blob: 38dfe2c7db9d21d42a512c346fbf5ef53a23fe81 [file] [log] [blame]
Simon Glass7a61c6b2018-07-17 13:25:37 -06001Binman Entry Documentation
Heinrich Schuchardtb72160b2023-10-28 11:59:32 +02002==========================
Simon Glass7a61c6b2018-07-17 13:25:37 -06003
4This file describes the entry types supported by binman. These entry types can
5be placed in an image one by one to build up a final firmware image. It is
6fairly easy to create new entry types. Just add a new file to the 'etype'
7directory. You can use the existing entries as examples.
8
9Note that some entries are subclasses of others, using and extending their
10features to produce new behaviours.
11
12
13
Simon Glassa7c97782022-08-07 16:33:25 -060014.. _etype_atf_bl31:
15
Simon Glass8911fa12021-03-18 20:25:16 +130016Entry: atf-bl31: ARM Trusted Firmware (ATF) BL31 blob
17-----------------------------------------------------
Simon Glass559c4de2020-09-01 05:13:58 -060018
19Properties / Entry arguments:
20 - atf-bl31-path: Filename of file to read into entry. This is typically
21 called bl31.bin or bl31.elf
22
23This entry holds the run-time firmware, typically started by U-Boot SPL.
24See the U-Boot README for your architecture or board for how to use it. See
25https://github.com/ARM-software/arm-trusted-firmware for more information
26about ATF.
27
28
29
Simon Glassa7c97782022-08-07 16:33:25 -060030.. _etype_atf_fip:
31
Simon Glass3efb2972021-11-23 21:08:59 -070032Entry: atf-fip: ARM Trusted Firmware's Firmware Image Package (FIP)
33-------------------------------------------------------------------
34
35A FIP_ provides a way to group binaries in a firmware image, used by ARM's
36Trusted Firmware A (TF-A) code. It is a simple format consisting of a
37table of contents with information about the type, offset and size of the
38binaries in the FIP. It is quite similar to FMAP, with the major difference
39that it uses UUIDs to indicate the type of each entry.
40
41Note: It is recommended to always add an fdtmap to every image, as well as
42any FIPs so that binman and other tools can access the entire image
43correctly.
44
45The UUIDs correspond to useful names in `fiptool`, provided by ATF to
46operate on FIPs. Binman uses these names to make it easier to understand
47what is going on, although it is possible to provide a UUID if needed.
48
49The contents of the FIP are defined by subnodes of the atf-fip entry, e.g.::
50
51 atf-fip {
52 soc-fw {
53 filename = "bl31.bin";
54 };
55
56 scp-fwu-cfg {
57 filename = "bl2u.bin";
58 };
59
60 u-boot {
61 fip-type = "nt-fw";
62 };
63 };
64
65This describes a FIP with three entries: soc-fw, scp-fwu-cfg and nt-fw.
66You can use normal (non-external) binaries like U-Boot simply by adding a
67FIP type, with the `fip-type` property, as above.
68
69Since FIP exists to bring blobs together, Binman assumes that all FIP
70entries are external binaries. If a binary may not exist, you can use the
71`--allow-missing` flag to Binman, in which case the image is still created,
72even though it will not actually work.
73
74The size of the FIP depends on the size of the binaries. There is currently
75no way to specify a fixed size. If the `atf-fip` node has a `size` entry,
76this affects the space taken up by the `atf-fip` entry, but the FIP itself
77does not expand to use that space.
78
79Some other FIP features are available with Binman. The header and the
80entries have 64-bit flag works. The flag flags do not seem to be defined
81anywhere, but you can use `fip-hdr-flags` and fip-flags` to set the values
82of the header and entries respectively.
83
84FIP entries can be aligned to a particular power-of-two boundary. Use
85fip-align for this.
86
87Binman only understands the entry types that are included in its
88implementation. It is possible to specify a 16-byte UUID instead, using the
89fip-uuid property. In this case Binman doesn't know what its type is, so
90just uses the UUID. See the `u-boot` node in this example::
91
92 binman {
93 atf-fip {
94 fip-hdr-flags = /bits/ 64 <0x123>;
95 fip-align = <16>;
96 soc-fw {
97 fip-flags = /bits/ 64 <0x456>;
98 filename = "bl31.bin";
99 };
100
101 scp-fwu-cfg {
102 filename = "bl2u.bin";
103 };
104
105 u-boot {
106 fip-uuid = [fc 65 13 92 4a 5b 11 ec
107 94 35 ff 2d 1c fc 79 9c];
108 };
109 };
110 fdtmap {
111 };
112 };
113
114Binman allows reading and updating FIP entries after the image is created,
115provided that an FDPMAP is present too. Updates which change the size of a
116FIP entry will cause it to be expanded or contracted as needed.
117
118Properties for top-level atf-fip node
119~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
120
121fip-hdr-flags (64 bits)
122 Sets the flags for the FIP header.
123
124Properties for subnodes
125~~~~~~~~~~~~~~~~~~~~~~~
126
127fip-type (str)
128 FIP type to use for this entry. This is needed if the entry
129 name is not a valid type. Value types are defined in `fip_util.py`.
130 The FIP type defines the UUID that is used (they map 1:1).
131
132fip-uuid (16 bytes)
133 If there is no FIP-type name defined, or it is not supported by Binman,
134 this property sets the UUID. It should be a 16-byte value, following the
135 hex digits of the UUID.
136
137fip-flags (64 bits)
138 Set the flags for a FIP entry. Use in one of the subnodes of the
139 7atf-fip entry.
140
141fip-align
142 Set the alignment for a FIP entry, FIP entries can be aligned to a
143 particular power-of-two boundary. The default is 1.
144
145Adding new FIP-entry types
146~~~~~~~~~~~~~~~~~~~~~~~~~~
147
148When new FIP entries are defined by TF-A they appear in the
149`TF-A source tree`_. You can use `fip_util.py` to update Binman to support
150new types, then `send a patch`_ to the U-Boot mailing list. There are two
151source files that the tool examples:
152
153- `include/tools_share/firmware_image_package.h` has the UUIDs
154- `tools/fiptool/tbbr_config.c` has the name and descripion for each UUID
155
156To run the tool::
157
158 $ tools/binman/fip_util.py -s /path/to/arm-trusted-firmware
159 Warning: UUID 'UUID_NON_TRUSTED_WORLD_KEY_CERT' is not mentioned in tbbr_config.c file
160 Existing code in 'tools/binman/fip_util.py' is up-to-date
161
162If it shows there is an update, it writes a new version of `fip_util.py`
163to `fip_util.py.out`. You can change the output file using the `-i` flag.
164If you have a problem, use `-D` to enable traceback debugging.
165
166FIP commentary
167~~~~~~~~~~~~~~
168
169As a side effect of use of UUIDs, FIP does not support multiple
170entries of the same type, such as might be used to store fonts or graphics
171icons, for example. For verified boot it could be used for each part of the
172image (e.g. separate FIPs for A and B) but cannot describe the whole
173firmware image. As with FMAP there is no hierarchy defined, although FMAP
174works around this by having 'section' areas which encompass others. A
175similar workaround would be possible with FIP but is not currently defined.
176
177It is recommended to always add an fdtmap to every image, as well as any
178FIPs so that binman and other tools can access the entire image correctly.
179
180.. _FIP: https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#firmware-image-package-fip
181.. _`TF-A source tree`: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
182.. _`send a patch`: https://www.denx.de/wiki/U-Boot/Patches
183
184
185
Simon Glassa7c97782022-08-07 16:33:25 -0600186.. _etype_blob:
187
Simon Glass8911fa12021-03-18 20:25:16 +1300188Entry: blob: Arbitrary binary blob
189----------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -0600190
191Note: This should not be used by itself. It is normally used as a parent
192class by other entry types.
193
194Properties / Entry arguments:
195 - filename: Filename of file to read into entry
Simon Glass7ba33592018-09-14 04:57:26 -0600196 - compress: Compression algorithm to use:
197 none: No compression
198 lz4: Use lz4 compression (via 'lz4' command-line utility)
Simon Glass7a61c6b2018-07-17 13:25:37 -0600199
200This entry reads data from a file and places it in the entry. The
201default filename is often specified specified by the subclass. See for
Simon Glass537e0062021-03-18 20:24:54 +1300202example the 'u-boot' entry which provides the filename 'u-boot.bin'.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600203
Simon Glass7ba33592018-09-14 04:57:26 -0600204If compression is enabled, an extra 'uncomp-size' property is written to
205the node (if enabled with -u) which provides the uncompressed size of the
206data.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600207
208
Simon Glass7a61c6b2018-07-17 13:25:37 -0600209
Simon Glassa7c97782022-08-07 16:33:25 -0600210.. _etype_blob_dtb:
211
Simon Glasse219aa42018-09-14 04:57:24 -0600212Entry: blob-dtb: A blob that holds a device tree
213------------------------------------------------
214
215This is a blob containing a device tree. The contents of the blob are
216obtained from the list of available device-tree files, managed by the
217'state' module.
218
Simon Glassda6a9082023-01-07 14:07:10 -0700219Additional attributes:
220 prepend: Header used (e.g. 'length')
Simon Glasse219aa42018-09-14 04:57:24 -0600221
222
Simon Glassda6a9082023-01-07 14:07:10 -0700223
Simon Glassa7c97782022-08-07 16:33:25 -0600224.. _etype_blob_ext:
225
Simon Glass8911fa12021-03-18 20:25:16 +1300226Entry: blob-ext: Externally built binary blob
227---------------------------------------------
Simon Glass5e560182020-07-09 18:39:36 -0600228
229Note: This should not be used by itself. It is normally used as a parent
230class by other entry types.
231
Simon Glass5d94cc62020-07-09 18:39:38 -0600232If the file providing this blob is missing, binman can optionally ignore it
233and produce a broken image with a warning.
234
Simon Glass5e560182020-07-09 18:39:36 -0600235See 'blob' for Properties / Entry arguments.
236
237
238
Simon Glassa7c97782022-08-07 16:33:25 -0600239.. _etype_blob_ext_list:
240
Simon Glass0b00ae62021-11-23 21:09:52 -0700241Entry: blob-ext-list: List of externally built binary blobs
242-----------------------------------------------------------
243
244This is like blob-ext except that a number of blobs can be provided,
245typically with some sort of relationship, e.g. all are DDC parameters.
246
247If any of the external files needed by this llist is missing, binman can
248optionally ignore it and produce a broken image with a warning.
249
250Args:
251 filenames: List of filenames to read and include
252
253
Simon Glassa7c97782022-08-07 16:33:25 -0600254
255.. _etype_blob_named_by_arg:
Simon Glass0b00ae62021-11-23 21:09:52 -0700256
Simon Glassdb168d42018-07-17 13:25:39 -0600257Entry: blob-named-by-arg: A blob entry which gets its filename property from its subclass
258-----------------------------------------------------------------------------------------
259
260Properties / Entry arguments:
261 - <xxx>-path: Filename containing the contents of this entry (optional,
Simon Glass21db0ff2020-09-01 05:13:54 -0600262 defaults to None)
Simon Glassdb168d42018-07-17 13:25:39 -0600263
264where <xxx> is the blob_fname argument to the constructor.
265
266This entry cannot be used directly. Instead, it is used as a parent class
267for another entry, which defined blob_fname. This parameter is used to
268set the entry-arg or property containing the filename. The entry-arg or
269property is in turn used to set the actual filename.
270
271See cros_ec_rw for an example of this.
272
273
274
Simon Glassa7c97782022-08-07 16:33:25 -0600275.. _etype_blob_phase:
276
Simon Glass718b5292021-03-18 20:25:07 +1300277Entry: blob-phase: Section that holds a phase binary
278----------------------------------------------------
279
280This is a base class that should not normally be used directly. It is used
281when converting a 'u-boot' entry automatically into a 'u-boot-expanded'
282entry; similarly for SPL.
283
284
Simon Glassa7c97782022-08-07 16:33:25 -0600285
286.. _etype_cbfs:
Simon Glass718b5292021-03-18 20:25:07 +1300287
Simon Glass8911fa12021-03-18 20:25:16 +1300288Entry: cbfs: Coreboot Filesystem (CBFS)
289---------------------------------------
Simon Glass1de34482019-07-08 13:18:53 -0600290
291A CBFS provides a way to group files into a group. It has a simple directory
292structure and allows the position of individual files to be set, since it is
293designed to support execute-in-place in an x86 SPI-flash device. Where XIP
294is not used, it supports compression and storing ELF files.
295
296CBFS is used by coreboot as its way of orgnanising SPI-flash contents.
297
Simon Glass0ac96b62021-03-18 20:25:15 +1300298The contents of the CBFS are defined by subnodes of the cbfs entry, e.g.::
Simon Glass1de34482019-07-08 13:18:53 -0600299
300 cbfs {
301 size = <0x100000>;
302 u-boot {
303 cbfs-type = "raw";
304 };
305 u-boot-dtb {
306 cbfs-type = "raw";
307 };
308 };
309
310This creates a CBFS 1MB in size two files in it: u-boot.bin and u-boot.dtb.
311Note that the size is required since binman does not support calculating it.
312The contents of each entry is just what binman would normally provide if it
313were not a CBFS node. A blob type can be used to import arbitrary files as
Simon Glass0ac96b62021-03-18 20:25:15 +1300314with the second subnode below::
Simon Glass1de34482019-07-08 13:18:53 -0600315
316 cbfs {
317 size = <0x100000>;
318 u-boot {
319 cbfs-name = "BOOT";
320 cbfs-type = "raw";
321 };
322
323 dtb {
324 type = "blob";
325 filename = "u-boot.dtb";
326 cbfs-type = "raw";
327 cbfs-compress = "lz4";
Simon Glassc2f1aed2019-07-08 13:18:56 -0600328 cbfs-offset = <0x100000>;
Simon Glass1de34482019-07-08 13:18:53 -0600329 };
330 };
331
332This creates a CBFS 1MB in size with u-boot.bin (named "BOOT") and
333u-boot.dtb (named "dtb") and compressed with the lz4 algorithm.
334
335
336Properties supported in the top-level CBFS node:
337
338cbfs-arch:
339 Defaults to "x86", but you can specify the architecture if needed.
340
341
342Properties supported in the CBFS entry subnodes:
343
344cbfs-name:
345 This is the name of the file created in CBFS. It defaults to the entry
346 name (which is the node name), but you can override it with this
347 property.
348
349cbfs-type:
350 This is the CBFS file type. The following are supported:
351
352 raw:
353 This is a 'raw' file, although compression is supported. It can be
354 used to store any file in CBFS.
355
356 stage:
357 This is an ELF file that has been loaded (i.e. mapped to memory), so
358 appears in the CBFS as a flat binary. The input file must be an ELF
359 image, for example this puts "u-boot" (the ELF image) into a 'stage'
Simon Glass0ac96b62021-03-18 20:25:15 +1300360 entry::
Simon Glass1de34482019-07-08 13:18:53 -0600361
362 cbfs {
363 size = <0x100000>;
364 u-boot-elf {
365 cbfs-name = "BOOT";
366 cbfs-type = "stage";
367 };
368 };
369
Simon Glass0ac96b62021-03-18 20:25:15 +1300370 You can use your own ELF file with something like::
Simon Glass1de34482019-07-08 13:18:53 -0600371
372 cbfs {
373 size = <0x100000>;
374 something {
375 type = "blob";
376 filename = "cbfs-stage.elf";
377 cbfs-type = "stage";
378 };
379 };
380
381 As mentioned, the file is converted to a flat binary, so it is
382 equivalent to adding "u-boot.bin", for example, but with the load and
383 start addresses specified by the ELF. At present there is no option
384 to add a flat binary with a load/start address, similar to the
385 'add-flat-binary' option in cbfstool.
386
Simon Glassc2f1aed2019-07-08 13:18:56 -0600387cbfs-offset:
388 This is the offset of the file's data within the CBFS. It is used to
389 specify where the file should be placed in cases where a fixed position
390 is needed. Typical uses are for code which is not relocatable and must
391 execute in-place from a particular address. This works because SPI flash
392 is generally mapped into memory on x86 devices. The file header is
393 placed before this offset so that the data start lines up exactly with
394 the chosen offset. If this property is not provided, then the file is
395 placed in the next available spot.
Simon Glass1de34482019-07-08 13:18:53 -0600396
397The current implementation supports only a subset of CBFS features. It does
398not support other file types (e.g. payload), adding multiple files (like the
399'files' entry with a pattern supported by binman), putting files at a
400particular offset in the CBFS and a few other things.
401
402Of course binman can create images containing multiple CBFSs, simply by
Simon Glass0ac96b62021-03-18 20:25:15 +1300403defining these in the binman config::
Simon Glass1de34482019-07-08 13:18:53 -0600404
405
406 binman {
407 size = <0x800000>;
408 cbfs {
409 offset = <0x100000>;
410 size = <0x100000>;
411 u-boot {
412 cbfs-type = "raw";
413 };
414 u-boot-dtb {
415 cbfs-type = "raw";
416 };
417 };
418
419 cbfs2 {
420 offset = <0x700000>;
421 size = <0x100000>;
422 u-boot {
423 cbfs-type = "raw";
424 };
425 u-boot-dtb {
426 cbfs-type = "raw";
427 };
428 image {
429 type = "blob";
430 filename = "image.jpg";
431 };
432 };
433 };
434
435This creates an 8MB image with two CBFSs, one at offset 1MB, one at 7MB,
436both of size 1MB.
437
438
439
Simon Glassa7c97782022-08-07 16:33:25 -0600440.. _etype_collection:
441
Simon Glasse1915782021-03-21 18:24:31 +1300442Entry: collection: An entry which contains a collection of other entries
443------------------------------------------------------------------------
444
445Properties / Entry arguments:
446 - content: List of phandles to entries to include
447
448This allows reusing the contents of other entries. The contents of the
449listed entries are combined to form this entry. This serves as a useful
450base class for entry types which need to process data from elsewhere in
451the image, not necessarily child entries.
452
Simon Glassbd5cd882022-08-13 11:40:50 -0600453The entries can generally be anywhere in the same image, even if they are in
454a different section from this entry.
455
Simon Glasse1915782021-03-21 18:24:31 +1300456
457
Simon Glassa7c97782022-08-07 16:33:25 -0600458.. _etype_cros_ec_rw:
459
Simon Glassdb168d42018-07-17 13:25:39 -0600460Entry: cros-ec-rw: A blob entry which contains a Chromium OS read-write EC image
461--------------------------------------------------------------------------------
462
463Properties / Entry arguments:
464 - cros-ec-rw-path: Filename containing the EC image
465
466This entry holds a Chromium OS EC (embedded controller) image, for use in
467updating the EC on startup via software sync.
468
469
470
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530471.. _etype_efi_capsule:
472
Simon Glass86e1b822024-06-23 11:55:02 -0600473Entry: efi-capsule: Generate EFI capsules
474-----------------------------------------
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530475
Simon Glass86e1b822024-06-23 11:55:02 -0600476The parameters needed for generation of the capsules can
477be provided as properties in the entry.
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530478
479Properties / Entry arguments:
480 - image-index: Unique number for identifying corresponding
481 payload image. Number between 1 and descriptor count, i.e.
482 the total number of firmware images that can be updated. Mandatory
483 property.
484 - image-guid: Image GUID which will be used for identifying the
485 updatable image on the board. Mandatory property.
486 - hardware-instance: Optional number for identifying unique
487 hardware instance of a device in the system. Default value of 0
488 for images where value is not to be used.
489 - fw-version: Value of image version that can be put on the capsule
490 through the Firmware Management Protocol(FMP) header.
491 - monotonic-count: Count used when signing an image.
492 - private-key: Path to PEM formatted .key private key file. Mandatory
493 property for generating signed capsules.
494 - public-key-cert: Path to PEM formatted .crt public key certificate
495 file. Mandatory property for generating signed capsules.
496 - oem-flags - OEM flags to be passed through capsule header.
497
Simon Glass86e1b822024-06-23 11:55:02 -0600498Since this is a subclass of Entry_section, all properties of the parent
499class also apply here. Except for the properties stated as mandatory, the
500rest of the properties are optional.
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530501
502For more details on the description of the capsule format, and the capsule
503update functionality, refer Section 8.5 and Chapter 23 in the `UEFI
504specification`_.
505
506The capsule parameters like image index and image GUID are passed as
507properties in the entry. The payload to be used in the capsule is to be
508provided as a subnode of the capsule entry.
509
510A typical capsule entry node would then look something like this::
511
512 capsule {
Simon Glass86e1b822024-06-23 11:55:02 -0600513 type = "efi-capsule";
514 image-index = <0x1>;
515 /* Image GUID for testing capsule update */
516 image-guid = SANDBOX_UBOOT_IMAGE_GUID;
517 hardware-instance = <0x0>;
518 private-key = "path/to/the/private/key";
519 public-key-cert = "path/to/the/public-key-cert";
520 oem-flags = <0x8000>;
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530521
Simon Glass86e1b822024-06-23 11:55:02 -0600522 u-boot {
523 };
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530524 };
525
526In the above example, the capsule payload is the U-Boot image. The
527capsule entry would read the contents of the payload and put them
528into the capsule. Any external file can also be specified as the
529payload using the blob-ext subnode.
530
531.. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf
532
533
534
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530535.. _etype_efi_empty_capsule:
536
Simon Glass86e1b822024-06-23 11:55:02 -0600537Entry: efi-empty-capsule: Generate EFI empty capsules
538-----------------------------------------------------
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530539
540The parameters needed for generation of the empty capsules can
541be provided as properties in the entry.
542
543Properties / Entry arguments:
544 - image-guid: Image GUID which will be used for identifying the
545 updatable image on the board. Mandatory for accept capsule.
546 - capsule-type - String to indicate type of capsule to generate. Valid
547 values are 'accept' and 'revert'.
548
549For more details on the description of the capsule format, and the capsule
550update functionality, refer Section 8.5 and Chapter 23 in the `UEFI
551specification`_. For more information on the empty capsule, refer the
552sections 2.3.2 and 2.3.3 in the `Dependable Boot specification`_.
553
Simon Glass86e1b822024-06-23 11:55:02 -0600554A typical accept empty capsule entry node would then look something like
555this::
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530556
557 empty-capsule {
Simon Glass86e1b822024-06-23 11:55:02 -0600558 type = "efi-empty-capsule";
559 /* GUID of image being accepted */
560 image-type-id = SANDBOX_UBOOT_IMAGE_GUID;
561 capsule-type = "accept";
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530562 };
563
Simon Glass86e1b822024-06-23 11:55:02 -0600564A typical revert empty capsule entry node would then look something like
565this::
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530566
567 empty-capsule {
Simon Glass86e1b822024-06-23 11:55:02 -0600568 type = "efi-empty-capsule";
569 capsule-type = "revert";
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530570 };
571
572The empty capsules do not have any input payload image.
573
574.. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf
575.. _`Dependable Boot specification`: https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
576
577
578
Christian Taedckebc454362023-07-17 09:05:52 +0200579.. _etype_encrypted:
580
581Entry: encrypted: Externally built encrypted binary blob
582--------------------------------------------------------
583
584This entry provides the functionality to include information about how to
585decrypt an encrypted binary. This information is added to the
586resulting device tree by adding a new cipher node in the entry's parent
587node (i.e. the binary).
588
589The key that must be used to decrypt the binary is either directly embedded
590in the device tree or indirectly by specifying a key source. The key source
591can be used as an id of a key that is stored in an external device.
592
593Using an embedded key
594~~~~~~~~~~~~~~~~~~~~~
595
596This is an example using an embedded key::
597
598 blob-ext {
599 filename = "encrypted-blob.bin";
600 };
601
602 encrypted {
603 algo = "aes256-gcm";
604 iv-filename = "encrypted-blob.bin.iv";
605 key-filename = "encrypted-blob.bin.key";
606 };
607
608This entry generates the following device tree structure form the example
609above::
610
611 data = [...]
612 cipher {
613 algo = "aes256-gcm";
614 key = <0x...>;
615 iv = <0x...>;
616 };
617
618The data property is generated by the blob-ext etype, the cipher node and
619its content is generated by this etype.
620
621Using an external key
622~~~~~~~~~~~~~~~~~~~~~
623
624Instead of embedding the key itself into the device tree, it is also
625possible to address an externally stored key by specifying a 'key-source'
626instead of the 'key'::
627
628 blob-ext {
629 filename = "encrypted-blob.bin";
630 };
631
632 encrypted {
633 algo = "aes256-gcm";
634 iv-filename = "encrypted-blob.bin.iv";
635 key-source = "external-key-id";
636 };
637
638This entry generates the following device tree structure form the example
639above::
640
641 data = [...]
642 cipher {
643 algo = "aes256-gcm";
644 key-source = "external-key-id";
645 iv = <0x...>;
646 };
647
648Properties
649~~~~~~~~~~
650
651Properties / Entry arguments:
652 - algo: The encryption algorithm. Currently no algorithm is supported
653 out-of-the-box. Certain algorithms will be added in future
654 patches.
655 - iv-filename: The name of the file containing the initialization
656 vector (in short iv). See
657 https://en.wikipedia.org/wiki/Initialization_vector
658 - key-filename: The name of the file containing the key. Either
659 key-filename or key-source must be provided.
660 - key-source: The key that should be used. Either key-filename or
661 key-source must be provided.
662
663
664
Simon Glassa7c97782022-08-07 16:33:25 -0600665.. _etype_fdtmap:
666
Simon Glass0f621332019-07-08 14:25:27 -0600667Entry: fdtmap: An entry which contains an FDT map
668-------------------------------------------------
669
670Properties / Entry arguments:
671 None
672
673An FDT map is just a header followed by an FDT containing a list of all the
Simon Glassfb30e292019-07-20 12:23:51 -0600674entries in the image. The root node corresponds to the image node in the
675original FDT, and an image-name property indicates the image name in that
676original tree.
Simon Glass0f621332019-07-08 14:25:27 -0600677
678The header is the string _FDTMAP_ followed by 8 unused bytes.
679
680When used, this entry will be populated with an FDT map which reflects the
681entries in the current image. Hierarchy is preserved, and all offsets and
682sizes are included.
683
684Note that the -u option must be provided to ensure that binman updates the
685FDT with the position of each entry.
686
Simon Glass0ac96b62021-03-18 20:25:15 +1300687Example output for a simple image with U-Boot and an FDT map::
Simon Glass0f621332019-07-08 14:25:27 -0600688
Simon Glass0ac96b62021-03-18 20:25:15 +1300689 / {
690 image-name = "binman";
691 size = <0x00000112>;
Simon Glass0f621332019-07-08 14:25:27 -0600692 image-pos = <0x00000000>;
693 offset = <0x00000000>;
Simon Glass0ac96b62021-03-18 20:25:15 +1300694 u-boot {
695 size = <0x00000004>;
696 image-pos = <0x00000000>;
697 offset = <0x00000000>;
698 };
699 fdtmap {
700 size = <0x0000010e>;
701 image-pos = <0x00000004>;
702 offset = <0x00000004>;
703 };
Simon Glass0f621332019-07-08 14:25:27 -0600704 };
Simon Glass0f621332019-07-08 14:25:27 -0600705
Simon Glassfb30e292019-07-20 12:23:51 -0600706If allow-repack is used then 'orig-offset' and 'orig-size' properties are
707added as necessary. See the binman README.
708
Simon Glass637958f2021-11-23 21:09:50 -0700709When extracting files, an alternative 'fdt' format is available for fdtmaps.
710Use `binman extract -F fdt ...` to use this. It will export a devicetree,
711without the fdtmap header, so it can be viewed with `fdtdump`.
Simon Glass0f621332019-07-08 14:25:27 -0600712
713
Simon Glass637958f2021-11-23 21:09:50 -0700714
Simon Glassa7c97782022-08-07 16:33:25 -0600715.. _etype_files:
716
Simon Glass8911fa12021-03-18 20:25:16 +1300717Entry: files: A set of files arranged in a section
718--------------------------------------------------
Simon Glassac6328c2018-09-14 04:57:28 -0600719
720Properties / Entry arguments:
721 - pattern: Filename pattern to match the files to include
Simon Glass51d02ad2020-10-26 17:40:07 -0600722 - files-compress: Compression algorithm to use:
Simon Glassac6328c2018-09-14 04:57:28 -0600723 none: No compression
724 lz4: Use lz4 compression (via 'lz4' command-line utility)
Simon Glass3f093a32021-03-18 20:24:53 +1300725 - files-align: Align each file to the given alignment
Simon Glassac6328c2018-09-14 04:57:28 -0600726
727This entry reads a number of files and places each in a separate sub-entry
728within this entry. To access these you need to enable device-tree updates
729at run-time so you can obtain the file positions.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600730
731
Simon Glassac6328c2018-09-14 04:57:28 -0600732
Simon Glassa7c97782022-08-07 16:33:25 -0600733.. _etype_fill:
734
Simon Glass53f53992018-07-17 13:25:40 -0600735Entry: fill: An entry which is filled to a particular byte value
736----------------------------------------------------------------
737
738Properties / Entry arguments:
739 - fill-byte: Byte to use to fill the entry
740
741Note that the size property must be set since otherwise this entry does not
742know how large it should be.
743
744You can often achieve the same effect using the pad-byte property of the
745overall image, in that the space between entries will then be padded with
746that byte. But this entry is sometimes useful for explicitly setting the
747byte value of a region.
748
749
Simon Glassc7b010d2020-07-09 18:39:45 -0600750
Simon Glassa7c97782022-08-07 16:33:25 -0600751.. _etype_fit:
752
Simon Glass8911fa12021-03-18 20:25:16 +1300753Entry: fit: Flat Image Tree (FIT)
754---------------------------------
Simon Glass45d556d2020-07-09 18:39:45 -0600755
756This calls mkimage to create a FIT (U-Boot Flat Image Tree) based on the
757input provided.
758
759Nodes for the FIT should be written out in the binman configuration just as
760they would be in a file passed to mkimage.
761
Simon Glass0ac96b62021-03-18 20:25:15 +1300762For example, this creates an image containing a FIT with U-Boot SPL::
Simon Glass45d556d2020-07-09 18:39:45 -0600763
764 binman {
765 fit {
766 description = "Test FIT";
Simon Glassa435cd12020-09-01 05:13:59 -0600767 fit,fdt-list = "of-list";
Simon Glass45d556d2020-07-09 18:39:45 -0600768
769 images {
770 kernel@1 {
771 description = "SPL";
772 os = "u-boot";
773 type = "rkspi";
774 arch = "arm";
775 compression = "none";
776 load = <0>;
777 entry = <0>;
778
779 u-boot-spl {
780 };
781 };
782 };
783 };
784 };
785
Simon Glass912339f2022-02-08 11:50:03 -0700786More complex setups can be created, with generated nodes, as described
787below.
788
789Properties (in the 'fit' node itself)
790~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
791
792Special properties have a `fit,` prefix, indicating that they should be
793processed but not included in the final FIT.
794
795The top-level 'fit' node supports the following special properties:
796
797 fit,external-offset
798 Indicates that the contents of the FIT are external and provides the
799 external offset. This is passed to mkimage via the -E and -p flags.
800
Jonas Karlmanc59ea892023-01-21 19:01:39 +0000801 fit,align
802 Indicates what alignment to use for the FIT and its external data,
803 and provides the alignment to use. This is passed to mkimage via
804 the -B flag.
805
Simon Glass912339f2022-02-08 11:50:03 -0700806 fit,fdt-list
807 Indicates the entry argument which provides the list of device tree
808 files for the gen-fdt-nodes operation (as below). This is often
809 `of-list` meaning that `-a of-list="dtb1 dtb2..."` should be passed
810 to binman.
811
Simon Glass2d94c422023-07-18 07:23:59 -0600812 fit,fdt-list-val
813 As an alternative to fit,fdt-list the list of device tree files
814 can be provided in this property as a string list, e.g.::
815
816 fit,fdt-list-val = "dtb1", "dtb2";
817
Simon Glass912339f2022-02-08 11:50:03 -0700818Substitutions
819~~~~~~~~~~~~~
820
821Node names and property values support a basic string-substitution feature.
822Available substitutions for '@' nodes (and property values) are:
823
824SEQ:
825 Sequence number of the generated fdt (1, 2, ...)
826NAME
827 Name of the dtb as provided (i.e. without adding '.dtb')
828
829The `default` property, if present, will be automatically set to the name
830if of configuration whose devicetree matches the `default-dt` entry
831argument, e.g. with `-a default-dt=sun50i-a64-pine64-lts`.
832
833Available substitutions for property values in these nodes are:
834
835DEFAULT-SEQ:
836 Sequence number of the default fdt, as provided by the 'default-dt'
837 entry argument
838
839Available operations
840~~~~~~~~~~~~~~~~~~~~
841
842You can add an operation to an '@' node to indicate which operation is
843required::
844
845 @fdt-SEQ {
846 fit,operation = "gen-fdt-nodes";
847 ...
848 };
849
850Available operations are:
851
852gen-fdt-nodes
853 Generate FDT nodes as above. This is the default if there is no
854 `fit,operation` property.
855
Simon Glass5f423422022-03-05 20:19:12 -0700856split-elf
857 Split an ELF file into a separate node for each segment.
858
Simon Glass912339f2022-02-08 11:50:03 -0700859Generating nodes from an FDT list (gen-fdt-nodes)
860~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
861
Simon Glassa435cd12020-09-01 05:13:59 -0600862U-Boot supports creating fdt and config nodes automatically. To do this,
Simon Glass9f1c6b92022-02-08 11:50:02 -0700863pass an `of-list` property (e.g. `-a of-list=file1 file2`). This tells
864binman that you want to generates nodes for two files: `file1.dtb` and
865`file2.dtb`. The `fit,fdt-list` property (see above) indicates that
866`of-list` should be used. If the property is missing you will get an error.
Simon Glassa435cd12020-09-01 05:13:59 -0600867
Simon Glass0ac96b62021-03-18 20:25:15 +1300868Then add a 'generator node', a node with a name starting with '@'::
Simon Glassa435cd12020-09-01 05:13:59 -0600869
870 images {
871 @fdt-SEQ {
872 description = "fdt-NAME";
873 type = "flat_dt";
874 compression = "none";
875 };
876 };
877
Simon Glass9f1c6b92022-02-08 11:50:02 -0700878This tells binman to create nodes `fdt-1` and `fdt-2` for each of your two
Simon Glassa435cd12020-09-01 05:13:59 -0600879files. All the properties you specify will be included in the node. This
880node acts like a template to generate the nodes. The generator node itself
881does not appear in the output - it is replaced with what binman generates.
Simon Glass9f1c6b92022-02-08 11:50:02 -0700882A 'data' property is created with the contents of the FDT file.
Simon Glassa435cd12020-09-01 05:13:59 -0600883
Simon Glass0ac96b62021-03-18 20:25:15 +1300884You can create config nodes in a similar way::
Simon Glassa435cd12020-09-01 05:13:59 -0600885
886 configurations {
887 default = "@config-DEFAULT-SEQ";
888 @config-SEQ {
889 description = "NAME";
Samuel Holland91079ac2020-10-21 21:12:14 -0500890 firmware = "atf";
891 loadables = "uboot";
Simon Glassa435cd12020-09-01 05:13:59 -0600892 fdt = "fdt-SEQ";
893 };
894 };
895
Simon Glass9f1c6b92022-02-08 11:50:02 -0700896This tells binman to create nodes `config-1` and `config-2`, i.e. a config
897for each of your two files.
Simon Glassa435cd12020-09-01 05:13:59 -0600898
Simon Glassa435cd12020-09-01 05:13:59 -0600899Note that if no devicetree files are provided (with '-a of-list' as above)
900then no nodes will be generated.
901
Simon Glass5f423422022-03-05 20:19:12 -0700902Generating nodes from an ELF file (split-elf)
903~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
904
905This uses the node as a template to generate multiple nodes. The following
906special properties are available:
907
908split-elf
909 Split an ELF file into a separate node for each segment. This uses the
910 node as a template to generate multiple nodes. The following special
911 properties are available:
912
913 fit,load
914 Generates a `load = <...>` property with the load address of the
915 segment
916
917 fit,entry
918 Generates a `entry = <...>` property with the entry address of the
919 ELF. This is only produced for the first entry
920
921 fit,data
922 Generates a `data = <...>` property with the contents of the segment
923
Jonas Karlman490f73c2023-01-21 19:02:12 +0000924 fit,firmware
925 Generates a `firmware = <...>` property. Provides a list of possible
926 nodes to be used as the `firmware` property value. The first valid
927 node is picked as the firmware. Any remaining valid nodes is
928 prepended to the `loadable` property generated by `fit,loadables`
929
Simon Glass5f423422022-03-05 20:19:12 -0700930 fit,loadables
931 Generates a `loadable = <...>` property with a list of the generated
932 nodes (including all nodes if this operation is used multiple times)
933
934
935Here is an example showing ATF, TEE and a device tree all combined::
936
937 fit {
938 description = "test-desc";
939 #address-cells = <1>;
940 fit,fdt-list = "of-list";
941
942 images {
943 u-boot {
944 description = "U-Boot (64-bit)";
945 type = "standalone";
946 os = "U-Boot";
947 arch = "arm64";
948 compression = "none";
Simon Glass72cc5382022-10-20 18:22:39 -0600949 load = <CONFIG_TEXT_BASE>;
Simon Glass5f423422022-03-05 20:19:12 -0700950 u-boot-nodtb {
951 };
952 };
953 @fdt-SEQ {
954 description = "fdt-NAME.dtb";
955 type = "flat_dt";
956 compression = "none";
957 };
958 @atf-SEQ {
959 fit,operation = "split-elf";
960 description = "ARM Trusted Firmware";
961 type = "firmware";
962 arch = "arm64";
963 os = "arm-trusted-firmware";
964 compression = "none";
965 fit,load;
966 fit,entry;
967 fit,data;
968
969 atf-bl31 {
970 };
Jonas Karlmand2c7d902023-01-21 19:01:48 +0000971 hash {
972 algo = "sha256";
973 };
Simon Glass5f423422022-03-05 20:19:12 -0700974 };
975
976 @tee-SEQ {
977 fit,operation = "split-elf";
978 description = "TEE";
979 type = "tee";
980 arch = "arm64";
981 os = "tee";
982 compression = "none";
983 fit,load;
984 fit,entry;
985 fit,data;
986
987 tee-os {
988 };
Jonas Karlmand2c7d902023-01-21 19:01:48 +0000989 hash {
990 algo = "sha256";
991 };
Simon Glass5f423422022-03-05 20:19:12 -0700992 };
993 };
994
995 configurations {
996 default = "@config-DEFAULT-SEQ";
997 @config-SEQ {
998 description = "conf-NAME.dtb";
999 fdt = "fdt-SEQ";
Jonas Karlman490f73c2023-01-21 19:02:12 +00001000 fit,firmware = "atf-1", "u-boot";
Simon Glass5f423422022-03-05 20:19:12 -07001001 fit,loadables;
1002 };
1003 };
1004 };
1005
1006If ATF-BL31 is available, this generates a node for each segment in the
1007ELF file, for example::
1008
1009 images {
1010 atf-1 {
1011 data = <...contents of first segment...>;
1012 data-offset = <0x00000000>;
1013 entry = <0x00040000>;
1014 load = <0x00040000>;
1015 compression = "none";
1016 os = "arm-trusted-firmware";
1017 arch = "arm64";
1018 type = "firmware";
1019 description = "ARM Trusted Firmware";
Jonas Karlmand2c7d902023-01-21 19:01:48 +00001020 hash {
1021 algo = "sha256";
1022 value = <...hash of first segment...>;
1023 };
Simon Glass5f423422022-03-05 20:19:12 -07001024 };
1025 atf-2 {
1026 data = <...contents of second segment...>;
1027 load = <0xff3b0000>;
1028 compression = "none";
1029 os = "arm-trusted-firmware";
1030 arch = "arm64";
1031 type = "firmware";
1032 description = "ARM Trusted Firmware";
Jonas Karlmand2c7d902023-01-21 19:01:48 +00001033 hash {
1034 algo = "sha256";
1035 value = <...hash of second segment...>;
1036 };
Simon Glass5f423422022-03-05 20:19:12 -07001037 };
1038 };
1039
1040The same applies for OP-TEE if that is available.
1041
1042If each binary is not available, the relevant template node (@atf-SEQ or
1043@tee-SEQ) is removed from the output.
1044
1045This also generates a `config-xxx` node for each device tree in `of-list`.
1046Note that the U-Boot build system uses `-a of-list=$(CONFIG_OF_LIST)`
1047so you can use `CONFIG_OF_LIST` to define that list. In this example it is
1048set up for `firefly-rk3399` with a single device tree and the default set
1049with `-a default-dt=$(CONFIG_DEFAULT_DEVICE_TREE)`, so the resulting output
1050is::
1051
1052 configurations {
1053 default = "config-1";
1054 config-1 {
Jonas Karlman490f73c2023-01-21 19:02:12 +00001055 loadables = "u-boot", "atf-2", "atf-3", "tee-1", "tee-2";
Simon Glass5f423422022-03-05 20:19:12 -07001056 description = "rk3399-firefly.dtb";
1057 fdt = "fdt-1";
Jonas Karlman490f73c2023-01-21 19:02:12 +00001058 firmware = "atf-1";
Simon Glass5f423422022-03-05 20:19:12 -07001059 };
1060 };
1061
Jonas Karlman490f73c2023-01-21 19:02:12 +00001062U-Boot SPL can then load the firmware (ATF) and all the loadables (U-Boot
1063proper, ATF and TEE), then proceed with the boot.
Simon Glass5f423422022-03-05 20:19:12 -07001064
Simon Glass45d556d2020-07-09 18:39:45 -06001065
Simon Glassa7c97782022-08-07 16:33:25 -06001066
1067.. _etype_fmap:
Simon Glass45d556d2020-07-09 18:39:45 -06001068
Simon Glass7a61c6b2018-07-17 13:25:37 -06001069Entry: fmap: An entry which contains an Fmap section
1070----------------------------------------------------
1071
1072Properties / Entry arguments:
1073 None
1074
1075FMAP is a simple format used by flashrom, an open-source utility for
1076reading and writing the SPI flash, typically on x86 CPUs. The format
1077provides flashrom with a list of areas, so it knows what it in the flash.
1078It can then read or write just a single area, instead of the whole flash.
1079
1080The format is defined by the flashrom project, in the file lib/fmap.h -
1081see www.flashrom.org/Flashrom for more information.
1082
1083When used, this entry will be populated with an FMAP which reflects the
1084entries in the current image. Note that any hierarchy is squashed, since
Simon Glassb1d414c2021-04-03 11:05:10 +13001085FMAP does not support this. Sections are represented as an area appearing
1086before its contents, so that it is possible to reconstruct the hierarchy
1087from the FMAP by using the offset information. This convention does not
1088seem to be documented, but is used in Chromium OS.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001089
Simon Glasscda991e2023-02-12 17:11:15 -07001090To mark an area as preserved, use the normal 'preserved' flag in the entry.
1091This will result in the corresponding FMAP area having the
1092FMAP_AREA_PRESERVE flag. This flag does not automatically propagate down to
1093child entries.
1094
Simon Glassb1d414c2021-04-03 11:05:10 +13001095CBFS entries appear as a single entry, i.e. the sub-entries are ignored.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001096
1097
Simon Glassb1d414c2021-04-03 11:05:10 +13001098
Simon Glassa7c97782022-08-07 16:33:25 -06001099.. _etype_gbb:
1100
Simon Glassc1ae83c2018-07-17 13:25:44 -06001101Entry: gbb: An entry which contains a Chromium OS Google Binary Block
1102---------------------------------------------------------------------
1103
1104Properties / Entry arguments:
1105 - hardware-id: Hardware ID to use for this build (a string)
1106 - keydir: Directory containing the public keys to use
1107 - bmpblk: Filename containing images used by recovery
1108
1109Chromium OS uses a GBB to store various pieces of information, in particular
1110the root and recovery keys that are used to verify the boot process. Some
1111more details are here:
1112
1113 https://www.chromium.org/chromium-os/firmware-porting-guide/2-concepts
1114
1115but note that the page dates from 2013 so is quite out of date. See
1116README.chromium for how to obtain the required keys and tools.
1117
1118
Simon Glassa7c97782022-08-07 16:33:25 -06001119
1120.. _etype_image_header:
Simon Glassc1ae83c2018-07-17 13:25:44 -06001121
Simon Glasscec34ba2019-07-08 14:25:28 -06001122Entry: image-header: An entry which contains a pointer to the FDT map
1123---------------------------------------------------------------------
1124
1125Properties / Entry arguments:
1126 location: Location of header ("start" or "end" of image). This is
1127 optional. If omitted then the entry must have an offset property.
1128
1129This adds an 8-byte entry to the start or end of the image, pointing to the
1130location of the FDT map. The format is a magic number followed by an offset
1131from the start or end of the image, in twos-compliment format.
1132
1133This entry must be in the top-level part of the image.
1134
1135NOTE: If the location is at the start/end, you will probably need to specify
1136sort-by-offset for the image, unless you actually put the image header
1137first/last in the entry list.
1138
1139
1140
Simon Glassa7c97782022-08-07 16:33:25 -06001141.. _etype_intel_cmc:
1142
Simon Glass8911fa12021-03-18 20:25:16 +13001143Entry: intel-cmc: Intel Chipset Micro Code (CMC) file
1144-----------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001145
1146Properties / Entry arguments:
1147 - filename: Filename of file to read into entry
1148
1149This file contains microcode for some devices in a special format. An
1150example filename is 'Microcode/C0_22211.BIN'.
1151
1152See README.x86 for information about x86 binary blobs.
1153
1154
1155
Simon Glassa7c97782022-08-07 16:33:25 -06001156.. _etype_intel_descriptor:
1157
Simon Glass7a61c6b2018-07-17 13:25:37 -06001158Entry: intel-descriptor: Intel flash descriptor block (4KB)
1159-----------------------------------------------------------
1160
1161Properties / Entry arguments:
1162 filename: Filename of file containing the descriptor. This is typically
1163 a 4KB binary file, sometimes called 'descriptor.bin'
1164
1165This entry is placed at the start of flash and provides information about
1166the SPI flash regions. In particular it provides the base address and
1167size of the ME (Management Engine) region, allowing us to place the ME
1168binary in the right place.
1169
1170With this entry in your image, the position of the 'intel-me' entry will be
1171fixed in the image, which avoids you needed to specify an offset for that
1172region. This is useful, because it is not possible to change the position
1173of the ME region without updating the descriptor.
1174
1175See README.x86 for information about x86 binary blobs.
1176
1177
1178
Simon Glassa7c97782022-08-07 16:33:25 -06001179.. _etype_intel_fit:
1180
Simon Glass232f90c2019-08-24 07:22:50 -06001181Entry: intel-fit: Intel Firmware Image Table (FIT)
1182--------------------------------------------------
1183
1184This entry contains a dummy FIT as required by recent Intel CPUs. The FIT
1185contains information about the firmware and microcode available in the
1186image.
1187
1188At present binman only supports a basic FIT with no microcode.
1189
1190
1191
Simon Glassa7c97782022-08-07 16:33:25 -06001192.. _etype_intel_fit_ptr:
1193
Simon Glass232f90c2019-08-24 07:22:50 -06001194Entry: intel-fit-ptr: Intel Firmware Image Table (FIT) pointer
1195--------------------------------------------------------------
1196
1197This entry contains a pointer to the FIT. It is required to be at address
11980xffffffc0 in the image.
1199
1200
1201
Simon Glassa7c97782022-08-07 16:33:25 -06001202.. _etype_intel_fsp:
1203
Simon Glass8911fa12021-03-18 20:25:16 +13001204Entry: intel-fsp: Intel Firmware Support Package (FSP) file
1205-----------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001206
1207Properties / Entry arguments:
1208 - filename: Filename of file to read into entry
1209
1210This file contains binary blobs which are used on some devices to make the
1211platform work. U-Boot executes this code since it is not possible to set up
1212the hardware using U-Boot open-source code. Documentation is typically not
1213available in sufficient detail to allow this.
1214
1215An example filename is 'FSP/QUEENSBAY_FSP_GOLD_001_20-DECEMBER-2013.fd'
1216
1217See README.x86 for information about x86 binary blobs.
1218
1219
1220
Simon Glassa7c97782022-08-07 16:33:25 -06001221.. _etype_intel_fsp_m:
1222
Simon Glass8911fa12021-03-18 20:25:16 +13001223Entry: intel-fsp-m: Intel Firmware Support Package (FSP) memory init
1224--------------------------------------------------------------------
Simon Glassba7985d2019-08-24 07:23:07 -06001225
1226Properties / Entry arguments:
1227 - filename: Filename of file to read into entry
1228
1229This file contains a binary blob which is used on some devices to set up
1230SDRAM. U-Boot executes this code in SPL so that it can make full use of
1231memory. Documentation is typically not available in sufficient detail to
1232allow U-Boot do this this itself..
1233
1234An example filename is 'fsp_m.bin'
1235
1236See README.x86 for information about x86 binary blobs.
1237
1238
Simon Glassa7c97782022-08-07 16:33:25 -06001239
1240.. _etype_intel_fsp_s:
Simon Glassba7985d2019-08-24 07:23:07 -06001241
Simon Glass8911fa12021-03-18 20:25:16 +13001242Entry: intel-fsp-s: Intel Firmware Support Package (FSP) silicon init
1243---------------------------------------------------------------------
Simon Glass4d9086d2019-10-20 21:31:35 -06001244
1245Properties / Entry arguments:
1246 - filename: Filename of file to read into entry
1247
1248This file contains a binary blob which is used on some devices to set up
1249the silicon. U-Boot executes this code in U-Boot proper after SDRAM is
1250running, so that it can make full use of memory. Documentation is typically
1251not available in sufficient detail to allow U-Boot do this this itself.
1252
1253An example filename is 'fsp_s.bin'
1254
1255See README.x86 for information about x86 binary blobs.
1256
1257
1258
Simon Glassa7c97782022-08-07 16:33:25 -06001259.. _etype_intel_fsp_t:
1260
Simon Glass8911fa12021-03-18 20:25:16 +13001261Entry: intel-fsp-t: Intel Firmware Support Package (FSP) temp ram init
1262----------------------------------------------------------------------
Simon Glass9ea87b22019-10-20 21:31:36 -06001263
1264Properties / Entry arguments:
1265 - filename: Filename of file to read into entry
1266
1267This file contains a binary blob which is used on some devices to set up
1268temporary memory (Cache-as-RAM or CAR). U-Boot executes this code in TPL so
1269that it has access to memory for its stack and initial storage.
1270
1271An example filename is 'fsp_t.bin'
1272
1273See README.x86 for information about x86 binary blobs.
1274
1275
Simon Glassa7c97782022-08-07 16:33:25 -06001276
1277.. _etype_intel_ifwi:
Simon Glass9ea87b22019-10-20 21:31:36 -06001278
Simon Glass8911fa12021-03-18 20:25:16 +13001279Entry: intel-ifwi: Intel Integrated Firmware Image (IFWI) file
1280--------------------------------------------------------------
Simon Glassc2f1aed2019-07-08 13:18:56 -06001281
1282Properties / Entry arguments:
1283 - filename: Filename of file to read into entry. This is either the
1284 IFWI file itself, or a file that can be converted into one using a
1285 tool
1286 - convert-fit: If present this indicates that the ifwitool should be
1287 used to convert the provided file into a IFWI.
1288
1289This file contains code and data used by the SoC that is required to make
1290it work. It includes U-Boot TPL, microcode, things related to the CSE
1291(Converged Security Engine, the microcontroller that loads all the firmware)
1292and other items beyond the wit of man.
1293
1294A typical filename is 'ifwi.bin' for an IFWI file, or 'fitimage.bin' for a
1295file that will be converted to an IFWI.
1296
1297The position of this entry is generally set by the intel-descriptor entry.
1298
1299The contents of the IFWI are specified by the subnodes of the IFWI node.
1300Each subnode describes an entry which is placed into the IFWFI with a given
1301sub-partition (and optional entry name).
1302
Simon Glass8a5e2492019-08-24 07:22:47 -06001303Properties for subnodes:
Simon Glass0ac96b62021-03-18 20:25:15 +13001304 - ifwi-subpart: sub-parition to put this entry into, e.g. "IBBP"
1305 - ifwi-entry: entry name t use, e.g. "IBBL"
1306 - ifwi-replace: if present, indicates that the item should be replaced
1307 in the IFWI. Otherwise it is added.
Simon Glass8a5e2492019-08-24 07:22:47 -06001308
Simon Glassc2f1aed2019-07-08 13:18:56 -06001309See README.x86 for information about x86 binary blobs.
1310
1311
1312
Simon Glassa7c97782022-08-07 16:33:25 -06001313.. _etype_intel_me:
1314
Simon Glass8911fa12021-03-18 20:25:16 +13001315Entry: intel-me: Intel Management Engine (ME) file
1316--------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001317
1318Properties / Entry arguments:
1319 - filename: Filename of file to read into entry
1320
1321This file contains code used by the SoC that is required to make it work.
1322The Management Engine is like a background task that runs things that are
Thomas Hebbfd37f242019-11-13 18:18:03 -08001323not clearly documented, but may include keyboard, display and network
Simon Glass7a61c6b2018-07-17 13:25:37 -06001324access. For platform that use ME it is not possible to disable it. U-Boot
1325does not directly execute code in the ME binary.
1326
1327A typical filename is 'me.bin'.
1328
Simon Glassc4056b82019-07-08 13:18:38 -06001329The position of this entry is generally set by the intel-descriptor entry.
1330
Simon Glass7a61c6b2018-07-17 13:25:37 -06001331See README.x86 for information about x86 binary blobs.
1332
1333
1334
Simon Glassa7c97782022-08-07 16:33:25 -06001335.. _etype_intel_mrc:
1336
Simon Glass8911fa12021-03-18 20:25:16 +13001337Entry: intel-mrc: Intel Memory Reference Code (MRC) file
1338--------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001339
1340Properties / Entry arguments:
1341 - filename: Filename of file to read into entry
1342
1343This file contains code for setting up the SDRAM on some Intel systems. This
1344is executed by U-Boot when needed early during startup. A typical filename
1345is 'mrc.bin'.
1346
1347See README.x86 for information about x86 binary blobs.
1348
1349
1350
Simon Glassa7c97782022-08-07 16:33:25 -06001351.. _etype_intel_refcode:
1352
Simon Glass8911fa12021-03-18 20:25:16 +13001353Entry: intel-refcode: Intel Reference Code file
1354-----------------------------------------------
Simon Glass17b84eb2019-05-17 22:00:53 -06001355
1356Properties / Entry arguments:
1357 - filename: Filename of file to read into entry
1358
1359This file contains code for setting up the platform on some Intel systems.
1360This is executed by U-Boot when needed early during startup. A typical
1361filename is 'refcode.bin'.
1362
1363See README.x86 for information about x86 binary blobs.
1364
1365
1366
Simon Glassa7c97782022-08-07 16:33:25 -06001367.. _etype_intel_vbt:
1368
Simon Glass8911fa12021-03-18 20:25:16 +13001369Entry: intel-vbt: Intel Video BIOS Table (VBT) file
1370---------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001371
1372Properties / Entry arguments:
1373 - filename: Filename of file to read into entry
1374
1375This file contains code that sets up the integrated graphics subsystem on
1376some Intel SoCs. U-Boot executes this when the display is started up.
1377
1378See README.x86 for information about Intel binary blobs.
1379
1380
1381
Simon Glassa7c97782022-08-07 16:33:25 -06001382.. _etype_intel_vga:
1383
Simon Glass8911fa12021-03-18 20:25:16 +13001384Entry: intel-vga: Intel Video Graphics Adaptor (VGA) file
1385---------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001386
1387Properties / Entry arguments:
1388 - filename: Filename of file to read into entry
1389
1390This file contains code that sets up the integrated graphics subsystem on
1391some Intel SoCs. U-Boot executes this when the display is started up.
1392
1393This is similar to the VBT file but in a different format.
1394
1395See README.x86 for information about Intel binary blobs.
1396
1397
1398
Simon Glassa7c97782022-08-07 16:33:25 -06001399.. _etype_mkimage:
1400
Simon Glass8911fa12021-03-18 20:25:16 +13001401Entry: mkimage: Binary produced by mkimage
1402------------------------------------------
Simon Glass48f3aad2020-07-09 18:39:31 -06001403
1404Properties / Entry arguments:
Simon Glass42074dc2022-08-13 11:40:47 -06001405 - args: Arguments to pass
Simon Glass8fbca772022-08-13 11:40:48 -06001406 - data-to-imagename: Indicates that the -d data should be passed in as
1407 the image name also (-n)
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001408 - multiple-data-files: boolean to tell binman to pass all files as
1409 datafiles to mkimage instead of creating a temporary file the result
1410 of datafiles concatenation
Simon Glassda6a9082023-01-07 14:07:10 -07001411 - filename: filename of output binary generated by mkimage
Simon Glass48f3aad2020-07-09 18:39:31 -06001412
Simon Glass42074dc2022-08-13 11:40:47 -06001413The data passed to mkimage via the -d flag is collected from subnodes of the
1414mkimage node, e.g.::
Simon Glass48f3aad2020-07-09 18:39:31 -06001415
1416 mkimage {
Simon Glassda6a9082023-01-07 14:07:10 -07001417 filename = "imximage.bin";
Simon Glass48f3aad2020-07-09 18:39:31 -06001418 args = "-n test -T imximage";
1419
1420 u-boot-spl {
1421 };
1422 };
1423
Simon Glass42074dc2022-08-13 11:40:47 -06001424This calls mkimage to create an imximage with `u-boot-spl.bin` as the data
Simon Glassda6a9082023-01-07 14:07:10 -07001425file, with mkimage being called like this::
Simon Glass42074dc2022-08-13 11:40:47 -06001426
1427 mkimage -d <data_file> -n test -T imximage <output_file>
1428
1429The output from mkimage then becomes part of the image produced by
Simon Glassda6a9082023-01-07 14:07:10 -07001430binman but also is written into `imximage.bin` file. If you need to put
1431multiple things in the data file, you can use a section, or just multiple
1432subnodes like this::
Simon Glass42074dc2022-08-13 11:40:47 -06001433
1434 mkimage {
1435 args = "-n test -T imximage";
1436
1437 u-boot-spl {
1438 };
1439
1440 u-boot-tpl {
1441 };
1442 };
Simon Glass48f3aad2020-07-09 18:39:31 -06001443
Simon Glassda6a9082023-01-07 14:07:10 -07001444Note that binman places the contents (here SPL and TPL) into a single file
1445and passes that to mkimage using the -d option.
1446
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001447To pass all datafiles untouched to mkimage::
1448
1449 mkimage {
Simon Glassda6a9082023-01-07 14:07:10 -07001450 args = "-n rk3399 -T rkspi";
1451 multiple-data-files;
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001452
Simon Glassda6a9082023-01-07 14:07:10 -07001453 u-boot-tpl {
1454 };
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001455
Simon Glassda6a9082023-01-07 14:07:10 -07001456 u-boot-spl {
1457 };
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001458 };
1459
1460This calls mkimage to create a Rockchip RK3399-specific first stage
1461bootloader, made of TPL+SPL. Since this first stage bootloader requires to
1462align the TPL and SPL but also some weird hacks that is handled by mkimage
1463directly, binman is told to not perform the concatenation of datafiles prior
1464to passing the data to mkimage.
1465
Simon Glass948dd3a2022-02-08 11:49:58 -07001466To use CONFIG options in the arguments, use a string list instead, as in
1467this example which also produces four arguments::
1468
1469 mkimage {
1470 args = "-n", CONFIG_SYS_SOC, "-T imximage";
1471
1472 u-boot-spl {
1473 };
1474 };
1475
Simon Glass8fbca772022-08-13 11:40:48 -06001476If you need to pass the input data in with the -n argument as well, then use
1477the 'data-to-imagename' property::
1478
1479 mkimage {
1480 args = "-T imximage";
Simon Glassda6a9082023-01-07 14:07:10 -07001481 data-to-imagename;
Simon Glass8fbca772022-08-13 11:40:48 -06001482
1483 u-boot-spl {
1484 };
1485 };
1486
1487That will pass the data to mkimage both as the data file (with -d) and as
Simon Glassda6a9082023-01-07 14:07:10 -07001488the image name (with -n). In both cases, a filename is passed as the
1489argument, with the actual data being in that file.
Simon Glass948dd3a2022-02-08 11:49:58 -07001490
Simon Glassda6a9082023-01-07 14:07:10 -07001491If need to pass different data in with -n, then use an `imagename` subnode::
Simon Glassb1669752022-08-13 11:40:49 -06001492
1493 mkimage {
1494 args = "-T imximage";
1495
1496 imagename {
1497 blob {
1498 filename = "spl/u-boot-spl.cfgout"
1499 };
1500 };
1501
1502 u-boot-spl {
1503 };
1504 };
1505
1506This will pass in u-boot-spl as the input data and the .cfgout file as the
1507-n data.
1508
Simon Glassa7c97782022-08-07 16:33:25 -06001509
Simon Glassda6a9082023-01-07 14:07:10 -07001510
Simon Glassa4948b22023-01-11 16:10:14 -07001511.. _etype_null:
1512
1513Entry: null: An entry which has no contents of its own
1514------------------------------------------------------
1515
1516Note that the size property must be set since otherwise this entry does not
1517know how large it should be.
1518
1519The contents are set by the containing section, e.g. the section's pad
1520byte.
1521
1522
1523
Simon Glass4d972362024-06-23 11:55:03 -06001524.. _etype_nxp_imx8mcst:
1525
1526Entry: nxp-imx8mcst: NXP i.MX8M CST .cfg file generator and cst invoker
1527-----------------------------------------------------------------------
1528
1529Properties / Entry arguments:
1530 - nxp,loader-address - loader address (SPL text base)
1531
1532
1533
1534.. _etype_nxp_imx8mimage:
1535
1536Entry: nxp-imx8mimage: NXP i.MX8M imx8mimage .cfg file generator and mkimage invoker
1537------------------------------------------------------------------------------------
1538
1539Properties / Entry arguments:
1540 - nxp,boot-from - device to boot from (e.g. 'sd')
1541 - nxp,loader-address - loader address (SPL text base)
1542 - nxp,rom-version - BootROM version ('2' for i.MX8M Nano and Plus)
1543
1544
1545
Simon Glassa7c97782022-08-07 16:33:25 -06001546.. _etype_opensbi:
Simon Glass48f3aad2020-07-09 18:39:31 -06001547
Bin Mengc0b15742021-05-10 20:23:33 +08001548Entry: opensbi: RISC-V OpenSBI fw_dynamic blob
1549----------------------------------------------
1550
1551Properties / Entry arguments:
1552 - opensbi-path: Filename of file to read into entry. This is typically
1553 called fw_dynamic.bin
1554
1555This entry holds the run-time firmware, typically started by U-Boot SPL.
1556See the U-Boot README for your architecture or board for how to use it. See
1557https://github.com/riscv/opensbi for more information about OpenSBI.
1558
1559
1560
Simon Glassa7c97782022-08-07 16:33:25 -06001561.. _etype_powerpc_mpc85xx_bootpg_resetvec:
1562
Jagdish Gediya311d4842018-09-03 21:35:08 +05301563Entry: powerpc-mpc85xx-bootpg-resetvec: PowerPC mpc85xx bootpg + resetvec code for U-Boot
1564-----------------------------------------------------------------------------------------
1565
1566Properties / Entry arguments:
1567 - filename: Filename of u-boot-br.bin (default 'u-boot-br.bin')
1568
Thomas Hebbfd37f242019-11-13 18:18:03 -08001569This entry is valid for PowerPC mpc85xx cpus. This entry holds
Jagdish Gediya311d4842018-09-03 21:35:08 +05301570'bootpg + resetvec' code for PowerPC mpc85xx CPUs which needs to be
1571placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'.
1572
Simon Glass136dd352020-10-26 17:39:59 -06001573
Simon Glassa7c97782022-08-07 16:33:25 -06001574
1575.. _etype_pre_load:
Simon Glass136dd352020-10-26 17:39:59 -06001576
Philippe Reynesebe96cb2022-03-28 22:57:04 +02001577Entry: pre-load: Pre load image header
1578--------------------------------------
1579
1580Properties / Entry arguments:
Simon Glass9f571582022-08-13 11:40:43 -06001581 - pre-load-key-path: Path of the directory that store key (provided by
1582 the environment variable PRE_LOAD_KEY_PATH)
Philippe Reynesebe96cb2022-03-28 22:57:04 +02001583 - content: List of phandles to entries to sign
1584 - algo-name: Hash and signature algo to use for the signature
1585 - padding-name: Name of the padding (pkcs-1.5 or pss)
1586 - key-name: Filename of the private key to sign
1587 - header-size: Total size of the header
1588 - version: Version of the header
1589
1590This entry creates a pre-load header that contains a global
1591image signature.
1592
1593For example, this creates an image with a pre-load header and a binary::
1594
1595 binman {
1596 image2 {
1597 filename = "sandbox.bin";
1598
1599 pre-load {
1600 content = <&image>;
1601 algo-name = "sha256,rsa2048";
1602 padding-name = "pss";
1603 key-name = "private.pem";
1604 header-size = <4096>;
1605 version = <1>;
1606 };
1607
1608 image: blob-ext {
1609 filename = "sandbox.itb";
1610 };
1611 };
1612 };
1613
1614
1615
Jonas Karlman35305492023-02-25 19:01:33 +00001616.. _etype_rockchip_tpl:
1617
1618Entry: rockchip-tpl: Rockchip TPL binary
1619----------------------------------------
1620
1621Properties / Entry arguments:
1622 - rockchip-tpl-path: Filename of file to read into the entry,
1623 typically <soc>_ddr_<version>.bin
1624
1625This entry holds an external TPL binary used by some Rockchip SoCs
1626instead of normal U-Boot TPL, typically to initialize DRAM.
1627
1628
1629
Simon Glassa7c97782022-08-07 16:33:25 -06001630.. _etype_scp:
1631
Simon Glass8911fa12021-03-18 20:25:16 +13001632Entry: scp: System Control Processor (SCP) firmware blob
1633--------------------------------------------------------
Simon Glass136dd352020-10-26 17:39:59 -06001634
1635Properties / Entry arguments:
1636 - scp-path: Filename of file to read into the entry, typically scp.bin
1637
1638This entry holds firmware for an external platform-specific coprocessor.
Jagdish Gediya311d4842018-09-03 21:35:08 +05301639
1640
Simon Glass136dd352020-10-26 17:39:59 -06001641
Simon Glassa7c97782022-08-07 16:33:25 -06001642.. _etype_section:
1643
Simon Glass7a61c6b2018-07-17 13:25:37 -06001644Entry: section: Entry that contains other entries
1645-------------------------------------------------
1646
Simon Glasscc9a41c2021-11-23 11:03:49 -07001647A section is an entry which can contain other entries, thus allowing
1648hierarchical images to be created. See 'Sections and hierarchical images'
1649in the binman README for more information.
1650
1651The base implementation simply joins the various entries together, using
1652various rules about alignment, etc.
1653
1654Subclassing
1655~~~~~~~~~~~
1656
1657This class can be subclassed to support other file formats which hold
1658multiple entries, such as CBFS. To do this, override the following
1659functions. The documentation here describes what your function should do.
1660For example code, see etypes which subclass `Entry_section`, or `cbfs.py`
1661for a more involved example::
1662
1663 $ grep -l \(Entry_section tools/binman/etype/*.py
1664
1665ReadNode()
1666 Call `super().ReadNode()`, then read any special properties for the
1667 section. Then call `self.ReadEntries()` to read the entries.
1668
1669 Binman calls this at the start when reading the image description.
1670
1671ReadEntries()
1672 Read in the subnodes of the section. This may involve creating entries
1673 of a particular etype automatically, as well as reading any special
1674 properties in the entries. For each entry, entry.ReadNode() should be
1675 called, to read the basic entry properties. The properties should be
1676 added to `self._entries[]`, in the correct order, with a suitable name.
1677
1678 Binman calls this at the start when reading the image description.
1679
1680BuildSectionData(required)
1681 Create the custom file format that you want and return it as bytes.
1682 This likely sets up a file header, then loops through the entries,
1683 adding them to the file. For each entry, call `entry.GetData()` to
1684 obtain the data. If that returns None, and `required` is False, then
1685 this method must give up and return None. But if `required` is True then
1686 it should assume that all data is valid.
1687
1688 Binman calls this when packing the image, to find out the size of
1689 everything. It is called again at the end when building the final image.
1690
1691SetImagePos(image_pos):
1692 Call `super().SetImagePos(image_pos)`, then set the `image_pos` values
1693 for each of the entries. This should use the custom file format to find
1694 the `start offset` (and `image_pos`) of each entry. If the file format
1695 uses compression in such a way that there is no offset available (other
1696 than reading the whole file and decompressing it), then the offsets for
1697 affected entries can remain unset (`None`). The size should also be set
1698 if possible.
Simon Glass0ac96b62021-03-18 20:25:15 +13001699
Simon Glasscc9a41c2021-11-23 11:03:49 -07001700 Binman calls this after the image has been packed, to update the
1701 location that all the entries ended up at.
Simon Glass0ac96b62021-03-18 20:25:15 +13001702
Simon Glass637958f2021-11-23 21:09:50 -07001703ReadChildData(child, decomp, alt_format):
Simon Glasscc9a41c2021-11-23 11:03:49 -07001704 The default version of this may be good enough, if you are able to
1705 implement SetImagePos() correctly. But that is a bit of a bypass, so
1706 you can override this method to read from your custom file format. It
1707 should read the entire entry containing the custom file using
1708 `super().ReadData(True)`, then parse the file to get the data for the
1709 given child, then return that data.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001710
Simon Glasscc9a41c2021-11-23 11:03:49 -07001711 If your file format supports compression, the `decomp` argument tells
1712 you whether to return the compressed data (`decomp` is False) or to
1713 uncompress it first, then return the uncompressed data (`decomp` is
1714 True). This is used by the `binman extract -U` option.
Simon Glass21db0ff2020-09-01 05:13:54 -06001715
Simon Glass637958f2021-11-23 21:09:50 -07001716 If your entry supports alternative formats, the alt_format provides the
1717 alternative format that the user has selected. Your function should
1718 return data in that format. This is used by the 'binman extract -l'
1719 option.
1720
Simon Glasscc9a41c2021-11-23 11:03:49 -07001721 Binman calls this when reading in an image, in order to populate all the
1722 entries with the data from that image (`binman ls`).
1723
1724WriteChildData(child):
1725 Binman calls this after `child.data` is updated, to inform the custom
1726 file format about this, in case it needs to do updates.
1727
1728 The default version of this does nothing and probably needs to be
1729 overridden for the 'binman replace' command to work. Your version should
1730 use `child.data` to update the data for that child in the custom file
1731 format.
1732
1733 Binman calls this when updating an image that has been read in and in
1734 particular to update the data for a particular entry (`binman replace`)
1735
1736Properties / Entry arguments
1737~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1738
1739See :ref:`develop/package/binman:Image description format` for more
1740information.
1741
1742align-default
1743 Default alignment for this section, if no alignment is given in the
1744 entry
1745
1746pad-byte
1747 Pad byte to use when padding
1748
1749sort-by-offset
1750 True if entries should be sorted by offset, False if they must be
1751 in-order in the device tree description
1752
1753end-at-4gb
1754 Used to build an x86 ROM which ends at 4GB (2^32)
1755
1756name-prefix
1757 Adds a prefix to the name of every entry in the section when writing out
1758 the map
1759
1760skip-at-start
1761 Number of bytes before the first entry starts. These effectively adjust
1762 the starting offset of entries. For example, if this is 16, then the
1763 first entry would start at 16. An entry with offset = 20 would in fact
1764 be written at offset 4 in the image file, since the first 16 bytes are
1765 skipped when writing.
Simon Glassb1d414c2021-04-03 11:05:10 +13001766
Simon Glassda6a9082023-01-07 14:07:10 -07001767filename
1768 filename to write the unpadded section contents to within the output
1769 directory (None to skip this).
1770
Simon Glass39dd2152019-07-08 14:25:47 -06001771Since a section is also an entry, it inherits all the properies of entries
1772too.
1773
Simon Glasscc9a41c2021-11-23 11:03:49 -07001774Note that the `allow_missing` member controls whether this section permits
1775external blobs to be missing their contents. The option will produce an
1776image but of course it will not work. It is useful to make sure that
1777Continuous Integration systems can build without the binaries being
1778available. This is set by the `SetAllowMissing()` method, if
1779`--allow-missing` is passed to binman.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001780
1781
1782
Simon Glassa7c97782022-08-07 16:33:25 -06001783.. _etype_tee_os:
1784
Roger Quadros5cdcea02022-02-19 20:50:04 +02001785Entry: tee-os: Entry containing an OP-TEE Trusted OS (TEE) blob
1786---------------------------------------------------------------
1787
1788Properties / Entry arguments:
1789 - tee-os-path: Filename of file to read into entry. This is typically
Simon Glassad5cfe12023-01-07 14:07:14 -07001790 called tee.bin or tee.elf
Roger Quadros5cdcea02022-02-19 20:50:04 +02001791
1792This entry holds the run-time firmware, typically started by U-Boot SPL.
1793See the U-Boot README for your architecture or board for how to use it. See
1794https://github.com/OP-TEE/optee_os for more information about OP-TEE.
1795
Simon Glassad5cfe12023-01-07 14:07:14 -07001796Note that if the file is in ELF format, it must go in a FIT. In that case,
1797this entry will mark itself as absent, providing the data only through the
1798read_elf_segments() method.
1799
1800Marking this entry as absent means that it if is used in the wrong context
1801it can be automatically dropped. Thus it is possible to add an OP-TEE entry
1802like this::
1803
1804 binman {
1805 tee-os {
1806 };
1807 };
1808
1809and pass either an ELF or plain binary in with -a tee-os-path <filename>
1810and have binman do the right thing:
1811
1812 - include the entry if tee.bin is provided and it does NOT have the v1
1813 header
1814 - drop it otherwise
1815
1816When used within a FIT, we can do::
1817
1818 binman {
1819 fit {
1820 tee-os {
1821 };
1822 };
1823 };
1824
1825which will split the ELF into separate nodes for each segment, if an ELF
1826file is provided (see :ref:`etype_fit`), or produce a single node if the
1827OP-TEE binary v1 format is provided (see optee_doc_) .
1828
1829.. _optee_doc: https://optee.readthedocs.io/en/latest/architecture/core.html#partitioning-of-the-binary
1830
Roger Quadros5cdcea02022-02-19 20:50:04 +02001831
1832
Simon Glassa7c97782022-08-07 16:33:25 -06001833.. _etype_text:
1834
Simon Glass7a61c6b2018-07-17 13:25:37 -06001835Entry: text: An entry which contains text
1836-----------------------------------------
1837
1838The text can be provided either in the node itself or by a command-line
1839argument. There is a level of indirection to allow multiple text strings
1840and sharing of text.
1841
1842Properties / Entry arguments:
1843 text-label: The value of this string indicates the property / entry-arg
1844 that contains the string to place in the entry
1845 <xxx> (actual name is the value of text-label): contains the string to
1846 place in the entry.
Simon Glass47f6a622019-07-08 13:18:40 -06001847 <text>: The text to place in the entry (overrides the above mechanism).
1848 This is useful when the text is constant.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001849
Simon Glass0ac96b62021-03-18 20:25:15 +13001850Example node::
Simon Glass7a61c6b2018-07-17 13:25:37 -06001851
1852 text {
1853 size = <50>;
1854 text-label = "message";
1855 };
1856
1857You can then use:
1858
1859 binman -amessage="this is my message"
1860
1861and binman will insert that string into the entry.
1862
Simon Glass0ac96b62021-03-18 20:25:15 +13001863It is also possible to put the string directly in the node::
Simon Glass7a61c6b2018-07-17 13:25:37 -06001864
1865 text {
1866 size = <8>;
1867 text-label = "message";
1868 message = "a message directly in the node"
1869 };
1870
Simon Glass0ac96b62021-03-18 20:25:15 +13001871or just::
Simon Glass47f6a622019-07-08 13:18:40 -06001872
1873 text {
1874 size = <8>;
1875 text = "some text directly in the node"
1876 };
1877
Simon Glass7a61c6b2018-07-17 13:25:37 -06001878The text is not itself nul-terminated. This can be achieved, if required,
1879by setting the size of the entry to something larger than the text.
1880
1881
1882
Neha Malcom Francis3b788942023-07-22 00:14:24 +05301883.. _etype_ti_board_config:
1884
1885Entry: ti-board-config: An entry containing a TI schema validated board config binary
1886-------------------------------------------------------------------------------------
1887
1888This etype supports generation of two kinds of board configuration
1889binaries: singular board config binary as well as combined board config
1890binary.
1891
1892Properties / Entry arguments:
1893 - config-file: File containing board configuration data in YAML
1894 - schema-file: File containing board configuration YAML schema against
1895 which the config file is validated
1896
1897Output files:
1898 - board config binary: File containing board configuration binary
1899
1900These above parameters are used only when the generated binary is
1901intended to be a single board configuration binary. Example::
1902
1903 my-ti-board-config {
1904 ti-board-config {
1905 config = "board-config.yaml";
1906 schema = "schema.yaml";
1907 };
1908 };
1909
1910To generate a combined board configuration binary, we pack the
1911needed individual binaries into a ti-board-config binary. In this case,
1912the available supported subnode names are board-cfg, pm-cfg, sec-cfg and
1913rm-cfg. The final binary is prepended with a header containing details about
1914the included board config binaries. Example::
1915
1916 my-combined-ti-board-config {
1917 ti-board-config {
1918 board-cfg {
1919 config = "board-cfg.yaml";
1920 schema = "schema.yaml";
1921 };
1922 sec-cfg {
1923 config = "sec-cfg.yaml";
1924 schema = "schema.yaml";
1925 };
1926 }
1927 }
1928
1929
1930
Neha Malcom Francis59be2552023-12-05 15:12:18 +05301931.. _etype_ti_dm:
1932
1933Entry: ti-dm: TI Device Manager (DM) blob
1934-----------------------------------------
1935
1936Properties / Entry arguments:
1937 - ti-dm-path: Filename of file to read into the entry, typically ti-dm.bin
1938
1939This entry holds the device manager responsible for resource and power management
1940in K3 devices. See https://software-dl.ti.com/tisci/esd/latest/ for more information
1941about TI DM.
1942
1943
1944
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05301945.. _etype_ti_secure:
1946
1947Entry: ti-secure: Entry containing a TI x509 certificate binary
1948---------------------------------------------------------------
1949
1950Properties / Entry arguments:
1951 - content: List of phandles to entries to sign
1952 - keyfile: Filename of file containing key to sign binary with
1953 - sha: Hash function to be used for signing
Simon Glass0acb07f2024-06-23 11:55:04 -06001954 - auth-in-place: This is an integer field that contains two pieces
1955 of information:
1956
1957 - Lower Byte - Remains 0x02 as per our use case
1958 ( 0x02: Move the authenticated binary back to the header )
1959 - Upper Byte - The Host ID of the core owning the firewall
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05301960
1961Output files:
1962 - input.<unique_name> - input file passed to openssl
1963 - config.<unique_name> - input file generated for openssl (which is
1964 used as the config file)
1965 - cert.<unique_name> - output file generated by openssl (which is
1966 used as the entry contents)
1967
Simon Glass0acb07f2024-06-23 11:55:04 -06001968Depending on auth-in-place information in the inputs, we read the
1969firewall nodes that describe the configurations of firewall that TIFS
1970will be doing after reading the certificate.
1971
1972The syntax of the firewall nodes are as such::
1973
1974 firewall-257-0 {
1975 id = <257>; /* The ID of the firewall being configured */
1976 region = <0>; /* Region number to configure */
1977
1978 control = /* The control register */
1979 <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>;
1980
1981 permissions = /* The permission registers */
1982 <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
1983 FWPERM_SECURE_PRIV_RWCD |
1984 FWPERM_SECURE_USER_RWCD |
1985 FWPERM_NON_SECURE_PRIV_RWCD |
1986 FWPERM_NON_SECURE_USER_RWCD)>;
1987
1988 /* More defines can be found in k3-security.h */
1989
1990 start_address = /* The Start Address of the firewall */
1991 <0x0 0x0>;
1992 end_address = /* The End Address of the firewall */
1993 <0xff 0xffffffff>;
1994 };
1995
1996
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05301997openssl signs the provided data, using the TI templated config file and
1998writes the signature in this entry. This allows verification that the
1999data is genuine.
2000
2001
2002
2003.. _etype_ti_secure_rom:
2004
2005Entry: ti-secure-rom: Entry containing a TI x509 certificate binary for images booted by ROM
2006--------------------------------------------------------------------------------------------
2007
2008Properties / Entry arguments:
2009 - keyfile: Filename of file containing key to sign binary with
2010 - combined: boolean if device follows combined boot flow
2011 - countersign: boolean if device contains countersigned system firmware
2012 - load: load address of SPL
2013 - sw-rev: software revision
2014 - sha: Hash function to be used for signing
2015 - core: core on which bootloader runs, valid cores are 'secure' and 'public'
2016 - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
2017 in case of combined bootflow
Neha Malcom Francis14e93422023-10-23 13:31:02 +05302018 - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05302019
2020The following properties are only for generating a combined bootflow binary:
2021 - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
2022 - dm-data: boolean if binary contains dm-data binary
2023 - content-sbl: phandle of SPL binary
2024 - content-sysfw: phandle of sysfw binary
2025 - content-sysfw-data: phandle of sysfw-data or tifs-data binary
2026 - content-sysfw-inner-cert (optional): phandle of sysfw inner certificate binary
2027 - content-dm-data (optional): phandle of dm-data binary
2028 - load-sysfw: load address of sysfw binary
2029 - load-sysfw-data: load address of sysfw-data or tifs-data binary
2030 - load-sysfw-inner-cert (optional): load address of sysfw inner certificate binary
2031 - load-dm-data (optional): load address of dm-data binary
2032
2033Output files:
2034 - input.<unique_name> - input file passed to openssl
2035 - config.<unique_name> - input file generated for openssl (which is
2036 used as the config file)
2037 - cert.<unique_name> - output file generated by openssl (which is
2038 used as the entry contents)
2039
2040openssl signs the provided data, using the TI templated config file and
2041writes the signature in this entry. This allows verification that the
2042data is genuine.
2043
2044
2045
Simon Glassa7c97782022-08-07 16:33:25 -06002046.. _etype_u_boot:
2047
Simon Glass7a61c6b2018-07-17 13:25:37 -06002048Entry: u-boot: U-Boot flat binary
2049---------------------------------
2050
2051Properties / Entry arguments:
2052 - filename: Filename of u-boot.bin (default 'u-boot.bin')
2053
2054This is the U-Boot binary, containing relocation information to allow it
2055to relocate itself at runtime. The binary typically includes a device tree
Simon Glass718b5292021-03-18 20:25:07 +13002056blob at the end of it.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002057
Simon Glass18ed9962023-01-07 14:07:11 -07002058U-Boot can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002059
Simon Glass718b5292021-03-18 20:25:07 +13002060Note that this entry is automatically replaced with u-boot-expanded unless
Simon Glass7098b7f2021-03-21 18:24:30 +13002061--no-expanded is used or the node has a 'no-expanded' property.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002062
2063
Simon Glass718b5292021-03-18 20:25:07 +13002064
Simon Glassa7c97782022-08-07 16:33:25 -06002065.. _etype_u_boot_dtb:
2066
Simon Glass7a61c6b2018-07-17 13:25:37 -06002067Entry: u-boot-dtb: U-Boot device tree
2068-------------------------------------
2069
2070Properties / Entry arguments:
2071 - filename: Filename of u-boot.dtb (default 'u-boot.dtb')
2072
2073This is the U-Boot device tree, containing configuration information for
2074U-Boot. U-Boot needs this to know what devices are present and which drivers
2075to activate.
2076
Simon Glasse219aa42018-09-14 04:57:24 -06002077Note: This is mostly an internal entry type, used by others. This allows
2078binman to know which entries contain a device tree.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002079
2080
Simon Glassa7c97782022-08-07 16:33:25 -06002081
2082.. _etype_u_boot_dtb_with_ucode:
Simon Glass7a61c6b2018-07-17 13:25:37 -06002083
2084Entry: u-boot-dtb-with-ucode: A U-Boot device tree file, with the microcode removed
2085-----------------------------------------------------------------------------------
2086
2087Properties / Entry arguments:
2088 - filename: Filename of u-boot.dtb (default 'u-boot.dtb')
2089
2090See Entry_u_boot_ucode for full details of the three entries involved in
2091this process. This entry provides the U-Boot device-tree file, which
2092contains the microcode. If the microcode is not being collated into one
2093place then the offset and size of the microcode is recorded by this entry,
Simon Glass537e0062021-03-18 20:24:54 +13002094for use by u-boot-with-ucode_ptr. If it is being collated, then this
Simon Glass7a61c6b2018-07-17 13:25:37 -06002095entry deletes the microcode from the device tree (to save space) and makes
Simon Glass537e0062021-03-18 20:24:54 +13002096it available to u-boot-ucode.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002097
2098
2099
Simon Glassa7c97782022-08-07 16:33:25 -06002100.. _etype_u_boot_elf:
2101
Simon Glassb1714232018-09-14 04:57:35 -06002102Entry: u-boot-elf: U-Boot ELF image
2103-----------------------------------
2104
2105Properties / Entry arguments:
2106 - filename: Filename of u-boot (default 'u-boot')
2107
2108This is the U-Boot ELF image. It does not include a device tree but can be
2109relocated to any address for execution.
2110
2111
Simon Glassa7c97782022-08-07 16:33:25 -06002112
2113.. _etype_u_boot_env:
Simon Glassb1714232018-09-14 04:57:35 -06002114
Simon Glass136dd352020-10-26 17:39:59 -06002115Entry: u-boot-env: An entry which contains a U-Boot environment
2116---------------------------------------------------------------
2117
2118Properties / Entry arguments:
2119 - filename: File containing the environment text, with each line in the
2120 form var=value
2121
2122
Simon Glass718b5292021-03-18 20:25:07 +13002123
Simon Glassa7c97782022-08-07 16:33:25 -06002124.. _etype_u_boot_expanded:
2125
Simon Glass718b5292021-03-18 20:25:07 +13002126Entry: u-boot-expanded: U-Boot flat binary broken out into its component parts
2127------------------------------------------------------------------------------
2128
2129This is a section containing the U-Boot binary and a devicetree. Using this
2130entry type automatically creates this section, with the following entries
2131in it:
2132
2133 u-boot-nodtb
2134 u-boot-dtb
2135
2136Having the devicetree separate allows binman to update it in the final
2137image, so that the entries positions are provided to the running U-Boot.
2138
2139
Simon Glass136dd352020-10-26 17:39:59 -06002140
Simon Glassa7c97782022-08-07 16:33:25 -06002141.. _etype_u_boot_img:
2142
Simon Glass7a61c6b2018-07-17 13:25:37 -06002143Entry: u-boot-img: U-Boot legacy image
2144--------------------------------------
2145
2146Properties / Entry arguments:
2147 - filename: Filename of u-boot.img (default 'u-boot.img')
2148
2149This is the U-Boot binary as a packaged image, in legacy format. It has a
2150header which allows it to be loaded at the correct address for execution.
2151
2152You should use FIT (Flat Image Tree) instead of the legacy image for new
2153applications.
2154
2155
2156
Simon Glassa7c97782022-08-07 16:33:25 -06002157.. _etype_u_boot_nodtb:
2158
Simon Glass7a61c6b2018-07-17 13:25:37 -06002159Entry: u-boot-nodtb: U-Boot flat binary without device tree appended
2160--------------------------------------------------------------------
2161
2162Properties / Entry arguments:
Simon Glass537e0062021-03-18 20:24:54 +13002163 - filename: Filename to include (default 'u-boot-nodtb.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002164
2165This is the U-Boot binary, containing relocation information to allow it
2166to relocate itself at runtime. It does not include a device tree blob at
Simon Glass537e0062021-03-18 20:24:54 +13002167the end of it so normally cannot work without it. You can add a u-boot-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002168entry after this one, or use a u-boot entry instead, normally expands to a
2169section containing u-boot and u-boot-dtb
Simon Glass7a61c6b2018-07-17 13:25:37 -06002170
2171
2172
Simon Glassa7c97782022-08-07 16:33:25 -06002173.. _etype_u_boot_spl:
2174
Simon Glass7a61c6b2018-07-17 13:25:37 -06002175Entry: u-boot-spl: U-Boot SPL binary
2176------------------------------------
2177
2178Properties / Entry arguments:
2179 - filename: Filename of u-boot-spl.bin (default 'spl/u-boot-spl.bin')
2180
2181This is the U-Boot SPL (Secondary Program Loader) binary. This is a small
2182binary which loads before U-Boot proper, typically into on-chip SRAM. It is
2183responsible for locating, loading and jumping to U-Boot. Note that SPL is
2184not relocatable so must be loaded to the correct address in SRAM, or written
Simon Glass8425a1f2018-07-17 13:25:48 -06002185to run from the correct address if direct flash execution is possible (e.g.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002186on x86 devices).
2187
Simon Glass18ed9962023-01-07 14:07:11 -07002188SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002189
2190in the binman README for more information.
2191
2192The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2193binman uses that to look up symbols to write into the SPL binary.
2194
Simon Glass718b5292021-03-18 20:25:07 +13002195Note that this entry is automatically replaced with u-boot-spl-expanded
Simon Glass7098b7f2021-03-21 18:24:30 +13002196unless --no-expanded is used or the node has a 'no-expanded' property.
Simon Glass718b5292021-03-18 20:25:07 +13002197
Simon Glass7a61c6b2018-07-17 13:25:37 -06002198
2199
Simon Glassa7c97782022-08-07 16:33:25 -06002200.. _etype_u_boot_spl_bss_pad:
2201
Simon Glass7a61c6b2018-07-17 13:25:37 -06002202Entry: u-boot-spl-bss-pad: U-Boot SPL binary padded with a BSS region
2203---------------------------------------------------------------------
2204
2205Properties / Entry arguments:
2206 None
2207
Simon Glass308939b2021-03-18 20:24:55 +13002208This holds the padding added after the SPL binary to cover the BSS (Block
2209Started by Symbol) region. This region holds the various variables used by
2210SPL. It is set to 0 by SPL when it starts up. If you want to append data to
2211the SPL image (such as a device tree file), you must pad out the BSS region
2212to avoid the data overlapping with U-Boot variables. This entry is useful in
2213that case. It automatically pads out the entry size to cover both the code,
2214data and BSS.
2215
2216The contents of this entry will a certain number of zero bytes, determined
2217by __bss_size
Simon Glass7a61c6b2018-07-17 13:25:37 -06002218
2219The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2220binman uses that to look up the BSS address.
2221
2222
2223
Simon Glassa7c97782022-08-07 16:33:25 -06002224.. _etype_u_boot_spl_dtb:
2225
Simon Glass7a61c6b2018-07-17 13:25:37 -06002226Entry: u-boot-spl-dtb: U-Boot SPL device tree
2227---------------------------------------------
2228
2229Properties / Entry arguments:
2230 - filename: Filename of u-boot.dtb (default 'spl/u-boot-spl.dtb')
2231
2232This is the SPL device tree, containing configuration information for
2233SPL. SPL needs this to know what devices are present and which drivers
2234to activate.
2235
2236
Simon Glassa7c97782022-08-07 16:33:25 -06002237
2238.. _etype_u_boot_spl_elf:
Simon Glass7a61c6b2018-07-17 13:25:37 -06002239
Simon Glassb1714232018-09-14 04:57:35 -06002240Entry: u-boot-spl-elf: U-Boot SPL ELF image
2241-------------------------------------------
2242
2243Properties / Entry arguments:
Simon Glass5dcc21d2019-07-08 13:18:45 -06002244 - filename: Filename of SPL u-boot (default 'spl/u-boot-spl')
Simon Glassb1714232018-09-14 04:57:35 -06002245
2246This is the U-Boot SPL ELF image. It does not include a device tree but can
2247be relocated to any address for execution.
2248
Simon Glass718b5292021-03-18 20:25:07 +13002249
2250
Simon Glassa7c97782022-08-07 16:33:25 -06002251.. _etype_u_boot_spl_expanded:
2252
Simon Glass718b5292021-03-18 20:25:07 +13002253Entry: u-boot-spl-expanded: U-Boot SPL flat binary broken out into its component parts
2254--------------------------------------------------------------------------------------
2255
2256Properties / Entry arguments:
2257 - spl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2258 select)
2259
2260This is a section containing the U-Boot binary, BSS padding if needed and a
2261devicetree. Using this entry type automatically creates this section, with
2262the following entries in it:
2263
2264 u-boot-spl-nodtb
2265 u-boot-spl-bss-pad
2266 u-boot-dtb
2267
2268Having the devicetree separate allows binman to update it in the final
2269image, so that the entries positions are provided to the running U-Boot.
2270
2271This entry is selected based on the value of the 'spl-dtb' entryarg. If
2272this is non-empty (and not 'n' or '0') then this expanded entry is selected.
Simon Glassb1714232018-09-14 04:57:35 -06002273
2274
Simon Glassa7c97782022-08-07 16:33:25 -06002275
2276.. _etype_u_boot_spl_nodtb:
Simon Glass718b5292021-03-18 20:25:07 +13002277
Simon Glass7a61c6b2018-07-17 13:25:37 -06002278Entry: u-boot-spl-nodtb: SPL binary without device tree appended
2279----------------------------------------------------------------
2280
2281Properties / Entry arguments:
Simon Glass537e0062021-03-18 20:24:54 +13002282 - filename: Filename to include (default 'spl/u-boot-spl-nodtb.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002283
2284This is the U-Boot SPL binary, It does not include a device tree blob at
2285the end of it so may not be able to work without it, assuming SPL needs
Simon Glass537e0062021-03-18 20:24:54 +13002286a device tree to operate on your platform. You can add a u-boot-spl-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002287entry after this one, or use a u-boot-spl entry instead' which normally
2288expands to a section containing u-boot-spl-dtb, u-boot-spl-bss-pad and
2289u-boot-spl-dtb
Simon Glass7a61c6b2018-07-17 13:25:37 -06002290
Simon Glass18ed9962023-01-07 14:07:11 -07002291SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass31e04cb2021-03-18 20:24:56 +13002292
Simon Glass31e04cb2021-03-18 20:24:56 +13002293The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2294binman uses that to look up symbols to write into the SPL binary.
2295
Simon Glass7a61c6b2018-07-17 13:25:37 -06002296
2297
Lukas Funkeb4937da2023-07-18 13:53:15 +02002298.. _etype_u_boot_spl_pubkey_dtb:
2299
2300Entry: u-boot-spl-pubkey-dtb: U-Boot SPL device tree including public key
2301-------------------------------------------------------------------------
2302
2303Properties / Entry arguments:
2304 - key-name-hint: Public key name without extension (.crt).
2305 Default is determined by underlying
2306 bintool (fdt_add_pubkey), usually 'key'.
2307 - algo: (Optional) Algorithm used for signing. Default is determined by
2308 underlying bintool (fdt_add_pubkey), usually 'sha1,rsa2048'
2309 - required: (Optional) If present this indicates that the key must be
2310 verified for the image / configuration to be
2311 considered valid
2312
2313The following example shows an image containing an SPL which
2314is packed together with the dtb. Binman will add a signature
2315node to the dtb.
2316
2317Example node::
2318
2319 image {
2320 ...
2321 spl {
2322 filename = "spl.bin"
2323
2324 u-boot-spl-nodtb {
2325 };
2326 u-boot-spl-pubkey-dtb {
2327 algo = "sha384,rsa4096";
2328 required = "conf";
2329 key-name-hint = "dev";
2330 };
2331 };
2332 ...
2333 }
2334
2335
2336
Simon Glassa7c97782022-08-07 16:33:25 -06002337.. _etype_u_boot_spl_with_ucode_ptr:
2338
Simon Glass7a61c6b2018-07-17 13:25:37 -06002339Entry: u-boot-spl-with-ucode-ptr: U-Boot SPL with embedded microcode pointer
2340----------------------------------------------------------------------------
2341
Simon Glass3fb4f422018-09-14 04:57:32 -06002342This is used when SPL must set up the microcode for U-Boot.
2343
Simon Glass7a61c6b2018-07-17 13:25:37 -06002344See Entry_u_boot_ucode for full details of the entries involved in this
2345process.
2346
2347
2348
Simon Glassa7c97782022-08-07 16:33:25 -06002349.. _etype_u_boot_tpl:
2350
Simon Glass8425a1f2018-07-17 13:25:48 -06002351Entry: u-boot-tpl: U-Boot TPL binary
2352------------------------------------
2353
2354Properties / Entry arguments:
2355 - filename: Filename of u-boot-tpl.bin (default 'tpl/u-boot-tpl.bin')
2356
2357This is the U-Boot TPL (Tertiary Program Loader) binary. This is a small
2358binary which loads before SPL, typically into on-chip SRAM. It is
2359responsible for locating, loading and jumping to SPL, the next-stage
2360loader. Note that SPL is not relocatable so must be loaded to the correct
2361address in SRAM, or written to run from the correct address if direct
2362flash execution is possible (e.g. on x86 devices).
2363
Simon Glass18ed9962023-01-07 14:07:11 -07002364SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass8425a1f2018-07-17 13:25:48 -06002365
2366in the binman README for more information.
2367
2368The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2369binman uses that to look up symbols to write into the TPL binary.
2370
Simon Glass718b5292021-03-18 20:25:07 +13002371Note that this entry is automatically replaced with u-boot-tpl-expanded
Simon Glass7098b7f2021-03-21 18:24:30 +13002372unless --no-expanded is used or the node has a 'no-expanded' property.
Simon Glass718b5292021-03-18 20:25:07 +13002373
Simon Glass8425a1f2018-07-17 13:25:48 -06002374
2375
Simon Glassa7c97782022-08-07 16:33:25 -06002376.. _etype_u_boot_tpl_bss_pad:
2377
Simon Glass63f41d42021-03-18 20:24:58 +13002378Entry: u-boot-tpl-bss-pad: U-Boot TPL binary padded with a BSS region
2379---------------------------------------------------------------------
2380
2381Properties / Entry arguments:
2382 None
2383
2384This holds the padding added after the TPL binary to cover the BSS (Block
2385Started by Symbol) region. This region holds the various variables used by
2386TPL. It is set to 0 by TPL when it starts up. If you want to append data to
2387the TPL image (such as a device tree file), you must pad out the BSS region
2388to avoid the data overlapping with U-Boot variables. This entry is useful in
2389that case. It automatically pads out the entry size to cover both the code,
2390data and BSS.
2391
2392The contents of this entry will a certain number of zero bytes, determined
2393by __bss_size
2394
2395The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2396binman uses that to look up the BSS address.
2397
2398
2399
Simon Glassa7c97782022-08-07 16:33:25 -06002400.. _etype_u_boot_tpl_dtb:
2401
Simon Glass8425a1f2018-07-17 13:25:48 -06002402Entry: u-boot-tpl-dtb: U-Boot TPL device tree
2403---------------------------------------------
2404
2405Properties / Entry arguments:
2406 - filename: Filename of u-boot.dtb (default 'tpl/u-boot-tpl.dtb')
2407
2408This is the TPL device tree, containing configuration information for
2409TPL. TPL needs this to know what devices are present and which drivers
2410to activate.
2411
2412
2413
Simon Glassa7c97782022-08-07 16:33:25 -06002414.. _etype_u_boot_tpl_dtb_with_ucode:
2415
Simon Glass3fb4f422018-09-14 04:57:32 -06002416Entry: u-boot-tpl-dtb-with-ucode: U-Boot TPL with embedded microcode pointer
2417----------------------------------------------------------------------------
2418
2419This is used when TPL must set up the microcode for U-Boot.
2420
2421See Entry_u_boot_ucode for full details of the entries involved in this
2422process.
2423
2424
2425
Simon Glassa7c97782022-08-07 16:33:25 -06002426.. _etype_u_boot_tpl_elf:
2427
Simon Glassa899f712019-07-08 13:18:46 -06002428Entry: u-boot-tpl-elf: U-Boot TPL ELF image
2429-------------------------------------------
2430
2431Properties / Entry arguments:
2432 - filename: Filename of TPL u-boot (default 'tpl/u-boot-tpl')
2433
2434This is the U-Boot TPL ELF image. It does not include a device tree but can
2435be relocated to any address for execution.
2436
2437
Simon Glassa7c97782022-08-07 16:33:25 -06002438
2439.. _etype_u_boot_tpl_expanded:
Simon Glassa899f712019-07-08 13:18:46 -06002440
Simon Glass718b5292021-03-18 20:25:07 +13002441Entry: u-boot-tpl-expanded: U-Boot TPL flat binary broken out into its component parts
2442--------------------------------------------------------------------------------------
2443
2444Properties / Entry arguments:
2445 - tpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2446 select)
2447
2448This is a section containing the U-Boot binary, BSS padding if needed and a
2449devicetree. Using this entry type automatically creates this section, with
2450the following entries in it:
2451
2452 u-boot-tpl-nodtb
2453 u-boot-tpl-bss-pad
2454 u-boot-dtb
2455
2456Having the devicetree separate allows binman to update it in the final
2457image, so that the entries positions are provided to the running U-Boot.
2458
2459This entry is selected based on the value of the 'tpl-dtb' entryarg. If
2460this is non-empty (and not 'n' or '0') then this expanded entry is selected.
2461
2462
2463
Simon Glassa7c97782022-08-07 16:33:25 -06002464.. _etype_u_boot_tpl_nodtb:
2465
Simon Glassc98de972021-03-18 20:24:57 +13002466Entry: u-boot-tpl-nodtb: TPL binary without device tree appended
2467----------------------------------------------------------------
2468
2469Properties / Entry arguments:
2470 - filename: Filename to include (default 'tpl/u-boot-tpl-nodtb.bin')
2471
2472This is the U-Boot TPL binary, It does not include a device tree blob at
2473the end of it so may not be able to work without it, assuming TPL needs
2474a device tree to operate on your platform. You can add a u-boot-tpl-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002475entry after this one, or use a u-boot-tpl entry instead, which normally
2476expands to a section containing u-boot-tpl-dtb, u-boot-tpl-bss-pad and
2477u-boot-tpl-dtb
Simon Glassc98de972021-03-18 20:24:57 +13002478
Simon Glass18ed9962023-01-07 14:07:11 -07002479TPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassc98de972021-03-18 20:24:57 +13002480
Simon Glassc98de972021-03-18 20:24:57 +13002481The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2482binman uses that to look up symbols to write into the TPL binary.
2483
2484
Simon Glassa7c97782022-08-07 16:33:25 -06002485
2486.. _etype_u_boot_tpl_with_ucode_ptr:
Simon Glassc98de972021-03-18 20:24:57 +13002487
Simon Glass3fb4f422018-09-14 04:57:32 -06002488Entry: u-boot-tpl-with-ucode-ptr: U-Boot TPL with embedded microcode pointer
2489----------------------------------------------------------------------------
2490
2491See Entry_u_boot_ucode for full details of the entries involved in this
2492process.
2493
2494
2495
Simon Glassa7c97782022-08-07 16:33:25 -06002496.. _etype_u_boot_ucode:
2497
Simon Glass7a61c6b2018-07-17 13:25:37 -06002498Entry: u-boot-ucode: U-Boot microcode block
2499-------------------------------------------
2500
2501Properties / Entry arguments:
2502 None
2503
2504The contents of this entry are filled in automatically by other entries
2505which must also be in the image.
2506
2507U-Boot on x86 needs a single block of microcode. This is collected from
2508the various microcode update nodes in the device tree. It is also unable
2509to read the microcode from the device tree on platforms that use FSP
2510(Firmware Support Package) binaries, because the API requires that the
2511microcode is supplied before there is any SRAM available to use (i.e.
2512the FSP sets up the SRAM / cache-as-RAM but does so in the call that
2513requires the microcode!). To keep things simple, all x86 platforms handle
2514microcode the same way in U-Boot (even non-FSP platforms). This is that
2515a table is placed at _dt_ucode_base_size containing the base address and
2516size of the microcode. This is either passed to the FSP (for FSP
2517platforms), or used to set up the microcode (for non-FSP platforms).
2518This all happens in the build system since it is the only way to get
2519the microcode into a single blob and accessible without SRAM.
2520
2521There are two cases to handle. If there is only one microcode blob in
2522the device tree, then the ucode pointer it set to point to that. This
2523entry (u-boot-ucode) is empty. If there is more than one update, then
2524this entry holds the concatenation of all updates, and the device tree
2525entry (u-boot-dtb-with-ucode) is updated to remove the microcode. This
2526last step ensures that that the microcode appears in one contiguous
2527block in the image and is not unnecessarily duplicated in the device
2528tree. It is referred to as 'collation' here.
2529
2530Entry types that have a part to play in handling microcode:
2531
2532 Entry_u_boot_with_ucode_ptr:
2533 Contains u-boot-nodtb.bin (i.e. U-Boot without the device tree).
2534 It updates it with the address and size of the microcode so that
2535 U-Boot can find it early on start-up.
2536 Entry_u_boot_dtb_with_ucode:
2537 Contains u-boot.dtb. It stores the microcode in a
2538 'self.ucode_data' property, which is then read by this class to
2539 obtain the microcode if needed. If collation is performed, it
2540 removes the microcode from the device tree.
2541 Entry_u_boot_ucode:
2542 This class. If collation is enabled it reads the microcode from
2543 the Entry_u_boot_dtb_with_ucode entry, and uses it as the
2544 contents of this entry.
2545
2546
2547
Simon Glassda6a9082023-01-07 14:07:10 -07002548.. _etype_u_boot_vpl:
2549
2550Entry: u-boot-vpl: U-Boot VPL binary
2551------------------------------------
2552
2553Properties / Entry arguments:
2554 - filename: Filename of u-boot-vpl.bin (default 'vpl/u-boot-vpl.bin')
2555
2556This is the U-Boot VPL (Verifying Program Loader) binary. This is a small
2557binary which loads before SPL, typically into on-chip SRAM. It is
2558responsible for locating, loading and jumping to SPL, the next-stage
2559loader. Note that VPL is not relocatable so must be loaded to the correct
2560address in SRAM, or written to run from the correct address if direct
2561flash execution is possible (e.g. on x86 devices).
2562
Simon Glass18ed9962023-01-07 14:07:11 -07002563SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassda6a9082023-01-07 14:07:10 -07002564
2565in the binman README for more information.
2566
2567The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2568binman uses that to look up symbols to write into the VPL binary.
2569
Simon Glass6b5110b2024-07-20 11:49:39 +01002570Note that this entry is automatically replaced with u-boot-vpl-expanded
2571unless --no-expanded is used or the node has a 'no-expanded' property.
2572
Simon Glassda6a9082023-01-07 14:07:10 -07002573
2574
2575.. _etype_u_boot_vpl_bss_pad:
2576
2577Entry: u-boot-vpl-bss-pad: U-Boot VPL binary padded with a BSS region
2578---------------------------------------------------------------------
2579
2580Properties / Entry arguments:
2581 None
2582
2583This holds the padding added after the VPL binary to cover the BSS (Block
2584Started by Symbol) region. This region holds the various variables used by
2585VPL. It is set to 0 by VPL when it starts up. If you want to append data to
2586the VPL image (such as a device tree file), you must pad out the BSS region
2587to avoid the data overlapping with U-Boot variables. This entry is useful in
2588that case. It automatically pads out the entry size to cover both the code,
2589data and BSS.
2590
2591The contents of this entry will a certain number of zero bytes, determined
2592by __bss_size
2593
2594The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2595binman uses that to look up the BSS address.
2596
2597
2598
2599.. _etype_u_boot_vpl_dtb:
2600
2601Entry: u-boot-vpl-dtb: U-Boot VPL device tree
2602---------------------------------------------
2603
2604Properties / Entry arguments:
2605 - filename: Filename of u-boot.dtb (default 'vpl/u-boot-vpl.dtb')
2606
2607This is the VPL device tree, containing configuration information for
2608VPL. VPL needs this to know what devices are present and which drivers
2609to activate.
2610
2611
2612
2613.. _etype_u_boot_vpl_elf:
2614
2615Entry: u-boot-vpl-elf: U-Boot VPL ELF image
2616-------------------------------------------
2617
2618Properties / Entry arguments:
2619 - filename: Filename of VPL u-boot (default 'vpl/u-boot-vpl')
2620
2621This is the U-Boot VPL ELF image. It does not include a device tree but can
2622be relocated to any address for execution.
2623
2624
2625
2626.. _etype_u_boot_vpl_expanded:
2627
2628Entry: u-boot-vpl-expanded: U-Boot VPL flat binary broken out into its component parts
2629--------------------------------------------------------------------------------------
2630
2631Properties / Entry arguments:
2632 - vpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2633 select)
2634
2635This is a section containing the U-Boot binary, BSS padding if needed and a
2636devicetree. Using this entry type automatically creates this section, with
2637the following entries in it:
2638
2639 u-boot-vpl-nodtb
2640 u-boot-vpl-bss-pad
2641 u-boot-dtb
2642
2643Having the devicetree separate allows binman to update it in the final
2644image, so that the entries positions are provided to the running U-Boot.
2645
2646This entry is selected based on the value of the 'vpl-dtb' entryarg. If
2647this is non-empty (and not 'n' or '0') then this expanded entry is selected.
2648
2649
2650
2651.. _etype_u_boot_vpl_nodtb:
2652
2653Entry: u-boot-vpl-nodtb: VPL binary without device tree appended
2654----------------------------------------------------------------
2655
2656Properties / Entry arguments:
2657 - filename: Filename to include (default 'vpl/u-boot-vpl-nodtb.bin')
2658
2659This is the U-Boot VPL binary, It does not include a device tree blob at
2660the end of it so may not be able to work without it, assuming VPL needs
Simon Glass6b5110b2024-07-20 11:49:39 +01002661a device tree to operate on your platform. You can add a u-boot-vpl-dtb
2662entry after this one, or use a u-boot-vpl entry instead, which normally
Simon Glassda6a9082023-01-07 14:07:10 -07002663expands to a section containing u-boot-vpl-dtb, u-boot-vpl-bss-pad and
2664u-boot-vpl-dtb
2665
Simon Glass18ed9962023-01-07 14:07:11 -07002666VPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassda6a9082023-01-07 14:07:10 -07002667
2668The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2669binman uses that to look up symbols to write into the VPL binary.
2670
2671
2672
Simon Glassa7c97782022-08-07 16:33:25 -06002673.. _etype_u_boot_with_ucode_ptr:
2674
Simon Glass7a61c6b2018-07-17 13:25:37 -06002675Entry: u-boot-with-ucode-ptr: U-Boot with embedded microcode pointer
2676--------------------------------------------------------------------
2677
2678Properties / Entry arguments:
Masahiro Yamadaa7a0ca42019-12-14 13:47:26 +09002679 - filename: Filename of u-boot-nodtb.bin (default 'u-boot-nodtb.bin')
Simon Glassee21d3a2018-09-14 04:57:07 -06002680 - optional-ucode: boolean property to make microcode optional. If the
2681 u-boot.bin image does not include microcode, no error will
2682 be generated.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002683
2684See Entry_u_boot_ucode for full details of the three entries involved in
2685this process. This entry updates U-Boot with the offset and size of the
2686microcode, to allow early x86 boot code to find it without doing anything
Simon Glass537e0062021-03-18 20:24:54 +13002687complicated. Otherwise it is the same as the u-boot entry.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002688
2689
2690
Simon Glassa7c97782022-08-07 16:33:25 -06002691.. _etype_vblock:
2692
Simon Glass5c350162018-07-17 13:25:47 -06002693Entry: vblock: An entry which contains a Chromium OS verified boot block
2694------------------------------------------------------------------------
2695
2696Properties / Entry arguments:
Simon Glass17b84eb2019-05-17 22:00:53 -06002697 - content: List of phandles to entries to sign
Simon Glass5c350162018-07-17 13:25:47 -06002698 - keydir: Directory containing the public keys to use
2699 - keyblock: Name of the key file to use (inside keydir)
2700 - signprivate: Name of provide key file to use (inside keydir)
2701 - version: Version number of the vblock (typically 1)
2702 - kernelkey: Name of the kernel key to use (inside keydir)
2703 - preamble-flags: Value of the vboot preamble flags (typically 0)
2704
Simon Glass639505b2018-09-14 04:57:11 -06002705Output files:
2706 - input.<unique_name> - input file passed to futility
2707 - vblock.<unique_name> - output file generated by futility (which is
2708 used as the entry contents)
2709
Jagdish Gediya311d4842018-09-03 21:35:08 +05302710Chromium OS signs the read-write firmware and kernel, writing the signature
Simon Glass5c350162018-07-17 13:25:47 -06002711in this block. This allows U-Boot to verify that the next firmware stage
2712and kernel are genuine.
2713
2714
2715
Simon Glassc3fe97f2023-03-02 17:02:45 -07002716.. _etype_x509_cert:
2717
2718Entry: x509-cert: An entry which contains an X509 certificate
2719-------------------------------------------------------------
2720
2721Properties / Entry arguments:
2722 - content: List of phandles to entries to sign
2723
2724Output files:
2725 - input.<unique_name> - input file passed to openssl
2726 - cert.<unique_name> - output file generated by openssl (which is
2727 used as the entry contents)
2728
2729openssl signs the provided data, writing the signature in this entry. This
2730allows verification that the data is genuine
2731
2732
2733
Simon Glassa7c97782022-08-07 16:33:25 -06002734.. _etype_x86_reset16:
2735
Simon Glass0b074d62019-08-24 07:22:48 -06002736Entry: x86-reset16: x86 16-bit reset code for U-Boot
2737----------------------------------------------------
2738
2739Properties / Entry arguments:
2740 - filename: Filename of u-boot-x86-reset16.bin (default
2741 'u-boot-x86-reset16.bin')
2742
2743x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2744must be placed at a particular address. This entry holds that code. It is
2745typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2746for jumping to the x86-start16 code, which continues execution.
2747
2748For 64-bit U-Boot, the 'x86_reset16_spl' entry type is used instead.
2749
2750
2751
Simon Glassa7c97782022-08-07 16:33:25 -06002752.. _etype_x86_reset16_spl:
2753
Simon Glass0b074d62019-08-24 07:22:48 -06002754Entry: x86-reset16-spl: x86 16-bit reset code for U-Boot
2755--------------------------------------------------------
2756
2757Properties / Entry arguments:
2758 - filename: Filename of u-boot-x86-reset16.bin (default
2759 'u-boot-x86-reset16.bin')
2760
2761x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2762must be placed at a particular address. This entry holds that code. It is
2763typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2764for jumping to the x86-start16 code, which continues execution.
2765
2766For 32-bit U-Boot, the 'x86_reset_spl' entry type is used instead.
2767
2768
2769
Simon Glassa7c97782022-08-07 16:33:25 -06002770.. _etype_x86_reset16_tpl:
2771
Simon Glass0b074d62019-08-24 07:22:48 -06002772Entry: x86-reset16-tpl: x86 16-bit reset code for U-Boot
2773--------------------------------------------------------
2774
2775Properties / Entry arguments:
2776 - filename: Filename of u-boot-x86-reset16.bin (default
2777 'u-boot-x86-reset16.bin')
2778
2779x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2780must be placed at a particular address. This entry holds that code. It is
2781typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2782for jumping to the x86-start16 code, which continues execution.
2783
2784For 32-bit U-Boot, the 'x86_reset_tpl' entry type is used instead.
2785
2786
Simon Glassa7c97782022-08-07 16:33:25 -06002787
2788.. _etype_x86_start16:
Simon Glass0b074d62019-08-24 07:22:48 -06002789
Simon Glass7a61c6b2018-07-17 13:25:37 -06002790Entry: x86-start16: x86 16-bit start-up code for U-Boot
2791-------------------------------------------------------
2792
2793Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002794 - filename: Filename of u-boot-x86-start16.bin (default
2795 'u-boot-x86-start16.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002796
2797x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
Simon Glassabab18c2019-08-24 07:22:49 -06002798must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2799entry holds that code. It is typically placed at offset
2800CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2801and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2802U-Boot).
Simon Glass7a61c6b2018-07-17 13:25:37 -06002803
2804For 64-bit U-Boot, the 'x86_start16_spl' entry type is used instead.
2805
2806
2807
Simon Glassa7c97782022-08-07 16:33:25 -06002808.. _etype_x86_start16_spl:
2809
Simon Glass7a61c6b2018-07-17 13:25:37 -06002810Entry: x86-start16-spl: x86 16-bit start-up code for SPL
2811--------------------------------------------------------
2812
2813Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002814 - filename: Filename of spl/u-boot-x86-start16-spl.bin (default
2815 'spl/u-boot-x86-start16-spl.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002816
Simon Glassabab18c2019-08-24 07:22:49 -06002817x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2818must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2819entry holds that code. It is typically placed at offset
2820CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2821and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2822U-Boot).
Simon Glass7a61c6b2018-07-17 13:25:37 -06002823
Simon Glassabab18c2019-08-24 07:22:49 -06002824For 32-bit U-Boot, the 'x86-start16' entry type is used instead.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002825
2826
2827
Simon Glassa7c97782022-08-07 16:33:25 -06002828.. _etype_x86_start16_tpl:
2829
Simon Glassed40e962018-09-14 04:57:10 -06002830Entry: x86-start16-tpl: x86 16-bit start-up code for TPL
2831--------------------------------------------------------
2832
2833Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002834 - filename: Filename of tpl/u-boot-x86-start16-tpl.bin (default
2835 'tpl/u-boot-x86-start16-tpl.bin')
Simon Glassed40e962018-09-14 04:57:10 -06002836
Simon Glassabab18c2019-08-24 07:22:49 -06002837x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2838must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2839entry holds that code. It is typically placed at offset
2840CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2841and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2842U-Boot).
Simon Glassed40e962018-09-14 04:57:10 -06002843
Simon Glassabab18c2019-08-24 07:22:49 -06002844If TPL is not being used, the 'x86-start16-spl or 'x86-start16' entry types
Simon Glassed40e962018-09-14 04:57:10 -06002845may be used instead.
2846
2847
2848
Lukas Funkefebfc6d2023-08-03 17:22:15 +02002849.. _etype_xilinx_bootgen:
2850
2851Entry: xilinx-bootgen: Signed SPL boot image for Xilinx ZynqMP devices
2852----------------------------------------------------------------------
2853
2854Properties / Entry arguments:
2855 - auth-params: (Optional) Authentication parameters passed to bootgen
2856 - fsbl-config: (Optional) FSBL parameters passed to bootgen
2857 - keysrc-enc: (Optional) Key source when using decryption engine
2858 - pmufw-filename: Filename of PMU firmware. Default: pmu-firmware.elf
2859 - psk-key-name-hint: Name of primary secret key to use for signing the
2860 secondardy public key. Format: .pem file
2861 - ssk-key-name-hint: Name of secondardy secret key to use for signing
2862 the boot image. Format: .pem file
2863
2864The etype is used to create a boot image for Xilinx ZynqMP
2865devices.
2866
2867Information for signed images:
2868
2869In AMD/Xilinx SoCs, two pairs of public and secret keys are used
2870- primary and secondary. The function of the primary public/secret key pair
2871is to authenticate the secondary public/secret key pair.
2872The function of the secondary key is to sign/verify the boot image. [1]
2873
2874AMD/Xilinx uses the following terms for private/public keys [1]:
2875
2876 PSK = Primary Secret Key (Used to sign Secondary Public Key)
2877 PPK = Primary Public Key (Used to verify Secondary Public Key)
2878 SSK = Secondary Secret Key (Used to sign the boot image/partitions)
2879 SPK = Used to verify the actual boot image
2880
2881The following example builds a signed boot image. The fuses of
2882the primary public key (ppk) should be fused together with the RSA_EN flag.
2883
2884Example node::
2885
2886 spl {
2887 filename = "boot.signed.bin";
2888
2889 xilinx-bootgen {
2890 psk-key-name-hint = "psk0";
2891 ssk-key-name-hint = "ssk0";
2892 auth-params = "ppk_select=0", "spk_id=0x00000000";
2893
2894 u-boot-spl-nodtb {
2895 };
2896 u-boot-spl-pubkey-dtb {
2897 algo = "sha384,rsa4096";
2898 required = "conf";
2899 key-name-hint = "dev";
2900 };
2901 };
2902 };
2903
2904For testing purposes, e.g. if no RSA_EN should be fused, one could add
2905the "bh_auth_enable" flag in the fsbl-config field. This will skip the
2906verification of the ppk fuses and boot the image, even if ppk hash is
2907invalid.
2908
2909Example node::
2910
2911 xilinx-bootgen {
2912 psk-key-name-hint = "psk0";
2913 psk-key-name-hint = "ssk0";
2914 ...
2915 fsbl-config = "bh_auth_enable";
2916 ...
2917 };
2918
2919[1] https://docs.xilinx.com/r/en-US/ug1283-bootgen-user-guide/Using-Authentication
2920
2921
2922
2923