Simon Glass [Fri, 12 Nov 2021 19:28:08 +0000 (12:28 -0700)]
tools: Avoid confusion between keys and signatures
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Simon Glass [Fri, 12 Nov 2021 19:28:05 +0000 (12:28 -0700)]
tools: Avoid leaving extra data at the end of copied files
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.
The definition of struct udphdr in include netinet/udp.h in the
musl library differs from the definition in the glibc library.
To use the same definition with musl the symbol _GNU_SOURCE has
to be defined.
Reported-by: Milan P. Stanić <mps@arvanta.net> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Milan P. Stanić <mps@arvanta.net>
Simon Glass [Mon, 10 Jan 2022 03:14:09 +0000 (20:14 -0700)]
binman: Plumb in support for missing bintools
Bintools can be missing, in which case binman continues operation but
reports an invalid image. Plumb in support for this and add tests for
entry types which use bintools.
Simon Glass [Mon, 10 Jan 2022 03:14:07 +0000 (20:14 -0700)]
binman: Add a bintool implementation for lzma_alone
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lzma-alone package.
Simon Glass [Mon, 10 Jan 2022 03:14:05 +0000 (20:14 -0700)]
binman: Add a bintool implementation for lz4
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lz4 package.
Simon Glass [Mon, 10 Jan 2022 03:14:03 +0000 (20:14 -0700)]
binman: Move compression into binman
The compression functions are not actually used by patman, so we don't
need then in the tools module. Also we want to change them to use
bintools, which patman will not support.
Move these into a new comp_util module, within binman.
Simon Glass [Mon, 10 Jan 2022 03:14:02 +0000 (20:14 -0700)]
binman: Convert to using the mkimage bintool
Update the fit and mkimage entry types to use this bintool, instead of
running mkimage directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Simon Glass [Mon, 10 Jan 2022 03:14:01 +0000 (20:14 -0700)]
binman: Convert to using the ifwitool bintool
Update the ifwi entry type to use this bintool, instead of running
ifwitool directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Simon Glass [Mon, 10 Jan 2022 03:14:00 +0000 (20:14 -0700)]
binman: Convert to using the futility bintool
Update the GBB and vblock entry types to use this bintool, instead of
running futility directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Simon Glass [Mon, 10 Jan 2022 03:13:59 +0000 (20:13 -0700)]
binman: Convert to using the FIP bintool
Update the FIP tests to use this bintool, instead of running fiptool
directly. This simplifies the code and provides more consistency as well
as supporting missing bintools.
Simon Glass [Mon, 10 Jan 2022 03:13:58 +0000 (20:13 -0700)]
binman: Convert to using the CBFS bintool
Update the CBFS tests to use this bintool, instead of running cbfstool
directly. This simplifies the overall code and provides more consistency,
as well as supporting missing bintools.
Simon Glass [Mon, 10 Jan 2022 03:13:56 +0000 (20:13 -0700)]
binman: Add a bintool implementation for mkimage
Add a Bintool for this, which is used to build images for use by U-Boot.
It supports the features needed by binman as well as installing via the
u-boot-tools packages. Although this is built in the U-Boot tree, it is
still useful to install a binary on the system.
Simon Glass [Mon, 10 Jan 2022 03:13:55 +0000 (20:13 -0700)]
binman: Add a bintool implementation for ifwitool
Add a Bintool for this, which is used to build Intel IFWI images. It
supports the features needed by the tests as well as downloading a binary
from Google Drive. Although this is built in the U-Boot tree, it is not
currently included with u-boot-tools, so it may be useful to install a
binary on the system.
Simon Glass [Mon, 10 Jan 2022 03:13:54 +0000 (20:13 -0700)]
binman: Add a bintool implementation for futility
Add a Bintool for this, which is used to sign Chrome OS images and
build the Google Binary Block (GBB). It supports the features needed by
binman as well as fetching a binary from Google Drive. Building it from
source is possible but is left for another time, as it requires at least
one other library.
Simon Glass [Mon, 10 Jan 2022 03:13:52 +0000 (20:13 -0700)]
binman: Add a bintool implementation for cbfstool
Add a Bintool for this, which is used to run CBFS tests. It supports
the features needed by the tests as well as fetching a binary from
Google Drive. Building it from source is very slow since it is not
separately supported by the coreboot build system and it builds an
entire gcc toolchain before starting.
Simon Glass [Mon, 10 Jan 2022 03:13:49 +0000 (20:13 -0700)]
binman: Add support for bintools
Binman requires various tools to actually work, such as 'lz4' to compress
data and 'futility' to sign Chrome OS firmware. At present these are
handled in an ad-hoc manner and there is no easy way to find out what
tools are needd to build an image, nor where to obtain them.
Add an implementation of 'bintool', a base class which implements this
functionality. When a bintool is required, it can be requested from this
module, then executed. When the tool is missing, it can provide a way to
obtain it.
Note that this uses Command directly, not the tools.Run() function. This
allows proper handling of missing tools and avoids needing to catch and
re-raise exceptions.
Simon Glass [Mon, 10 Jan 2022 03:13:46 +0000 (20:13 -0700)]
binman: Allow faked blobs in blob-ext-list
Since this is a list of blobs, each blob should have the ability to be
faked, as with blob-ext. Update the Entry base class to set allow_fake
and use the base class in the section code also, so that this propagagtes
to blob-ext-list, which is not a section.
Simon Glass [Mon, 10 Jan 2022 03:13:43 +0000 (20:13 -0700)]
patman: Add a function to find a tool on the path
The Run() function automatically uses the PATH variable to locate a tool
when running it. Add a function that does this manually, so we don't have
to run a tool to find out if it is present.
This is needed by the new Bintool class, which wants to check which tools
are present.
Simon Glass [Mon, 10 Jan 2022 03:13:40 +0000 (20:13 -0700)]
patman: Allow running a tool and returning the full result
Add a new function which returns the entire result from running a tool,
not just stdout. Update Run() to use this and to return stdout on error,
if stderr is empty, since some unfortunate tools write their error
output to stdout rather than stderr.
Move building of the PATH to a separate function.
Make the exception catching more specific, to catch just ValueError, since
broad exceptions are a pain to debug.
Simon Glass [Mon, 10 Jan 2022 03:13:37 +0000 (20:13 -0700)]
binman: Tweak elf tests for a toolchain change
Some newer toolchains do not create a symbol for the .ucode section that
this test relies on. Update the test to use the symbol that is explicitly
created, instead.
Patrice Chotard [Tue, 4 Jan 2022 07:42:48 +0000 (08:42 +0100)]
dm: Fix OF_BAD_ADDR definition
When OF_LIVE flag is enabled on a 64 bits platform, there is an
issue when dev_read_addr() is called and need to perform an address
translation using __of_translate_address().
In case of error, __of_translate_address() return's value is OF_BAD_ADDR
(wich is defined in include/dm/of.h to ((u64)-1) = 0xffffffffffffffff).
The return value of dev_read_addr() is often compared to FDT_ADDR_T_NONE
which is defined as (-1U) = 0xffffffff.
In this case the comparison is always false.
To fix this issue, define FDT_ADDR_T_NONE to (ulong)(-1) in case of
AARCH64. Update accordingly related tests.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Rasmus Villemoes [Sun, 21 Nov 2021 13:52:51 +0000 (14:52 +0100)]
introduce CONFIG_DEVICE_TREE_INCLUDES
The build system already automatically looks for and includes an
in-tree *-u-boot.dtsi when building the control .dtb. However, there
are some things that are awkward to maintain in such an in-tree file,
most notably the metadata associated to public keys used for verified
boot.
The only "official" API to get that metadata into the .dtb is via
mkimage, as a side effect of building an actual signed image. But
there are multiple problems with that. First of all, the final U-Boot
(be it U-Boot proper or an SPL) image is built based on a binary
image, the .dtb, and possibly some other binary artifacts. So
modifying the .dtb after the build requires the meta-buildsystem
(Yocto, buildroot, whatnot) to know about and repeat some of the steps
that are already known to and handled by U-Boot's build system,
resulting in needless duplication of code. It's also somewhat annoying
and inconsistent to have a .dtb file in the build folder which is not
generated by the command listed in the corresponding .cmd file (that
of course applies to any generated file).
So the contents of the /signature node really needs to be baked into
the .dtb file when it is first created, which means providing the
relevant data in the form of a .dtsi file. One could in theory put
that data into the *-u-boot.dtsi file, but it's more convenient to be
able to provide it externally: For example, when developing for a
customer, it's common to use a set of dummy keys for development,
while the consultants do not (and should not) have access to the
actual keys used in production. For such a setup, it's easier if the
keys used are chosen via the meta-buildsystem and the path(s) patched
in during the configure step. And of course, nothing prevents anybody
from having DEVICE_TREE_INCLUDES point at files maintained in git, or
for that matter from including the public key metadata in the
*-u-boot.dtsi directly and ignore this feature.
There are other uses for this, e.g. in combination with ENV_IMPORT_FDT
it can be used for providing the contents of the /config/environment
node, so I don't want to tie this exclusively to use for verified
boot.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Fix doc formatting error (make htmldocs) Signed-off-by: Simon Glass <sjg@chromium.org>
Sean Anderson [Fri, 5 Nov 2021 16:52:55 +0000 (12:52 -0400)]
usb: Use the first available device for ehci_gadget
For whatever reason, usb_setup_ehci_gadget removes and probes USB device
0. However, not all systems have a device 0. Use the first device
instead.
The device probed should probably have something to do with the
controller (as specified by e.g. ums <controller> or fastboot
<controller>). In fact, I find it odd that we probe the USB device in
the first place, because this is just to set up the gadget itself.
Presumably, the controller should be probed by usb_gadget_initialize
somehow.
Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Simon Glass [Wed, 1 Dec 2021 16:03:04 +0000 (09:03 -0700)]
acpi: Collect tables in the acpi_item list
At present this list is used to collect items within the DSDT and SSDT
tables. It is useful for it to collect the whole tables as well, so there
is a list of what was created and which write created each one.
Simon Glass [Wed, 1 Dec 2021 16:02:55 +0000 (09:02 -0700)]
x86: Move FACP table into separate functions
Each board has its own way of creating this table. Rather than calling the
acpi_create_fadt() function for each one from a common acpi_write_fadt()
function, just move the writer into the board-specific code.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Simon Glass [Wed, 1 Dec 2021 16:02:48 +0000 (09:02 -0700)]
x86: acpi: Split out context creation from base tables
At present acpi_setup_base_tables() both sets up the ACPI context and
writes out the base tables.
We want to use an ACPI writer to write the base tables, so split this
function into two, with acpi_setup_ctx() doing the context set, and
acpi_setup_base_tables() just doing the base tables.
Disable the writer's write_acpi_tables() function for now, to avoid
build errors. It is enabled in a following patch.
Simon Glass [Wed, 1 Dec 2021 16:02:47 +0000 (09:02 -0700)]
acpi: Add a linker list for ACPI tables
At present we call lots of functions to generate the required ACPI tables.
It would be better to standardise these functions and allow them to be
automatically collected and used when needed.
Simon Glass [Wed, 1 Dec 2021 16:02:44 +0000 (09:02 -0700)]
acpi: Allow include files within the board directory
Some .asl files include others using the iasl 'include' directive. This
needs to be able to find the files referenced.
For an out-of-tree build the source directory is not the current
directory. Moreover, U-Boot preprocesses the input file and puts the
result in the output directory. So iasl does not know where the real
source file came from.
Add a -I option to produce the correct behaviour. We could add an option
to not preprocess the .asl source, but for now that seems unnecessary.
Simon Glass [Wed, 1 Dec 2021 16:02:43 +0000 (09:02 -0700)]
acpi: Use finer-grained control of ACPI-table generation
Rather than keying everything off ACPIGEN, use the main
GENERATE_ACPI_TABLE option to determine whether the core ACPI code
is included. Make sure these option are not enabled in SPL/TPL since we
never generate tables there.
Simon Glass [Wed, 1 Dec 2021 16:02:42 +0000 (09:02 -0700)]
efi: Correct address handling with ACPI tables
The current EFI implementation confuses pointers and addresses. Normally
we can get away with this but in the case of sandbox it causes failures.
Despite the fact that efi_allocate_pages() returns a u64, it is actually
a pointer, not an address. Add special handling to avoid a crash when
running 'bootefi hello'.
Tom Rini [Tue, 25 Jan 2022 13:01:43 +0000 (08:01 -0500)]
Merge branch '2022-01-24-assorted-updates'
- A number of cleanups to Python code based on running pylint
- Integrate changes so that we can run "make pylint" and compare the
results to a current baseline. Keep this as a manual check for now.
- Improve functionality of moveconfig.py
- pci: iproc: Set all 24 bits of PCI class code
Simon Glass [Sat, 18 Dec 2021 21:54:34 +0000 (14:54 -0700)]
moveconfig: Use a function to read files
At present there is quite a bit of ad-hoc code reading from files. The
most common case is to read the file as lines. Put it in a function and
set the unicode encoding correctly.
Avoid writing back to a file when there are obviously no changes as this
speeds things up slightly.
Simon Glass [Sat, 18 Dec 2021 21:54:33 +0000 (14:54 -0700)]
moveconfig: Use a function to write files
At present there is quite a bit of ad-hoc code writing to files. The
treatment of newlines is different in some of them. Put it in a function
and set the unicode encoding correctly.
Simon Glass [Sat, 18 Dec 2021 21:54:31 +0000 (14:54 -0700)]
moveconfig: Convert to ArgumentParser
This is a newer library and is now preferred for Python scripts. Update
the code to use it instead of optparse
Use 'args' instead of 'options' throughout, since this is the term used
in that module. Also it helps to avoid confusion with CONFIG options, a
term that is used in this file.
Simon Glass [Sat, 18 Dec 2021 15:09:46 +0000 (08:09 -0700)]
moveconfig: Allow querying board configuration
It is useful to be able to find out which boards define a particular
option, or combination of options. This is not as easy as grepping the
defconfig files since many options are implied by others.
Add a -f option to the moveconfig tool to permit this. Update the
documentation to cover this, including a better title for the doc page.