Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1 | Binman Entry Documentation |
Heinrich Schuchardt | b72160b | 2023-10-28 11:59:32 +0200 | [diff] [blame] | 2 | ========================== |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 3 | |
| 4 | This file describes the entry types supported by binman. These entry types can |
| 5 | be placed in an image one by one to build up a final firmware image. It is |
| 6 | fairly easy to create new entry types. Just add a new file to the 'etype' |
| 7 | directory. You can use the existing entries as examples. |
| 8 | |
| 9 | Note that some entries are subclasses of others, using and extending their |
| 10 | features to produce new behaviours. |
| 11 | |
| 12 | |
| 13 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 14 | .. _etype_atf_bl31: |
| 15 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 16 | Entry: atf-bl31: ARM Trusted Firmware (ATF) BL31 blob |
| 17 | ----------------------------------------------------- |
Simon Glass | 559c4de | 2020-09-01 05:13:58 -0600 | [diff] [blame] | 18 | |
| 19 | Properties / Entry arguments: |
| 20 | - atf-bl31-path: Filename of file to read into entry. This is typically |
| 21 | called bl31.bin or bl31.elf |
| 22 | |
| 23 | This entry holds the run-time firmware, typically started by U-Boot SPL. |
| 24 | See the U-Boot README for your architecture or board for how to use it. See |
| 25 | https://github.com/ARM-software/arm-trusted-firmware for more information |
| 26 | about ATF. |
| 27 | |
| 28 | |
| 29 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 30 | .. _etype_atf_fip: |
| 31 | |
Simon Glass | 3efb297 | 2021-11-23 21:08:59 -0700 | [diff] [blame] | 32 | Entry: atf-fip: ARM Trusted Firmware's Firmware Image Package (FIP) |
| 33 | ------------------------------------------------------------------- |
| 34 | |
| 35 | A FIP_ provides a way to group binaries in a firmware image, used by ARM's |
| 36 | Trusted Firmware A (TF-A) code. It is a simple format consisting of a |
| 37 | table of contents with information about the type, offset and size of the |
| 38 | binaries in the FIP. It is quite similar to FMAP, with the major difference |
| 39 | that it uses UUIDs to indicate the type of each entry. |
| 40 | |
| 41 | Note: It is recommended to always add an fdtmap to every image, as well as |
| 42 | any FIPs so that binman and other tools can access the entire image |
| 43 | correctly. |
| 44 | |
| 45 | The UUIDs correspond to useful names in `fiptool`, provided by ATF to |
| 46 | operate on FIPs. Binman uses these names to make it easier to understand |
| 47 | what is going on, although it is possible to provide a UUID if needed. |
| 48 | |
| 49 | The contents of the FIP are defined by subnodes of the atf-fip entry, e.g.:: |
| 50 | |
| 51 | atf-fip { |
| 52 | soc-fw { |
| 53 | filename = "bl31.bin"; |
| 54 | }; |
| 55 | |
| 56 | scp-fwu-cfg { |
| 57 | filename = "bl2u.bin"; |
| 58 | }; |
| 59 | |
| 60 | u-boot { |
| 61 | fip-type = "nt-fw"; |
| 62 | }; |
| 63 | }; |
| 64 | |
| 65 | This describes a FIP with three entries: soc-fw, scp-fwu-cfg and nt-fw. |
| 66 | You can use normal (non-external) binaries like U-Boot simply by adding a |
| 67 | FIP type, with the `fip-type` property, as above. |
| 68 | |
| 69 | Since FIP exists to bring blobs together, Binman assumes that all FIP |
| 70 | entries are external binaries. If a binary may not exist, you can use the |
| 71 | `--allow-missing` flag to Binman, in which case the image is still created, |
| 72 | even though it will not actually work. |
| 73 | |
| 74 | The size of the FIP depends on the size of the binaries. There is currently |
| 75 | no way to specify a fixed size. If the `atf-fip` node has a `size` entry, |
| 76 | this affects the space taken up by the `atf-fip` entry, but the FIP itself |
| 77 | does not expand to use that space. |
| 78 | |
| 79 | Some other FIP features are available with Binman. The header and the |
| 80 | entries have 64-bit flag works. The flag flags do not seem to be defined |
| 81 | anywhere, but you can use `fip-hdr-flags` and fip-flags` to set the values |
| 82 | of the header and entries respectively. |
| 83 | |
| 84 | FIP entries can be aligned to a particular power-of-two boundary. Use |
| 85 | fip-align for this. |
| 86 | |
| 87 | Binman only understands the entry types that are included in its |
| 88 | implementation. It is possible to specify a 16-byte UUID instead, using the |
| 89 | fip-uuid property. In this case Binman doesn't know what its type is, so |
| 90 | just uses the UUID. See the `u-boot` node in this example:: |
| 91 | |
| 92 | binman { |
| 93 | atf-fip { |
| 94 | fip-hdr-flags = /bits/ 64 <0x123>; |
| 95 | fip-align = <16>; |
| 96 | soc-fw { |
| 97 | fip-flags = /bits/ 64 <0x456>; |
| 98 | filename = "bl31.bin"; |
| 99 | }; |
| 100 | |
| 101 | scp-fwu-cfg { |
| 102 | filename = "bl2u.bin"; |
| 103 | }; |
| 104 | |
| 105 | u-boot { |
| 106 | fip-uuid = [fc 65 13 92 4a 5b 11 ec |
| 107 | 94 35 ff 2d 1c fc 79 9c]; |
| 108 | }; |
| 109 | }; |
| 110 | fdtmap { |
| 111 | }; |
| 112 | }; |
| 113 | |
| 114 | Binman allows reading and updating FIP entries after the image is created, |
| 115 | provided that an FDPMAP is present too. Updates which change the size of a |
| 116 | FIP entry will cause it to be expanded or contracted as needed. |
| 117 | |
| 118 | Properties for top-level atf-fip node |
| 119 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 120 | |
| 121 | fip-hdr-flags (64 bits) |
| 122 | Sets the flags for the FIP header. |
| 123 | |
| 124 | Properties for subnodes |
| 125 | ~~~~~~~~~~~~~~~~~~~~~~~ |
| 126 | |
| 127 | fip-type (str) |
| 128 | FIP type to use for this entry. This is needed if the entry |
| 129 | name is not a valid type. Value types are defined in `fip_util.py`. |
| 130 | The FIP type defines the UUID that is used (they map 1:1). |
| 131 | |
| 132 | fip-uuid (16 bytes) |
| 133 | If there is no FIP-type name defined, or it is not supported by Binman, |
| 134 | this property sets the UUID. It should be a 16-byte value, following the |
| 135 | hex digits of the UUID. |
| 136 | |
| 137 | fip-flags (64 bits) |
| 138 | Set the flags for a FIP entry. Use in one of the subnodes of the |
| 139 | 7atf-fip entry. |
| 140 | |
| 141 | fip-align |
| 142 | Set the alignment for a FIP entry, FIP entries can be aligned to a |
| 143 | particular power-of-two boundary. The default is 1. |
| 144 | |
| 145 | Adding new FIP-entry types |
| 146 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 147 | |
| 148 | When new FIP entries are defined by TF-A they appear in the |
| 149 | `TF-A source tree`_. You can use `fip_util.py` to update Binman to support |
| 150 | new types, then `send a patch`_ to the U-Boot mailing list. There are two |
| 151 | source files that the tool examples: |
| 152 | |
| 153 | - `include/tools_share/firmware_image_package.h` has the UUIDs |
| 154 | - `tools/fiptool/tbbr_config.c` has the name and descripion for each UUID |
| 155 | |
| 156 | To run the tool:: |
| 157 | |
| 158 | $ tools/binman/fip_util.py -s /path/to/arm-trusted-firmware |
| 159 | Warning: UUID 'UUID_NON_TRUSTED_WORLD_KEY_CERT' is not mentioned in tbbr_config.c file |
| 160 | Existing code in 'tools/binman/fip_util.py' is up-to-date |
| 161 | |
| 162 | If it shows there is an update, it writes a new version of `fip_util.py` |
| 163 | to `fip_util.py.out`. You can change the output file using the `-i` flag. |
| 164 | If you have a problem, use `-D` to enable traceback debugging. |
| 165 | |
| 166 | FIP commentary |
| 167 | ~~~~~~~~~~~~~~ |
| 168 | |
| 169 | As a side effect of use of UUIDs, FIP does not support multiple |
| 170 | entries of the same type, such as might be used to store fonts or graphics |
| 171 | icons, for example. For verified boot it could be used for each part of the |
| 172 | image (e.g. separate FIPs for A and B) but cannot describe the whole |
| 173 | firmware image. As with FMAP there is no hierarchy defined, although FMAP |
| 174 | works around this by having 'section' areas which encompass others. A |
| 175 | similar workaround would be possible with FIP but is not currently defined. |
| 176 | |
| 177 | It is recommended to always add an fdtmap to every image, as well as any |
| 178 | FIPs so that binman and other tools can access the entire image correctly. |
| 179 | |
| 180 | .. _FIP: https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#firmware-image-package-fip |
| 181 | .. _`TF-A source tree`: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git |
| 182 | .. _`send a patch`: https://www.denx.de/wiki/U-Boot/Patches |
| 183 | |
| 184 | |
| 185 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 186 | .. _etype_blob: |
| 187 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 188 | Entry: blob: Arbitrary binary blob |
| 189 | ---------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 190 | |
| 191 | Note: This should not be used by itself. It is normally used as a parent |
| 192 | class by other entry types. |
| 193 | |
| 194 | Properties / Entry arguments: |
| 195 | - filename: Filename of file to read into entry |
Simon Glass | 7ba3359 | 2018-09-14 04:57:26 -0600 | [diff] [blame] | 196 | - compress: Compression algorithm to use: |
| 197 | none: No compression |
| 198 | lz4: Use lz4 compression (via 'lz4' command-line utility) |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 199 | |
| 200 | This entry reads data from a file and places it in the entry. The |
| 201 | default filename is often specified specified by the subclass. See for |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 202 | example the 'u-boot' entry which provides the filename 'u-boot.bin'. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 203 | |
Simon Glass | 7ba3359 | 2018-09-14 04:57:26 -0600 | [diff] [blame] | 204 | If compression is enabled, an extra 'uncomp-size' property is written to |
| 205 | the node (if enabled with -u) which provides the uncompressed size of the |
| 206 | data. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 207 | |
| 208 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 209 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 210 | .. _etype_blob_dtb: |
| 211 | |
Simon Glass | e219aa4 | 2018-09-14 04:57:24 -0600 | [diff] [blame] | 212 | Entry: blob-dtb: A blob that holds a device tree |
| 213 | ------------------------------------------------ |
| 214 | |
| 215 | This is a blob containing a device tree. The contents of the blob are |
| 216 | obtained from the list of available device-tree files, managed by the |
| 217 | 'state' module. |
| 218 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 219 | Additional attributes: |
| 220 | prepend: Header used (e.g. 'length') |
Simon Glass | e219aa4 | 2018-09-14 04:57:24 -0600 | [diff] [blame] | 221 | |
| 222 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 223 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 224 | .. _etype_blob_ext: |
| 225 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 226 | Entry: blob-ext: Externally built binary blob |
| 227 | --------------------------------------------- |
Simon Glass | 5e56018 | 2020-07-09 18:39:36 -0600 | [diff] [blame] | 228 | |
| 229 | Note: This should not be used by itself. It is normally used as a parent |
| 230 | class by other entry types. |
| 231 | |
Simon Glass | 5d94cc6 | 2020-07-09 18:39:38 -0600 | [diff] [blame] | 232 | If the file providing this blob is missing, binman can optionally ignore it |
| 233 | and produce a broken image with a warning. |
| 234 | |
Simon Glass | 5e56018 | 2020-07-09 18:39:36 -0600 | [diff] [blame] | 235 | See 'blob' for Properties / Entry arguments. |
| 236 | |
| 237 | |
| 238 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 239 | .. _etype_blob_ext_list: |
| 240 | |
Simon Glass | 0b00ae6 | 2021-11-23 21:09:52 -0700 | [diff] [blame] | 241 | Entry: blob-ext-list: List of externally built binary blobs |
| 242 | ----------------------------------------------------------- |
| 243 | |
| 244 | This is like blob-ext except that a number of blobs can be provided, |
| 245 | typically with some sort of relationship, e.g. all are DDC parameters. |
| 246 | |
| 247 | If any of the external files needed by this llist is missing, binman can |
| 248 | optionally ignore it and produce a broken image with a warning. |
| 249 | |
| 250 | Args: |
| 251 | filenames: List of filenames to read and include |
| 252 | |
| 253 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 254 | |
| 255 | .. _etype_blob_named_by_arg: |
Simon Glass | 0b00ae6 | 2021-11-23 21:09:52 -0700 | [diff] [blame] | 256 | |
Simon Glass | db168d4 | 2018-07-17 13:25:39 -0600 | [diff] [blame] | 257 | Entry: blob-named-by-arg: A blob entry which gets its filename property from its subclass |
| 258 | ----------------------------------------------------------------------------------------- |
| 259 | |
| 260 | Properties / Entry arguments: |
| 261 | - <xxx>-path: Filename containing the contents of this entry (optional, |
Simon Glass | 21db0ff | 2020-09-01 05:13:54 -0600 | [diff] [blame] | 262 | defaults to None) |
Simon Glass | db168d4 | 2018-07-17 13:25:39 -0600 | [diff] [blame] | 263 | |
| 264 | where <xxx> is the blob_fname argument to the constructor. |
| 265 | |
| 266 | This entry cannot be used directly. Instead, it is used as a parent class |
| 267 | for another entry, which defined blob_fname. This parameter is used to |
| 268 | set the entry-arg or property containing the filename. The entry-arg or |
| 269 | property is in turn used to set the actual filename. |
| 270 | |
| 271 | See cros_ec_rw for an example of this. |
| 272 | |
| 273 | |
| 274 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 275 | .. _etype_blob_phase: |
| 276 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 277 | Entry: blob-phase: Section that holds a phase binary |
| 278 | ---------------------------------------------------- |
| 279 | |
| 280 | This is a base class that should not normally be used directly. It is used |
| 281 | when converting a 'u-boot' entry automatically into a 'u-boot-expanded' |
| 282 | entry; similarly for SPL. |
| 283 | |
| 284 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 285 | |
| 286 | .. _etype_cbfs: |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 287 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 288 | Entry: cbfs: Coreboot Filesystem (CBFS) |
| 289 | --------------------------------------- |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 290 | |
| 291 | A CBFS provides a way to group files into a group. It has a simple directory |
| 292 | structure and allows the position of individual files to be set, since it is |
| 293 | designed to support execute-in-place in an x86 SPI-flash device. Where XIP |
| 294 | is not used, it supports compression and storing ELF files. |
| 295 | |
| 296 | CBFS is used by coreboot as its way of orgnanising SPI-flash contents. |
| 297 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 298 | The contents of the CBFS are defined by subnodes of the cbfs entry, e.g.:: |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 299 | |
| 300 | cbfs { |
| 301 | size = <0x100000>; |
| 302 | u-boot { |
| 303 | cbfs-type = "raw"; |
| 304 | }; |
| 305 | u-boot-dtb { |
| 306 | cbfs-type = "raw"; |
| 307 | }; |
| 308 | }; |
| 309 | |
| 310 | This creates a CBFS 1MB in size two files in it: u-boot.bin and u-boot.dtb. |
| 311 | Note that the size is required since binman does not support calculating it. |
| 312 | The contents of each entry is just what binman would normally provide if it |
| 313 | were not a CBFS node. A blob type can be used to import arbitrary files as |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 314 | with the second subnode below:: |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 315 | |
| 316 | cbfs { |
| 317 | size = <0x100000>; |
| 318 | u-boot { |
| 319 | cbfs-name = "BOOT"; |
| 320 | cbfs-type = "raw"; |
| 321 | }; |
| 322 | |
| 323 | dtb { |
| 324 | type = "blob"; |
| 325 | filename = "u-boot.dtb"; |
| 326 | cbfs-type = "raw"; |
| 327 | cbfs-compress = "lz4"; |
Simon Glass | c2f1aed | 2019-07-08 13:18:56 -0600 | [diff] [blame] | 328 | cbfs-offset = <0x100000>; |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 329 | }; |
| 330 | }; |
| 331 | |
| 332 | This creates a CBFS 1MB in size with u-boot.bin (named "BOOT") and |
| 333 | u-boot.dtb (named "dtb") and compressed with the lz4 algorithm. |
| 334 | |
| 335 | |
| 336 | Properties supported in the top-level CBFS node: |
| 337 | |
| 338 | cbfs-arch: |
| 339 | Defaults to "x86", but you can specify the architecture if needed. |
| 340 | |
| 341 | |
| 342 | Properties supported in the CBFS entry subnodes: |
| 343 | |
| 344 | cbfs-name: |
| 345 | This is the name of the file created in CBFS. It defaults to the entry |
| 346 | name (which is the node name), but you can override it with this |
| 347 | property. |
| 348 | |
| 349 | cbfs-type: |
| 350 | This is the CBFS file type. The following are supported: |
| 351 | |
| 352 | raw: |
| 353 | This is a 'raw' file, although compression is supported. It can be |
| 354 | used to store any file in CBFS. |
| 355 | |
| 356 | stage: |
| 357 | This is an ELF file that has been loaded (i.e. mapped to memory), so |
| 358 | appears in the CBFS as a flat binary. The input file must be an ELF |
| 359 | image, for example this puts "u-boot" (the ELF image) into a 'stage' |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 360 | entry:: |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 361 | |
| 362 | cbfs { |
| 363 | size = <0x100000>; |
| 364 | u-boot-elf { |
| 365 | cbfs-name = "BOOT"; |
| 366 | cbfs-type = "stage"; |
| 367 | }; |
| 368 | }; |
| 369 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 370 | You can use your own ELF file with something like:: |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 371 | |
| 372 | cbfs { |
| 373 | size = <0x100000>; |
| 374 | something { |
| 375 | type = "blob"; |
| 376 | filename = "cbfs-stage.elf"; |
| 377 | cbfs-type = "stage"; |
| 378 | }; |
| 379 | }; |
| 380 | |
| 381 | As mentioned, the file is converted to a flat binary, so it is |
| 382 | equivalent to adding "u-boot.bin", for example, but with the load and |
| 383 | start addresses specified by the ELF. At present there is no option |
| 384 | to add a flat binary with a load/start address, similar to the |
| 385 | 'add-flat-binary' option in cbfstool. |
| 386 | |
Simon Glass | c2f1aed | 2019-07-08 13:18:56 -0600 | [diff] [blame] | 387 | cbfs-offset: |
| 388 | This is the offset of the file's data within the CBFS. It is used to |
| 389 | specify where the file should be placed in cases where a fixed position |
| 390 | is needed. Typical uses are for code which is not relocatable and must |
| 391 | execute in-place from a particular address. This works because SPI flash |
| 392 | is generally mapped into memory on x86 devices. The file header is |
| 393 | placed before this offset so that the data start lines up exactly with |
| 394 | the chosen offset. If this property is not provided, then the file is |
| 395 | placed in the next available spot. |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 396 | |
| 397 | The current implementation supports only a subset of CBFS features. It does |
| 398 | not support other file types (e.g. payload), adding multiple files (like the |
| 399 | 'files' entry with a pattern supported by binman), putting files at a |
| 400 | particular offset in the CBFS and a few other things. |
| 401 | |
| 402 | Of course binman can create images containing multiple CBFSs, simply by |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 403 | defining these in the binman config:: |
Simon Glass | 1de3448 | 2019-07-08 13:18:53 -0600 | [diff] [blame] | 404 | |
| 405 | |
| 406 | binman { |
| 407 | size = <0x800000>; |
| 408 | cbfs { |
| 409 | offset = <0x100000>; |
| 410 | size = <0x100000>; |
| 411 | u-boot { |
| 412 | cbfs-type = "raw"; |
| 413 | }; |
| 414 | u-boot-dtb { |
| 415 | cbfs-type = "raw"; |
| 416 | }; |
| 417 | }; |
| 418 | |
| 419 | cbfs2 { |
| 420 | offset = <0x700000>; |
| 421 | size = <0x100000>; |
| 422 | u-boot { |
| 423 | cbfs-type = "raw"; |
| 424 | }; |
| 425 | u-boot-dtb { |
| 426 | cbfs-type = "raw"; |
| 427 | }; |
| 428 | image { |
| 429 | type = "blob"; |
| 430 | filename = "image.jpg"; |
| 431 | }; |
| 432 | }; |
| 433 | }; |
| 434 | |
| 435 | This creates an 8MB image with two CBFSs, one at offset 1MB, one at 7MB, |
| 436 | both of size 1MB. |
| 437 | |
| 438 | |
| 439 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 440 | .. _etype_collection: |
| 441 | |
Simon Glass | e191578 | 2021-03-21 18:24:31 +1300 | [diff] [blame] | 442 | Entry: collection: An entry which contains a collection of other entries |
| 443 | ------------------------------------------------------------------------ |
| 444 | |
| 445 | Properties / Entry arguments: |
| 446 | - content: List of phandles to entries to include |
| 447 | |
| 448 | This allows reusing the contents of other entries. The contents of the |
| 449 | listed entries are combined to form this entry. This serves as a useful |
| 450 | base class for entry types which need to process data from elsewhere in |
| 451 | the image, not necessarily child entries. |
| 452 | |
Simon Glass | bd5cd88 | 2022-08-13 11:40:50 -0600 | [diff] [blame] | 453 | The entries can generally be anywhere in the same image, even if they are in |
| 454 | a different section from this entry. |
| 455 | |
Simon Glass | e191578 | 2021-03-21 18:24:31 +1300 | [diff] [blame] | 456 | |
| 457 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 458 | .. _etype_cros_ec_rw: |
| 459 | |
Simon Glass | db168d4 | 2018-07-17 13:25:39 -0600 | [diff] [blame] | 460 | Entry: cros-ec-rw: A blob entry which contains a Chromium OS read-write EC image |
| 461 | -------------------------------------------------------------------------------- |
| 462 | |
| 463 | Properties / Entry arguments: |
| 464 | - cros-ec-rw-path: Filename containing the EC image |
| 465 | |
| 466 | This entry holds a Chromium OS EC (embedded controller) image, for use in |
| 467 | updating the EC on startup via software sync. |
| 468 | |
| 469 | |
| 470 | |
Sughosh Ganu | 269ee6d | 2023-08-22 23:09:59 +0530 | [diff] [blame] | 471 | .. _etype_efi_capsule: |
| 472 | |
| 473 | Entry: capsule: Entry for generating EFI Capsule files |
| 474 | ------------------------------------------------------ |
| 475 | |
| 476 | The parameters needed for generation of the capsules can be provided |
| 477 | as properties in the entry. |
| 478 | |
| 479 | Properties / Entry arguments: |
| 480 | - image-index: Unique number for identifying corresponding |
| 481 | payload image. Number between 1 and descriptor count, i.e. |
| 482 | the total number of firmware images that can be updated. Mandatory |
| 483 | property. |
| 484 | - image-guid: Image GUID which will be used for identifying the |
| 485 | updatable image on the board. Mandatory property. |
| 486 | - hardware-instance: Optional number for identifying unique |
| 487 | hardware instance of a device in the system. Default value of 0 |
| 488 | for images where value is not to be used. |
| 489 | - fw-version: Value of image version that can be put on the capsule |
| 490 | through the Firmware Management Protocol(FMP) header. |
| 491 | - monotonic-count: Count used when signing an image. |
| 492 | - private-key: Path to PEM formatted .key private key file. Mandatory |
| 493 | property for generating signed capsules. |
| 494 | - public-key-cert: Path to PEM formatted .crt public key certificate |
| 495 | file. Mandatory property for generating signed capsules. |
| 496 | - oem-flags - OEM flags to be passed through capsule header. |
| 497 | |
| 498 | Since this is a subclass of Entry_section, all properties of the parent |
| 499 | class also apply here. Except for the properties stated as mandatory, the |
| 500 | rest of the properties are optional. |
| 501 | |
| 502 | For more details on the description of the capsule format, and the capsule |
| 503 | update functionality, refer Section 8.5 and Chapter 23 in the `UEFI |
| 504 | specification`_. |
| 505 | |
| 506 | The capsule parameters like image index and image GUID are passed as |
| 507 | properties in the entry. The payload to be used in the capsule is to be |
| 508 | provided as a subnode of the capsule entry. |
| 509 | |
| 510 | A typical capsule entry node would then look something like this:: |
| 511 | |
| 512 | capsule { |
| 513 | type = "efi-capsule"; |
| 514 | image-index = <0x1>; |
| 515 | /* Image GUID for testing capsule update */ |
| 516 | image-guid = SANDBOX_UBOOT_IMAGE_GUID; |
| 517 | hardware-instance = <0x0>; |
| 518 | private-key = "path/to/the/private/key"; |
| 519 | public-key-cert = "path/to/the/public-key-cert"; |
| 520 | oem-flags = <0x8000>; |
| 521 | |
| 522 | u-boot { |
| 523 | }; |
| 524 | }; |
| 525 | |
| 526 | In the above example, the capsule payload is the U-Boot image. The |
| 527 | capsule entry would read the contents of the payload and put them |
| 528 | into the capsule. Any external file can also be specified as the |
| 529 | payload using the blob-ext subnode. |
| 530 | |
| 531 | .. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf |
| 532 | |
| 533 | |
| 534 | |
Sughosh Ganu | 6b2d18a | 2023-10-10 14:40:59 +0530 | [diff] [blame] | 535 | .. _etype_efi_empty_capsule: |
| 536 | |
| 537 | Entry: efi-empty-capsule: Entry for generating EFI Empty Capsule files |
| 538 | ---------------------------------------------------------------------- |
| 539 | |
| 540 | The parameters needed for generation of the empty capsules can |
| 541 | be provided as properties in the entry. |
| 542 | |
| 543 | Properties / Entry arguments: |
| 544 | - image-guid: Image GUID which will be used for identifying the |
| 545 | updatable image on the board. Mandatory for accept capsule. |
| 546 | - capsule-type - String to indicate type of capsule to generate. Valid |
| 547 | values are 'accept' and 'revert'. |
| 548 | |
| 549 | For more details on the description of the capsule format, and the capsule |
| 550 | update functionality, refer Section 8.5 and Chapter 23 in the `UEFI |
| 551 | specification`_. For more information on the empty capsule, refer the |
| 552 | sections 2.3.2 and 2.3.3 in the `Dependable Boot specification`_. |
| 553 | |
| 554 | A typical accept empty capsule entry node would then look something |
| 555 | like this:: |
| 556 | |
| 557 | empty-capsule { |
| 558 | type = "efi-empty-capsule"; |
| 559 | /* GUID of the image being accepted */ |
| 560 | image-type-id = SANDBOX_UBOOT_IMAGE_GUID; |
| 561 | capsule-type = "accept"; |
| 562 | }; |
| 563 | |
| 564 | A typical revert empty capsule entry node would then look something |
| 565 | like this:: |
| 566 | |
| 567 | empty-capsule { |
| 568 | type = "efi-empty-capsule"; |
| 569 | capsule-type = "revert"; |
| 570 | }; |
| 571 | |
| 572 | The empty capsules do not have any input payload image. |
| 573 | |
| 574 | .. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf |
| 575 | .. _`Dependable Boot specification`: https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf |
| 576 | |
| 577 | |
| 578 | |
Christian Taedcke | bc45436 | 2023-07-17 09:05:52 +0200 | [diff] [blame] | 579 | .. _etype_encrypted: |
| 580 | |
| 581 | Entry: encrypted: Externally built encrypted binary blob |
| 582 | -------------------------------------------------------- |
| 583 | |
| 584 | This entry provides the functionality to include information about how to |
| 585 | decrypt an encrypted binary. This information is added to the |
| 586 | resulting device tree by adding a new cipher node in the entry's parent |
| 587 | node (i.e. the binary). |
| 588 | |
| 589 | The key that must be used to decrypt the binary is either directly embedded |
| 590 | in the device tree or indirectly by specifying a key source. The key source |
| 591 | can be used as an id of a key that is stored in an external device. |
| 592 | |
| 593 | Using an embedded key |
| 594 | ~~~~~~~~~~~~~~~~~~~~~ |
| 595 | |
| 596 | This is an example using an embedded key:: |
| 597 | |
| 598 | blob-ext { |
| 599 | filename = "encrypted-blob.bin"; |
| 600 | }; |
| 601 | |
| 602 | encrypted { |
| 603 | algo = "aes256-gcm"; |
| 604 | iv-filename = "encrypted-blob.bin.iv"; |
| 605 | key-filename = "encrypted-blob.bin.key"; |
| 606 | }; |
| 607 | |
| 608 | This entry generates the following device tree structure form the example |
| 609 | above:: |
| 610 | |
| 611 | data = [...] |
| 612 | cipher { |
| 613 | algo = "aes256-gcm"; |
| 614 | key = <0x...>; |
| 615 | iv = <0x...>; |
| 616 | }; |
| 617 | |
| 618 | The data property is generated by the blob-ext etype, the cipher node and |
| 619 | its content is generated by this etype. |
| 620 | |
| 621 | Using an external key |
| 622 | ~~~~~~~~~~~~~~~~~~~~~ |
| 623 | |
| 624 | Instead of embedding the key itself into the device tree, it is also |
| 625 | possible to address an externally stored key by specifying a 'key-source' |
| 626 | instead of the 'key':: |
| 627 | |
| 628 | blob-ext { |
| 629 | filename = "encrypted-blob.bin"; |
| 630 | }; |
| 631 | |
| 632 | encrypted { |
| 633 | algo = "aes256-gcm"; |
| 634 | iv-filename = "encrypted-blob.bin.iv"; |
| 635 | key-source = "external-key-id"; |
| 636 | }; |
| 637 | |
| 638 | This entry generates the following device tree structure form the example |
| 639 | above:: |
| 640 | |
| 641 | data = [...] |
| 642 | cipher { |
| 643 | algo = "aes256-gcm"; |
| 644 | key-source = "external-key-id"; |
| 645 | iv = <0x...>; |
| 646 | }; |
| 647 | |
| 648 | Properties |
| 649 | ~~~~~~~~~~ |
| 650 | |
| 651 | Properties / Entry arguments: |
| 652 | - algo: The encryption algorithm. Currently no algorithm is supported |
| 653 | out-of-the-box. Certain algorithms will be added in future |
| 654 | patches. |
| 655 | - iv-filename: The name of the file containing the initialization |
| 656 | vector (in short iv). See |
| 657 | https://en.wikipedia.org/wiki/Initialization_vector |
| 658 | - key-filename: The name of the file containing the key. Either |
| 659 | key-filename or key-source must be provided. |
| 660 | - key-source: The key that should be used. Either key-filename or |
| 661 | key-source must be provided. |
| 662 | |
| 663 | |
| 664 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 665 | .. _etype_fdtmap: |
| 666 | |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 667 | Entry: fdtmap: An entry which contains an FDT map |
| 668 | ------------------------------------------------- |
| 669 | |
| 670 | Properties / Entry arguments: |
| 671 | None |
| 672 | |
| 673 | An FDT map is just a header followed by an FDT containing a list of all the |
Simon Glass | fb30e29 | 2019-07-20 12:23:51 -0600 | [diff] [blame] | 674 | entries in the image. The root node corresponds to the image node in the |
| 675 | original FDT, and an image-name property indicates the image name in that |
| 676 | original tree. |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 677 | |
| 678 | The header is the string _FDTMAP_ followed by 8 unused bytes. |
| 679 | |
| 680 | When used, this entry will be populated with an FDT map which reflects the |
| 681 | entries in the current image. Hierarchy is preserved, and all offsets and |
| 682 | sizes are included. |
| 683 | |
| 684 | Note that the -u option must be provided to ensure that binman updates the |
| 685 | FDT with the position of each entry. |
| 686 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 687 | Example output for a simple image with U-Boot and an FDT map:: |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 688 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 689 | / { |
| 690 | image-name = "binman"; |
| 691 | size = <0x00000112>; |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 692 | image-pos = <0x00000000>; |
| 693 | offset = <0x00000000>; |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 694 | u-boot { |
| 695 | size = <0x00000004>; |
| 696 | image-pos = <0x00000000>; |
| 697 | offset = <0x00000000>; |
| 698 | }; |
| 699 | fdtmap { |
| 700 | size = <0x0000010e>; |
| 701 | image-pos = <0x00000004>; |
| 702 | offset = <0x00000004>; |
| 703 | }; |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 704 | }; |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 705 | |
Simon Glass | fb30e29 | 2019-07-20 12:23:51 -0600 | [diff] [blame] | 706 | If allow-repack is used then 'orig-offset' and 'orig-size' properties are |
| 707 | added as necessary. See the binman README. |
| 708 | |
Simon Glass | 637958f | 2021-11-23 21:09:50 -0700 | [diff] [blame] | 709 | When extracting files, an alternative 'fdt' format is available for fdtmaps. |
| 710 | Use `binman extract -F fdt ...` to use this. It will export a devicetree, |
| 711 | without the fdtmap header, so it can be viewed with `fdtdump`. |
Simon Glass | 0f62133 | 2019-07-08 14:25:27 -0600 | [diff] [blame] | 712 | |
| 713 | |
Simon Glass | 637958f | 2021-11-23 21:09:50 -0700 | [diff] [blame] | 714 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 715 | .. _etype_files: |
| 716 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 717 | Entry: files: A set of files arranged in a section |
| 718 | -------------------------------------------------- |
Simon Glass | ac6328c | 2018-09-14 04:57:28 -0600 | [diff] [blame] | 719 | |
| 720 | Properties / Entry arguments: |
| 721 | - pattern: Filename pattern to match the files to include |
Simon Glass | 51d02ad | 2020-10-26 17:40:07 -0600 | [diff] [blame] | 722 | - files-compress: Compression algorithm to use: |
Simon Glass | ac6328c | 2018-09-14 04:57:28 -0600 | [diff] [blame] | 723 | none: No compression |
| 724 | lz4: Use lz4 compression (via 'lz4' command-line utility) |
Simon Glass | 3f093a3 | 2021-03-18 20:24:53 +1300 | [diff] [blame] | 725 | - files-align: Align each file to the given alignment |
Simon Glass | ac6328c | 2018-09-14 04:57:28 -0600 | [diff] [blame] | 726 | |
| 727 | This entry reads a number of files and places each in a separate sub-entry |
| 728 | within this entry. To access these you need to enable device-tree updates |
| 729 | at run-time so you can obtain the file positions. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 730 | |
| 731 | |
Simon Glass | ac6328c | 2018-09-14 04:57:28 -0600 | [diff] [blame] | 732 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 733 | .. _etype_fill: |
| 734 | |
Simon Glass | 53f5399 | 2018-07-17 13:25:40 -0600 | [diff] [blame] | 735 | Entry: fill: An entry which is filled to a particular byte value |
| 736 | ---------------------------------------------------------------- |
| 737 | |
| 738 | Properties / Entry arguments: |
| 739 | - fill-byte: Byte to use to fill the entry |
| 740 | |
| 741 | Note that the size property must be set since otherwise this entry does not |
| 742 | know how large it should be. |
| 743 | |
| 744 | You can often achieve the same effect using the pad-byte property of the |
| 745 | overall image, in that the space between entries will then be padded with |
| 746 | that byte. But this entry is sometimes useful for explicitly setting the |
| 747 | byte value of a region. |
| 748 | |
| 749 | |
Simon Glass | c7b010d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 750 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 751 | .. _etype_fit: |
| 752 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 753 | Entry: fit: Flat Image Tree (FIT) |
| 754 | --------------------------------- |
Simon Glass | 45d556d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 755 | |
| 756 | This calls mkimage to create a FIT (U-Boot Flat Image Tree) based on the |
| 757 | input provided. |
| 758 | |
| 759 | Nodes for the FIT should be written out in the binman configuration just as |
| 760 | they would be in a file passed to mkimage. |
| 761 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 762 | For example, this creates an image containing a FIT with U-Boot SPL:: |
Simon Glass | 45d556d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 763 | |
| 764 | binman { |
| 765 | fit { |
| 766 | description = "Test FIT"; |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 767 | fit,fdt-list = "of-list"; |
Simon Glass | 45d556d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 768 | |
| 769 | images { |
| 770 | kernel@1 { |
| 771 | description = "SPL"; |
| 772 | os = "u-boot"; |
| 773 | type = "rkspi"; |
| 774 | arch = "arm"; |
| 775 | compression = "none"; |
| 776 | load = <0>; |
| 777 | entry = <0>; |
| 778 | |
| 779 | u-boot-spl { |
| 780 | }; |
| 781 | }; |
| 782 | }; |
| 783 | }; |
| 784 | }; |
| 785 | |
Simon Glass | 912339f | 2022-02-08 11:50:03 -0700 | [diff] [blame] | 786 | More complex setups can be created, with generated nodes, as described |
| 787 | below. |
| 788 | |
| 789 | Properties (in the 'fit' node itself) |
| 790 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 791 | |
| 792 | Special properties have a `fit,` prefix, indicating that they should be |
| 793 | processed but not included in the final FIT. |
| 794 | |
| 795 | The top-level 'fit' node supports the following special properties: |
| 796 | |
| 797 | fit,external-offset |
| 798 | Indicates that the contents of the FIT are external and provides the |
| 799 | external offset. This is passed to mkimage via the -E and -p flags. |
| 800 | |
Jonas Karlman | c59ea89 | 2023-01-21 19:01:39 +0000 | [diff] [blame] | 801 | fit,align |
| 802 | Indicates what alignment to use for the FIT and its external data, |
| 803 | and provides the alignment to use. This is passed to mkimage via |
| 804 | the -B flag. |
| 805 | |
Simon Glass | 912339f | 2022-02-08 11:50:03 -0700 | [diff] [blame] | 806 | fit,fdt-list |
| 807 | Indicates the entry argument which provides the list of device tree |
| 808 | files for the gen-fdt-nodes operation (as below). This is often |
| 809 | `of-list` meaning that `-a of-list="dtb1 dtb2..."` should be passed |
| 810 | to binman. |
| 811 | |
Simon Glass | 2d94c42 | 2023-07-18 07:23:59 -0600 | [diff] [blame] | 812 | fit,fdt-list-val |
| 813 | As an alternative to fit,fdt-list the list of device tree files |
| 814 | can be provided in this property as a string list, e.g.:: |
| 815 | |
| 816 | fit,fdt-list-val = "dtb1", "dtb2"; |
| 817 | |
Simon Glass | 912339f | 2022-02-08 11:50:03 -0700 | [diff] [blame] | 818 | Substitutions |
| 819 | ~~~~~~~~~~~~~ |
| 820 | |
| 821 | Node names and property values support a basic string-substitution feature. |
| 822 | Available substitutions for '@' nodes (and property values) are: |
| 823 | |
| 824 | SEQ: |
| 825 | Sequence number of the generated fdt (1, 2, ...) |
| 826 | NAME |
| 827 | Name of the dtb as provided (i.e. without adding '.dtb') |
| 828 | |
| 829 | The `default` property, if present, will be automatically set to the name |
| 830 | if of configuration whose devicetree matches the `default-dt` entry |
| 831 | argument, e.g. with `-a default-dt=sun50i-a64-pine64-lts`. |
| 832 | |
| 833 | Available substitutions for property values in these nodes are: |
| 834 | |
| 835 | DEFAULT-SEQ: |
| 836 | Sequence number of the default fdt, as provided by the 'default-dt' |
| 837 | entry argument |
| 838 | |
| 839 | Available operations |
| 840 | ~~~~~~~~~~~~~~~~~~~~ |
| 841 | |
| 842 | You can add an operation to an '@' node to indicate which operation is |
| 843 | required:: |
| 844 | |
| 845 | @fdt-SEQ { |
| 846 | fit,operation = "gen-fdt-nodes"; |
| 847 | ... |
| 848 | }; |
| 849 | |
| 850 | Available operations are: |
| 851 | |
| 852 | gen-fdt-nodes |
| 853 | Generate FDT nodes as above. This is the default if there is no |
| 854 | `fit,operation` property. |
| 855 | |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 856 | split-elf |
| 857 | Split an ELF file into a separate node for each segment. |
| 858 | |
Simon Glass | 912339f | 2022-02-08 11:50:03 -0700 | [diff] [blame] | 859 | Generating nodes from an FDT list (gen-fdt-nodes) |
| 860 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 861 | |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 862 | U-Boot supports creating fdt and config nodes automatically. To do this, |
Simon Glass | 9f1c6b9 | 2022-02-08 11:50:02 -0700 | [diff] [blame] | 863 | pass an `of-list` property (e.g. `-a of-list=file1 file2`). This tells |
| 864 | binman that you want to generates nodes for two files: `file1.dtb` and |
| 865 | `file2.dtb`. The `fit,fdt-list` property (see above) indicates that |
| 866 | `of-list` should be used. If the property is missing you will get an error. |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 867 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 868 | Then add a 'generator node', a node with a name starting with '@':: |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 869 | |
| 870 | images { |
| 871 | @fdt-SEQ { |
| 872 | description = "fdt-NAME"; |
| 873 | type = "flat_dt"; |
| 874 | compression = "none"; |
| 875 | }; |
| 876 | }; |
| 877 | |
Simon Glass | 9f1c6b9 | 2022-02-08 11:50:02 -0700 | [diff] [blame] | 878 | This tells binman to create nodes `fdt-1` and `fdt-2` for each of your two |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 879 | files. All the properties you specify will be included in the node. This |
| 880 | node acts like a template to generate the nodes. The generator node itself |
| 881 | does not appear in the output - it is replaced with what binman generates. |
Simon Glass | 9f1c6b9 | 2022-02-08 11:50:02 -0700 | [diff] [blame] | 882 | A 'data' property is created with the contents of the FDT file. |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 883 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 884 | You can create config nodes in a similar way:: |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 885 | |
| 886 | configurations { |
| 887 | default = "@config-DEFAULT-SEQ"; |
| 888 | @config-SEQ { |
| 889 | description = "NAME"; |
Samuel Holland | 91079ac | 2020-10-21 21:12:14 -0500 | [diff] [blame] | 890 | firmware = "atf"; |
| 891 | loadables = "uboot"; |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 892 | fdt = "fdt-SEQ"; |
| 893 | }; |
| 894 | }; |
| 895 | |
Simon Glass | 9f1c6b9 | 2022-02-08 11:50:02 -0700 | [diff] [blame] | 896 | This tells binman to create nodes `config-1` and `config-2`, i.e. a config |
| 897 | for each of your two files. |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 898 | |
Simon Glass | a435cd1 | 2020-09-01 05:13:59 -0600 | [diff] [blame] | 899 | Note that if no devicetree files are provided (with '-a of-list' as above) |
| 900 | then no nodes will be generated. |
| 901 | |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 902 | Generating nodes from an ELF file (split-elf) |
| 903 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 904 | |
| 905 | This uses the node as a template to generate multiple nodes. The following |
| 906 | special properties are available: |
| 907 | |
| 908 | split-elf |
| 909 | Split an ELF file into a separate node for each segment. This uses the |
| 910 | node as a template to generate multiple nodes. The following special |
| 911 | properties are available: |
| 912 | |
| 913 | fit,load |
| 914 | Generates a `load = <...>` property with the load address of the |
| 915 | segment |
| 916 | |
| 917 | fit,entry |
| 918 | Generates a `entry = <...>` property with the entry address of the |
| 919 | ELF. This is only produced for the first entry |
| 920 | |
| 921 | fit,data |
| 922 | Generates a `data = <...>` property with the contents of the segment |
| 923 | |
Jonas Karlman | 490f73c | 2023-01-21 19:02:12 +0000 | [diff] [blame] | 924 | fit,firmware |
| 925 | Generates a `firmware = <...>` property. Provides a list of possible |
| 926 | nodes to be used as the `firmware` property value. The first valid |
| 927 | node is picked as the firmware. Any remaining valid nodes is |
| 928 | prepended to the `loadable` property generated by `fit,loadables` |
| 929 | |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 930 | fit,loadables |
| 931 | Generates a `loadable = <...>` property with a list of the generated |
| 932 | nodes (including all nodes if this operation is used multiple times) |
| 933 | |
| 934 | |
| 935 | Here is an example showing ATF, TEE and a device tree all combined:: |
| 936 | |
| 937 | fit { |
| 938 | description = "test-desc"; |
| 939 | #address-cells = <1>; |
| 940 | fit,fdt-list = "of-list"; |
| 941 | |
| 942 | images { |
| 943 | u-boot { |
| 944 | description = "U-Boot (64-bit)"; |
| 945 | type = "standalone"; |
| 946 | os = "U-Boot"; |
| 947 | arch = "arm64"; |
| 948 | compression = "none"; |
Simon Glass | 72cc538 | 2022-10-20 18:22:39 -0600 | [diff] [blame] | 949 | load = <CONFIG_TEXT_BASE>; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 950 | u-boot-nodtb { |
| 951 | }; |
| 952 | }; |
| 953 | @fdt-SEQ { |
| 954 | description = "fdt-NAME.dtb"; |
| 955 | type = "flat_dt"; |
| 956 | compression = "none"; |
| 957 | }; |
| 958 | @atf-SEQ { |
| 959 | fit,operation = "split-elf"; |
| 960 | description = "ARM Trusted Firmware"; |
| 961 | type = "firmware"; |
| 962 | arch = "arm64"; |
| 963 | os = "arm-trusted-firmware"; |
| 964 | compression = "none"; |
| 965 | fit,load; |
| 966 | fit,entry; |
| 967 | fit,data; |
| 968 | |
| 969 | atf-bl31 { |
| 970 | }; |
Jonas Karlman | d2c7d90 | 2023-01-21 19:01:48 +0000 | [diff] [blame] | 971 | hash { |
| 972 | algo = "sha256"; |
| 973 | }; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 974 | }; |
| 975 | |
| 976 | @tee-SEQ { |
| 977 | fit,operation = "split-elf"; |
| 978 | description = "TEE"; |
| 979 | type = "tee"; |
| 980 | arch = "arm64"; |
| 981 | os = "tee"; |
| 982 | compression = "none"; |
| 983 | fit,load; |
| 984 | fit,entry; |
| 985 | fit,data; |
| 986 | |
| 987 | tee-os { |
| 988 | }; |
Jonas Karlman | d2c7d90 | 2023-01-21 19:01:48 +0000 | [diff] [blame] | 989 | hash { |
| 990 | algo = "sha256"; |
| 991 | }; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 992 | }; |
| 993 | }; |
| 994 | |
| 995 | configurations { |
| 996 | default = "@config-DEFAULT-SEQ"; |
| 997 | @config-SEQ { |
| 998 | description = "conf-NAME.dtb"; |
| 999 | fdt = "fdt-SEQ"; |
Jonas Karlman | 490f73c | 2023-01-21 19:02:12 +0000 | [diff] [blame] | 1000 | fit,firmware = "atf-1", "u-boot"; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1001 | fit,loadables; |
| 1002 | }; |
| 1003 | }; |
| 1004 | }; |
| 1005 | |
| 1006 | If ATF-BL31 is available, this generates a node for each segment in the |
| 1007 | ELF file, for example:: |
| 1008 | |
| 1009 | images { |
| 1010 | atf-1 { |
| 1011 | data = <...contents of first segment...>; |
| 1012 | data-offset = <0x00000000>; |
| 1013 | entry = <0x00040000>; |
| 1014 | load = <0x00040000>; |
| 1015 | compression = "none"; |
| 1016 | os = "arm-trusted-firmware"; |
| 1017 | arch = "arm64"; |
| 1018 | type = "firmware"; |
| 1019 | description = "ARM Trusted Firmware"; |
Jonas Karlman | d2c7d90 | 2023-01-21 19:01:48 +0000 | [diff] [blame] | 1020 | hash { |
| 1021 | algo = "sha256"; |
| 1022 | value = <...hash of first segment...>; |
| 1023 | }; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1024 | }; |
| 1025 | atf-2 { |
| 1026 | data = <...contents of second segment...>; |
| 1027 | load = <0xff3b0000>; |
| 1028 | compression = "none"; |
| 1029 | os = "arm-trusted-firmware"; |
| 1030 | arch = "arm64"; |
| 1031 | type = "firmware"; |
| 1032 | description = "ARM Trusted Firmware"; |
Jonas Karlman | d2c7d90 | 2023-01-21 19:01:48 +0000 | [diff] [blame] | 1033 | hash { |
| 1034 | algo = "sha256"; |
| 1035 | value = <...hash of second segment...>; |
| 1036 | }; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1037 | }; |
| 1038 | }; |
| 1039 | |
| 1040 | The same applies for OP-TEE if that is available. |
| 1041 | |
| 1042 | If each binary is not available, the relevant template node (@atf-SEQ or |
| 1043 | @tee-SEQ) is removed from the output. |
| 1044 | |
| 1045 | This also generates a `config-xxx` node for each device tree in `of-list`. |
| 1046 | Note that the U-Boot build system uses `-a of-list=$(CONFIG_OF_LIST)` |
| 1047 | so you can use `CONFIG_OF_LIST` to define that list. In this example it is |
| 1048 | set up for `firefly-rk3399` with a single device tree and the default set |
| 1049 | with `-a default-dt=$(CONFIG_DEFAULT_DEVICE_TREE)`, so the resulting output |
| 1050 | is:: |
| 1051 | |
| 1052 | configurations { |
| 1053 | default = "config-1"; |
| 1054 | config-1 { |
Jonas Karlman | 490f73c | 2023-01-21 19:02:12 +0000 | [diff] [blame] | 1055 | loadables = "u-boot", "atf-2", "atf-3", "tee-1", "tee-2"; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1056 | description = "rk3399-firefly.dtb"; |
| 1057 | fdt = "fdt-1"; |
Jonas Karlman | 490f73c | 2023-01-21 19:02:12 +0000 | [diff] [blame] | 1058 | firmware = "atf-1"; |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1059 | }; |
| 1060 | }; |
| 1061 | |
Jonas Karlman | 490f73c | 2023-01-21 19:02:12 +0000 | [diff] [blame] | 1062 | U-Boot SPL can then load the firmware (ATF) and all the loadables (U-Boot |
| 1063 | proper, ATF and TEE), then proceed with the boot. |
Simon Glass | 5f42342 | 2022-03-05 20:19:12 -0700 | [diff] [blame] | 1064 | |
Simon Glass | 45d556d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 1065 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1066 | |
| 1067 | .. _etype_fmap: |
Simon Glass | 45d556d | 2020-07-09 18:39:45 -0600 | [diff] [blame] | 1068 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1069 | Entry: fmap: An entry which contains an Fmap section |
| 1070 | ---------------------------------------------------- |
| 1071 | |
| 1072 | Properties / Entry arguments: |
| 1073 | None |
| 1074 | |
| 1075 | FMAP is a simple format used by flashrom, an open-source utility for |
| 1076 | reading and writing the SPI flash, typically on x86 CPUs. The format |
| 1077 | provides flashrom with a list of areas, so it knows what it in the flash. |
| 1078 | It can then read or write just a single area, instead of the whole flash. |
| 1079 | |
| 1080 | The format is defined by the flashrom project, in the file lib/fmap.h - |
| 1081 | see www.flashrom.org/Flashrom for more information. |
| 1082 | |
| 1083 | When used, this entry will be populated with an FMAP which reflects the |
| 1084 | entries in the current image. Note that any hierarchy is squashed, since |
Simon Glass | b1d414c | 2021-04-03 11:05:10 +1300 | [diff] [blame] | 1085 | FMAP does not support this. Sections are represented as an area appearing |
| 1086 | before its contents, so that it is possible to reconstruct the hierarchy |
| 1087 | from the FMAP by using the offset information. This convention does not |
| 1088 | seem to be documented, but is used in Chromium OS. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1089 | |
Simon Glass | cda991e | 2023-02-12 17:11:15 -0700 | [diff] [blame] | 1090 | To mark an area as preserved, use the normal 'preserved' flag in the entry. |
| 1091 | This will result in the corresponding FMAP area having the |
| 1092 | FMAP_AREA_PRESERVE flag. This flag does not automatically propagate down to |
| 1093 | child entries. |
| 1094 | |
Simon Glass | b1d414c | 2021-04-03 11:05:10 +1300 | [diff] [blame] | 1095 | CBFS entries appear as a single entry, i.e. the sub-entries are ignored. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1096 | |
| 1097 | |
Simon Glass | b1d414c | 2021-04-03 11:05:10 +1300 | [diff] [blame] | 1098 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1099 | .. _etype_gbb: |
| 1100 | |
Simon Glass | c1ae83c | 2018-07-17 13:25:44 -0600 | [diff] [blame] | 1101 | Entry: gbb: An entry which contains a Chromium OS Google Binary Block |
| 1102 | --------------------------------------------------------------------- |
| 1103 | |
| 1104 | Properties / Entry arguments: |
| 1105 | - hardware-id: Hardware ID to use for this build (a string) |
| 1106 | - keydir: Directory containing the public keys to use |
| 1107 | - bmpblk: Filename containing images used by recovery |
| 1108 | |
| 1109 | Chromium OS uses a GBB to store various pieces of information, in particular |
| 1110 | the root and recovery keys that are used to verify the boot process. Some |
| 1111 | more details are here: |
| 1112 | |
| 1113 | https://www.chromium.org/chromium-os/firmware-porting-guide/2-concepts |
| 1114 | |
| 1115 | but note that the page dates from 2013 so is quite out of date. See |
| 1116 | README.chromium for how to obtain the required keys and tools. |
| 1117 | |
| 1118 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1119 | |
| 1120 | .. _etype_image_header: |
Simon Glass | c1ae83c | 2018-07-17 13:25:44 -0600 | [diff] [blame] | 1121 | |
Simon Glass | cec34ba | 2019-07-08 14:25:28 -0600 | [diff] [blame] | 1122 | Entry: image-header: An entry which contains a pointer to the FDT map |
| 1123 | --------------------------------------------------------------------- |
| 1124 | |
| 1125 | Properties / Entry arguments: |
| 1126 | location: Location of header ("start" or "end" of image). This is |
| 1127 | optional. If omitted then the entry must have an offset property. |
| 1128 | |
| 1129 | This adds an 8-byte entry to the start or end of the image, pointing to the |
| 1130 | location of the FDT map. The format is a magic number followed by an offset |
| 1131 | from the start or end of the image, in twos-compliment format. |
| 1132 | |
| 1133 | This entry must be in the top-level part of the image. |
| 1134 | |
| 1135 | NOTE: If the location is at the start/end, you will probably need to specify |
| 1136 | sort-by-offset for the image, unless you actually put the image header |
| 1137 | first/last in the entry list. |
| 1138 | |
| 1139 | |
| 1140 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1141 | .. _etype_intel_cmc: |
| 1142 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1143 | Entry: intel-cmc: Intel Chipset Micro Code (CMC) file |
| 1144 | ----------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1145 | |
| 1146 | Properties / Entry arguments: |
| 1147 | - filename: Filename of file to read into entry |
| 1148 | |
| 1149 | This file contains microcode for some devices in a special format. An |
| 1150 | example filename is 'Microcode/C0_22211.BIN'. |
| 1151 | |
| 1152 | See README.x86 for information about x86 binary blobs. |
| 1153 | |
| 1154 | |
| 1155 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1156 | .. _etype_intel_descriptor: |
| 1157 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1158 | Entry: intel-descriptor: Intel flash descriptor block (4KB) |
| 1159 | ----------------------------------------------------------- |
| 1160 | |
| 1161 | Properties / Entry arguments: |
| 1162 | filename: Filename of file containing the descriptor. This is typically |
| 1163 | a 4KB binary file, sometimes called 'descriptor.bin' |
| 1164 | |
| 1165 | This entry is placed at the start of flash and provides information about |
| 1166 | the SPI flash regions. In particular it provides the base address and |
| 1167 | size of the ME (Management Engine) region, allowing us to place the ME |
| 1168 | binary in the right place. |
| 1169 | |
| 1170 | With this entry in your image, the position of the 'intel-me' entry will be |
| 1171 | fixed in the image, which avoids you needed to specify an offset for that |
| 1172 | region. This is useful, because it is not possible to change the position |
| 1173 | of the ME region without updating the descriptor. |
| 1174 | |
| 1175 | See README.x86 for information about x86 binary blobs. |
| 1176 | |
| 1177 | |
| 1178 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1179 | .. _etype_intel_fit: |
| 1180 | |
Simon Glass | 232f90c | 2019-08-24 07:22:50 -0600 | [diff] [blame] | 1181 | Entry: intel-fit: Intel Firmware Image Table (FIT) |
| 1182 | -------------------------------------------------- |
| 1183 | |
| 1184 | This entry contains a dummy FIT as required by recent Intel CPUs. The FIT |
| 1185 | contains information about the firmware and microcode available in the |
| 1186 | image. |
| 1187 | |
| 1188 | At present binman only supports a basic FIT with no microcode. |
| 1189 | |
| 1190 | |
| 1191 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1192 | .. _etype_intel_fit_ptr: |
| 1193 | |
Simon Glass | 232f90c | 2019-08-24 07:22:50 -0600 | [diff] [blame] | 1194 | Entry: intel-fit-ptr: Intel Firmware Image Table (FIT) pointer |
| 1195 | -------------------------------------------------------------- |
| 1196 | |
| 1197 | This entry contains a pointer to the FIT. It is required to be at address |
| 1198 | 0xffffffc0 in the image. |
| 1199 | |
| 1200 | |
| 1201 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1202 | .. _etype_intel_fsp: |
| 1203 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1204 | Entry: intel-fsp: Intel Firmware Support Package (FSP) file |
| 1205 | ----------------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1206 | |
| 1207 | Properties / Entry arguments: |
| 1208 | - filename: Filename of file to read into entry |
| 1209 | |
| 1210 | This file contains binary blobs which are used on some devices to make the |
| 1211 | platform work. U-Boot executes this code since it is not possible to set up |
| 1212 | the hardware using U-Boot open-source code. Documentation is typically not |
| 1213 | available in sufficient detail to allow this. |
| 1214 | |
| 1215 | An example filename is 'FSP/QUEENSBAY_FSP_GOLD_001_20-DECEMBER-2013.fd' |
| 1216 | |
| 1217 | See README.x86 for information about x86 binary blobs. |
| 1218 | |
| 1219 | |
| 1220 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1221 | .. _etype_intel_fsp_m: |
| 1222 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1223 | Entry: intel-fsp-m: Intel Firmware Support Package (FSP) memory init |
| 1224 | -------------------------------------------------------------------- |
Simon Glass | ba7985d | 2019-08-24 07:23:07 -0600 | [diff] [blame] | 1225 | |
| 1226 | Properties / Entry arguments: |
| 1227 | - filename: Filename of file to read into entry |
| 1228 | |
| 1229 | This file contains a binary blob which is used on some devices to set up |
| 1230 | SDRAM. U-Boot executes this code in SPL so that it can make full use of |
| 1231 | memory. Documentation is typically not available in sufficient detail to |
| 1232 | allow U-Boot do this this itself.. |
| 1233 | |
| 1234 | An example filename is 'fsp_m.bin' |
| 1235 | |
| 1236 | See README.x86 for information about x86 binary blobs. |
| 1237 | |
| 1238 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1239 | |
| 1240 | .. _etype_intel_fsp_s: |
Simon Glass | ba7985d | 2019-08-24 07:23:07 -0600 | [diff] [blame] | 1241 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1242 | Entry: intel-fsp-s: Intel Firmware Support Package (FSP) silicon init |
| 1243 | --------------------------------------------------------------------- |
Simon Glass | 4d9086d | 2019-10-20 21:31:35 -0600 | [diff] [blame] | 1244 | |
| 1245 | Properties / Entry arguments: |
| 1246 | - filename: Filename of file to read into entry |
| 1247 | |
| 1248 | This file contains a binary blob which is used on some devices to set up |
| 1249 | the silicon. U-Boot executes this code in U-Boot proper after SDRAM is |
| 1250 | running, so that it can make full use of memory. Documentation is typically |
| 1251 | not available in sufficient detail to allow U-Boot do this this itself. |
| 1252 | |
| 1253 | An example filename is 'fsp_s.bin' |
| 1254 | |
| 1255 | See README.x86 for information about x86 binary blobs. |
| 1256 | |
| 1257 | |
| 1258 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1259 | .. _etype_intel_fsp_t: |
| 1260 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1261 | Entry: intel-fsp-t: Intel Firmware Support Package (FSP) temp ram init |
| 1262 | ---------------------------------------------------------------------- |
Simon Glass | 9ea87b2 | 2019-10-20 21:31:36 -0600 | [diff] [blame] | 1263 | |
| 1264 | Properties / Entry arguments: |
| 1265 | - filename: Filename of file to read into entry |
| 1266 | |
| 1267 | This file contains a binary blob which is used on some devices to set up |
| 1268 | temporary memory (Cache-as-RAM or CAR). U-Boot executes this code in TPL so |
| 1269 | that it has access to memory for its stack and initial storage. |
| 1270 | |
| 1271 | An example filename is 'fsp_t.bin' |
| 1272 | |
| 1273 | See README.x86 for information about x86 binary blobs. |
| 1274 | |
| 1275 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1276 | |
| 1277 | .. _etype_intel_ifwi: |
Simon Glass | 9ea87b2 | 2019-10-20 21:31:36 -0600 | [diff] [blame] | 1278 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1279 | Entry: intel-ifwi: Intel Integrated Firmware Image (IFWI) file |
| 1280 | -------------------------------------------------------------- |
Simon Glass | c2f1aed | 2019-07-08 13:18:56 -0600 | [diff] [blame] | 1281 | |
| 1282 | Properties / Entry arguments: |
| 1283 | - filename: Filename of file to read into entry. This is either the |
| 1284 | IFWI file itself, or a file that can be converted into one using a |
| 1285 | tool |
| 1286 | - convert-fit: If present this indicates that the ifwitool should be |
| 1287 | used to convert the provided file into a IFWI. |
| 1288 | |
| 1289 | This file contains code and data used by the SoC that is required to make |
| 1290 | it work. It includes U-Boot TPL, microcode, things related to the CSE |
| 1291 | (Converged Security Engine, the microcontroller that loads all the firmware) |
| 1292 | and other items beyond the wit of man. |
| 1293 | |
| 1294 | A typical filename is 'ifwi.bin' for an IFWI file, or 'fitimage.bin' for a |
| 1295 | file that will be converted to an IFWI. |
| 1296 | |
| 1297 | The position of this entry is generally set by the intel-descriptor entry. |
| 1298 | |
| 1299 | The contents of the IFWI are specified by the subnodes of the IFWI node. |
| 1300 | Each subnode describes an entry which is placed into the IFWFI with a given |
| 1301 | sub-partition (and optional entry name). |
| 1302 | |
Simon Glass | 8a5e249 | 2019-08-24 07:22:47 -0600 | [diff] [blame] | 1303 | Properties for subnodes: |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1304 | - ifwi-subpart: sub-parition to put this entry into, e.g. "IBBP" |
| 1305 | - ifwi-entry: entry name t use, e.g. "IBBL" |
| 1306 | - ifwi-replace: if present, indicates that the item should be replaced |
| 1307 | in the IFWI. Otherwise it is added. |
Simon Glass | 8a5e249 | 2019-08-24 07:22:47 -0600 | [diff] [blame] | 1308 | |
Simon Glass | c2f1aed | 2019-07-08 13:18:56 -0600 | [diff] [blame] | 1309 | See README.x86 for information about x86 binary blobs. |
| 1310 | |
| 1311 | |
| 1312 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1313 | .. _etype_intel_me: |
| 1314 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1315 | Entry: intel-me: Intel Management Engine (ME) file |
| 1316 | -------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1317 | |
| 1318 | Properties / Entry arguments: |
| 1319 | - filename: Filename of file to read into entry |
| 1320 | |
| 1321 | This file contains code used by the SoC that is required to make it work. |
| 1322 | The Management Engine is like a background task that runs things that are |
Thomas Hebb | fd37f24 | 2019-11-13 18:18:03 -0800 | [diff] [blame] | 1323 | not clearly documented, but may include keyboard, display and network |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1324 | access. For platform that use ME it is not possible to disable it. U-Boot |
| 1325 | does not directly execute code in the ME binary. |
| 1326 | |
| 1327 | A typical filename is 'me.bin'. |
| 1328 | |
Simon Glass | c4056b8 | 2019-07-08 13:18:38 -0600 | [diff] [blame] | 1329 | The position of this entry is generally set by the intel-descriptor entry. |
| 1330 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1331 | See README.x86 for information about x86 binary blobs. |
| 1332 | |
| 1333 | |
| 1334 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1335 | .. _etype_intel_mrc: |
| 1336 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1337 | Entry: intel-mrc: Intel Memory Reference Code (MRC) file |
| 1338 | -------------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1339 | |
| 1340 | Properties / Entry arguments: |
| 1341 | - filename: Filename of file to read into entry |
| 1342 | |
| 1343 | This file contains code for setting up the SDRAM on some Intel systems. This |
| 1344 | is executed by U-Boot when needed early during startup. A typical filename |
| 1345 | is 'mrc.bin'. |
| 1346 | |
| 1347 | See README.x86 for information about x86 binary blobs. |
| 1348 | |
| 1349 | |
| 1350 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1351 | .. _etype_intel_refcode: |
| 1352 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1353 | Entry: intel-refcode: Intel Reference Code file |
| 1354 | ----------------------------------------------- |
Simon Glass | 17b84eb | 2019-05-17 22:00:53 -0600 | [diff] [blame] | 1355 | |
| 1356 | Properties / Entry arguments: |
| 1357 | - filename: Filename of file to read into entry |
| 1358 | |
| 1359 | This file contains code for setting up the platform on some Intel systems. |
| 1360 | This is executed by U-Boot when needed early during startup. A typical |
| 1361 | filename is 'refcode.bin'. |
| 1362 | |
| 1363 | See README.x86 for information about x86 binary blobs. |
| 1364 | |
| 1365 | |
| 1366 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1367 | .. _etype_intel_vbt: |
| 1368 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1369 | Entry: intel-vbt: Intel Video BIOS Table (VBT) file |
| 1370 | --------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1371 | |
| 1372 | Properties / Entry arguments: |
| 1373 | - filename: Filename of file to read into entry |
| 1374 | |
| 1375 | This file contains code that sets up the integrated graphics subsystem on |
| 1376 | some Intel SoCs. U-Boot executes this when the display is started up. |
| 1377 | |
| 1378 | See README.x86 for information about Intel binary blobs. |
| 1379 | |
| 1380 | |
| 1381 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1382 | .. _etype_intel_vga: |
| 1383 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1384 | Entry: intel-vga: Intel Video Graphics Adaptor (VGA) file |
| 1385 | --------------------------------------------------------- |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1386 | |
| 1387 | Properties / Entry arguments: |
| 1388 | - filename: Filename of file to read into entry |
| 1389 | |
| 1390 | This file contains code that sets up the integrated graphics subsystem on |
| 1391 | some Intel SoCs. U-Boot executes this when the display is started up. |
| 1392 | |
| 1393 | This is similar to the VBT file but in a different format. |
| 1394 | |
| 1395 | See README.x86 for information about Intel binary blobs. |
| 1396 | |
| 1397 | |
| 1398 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1399 | .. _etype_mkimage: |
| 1400 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1401 | Entry: mkimage: Binary produced by mkimage |
| 1402 | ------------------------------------------ |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1403 | |
| 1404 | Properties / Entry arguments: |
Simon Glass | 42074dc | 2022-08-13 11:40:47 -0600 | [diff] [blame] | 1405 | - args: Arguments to pass |
Simon Glass | 8fbca77 | 2022-08-13 11:40:48 -0600 | [diff] [blame] | 1406 | - data-to-imagename: Indicates that the -d data should be passed in as |
| 1407 | the image name also (-n) |
Quentin Schulz | 9b5c648 | 2022-09-02 15:10:48 +0200 | [diff] [blame] | 1408 | - multiple-data-files: boolean to tell binman to pass all files as |
| 1409 | datafiles to mkimage instead of creating a temporary file the result |
| 1410 | of datafiles concatenation |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1411 | - filename: filename of output binary generated by mkimage |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1412 | |
Simon Glass | 42074dc | 2022-08-13 11:40:47 -0600 | [diff] [blame] | 1413 | The data passed to mkimage via the -d flag is collected from subnodes of the |
| 1414 | mkimage node, e.g.:: |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1415 | |
| 1416 | mkimage { |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1417 | filename = "imximage.bin"; |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1418 | args = "-n test -T imximage"; |
| 1419 | |
| 1420 | u-boot-spl { |
| 1421 | }; |
| 1422 | }; |
| 1423 | |
Simon Glass | 42074dc | 2022-08-13 11:40:47 -0600 | [diff] [blame] | 1424 | This calls mkimage to create an imximage with `u-boot-spl.bin` as the data |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1425 | file, with mkimage being called like this:: |
Simon Glass | 42074dc | 2022-08-13 11:40:47 -0600 | [diff] [blame] | 1426 | |
| 1427 | mkimage -d <data_file> -n test -T imximage <output_file> |
| 1428 | |
| 1429 | The output from mkimage then becomes part of the image produced by |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1430 | binman but also is written into `imximage.bin` file. If you need to put |
| 1431 | multiple things in the data file, you can use a section, or just multiple |
| 1432 | subnodes like this:: |
Simon Glass | 42074dc | 2022-08-13 11:40:47 -0600 | [diff] [blame] | 1433 | |
| 1434 | mkimage { |
| 1435 | args = "-n test -T imximage"; |
| 1436 | |
| 1437 | u-boot-spl { |
| 1438 | }; |
| 1439 | |
| 1440 | u-boot-tpl { |
| 1441 | }; |
| 1442 | }; |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1443 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1444 | Note that binman places the contents (here SPL and TPL) into a single file |
| 1445 | and passes that to mkimage using the -d option. |
| 1446 | |
Quentin Schulz | 9b5c648 | 2022-09-02 15:10:48 +0200 | [diff] [blame] | 1447 | To pass all datafiles untouched to mkimage:: |
| 1448 | |
| 1449 | mkimage { |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1450 | args = "-n rk3399 -T rkspi"; |
| 1451 | multiple-data-files; |
Quentin Schulz | 9b5c648 | 2022-09-02 15:10:48 +0200 | [diff] [blame] | 1452 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1453 | u-boot-tpl { |
| 1454 | }; |
Quentin Schulz | 9b5c648 | 2022-09-02 15:10:48 +0200 | [diff] [blame] | 1455 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1456 | u-boot-spl { |
| 1457 | }; |
Quentin Schulz | 9b5c648 | 2022-09-02 15:10:48 +0200 | [diff] [blame] | 1458 | }; |
| 1459 | |
| 1460 | This calls mkimage to create a Rockchip RK3399-specific first stage |
| 1461 | bootloader, made of TPL+SPL. Since this first stage bootloader requires to |
| 1462 | align the TPL and SPL but also some weird hacks that is handled by mkimage |
| 1463 | directly, binman is told to not perform the concatenation of datafiles prior |
| 1464 | to passing the data to mkimage. |
| 1465 | |
Simon Glass | 948dd3a | 2022-02-08 11:49:58 -0700 | [diff] [blame] | 1466 | To use CONFIG options in the arguments, use a string list instead, as in |
| 1467 | this example which also produces four arguments:: |
| 1468 | |
| 1469 | mkimage { |
| 1470 | args = "-n", CONFIG_SYS_SOC, "-T imximage"; |
| 1471 | |
| 1472 | u-boot-spl { |
| 1473 | }; |
| 1474 | }; |
| 1475 | |
Simon Glass | 8fbca77 | 2022-08-13 11:40:48 -0600 | [diff] [blame] | 1476 | If you need to pass the input data in with the -n argument as well, then use |
| 1477 | the 'data-to-imagename' property:: |
| 1478 | |
| 1479 | mkimage { |
| 1480 | args = "-T imximage"; |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1481 | data-to-imagename; |
Simon Glass | 8fbca77 | 2022-08-13 11:40:48 -0600 | [diff] [blame] | 1482 | |
| 1483 | u-boot-spl { |
| 1484 | }; |
| 1485 | }; |
| 1486 | |
| 1487 | That will pass the data to mkimage both as the data file (with -d) and as |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1488 | the image name (with -n). In both cases, a filename is passed as the |
| 1489 | argument, with the actual data being in that file. |
Simon Glass | 948dd3a | 2022-02-08 11:49:58 -0700 | [diff] [blame] | 1490 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1491 | If need to pass different data in with -n, then use an `imagename` subnode:: |
Simon Glass | b166975 | 2022-08-13 11:40:49 -0600 | [diff] [blame] | 1492 | |
| 1493 | mkimage { |
| 1494 | args = "-T imximage"; |
| 1495 | |
| 1496 | imagename { |
| 1497 | blob { |
| 1498 | filename = "spl/u-boot-spl.cfgout" |
| 1499 | }; |
| 1500 | }; |
| 1501 | |
| 1502 | u-boot-spl { |
| 1503 | }; |
| 1504 | }; |
| 1505 | |
| 1506 | This will pass in u-boot-spl as the input data and the .cfgout file as the |
| 1507 | -n data. |
| 1508 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1509 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1510 | |
Simon Glass | a4948b2 | 2023-01-11 16:10:14 -0700 | [diff] [blame] | 1511 | .. _etype_null: |
| 1512 | |
| 1513 | Entry: null: An entry which has no contents of its own |
| 1514 | ------------------------------------------------------ |
| 1515 | |
| 1516 | Note that the size property must be set since otherwise this entry does not |
| 1517 | know how large it should be. |
| 1518 | |
| 1519 | The contents are set by the containing section, e.g. the section's pad |
| 1520 | byte. |
| 1521 | |
| 1522 | |
| 1523 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1524 | .. _etype_opensbi: |
Simon Glass | 48f3aad | 2020-07-09 18:39:31 -0600 | [diff] [blame] | 1525 | |
Bin Meng | c0b1574 | 2021-05-10 20:23:33 +0800 | [diff] [blame] | 1526 | Entry: opensbi: RISC-V OpenSBI fw_dynamic blob |
| 1527 | ---------------------------------------------- |
| 1528 | |
| 1529 | Properties / Entry arguments: |
| 1530 | - opensbi-path: Filename of file to read into entry. This is typically |
| 1531 | called fw_dynamic.bin |
| 1532 | |
| 1533 | This entry holds the run-time firmware, typically started by U-Boot SPL. |
| 1534 | See the U-Boot README for your architecture or board for how to use it. See |
| 1535 | https://github.com/riscv/opensbi for more information about OpenSBI. |
| 1536 | |
| 1537 | |
| 1538 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1539 | .. _etype_powerpc_mpc85xx_bootpg_resetvec: |
| 1540 | |
Jagdish Gediya | 311d484 | 2018-09-03 21:35:08 +0530 | [diff] [blame] | 1541 | Entry: powerpc-mpc85xx-bootpg-resetvec: PowerPC mpc85xx bootpg + resetvec code for U-Boot |
| 1542 | ----------------------------------------------------------------------------------------- |
| 1543 | |
| 1544 | Properties / Entry arguments: |
| 1545 | - filename: Filename of u-boot-br.bin (default 'u-boot-br.bin') |
| 1546 | |
Thomas Hebb | fd37f24 | 2019-11-13 18:18:03 -0800 | [diff] [blame] | 1547 | This entry is valid for PowerPC mpc85xx cpus. This entry holds |
Jagdish Gediya | 311d484 | 2018-09-03 21:35:08 +0530 | [diff] [blame] | 1548 | 'bootpg + resetvec' code for PowerPC mpc85xx CPUs which needs to be |
| 1549 | placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'. |
| 1550 | |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 1551 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1552 | |
| 1553 | .. _etype_pre_load: |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 1554 | |
Philippe Reynes | ebe96cb | 2022-03-28 22:57:04 +0200 | [diff] [blame] | 1555 | Entry: pre-load: Pre load image header |
| 1556 | -------------------------------------- |
| 1557 | |
| 1558 | Properties / Entry arguments: |
Simon Glass | 9f57158 | 2022-08-13 11:40:43 -0600 | [diff] [blame] | 1559 | - pre-load-key-path: Path of the directory that store key (provided by |
| 1560 | the environment variable PRE_LOAD_KEY_PATH) |
Philippe Reynes | ebe96cb | 2022-03-28 22:57:04 +0200 | [diff] [blame] | 1561 | - content: List of phandles to entries to sign |
| 1562 | - algo-name: Hash and signature algo to use for the signature |
| 1563 | - padding-name: Name of the padding (pkcs-1.5 or pss) |
| 1564 | - key-name: Filename of the private key to sign |
| 1565 | - header-size: Total size of the header |
| 1566 | - version: Version of the header |
| 1567 | |
| 1568 | This entry creates a pre-load header that contains a global |
| 1569 | image signature. |
| 1570 | |
| 1571 | For example, this creates an image with a pre-load header and a binary:: |
| 1572 | |
| 1573 | binman { |
| 1574 | image2 { |
| 1575 | filename = "sandbox.bin"; |
| 1576 | |
| 1577 | pre-load { |
| 1578 | content = <&image>; |
| 1579 | algo-name = "sha256,rsa2048"; |
| 1580 | padding-name = "pss"; |
| 1581 | key-name = "private.pem"; |
| 1582 | header-size = <4096>; |
| 1583 | version = <1>; |
| 1584 | }; |
| 1585 | |
| 1586 | image: blob-ext { |
| 1587 | filename = "sandbox.itb"; |
| 1588 | }; |
| 1589 | }; |
| 1590 | }; |
| 1591 | |
| 1592 | |
| 1593 | |
Jonas Karlman | 3530549 | 2023-02-25 19:01:33 +0000 | [diff] [blame] | 1594 | .. _etype_rockchip_tpl: |
| 1595 | |
| 1596 | Entry: rockchip-tpl: Rockchip TPL binary |
| 1597 | ---------------------------------------- |
| 1598 | |
| 1599 | Properties / Entry arguments: |
| 1600 | - rockchip-tpl-path: Filename of file to read into the entry, |
| 1601 | typically <soc>_ddr_<version>.bin |
| 1602 | |
| 1603 | This entry holds an external TPL binary used by some Rockchip SoCs |
| 1604 | instead of normal U-Boot TPL, typically to initialize DRAM. |
| 1605 | |
| 1606 | |
| 1607 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1608 | .. _etype_scp: |
| 1609 | |
Simon Glass | 8911fa1 | 2021-03-18 20:25:16 +1300 | [diff] [blame] | 1610 | Entry: scp: System Control Processor (SCP) firmware blob |
| 1611 | -------------------------------------------------------- |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 1612 | |
| 1613 | Properties / Entry arguments: |
| 1614 | - scp-path: Filename of file to read into the entry, typically scp.bin |
| 1615 | |
| 1616 | This entry holds firmware for an external platform-specific coprocessor. |
Jagdish Gediya | 311d484 | 2018-09-03 21:35:08 +0530 | [diff] [blame] | 1617 | |
| 1618 | |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 1619 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1620 | .. _etype_section: |
| 1621 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1622 | Entry: section: Entry that contains other entries |
| 1623 | ------------------------------------------------- |
| 1624 | |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1625 | A section is an entry which can contain other entries, thus allowing |
| 1626 | hierarchical images to be created. See 'Sections and hierarchical images' |
| 1627 | in the binman README for more information. |
| 1628 | |
| 1629 | The base implementation simply joins the various entries together, using |
| 1630 | various rules about alignment, etc. |
| 1631 | |
| 1632 | Subclassing |
| 1633 | ~~~~~~~~~~~ |
| 1634 | |
| 1635 | This class can be subclassed to support other file formats which hold |
| 1636 | multiple entries, such as CBFS. To do this, override the following |
| 1637 | functions. The documentation here describes what your function should do. |
| 1638 | For example code, see etypes which subclass `Entry_section`, or `cbfs.py` |
| 1639 | for a more involved example:: |
| 1640 | |
| 1641 | $ grep -l \(Entry_section tools/binman/etype/*.py |
| 1642 | |
| 1643 | ReadNode() |
| 1644 | Call `super().ReadNode()`, then read any special properties for the |
| 1645 | section. Then call `self.ReadEntries()` to read the entries. |
| 1646 | |
| 1647 | Binman calls this at the start when reading the image description. |
| 1648 | |
| 1649 | ReadEntries() |
| 1650 | Read in the subnodes of the section. This may involve creating entries |
| 1651 | of a particular etype automatically, as well as reading any special |
| 1652 | properties in the entries. For each entry, entry.ReadNode() should be |
| 1653 | called, to read the basic entry properties. The properties should be |
| 1654 | added to `self._entries[]`, in the correct order, with a suitable name. |
| 1655 | |
| 1656 | Binman calls this at the start when reading the image description. |
| 1657 | |
| 1658 | BuildSectionData(required) |
| 1659 | Create the custom file format that you want and return it as bytes. |
| 1660 | This likely sets up a file header, then loops through the entries, |
| 1661 | adding them to the file. For each entry, call `entry.GetData()` to |
| 1662 | obtain the data. If that returns None, and `required` is False, then |
| 1663 | this method must give up and return None. But if `required` is True then |
| 1664 | it should assume that all data is valid. |
| 1665 | |
| 1666 | Binman calls this when packing the image, to find out the size of |
| 1667 | everything. It is called again at the end when building the final image. |
| 1668 | |
| 1669 | SetImagePos(image_pos): |
| 1670 | Call `super().SetImagePos(image_pos)`, then set the `image_pos` values |
| 1671 | for each of the entries. This should use the custom file format to find |
| 1672 | the `start offset` (and `image_pos`) of each entry. If the file format |
| 1673 | uses compression in such a way that there is no offset available (other |
| 1674 | than reading the whole file and decompressing it), then the offsets for |
| 1675 | affected entries can remain unset (`None`). The size should also be set |
| 1676 | if possible. |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1677 | |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1678 | Binman calls this after the image has been packed, to update the |
| 1679 | location that all the entries ended up at. |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1680 | |
Simon Glass | 637958f | 2021-11-23 21:09:50 -0700 | [diff] [blame] | 1681 | ReadChildData(child, decomp, alt_format): |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1682 | The default version of this may be good enough, if you are able to |
| 1683 | implement SetImagePos() correctly. But that is a bit of a bypass, so |
| 1684 | you can override this method to read from your custom file format. It |
| 1685 | should read the entire entry containing the custom file using |
| 1686 | `super().ReadData(True)`, then parse the file to get the data for the |
| 1687 | given child, then return that data. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1688 | |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1689 | If your file format supports compression, the `decomp` argument tells |
| 1690 | you whether to return the compressed data (`decomp` is False) or to |
| 1691 | uncompress it first, then return the uncompressed data (`decomp` is |
| 1692 | True). This is used by the `binman extract -U` option. |
Simon Glass | 21db0ff | 2020-09-01 05:13:54 -0600 | [diff] [blame] | 1693 | |
Simon Glass | 637958f | 2021-11-23 21:09:50 -0700 | [diff] [blame] | 1694 | If your entry supports alternative formats, the alt_format provides the |
| 1695 | alternative format that the user has selected. Your function should |
| 1696 | return data in that format. This is used by the 'binman extract -l' |
| 1697 | option. |
| 1698 | |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1699 | Binman calls this when reading in an image, in order to populate all the |
| 1700 | entries with the data from that image (`binman ls`). |
| 1701 | |
| 1702 | WriteChildData(child): |
| 1703 | Binman calls this after `child.data` is updated, to inform the custom |
| 1704 | file format about this, in case it needs to do updates. |
| 1705 | |
| 1706 | The default version of this does nothing and probably needs to be |
| 1707 | overridden for the 'binman replace' command to work. Your version should |
| 1708 | use `child.data` to update the data for that child in the custom file |
| 1709 | format. |
| 1710 | |
| 1711 | Binman calls this when updating an image that has been read in and in |
| 1712 | particular to update the data for a particular entry (`binman replace`) |
| 1713 | |
| 1714 | Properties / Entry arguments |
| 1715 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 1716 | |
| 1717 | See :ref:`develop/package/binman:Image description format` for more |
| 1718 | information. |
| 1719 | |
| 1720 | align-default |
| 1721 | Default alignment for this section, if no alignment is given in the |
| 1722 | entry |
| 1723 | |
| 1724 | pad-byte |
| 1725 | Pad byte to use when padding |
| 1726 | |
| 1727 | sort-by-offset |
| 1728 | True if entries should be sorted by offset, False if they must be |
| 1729 | in-order in the device tree description |
| 1730 | |
| 1731 | end-at-4gb |
| 1732 | Used to build an x86 ROM which ends at 4GB (2^32) |
| 1733 | |
| 1734 | name-prefix |
| 1735 | Adds a prefix to the name of every entry in the section when writing out |
| 1736 | the map |
| 1737 | |
| 1738 | skip-at-start |
| 1739 | Number of bytes before the first entry starts. These effectively adjust |
| 1740 | the starting offset of entries. For example, if this is 16, then the |
| 1741 | first entry would start at 16. An entry with offset = 20 would in fact |
| 1742 | be written at offset 4 in the image file, since the first 16 bytes are |
| 1743 | skipped when writing. |
Simon Glass | b1d414c | 2021-04-03 11:05:10 +1300 | [diff] [blame] | 1744 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 1745 | filename |
| 1746 | filename to write the unpadded section contents to within the output |
| 1747 | directory (None to skip this). |
| 1748 | |
Simon Glass | 39dd215 | 2019-07-08 14:25:47 -0600 | [diff] [blame] | 1749 | Since a section is also an entry, it inherits all the properies of entries |
| 1750 | too. |
| 1751 | |
Simon Glass | cc9a41c | 2021-11-23 11:03:49 -0700 | [diff] [blame] | 1752 | Note that the `allow_missing` member controls whether this section permits |
| 1753 | external blobs to be missing their contents. The option will produce an |
| 1754 | image but of course it will not work. It is useful to make sure that |
| 1755 | Continuous Integration systems can build without the binaries being |
| 1756 | available. This is set by the `SetAllowMissing()` method, if |
| 1757 | `--allow-missing` is passed to binman. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1758 | |
| 1759 | |
| 1760 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1761 | .. _etype_tee_os: |
| 1762 | |
Roger Quadros | 5cdcea0 | 2022-02-19 20:50:04 +0200 | [diff] [blame] | 1763 | Entry: tee-os: Entry containing an OP-TEE Trusted OS (TEE) blob |
| 1764 | --------------------------------------------------------------- |
| 1765 | |
| 1766 | Properties / Entry arguments: |
| 1767 | - tee-os-path: Filename of file to read into entry. This is typically |
Simon Glass | ad5cfe1 | 2023-01-07 14:07:14 -0700 | [diff] [blame] | 1768 | called tee.bin or tee.elf |
Roger Quadros | 5cdcea0 | 2022-02-19 20:50:04 +0200 | [diff] [blame] | 1769 | |
| 1770 | This entry holds the run-time firmware, typically started by U-Boot SPL. |
| 1771 | See the U-Boot README for your architecture or board for how to use it. See |
| 1772 | https://github.com/OP-TEE/optee_os for more information about OP-TEE. |
| 1773 | |
Simon Glass | ad5cfe1 | 2023-01-07 14:07:14 -0700 | [diff] [blame] | 1774 | Note that if the file is in ELF format, it must go in a FIT. In that case, |
| 1775 | this entry will mark itself as absent, providing the data only through the |
| 1776 | read_elf_segments() method. |
| 1777 | |
| 1778 | Marking this entry as absent means that it if is used in the wrong context |
| 1779 | it can be automatically dropped. Thus it is possible to add an OP-TEE entry |
| 1780 | like this:: |
| 1781 | |
| 1782 | binman { |
| 1783 | tee-os { |
| 1784 | }; |
| 1785 | }; |
| 1786 | |
| 1787 | and pass either an ELF or plain binary in with -a tee-os-path <filename> |
| 1788 | and have binman do the right thing: |
| 1789 | |
| 1790 | - include the entry if tee.bin is provided and it does NOT have the v1 |
| 1791 | header |
| 1792 | - drop it otherwise |
| 1793 | |
| 1794 | When used within a FIT, we can do:: |
| 1795 | |
| 1796 | binman { |
| 1797 | fit { |
| 1798 | tee-os { |
| 1799 | }; |
| 1800 | }; |
| 1801 | }; |
| 1802 | |
| 1803 | which will split the ELF into separate nodes for each segment, if an ELF |
| 1804 | file is provided (see :ref:`etype_fit`), or produce a single node if the |
| 1805 | OP-TEE binary v1 format is provided (see optee_doc_) . |
| 1806 | |
| 1807 | .. _optee_doc: https://optee.readthedocs.io/en/latest/architecture/core.html#partitioning-of-the-binary |
| 1808 | |
Roger Quadros | 5cdcea0 | 2022-02-19 20:50:04 +0200 | [diff] [blame] | 1809 | |
| 1810 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1811 | .. _etype_text: |
| 1812 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1813 | Entry: text: An entry which contains text |
| 1814 | ----------------------------------------- |
| 1815 | |
| 1816 | The text can be provided either in the node itself or by a command-line |
| 1817 | argument. There is a level of indirection to allow multiple text strings |
| 1818 | and sharing of text. |
| 1819 | |
| 1820 | Properties / Entry arguments: |
| 1821 | text-label: The value of this string indicates the property / entry-arg |
| 1822 | that contains the string to place in the entry |
| 1823 | <xxx> (actual name is the value of text-label): contains the string to |
| 1824 | place in the entry. |
Simon Glass | 47f6a62 | 2019-07-08 13:18:40 -0600 | [diff] [blame] | 1825 | <text>: The text to place in the entry (overrides the above mechanism). |
| 1826 | This is useful when the text is constant. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1827 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1828 | Example node:: |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1829 | |
| 1830 | text { |
| 1831 | size = <50>; |
| 1832 | text-label = "message"; |
| 1833 | }; |
| 1834 | |
| 1835 | You can then use: |
| 1836 | |
| 1837 | binman -amessage="this is my message" |
| 1838 | |
| 1839 | and binman will insert that string into the entry. |
| 1840 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1841 | It is also possible to put the string directly in the node:: |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1842 | |
| 1843 | text { |
| 1844 | size = <8>; |
| 1845 | text-label = "message"; |
| 1846 | message = "a message directly in the node" |
| 1847 | }; |
| 1848 | |
Simon Glass | 0ac96b6 | 2021-03-18 20:25:15 +1300 | [diff] [blame] | 1849 | or just:: |
Simon Glass | 47f6a62 | 2019-07-08 13:18:40 -0600 | [diff] [blame] | 1850 | |
| 1851 | text { |
| 1852 | size = <8>; |
| 1853 | text = "some text directly in the node" |
| 1854 | }; |
| 1855 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1856 | The text is not itself nul-terminated. This can be achieved, if required, |
| 1857 | by setting the size of the entry to something larger than the text. |
| 1858 | |
| 1859 | |
| 1860 | |
Neha Malcom Francis | 3b78894 | 2023-07-22 00:14:24 +0530 | [diff] [blame] | 1861 | .. _etype_ti_board_config: |
| 1862 | |
| 1863 | Entry: ti-board-config: An entry containing a TI schema validated board config binary |
| 1864 | ------------------------------------------------------------------------------------- |
| 1865 | |
| 1866 | This etype supports generation of two kinds of board configuration |
| 1867 | binaries: singular board config binary as well as combined board config |
| 1868 | binary. |
| 1869 | |
| 1870 | Properties / Entry arguments: |
| 1871 | - config-file: File containing board configuration data in YAML |
| 1872 | - schema-file: File containing board configuration YAML schema against |
| 1873 | which the config file is validated |
| 1874 | |
| 1875 | Output files: |
| 1876 | - board config binary: File containing board configuration binary |
| 1877 | |
| 1878 | These above parameters are used only when the generated binary is |
| 1879 | intended to be a single board configuration binary. Example:: |
| 1880 | |
| 1881 | my-ti-board-config { |
| 1882 | ti-board-config { |
| 1883 | config = "board-config.yaml"; |
| 1884 | schema = "schema.yaml"; |
| 1885 | }; |
| 1886 | }; |
| 1887 | |
| 1888 | To generate a combined board configuration binary, we pack the |
| 1889 | needed individual binaries into a ti-board-config binary. In this case, |
| 1890 | the available supported subnode names are board-cfg, pm-cfg, sec-cfg and |
| 1891 | rm-cfg. The final binary is prepended with a header containing details about |
| 1892 | the included board config binaries. Example:: |
| 1893 | |
| 1894 | my-combined-ti-board-config { |
| 1895 | ti-board-config { |
| 1896 | board-cfg { |
| 1897 | config = "board-cfg.yaml"; |
| 1898 | schema = "schema.yaml"; |
| 1899 | }; |
| 1900 | sec-cfg { |
| 1901 | config = "sec-cfg.yaml"; |
| 1902 | schema = "schema.yaml"; |
| 1903 | }; |
| 1904 | } |
| 1905 | } |
| 1906 | |
| 1907 | |
| 1908 | |
Neha Malcom Francis | 59be255 | 2023-12-05 15:12:18 +0530 | [diff] [blame] | 1909 | .. _etype_ti_dm: |
| 1910 | |
| 1911 | Entry: ti-dm: TI Device Manager (DM) blob |
| 1912 | ----------------------------------------- |
| 1913 | |
| 1914 | Properties / Entry arguments: |
| 1915 | - ti-dm-path: Filename of file to read into the entry, typically ti-dm.bin |
| 1916 | |
| 1917 | This entry holds the device manager responsible for resource and power management |
| 1918 | in K3 devices. See https://software-dl.ti.com/tisci/esd/latest/ for more information |
| 1919 | about TI DM. |
| 1920 | |
| 1921 | |
| 1922 | |
Neha Malcom Francis | 5f5f0a6 | 2023-07-22 00:14:25 +0530 | [diff] [blame] | 1923 | .. _etype_ti_secure: |
| 1924 | |
| 1925 | Entry: ti-secure: Entry containing a TI x509 certificate binary |
| 1926 | --------------------------------------------------------------- |
| 1927 | |
| 1928 | Properties / Entry arguments: |
| 1929 | - content: List of phandles to entries to sign |
| 1930 | - keyfile: Filename of file containing key to sign binary with |
| 1931 | - sha: Hash function to be used for signing |
| 1932 | |
| 1933 | Output files: |
| 1934 | - input.<unique_name> - input file passed to openssl |
| 1935 | - config.<unique_name> - input file generated for openssl (which is |
| 1936 | used as the config file) |
| 1937 | - cert.<unique_name> - output file generated by openssl (which is |
| 1938 | used as the entry contents) |
| 1939 | |
| 1940 | openssl signs the provided data, using the TI templated config file and |
| 1941 | writes the signature in this entry. This allows verification that the |
| 1942 | data is genuine. |
| 1943 | |
| 1944 | |
| 1945 | |
| 1946 | .. _etype_ti_secure_rom: |
| 1947 | |
| 1948 | Entry: ti-secure-rom: Entry containing a TI x509 certificate binary for images booted by ROM |
| 1949 | -------------------------------------------------------------------------------------------- |
| 1950 | |
| 1951 | Properties / Entry arguments: |
| 1952 | - keyfile: Filename of file containing key to sign binary with |
| 1953 | - combined: boolean if device follows combined boot flow |
| 1954 | - countersign: boolean if device contains countersigned system firmware |
| 1955 | - load: load address of SPL |
| 1956 | - sw-rev: software revision |
| 1957 | - sha: Hash function to be used for signing |
| 1958 | - core: core on which bootloader runs, valid cores are 'secure' and 'public' |
| 1959 | - content: phandle of SPL in case of legacy bootflow or phandles of component binaries |
| 1960 | in case of combined bootflow |
Neha Malcom Francis | 14e9342 | 2023-10-23 13:31:02 +0530 | [diff] [blame] | 1961 | - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default |
Neha Malcom Francis | 5f5f0a6 | 2023-07-22 00:14:25 +0530 | [diff] [blame] | 1962 | |
| 1963 | The following properties are only for generating a combined bootflow binary: |
| 1964 | - sysfw-inner-cert: boolean if binary contains sysfw inner certificate |
| 1965 | - dm-data: boolean if binary contains dm-data binary |
| 1966 | - content-sbl: phandle of SPL binary |
| 1967 | - content-sysfw: phandle of sysfw binary |
| 1968 | - content-sysfw-data: phandle of sysfw-data or tifs-data binary |
| 1969 | - content-sysfw-inner-cert (optional): phandle of sysfw inner certificate binary |
| 1970 | - content-dm-data (optional): phandle of dm-data binary |
| 1971 | - load-sysfw: load address of sysfw binary |
| 1972 | - load-sysfw-data: load address of sysfw-data or tifs-data binary |
| 1973 | - load-sysfw-inner-cert (optional): load address of sysfw inner certificate binary |
| 1974 | - load-dm-data (optional): load address of dm-data binary |
| 1975 | |
| 1976 | Output files: |
| 1977 | - input.<unique_name> - input file passed to openssl |
| 1978 | - config.<unique_name> - input file generated for openssl (which is |
| 1979 | used as the config file) |
| 1980 | - cert.<unique_name> - output file generated by openssl (which is |
| 1981 | used as the entry contents) |
| 1982 | |
| 1983 | openssl signs the provided data, using the TI templated config file and |
| 1984 | writes the signature in this entry. This allows verification that the |
| 1985 | data is genuine. |
| 1986 | |
| 1987 | |
| 1988 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 1989 | .. _etype_u_boot: |
| 1990 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 1991 | Entry: u-boot: U-Boot flat binary |
| 1992 | --------------------------------- |
| 1993 | |
| 1994 | Properties / Entry arguments: |
| 1995 | - filename: Filename of u-boot.bin (default 'u-boot.bin') |
| 1996 | |
| 1997 | This is the U-Boot binary, containing relocation information to allow it |
| 1998 | to relocate itself at runtime. The binary typically includes a device tree |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 1999 | blob at the end of it. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2000 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2001 | U-Boot can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2002 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2003 | Note that this entry is automatically replaced with u-boot-expanded unless |
Simon Glass | 7098b7f | 2021-03-21 18:24:30 +1300 | [diff] [blame] | 2004 | --no-expanded is used or the node has a 'no-expanded' property. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2005 | |
| 2006 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2007 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2008 | .. _etype_u_boot_dtb: |
| 2009 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2010 | Entry: u-boot-dtb: U-Boot device tree |
| 2011 | ------------------------------------- |
| 2012 | |
| 2013 | Properties / Entry arguments: |
| 2014 | - filename: Filename of u-boot.dtb (default 'u-boot.dtb') |
| 2015 | |
| 2016 | This is the U-Boot device tree, containing configuration information for |
| 2017 | U-Boot. U-Boot needs this to know what devices are present and which drivers |
| 2018 | to activate. |
| 2019 | |
Simon Glass | e219aa4 | 2018-09-14 04:57:24 -0600 | [diff] [blame] | 2020 | Note: This is mostly an internal entry type, used by others. This allows |
| 2021 | binman to know which entries contain a device tree. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2022 | |
| 2023 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2024 | |
| 2025 | .. _etype_u_boot_dtb_with_ucode: |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2026 | |
| 2027 | Entry: u-boot-dtb-with-ucode: A U-Boot device tree file, with the microcode removed |
| 2028 | ----------------------------------------------------------------------------------- |
| 2029 | |
| 2030 | Properties / Entry arguments: |
| 2031 | - filename: Filename of u-boot.dtb (default 'u-boot.dtb') |
| 2032 | |
| 2033 | See Entry_u_boot_ucode for full details of the three entries involved in |
| 2034 | this process. This entry provides the U-Boot device-tree file, which |
| 2035 | contains the microcode. If the microcode is not being collated into one |
| 2036 | place then the offset and size of the microcode is recorded by this entry, |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2037 | for use by u-boot-with-ucode_ptr. If it is being collated, then this |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2038 | entry deletes the microcode from the device tree (to save space) and makes |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2039 | it available to u-boot-ucode. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2040 | |
| 2041 | |
| 2042 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2043 | .. _etype_u_boot_elf: |
| 2044 | |
Simon Glass | b171423 | 2018-09-14 04:57:35 -0600 | [diff] [blame] | 2045 | Entry: u-boot-elf: U-Boot ELF image |
| 2046 | ----------------------------------- |
| 2047 | |
| 2048 | Properties / Entry arguments: |
| 2049 | - filename: Filename of u-boot (default 'u-boot') |
| 2050 | |
| 2051 | This is the U-Boot ELF image. It does not include a device tree but can be |
| 2052 | relocated to any address for execution. |
| 2053 | |
| 2054 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2055 | |
| 2056 | .. _etype_u_boot_env: |
Simon Glass | b171423 | 2018-09-14 04:57:35 -0600 | [diff] [blame] | 2057 | |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 2058 | Entry: u-boot-env: An entry which contains a U-Boot environment |
| 2059 | --------------------------------------------------------------- |
| 2060 | |
| 2061 | Properties / Entry arguments: |
| 2062 | - filename: File containing the environment text, with each line in the |
| 2063 | form var=value |
| 2064 | |
| 2065 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2066 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2067 | .. _etype_u_boot_expanded: |
| 2068 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2069 | Entry: u-boot-expanded: U-Boot flat binary broken out into its component parts |
| 2070 | ------------------------------------------------------------------------------ |
| 2071 | |
| 2072 | This is a section containing the U-Boot binary and a devicetree. Using this |
| 2073 | entry type automatically creates this section, with the following entries |
| 2074 | in it: |
| 2075 | |
| 2076 | u-boot-nodtb |
| 2077 | u-boot-dtb |
| 2078 | |
| 2079 | Having the devicetree separate allows binman to update it in the final |
| 2080 | image, so that the entries positions are provided to the running U-Boot. |
| 2081 | |
| 2082 | |
Simon Glass | 136dd35 | 2020-10-26 17:39:59 -0600 | [diff] [blame] | 2083 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2084 | .. _etype_u_boot_img: |
| 2085 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2086 | Entry: u-boot-img: U-Boot legacy image |
| 2087 | -------------------------------------- |
| 2088 | |
| 2089 | Properties / Entry arguments: |
| 2090 | - filename: Filename of u-boot.img (default 'u-boot.img') |
| 2091 | |
| 2092 | This is the U-Boot binary as a packaged image, in legacy format. It has a |
| 2093 | header which allows it to be loaded at the correct address for execution. |
| 2094 | |
| 2095 | You should use FIT (Flat Image Tree) instead of the legacy image for new |
| 2096 | applications. |
| 2097 | |
| 2098 | |
| 2099 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2100 | .. _etype_u_boot_nodtb: |
| 2101 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2102 | Entry: u-boot-nodtb: U-Boot flat binary without device tree appended |
| 2103 | -------------------------------------------------------------------- |
| 2104 | |
| 2105 | Properties / Entry arguments: |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2106 | - filename: Filename to include (default 'u-boot-nodtb.bin') |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2107 | |
| 2108 | This is the U-Boot binary, containing relocation information to allow it |
| 2109 | to relocate itself at runtime. It does not include a device tree blob at |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2110 | the end of it so normally cannot work without it. You can add a u-boot-dtb |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2111 | entry after this one, or use a u-boot entry instead, normally expands to a |
| 2112 | section containing u-boot and u-boot-dtb |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2113 | |
| 2114 | |
| 2115 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2116 | .. _etype_u_boot_spl: |
| 2117 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2118 | Entry: u-boot-spl: U-Boot SPL binary |
| 2119 | ------------------------------------ |
| 2120 | |
| 2121 | Properties / Entry arguments: |
| 2122 | - filename: Filename of u-boot-spl.bin (default 'spl/u-boot-spl.bin') |
| 2123 | |
| 2124 | This is the U-Boot SPL (Secondary Program Loader) binary. This is a small |
| 2125 | binary which loads before U-Boot proper, typically into on-chip SRAM. It is |
| 2126 | responsible for locating, loading and jumping to U-Boot. Note that SPL is |
| 2127 | not relocatable so must be loaded to the correct address in SRAM, or written |
Simon Glass | 8425a1f | 2018-07-17 13:25:48 -0600 | [diff] [blame] | 2128 | to run from the correct address if direct flash execution is possible (e.g. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2129 | on x86 devices). |
| 2130 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2131 | SPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2132 | |
| 2133 | in the binman README for more information. |
| 2134 | |
| 2135 | The ELF file 'spl/u-boot-spl' must also be available for this to work, since |
| 2136 | binman uses that to look up symbols to write into the SPL binary. |
| 2137 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2138 | Note that this entry is automatically replaced with u-boot-spl-expanded |
Simon Glass | 7098b7f | 2021-03-21 18:24:30 +1300 | [diff] [blame] | 2139 | unless --no-expanded is used or the node has a 'no-expanded' property. |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2140 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2141 | |
| 2142 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2143 | .. _etype_u_boot_spl_bss_pad: |
| 2144 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2145 | Entry: u-boot-spl-bss-pad: U-Boot SPL binary padded with a BSS region |
| 2146 | --------------------------------------------------------------------- |
| 2147 | |
| 2148 | Properties / Entry arguments: |
| 2149 | None |
| 2150 | |
Simon Glass | 308939b | 2021-03-18 20:24:55 +1300 | [diff] [blame] | 2151 | This holds the padding added after the SPL binary to cover the BSS (Block |
| 2152 | Started by Symbol) region. This region holds the various variables used by |
| 2153 | SPL. It is set to 0 by SPL when it starts up. If you want to append data to |
| 2154 | the SPL image (such as a device tree file), you must pad out the BSS region |
| 2155 | to avoid the data overlapping with U-Boot variables. This entry is useful in |
| 2156 | that case. It automatically pads out the entry size to cover both the code, |
| 2157 | data and BSS. |
| 2158 | |
| 2159 | The contents of this entry will a certain number of zero bytes, determined |
| 2160 | by __bss_size |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2161 | |
| 2162 | The ELF file 'spl/u-boot-spl' must also be available for this to work, since |
| 2163 | binman uses that to look up the BSS address. |
| 2164 | |
| 2165 | |
| 2166 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2167 | .. _etype_u_boot_spl_dtb: |
| 2168 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2169 | Entry: u-boot-spl-dtb: U-Boot SPL device tree |
| 2170 | --------------------------------------------- |
| 2171 | |
| 2172 | Properties / Entry arguments: |
| 2173 | - filename: Filename of u-boot.dtb (default 'spl/u-boot-spl.dtb') |
| 2174 | |
| 2175 | This is the SPL device tree, containing configuration information for |
| 2176 | SPL. SPL needs this to know what devices are present and which drivers |
| 2177 | to activate. |
| 2178 | |
| 2179 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2180 | |
| 2181 | .. _etype_u_boot_spl_elf: |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2182 | |
Simon Glass | b171423 | 2018-09-14 04:57:35 -0600 | [diff] [blame] | 2183 | Entry: u-boot-spl-elf: U-Boot SPL ELF image |
| 2184 | ------------------------------------------- |
| 2185 | |
| 2186 | Properties / Entry arguments: |
Simon Glass | 5dcc21d | 2019-07-08 13:18:45 -0600 | [diff] [blame] | 2187 | - filename: Filename of SPL u-boot (default 'spl/u-boot-spl') |
Simon Glass | b171423 | 2018-09-14 04:57:35 -0600 | [diff] [blame] | 2188 | |
| 2189 | This is the U-Boot SPL ELF image. It does not include a device tree but can |
| 2190 | be relocated to any address for execution. |
| 2191 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2192 | |
| 2193 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2194 | .. _etype_u_boot_spl_expanded: |
| 2195 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2196 | Entry: u-boot-spl-expanded: U-Boot SPL flat binary broken out into its component parts |
| 2197 | -------------------------------------------------------------------------------------- |
| 2198 | |
| 2199 | Properties / Entry arguments: |
| 2200 | - spl-dtb: Controls whether this entry is selected (set to 'y' or '1' to |
| 2201 | select) |
| 2202 | |
| 2203 | This is a section containing the U-Boot binary, BSS padding if needed and a |
| 2204 | devicetree. Using this entry type automatically creates this section, with |
| 2205 | the following entries in it: |
| 2206 | |
| 2207 | u-boot-spl-nodtb |
| 2208 | u-boot-spl-bss-pad |
| 2209 | u-boot-dtb |
| 2210 | |
| 2211 | Having the devicetree separate allows binman to update it in the final |
| 2212 | image, so that the entries positions are provided to the running U-Boot. |
| 2213 | |
| 2214 | This entry is selected based on the value of the 'spl-dtb' entryarg. If |
| 2215 | this is non-empty (and not 'n' or '0') then this expanded entry is selected. |
Simon Glass | b171423 | 2018-09-14 04:57:35 -0600 | [diff] [blame] | 2216 | |
| 2217 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2218 | |
| 2219 | .. _etype_u_boot_spl_nodtb: |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2220 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2221 | Entry: u-boot-spl-nodtb: SPL binary without device tree appended |
| 2222 | ---------------------------------------------------------------- |
| 2223 | |
| 2224 | Properties / Entry arguments: |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2225 | - filename: Filename to include (default 'spl/u-boot-spl-nodtb.bin') |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2226 | |
| 2227 | This is the U-Boot SPL binary, It does not include a device tree blob at |
| 2228 | the end of it so may not be able to work without it, assuming SPL needs |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2229 | a device tree to operate on your platform. You can add a u-boot-spl-dtb |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2230 | entry after this one, or use a u-boot-spl entry instead' which normally |
| 2231 | expands to a section containing u-boot-spl-dtb, u-boot-spl-bss-pad and |
| 2232 | u-boot-spl-dtb |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2233 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2234 | SPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | 31e04cb | 2021-03-18 20:24:56 +1300 | [diff] [blame] | 2235 | |
| 2236 | in the binman README for more information. |
| 2237 | |
| 2238 | The ELF file 'spl/u-boot-spl' must also be available for this to work, since |
| 2239 | binman uses that to look up symbols to write into the SPL binary. |
| 2240 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2241 | |
| 2242 | |
Lukas Funke | b4937da | 2023-07-18 13:53:15 +0200 | [diff] [blame] | 2243 | .. _etype_u_boot_spl_pubkey_dtb: |
| 2244 | |
| 2245 | Entry: u-boot-spl-pubkey-dtb: U-Boot SPL device tree including public key |
| 2246 | ------------------------------------------------------------------------- |
| 2247 | |
| 2248 | Properties / Entry arguments: |
| 2249 | - key-name-hint: Public key name without extension (.crt). |
| 2250 | Default is determined by underlying |
| 2251 | bintool (fdt_add_pubkey), usually 'key'. |
| 2252 | - algo: (Optional) Algorithm used for signing. Default is determined by |
| 2253 | underlying bintool (fdt_add_pubkey), usually 'sha1,rsa2048' |
| 2254 | - required: (Optional) If present this indicates that the key must be |
| 2255 | verified for the image / configuration to be |
| 2256 | considered valid |
| 2257 | |
| 2258 | The following example shows an image containing an SPL which |
| 2259 | is packed together with the dtb. Binman will add a signature |
| 2260 | node to the dtb. |
| 2261 | |
| 2262 | Example node:: |
| 2263 | |
| 2264 | image { |
| 2265 | ... |
| 2266 | spl { |
| 2267 | filename = "spl.bin" |
| 2268 | |
| 2269 | u-boot-spl-nodtb { |
| 2270 | }; |
| 2271 | u-boot-spl-pubkey-dtb { |
| 2272 | algo = "sha384,rsa4096"; |
| 2273 | required = "conf"; |
| 2274 | key-name-hint = "dev"; |
| 2275 | }; |
| 2276 | }; |
| 2277 | ... |
| 2278 | } |
| 2279 | |
| 2280 | |
| 2281 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2282 | .. _etype_u_boot_spl_with_ucode_ptr: |
| 2283 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2284 | Entry: u-boot-spl-with-ucode-ptr: U-Boot SPL with embedded microcode pointer |
| 2285 | ---------------------------------------------------------------------------- |
| 2286 | |
Simon Glass | 3fb4f42 | 2018-09-14 04:57:32 -0600 | [diff] [blame] | 2287 | This is used when SPL must set up the microcode for U-Boot. |
| 2288 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2289 | See Entry_u_boot_ucode for full details of the entries involved in this |
| 2290 | process. |
| 2291 | |
| 2292 | |
| 2293 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2294 | .. _etype_u_boot_tpl: |
| 2295 | |
Simon Glass | 8425a1f | 2018-07-17 13:25:48 -0600 | [diff] [blame] | 2296 | Entry: u-boot-tpl: U-Boot TPL binary |
| 2297 | ------------------------------------ |
| 2298 | |
| 2299 | Properties / Entry arguments: |
| 2300 | - filename: Filename of u-boot-tpl.bin (default 'tpl/u-boot-tpl.bin') |
| 2301 | |
| 2302 | This is the U-Boot TPL (Tertiary Program Loader) binary. This is a small |
| 2303 | binary which loads before SPL, typically into on-chip SRAM. It is |
| 2304 | responsible for locating, loading and jumping to SPL, the next-stage |
| 2305 | loader. Note that SPL is not relocatable so must be loaded to the correct |
| 2306 | address in SRAM, or written to run from the correct address if direct |
| 2307 | flash execution is possible (e.g. on x86 devices). |
| 2308 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2309 | SPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | 8425a1f | 2018-07-17 13:25:48 -0600 | [diff] [blame] | 2310 | |
| 2311 | in the binman README for more information. |
| 2312 | |
| 2313 | The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since |
| 2314 | binman uses that to look up symbols to write into the TPL binary. |
| 2315 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2316 | Note that this entry is automatically replaced with u-boot-tpl-expanded |
Simon Glass | 7098b7f | 2021-03-21 18:24:30 +1300 | [diff] [blame] | 2317 | unless --no-expanded is used or the node has a 'no-expanded' property. |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2318 | |
Simon Glass | 8425a1f | 2018-07-17 13:25:48 -0600 | [diff] [blame] | 2319 | |
| 2320 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2321 | .. _etype_u_boot_tpl_bss_pad: |
| 2322 | |
Simon Glass | 63f41d4 | 2021-03-18 20:24:58 +1300 | [diff] [blame] | 2323 | Entry: u-boot-tpl-bss-pad: U-Boot TPL binary padded with a BSS region |
| 2324 | --------------------------------------------------------------------- |
| 2325 | |
| 2326 | Properties / Entry arguments: |
| 2327 | None |
| 2328 | |
| 2329 | This holds the padding added after the TPL binary to cover the BSS (Block |
| 2330 | Started by Symbol) region. This region holds the various variables used by |
| 2331 | TPL. It is set to 0 by TPL when it starts up. If you want to append data to |
| 2332 | the TPL image (such as a device tree file), you must pad out the BSS region |
| 2333 | to avoid the data overlapping with U-Boot variables. This entry is useful in |
| 2334 | that case. It automatically pads out the entry size to cover both the code, |
| 2335 | data and BSS. |
| 2336 | |
| 2337 | The contents of this entry will a certain number of zero bytes, determined |
| 2338 | by __bss_size |
| 2339 | |
| 2340 | The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since |
| 2341 | binman uses that to look up the BSS address. |
| 2342 | |
| 2343 | |
| 2344 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2345 | .. _etype_u_boot_tpl_dtb: |
| 2346 | |
Simon Glass | 8425a1f | 2018-07-17 13:25:48 -0600 | [diff] [blame] | 2347 | Entry: u-boot-tpl-dtb: U-Boot TPL device tree |
| 2348 | --------------------------------------------- |
| 2349 | |
| 2350 | Properties / Entry arguments: |
| 2351 | - filename: Filename of u-boot.dtb (default 'tpl/u-boot-tpl.dtb') |
| 2352 | |
| 2353 | This is the TPL device tree, containing configuration information for |
| 2354 | TPL. TPL needs this to know what devices are present and which drivers |
| 2355 | to activate. |
| 2356 | |
| 2357 | |
| 2358 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2359 | .. _etype_u_boot_tpl_dtb_with_ucode: |
| 2360 | |
Simon Glass | 3fb4f42 | 2018-09-14 04:57:32 -0600 | [diff] [blame] | 2361 | Entry: u-boot-tpl-dtb-with-ucode: U-Boot TPL with embedded microcode pointer |
| 2362 | ---------------------------------------------------------------------------- |
| 2363 | |
| 2364 | This is used when TPL must set up the microcode for U-Boot. |
| 2365 | |
| 2366 | See Entry_u_boot_ucode for full details of the entries involved in this |
| 2367 | process. |
| 2368 | |
| 2369 | |
| 2370 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2371 | .. _etype_u_boot_tpl_elf: |
| 2372 | |
Simon Glass | a899f71 | 2019-07-08 13:18:46 -0600 | [diff] [blame] | 2373 | Entry: u-boot-tpl-elf: U-Boot TPL ELF image |
| 2374 | ------------------------------------------- |
| 2375 | |
| 2376 | Properties / Entry arguments: |
| 2377 | - filename: Filename of TPL u-boot (default 'tpl/u-boot-tpl') |
| 2378 | |
| 2379 | This is the U-Boot TPL ELF image. It does not include a device tree but can |
| 2380 | be relocated to any address for execution. |
| 2381 | |
| 2382 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2383 | |
| 2384 | .. _etype_u_boot_tpl_expanded: |
Simon Glass | a899f71 | 2019-07-08 13:18:46 -0600 | [diff] [blame] | 2385 | |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2386 | Entry: u-boot-tpl-expanded: U-Boot TPL flat binary broken out into its component parts |
| 2387 | -------------------------------------------------------------------------------------- |
| 2388 | |
| 2389 | Properties / Entry arguments: |
| 2390 | - tpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to |
| 2391 | select) |
| 2392 | |
| 2393 | This is a section containing the U-Boot binary, BSS padding if needed and a |
| 2394 | devicetree. Using this entry type automatically creates this section, with |
| 2395 | the following entries in it: |
| 2396 | |
| 2397 | u-boot-tpl-nodtb |
| 2398 | u-boot-tpl-bss-pad |
| 2399 | u-boot-dtb |
| 2400 | |
| 2401 | Having the devicetree separate allows binman to update it in the final |
| 2402 | image, so that the entries positions are provided to the running U-Boot. |
| 2403 | |
| 2404 | This entry is selected based on the value of the 'tpl-dtb' entryarg. If |
| 2405 | this is non-empty (and not 'n' or '0') then this expanded entry is selected. |
| 2406 | |
| 2407 | |
| 2408 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2409 | .. _etype_u_boot_tpl_nodtb: |
| 2410 | |
Simon Glass | c98de97 | 2021-03-18 20:24:57 +1300 | [diff] [blame] | 2411 | Entry: u-boot-tpl-nodtb: TPL binary without device tree appended |
| 2412 | ---------------------------------------------------------------- |
| 2413 | |
| 2414 | Properties / Entry arguments: |
| 2415 | - filename: Filename to include (default 'tpl/u-boot-tpl-nodtb.bin') |
| 2416 | |
| 2417 | This is the U-Boot TPL binary, It does not include a device tree blob at |
| 2418 | the end of it so may not be able to work without it, assuming TPL needs |
| 2419 | a device tree to operate on your platform. You can add a u-boot-tpl-dtb |
Simon Glass | 718b529 | 2021-03-18 20:25:07 +1300 | [diff] [blame] | 2420 | entry after this one, or use a u-boot-tpl entry instead, which normally |
| 2421 | expands to a section containing u-boot-tpl-dtb, u-boot-tpl-bss-pad and |
| 2422 | u-boot-tpl-dtb |
Simon Glass | c98de97 | 2021-03-18 20:24:57 +1300 | [diff] [blame] | 2423 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2424 | TPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | c98de97 | 2021-03-18 20:24:57 +1300 | [diff] [blame] | 2425 | |
| 2426 | in the binman README for more information. |
| 2427 | |
| 2428 | The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since |
| 2429 | binman uses that to look up symbols to write into the TPL binary. |
| 2430 | |
| 2431 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2432 | |
| 2433 | .. _etype_u_boot_tpl_with_ucode_ptr: |
Simon Glass | c98de97 | 2021-03-18 20:24:57 +1300 | [diff] [blame] | 2434 | |
Simon Glass | 3fb4f42 | 2018-09-14 04:57:32 -0600 | [diff] [blame] | 2435 | Entry: u-boot-tpl-with-ucode-ptr: U-Boot TPL with embedded microcode pointer |
| 2436 | ---------------------------------------------------------------------------- |
| 2437 | |
| 2438 | See Entry_u_boot_ucode for full details of the entries involved in this |
| 2439 | process. |
| 2440 | |
| 2441 | |
| 2442 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2443 | .. _etype_u_boot_ucode: |
| 2444 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2445 | Entry: u-boot-ucode: U-Boot microcode block |
| 2446 | ------------------------------------------- |
| 2447 | |
| 2448 | Properties / Entry arguments: |
| 2449 | None |
| 2450 | |
| 2451 | The contents of this entry are filled in automatically by other entries |
| 2452 | which must also be in the image. |
| 2453 | |
| 2454 | U-Boot on x86 needs a single block of microcode. This is collected from |
| 2455 | the various microcode update nodes in the device tree. It is also unable |
| 2456 | to read the microcode from the device tree on platforms that use FSP |
| 2457 | (Firmware Support Package) binaries, because the API requires that the |
| 2458 | microcode is supplied before there is any SRAM available to use (i.e. |
| 2459 | the FSP sets up the SRAM / cache-as-RAM but does so in the call that |
| 2460 | requires the microcode!). To keep things simple, all x86 platforms handle |
| 2461 | microcode the same way in U-Boot (even non-FSP platforms). This is that |
| 2462 | a table is placed at _dt_ucode_base_size containing the base address and |
| 2463 | size of the microcode. This is either passed to the FSP (for FSP |
| 2464 | platforms), or used to set up the microcode (for non-FSP platforms). |
| 2465 | This all happens in the build system since it is the only way to get |
| 2466 | the microcode into a single blob and accessible without SRAM. |
| 2467 | |
| 2468 | There are two cases to handle. If there is only one microcode blob in |
| 2469 | the device tree, then the ucode pointer it set to point to that. This |
| 2470 | entry (u-boot-ucode) is empty. If there is more than one update, then |
| 2471 | this entry holds the concatenation of all updates, and the device tree |
| 2472 | entry (u-boot-dtb-with-ucode) is updated to remove the microcode. This |
| 2473 | last step ensures that that the microcode appears in one contiguous |
| 2474 | block in the image and is not unnecessarily duplicated in the device |
| 2475 | tree. It is referred to as 'collation' here. |
| 2476 | |
| 2477 | Entry types that have a part to play in handling microcode: |
| 2478 | |
| 2479 | Entry_u_boot_with_ucode_ptr: |
| 2480 | Contains u-boot-nodtb.bin (i.e. U-Boot without the device tree). |
| 2481 | It updates it with the address and size of the microcode so that |
| 2482 | U-Boot can find it early on start-up. |
| 2483 | Entry_u_boot_dtb_with_ucode: |
| 2484 | Contains u-boot.dtb. It stores the microcode in a |
| 2485 | 'self.ucode_data' property, which is then read by this class to |
| 2486 | obtain the microcode if needed. If collation is performed, it |
| 2487 | removes the microcode from the device tree. |
| 2488 | Entry_u_boot_ucode: |
| 2489 | This class. If collation is enabled it reads the microcode from |
| 2490 | the Entry_u_boot_dtb_with_ucode entry, and uses it as the |
| 2491 | contents of this entry. |
| 2492 | |
| 2493 | |
| 2494 | |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 2495 | .. _etype_u_boot_vpl: |
| 2496 | |
| 2497 | Entry: u-boot-vpl: U-Boot VPL binary |
| 2498 | ------------------------------------ |
| 2499 | |
| 2500 | Properties / Entry arguments: |
| 2501 | - filename: Filename of u-boot-vpl.bin (default 'vpl/u-boot-vpl.bin') |
| 2502 | |
| 2503 | This is the U-Boot VPL (Verifying Program Loader) binary. This is a small |
| 2504 | binary which loads before SPL, typically into on-chip SRAM. It is |
| 2505 | responsible for locating, loading and jumping to SPL, the next-stage |
| 2506 | loader. Note that VPL is not relocatable so must be loaded to the correct |
| 2507 | address in SRAM, or written to run from the correct address if direct |
| 2508 | flash execution is possible (e.g. on x86 devices). |
| 2509 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2510 | SPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 2511 | |
| 2512 | in the binman README for more information. |
| 2513 | |
| 2514 | The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since |
| 2515 | binman uses that to look up symbols to write into the VPL binary. |
| 2516 | |
| 2517 | |
| 2518 | |
| 2519 | .. _etype_u_boot_vpl_bss_pad: |
| 2520 | |
| 2521 | Entry: u-boot-vpl-bss-pad: U-Boot VPL binary padded with a BSS region |
| 2522 | --------------------------------------------------------------------- |
| 2523 | |
| 2524 | Properties / Entry arguments: |
| 2525 | None |
| 2526 | |
| 2527 | This holds the padding added after the VPL binary to cover the BSS (Block |
| 2528 | Started by Symbol) region. This region holds the various variables used by |
| 2529 | VPL. It is set to 0 by VPL when it starts up. If you want to append data to |
| 2530 | the VPL image (such as a device tree file), you must pad out the BSS region |
| 2531 | to avoid the data overlapping with U-Boot variables. This entry is useful in |
| 2532 | that case. It automatically pads out the entry size to cover both the code, |
| 2533 | data and BSS. |
| 2534 | |
| 2535 | The contents of this entry will a certain number of zero bytes, determined |
| 2536 | by __bss_size |
| 2537 | |
| 2538 | The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since |
| 2539 | binman uses that to look up the BSS address. |
| 2540 | |
| 2541 | |
| 2542 | |
| 2543 | .. _etype_u_boot_vpl_dtb: |
| 2544 | |
| 2545 | Entry: u-boot-vpl-dtb: U-Boot VPL device tree |
| 2546 | --------------------------------------------- |
| 2547 | |
| 2548 | Properties / Entry arguments: |
| 2549 | - filename: Filename of u-boot.dtb (default 'vpl/u-boot-vpl.dtb') |
| 2550 | |
| 2551 | This is the VPL device tree, containing configuration information for |
| 2552 | VPL. VPL needs this to know what devices are present and which drivers |
| 2553 | to activate. |
| 2554 | |
| 2555 | |
| 2556 | |
| 2557 | .. _etype_u_boot_vpl_elf: |
| 2558 | |
| 2559 | Entry: u-boot-vpl-elf: U-Boot VPL ELF image |
| 2560 | ------------------------------------------- |
| 2561 | |
| 2562 | Properties / Entry arguments: |
| 2563 | - filename: Filename of VPL u-boot (default 'vpl/u-boot-vpl') |
| 2564 | |
| 2565 | This is the U-Boot VPL ELF image. It does not include a device tree but can |
| 2566 | be relocated to any address for execution. |
| 2567 | |
| 2568 | |
| 2569 | |
| 2570 | .. _etype_u_boot_vpl_expanded: |
| 2571 | |
| 2572 | Entry: u-boot-vpl-expanded: U-Boot VPL flat binary broken out into its component parts |
| 2573 | -------------------------------------------------------------------------------------- |
| 2574 | |
| 2575 | Properties / Entry arguments: |
| 2576 | - vpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to |
| 2577 | select) |
| 2578 | |
| 2579 | This is a section containing the U-Boot binary, BSS padding if needed and a |
| 2580 | devicetree. Using this entry type automatically creates this section, with |
| 2581 | the following entries in it: |
| 2582 | |
| 2583 | u-boot-vpl-nodtb |
| 2584 | u-boot-vpl-bss-pad |
| 2585 | u-boot-dtb |
| 2586 | |
| 2587 | Having the devicetree separate allows binman to update it in the final |
| 2588 | image, so that the entries positions are provided to the running U-Boot. |
| 2589 | |
| 2590 | This entry is selected based on the value of the 'vpl-dtb' entryarg. If |
| 2591 | this is non-empty (and not 'n' or '0') then this expanded entry is selected. |
| 2592 | |
| 2593 | |
| 2594 | |
| 2595 | .. _etype_u_boot_vpl_nodtb: |
| 2596 | |
| 2597 | Entry: u-boot-vpl-nodtb: VPL binary without device tree appended |
| 2598 | ---------------------------------------------------------------- |
| 2599 | |
| 2600 | Properties / Entry arguments: |
| 2601 | - filename: Filename to include (default 'vpl/u-boot-vpl-nodtb.bin') |
| 2602 | |
| 2603 | This is the U-Boot VPL binary, It does not include a device tree blob at |
| 2604 | the end of it so may not be able to work without it, assuming VPL needs |
| 2605 | a device tree to operate on your platform. You can add a u_boot_vpl_dtb |
| 2606 | entry after this one, or use a u_boot_vpl entry instead, which normally |
| 2607 | expands to a section containing u-boot-vpl-dtb, u-boot-vpl-bss-pad and |
| 2608 | u-boot-vpl-dtb |
| 2609 | |
Simon Glass | 18ed996 | 2023-01-07 14:07:11 -0700 | [diff] [blame] | 2610 | VPL can access binman symbols at runtime. See :ref:`binman_fdt`. |
Simon Glass | da6a908 | 2023-01-07 14:07:10 -0700 | [diff] [blame] | 2611 | |
| 2612 | The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since |
| 2613 | binman uses that to look up symbols to write into the VPL binary. |
| 2614 | |
| 2615 | |
| 2616 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2617 | .. _etype_u_boot_with_ucode_ptr: |
| 2618 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2619 | Entry: u-boot-with-ucode-ptr: U-Boot with embedded microcode pointer |
| 2620 | -------------------------------------------------------------------- |
| 2621 | |
| 2622 | Properties / Entry arguments: |
Masahiro Yamada | a7a0ca4 | 2019-12-14 13:47:26 +0900 | [diff] [blame] | 2623 | - filename: Filename of u-boot-nodtb.bin (default 'u-boot-nodtb.bin') |
Simon Glass | ee21d3a | 2018-09-14 04:57:07 -0600 | [diff] [blame] | 2624 | - optional-ucode: boolean property to make microcode optional. If the |
| 2625 | u-boot.bin image does not include microcode, no error will |
| 2626 | be generated. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2627 | |
| 2628 | See Entry_u_boot_ucode for full details of the three entries involved in |
| 2629 | this process. This entry updates U-Boot with the offset and size of the |
| 2630 | microcode, to allow early x86 boot code to find it without doing anything |
Simon Glass | 537e006 | 2021-03-18 20:24:54 +1300 | [diff] [blame] | 2631 | complicated. Otherwise it is the same as the u-boot entry. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2632 | |
| 2633 | |
| 2634 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2635 | .. _etype_vblock: |
| 2636 | |
Simon Glass | 5c35016 | 2018-07-17 13:25:47 -0600 | [diff] [blame] | 2637 | Entry: vblock: An entry which contains a Chromium OS verified boot block |
| 2638 | ------------------------------------------------------------------------ |
| 2639 | |
| 2640 | Properties / Entry arguments: |
Simon Glass | 17b84eb | 2019-05-17 22:00:53 -0600 | [diff] [blame] | 2641 | - content: List of phandles to entries to sign |
Simon Glass | 5c35016 | 2018-07-17 13:25:47 -0600 | [diff] [blame] | 2642 | - keydir: Directory containing the public keys to use |
| 2643 | - keyblock: Name of the key file to use (inside keydir) |
| 2644 | - signprivate: Name of provide key file to use (inside keydir) |
| 2645 | - version: Version number of the vblock (typically 1) |
| 2646 | - kernelkey: Name of the kernel key to use (inside keydir) |
| 2647 | - preamble-flags: Value of the vboot preamble flags (typically 0) |
| 2648 | |
Simon Glass | 639505b | 2018-09-14 04:57:11 -0600 | [diff] [blame] | 2649 | Output files: |
| 2650 | - input.<unique_name> - input file passed to futility |
| 2651 | - vblock.<unique_name> - output file generated by futility (which is |
| 2652 | used as the entry contents) |
| 2653 | |
Jagdish Gediya | 311d484 | 2018-09-03 21:35:08 +0530 | [diff] [blame] | 2654 | Chromium OS signs the read-write firmware and kernel, writing the signature |
Simon Glass | 5c35016 | 2018-07-17 13:25:47 -0600 | [diff] [blame] | 2655 | in this block. This allows U-Boot to verify that the next firmware stage |
| 2656 | and kernel are genuine. |
| 2657 | |
| 2658 | |
| 2659 | |
Simon Glass | c3fe97f | 2023-03-02 17:02:45 -0700 | [diff] [blame] | 2660 | .. _etype_x509_cert: |
| 2661 | |
| 2662 | Entry: x509-cert: An entry which contains an X509 certificate |
| 2663 | ------------------------------------------------------------- |
| 2664 | |
| 2665 | Properties / Entry arguments: |
| 2666 | - content: List of phandles to entries to sign |
| 2667 | |
| 2668 | Output files: |
| 2669 | - input.<unique_name> - input file passed to openssl |
| 2670 | - cert.<unique_name> - output file generated by openssl (which is |
| 2671 | used as the entry contents) |
| 2672 | |
| 2673 | openssl signs the provided data, writing the signature in this entry. This |
| 2674 | allows verification that the data is genuine |
| 2675 | |
| 2676 | |
| 2677 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2678 | .. _etype_x86_reset16: |
| 2679 | |
Simon Glass | 0b074d6 | 2019-08-24 07:22:48 -0600 | [diff] [blame] | 2680 | Entry: x86-reset16: x86 16-bit reset code for U-Boot |
| 2681 | ---------------------------------------------------- |
| 2682 | |
| 2683 | Properties / Entry arguments: |
| 2684 | - filename: Filename of u-boot-x86-reset16.bin (default |
| 2685 | 'u-boot-x86-reset16.bin') |
| 2686 | |
| 2687 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
| 2688 | must be placed at a particular address. This entry holds that code. It is |
| 2689 | typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible |
| 2690 | for jumping to the x86-start16 code, which continues execution. |
| 2691 | |
| 2692 | For 64-bit U-Boot, the 'x86_reset16_spl' entry type is used instead. |
| 2693 | |
| 2694 | |
| 2695 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2696 | .. _etype_x86_reset16_spl: |
| 2697 | |
Simon Glass | 0b074d6 | 2019-08-24 07:22:48 -0600 | [diff] [blame] | 2698 | Entry: x86-reset16-spl: x86 16-bit reset code for U-Boot |
| 2699 | -------------------------------------------------------- |
| 2700 | |
| 2701 | Properties / Entry arguments: |
| 2702 | - filename: Filename of u-boot-x86-reset16.bin (default |
| 2703 | 'u-boot-x86-reset16.bin') |
| 2704 | |
| 2705 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
| 2706 | must be placed at a particular address. This entry holds that code. It is |
| 2707 | typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible |
| 2708 | for jumping to the x86-start16 code, which continues execution. |
| 2709 | |
| 2710 | For 32-bit U-Boot, the 'x86_reset_spl' entry type is used instead. |
| 2711 | |
| 2712 | |
| 2713 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2714 | .. _etype_x86_reset16_tpl: |
| 2715 | |
Simon Glass | 0b074d6 | 2019-08-24 07:22:48 -0600 | [diff] [blame] | 2716 | Entry: x86-reset16-tpl: x86 16-bit reset code for U-Boot |
| 2717 | -------------------------------------------------------- |
| 2718 | |
| 2719 | Properties / Entry arguments: |
| 2720 | - filename: Filename of u-boot-x86-reset16.bin (default |
| 2721 | 'u-boot-x86-reset16.bin') |
| 2722 | |
| 2723 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
| 2724 | must be placed at a particular address. This entry holds that code. It is |
| 2725 | typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible |
| 2726 | for jumping to the x86-start16 code, which continues execution. |
| 2727 | |
| 2728 | For 32-bit U-Boot, the 'x86_reset_tpl' entry type is used instead. |
| 2729 | |
| 2730 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2731 | |
| 2732 | .. _etype_x86_start16: |
Simon Glass | 0b074d6 | 2019-08-24 07:22:48 -0600 | [diff] [blame] | 2733 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2734 | Entry: x86-start16: x86 16-bit start-up code for U-Boot |
| 2735 | ------------------------------------------------------- |
| 2736 | |
| 2737 | Properties / Entry arguments: |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2738 | - filename: Filename of u-boot-x86-start16.bin (default |
| 2739 | 'u-boot-x86-start16.bin') |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2740 | |
| 2741 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2742 | must be placed in the top 64KB of the ROM. The reset code jumps to it. This |
| 2743 | entry holds that code. It is typically placed at offset |
| 2744 | CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode |
| 2745 | and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit |
| 2746 | U-Boot). |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2747 | |
| 2748 | For 64-bit U-Boot, the 'x86_start16_spl' entry type is used instead. |
| 2749 | |
| 2750 | |
| 2751 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2752 | .. _etype_x86_start16_spl: |
| 2753 | |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2754 | Entry: x86-start16-spl: x86 16-bit start-up code for SPL |
| 2755 | -------------------------------------------------------- |
| 2756 | |
| 2757 | Properties / Entry arguments: |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2758 | - filename: Filename of spl/u-boot-x86-start16-spl.bin (default |
| 2759 | 'spl/u-boot-x86-start16-spl.bin') |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2760 | |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2761 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
| 2762 | must be placed in the top 64KB of the ROM. The reset code jumps to it. This |
| 2763 | entry holds that code. It is typically placed at offset |
| 2764 | CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode |
| 2765 | and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit |
| 2766 | U-Boot). |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2767 | |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2768 | For 32-bit U-Boot, the 'x86-start16' entry type is used instead. |
Simon Glass | 7a61c6b | 2018-07-17 13:25:37 -0600 | [diff] [blame] | 2769 | |
| 2770 | |
| 2771 | |
Simon Glass | a7c9778 | 2022-08-07 16:33:25 -0600 | [diff] [blame] | 2772 | .. _etype_x86_start16_tpl: |
| 2773 | |
Simon Glass | ed40e96 | 2018-09-14 04:57:10 -0600 | [diff] [blame] | 2774 | Entry: x86-start16-tpl: x86 16-bit start-up code for TPL |
| 2775 | -------------------------------------------------------- |
| 2776 | |
| 2777 | Properties / Entry arguments: |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2778 | - filename: Filename of tpl/u-boot-x86-start16-tpl.bin (default |
| 2779 | 'tpl/u-boot-x86-start16-tpl.bin') |
Simon Glass | ed40e96 | 2018-09-14 04:57:10 -0600 | [diff] [blame] | 2780 | |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2781 | x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code |
| 2782 | must be placed in the top 64KB of the ROM. The reset code jumps to it. This |
| 2783 | entry holds that code. It is typically placed at offset |
| 2784 | CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode |
| 2785 | and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit |
| 2786 | U-Boot). |
Simon Glass | ed40e96 | 2018-09-14 04:57:10 -0600 | [diff] [blame] | 2787 | |
Simon Glass | abab18c | 2019-08-24 07:22:49 -0600 | [diff] [blame] | 2788 | If TPL is not being used, the 'x86-start16-spl or 'x86-start16' entry types |
Simon Glass | ed40e96 | 2018-09-14 04:57:10 -0600 | [diff] [blame] | 2789 | may be used instead. |
| 2790 | |
| 2791 | |
| 2792 | |
Lukas Funke | febfc6d | 2023-08-03 17:22:15 +0200 | [diff] [blame] | 2793 | .. _etype_xilinx_bootgen: |
| 2794 | |
| 2795 | Entry: xilinx-bootgen: Signed SPL boot image for Xilinx ZynqMP devices |
| 2796 | ---------------------------------------------------------------------- |
| 2797 | |
| 2798 | Properties / Entry arguments: |
| 2799 | - auth-params: (Optional) Authentication parameters passed to bootgen |
| 2800 | - fsbl-config: (Optional) FSBL parameters passed to bootgen |
| 2801 | - keysrc-enc: (Optional) Key source when using decryption engine |
| 2802 | - pmufw-filename: Filename of PMU firmware. Default: pmu-firmware.elf |
| 2803 | - psk-key-name-hint: Name of primary secret key to use for signing the |
| 2804 | secondardy public key. Format: .pem file |
| 2805 | - ssk-key-name-hint: Name of secondardy secret key to use for signing |
| 2806 | the boot image. Format: .pem file |
| 2807 | |
| 2808 | The etype is used to create a boot image for Xilinx ZynqMP |
| 2809 | devices. |
| 2810 | |
| 2811 | Information for signed images: |
| 2812 | |
| 2813 | In AMD/Xilinx SoCs, two pairs of public and secret keys are used |
| 2814 | - primary and secondary. The function of the primary public/secret key pair |
| 2815 | is to authenticate the secondary public/secret key pair. |
| 2816 | The function of the secondary key is to sign/verify the boot image. [1] |
| 2817 | |
| 2818 | AMD/Xilinx uses the following terms for private/public keys [1]: |
| 2819 | |
| 2820 | PSK = Primary Secret Key (Used to sign Secondary Public Key) |
| 2821 | PPK = Primary Public Key (Used to verify Secondary Public Key) |
| 2822 | SSK = Secondary Secret Key (Used to sign the boot image/partitions) |
| 2823 | SPK = Used to verify the actual boot image |
| 2824 | |
| 2825 | The following example builds a signed boot image. The fuses of |
| 2826 | the primary public key (ppk) should be fused together with the RSA_EN flag. |
| 2827 | |
| 2828 | Example node:: |
| 2829 | |
| 2830 | spl { |
| 2831 | filename = "boot.signed.bin"; |
| 2832 | |
| 2833 | xilinx-bootgen { |
| 2834 | psk-key-name-hint = "psk0"; |
| 2835 | ssk-key-name-hint = "ssk0"; |
| 2836 | auth-params = "ppk_select=0", "spk_id=0x00000000"; |
| 2837 | |
| 2838 | u-boot-spl-nodtb { |
| 2839 | }; |
| 2840 | u-boot-spl-pubkey-dtb { |
| 2841 | algo = "sha384,rsa4096"; |
| 2842 | required = "conf"; |
| 2843 | key-name-hint = "dev"; |
| 2844 | }; |
| 2845 | }; |
| 2846 | }; |
| 2847 | |
| 2848 | For testing purposes, e.g. if no RSA_EN should be fused, one could add |
| 2849 | the "bh_auth_enable" flag in the fsbl-config field. This will skip the |
| 2850 | verification of the ppk fuses and boot the image, even if ppk hash is |
| 2851 | invalid. |
| 2852 | |
| 2853 | Example node:: |
| 2854 | |
| 2855 | xilinx-bootgen { |
| 2856 | psk-key-name-hint = "psk0"; |
| 2857 | psk-key-name-hint = "ssk0"; |
| 2858 | ... |
| 2859 | fsbl-config = "bh_auth_enable"; |
| 2860 | ... |
| 2861 | }; |
| 2862 | |
| 2863 | [1] https://docs.xilinx.com/r/en-US/ug1283-bootgen-user-guide/Using-Authentication |
| 2864 | |
| 2865 | |
| 2866 | |
| 2867 | |