded builder and summary tool
This tool handles building U-Boot to check that you have not broken it
with your patch series. It can build each individual commit and report
which boards fail on which commits, and which errors come up. It also
shows differences in image sizes due to particular commits.

Buildman aims to make full use of multi-processor machines.

Documentation and caveats are in tools/buildman/README.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-04-04 14:04:35 -07:00
Simon Glass
3fefd5efa6 patman: Ignore all Gerrit Commit-* tags
These tags are used by Gerrit, so let's ignore all of them.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
2013-04-04 14:04:35 -07:00