summaryrefslogtreecommitdiff
path: root/tools
AgeCommit message (Collapse)Author
2017-01-14mkimage: Add support for signing with pkcs11George McCollister
Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-02Merge branch 'master' of git://www.denx.de/git/u-boot-imxTom Rini
2017-01-02tools: binman: Use /usr/bin/env to find python executableEmmanuel Vadot
Some OS (all BSD and probably others) do not have python in /usr/bin but in another directory. It is a common usage to use /usr/bin/env python as shebang for python scripts so use this for binman. Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
2017-01-02tools: mkimage: add firmware-ivt image type for HAB verificationSven Ebenfeld
When we want to use Secure Boot with HAB from SPL over U-Boot.img, we need to append the IVT to the image and leave space for the CSF. Images generated as firmware_ivt can directly be signed using the Freescale code signing tool. For creation of a CSF, mkimage outputs the correct HAB Blocks for the image. The changes to the usual firmware image class are quite small, that is why I implemented that directly into the default_image. Cc: sbabic@denx.de v2-Changes: None Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com> Reviewed-by: George McCollister <george.mccollister@gmail.com> Tested-by: George McCollister <george.mccollister@gmail.com>
2016-12-27tools: mkimage: Call fclose in error pathMichal Simek
This patch is fixing missing fclose() calls in error patch introduced by: "tools: mkimage: Use fstat instead of stat to avoid malicious hacks" (sha1: ebe0f53f48e8f9ecc823e533a85b05c13638c350) Reported-by: Coverity (CID: 155064, 155065) Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-27relocate-rela: use compiler.h endian macrosJonathan Gray
Use the endian macros from u-boot's compiler.h instead of duplicating the definitions. This also avoids a build error on OpenBSD by removing swap64 which collides with a system definition in endian.h pulled in by inttypes.h. Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
2016-12-26binman: Remove hard-coded file name for x86 CMC/FSP/VGABin Meng
Now that we have added file names from Kconfig in x86 u-boot.dtsi, update binman to avoid using hard-coded names. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-20Merge git://git.denx.de/u-boot-dmTom Rini
2016-12-20binman: Drop microcode features from ifdtoolSimon Glass
Now that binman supports creating images with microcode, drop the code from ifdtool. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Automatically include a U-Boot .dtsi fileSimon Glass
For boards that need U-Boot-specific additions to the device tree, it is a minor annoyance to have to add these each time the tree is synced with upstream. Add a means to include a file (e.g. u-boot.dtsi) automatically into the .dts file before it is compiled. The file uses is the first one that exists in this list: arch/<arch>/dts/<board.dts>-u-boot.dtsi arch/<arch>/dts/<soc>-u-boot.dtsi arch/<arch>/dts/<cpu>-u-boot.dtsi arch/<arch>/dts/<vendor>-u-boot.dtsi arch/<arch>/dts/u-boot.dtsi Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Tom Rini <trini@konsulko.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Add support for building x86 images with FSP/CMCSimon Glass
Add support for two more from the inexhaustible supply of x86 binary blob types. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Add support for building x86 ROMs with SPLSimon Glass
When building for 64-bit x86 we need an SPL binary in the ROM. Add support for this. Also increase entry test code coverage to 100%. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Add support for u-boot.img as an input binarySimon Glass
Add an entry type for u-boot.img (a legacy U-Boot image) and a simple test. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Add support for building x86 ROMsSimon Glass
The structure of x86 ROMs is pretty complex. There are various binary blobs to place in the image. Microcode requires special handling so that it is available to very early code and can be used without any memory whatsoever. Add support for the various entry types that are currently needed, along with some tests. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Add basic entry types for U-BootSimon Glass
Add entries to support some standard U-Boot binaries, such as u-boot.bin, u-boot.dtb, etc. Also add some tests for these. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20binman: Introduce binman, a tool for building binary imagesSimon Glass
This adds the basic code for binman, including command parsing, processing of entries and generation of images. So far no entry types are supported. These will be added in future commits as examples of how to add new types. See the README for documentation. Signed-off-by: Simon Glass <sjg@chromium.org> Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-19tools: mxsimage: Fix build with OpenSSL 1.1.xMarek Vasut
The EVP_MD_CTX and EVP_CIPHER_CTX are made opaque since 1.1.x , so instead of embedding them directly into struct sb_image_ctx and initializing them using EVP_*_CTX_init(), we use pointers and allocate the crypto contexts using EVP_*_CTX_new(). Signed-off-by: Marek Vasut <marex@denx.de> Cc: Tom Rini <trini@konsulko.com>
2016-12-16imx6: icorem6: Add custom splashscreen supportJagan Teki
Add custom splashscreen, engicam.bmp support for Engicam i.CoreM6 qdl board. Cc: Anatolij Gustschin <agust@denx.de> Cc: Stefano Babic <sbabic@denx.de> Cc: Matteo Lisi <matteo.lisi@engicam.com> Cc: Michael Trimarchi <michael@amarulasolutions.com> Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
2016-12-09tools: mkimage: Use fstat instead of stat to avoid malicious hacksMichal Simek
The patch is fixing: "tools: mkimage: Check if file is regular file" (sha1: 56c7e8015509312240b1ee15f2ff74510939a45d) which contains two issues reported by Coverity Unchecked return value from stat and incorrect calling sequence where attack can happen between calling stat and fopen. Using pair in opposite order (fopen and fstat) is fixing this issue because fstat is using the same file descriptor (FILE *). Also fixing issue with: "tools: mkimage: Add support for initialization table for Zynq and ZynqMP" (sha1: 3b6460809c2a28360029c1c48247648fac4455c9) where file wasn't checked that it is regular file. Reported-by: Coverity (CID: 154711, 154712) Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-12-09Revert "Merge branch 'master' of git://www.denx.de/git/u-boot-microblaze"Tom Rini
This reverts commit 3edc0c252257e4afed163a3a74aba24a5509b198, reversing changes made to bb135a0180c31fbd7456021fb9700b49bba7f533.
2016-12-08tools: mkimage: Use fstat instead of stat to avoid malicious hacksMichal Simek
The patch is fixing: "tools: mkimage: Check if file is regular file" (sha1: 56c7e8015509312240b1ee15f2ff74510939a45d) which contains two issues reported by Coverity Unchecked return value from stat and incorrect calling sequence where attack can happen between calling stat and fopen. Using pair in opposite order (fopen and fstat) is fixing this issue because fstat is using the same file descriptor (FILE *). Also fixing issue with: "tools: mkimage: Add support for initialization table for Zynq and ZynqMP" (sha1: 3b6460809c2a28360029c1c48247648fac4455c9) where file wasn't checked that it is regular file. Reported-by: Coverity (CID: 154711, 154712) Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Tom Rini <trini@konsulko.com> Series-to: trini Series-cc: u-boot
2016-12-02buildman: Rename do_build to config_onlySimon Glass
This variable name is needlessly confusion. Adjust it to use a 'positive' name instead. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02buildman: Clean up odd characters on the terminalSimon Glass
At present buildman leaves behind a few characters during its progress updates, which looks odd. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02buildman: Squash useless output from -KSimon Glass
When using #define CONFIG_SOME_OPTION, the value it set to '1'. When using defconfig (i.e. CONFIG_SOME_OPTION=y) the value is set to 'y'. This results in differences showing up with -K. These differences are seldom useful. Adjust buildman to suppress these differences by default. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02buildman: Add documentation for CONFIG checkingSimon Glass
The -K option is not mentioned in the README at present. Add some notes to describe how this is used. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02buildman: Add an option to just create the configSimon Glass
Normally buildman does a full build of a board. This includes creating the u-boot.cfg file which contains all the configuration options. Buildman uses this file with the -K option, to show differences in effective configuration for each commit. Doing a full build of U-Boot just to create the u-boot.cfg file is wasteful. Add a -D option which causes buildman to only create the configuration. This is enough to support use of -K and can be done much more quickly (typically 5-10 times faster). Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-01tools/kwbimage: add DEBUG optionChris Packham
Offset 0x1 in the generated kwb image file is a set of flags, bit 0 enables debug output from the BootROM firmware. Allow a DEBUG option in the kwb configuration to request debug output from the BootROM firmware. Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01tools/kwbimage: add BAUDRATE optionChris Packham
Offset 0x18 in some Marvell datasheets this field is redacted as "reserved". This offset is actually a set of options and bits 2:0 allow the selection of the UART baudrate. Allow a BAUDRATE option to set the UART baudrate for any messages coming from the BootROM firmware. Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
2016-11-30Merge branch 'master' of git://www.denx.de/git/u-boot-imxTom Rini
2016-11-29Merge git://git.denx.de/u-boot-mpc85xxTom Rini
2016-11-29tools: imximage: display DCD block offset, lengthEric Nelson
These values can be used to sign a U-Boot image for use when loading an image through the Serial Download Protocol (SDP). Note that the address of 0x910000 is usable with the stock configuration of imx_usb_loader on i.MX6 and i.MX7 SOCs: https://github.com/boundarydevices/imx_usb_loader/blob/master/mx6_usb_work.conf#L3 Refer to the section on imx_usb_loader in this post for more details: https://boundarydevices.com/high-assurance-boot-hab-dummies/ Signed-off-by: Eric Nelson <eric@nelint.com>
2016-11-28tools/env: fix environment alignment tests for block devicesMax Krummenacher
commit 183923d3e412500bdc597d1745e2fb6f7f679ec7 enforces that the environment must start at an erase block boundary. For block devices the sample fw_env.config does not mandate a erase block size for block devices. A missing setting defaults to the full env size. Depending on the environment location the alignment check now errors out for perfectly legal settings. Fix this by defaulting to the standard blocksize of 0x200 for environments stored in a block device. That keeps the fw_env.config files for block devices working even with that new check. Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
2016-11-28tools/Makefile: suppress "which swig" error outputAndre Przywara
The Makefile in tools/ tries to find the "swig" utility by calling "which". If nothing is found in the path, some versions of which will print an error message: $ make clean which: no swig in (/usr/local/bin:/usr/bin:/bin) This does not apply to all version of "which", though: $ echo $0 bash $ type which which is aliased to `type -path' $ which foo <== this version is OK $ /usr/bin/which foo <== this one is chatty /usr/bin/which: no foo in (/usr/local/bin:/usr/bin:/bin) $ sh <== make uses /bin/sh sh-4.3$ which foo <== no alias here which: no foo in (/usr/local/bin:/usr/bin:/bin) This error message is rather pointless in our case, since we just have this very check to care for this. So add stderr redirection to suppress the message. Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-23tools/env: Correct include kconfigYork Sun
While we move some config macros to Kconfig, kconfig header is needed to avoid compiling error if not already included. Signed-off-by: York Sun <york.sun@nxp.com>
2016-11-21image: Combine image_sig_algo with image_sign_infoAndrew Duda
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21image: Add crypto_algo struct for RSA infoAndrew Duda
Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-15tools: mkimage: Check if file is regular fileMichal Simek
Current Makefile.spl passes -R parameter which is not empty and pointing to ./ folder. "./tools/mkimage -T zynqmpimage -R ./"" -d spl/u-boot-spl.bin spl/boot.bin" That's why mkimage is trying to parse ./ file and generate register init which is wrong. Check that passed filename is regular file. If not do not work with it. Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2016-11-15tools: mkimage: Add support for initialization table for Zynq and ZynqMPMike Looijmans
The Zynq/ZynqMP boot.bin file contains a region for register initialization data. Filling in proper values in this table can reduce boot time (e.g. about 50ms faster on QSPI boot) and also reduce the size of the SPL binary. The table is a simple text file with register+data on each line. Other lines are simply skipped. The file can be passed to mkimage using the "-R" parameter. It is recommended to add reg init file to board folder. For example: CONFIG_BOOT_INIT_FILE="board/xilinx/zynqmp/xilinx_zynqmp_zcu102/reg.int Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2016-11-13tools: fix mksunxiboot build for tools-all targetAndre Przywara
Commit fed329aebe3a ("tools: add mksunxiboot to tools-all target") added mksunxiboot to the tools-all target, but used the CONFIG_SUNXI symbol to enable its build. Now commit aec9a0f19f64 ("sunxi: Rename CONFIG_SUNXI to CONFIG_ARCH_SUNXI"), merged before that, renamed that symbol, so that the first patch basically gets ineffective. Adjust the symbol name in tools/Makefile to make it build again. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2016-11-06mkimage: Allow including a ramdisk in FIT auto modeTomeu Vizoso
Adds -i option that allows specifying a ramdisk file to be added to the FIT image when we are using the automatic FIT mode (no ITS file). This makes adding Depthcharge support to LAVA much more convenient, as no additional configuration files need to be kept around in the machine that dispatches jobs to the boards. Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com> Cc: Simon Glass <sjg@chromium.org> Cc: Matt Hart <matthew.hart@linaro.org> Cc: Neil Williams <codehelp@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06buildman: Fix building based on 'options' fieldTom Rini
The README for buildman says that we can use any field in boards.cfg to decide what to build. However, we were not saving the options field correctly. Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Simon Glass <sjg@chromium.org>
2016-11-05tools: imximage: check return value when open the plugin filePeng Fan
Check return value when open the plugin file. Coverity report: ** CID 153926: Error handling issues (NEGATIVE_RETURNS) /tools/imximage.c: 542 in copy_plugin_code() ifd = open(plugin_file, O_RDONLY|O_BINARY); >>> CID 153926: Error handling issues (NEGATIVE_RETURNS) >>> "ifd" is passed to a parameter that cannot be negative. Signed-off-by: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Tom Rini <trini@konsulko.com> Reported-by: Coverity (CID: 153926) Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-31mkimage: Fix missing free() in show_valid_options()Simon Glass
The allocated memory should be freed. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 150963) Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-31Fix spelling of "occur".Vagrant Cascadian
Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Acked-by: Angelo Dureghello <angelo@sysam.it> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-30tools: add mksunxiboot to tools-all targetStefan Brüns
mksunxiboot is useful outside of u-boot, it is e.g. used by sunxi-tools. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-10-30sunxi: Rename CONFIG_SUNXI to CONFIG_ARCH_SUNXIJagan Teki
CONFIG_SUNXI -> CONFIG_ARCH_SUNXI and removed CONFIG_SUNIX from config_whitelist.txt Cc: Simon Glass <sjg@chromium.org> Cc: Ian Campbell <ijc@hellion.org.uk> Cc: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-10-28Merge branch 'master' of git://www.denx.de/git/u-boot-imxTom Rini
Signed-off-by: Tom Rini <trini@konsulko.com> Conflicts: common/Kconfig configs/dms-ba16_defconfig
2016-10-24tools: moveconfig: support wildcards in --defconfigs fileMasahiro Yamada
Supporting shell-style wildcards for the --defconfigs option will be useful to run the moveconfig tool against a specific platform. For example, "uniphier*" in the file passed by --defconfigs option will be expanded to defconfig files that start with "uniphier". This is easier than listing out all defconfig files you are interested in. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
2016-10-24tools: imximage: add plugin supportPeng Fan
Add plugin support for imximage. Define CONFIG_USE_IMXIMG_PLUGIN in defconfig to enable using plugin. Signed-off-by: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Eric Nelson <eric@nelint.com> Cc: Ye Li <ye.li@nxp.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-14pbl: use "wait" command instead of "flush" commandZhao Qiang
PBL flush command is restricted to CCSR memory space. So use WAIT PBI command to provide enough time for data to get flush in target memory. Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> [York Sun: rewrap commit message] Reviewed-by: York Sun <york.sun@nxp.com>