| Age | Commit message (Collapse) | Author |
|---|
|
This is a trivial but significant optimization:
mkimage took >200ms (and 49489 writes (of which 49456 512)),
now it takes 110ms (and 419 writes (of which 386 64k)).
sendfile is much more appropriate for this and is done in one syscall,
but doesn't bring any significant speedups over 64k r/w
at the 13M size ranges, so there's no need to introduce
#if __linux__
while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0)
;
if(size != -1) {
ret = 0;
goto out;
}
#endif
Also extract the buffer size to a macro.
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
|
|
A recent refactoring in image-host.c messed up the return values of
the function that reads the encryptiong keys. This patch fixes this
and also makes sure that error output goes to stderr instead of to
stdout.
Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>
|
|
When there is a lint error the user gets the following cryptic message:
binman: Node '/path/to/some/node': Yamllint error: 18: comments
This isn't very helpful. Improve the message to tell the user that the
number is actually a line number and also tell the user in which file
they have to look.
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.
Add the debug extension and enable it by default.
Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
The str[] buffer declared in make_flamegraph() is used to hold strings
representing the full call-stacks recorded in traces. The size of this
buffer is currently 500 characters and this works well for the documented
examples.
However, it is possible to exhaust this buffer when processing traces
captured when running the UEFI shell on aarch64 sandbox for example.
Indeed, the maximum length needed for such traces can reach 780 characters.
As it is difficult to evaluate the maximum size that would ever be needed
for all the possible traces, let's use a dynamically allocated `abuf'
instead, which we reallocate when needed.
This fixes the following error:
String too short (500 chars)
While at it, fix a few typos in strings and comments.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
|
|
Open for reading as O_RDONLY instead of O_RDWR:
the only usage of the fd is for the single read() below;
this prevented
mkimage -f auto -A arm64 \
-T kernel -C lz4 -d Image-6.6.15.lz4 \
-b mt8173-elm-hana-6.6.15.dtb outf
when the inputs were unwritable.
Link: https://bugs.debian.org/1063097
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
|
|
Prepare v2024.04-rc5
|
|
The "Series-patchwork-url:" tag description says that it overrides the
settings file but doesn't specify the name of the setting. Elsewhere
in the documentation about the "useful" settings we see a setting that
sounds promising called "patchwork_server" that's actually not a valid
setting. It should be "patchwork_url".
Fix these problems so the doc is right and more useful.
Signed-off-by: Douglas Anderson <dianders@chromium.org>
|
|
This moves us to our latest container image, which is now based on the
current "Jammy" tag.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
In order to support the reset pytest on QEMU on m68k platforms we need
to grab this change from upstream.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Currently, llvm-17 is the stable release. Update our container and CI to
fetch and use that.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Bootgen is used in a binman test. The test is skipped without the binary.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Fiptool is used in a binman test. The test is skipped without the binary.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
If the optional `tee.bin` OP-TEE binary is missing, the image will still be
functional. Adapt the warning message accordingly.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
\s is not a valid escape sequence in strings.
Mark regular expressions with r''.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
This moves us to our latest container image, which is now based on the
current "Jammy" tag.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
To make CI runs rely less on external servers, build a coreboot release
from source and populate /opt/coreboot with the output.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Modify imx8m Flex SPI Configuration Block to work with imxrt.
Add more Flex SPI configuration options to Kconfig.
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Tested-by: Adam Ford <aford173@gmail.com> #imx8mn-beacon
|
|
SafeConfigParser was renamed back in Python 3.2 (yes, no typo) to
ConfigParser[1], but it was still working as an alias until it got
removed in 3.12[2].
[1] https://docs.python.org/3.8/whatsnew/3.2.html#configparser
[2] https://github.com/python/cpython/pull/92503
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
|
|
As we have had this file for a while now, we should include installing
and populating our pip cache from here as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
This patch adds a function fit_image_read_key_iv_data that checks the
return value of snprintf and allows to generate a sensible error
message when generating binary images using filenames that are too
long for the OS to handle.
This is especially relevant for automated builds such as Buildroot and
Yocto builds.
Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>
|
|
Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Suggested-by: Nishanth Menon <nm@ti.com>
|
|
Move to the latest "Jammy" tag from Ubuntu.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
ACPI support for RISC-V requires a recent QEMU.
Upgrade the used QEMU to v8.2.0.
QEMU commit 0c7ffc977195 ("hw/net: cadence_gem: Fix MDIO_OP_xxx values")
is needed to fix the Ethernet PHY driver used by the emulated SiFive
Unleashed Board emulation.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2024.04-rc1-v2
xilinx:
- Enable NFS, WGET, DNS and BLKMAP by default
zynqmp:
- Support new power-management node
- Remove multiple blank lines from DTSes
- Wire multiboot with DFU infrastructure
- Fix i2c-gpio pinctrl group name
- SOM DT changes (phy on kd240, kv260 cleanups
- Cleanup i2c bus on zcu1285
- DT cleanup (fix node names not to use _)
- Fix USB interrupts
- Cleanup zcu100 DT
- Add support for kaslr-seed
zynqmp_r5:
- Fix W=1 issue with missing dir
tools:
- Improve zynqmpimage mkimage support
|
|
The "Sending patches" and "Patman patch manager" documents refer to the
three-dash, "---", that separates patch parts. The symbol is written in
the documentation in the same form as it is in actual patches: as three
U+002D HYPHEN-MINUS characters. When building the documentation, Sphinx
converts this symbol to a U+2014 EM DASH, that is invalid in this case.
Make the three-dash symbol a reStructuredText inline literal to prevent
its conversion; that is, enclose it in a pair of double backquotes (`).
Signed-off-by: Grzegorz Szymaszek <gszymaszek@short.pl>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
|
|
Commit cb9faa6f98ae ("tools: Use a single target-independent config to
enable OpenSSL") introduced a target-independent configuration to build
crypto features in host tools.
But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
host tools and SPL") the build without OpenSSL is broken, due to FIT
signature/encryption features. Add missing conditional compilation
tokens to fix this.
Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
Tested-by: Alexander Dahl <ada@thorsis.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Some users want to build with CONFIG_TOOLS_LIBCRYPTO disabled, which in
general is possible for at least some boards. 32-bit mvebu however
requires kwbimage for building SPL, and kwbimage has a hard dependency
to host OpenSSL.
The new symbol CONFIG_TOOLS_KWBIMAGE allows disabling kwbimage build on
non-mvebu platforms, and thus building without host libcrypto from
OpenSSL.
Based on previous work and discussions, see links below.
Link: https://lore.kernel.org/u-boot/20211021093304.25399-1-pali@kernel.org/
Link: https://lore.kernel.org/u-boot/20220111153120.1276641-1-marex@denx.de/
Link: https://lore.kernel.org/u-boot/20230121154743.667253-2-paulerwan.rio@gmail.com/
Cc: Marek Vasut <marex@denx.de>
Cc: Paul-Erwan Rio <paulerwan.rio@gmail.com>
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Each partition may belong to an image, which has a name. That name can
be useful for debugging as it helps identify where the partition came
from.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-4-brandon.maier@collins.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
Extract partitions from a Xilinx Boot Image using dumpimage.
Add helper for_each_zynqmp_part() to reuse the partition walking code
between the printing and extracting functions.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-3-brandon.maier@collins.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
Two of the partition size fields are not printed. Currently only the
"total" size is displayed, which is the size of the image data
(encrypted), padding, expansion, and authentication data. Add the
"unencrypted data" size, which is the original size of the data before
being encrypted. And "encrypted data" size, which is just the encrypted
data.
To avoid printing useless information, only print the encrypted and
unencrypted sizes if they are different from the total.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-2-brandon.maier@collins.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
The zynqmpimage_print_header() skips printing the first partition. This
is because the image header can contain duplicate fields as the first
partition. However some fields, like the partition attributes, are only
present in the partition table. It is also possible for the first
partition to not be declared in the image header, if the image is not a
bootloader image.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Link: https://lore.kernel.org/r/20240104185258.39465-1-brandon.maier@collins.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
Add dedicated Makefile targets for the i.MX93 and a new imx93-u-boot.dtsi
device-tree to create binman images.
Signed-off-by: Mathieu Othacehe <m.othacehe@gmail.com>
|
|
As already done for NOR chips, if device ESIZE and ENVSECTORS static
configurations are both zero, then autodetect them at runtime.
Cc: Joe Hershberger <joe.hershberger@ni.com>
cc: Stefan Agner <stefan@agner.ch>
cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Anthony Loiseau <anthony.loiseau@allcircuits.com>
|
|
It's totally valid for read() to provide less bytes than requested
maximum. It may happen if there is no more data available yet or source
pushes data in small chunks.
This actually happens when trying to read env data from NVMEM device.
Kernel may provide NVMEM content in page size parts (like 4096 B).
This fixes warnings like:
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 16384 bytes but got 4096
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 12288 bytes but got 4096
Warning on /sys/bus/nvmem/devices/u-boot-env0/nvmem: Attempted to read 8192 bytes but got 4096
Since the main loop in flash_read_buf() is used to read blocks this
patch adds a new nested one.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
Rename "addr0" and "addr1" to "buf0" and "buf1" accordingly. Name "addr"
suggests that variable contains a numeric value being some kind of
address. Name "buf" is de facto a standard name for pointer to allocated
memory for reading data to.
While at it drop redundant checks for NULL before calling free().
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
Call to fread() was changed to check for return value. The problem is it
can't be checked for returning 1 (as it is) to determine success.
We call fread() with buffer size as "size" argument. Reading any
"compatible" value shorter than buffer size will result in returning 0
even on success.
Modify code to use fstat() to determine expected read length.
This fixes regression that broke using fw_env with NVMEM devices.
Fixes: c059a22b7776 ("tools: env: fw_env: Fix unused-result warning")
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
Manorit Chawdhry <m-chawdhry@ti.com> says:
K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle.
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/4cead2fb3a19eb5d19005b3f54682627
CICD Run: https://github.com/u-boot/u-boot/pull/442
|
|
Add test for TI firewalling node in ti-secure.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
Fix the error message to not use dst and use self as it is copying the
properties to self.
While using templating if there are no subnodes defined, we end up in
this situation where "dst" isn't defined and it tries to print the error
message and fails.
'UnboundLocalError: local variable 'dst' referenced before assignment'
Fixes: 55e1278d5eca ("dtoc: Allow inserting a list of nodes into another")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The existing bootph binding is defined such that properties in a
subnode are also implied in the supernode also, as in this example:
buttons {
/* bootph,pre-ram is implied by btn1 */
compatible = "gpio-keys";
btn1 {
bootph,pre-ram;
gpios = <&gpio_a 3 0>;
label = "button1";
linux,code = <BTN_1>;
};
Provide an option to implement this in fdtgrep.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The h_include() function includes a piece which checks if a node
contains a property being searched for. Move this into its own
function to reduce the size of the h_include() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The code to invert the match in h_include() is a bit convoluted.
Simplify it by using disp->invert only once.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Copy the comment from fdt_first_region() so that it is clear what value
this function returns.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The function name is actually fdtgrep_find_regions() so update the name
in comments accordinging.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Two of the flags are out of order, so fix this.
Also adjust the ordering of one flag in the main switch()
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Align the code with the upstream version at fdt-tools which had a few
tweaks before being applied.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Pytest 7.4.3 complains if a variable is used in a finally clause without
having been initialized before the try clause.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
%s/cotaining/containing/
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
