Manorit Chawdhry [Thu, 26 Jun 2025 10:43:32 +0000 (16:13 +0530)]
Makefile: Fix of_list_dirs with EXT_DTB
EXT_DTB overrides the of_list_dirs that is passed to binman during
builds. This causes binman to not find the normal DTB paths and instead
it just is able to use the path for EXT_DTB only.
Add the default of_list_dirs that is used for normal binman builds to
EXT_DTB usecase as well.
Tobias Olausson [Thu, 26 Jun 2025 06:54:20 +0000 (08:54 +0200)]
lib/rsa: allow matching pkcs11 path by object id
The object= part matches against the label that the pkcs11 token uses
for that object, but in some cases, specifically with a Yubikey using
ykcs11, where the keys have been imported, the labels differ between the
private and public keys [1], making the object= matching useless. These
keys will have the same id however, so matching against that works for
both the private and public part.
Andrew Goodbody [Wed, 25 Jun 2025 09:50:30 +0000 (10:50 +0100)]
common: readline: Fix always true test
The variable base is unsigned so >= 0 is always true. Fix this test
so that it is actually useful. The fix prevents the code from causing
a segfault in the case where Ctrl-w is pressed on a line consisting
only of spaces.
Fixes: dcc18ce0dbaf ("cli: Implement delete-word in cread_line()") Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Tom Rini [Sat, 28 Jun 2025 22:43:51 +0000 (16:43 -0600)]
include/spl_gpio.h: Audit include list
This file does not need <asm/gpio.h> so remove it. This file does
however need <linux/types.h> so add that in. This also shows that
arch/arm/mach-rockchip/rk3399/rk3399.c and board/lg/star/star.c were
indirectly getting <asm/gpio.h> from here, so add <asm/gpio.h> to them.
Ilias Apalodimas [Fri, 27 Jun 2025 18:57:16 +0000 (21:57 +0300)]
kbuild: Bump the build system to 5.1
Our last sync with the kernel was 5.1. Even that was a partial one
as some patches from 4.x kernels were already missing making the
transition to a modern kbuild infeasible.
We are so out of sync now, that tracking the patches and backporting
them one by one makes little sense and it's going to take ages.
This is an attempt to sync up Makefile[.lib/.kbuild].
Unfortunately due to sheer amount of patches this is not easy to review,
but that's what we decided during a community call.
One of the biggest changes is get rid of partial linking entirely and
build .a archives isntead of .o.
We diaviate from the kernel on that. Instead of calling a custom script
to create the archive symbol table, we call ar with rcTP (isntead of
rcSTP) since we want a resulting archive that's sauble with the linker.
The only affected platforms are PPC ones. Unfortunately I don't have any
of them around to test, but the objdump of the resulting files --
arch/powerpc/lib/built-in.[oa] looks identical.
lwip:
- Call sys_check_timeouts() and schedule() on RX to fix an issue on
boards with a watchdog and simplify the code
- Enable IP_FRAG and IP_REASSEMBLY
- Add support for setting the TFTP blocksize at runtime
- Fix DNS initialization in wget
- Add the sntp command
- Move code from net/lwip/${cmd}.c to cmd/lwip/${cmd}.c
cadence_qspi: fix odd byte read issue in STIG mode
In DDR mode, even bytes are read using DMA, while the remaining odd
bytes are read using STIG mode. However, the data is not correctly
transferred into the flash read data lower register because the
supplementary byte of the STIG opcode is not being written to the
opcode extension register, resulting in incorrect data being read.
To resolve this issue, when using STIG transactions, the corresponding
supplementary byte of any STIG opcode must be defined in the Opcode
Extension Register (Lower). Issue has been observed on the Macronix
MX66UM2G45G flashes.
spi: cadence_qspi: Set tshsl_ns to at least one sclk_ns
tshsl_ns is the clock delay for chip select deassert. This is the delay in
master reference clocks for the length that the master mode chip select
outputs are de-asserted between transactions.
The minimum delay is always SCLK period to ensure the chip select is never
re-asserted within one SCLK period.
That is why tshsl_ns delay should be at least one sclk_ns value. If it is
less than sclk_ns, set it equal to sclk_ns.
Michal Simek [Mon, 30 Jun 2025 12:21:07 +0000 (14:21 +0200)]
cmd: Introduce CMD_HELP
Add option to disable help command in size constrained systems to save some
space. There is also no need to have ifdefs around CMDLINE because all
commands depends on it.
And also mark cmd_help dependency in test_help.py.
spi: cadence_qspi: Fix odd byte write issue in STIG mode
Starting from 'commit <8077d296adff> ("spi: cadence-quadspi: Use STIG
mode for all ops with small payload") the utilization of STIG mode
has been implemented for read and write operations involving less
than 8 bytes of data.
However, following this commit, encountering timeout issues occurs when
writing odd bytes of data in DDR mode, as indicated below:
"jedec_spi_nor flash@0: flash operation timed out
SF: 3 bytes @ 0x0 Written: ERROR -110"
To resolve this issue, the number of bytes to write has been updated
specifically for DDR mode.
arm64: versal2: Enable reset and poweroff via sysreset framework
reset and poweroff are called via hooks in psci driver which is going
around sysreset framework that's why enable sysreset drivers and do
reset and poweroff via this framework.
Legacy SPI flash devices used a 24-bit (3-byte) addressing scheme,
limiting the addressable memory to 16 MB. To support larger densities
(256 Mbit and higher), extended addressing schemes, such as 32-bit
(4-byte) addressing, were introduced. If the flash density exceeds
16 MB and CONFIG_SPI_FLASH_BAR is disabled, the device will use a
4-byte addressing mode.
drivers: fpga: intel_sdm_mb: Check SIP SMC status in send_bitstream()
While sending bitstream via SIP SMC, busy status received does not
correspond to error, instead it means transfer is accepted but SDM
doesn't have any more free buffer space. Hence, data transmission
is continued when busy status is received.
Padmarao Begari [Wed, 18 Jun 2025 09:43:29 +0000 (15:13 +0530)]
clk: zynqmp: Add support for dpll clock source
The clock driver fails to correctly calculate the PLL clock
rate for peripherals when using the DPLL as the clock source.
The DPLL operates within the full power domain, while peripheral
clocks reside in the low power domain. To ensure accurate PLL
clock rate computation when the peripheral clock source is set
to DPLL, the DPLL-to-LPD cross divisor is used.
Tom Rini [Thu, 12 Jun 2025 18:11:28 +0000 (12:11 -0600)]
arm: zynqmp: Remove local copy of 'dt-bindings/clock/xlnx-zynqmp-clk.h'
As part of the recent cleanup of dt-bindigns header files we did not
remove our copy of dt-bindings/clock/xlnx-zynqmp-clk.h at the time. This
is because the difference between ours and current upstream is that
current upstream has a #warning to not use it and to instead use
xlnx-zynqmp-clk.h. So we change zynqmp-clk-ccf.dtsi to use the other
and upstream-only file and then delete our dt-bindings file.
Jerome Forissier [Wed, 25 Jun 2025 13:19:20 +0000 (15:19 +0200)]
doc: add doc/cmd/sntp.rst and remove doc/README.SNTP
Add a proper documentation file for the sntp command in RST format and
drop doc/README.SNTP. The documentation now includes the NET_LWIP
specificities.
Jerome Forissier [Wed, 25 Jun 2025 13:19:18 +0000 (15:19 +0200)]
net: extract function net_sntp_set_rtc() from sntp_handler()
Extract the code that sets the RTC clock from sntp_handler() in
net/sntp.c and make it a new function net_sntp_set_rtc() in
net/net-common.c. This will allow re-use with NET_LWIP.
According to [1] it is safe to assume that all devices have been
converted to DM_RTC so drop the useless code.
Jerome Forissier [Wed, 25 Jun 2025 13:19:15 +0000 (15:19 +0200)]
lwip: dns: do not print IP address when a variable is specified
When calling "dns <hostname> <varname>", do not print out the IP address
of <hostname> onto the console. Print it only when no variable is
passed. The reason is to be able to call do_dns() from another command
in need of the DNS services without polluting the output.
Tim Harvey [Fri, 30 May 2025 15:38:26 +0000 (08:38 -0700)]
net: lwip: wget: initialize dns if a hostname is used in a URL
Initialize dns servers if a hostname (vs ipaddr) is used in a URL.
Otherwise the wget will fail without displaying an error due to
dns_gethostbyname failing silently when no DNS servers are set unless
you have previously performed a 'dns <arg>' command.
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
David Lechner [Fri, 4 Jul 2025 20:39:27 +0000 (15:39 -0500)]
configs: legoev3: adjust to reduce binary size
Adjust legoev3_defconfig to reduce the binary output size.
As u-boot has bloated a bit over the years, the legoev3_defconfig can no
longer build something that fits in the 256kB size limit of the EV3.
This drops a few unused features, but the real difference-makers are
enabling thumb instructions and using link time optimization to reduce
the size.
This reduced u-boot.bin from 279,920 to 198,416 bytes on my local
machine with arm-none-eabi-gcc (15:13.2.rel1-2) 13.2.1 20231009.
HAS_BOARD_SIZE_LIMIT is also added to catch any future regressions.
Signed-off-by: David Lechner <david@lechnology.com>
mx6sabresd: Reduce U-Boot proper size to fix boot regression
The mx6sabresd U-Boot proper binary size has grown beyond the
CONFIG_BOARD_SIZE_LIMIT.
Reduce its size by removing the CONFIG_MULTI_DTB_FIT, BOOTM_PLAN9 and
BOOTM_RTEMS options.
According to doc/README.multi-dtb-fit:
"Usually the DTB is selected by the SPL and passed down to U-Boot. But some
platforms don't use the SPL. In this case MULTI_DTB_FIT can used to provide
U-Boot with a choice of DTBs"
mx6sabresd uses SPL, so MULTI_DTB_FIT can be safely dropped as the DTB
selection in SPL is done by board_fit_config_name_match().
Tom Rini [Thu, 3 Jul 2025 14:25:38 +0000 (08:25 -0600)]
Merge tag 'efi-next-03072025' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next
Sughosh added EFI HTTP(s) support into our eficonfig application. Up to
now we could only enable that via our efidebug command. Users now get that
option on the eficonfig menu.
Javier implemented support for the EFI_PARTITION_INFO_PROTOCOL,
to provide cached partition information for GPT partition types.
The protocol describes legacy MBR partition types, but that's for backward
compatibility and not implemented by this series.
The protocol is needed by [0], an implementation of a UEFI based A/B boot
protocol for the root filesystem.
Paul added support for EFI_DEBUG_IMAGE_INFO_TABLE. This is part of the EFI
spec and is defining a debug protocol that Google currently uses to debug
their Generic Bootloader project [1][2], using EFI to load Android.
Heinrich contributed a test EFI application for it as well.
The efi_realloc() function he added will realloc any type of memory to
BootServicesData, but keeping in mind the new protocol is the only consumer
he will fix that on a followup patch.
Finally another round of smatch fixes from Andrew cleans up coding errors.
The CI https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/26935
seems happy
The firmware on the Icicle is capable of providing a devicetree in a1 to
U-Boot, but until now the devicetree has been packaged in a "payload" [1]
alongside U-Boot (or other bootloaders/RTOSes) and appended to the image.
The address of this appended devicetree is placed in a1 by the firmware.
This meant that the mechanism used by OF_SEPARATE to locate the
devicetree at the end of the image would pick up the one provided by the
firmware when u-boot-nodtb.bin was in the payload and U-Boot's devicetree
when u-boot.bin was.
The firmware is now going to be capable of providing a minimal devicetree
(quite cut down due to severe space constraints), but this devicetree is
linked into the firmware that runs out of the L2 rather than at the end
of the U-Boot image.
Implement board_fdt_blob_setup() so that this devicetree can be
optionally used, and the devicetree provided in the "payload" can be
used without relying on "happening" to implement the same strategy as
OF_SEPARATE expects in combination with u-boot-nodtb.bin.
Unlike other RISC-V boards, the firmware provided devicetree is only
used when OF_BOARD is set, so that the almost certainly more complete
devicetree in U-Boot will be used unless explicitly requested otherwise.
Implement board_fit_config_name_match(), so that, using the firmware
provided cut-down/minimal dtb, U-Boot can select one of several
devicetrees when MULTI_DTB_FIT is enabled.
Enabling both MULTI_DTB_FIT and OF_BOARD will lead to a conflict
between the two options, with the latter taking priority due to
board_fdt_blob_setup() being executed before board_fit_config_name_match(),
which causes gd->fdt_blob to be overwritten with a pointer to the
minimal devicetree rather than the location of the fit image containing
the multiple dtbs. Let MULTI_DTB_FIT take priority in this case, by
explicitly blocking the override when MULTI_DTB_FIT is enabled.
Yao Zi [Wed, 18 Jun 2025 09:54:56 +0000 (09:54 +0000)]
riscv: dts: th1520: Add pin controllers
Describe the three pin controllers integrated in TH1520 SoC. Since we
don't have support for clocks in the AON region, a dummy fixed-clock
node is added to supply the pin controller locating in it.
Signed-off-by: Yao Zi <ziyao@disroot.org> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Wed, 18 Jun 2025 09:54:55 +0000 (09:54 +0000)]
pinctrl: Port pin controller driver for T-Head TH1520 SoC
The SoC pads of TH1520 are separated into three groups (AP 1, AP 2 and
AON) controlled by independent pin controllers. This patch ports their
driver from Linux kernel with most code for setting pinconf and pinmux
kept as is.
The dt-binding of TH1520 pin controller uses a schema where pins to
configure are specfied as strings and looked up at runtime, which the
generic pinctrl helpers of U-Boot cannot parse, thus a customized
set_state() callback is implemented to parse pinconfig nodes and setup
the configuration.
Signed-off-by: Yao Zi <ziyao@disroot.org> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Ben Dooks [Fri, 13 Jun 2025 16:12:58 +0000 (17:12 +0100)]
riscv: byteorder: add test for big-endian
Test for big-endian either via __RISCVEB__ which migth be
rather old, or check the BYTE_ORDER if the compiler defines
it (which should be any modern gcc like v12)
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Provide a test application to dump the EFI_DEBUG_IMAGE_INFO_TABLE
as implemented in EDK II.
EFI_DEBUG_IMAGE_INFO is not packed in contrast to many other EFI
structures.
As of today EDK II when removing an entry in the EfiDebugImageInfoTable
just sets NormalImage = NULL but does not compact the array. So
TableSize reflects the number of non-NULL entries and not the array
size as reported independently in
https://github.com/tianocore/edk2/pull/11013 and
https://github.com/tianocore/edk2/pull/11019.
The current implementation tolerates this deviation from the UEFI
specification.
This is what the output may look like:
Debug Info Table Dump
=====================
=> dump
Modified
Number of entries: 0x0000004a
Info type 0x00000001
Address: [0x000000008315a000, 0x00000000831bafff]
File: FvFile(D6A2CB7F-6A18-4E2F-B43B-9920A733700A)
Handle: 0x000000017fe3cb18
...
Info type 0x00000001
Address: [0x000000017e8db000, 0x000000017ea00f3f]
File: FvFile(7C04A583-9E3E-4F1C-AD65-E05268D0B4D1)
Handle: 0x000000017f358e98
Info type 0x00000001
Address: [0x000000017eae5000, 0x000000017eae81ff]
File: \dbginfodump.efi
Handle: 0x000000017eaf0298
=>
This commit adds the functionality of generate EFI_DEBUG_IMAGE_INFO
while loading the image.
This feature is described in UEFI Spec 2.10. Section 18.4.3.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover the load
address of an EFI application.
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Peter Robinson <pbrobinson@gmail.com> Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI_DEBUG_IMAGE_INFO_TABLE is used to store EFI_LOADED_IMAGE for
debug purpose. This commit adds the table to the EFI_CONFIGURATION_TABLE.
This feature is described in UEFI Spec version 2.10. Section 18.4.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover and interact
with system-level debug resources.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Peter Robinson <pbrobinson@gmail.com> Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add EFI_SYSTEM_TABLE_POINTER structure for remote debugger to locate
the address of EFI_SYSTEM_TABLE.
This feature is described in UEFI SPEC version 2.10. Section 18.4.2.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover the EFI
system table.
Cc: Peter Robinson <pbrobinson@gmail.com> Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> # change memset(systab_pointer, 0 ...) -> systab_pointer->crc32 = 0; Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
cmd: eficonfig: add support for URI device path based boot options
The eficonfig command provides a menu based interface for maintenance
of the EFI boot options. Add support for adding a URI based boot
option. This boot option can then be used for HTTP boot.
Andrew Goodbody [Wed, 2 Jul 2025 10:01:38 +0000 (11:01 +0100)]
efi_loader: Prevent free of uninitialised pointer
Taking a goto to out_of_resources before receive_lengths is assigned
will result in an attempt to free an unitialised pointer. Instead
initialise receive_lengths to NULL on declaration to prevent this from
occurring.
This issue was found by Smatch.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Andrew Goodbody [Wed, 2 Jul 2025 10:01:36 +0000 (11:01 +0100)]
efi_loader: Prevent dereferencing NULL pointer
Taking the first goto error: in file_open could either result in an
attempt to dereference fh when NULL or else free fh->path which has
not been assigned to and so will be unknown. Avoid both of these
problems by passing path to free instead of fh->path.
This issue found by Smatch.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_selftest: Add basic partition info check to block io test
Test the EFI_PARTITION_INFO_PROTOCOL in the existing EFI_BLOCK_IO_PROTOCOL
unit test. It is fairly basic, since it only checks that the values of the
struct efi_partition_info .revision, .type and .system fields are correct.
It doesn't check the MBR partition record information, because that's not
supported by the EFI_PARTITION_INFO_PROTOCOL implementation yet. The test
can be extended once the support is implemented, or if the in-memory disk
image used for the test is modified to have a GPT partition type instead.
Suggested-by: Tom Rini <trini@konsulko.com> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: disk: add EFI_PARTITION_INFO_PROTOCOL support
The UEFI 2.10 specification mentions that this protocol shall be installed
along with EFI_BLOCK_IO_PROTOCOL. It provides cached partition information
for MBR and GPT partition types.
This patch just implements support for GPT partition types. The legacy MBR
partition types is only needed for backward compatibility and can be added
as a follow-up if needed, to make it fully compliant with the EFI spec.
Yao Zi [Fri, 6 Jun 2025 04:28:02 +0000 (04:28 +0000)]
riscv: cpu: th1520: Add a routine to bring up secondary cores
On coldboot, only HART 0 among the four HARTs of TH1520 is brought up by
hardware, and the remaining HARTs are in reset states, requiring manual
setup of reset address and deassertion to function normal. Introduce a
routine to do the work.
Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Fri, 6 Jun 2025 04:28:01 +0000 (04:28 +0000)]
riscv: cpu: th1520: Setup CPU feature CSRs in harts_early_init
C910 cores integrated in TH1520 SoC provide various customized CSRs for
configuring core behavior, including cache coherency and timing, branch
predication, and clock gating for internal components.
This patch sets them up for efficient operation and satisfying
requirements of an SMP system.
Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Fri, 6 Jun 2025 04:28:00 +0000 (04:28 +0000)]
riscv: aclint_ipi: Support T-Head C900 CLINT
Although timer component of the CLINT isn't fully compatible with the
generic RISC-V ACLINT, the IPI component behaves the same.
As the CLINT doesn't have corresponding riscv_aclint_timer driver
available, let's try looking for a compatible SYSCON device directly
when no riscv_aclint_timer device could be found on IPI initialization.
Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
- Get clock manager address via DT for socfpga_dw_mmc
- Revert "drivers: mmc: rpmb: Use R1 response"
- Fix offsets relative to the end of the partition for mmc env
Michael Walle [Thu, 5 Jun 2025 07:46:10 +0000 (09:46 +0200)]
env: mmc: fix offsets relative to the end of the partition
According to the help text, you can set negative offsets to indicated
that the offset is relative to the end of the parition. But kconfig
doesn't let you specify negative hex values. I think this fell through
the cracks when converting the symbol from a '#define' to a kconfig
option.
Introduce a new boolean kconfig option to switch on the "relative to the
end" behavior.
Signed-off-by: Michael Walle <mwalle@kernel.org> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tom Rini [Tue, 1 Jul 2025 16:52:04 +0000 (10:52 -0600)]
Merge patch series "binman: properly error out if path provided to key-name-hint in signature nodes"
Quentin Schulz <foss+uboot@0leil.net> says:
I misunderstood the documentation and put the signing key in a keys/
directory while setting key-name-hint property in the signature node and
u-boot-spl-pubkey-dtb to a path.
mkimage doesn't fail if it cannot find the public key when signing a
FIT but returns something on stderr to notify the user it couldn't find
the key. The issue is that bintool currently discards stderr if the
command successfully returns, so the FIT is not signed AND the user
isn't made aware of it unless the image is manually inspected.
mkimage does fail when trying to insert a public key in a DTB if it
isn't found but we can have a better error message.
binman: etype: u_boot_spl_pubkey_dtb: provide more explicit error for key-name-hint with path
key-name-hint property in u-boot-spl-pubkey-dtb binman entry may contain
a path instead of a filename due to user mistake.
Because we currently assume it is a filename instead of a path, binman
will find the full path to the key based on that path, and return the
dirname of the full path but keeps the path in key-name-hint instead of
stripping the directories from it.
This means mkimage will fail with the following error message if we have
key-name-hint set to keys/dev:
binman: Error 1 running 'fdt_add_pubkey -a sha256,rsa2048 -k /home/qschulz/work/upstream/u-boot/keys -n keys/dev -r conf /home/qschulz/work/upstream/u-boot/build/ringneck/u-boot-spl-dtbdhsfx3mf': Couldn't open RSA certificate: '/home/qschulz/work/upstream/u-boot/keys/keys/dev.crt': No such file or directory
Let's make it a bit more obvious what the error is by erroring out in
binman if a path is provided in key-name-hint (it is named key-name-hint
and not key-path-hint after all).
binman: etype: fit: raise ValueError if key-name-hint is a path
mkimage doesn't fail if it cannot find the public key but it prints to
stderr. Considering that btool.run() discards stderr, it means binman
happily returns an unsigned FIT and doesn't tell you something went
wrong.
Binman will actually find the file if there's a path in the
key-name-hint property but the current logic expects key-name-hint to be
a filename and thus returns the dirname of the found path for the key,
but with the original key-name-hint appended. This means we can have the
following:
- key-name-hint = "keys/dev"
- name = "/home/qschulz/work/upstream/u-boot/keys/"
so we pass /home/qschulz/work/upstream/u-boot/keys/ to the -k option of
mkimage but the FIT still contains "keys/dev" in key-name-hint which
means mkimage will try to find the key at
/home/qschulz/work/upstream/u-boot/keys/keys/, which doesn't exist.
Let's assume paths are simply not supported (it is named key-name-hint
and not key-path-hint after all) and raise an error if the property
contains a path so that the build fails and not quietly.
Fixes: 133c000ca334 ("binman: implement signing FIT images during image build") Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Reviewed-by: Simon Glass <sjg@chromium.org>
projects / thirdparty / u-boot.git / log
