| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
.imxcfg configuration files support few more commands, all starting
with "hab_encrypt" string. That way it is possible to easily ignore
these commands, when image encryption was not requested. Hence, we can
use single .imxcfg file to generate signed and encrypted images in the
same build.
Images are encrypted in place by Freescale Code Signing Tool (cst),
using Data Encryption Key (DEK). This key needs to be encapsulated
by processor's hardware encryption engine to produce DEK blob, which
is unique for each device. DEK blob needs to be part of CSF area,
so we make enough space on the end of image to simply append it later,
e.g. during device flash procedure.
Introduced code was developed and tested on NXP i.MX6UL platform.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
hab_blocks command is used to specify image authentication blocks for
HAB. Currently it was configured to authenticate full barebox
image. However in case of booting from SD card and adding MBR
partition table, HAB authentication fails, as final boot image is
modified.
Add an optional argument to hab_blocks command, to select between
3 types of authentication areas:
- full: whole barebox image will be authenticated (this is default to
keep compatibility),
- from-dcdofs: image area up to dcdofs is not authenticated, so any
changes up to dcdofs are possible,
- skip-mbr: image area from 440 to 512 bytes is excluded from beeing
authenticated, which allows to add / modify MBR partition table
after building barebox image.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Older versions of "cst" want to read the CSF from STDIN, while newer versions
want to read the CSF from a file. Sadly, the "-i" option doesn't understand
"-i -" to read from STDIN, so we give it "/dev/stdin" instead.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When building HAB images for i.MX we have to specify some pathes to
the certificates. This can be done with Kconfig variables. For better
build system integration we also want to be able to specify the pathes
in environment variables. This currently doesn't work as we specify
the variables from the environment with the -D option to cpp, but also
include generated/autoconf.h which overwrites the variables with the
values from Kconfig.
To overcome this introduce a Kconfig switch that explcitly selects
whether we want to have the variables from Kconfig or the environment.
Also, only pass the variables from the environment when explicitly
wanted.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that users can select the device type on the command line, having a
name without whitespace makes input for that device type easier.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some vendors fuse their devices so that the IMX USB ROM loader
identifies itself with a different Vendor and Product ID on USB
enumeration. Currently, imx-usb-loader will refuse to detect and work
with such devices, so let's teach it.
Because we cannot easily detect the device type from the USB ID in this
case, introduce the new command line parameter -d <type> to specify the
device type to use on the device path specified with -p <path>, even if
the VID/PID pair of that device is unknown. The device name is sourced
from the "name" field of the imx_ids array of known devices at the top
of the file. Using "-d list" will print a list of known device types.
Using -d without -p will not do anything useful, except generate a
warning.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
find_imx_dev() loops through all USB devices, tries to open them, and
then compares the chosen device path (given with -p on the command line)
to the path of the currently opened device. The device path can be
checked earlier, opening the device is not neccessary.
We fail early here because in the next commit we want to enable the user
to force using a device by specifying its path. Opening every single
device available on the system then leads to unnecessary error messages
for all devices that do not match the provided path.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make its purpose more clear when we introduce other similar functions
in one of the next commits.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Boot header on i.MX8MQ SoC allows embedding signed HDMI firmware
images that are used by mask ROM code during the very early stages of
boot. Since providing that firmware appear to be necessary to enable
SoC's HDMI/DP functionality extend imx-image tool to support this
feature. To do that add code implementing "signed_hdmi_firmware"
keyword, which allows users to specify a path to a binary blob
containing all of the necessary headers and footers as well firmware
data and code sections (this is how such images are provieded by NXP)
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
| |
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add the switch 's' to fixup the image size into the barebox header.
This is used by the Arria10 PBL code to know the complete image size.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Move i.MX header definitions from scripts to mach-imx in order to make
it available to both script and bootloader code.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
compilation of fdtget was lost during the update to version 1.4.6.
We need this tool internally for the build process when imd support
is enabled.
Apparently our dtc code comes from the Kernel which doesn't have the
upstream version of fdtget.c and it doesn't compile. This patch
changes fdtget.c to the upstream version as of 1.4.6. This isn't
noticed in the Kernel because fdtget isn't compiled there.
Fixes: 8a8982541 scripts/dtc: Update to upstream version 1.4.6
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.x made some of the types opaque, so peeking inside directly
doesn't work anymore. Use the correct accessors instead.
I've dropped the algorithm check, as EVP_PKEY_get0_RSA() already verifies
that the pubkey is RSA and returns NULL if it isn't.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| | |
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Use a loop to create multiple header copies on i.MX35 to avoid code
duplication.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
| |
Disable the dtc warnings that are disabled in the kernel aswell.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since kwboot checks the contents of the file to send it only works for
v1 images (or with -f). Extend the check to know about v0 images, too.
Fixes: 39ebd7e73bec ("kwboot: do a filetype check before sending the image")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows to enable host tools even if they are not needed for the
current configuration to improve compile coverage and simplify packaging
these tools. The conversion doesn't cover all tools available but can be
extended later.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Compiling omap3-usb-loader issues the warning:
warning: self-comparison always evaluates to true [-Wtautological-compare]
Just remove the bogus test.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Original code produces the following warning when compiled with GCC8:
HOSTCC scripts/mkimage
In function ‘image_set_name’,
inlined from ‘main’ at scripts/mkimage.c:614:2:
scripts/mkimage.c:153:2: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation]
strncpy(image_get_name(hdr), name, IH_NMLEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reduce specified bound by one to make sure that NULL-terminator is
never overwritten.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Given the following:
1. Assembly code, namely "b 0x1000" instruction, in bb_header[]
assumes that i.MX image header occupies first HEADER_LEN bytes and
bootloader executable is located right after.
2. Code in imx_image_size() assumes that i.MX image header is
HEADER_LEN bytes
3. Original code handling v2 header allocated more than HEADER_LEN
buffer to store IVT + boot data + DCD. However, the code writing
that buffer to disk is only set up to use first HEADER_LEN bytes
and to silently discard the rest as a side effect.
Let's be conservative and limit total size of v2 header to not exceed
Inital Load Region (4K or HEADER_LEN) to match what's being done for
v1.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Write_dcd() exits early in case of failure, so there's no realy reason
to have it return a error code as a result. Drop it and simplify the
caller code.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| | |
Allow to use dt-bindings files that are not yet upstreamed. They can
be put into include/dt-bindings.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
dump_long only prints the full words and does not print the unaligned
rest. This means that some bytes (and maybe actually the interesting
ones) may not be printed. Use dump_bytes instead which does not have
this problem.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Verifying the uploaded image fails when the length is not word aligned.
This is because read_memory reads full words, so the input length must
be word aligned. Align the length up to 4 bytes so that we do not pass
unaligned lengths to read_memory.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
|
|
| |
At least i.MX25 does not properly upload a non word aligned file length.
Align the uploaded length to word length to make sure the end of the
file is also transferred properly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reading the manual more carefully discovers a different logic for the
DCD 'check' command. They use the term "until". In order to get the
manual and the software in sync, this change switches to the term
"until" as well. Changing must happen at compiler and interpreter level
to make it work.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
E.g.:
$ ./bbremote -v --port /dev/ttyUSB2 reset
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit introduces support for running the md and mw commands
using the binary interface provided by RATP. This allows clients to
read and write memory files without needing to do custom string
parsing on the data returned by the console 'md' and 'mw' operations.
The request and response messages used for these new operations are
structured in the same way:
* An initial fixed-sized section includes the fixed-sized
variables (e.g. integers), as well as the size and offset of the
variable-length variables.
* After the initial fixed-sized section, the buffer is given, which
contains the variable-length variables in the offsets previously
defined and with the size previously defined.
The message also defines separately the offset of the buffer
w.r.t. the start of the message. The endpoint reading the message will
use this information to decide where the buffer starts. This allows to
extend the message format in the future without needing to break the
message API, as new fields can be appended to the fixed-sized section
as long as the buffer offset is also updated to report the new
position of the buffer.
E.g.:
$ ./bbremote --port /dev/ttyUSB2 md /dev/pic_eeprom_rdu 0x107 5
0000000000
$ ./bbremote --port /dev/ttyUSB2 mw /dev/pic_eeprom_rdu 0x107 0102030405
5 bytes written
$ ./bbremote --port /dev/ttyUSB2 md /dev/pic_eeprom_rdu 0x107 5
0102030405
$ ./bbremote --port /dev/ttyUSB2 mw /dev/pic_eeprom_rdu 0x107 0000000000
5 bytes written
$ ./bbremote --port /dev/ttyUSB2 md /dev/pic_eeprom_rdu 0x107 5
0000000000
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes it easier for build systems to include a configurable dts
snippet which holds the public keys for FIT images.
Usage:
Add to your dts:
#ifdef CONFIG_BOOTM_FITIMAGE_PUBKEY
#include CONFIG_BOOTM_FITIMAGE_PUBKEY
#endif
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When passing variables this way, all embedded variables are expanded, so that
the path in the .config file can be kept relative.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
SIgned-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this building bareboxenv-target with gcc 7.3 fails with:
CC scripts/bareboxenv-target
/tmp/cc9G2oOY.o: In function `file_action':
bareboxenv.c:(.text+0x14): undefined reference to `xzalloc'
/tmp/cc9G2oOY.o: In function `concat_path_file':
bareboxenv.c:(.text+0xf4): undefined reference to `xmalloc'
/tmp/cc9G2oOY.o: In function `envfs_save':
bareboxenv.c:(.text+0x5b4): undefined reference to `xzalloc'
/tmp/cc9G2oOY.o: In function `envfs_load':
bareboxenv.c:(.text+0x7d8): undefined reference to `xmalloc'
collect2: error: ld returned 1 exit status
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
Don't reuse unrelated subparser variables for new command subparsers,
make each subparser have its own variable.
Just for consistency really, not a bugfix.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From e398a00f84db33ea5ae7f6ee12c54511ef7a94fc Mon Sep 17 00:00:00 2001
From: Sam Ravnborg <sam@ravnborg.org>
Date: Tue, 26 Dec 2017 18:09:35 +0100
Subject: [PATCH 4/4] build: fix that LZO file is always rebuilt
Port the make-cmd from linux kernel.
with the updated version $$ is porperly escaped, thus
the LZO rule works as intended.
And we avoid rebuilds when not required
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From ac9ca6505d5b887c351117d9c033c8a76cc77125 Mon Sep 17 00:00:00 2001
From: Sam Ravnborg <sam@ravnborg.org>
Date: Tue, 26 Dec 2017 18:05:14 +0100
Subject: [PATCH 3/4] build: fix that the bbenv file is always rebuilt
Use if_changed in rule for bbenv file.
This avoids re-builds.
The target is already assigned to extra-y - so the
kbuild logic will work as expected.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
When doing memory read transfers there will always be 64 bytes
transferred, even when less bytes are requested. This is expected
and there is a test skipping the error message in this case. The
test is wrong though since cnt is not decremented and will never
be equal to rem. Fix the test so that verifying memory does
not give a bogus error message.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
