Our official domain is now u-boot-project.org, so update all in-tree
references to use the correct domain.
Reviewed-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...)
directly (and the equivalent for pkcs11-tool and p11-kit), even though
the test setup has already constructed the corresponding Bintool
instances. As Quentin Schulz observed on v1, the bintool wrapper for
these tools is currently used only as an "is this installed?" probe.
Route the eight remaining call sites in ftest.py through
<bintool>.run_cmd(...), which the Bintool base class already provides.
The change is test-side only; no production binman code calls these
tools.
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what softhsm2-util
does and how binman uses it, so the generated documentation has useful
content.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what pkcs11-tool does
and how binman uses it, so the generated documentation has useful
content.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
The Sphinx-generated bintools.rst currently produces an empty section
for this bintool, since its class docstring is only a single line and
so the body under the heading is blank.
Extend the docstring with a short description of what p11-kit does and
how binman uses it, so the generated documentation has useful content.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a test to verify the preload header correctly signs an encrypted
FIT. This test exercises the case where encryption uses random IVs that
would change between mkimage calls.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The collection etype uses phandles in the 'content' property to
reference other entries. Mark each referenced entry with build_done
to avoid rebuilding the same entry data multiple times.
This is important for cases where rebuilding may change the data
content, e.g. due to timestamps or random IVs in encryption.
Refactor GetContentsByPhandle() to return both the entry object and
its data.
Signed-off-by: yan wang <yan.wang@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To optimize preload generation, generate the header and signatures only
after all data has been collected in ProcessContentsUpdate(). This
avoids signing the data multiple times.
Since header_size is known upfront (from __init__), create a placeholder
in `ObtainContents()` to avoid an extra packing pass when
ProcessContentsUpdate() detects a size change.
This reduces unnecessary repacking and signing operations.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These files are now auto-generated by the binman_docs Sphinx extension
during the doc build, so the committed copies and their symlinks in
doc/develop/package/ are no longer needed.
Update binman.rst to reference the Sphinx extension instead of the
manual generation commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rebased to apply file deletions cleanly.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Test pkcs11 URI support for UEFI capsule generation. Both
public certificate and private key are used over pkcs11
protocol.
Pkcs11-tool has been introduced as softhsm tool doesn't have
functionality to import certificates in commonly distributed
version (only in the latest).
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Mkeficapsule can dump signature for signed capsules. It can
be used in test to validate signature i.e. with openssl.
Add an entry for device tree node.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Only short option has been present. Also rename dump_sig
to dump-sig to match with other parameter names.
Fixes: 16abff246b ("tools: mkeficapsule: add firmware image signing")
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With pkcs11 support in mkeficapsule we can now accept URI
tokens and not only files.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Now that iMX8 has full coverage the allow_failures list in
RunTestCoverage() is no longer needed.
Drop the list.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Three files are currently missing test coverage: nxp_imx8mcst,
nxp_imx8mimage and cst
Add test methods to cover all missing code paths, trying to reuse the
same .dts files where possible.
This brings all three files to 100% coverage.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move key.key and key.pem into the security/ subdirectory. These are
used by security, vendor, and capsule tests but security is the most
natural home for key material. Update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move the signing-related test data (keys, certificates, OpenSSL and
SoftHSM2 configuration, dummy engine source) into the fit/ subdirectory
alongside the FIT DTS test files. Drop the 340_ prefix from files that
had it. Update the Makefile and all ftest.py references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move descriptor.bin, fitimage.bin.gz and ifwi.bin.gz into the x86/
subdirectory alongside the x86 DTS test files and update all
references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move the remaining 60 or so test files into an entry/ subdirectory.
These cover general entry types and features: entry args, fill, text,
env, compress, replace, template, collection, ELF, overlap, listing,
sections, symlink, TEE OS, and other miscellaneous entries. Drop the
numeric prefixes and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 10 test files for binman symbol patching into a symbols/
subdirectory. Drop the numeric prefixes and the redundant symbols_
filename prefix, and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 20 test files for vendor-specific platform support (TI, NXP
i.MX, Renesas R-Car, Rockchip, PowerPC MPC85xx) into a vendor/
subdirectory. Drop the numeric prefixes and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move about a dozen test files for UEFI capsule creation (signed,
versioned, accept, revert) into a capsule/ subdirectory. Drop the
numeric prefixes and the redundant capsule_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 15 test files for ARM Trusted Firmware FIP, ATF BL31, SCP,
OpenSBI, and BL1 entries into a fip/ subdirectory. Drop the numeric
prefixes and the redundant fip_ filename prefix, and update all
references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move about a dozen test files for mkimage entries into a mkimage/
subdirectory. Drop the numeric prefixes and the redundant mkimage_
filename prefix, and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 10 test files for ChromeOS entries (GBB, vblock, FMAP)
into a cros/ subdirectory. Drop the numeric prefixes and update all
references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about a dozen test files for Coreboot File System entries into a
cbfs/ subdirectory. Drop the numeric prefixes and the redundant cbfs_
filename prefix, and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 20 test files for signing, encryption, hash, pre-load,
x509, and Xilinx bootgen entries into a security/ subdirectory. Drop
the numeric prefixes and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move about a dozen test files for blob, blob-ext, blob-ext-list,
fake-blob, and blob-symbol entries into a blob/ subdirectory. Drop
the numeric prefixes and the redundant blob_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 30 test files for FDT update, fdtmap, DTB compression,
alternates, and bootph into an fdt/ subdirectory. Drop the numeric
prefixes and the redundant fdt_ filename prefix, and update all
references.
Remove the unused no_alt_format.dts which has no references in any
test.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 40 test files for FIT images (signing, external data,
split-elf, encryption, alignment, firmware loadables, templates) into
a fit/ subdirectory. Drop the numeric prefixes and the redundant fit_
filename prefix, and update all references.
Rename the three signature.dts variants to have unique names:
signature.dts, signature_multi_key.dts and signature_no_nodes.dts.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Move about 40 test files for x86 and Intel platform support (ROM,
microcode, ME, IFWI, FSP, descriptor, reset16, start16, FIT) into an
x86/ subdirectory. Drop the numeric prefixes and the redundant x86_
filename prefix, and update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about a dozen test files for U-Boot image variants (SPL, TPL,
VPL, DTB, nodtb, bss-pad) into an xpl/ subdirectory. Drop the
numeric prefixes and the redundant u_boot_ filename prefix, and
update all references.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Move about 50 test files related to basic layout, packing, alignment,
sections, and image structure into a pack/ subdirectory. Drop the
numeric prefixes from the filenames and update all references in
ftest.py, entry_test.py, and binman_tests.rst
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Tests are supposed to run silently and capture any output produced.
Fix testRemoveTemplate() so that the message about the missing openssl
is captured, along with the invalid-images message.
Fix testNxpImx9Image() as well, since it is expected that container.img
and bl31.bin are missing.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Unless specified otherwise using the mkimage -B n option, align
DTs in fitImage external data to 8 Bytes, and retain alignment
of everything else to 4 Bytes. This should fulfill the DTspec
requirement, that DTs must be placed at 8 Byte aligned addresses,
even for DTs that are part of fitImage with external data. For
fitImage with embedded data, there is nothing we can do, as the
embedded data are aligned to 4 Bytes, just like any other DT
property.
Replace fdtdec_get_child_count() counting of images with counting
of padding using fdt_for_each_subnode(). This is much more useful,
as the added up padding can be passed directly to calloc() when
allocating the buffer which holds the external data. The image
count is no longer needed.
Adjust the image layouting such, that buf_ptr is incremented to
place the next image at align_size aligned offset. This is done
at the beginning of the loop, once the align_size for current
image can be determined from the current image type.
Update binman test to validate the new 8 Byte alignment.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
This pull request brings together a set of fixes and enhancements across
the SoCFPGA platform family, with a focus on MMC/SPL robustness, EFI
boot enablement, and Agilex5 SD/eMMC support.
CI: https://source.denx.de/u-boot/custodians/u-boot-socfpga/-/pipelines/28776
Highlights:
*
SPL / MMC:
o
Fix Kconfig handling for
SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION_TYPE
o
Correct raw sector calculations and respect explicit sector values
when loading U-Boot from MMC in SPL
o
Adjust raw MMC loading logic for SoCFPGA platforms
*
EFI boot:
o
Permit EFI booting on SoCFPGA platforms
o
Disable mkeficapsule tool build for Arria 10 where unsupported
*
Agilex5:
o
Upgrade SDHCI controller from SD4HC to SD6HC
o
Enable MMC and Cadence SDHCI support in defconfig
o
Add dedicated eMMC device tree and defconfig for Agilex5 SoCDK
o
Revert incorrect GPIO configuration for SDIO_SEL
o
Refine U-Boot DT handling for SD and eMMC boot variants
*
SPI:
o
Allow disabling the DesignWare SPI driver in SPL via Kconfig
*
Board / configuration fixes:
o
Enable random MAC address generation for Cyclone V
o
Fix DE0-Nano-SoC boot configuration
o
Remove obsolete or conflicting options from multiple legacy
SoCFPGA defconfigs
When using binman with the '-a spl-dtb=y' flag, if the SPL blob is not
found, binman throws a cryptic error message:
binman: 'NoneType' object has no attribute 'startswith'
Let's improve the error message to explicitly state which SPL blob is
missing.
This is particularly useful when binman is used as a standalone tool
outside the U-Boot source tree.
Signed-off-by: Jérémie Dautheribes <jeremie.dautheribes@bootlin.com>
[trini: Add '# pragma: no cover' because coverage doesn't seem to like
the documentation about this error]
Signed-off-by: Tom Rini <trini@konsulko.com>
This adds a test that signs a FIT and verifies the signature with
fit_check_sign.
OpenSSL engines are typically for signing with external HW so it's not
that straight-forward to simulate.
For a simple RSA OpenSSL engine, a dummy engine with a hardcoded RSA
4096 private key is made available. It can be selected by setting the
OpenSSL engine argument to dummy-rsa-engine. This can only be done if
the engine is detected by OpenSSL, which works by setting the
OPENSSL_ENGINES environment variable. I have no clue if dummy-rsa-engine
is properly implementing what is expected from an RSA engine, but it
seems to be enough for testing.
For a simple PKCS11 engine, SoftHSMv2 is used, which allows to do PKCS11
without specific hardware. The keypairs and tokens are generated on the
fly. The "prod" token is generated with a different PIN (1234 instead of
1111) to also test MKIMAGE_SIGN_PIN env variable while we're at it.
Binman will not mess with the local SoftHSMv2 setup as it will only use
tokens from a per-test temporary directory enforced via the temporary
configuration file set via SOFTHSM2_CONF env variable in the tests. The
files created in the input dir should NOT be named the same as it is
shared between all tests in the same process (which is all tests when
running binman with -P 1 or with -T).
Once signed, it's checked with fit_check_sign with the associated
certificate.
Finally, a new softhsm2_util bintool is added so that we can initialize
the token and import keypairs. On Debian, the package also brings
libsofthsm2 which is required for OpenSSL to interact with SoftHSMv2. It
is not the only package required though, as it also needs p11-kit and
libengine-pkcs11-openssl (the latter bringing the former). We can detect
if it's properly installed by running openssl engine dynamic -c pkcs11.
If that fails, we simply skip the test.
The package is installed in the CI container by default.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
This adds support for using an OpenSSL engine for signing a FIT image.
To use it, one should set the fit,engine property at the FIT node level
with the engine to use. This will in turn call mkimage with the -N
option.
The -k argument to mkimage can be specified via fit,engine-keydir. If
not specified, -k is not passed to mkimage. This property is especially
useful for pkcs11 engine to specify slots, token label, etc...
As far as I could tell, mkimage encrypts and signs a FIT in one go, thus
the -k argument applies to both signing and encrypting. Considering we
reuse the -k argument for two different meanings (info to pass to the
engine when using an engine otherwise the directory where keys are
stored), we cannot reasonably encrypt using local keys and signing with
an engine, hence the enforced check. I believe it should be possible to
support encrypting and signing with the same engine (using different
key pairs of course, via different key-name-hint likely), but this is
left for the next person to implement.
This is why the property is named fit,engine and not fit,sign-engine.
Ditto for fit,engine-keydir.
The public key (with .crt extension) is still required if it needs to be
embedded in the SPL DTB for example. We could probably support
retrieving the public key from an engine, but this is a change to make
to fdt_add_pubkey.c.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
mkimage has support for OpenSSL engines but binman currently doesn't for
direct callers of mkimage (e.g. the fit etype). This prepares for adding
support for OpenSSL engines for signing elements of a FIT image, which
will done in the next commit.
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Python 3.7 and 3.8 lack the files attribute in importlib.resources.
Use importlib_resources to fix build errors with Python 3.8:
binman: module 'importlib.resources' has no attribute 'files'
Fixes: 538719cb6a ("binman: migrate from pkg_resources to importlib")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
[trini: Re-add # pragma: no cover line]
Signed-off-by: Tom Rini <trini@konsulko.com>
Commit 65e2c14d5a ("binman: btool: mkimage: use Bintool.version")
removed the version argument from the run method but forgot to remove it
from the method docstring, so let's fix this oversight.
Fixes: 65e2c14d5a ("binman: btool: mkimage: use Bintool.version")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Change the formatting of binman.rst so that the compiled HTML output
becomes more readable. Changes include enumerations and the escaping of
arguments starting with a double dash (e.g. --debug).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
To support passing specific commands defined in enum imx8image_cmd to
the imx8image_copy_image() function, this patch introduces a new entry
type nxp-imx9image. This entry generates a plain text data file
containing the relevant commands, enabling flexible configuration during
image creation.
Signed-off-by: Alice Guo <alice.guo@nxp.com>
'apt-get update -y' may be required to make sure that the list of
packages is up-to-date and that the subsequent 'apt-get install'
operations can find the requested packages.
Fixes the following CI error:
Fetch: zstd
- trying method: binary download
- sudo apt-get install -y zstd
Exception: Error 100 running 'sudo apt-get install -y zstd': E: Unable to locate package zstd
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Bryan Brattlof <bb@ti.com>
