summaryrefslogtreecommitdiff
path: root/tools
Commit message (Collapse)AuthorAgeLines
* image: Add support for signing of FIT configurationsSimon Glass2013-06-26-1/+340
| | | | | | | | | | | | | | | | While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
* mkimage: Add -r option to specify keys that must be verifiedSimon Glass2013-06-26-6/+12
| | | | | | | | | | | | | | | | | | | | | | Normally, multiple public keys can be provided and U-Boot is not required to use all of them for verification. This is because some images may not be signed, or may be optionally signed. But we still need a mechanism to determine when a key must be used. This feature cannot be implemented in the FIT itself, since anyone could change it to mark a key as optional. The requirement for key verification must go in with the public keys, in a place that is protected from modification. Add a -r option which tells mkimage to mark all keys that it uses for signing as 'required'. If some keys are optional and some are required, run mkimage several times (perhaps with different key directories if some keys are very secret) using the -F flag to update an existing FIT. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -c option to specify a comment for key signingSimon Glass2013-06-26-3/+10
| | | | | | | | | When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -F option to modify an existing .fit fileSimon Glass2013-06-26-9/+18
| | | | | | | | | | | | | When signing images it is sometimes necessary to sign with different keys at different times, or make the signer entirely separate from the FIT creation to avoid needing the private keys to be publicly available in the system. Add a -F option so that key signing can be a separate step, and possibly done multiple times as different keys are avaiable. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -K to write public keys to an FDT blobSimon Glass2013-06-26-4/+28
| | | | | | | | | | | | | | | | FIT image verification requires public keys. Add a convenient option to mkimage to write the public keys to an FDT blob when it uses then for signing an image. This allows us to use: mkimage -f test.its -K dest.dtb -k keys test.fit and have the signatures written to test.fit and the corresponding public keys written to dest.dtb. Then dest.dtb can be used as the control FDT for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the public keys it needs. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* mkimage: Add -k option to specify key directorySimon Glass2013-06-26-2/+16
| | | | | | | | | | | Keys required for signing images will be in a specific directory. Add a -k option to specify that directory. Also update the mkimage man page with this information and a clearer list of available commands. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
* image: Add RSA support for image signingSimon Glass2013-06-26-2/+11
| | | | | | | | | | | | | | RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Support signing of imagesSimon Glass2013-06-26-11/+177
| | | | | | | | Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add signing infrastructureSimon Glass2013-06-26-0/+6
| | | | | | | Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>
* Add proftool to decode profile dataSimon Glass2013-06-26-0/+618
| | | | | | | This tool provides the facility to decode U-Boot trace data and write out a text file in Linux ftrace format for use with pytimechart. Signed-off-by: Simon Glass <sjg@chromium.org>
* powerpc/CoreNet: Allow pbl images to take u-boot images != 512KChris Packham2013-06-20-7/+25
| | | | | | | | | | Instead of assuming that SYS_TEXT_BASE is 0xFFF80000 calculate the initial pbl command offset by subtracting the image size from the top of the 24-bit address range. Also increase the size of the memory buffer to accommodate a larger output image. Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Signed-off-by: Andy Fleming <afleming@freescale.com>
* Merge branch 'master' of git://git.denx.de/u-boot-armTom Rini2013-06-13-17/+10
|\ | | | | | | | | | | | | | | | | Small conflict over DRA7XX updates and adding SRAM_SCRATCH_SPACE_ADDR Conflicts: arch/arm/include/asm/arch-omap5/omap.h Signed-off-by: Tom Rini <trini@ti.com>
| * Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'Albert ARIBAUD2013-06-08-17/+10
| |\ | | | | | | | | | | | | Conflicts: drivers/serial/Makefile
| | * wandboard: Add Boot Splash image with Wandboard logoOtavio Salvador2013-06-03-0/+0
| | | | | | | | | | | | Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
| | * build: Use generic boot logo matchingOtavio Salvador2013-06-03-17/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The boot logo matching is now done in following way: - use LOGO_BMP if it is set, or - use $(BOARD).bmp if it exists in tools/logos, or - use $(VENDOR).bmp if it exists in tools/logos, or - use denx.bmp otherwise. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Acked-by: Wolfgang Denk <wd@denx.de>
* | | checkpatch.pl: Add 'printf' to logFunctionsTom Rini2013-06-06-0/+1
| | | | | | | | | | | | Signed-off-by: Tom Rini <trini@ti.com>
* | | mkimage: Add map_sysmem() and IH_ARCH_DEFAULT to simplfy buildingSimon Glass2013-06-04-0/+12
|/ / | | | | | | | | | | | | | | | | | | | | | | | | These are not actually used in mkimage itself, but the image code (which is common with mkimage) does use them. To avoid #ifdefs in the image code just for mkimage, define dummy version of these here. The compiler will eliminate the dead code anyway. A better way to handle this might be to split out more things from common.h so that mkimage can include them. At present any file that mkimage uses has to be very careful what headers it includes. Signed-off-by: Simon Glass <sjg@chromium.org>
* | Merge branch 'u-boot/master' into 'u-boot-arm/master'Albert ARIBAUD2013-05-30-49/+300
|\ \ | |/ |/| | | | | | | Conflicts: common/cmd_fpga.c drivers/usb/host/ohci-at91.c
| * buildman: Produce a sensible error message when branch is missingSimon Glass2013-05-14-6/+19
| | | | | | | | | | | | | | Rather than a backtrace, produce a nice error message when an invalid branch is provided to buildman. Signed-off-by: Simon Glass <sjg@chromium.org>
| * mkimage: Put FIT loading in function and tidy error handlingSimon Glass2013-05-14-39/+57
| | | | | | | | | | | | | | | | | | | | The fit_handle_file() function is quite long - split out the part that loads and checks a FIT into its own function. We will use this function for storing public keys into a destination FDT file. The error handling is currently a bit repetitive - tidy it. Signed-off-by: Simon Glass <sjg@chromium.org>
| * image: Rename fit_add_hashes() to fit_add_verification_data()Simon Glass2013-05-14-78/+67
| | | | | | | | | | | | | | | | | | We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
| * image: Convert fit_image_hash_set_value() to static, and renameSimon Glass2013-05-14-31/+31
| | | | | | | | | | | | | | | | | | This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
| * image: Split hash node processing into its own functionSimon Glass2013-05-14-39/+57
| | | | | | | | | | | | | | | | This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de>
| * image: Move HOSTCC image code to tools/Simon Glass2013-05-14-0/+203
| | | | | | | | | | | | | | | | This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
| * image: Split FIT code into new image-fit.cSimon Glass2013-05-14-0/+2
| | | | | | | | | | | | | | | | The FIT code is about half the size of the >3000-line image.c. Split this code into its own file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
| * mkimage: Move ARRAY_SIZE to header fileSimon Glass2013-05-14-1/+2
| | | | | | | | | | | | | | | | Move this definition from aisimage.c to mkimage.h so that it is available more widely. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de>
| * patman: Do not hardcode python pathMichal Simek2013-05-09-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Patman requires python 2.7.4 to run but it doesn't need to be placed in /usr/bin/python. Use env to ensure that the interpreter used is the first one on environment's $PATH on system with several versions of Python installed. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Tom Rini <trini@ti.com> Acked-by: Simon Glass <sjg@chromium.org>
| * buildman: Allow conflicting tags to avoid spurious errorsSimon Glass2013-05-09-1/+8
| | | | | | | | | | | | | | | | | | | | Conflicting tags can prevent buildman from building two series which exist one after the other in a branch. There is no reason not to allow this sort of workflow with buildman, so ignore conflicting tags in buildman. Change-Id: I2231d04d8684fe0f8fe77f8ea107e5899a3da5e8 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@ti.com>
* | Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'Albert ARIBAUD2013-05-11-9/+25
|\ \ | |/ |/| | | | | | | Conflicts: drivers/mtd/nand/mxc_nand_spl.c include/configs/m28evk.h
| * imx: Align the imximage header and payload to multiples of 4kMarek Vasut2013-05-05-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The MX53 ROM loads the data from NAND in multiples of pages and supports maximum page size of 4k. Thus, align the image and header to 4k to be safe from ROM bugs. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Albert ARIBAUD <albert.u.boot@aribaud.net> Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Scott Wood <scottwood@freescale.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Tom Rini <trini@ti.com>
| * tools: arm: imx: Implement BOOT_OFFSET command for imximageMarek Vasut2013-04-28-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement BOOT_OFFSET command for imximage. This command is parallel to current BOOT_FROM command, but allows more flexibility in configuring arbitrary image header offset. Also add an imximage.cfg with default offset values into arm/arch/imx-common/ so the board-specific imximage.cfg can include this file to avoid magic constants. The syntax of BOOT_OFFSET command is "BOOT_OFFSET <u32 offset>". Signed-off-by: Marek Vasut <marex@denx.de> Cc: Albert ARIBAUD <albert.u.boot@aribaud.net> Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Scott Wood <scottwood@freescale.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Tom Rini <trini@ti.com> Acked-by: Stefano Babic <sbabic@denx.de> Acked-by: Stefan Roese <sr@denx.de>
| * mxs: mxsboot: Move sdcard BCB header to 4 sectors offsetOtavio Salvador2013-04-26-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | The MX23 Boot ROM does blindly load from 2048 offset while the MX28 does parse the BCB header to known where to load the image from. We move the BCB header to 4 sectors offset so same code can be used by both SoCs avoiding code duplication. This idea was given by Marek Vasut <marex@denx.de> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Tested-by: Fabio Estevam <fabio.estevam@freescale.com> Tested-by: Marek Vasut <marex@denx.de>
* | patman: fix gitutil for decorationsAndreas Bießmann2013-04-18-4/+7
| | | | | | | | | | | | | | | | | | The git config parameter log.decorate is quite useful when working with git. Patman, however can not handle the decorated output when parsing the commit. To prevent this use the '--no-decorate' switch for git-log. Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Acked-by: Simon Glass <sjg@chromium.org>
* | fdt: Ensure that libfdt_env.h comes from U-BootSimon Glass2013-04-17-1/+2
|/ | | | | | | | | | | | | | | | When building host utilities, we include libfdt.h from the host, not from U-Boot. This in turn brings in libfdt_env.h from the host, which can mess up the types and cause a build failure, depending on the host environment. To fix this, force inclusion of U-Boot's libfdt_env.h so that the types are correct. Another way to fix this is to use -nostdinc and -idirafter to ensure that system includes are included after U-Boot ones. Unfortunately this means that U-Boot's errno.h gets included instead of the system one. This in turn requires a hack to errno.h to redirect things, so all in all the solution in this patch is probably cleaner. Signed-off-by: Simon Glass <sjg@chromium.org>
* Merge branch 'u-boot/master' into 'u-boot-arm/master'Albert ARIBAUD2013-04-12-152/+3917
|\ | | | | | | | | Conflicts: drivers/video/exynos_fb.c
| * env: Add redundant env support to UBI envJoe Hershberger2013-04-11-0/+3
| | | | | | | | | | | | Allow the user to specify two UBI volumes to use for the environment Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
| * env: Add support for UBI environmentJoe Hershberger2013-04-11-1/+2
| | | | | | | | | | | | | | | | | | UBI is a better place for the environment on NAND devices because it handles wear-leveling and bad blocks. Gluebi is needed in Linux to access the env as an MTD partition. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
| * patman: Add Series-process-log tag to sort/uniq change logsSimon Glass2013-04-08-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For some series with lots of changes it is annoying that duplicate change log items are not caught. It is also helpful sometimes to sort the change logs. Add a Series-process-log tag to enable this, which can be placed in a commit to control this. The change to the Cc: line is to fix a checkpatch warning. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Add -a option to refrain from test-applying the patchesSimon Glass2013-04-08-3/+7
| | | | | | | | | | | | | | | | | | | | Especially with the Linux kernel, it takes a long time (a minute or more) to test-apply the patches, so patman becomes significantly less useful. The only real problem that is found with this apply step is trailing spaces. Provide a -a option to skip this step, for those working with clean patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Don't barf if the word 'commit' starts a lineDoug Anderson2013-04-08-1/+1
| | | | | | | | | | | | | | | | | | | | | | Patman's regular expression for detecting the start of a commit in a git log was a little simplistic and could be confused if the git log itself had the word "commit" as the start of a line (as this commit does). Make patman a little more robust. Signed-off-by: Doug Anderson <dianders@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
| * patman: Provide option to ignore bad aliasesSimon Glass2013-04-08-24/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Often it happens that patches include tags which don't have aliases. It is annoying that patman fails in this case, and provides no option to continue other than adding empty tags to the .patman file. Correct this by adding a '-t' option to ignore tags that don't exist. Print a warning instead. Since running the tests is not a common operation, move this to --test instead, to reserve -t for this new option. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * buildman - U-Boot multi-threaded builder and summary toolSimon Glass2013-04-04-0/+3030
| | | | | | | | | | | | | | | | | | | | | | | | | | This tool handles building U-Boot to check that you have not broken it with your patch series. It can build each individual commit and report which boards fail on which commits, and which errors come up. It also shows differences in image sizes due to particular commits. Buildman aims to make full use of multi-processor machines. Documentation and caveats are in tools/buildman/README. Signed-off-by: Simon Glass <sjg@chromium.org>
| * patman: Ignore all Gerrit Commit-* tagsSimon Glass2013-04-04-1/+1
| | | | | | | | | | | | | | These tags are used by Gerrit, so let's ignore all of them. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Minor help message/README fixesSimon Glass2013-04-04-3/+3
| | | | | | | | | | | | | | | | A few of the help messages are not quite right, and there is a typo in the README. Fix these. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Fix the comment in CheckTags to mention multiple tagsSimon Glass2013-04-04-2/+3
| | | | | | | | | | | | | | | | This comment is less than helpful. Since multiple tags are supported, add an example of how multiple tags work. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Don't allow spaces in tagsSimon Glass2013-04-04-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present something like: Revert "arm: Add cache operations" will try to use Revert "arm as a tag. Clearly this is wrong, so fix it. If the revert is intended to be tagged, then the tag can come before the revert, perhaps. Alternatively the 'Cc' tag can be used in the commit messages. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Fix up checkpatch parsing to deal with 'CHECK' linesSimon Glass2013-04-04-62/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | checkpatch has a new type of warning, a 'CHECK'. At present patman fails with these, which makes it less than useful. Add support for checks, making it backwards compatible with the old checkpatch. At the same time, clean up formatting of the CheckPatches() output, fix erroneous "internal error" if multiple patches have warnings and be more robust to new types of problems. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Add Cover-letter-cc tag to Cc cover letter to peopleSimon Glass2013-04-04-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | The cover letter is sent to everyone who is on the Cc list for any of the patches in the series. Sometimes it is useful to send just the cover letter to additional people, so that they are aware of the series, but don't need to wade through all the individual patches. Add a new Cover-letter-cc tag for this purpose. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>
| * patman: Allow specifying the message ID your series is in reply toDoug Anderson2013-04-04-2/+9
| | | | | | | | | | | | | | | | | | Some versions of git don't seem to prompt you for the message ID that your series is in reply to. Allow specifying this from the command line. Signed-off-by: Doug Anderson <dianders@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
| * patman: Make "Reviewed-by" an important tagDoug Anderson2013-04-04-4/+4
| | | | | | | | | | | | | | | | | | | | Although "Reviewed-by:" is a tag that gerrit adds, it's also a tag used by upstream. Stripping it is undesirable. In fact, we should treat it as important. Signed-off-by: Doug Anderson <dianders@chromium.org> Reviewed-by: Otavio Salvador <otavio@ossystems.com.br> Acked-by: Simon Glass <sjg@chromium.org>