Commit Graph

2914 Commits

Author SHA1 Message Date
Tom Rini
c7d042f315 Pull request for efi-2022-04-rc1-3
Documentation:
 
 * update Nokia RX-51 documentation and move it to rst
 * describe boot switch settings for HiFive Unmatched board
 
 UEFI:
 
 * fix the checking of images hashes and signatures
 * provide the RISCV_EFI_BOOT_PROTOCOL
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
 GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
 rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
 BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
 FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
 6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
 xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
 x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
 xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
 kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
 LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
 vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
 =+edp
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
2022-01-29 13:50:19 -05:00
AKASHI Takahiro
9e63786e2b tools: mkeficapsule: rework the code a little bit
Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-29 10:23:40 +01:00
AKASHI Takahiro
df1ce60fac tools: mkeficapsule: output messages to stderr instead of stdout
All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Jamin Lin
2a4b0d5890 rsa: adds rsa3072 algorithm
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-28 17:58:41 -05:00
Simon Glass
2d2384bbaf tools: mkimage: Show where signatures/keys are written
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
9737c2d1eb tools: Pass public-key node through to caller
Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
48422343c8 tools: Drop unused name in image-host
The name is created but never used. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
70e6bcc43f tools: Improve comments in signing functions
Add some more comments to explain what is going on in the signing
functions. Fix two repeated typos.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
7ae46c3579 tools: Avoid leaving extra data at the end of copied files
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
e291a5c9a2 tools: Move copyfile() into a common file
This function is useful in other places. Move it to a common file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
195f7893da fit_check_sign: Update help to mention the key is in a dtb
The key is inside a dtb file, so tweak the help to make that clear.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:42 -07:00
Heiko Thiery
2ce07383a4 binman: doc: fix typo for u-boot-tpl
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-25 14:02:38 -07:00
Simon Glass
61a631e912 binman: Document the __bss_size symbol error
Add a note about the message so it is clear why it occurs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 14:02:38 -07:00
Simon Glass
3e7749eaea binman: Add documentation for bintools
Add this documention to explain how bintools are used and which ones are
available.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
bc570646f6 binman: Add a command to generate bintool docs
Each bintool has some documentation which can be useful for the user.
Add a new command that collects this and writes it into a .rst file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
a00d9713e4 binman: Complete test coverage of comp_util
Drop the unused gzip code, update comments and add a test for an
invalid algorithm. The temporary file is not needed now, so drop that
also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
4f9ee83ba9 binman: Plumb in support for missing bintools
Bintools can be missing, in which case binman continues operation but
reports an invalid image. Plumb in support for this and add tests for
entry types which use bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
359e431cbc binman: Convert to using the lzma_alone bintool
Update the code to use this bintool, instead of running lzma_alone
directly. This simplifies the code and provides more consistency.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
4cd4ee0432 binman: Add a bintool implementation for lzma_alone
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lzma-alone package.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
33ce3515ca binman: Convert to using the lz4 bintool
Update the code to use this bintool, instead of running lz4 directly. This
simplifies the code and provides more consistency.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
992d475003 binman: Add a bintool implementation for lz4
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lz4 package.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
0d1e95aa18 binman: Tidy up pylint warnings in comp_util
Tweak some naming and comments to resolve these. Use WriteFile() to write
the file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
ad35ce5466 binman: Move compression into binman
The compression functions are not actually used by patman, so we don't
need then in the tools module. Also we want to change them to use
bintools, which patman will not support.

Move these into a new comp_util module, within binman.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
f75db1e996 binman: Convert to using the mkimage bintool
Update the fit and mkimage entry types to use this bintool, instead of
running mkimage directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
532ae70430 binman: Convert to using the ifwitool bintool
Update the ifwi entry type to use this bintool, instead of running
ifwitool directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
a104bb2b48 binman: Convert to using the futility bintool
Update the GBB and vblock entry types to use this bintool, instead of
running futility directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
388f04fb67 binman: Convert to using the FIP bintool
Update the FIP tests to use this bintool, instead of running fiptool
directly. This simplifies the code and provides more consistency as well
as supporting missing bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
5417da574e binman: Convert to using the CBFS bintool
Update the CBFS tests to use this bintool, instead of running cbfstool
directly. This simplifies the overall code and provides more consistency,
as well as supporting missing bintools.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
56ee85eef1 binman: Enable bintool tests including cmdline processing
The tests rely on having at least 5 bintool implementions. Now that we
have this, enable them. Add tests for the binman 'tool' subcommand.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
e1b7e4ddb6 binman: Add a bintool implementation for mkimage
Add a Bintool for this, which is used to build images for use by U-Boot.
It supports the features needed by binman as well as installing via the
u-boot-tools packages. Although this is built in the U-Boot tree, it is
still useful to install a binary on the system.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
6f7eb0c037 binman: Add a bintool implementation for ifwitool
Add a Bintool for this, which is used to build Intel IFWI images. It
supports the features needed by the tests as well as downloading a binary
from Google Drive. Although this is built in the U-Boot tree, it is not
currently included with u-boot-tools, so it may be useful to install a
binary on the system.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
9d3a7a2e0b binman: Add a bintool implementation for futility
Add a Bintool for this, which is used to sign Chrome OS images and
build the Google Binary Block (GBB). It supports the features needed by
binman as well as fetching a binary from Google Drive. Building it from
source is possible but is left for another time, as it requires at least
one other library.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
bf87b203a3 binman: Add a bintool implementation for fiptool
Add a Bintool for this, which is used to run FIP tests. It supports
the features needed by the tests as well as building a binary from
the git tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
d38833373b binman: Add a bintool implementation for cbfstool
Add a Bintool for this, which is used to run CBFS tests. It supports
the features needed by the tests as well as fetching a binary from
Google Drive. Building it from source is very slow since it is not
separately supported by the coreboot build system and it builds an
entire gcc toolchain before starting.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
3b47dfa506 binman: Add tests for bintool
Add tests to cover the bintool functionality.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
386c63cfad binman: Plumb in support for bintools
Support collecting the available bintools needed by an image, by
scanning the entries in the image.

Also add a command-line interface to access the basic bintool features,
such as listing the bintools and fetching them if needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
252de6b1f7 binman: Add support for bintools
Binman requires various tools to actually work, such as 'lz4' to compress
data and 'futility' to sign Chrome OS firmware. At present these are
handled in an ad-hoc manner and there is no easy way to find out what
tools are needd to build an image, nor where to obtain them.

Add an implementation of 'bintool', a base class which implements this
functionality. When a bintool is required, it can be requested from this
module, then executed. When the tool is missing, it can provide a way to
obtain it.

Note that this uses Command directly, not the tools.Run() function. This
allows proper handling of missing tools and avoids needing to catch and
re-raise exceptions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
81d6e3f088 binman: Add installation instructions
Explain how to install binman, since it is not obvious.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
7f29583113 binman: Correct path for fip_util
This should be imported from the binman module. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
f4590e02c1 binman: Allow faked blobs in blob-ext-list
Since this is a list of blobs, each blob should have the ability to be
faked, as with blob-ext. Update the Entry base class to set allow_fake
and use the base class in the section code also, so that this propagagtes
to blob-ext-list, which is not a section.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
2cc8c1fba6 binman: Drop the image name from the fake-blob message
This is not really needed and it makes the message different from the
missing-blob message. Update it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
596fd10a79 patman: Add a function to find a tool on the path
The Run() function automatically uses the PATH variable to locate a tool
when running it. Add a function that does this manually, so we don't have
to run a tool to find out if it is present.

This is needed by the new Bintool class, which wants to check which tools
are present.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
5b7968693f patman: Tidy up the download function a little
Reverse the order of the return tuple, so that the filename is first.
This seems more obvious than putting the temporary directory first.

Correct a bug that leaves a space on the final line.

Allow the caller to control the name of the temporary directory.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:11 -07:00
Simon Glass
8ea6d23ffb buildman: Move the download function to tools
This function is handy for binman as well. Move it into the shared 'tools'
module.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Simon Glass
ade5327655 patman: Allow running a tool and returning the full result
Add a new function which returns the entire result from running a tool,
not just stdout. Update Run() to use this and to return stdout on error,
if stderr is empty, since some unfortunate tools write their error
output to stdout rather than stderr.

Move building of the PATH to a separate function.

Make the exception catching more specific, to catch just ValueError, since
broad exceptions are a pain to debug.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Simon Glass
8bc78b73fb binman: Expand the external FIT test a little
At present this does not check that the external data is in the expected
place. Use a non-zero offset for the external data and check it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Simon Glass
206117afd1 mkimage: Show the external-offset error
This is a debug message at present, which is not very helpful. Print out
the error so that action can be taken.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Simon Glass
1e18a69394 binman: Tweak elf tests for a toolchain change
Some newer toolchains do not create a symbol for the .ucode section that
this test relies on. Update the test to use the symbol that is explicitly
created, instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Simon Glass
91197aa696 moveconfig: Fix some pylint errors
There are over 200 errors in this file. Fix some of them, starting at the
beginning of the file. Future work can continue this effort.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-24 17:36:30 -05:00