blob: 254afe7607472d8ba1650f7517c4c43ebf09ce0f [file] [log] [blame]
Simon Glass7a61c6b2018-07-17 13:25:37 -06001Binman Entry Documentation
Heinrich Schuchardtb72160b2023-10-28 11:59:32 +02002==========================
Simon Glass7a61c6b2018-07-17 13:25:37 -06003
4This file describes the entry types supported by binman. These entry types can
5be placed in an image one by one to build up a final firmware image. It is
6fairly easy to create new entry types. Just add a new file to the 'etype'
7directory. You can use the existing entries as examples.
8
9Note that some entries are subclasses of others, using and extending their
10features to produce new behaviours.
11
12
13
Simon Glassa7c97782022-08-07 16:33:25 -060014.. _etype_atf_bl31:
15
Simon Glass8911fa12021-03-18 20:25:16 +130016Entry: atf-bl31: ARM Trusted Firmware (ATF) BL31 blob
17-----------------------------------------------------
Simon Glass559c4de2020-09-01 05:13:58 -060018
19Properties / Entry arguments:
20 - atf-bl31-path: Filename of file to read into entry. This is typically
21 called bl31.bin or bl31.elf
22
23This entry holds the run-time firmware, typically started by U-Boot SPL.
24See the U-Boot README for your architecture or board for how to use it. See
25https://github.com/ARM-software/arm-trusted-firmware for more information
26about ATF.
27
28
29
Simon Glassa7c97782022-08-07 16:33:25 -060030.. _etype_atf_fip:
31
Simon Glass3efb2972021-11-23 21:08:59 -070032Entry: atf-fip: ARM Trusted Firmware's Firmware Image Package (FIP)
33-------------------------------------------------------------------
34
35A FIP_ provides a way to group binaries in a firmware image, used by ARM's
36Trusted Firmware A (TF-A) code. It is a simple format consisting of a
37table of contents with information about the type, offset and size of the
38binaries in the FIP. It is quite similar to FMAP, with the major difference
39that it uses UUIDs to indicate the type of each entry.
40
41Note: It is recommended to always add an fdtmap to every image, as well as
42any FIPs so that binman and other tools can access the entire image
43correctly.
44
45The UUIDs correspond to useful names in `fiptool`, provided by ATF to
46operate on FIPs. Binman uses these names to make it easier to understand
47what is going on, although it is possible to provide a UUID if needed.
48
49The contents of the FIP are defined by subnodes of the atf-fip entry, e.g.::
50
51 atf-fip {
52 soc-fw {
53 filename = "bl31.bin";
54 };
55
56 scp-fwu-cfg {
57 filename = "bl2u.bin";
58 };
59
60 u-boot {
61 fip-type = "nt-fw";
62 };
63 };
64
65This describes a FIP with three entries: soc-fw, scp-fwu-cfg and nt-fw.
66You can use normal (non-external) binaries like U-Boot simply by adding a
67FIP type, with the `fip-type` property, as above.
68
69Since FIP exists to bring blobs together, Binman assumes that all FIP
70entries are external binaries. If a binary may not exist, you can use the
71`--allow-missing` flag to Binman, in which case the image is still created,
72even though it will not actually work.
73
74The size of the FIP depends on the size of the binaries. There is currently
75no way to specify a fixed size. If the `atf-fip` node has a `size` entry,
76this affects the space taken up by the `atf-fip` entry, but the FIP itself
77does not expand to use that space.
78
79Some other FIP features are available with Binman. The header and the
80entries have 64-bit flag works. The flag flags do not seem to be defined
81anywhere, but you can use `fip-hdr-flags` and fip-flags` to set the values
82of the header and entries respectively.
83
84FIP entries can be aligned to a particular power-of-two boundary. Use
85fip-align for this.
86
87Binman only understands the entry types that are included in its
88implementation. It is possible to specify a 16-byte UUID instead, using the
89fip-uuid property. In this case Binman doesn't know what its type is, so
90just uses the UUID. See the `u-boot` node in this example::
91
92 binman {
93 atf-fip {
94 fip-hdr-flags = /bits/ 64 <0x123>;
95 fip-align = <16>;
96 soc-fw {
97 fip-flags = /bits/ 64 <0x456>;
98 filename = "bl31.bin";
99 };
100
101 scp-fwu-cfg {
102 filename = "bl2u.bin";
103 };
104
105 u-boot {
106 fip-uuid = [fc 65 13 92 4a 5b 11 ec
107 94 35 ff 2d 1c fc 79 9c];
108 };
109 };
110 fdtmap {
111 };
112 };
113
114Binman allows reading and updating FIP entries after the image is created,
115provided that an FDPMAP is present too. Updates which change the size of a
116FIP entry will cause it to be expanded or contracted as needed.
117
118Properties for top-level atf-fip node
119~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
120
121fip-hdr-flags (64 bits)
122 Sets the flags for the FIP header.
123
124Properties for subnodes
125~~~~~~~~~~~~~~~~~~~~~~~
126
127fip-type (str)
128 FIP type to use for this entry. This is needed if the entry
129 name is not a valid type. Value types are defined in `fip_util.py`.
130 The FIP type defines the UUID that is used (they map 1:1).
131
132fip-uuid (16 bytes)
133 If there is no FIP-type name defined, or it is not supported by Binman,
134 this property sets the UUID. It should be a 16-byte value, following the
135 hex digits of the UUID.
136
137fip-flags (64 bits)
138 Set the flags for a FIP entry. Use in one of the subnodes of the
139 7atf-fip entry.
140
141fip-align
142 Set the alignment for a FIP entry, FIP entries can be aligned to a
143 particular power-of-two boundary. The default is 1.
144
145Adding new FIP-entry types
146~~~~~~~~~~~~~~~~~~~~~~~~~~
147
148When new FIP entries are defined by TF-A they appear in the
149`TF-A source tree`_. You can use `fip_util.py` to update Binman to support
150new types, then `send a patch`_ to the U-Boot mailing list. There are two
151source files that the tool examples:
152
153- `include/tools_share/firmware_image_package.h` has the UUIDs
154- `tools/fiptool/tbbr_config.c` has the name and descripion for each UUID
155
156To run the tool::
157
158 $ tools/binman/fip_util.py -s /path/to/arm-trusted-firmware
159 Warning: UUID 'UUID_NON_TRUSTED_WORLD_KEY_CERT' is not mentioned in tbbr_config.c file
160 Existing code in 'tools/binman/fip_util.py' is up-to-date
161
162If it shows there is an update, it writes a new version of `fip_util.py`
163to `fip_util.py.out`. You can change the output file using the `-i` flag.
164If you have a problem, use `-D` to enable traceback debugging.
165
166FIP commentary
167~~~~~~~~~~~~~~
168
169As a side effect of use of UUIDs, FIP does not support multiple
170entries of the same type, such as might be used to store fonts or graphics
171icons, for example. For verified boot it could be used for each part of the
172image (e.g. separate FIPs for A and B) but cannot describe the whole
173firmware image. As with FMAP there is no hierarchy defined, although FMAP
174works around this by having 'section' areas which encompass others. A
175similar workaround would be possible with FIP but is not currently defined.
176
177It is recommended to always add an fdtmap to every image, as well as any
178FIPs so that binman and other tools can access the entire image correctly.
179
180.. _FIP: https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#firmware-image-package-fip
181.. _`TF-A source tree`: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
182.. _`send a patch`: https://www.denx.de/wiki/U-Boot/Patches
183
184
185
Simon Glassa7c97782022-08-07 16:33:25 -0600186.. _etype_blob:
187
Simon Glass8911fa12021-03-18 20:25:16 +1300188Entry: blob: Arbitrary binary blob
189----------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -0600190
191Note: This should not be used by itself. It is normally used as a parent
192class by other entry types.
193
194Properties / Entry arguments:
195 - filename: Filename of file to read into entry
Simon Glass7ba33592018-09-14 04:57:26 -0600196 - compress: Compression algorithm to use:
197 none: No compression
198 lz4: Use lz4 compression (via 'lz4' command-line utility)
Simon Glass7a61c6b2018-07-17 13:25:37 -0600199
200This entry reads data from a file and places it in the entry. The
201default filename is often specified specified by the subclass. See for
Simon Glass537e0062021-03-18 20:24:54 +1300202example the 'u-boot' entry which provides the filename 'u-boot.bin'.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600203
Simon Glass7ba33592018-09-14 04:57:26 -0600204If compression is enabled, an extra 'uncomp-size' property is written to
205the node (if enabled with -u) which provides the uncompressed size of the
206data.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600207
208
Simon Glass7a61c6b2018-07-17 13:25:37 -0600209
Simon Glassa7c97782022-08-07 16:33:25 -0600210.. _etype_blob_dtb:
211
Simon Glasse219aa42018-09-14 04:57:24 -0600212Entry: blob-dtb: A blob that holds a device tree
213------------------------------------------------
214
215This is a blob containing a device tree. The contents of the blob are
216obtained from the list of available device-tree files, managed by the
217'state' module.
218
Simon Glassda6a9082023-01-07 14:07:10 -0700219Additional attributes:
220 prepend: Header used (e.g. 'length')
Simon Glasse219aa42018-09-14 04:57:24 -0600221
222
Simon Glassda6a9082023-01-07 14:07:10 -0700223
Simon Glassa7c97782022-08-07 16:33:25 -0600224.. _etype_blob_ext:
225
Simon Glass8911fa12021-03-18 20:25:16 +1300226Entry: blob-ext: Externally built binary blob
227---------------------------------------------
Simon Glass5e560182020-07-09 18:39:36 -0600228
229Note: This should not be used by itself. It is normally used as a parent
230class by other entry types.
231
Simon Glass5d94cc62020-07-09 18:39:38 -0600232If the file providing this blob is missing, binman can optionally ignore it
233and produce a broken image with a warning.
234
Simon Glass5e560182020-07-09 18:39:36 -0600235See 'blob' for Properties / Entry arguments.
236
237
238
Simon Glassa7c97782022-08-07 16:33:25 -0600239.. _etype_blob_ext_list:
240
Simon Glass0b00ae62021-11-23 21:09:52 -0700241Entry: blob-ext-list: List of externally built binary blobs
242-----------------------------------------------------------
243
244This is like blob-ext except that a number of blobs can be provided,
245typically with some sort of relationship, e.g. all are DDC parameters.
246
247If any of the external files needed by this llist is missing, binman can
248optionally ignore it and produce a broken image with a warning.
249
250Args:
251 filenames: List of filenames to read and include
252
253
Simon Glassa7c97782022-08-07 16:33:25 -0600254
255.. _etype_blob_named_by_arg:
Simon Glass0b00ae62021-11-23 21:09:52 -0700256
Simon Glassdb168d42018-07-17 13:25:39 -0600257Entry: blob-named-by-arg: A blob entry which gets its filename property from its subclass
258-----------------------------------------------------------------------------------------
259
260Properties / Entry arguments:
261 - <xxx>-path: Filename containing the contents of this entry (optional,
Simon Glass21db0ff2020-09-01 05:13:54 -0600262 defaults to None)
Simon Glassdb168d42018-07-17 13:25:39 -0600263
264where <xxx> is the blob_fname argument to the constructor.
265
266This entry cannot be used directly. Instead, it is used as a parent class
267for another entry, which defined blob_fname. This parameter is used to
268set the entry-arg or property containing the filename. The entry-arg or
269property is in turn used to set the actual filename.
270
271See cros_ec_rw for an example of this.
272
273
274
Simon Glassa7c97782022-08-07 16:33:25 -0600275.. _etype_blob_phase:
276
Simon Glass718b5292021-03-18 20:25:07 +1300277Entry: blob-phase: Section that holds a phase binary
278----------------------------------------------------
279
280This is a base class that should not normally be used directly. It is used
281when converting a 'u-boot' entry automatically into a 'u-boot-expanded'
282entry; similarly for SPL.
283
284
Simon Glassa7c97782022-08-07 16:33:25 -0600285
286.. _etype_cbfs:
Simon Glass718b5292021-03-18 20:25:07 +1300287
Simon Glass8911fa12021-03-18 20:25:16 +1300288Entry: cbfs: Coreboot Filesystem (CBFS)
289---------------------------------------
Simon Glass1de34482019-07-08 13:18:53 -0600290
291A CBFS provides a way to group files into a group. It has a simple directory
292structure and allows the position of individual files to be set, since it is
293designed to support execute-in-place in an x86 SPI-flash device. Where XIP
294is not used, it supports compression and storing ELF files.
295
296CBFS is used by coreboot as its way of orgnanising SPI-flash contents.
297
Simon Glass0ac96b62021-03-18 20:25:15 +1300298The contents of the CBFS are defined by subnodes of the cbfs entry, e.g.::
Simon Glass1de34482019-07-08 13:18:53 -0600299
300 cbfs {
301 size = <0x100000>;
302 u-boot {
303 cbfs-type = "raw";
304 };
305 u-boot-dtb {
306 cbfs-type = "raw";
307 };
308 };
309
310This creates a CBFS 1MB in size two files in it: u-boot.bin and u-boot.dtb.
311Note that the size is required since binman does not support calculating it.
312The contents of each entry is just what binman would normally provide if it
313were not a CBFS node. A blob type can be used to import arbitrary files as
Simon Glass0ac96b62021-03-18 20:25:15 +1300314with the second subnode below::
Simon Glass1de34482019-07-08 13:18:53 -0600315
316 cbfs {
317 size = <0x100000>;
318 u-boot {
319 cbfs-name = "BOOT";
320 cbfs-type = "raw";
321 };
322
323 dtb {
324 type = "blob";
325 filename = "u-boot.dtb";
326 cbfs-type = "raw";
327 cbfs-compress = "lz4";
Simon Glassc2f1aed2019-07-08 13:18:56 -0600328 cbfs-offset = <0x100000>;
Simon Glass1de34482019-07-08 13:18:53 -0600329 };
330 };
331
332This creates a CBFS 1MB in size with u-boot.bin (named "BOOT") and
333u-boot.dtb (named "dtb") and compressed with the lz4 algorithm.
334
335
336Properties supported in the top-level CBFS node:
337
338cbfs-arch:
339 Defaults to "x86", but you can specify the architecture if needed.
340
341
342Properties supported in the CBFS entry subnodes:
343
344cbfs-name:
345 This is the name of the file created in CBFS. It defaults to the entry
346 name (which is the node name), but you can override it with this
347 property.
348
349cbfs-type:
350 This is the CBFS file type. The following are supported:
351
352 raw:
353 This is a 'raw' file, although compression is supported. It can be
354 used to store any file in CBFS.
355
356 stage:
357 This is an ELF file that has been loaded (i.e. mapped to memory), so
358 appears in the CBFS as a flat binary. The input file must be an ELF
359 image, for example this puts "u-boot" (the ELF image) into a 'stage'
Simon Glass0ac96b62021-03-18 20:25:15 +1300360 entry::
Simon Glass1de34482019-07-08 13:18:53 -0600361
362 cbfs {
363 size = <0x100000>;
364 u-boot-elf {
365 cbfs-name = "BOOT";
366 cbfs-type = "stage";
367 };
368 };
369
Simon Glass0ac96b62021-03-18 20:25:15 +1300370 You can use your own ELF file with something like::
Simon Glass1de34482019-07-08 13:18:53 -0600371
372 cbfs {
373 size = <0x100000>;
374 something {
375 type = "blob";
376 filename = "cbfs-stage.elf";
377 cbfs-type = "stage";
378 };
379 };
380
381 As mentioned, the file is converted to a flat binary, so it is
382 equivalent to adding "u-boot.bin", for example, but with the load and
383 start addresses specified by the ELF. At present there is no option
384 to add a flat binary with a load/start address, similar to the
385 'add-flat-binary' option in cbfstool.
386
Simon Glassc2f1aed2019-07-08 13:18:56 -0600387cbfs-offset:
388 This is the offset of the file's data within the CBFS. It is used to
389 specify where the file should be placed in cases where a fixed position
390 is needed. Typical uses are for code which is not relocatable and must
391 execute in-place from a particular address. This works because SPI flash
392 is generally mapped into memory on x86 devices. The file header is
393 placed before this offset so that the data start lines up exactly with
394 the chosen offset. If this property is not provided, then the file is
395 placed in the next available spot.
Simon Glass1de34482019-07-08 13:18:53 -0600396
397The current implementation supports only a subset of CBFS features. It does
398not support other file types (e.g. payload), adding multiple files (like the
399'files' entry with a pattern supported by binman), putting files at a
400particular offset in the CBFS and a few other things.
401
402Of course binman can create images containing multiple CBFSs, simply by
Simon Glass0ac96b62021-03-18 20:25:15 +1300403defining these in the binman config::
Simon Glass1de34482019-07-08 13:18:53 -0600404
405
406 binman {
407 size = <0x800000>;
408 cbfs {
409 offset = <0x100000>;
410 size = <0x100000>;
411 u-boot {
412 cbfs-type = "raw";
413 };
414 u-boot-dtb {
415 cbfs-type = "raw";
416 };
417 };
418
419 cbfs2 {
420 offset = <0x700000>;
421 size = <0x100000>;
422 u-boot {
423 cbfs-type = "raw";
424 };
425 u-boot-dtb {
426 cbfs-type = "raw";
427 };
428 image {
429 type = "blob";
430 filename = "image.jpg";
431 };
432 };
433 };
434
435This creates an 8MB image with two CBFSs, one at offset 1MB, one at 7MB,
436both of size 1MB.
437
438
439
Simon Glassa7c97782022-08-07 16:33:25 -0600440.. _etype_collection:
441
Simon Glasse1915782021-03-21 18:24:31 +1300442Entry: collection: An entry which contains a collection of other entries
443------------------------------------------------------------------------
444
445Properties / Entry arguments:
446 - content: List of phandles to entries to include
447
448This allows reusing the contents of other entries. The contents of the
449listed entries are combined to form this entry. This serves as a useful
450base class for entry types which need to process data from elsewhere in
451the image, not necessarily child entries.
452
Simon Glassbd5cd882022-08-13 11:40:50 -0600453The entries can generally be anywhere in the same image, even if they are in
454a different section from this entry.
455
Simon Glasse1915782021-03-21 18:24:31 +1300456
457
Simon Glassa7c97782022-08-07 16:33:25 -0600458.. _etype_cros_ec_rw:
459
Simon Glassdb168d42018-07-17 13:25:39 -0600460Entry: cros-ec-rw: A blob entry which contains a Chromium OS read-write EC image
461--------------------------------------------------------------------------------
462
463Properties / Entry arguments:
464 - cros-ec-rw-path: Filename containing the EC image
465
466This entry holds a Chromium OS EC (embedded controller) image, for use in
467updating the EC on startup via software sync.
468
469
470
Sughosh Ganu269ee6d2023-08-22 23:09:59 +0530471.. _etype_efi_capsule:
472
473Entry: capsule: Entry for generating EFI Capsule files
474------------------------------------------------------
475
476The parameters needed for generation of the capsules can be provided
477as properties in the entry.
478
479Properties / Entry arguments:
480 - image-index: Unique number for identifying corresponding
481 payload image. Number between 1 and descriptor count, i.e.
482 the total number of firmware images that can be updated. Mandatory
483 property.
484 - image-guid: Image GUID which will be used for identifying the
485 updatable image on the board. Mandatory property.
486 - hardware-instance: Optional number for identifying unique
487 hardware instance of a device in the system. Default value of 0
488 for images where value is not to be used.
489 - fw-version: Value of image version that can be put on the capsule
490 through the Firmware Management Protocol(FMP) header.
491 - monotonic-count: Count used when signing an image.
492 - private-key: Path to PEM formatted .key private key file. Mandatory
493 property for generating signed capsules.
494 - public-key-cert: Path to PEM formatted .crt public key certificate
495 file. Mandatory property for generating signed capsules.
496 - oem-flags - OEM flags to be passed through capsule header.
497
498 Since this is a subclass of Entry_section, all properties of the parent
499 class also apply here. Except for the properties stated as mandatory, the
500 rest of the properties are optional.
501
502For more details on the description of the capsule format, and the capsule
503update functionality, refer Section 8.5 and Chapter 23 in the `UEFI
504specification`_.
505
506The capsule parameters like image index and image GUID are passed as
507properties in the entry. The payload to be used in the capsule is to be
508provided as a subnode of the capsule entry.
509
510A typical capsule entry node would then look something like this::
511
512 capsule {
513 type = "efi-capsule";
514 image-index = <0x1>;
515 /* Image GUID for testing capsule update */
516 image-guid = SANDBOX_UBOOT_IMAGE_GUID;
517 hardware-instance = <0x0>;
518 private-key = "path/to/the/private/key";
519 public-key-cert = "path/to/the/public-key-cert";
520 oem-flags = <0x8000>;
521
522 u-boot {
523 };
524 };
525
526In the above example, the capsule payload is the U-Boot image. The
527capsule entry would read the contents of the payload and put them
528into the capsule. Any external file can also be specified as the
529payload using the blob-ext subnode.
530
531.. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf
532
533
534
Sughosh Ganu6b2d18a2023-10-10 14:40:59 +0530535.. _etype_efi_empty_capsule:
536
537Entry: efi-empty-capsule: Entry for generating EFI Empty Capsule files
538----------------------------------------------------------------------
539
540The parameters needed for generation of the empty capsules can
541be provided as properties in the entry.
542
543Properties / Entry arguments:
544 - image-guid: Image GUID which will be used for identifying the
545 updatable image on the board. Mandatory for accept capsule.
546 - capsule-type - String to indicate type of capsule to generate. Valid
547 values are 'accept' and 'revert'.
548
549For more details on the description of the capsule format, and the capsule
550update functionality, refer Section 8.5 and Chapter 23 in the `UEFI
551specification`_. For more information on the empty capsule, refer the
552sections 2.3.2 and 2.3.3 in the `Dependable Boot specification`_.
553
554A typical accept empty capsule entry node would then look something
555like this::
556
557 empty-capsule {
558 type = "efi-empty-capsule";
559 /* GUID of the image being accepted */
560 image-type-id = SANDBOX_UBOOT_IMAGE_GUID;
561 capsule-type = "accept";
562 };
563
564A typical revert empty capsule entry node would then look something
565like this::
566
567 empty-capsule {
568 type = "efi-empty-capsule";
569 capsule-type = "revert";
570 };
571
572The empty capsules do not have any input payload image.
573
574.. _`UEFI specification`: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf
575.. _`Dependable Boot specification`: https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
576
577
578
Christian Taedckebc454362023-07-17 09:05:52 +0200579.. _etype_encrypted:
580
581Entry: encrypted: Externally built encrypted binary blob
582--------------------------------------------------------
583
584This entry provides the functionality to include information about how to
585decrypt an encrypted binary. This information is added to the
586resulting device tree by adding a new cipher node in the entry's parent
587node (i.e. the binary).
588
589The key that must be used to decrypt the binary is either directly embedded
590in the device tree or indirectly by specifying a key source. The key source
591can be used as an id of a key that is stored in an external device.
592
593Using an embedded key
594~~~~~~~~~~~~~~~~~~~~~
595
596This is an example using an embedded key::
597
598 blob-ext {
599 filename = "encrypted-blob.bin";
600 };
601
602 encrypted {
603 algo = "aes256-gcm";
604 iv-filename = "encrypted-blob.bin.iv";
605 key-filename = "encrypted-blob.bin.key";
606 };
607
608This entry generates the following device tree structure form the example
609above::
610
611 data = [...]
612 cipher {
613 algo = "aes256-gcm";
614 key = <0x...>;
615 iv = <0x...>;
616 };
617
618The data property is generated by the blob-ext etype, the cipher node and
619its content is generated by this etype.
620
621Using an external key
622~~~~~~~~~~~~~~~~~~~~~
623
624Instead of embedding the key itself into the device tree, it is also
625possible to address an externally stored key by specifying a 'key-source'
626instead of the 'key'::
627
628 blob-ext {
629 filename = "encrypted-blob.bin";
630 };
631
632 encrypted {
633 algo = "aes256-gcm";
634 iv-filename = "encrypted-blob.bin.iv";
635 key-source = "external-key-id";
636 };
637
638This entry generates the following device tree structure form the example
639above::
640
641 data = [...]
642 cipher {
643 algo = "aes256-gcm";
644 key-source = "external-key-id";
645 iv = <0x...>;
646 };
647
648Properties
649~~~~~~~~~~
650
651Properties / Entry arguments:
652 - algo: The encryption algorithm. Currently no algorithm is supported
653 out-of-the-box. Certain algorithms will be added in future
654 patches.
655 - iv-filename: The name of the file containing the initialization
656 vector (in short iv). See
657 https://en.wikipedia.org/wiki/Initialization_vector
658 - key-filename: The name of the file containing the key. Either
659 key-filename or key-source must be provided.
660 - key-source: The key that should be used. Either key-filename or
661 key-source must be provided.
662
663
664
Simon Glassa7c97782022-08-07 16:33:25 -0600665.. _etype_fdtmap:
666
Simon Glass0f621332019-07-08 14:25:27 -0600667Entry: fdtmap: An entry which contains an FDT map
668-------------------------------------------------
669
670Properties / Entry arguments:
671 None
672
673An FDT map is just a header followed by an FDT containing a list of all the
Simon Glassfb30e292019-07-20 12:23:51 -0600674entries in the image. The root node corresponds to the image node in the
675original FDT, and an image-name property indicates the image name in that
676original tree.
Simon Glass0f621332019-07-08 14:25:27 -0600677
678The header is the string _FDTMAP_ followed by 8 unused bytes.
679
680When used, this entry will be populated with an FDT map which reflects the
681entries in the current image. Hierarchy is preserved, and all offsets and
682sizes are included.
683
684Note that the -u option must be provided to ensure that binman updates the
685FDT with the position of each entry.
686
Simon Glass0ac96b62021-03-18 20:25:15 +1300687Example output for a simple image with U-Boot and an FDT map::
Simon Glass0f621332019-07-08 14:25:27 -0600688
Simon Glass0ac96b62021-03-18 20:25:15 +1300689 / {
690 image-name = "binman";
691 size = <0x00000112>;
Simon Glass0f621332019-07-08 14:25:27 -0600692 image-pos = <0x00000000>;
693 offset = <0x00000000>;
Simon Glass0ac96b62021-03-18 20:25:15 +1300694 u-boot {
695 size = <0x00000004>;
696 image-pos = <0x00000000>;
697 offset = <0x00000000>;
698 };
699 fdtmap {
700 size = <0x0000010e>;
701 image-pos = <0x00000004>;
702 offset = <0x00000004>;
703 };
Simon Glass0f621332019-07-08 14:25:27 -0600704 };
Simon Glass0f621332019-07-08 14:25:27 -0600705
Simon Glassfb30e292019-07-20 12:23:51 -0600706If allow-repack is used then 'orig-offset' and 'orig-size' properties are
707added as necessary. See the binman README.
708
Simon Glass637958f2021-11-23 21:09:50 -0700709When extracting files, an alternative 'fdt' format is available for fdtmaps.
710Use `binman extract -F fdt ...` to use this. It will export a devicetree,
711without the fdtmap header, so it can be viewed with `fdtdump`.
Simon Glass0f621332019-07-08 14:25:27 -0600712
713
Simon Glass637958f2021-11-23 21:09:50 -0700714
Simon Glassa7c97782022-08-07 16:33:25 -0600715.. _etype_files:
716
Simon Glass8911fa12021-03-18 20:25:16 +1300717Entry: files: A set of files arranged in a section
718--------------------------------------------------
Simon Glassac6328c2018-09-14 04:57:28 -0600719
720Properties / Entry arguments:
721 - pattern: Filename pattern to match the files to include
Simon Glass51d02ad2020-10-26 17:40:07 -0600722 - files-compress: Compression algorithm to use:
Simon Glassac6328c2018-09-14 04:57:28 -0600723 none: No compression
724 lz4: Use lz4 compression (via 'lz4' command-line utility)
Simon Glass3f093a32021-03-18 20:24:53 +1300725 - files-align: Align each file to the given alignment
Simon Glassac6328c2018-09-14 04:57:28 -0600726
727This entry reads a number of files and places each in a separate sub-entry
728within this entry. To access these you need to enable device-tree updates
729at run-time so you can obtain the file positions.
Simon Glass7a61c6b2018-07-17 13:25:37 -0600730
731
Simon Glassac6328c2018-09-14 04:57:28 -0600732
Simon Glassa7c97782022-08-07 16:33:25 -0600733.. _etype_fill:
734
Simon Glass53f53992018-07-17 13:25:40 -0600735Entry: fill: An entry which is filled to a particular byte value
736----------------------------------------------------------------
737
738Properties / Entry arguments:
739 - fill-byte: Byte to use to fill the entry
740
741Note that the size property must be set since otherwise this entry does not
742know how large it should be.
743
744You can often achieve the same effect using the pad-byte property of the
745overall image, in that the space between entries will then be padded with
746that byte. But this entry is sometimes useful for explicitly setting the
747byte value of a region.
748
749
Simon Glassc7b010d2020-07-09 18:39:45 -0600750
Simon Glassa7c97782022-08-07 16:33:25 -0600751.. _etype_fit:
752
Simon Glass8911fa12021-03-18 20:25:16 +1300753Entry: fit: Flat Image Tree (FIT)
754---------------------------------
Simon Glass45d556d2020-07-09 18:39:45 -0600755
756This calls mkimage to create a FIT (U-Boot Flat Image Tree) based on the
757input provided.
758
759Nodes for the FIT should be written out in the binman configuration just as
760they would be in a file passed to mkimage.
761
Simon Glass0ac96b62021-03-18 20:25:15 +1300762For example, this creates an image containing a FIT with U-Boot SPL::
Simon Glass45d556d2020-07-09 18:39:45 -0600763
764 binman {
765 fit {
766 description = "Test FIT";
Simon Glassa435cd12020-09-01 05:13:59 -0600767 fit,fdt-list = "of-list";
Simon Glass45d556d2020-07-09 18:39:45 -0600768
769 images {
770 kernel@1 {
771 description = "SPL";
772 os = "u-boot";
773 type = "rkspi";
774 arch = "arm";
775 compression = "none";
776 load = <0>;
777 entry = <0>;
778
779 u-boot-spl {
780 };
781 };
782 };
783 };
784 };
785
Simon Glass912339f2022-02-08 11:50:03 -0700786More complex setups can be created, with generated nodes, as described
787below.
788
789Properties (in the 'fit' node itself)
790~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
791
792Special properties have a `fit,` prefix, indicating that they should be
793processed but not included in the final FIT.
794
795The top-level 'fit' node supports the following special properties:
796
797 fit,external-offset
798 Indicates that the contents of the FIT are external and provides the
799 external offset. This is passed to mkimage via the -E and -p flags.
800
Jonas Karlmanc59ea892023-01-21 19:01:39 +0000801 fit,align
802 Indicates what alignment to use for the FIT and its external data,
803 and provides the alignment to use. This is passed to mkimage via
804 the -B flag.
805
Simon Glass912339f2022-02-08 11:50:03 -0700806 fit,fdt-list
807 Indicates the entry argument which provides the list of device tree
808 files for the gen-fdt-nodes operation (as below). This is often
809 `of-list` meaning that `-a of-list="dtb1 dtb2..."` should be passed
810 to binman.
811
Simon Glass2d94c422023-07-18 07:23:59 -0600812 fit,fdt-list-val
813 As an alternative to fit,fdt-list the list of device tree files
814 can be provided in this property as a string list, e.g.::
815
816 fit,fdt-list-val = "dtb1", "dtb2";
817
Simon Glass912339f2022-02-08 11:50:03 -0700818Substitutions
819~~~~~~~~~~~~~
820
821Node names and property values support a basic string-substitution feature.
822Available substitutions for '@' nodes (and property values) are:
823
824SEQ:
825 Sequence number of the generated fdt (1, 2, ...)
826NAME
827 Name of the dtb as provided (i.e. without adding '.dtb')
828
829The `default` property, if present, will be automatically set to the name
830if of configuration whose devicetree matches the `default-dt` entry
831argument, e.g. with `-a default-dt=sun50i-a64-pine64-lts`.
832
833Available substitutions for property values in these nodes are:
834
835DEFAULT-SEQ:
836 Sequence number of the default fdt, as provided by the 'default-dt'
837 entry argument
838
839Available operations
840~~~~~~~~~~~~~~~~~~~~
841
842You can add an operation to an '@' node to indicate which operation is
843required::
844
845 @fdt-SEQ {
846 fit,operation = "gen-fdt-nodes";
847 ...
848 };
849
850Available operations are:
851
852gen-fdt-nodes
853 Generate FDT nodes as above. This is the default if there is no
854 `fit,operation` property.
855
Simon Glass5f423422022-03-05 20:19:12 -0700856split-elf
857 Split an ELF file into a separate node for each segment.
858
Simon Glass912339f2022-02-08 11:50:03 -0700859Generating nodes from an FDT list (gen-fdt-nodes)
860~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
861
Simon Glassa435cd12020-09-01 05:13:59 -0600862U-Boot supports creating fdt and config nodes automatically. To do this,
Simon Glass9f1c6b92022-02-08 11:50:02 -0700863pass an `of-list` property (e.g. `-a of-list=file1 file2`). This tells
864binman that you want to generates nodes for two files: `file1.dtb` and
865`file2.dtb`. The `fit,fdt-list` property (see above) indicates that
866`of-list` should be used. If the property is missing you will get an error.
Simon Glassa435cd12020-09-01 05:13:59 -0600867
Simon Glass0ac96b62021-03-18 20:25:15 +1300868Then add a 'generator node', a node with a name starting with '@'::
Simon Glassa435cd12020-09-01 05:13:59 -0600869
870 images {
871 @fdt-SEQ {
872 description = "fdt-NAME";
873 type = "flat_dt";
874 compression = "none";
875 };
876 };
877
Simon Glass9f1c6b92022-02-08 11:50:02 -0700878This tells binman to create nodes `fdt-1` and `fdt-2` for each of your two
Simon Glassa435cd12020-09-01 05:13:59 -0600879files. All the properties you specify will be included in the node. This
880node acts like a template to generate the nodes. The generator node itself
881does not appear in the output - it is replaced with what binman generates.
Simon Glass9f1c6b92022-02-08 11:50:02 -0700882A 'data' property is created with the contents of the FDT file.
Simon Glassa435cd12020-09-01 05:13:59 -0600883
Simon Glass0ac96b62021-03-18 20:25:15 +1300884You can create config nodes in a similar way::
Simon Glassa435cd12020-09-01 05:13:59 -0600885
886 configurations {
887 default = "@config-DEFAULT-SEQ";
888 @config-SEQ {
889 description = "NAME";
Samuel Holland91079ac2020-10-21 21:12:14 -0500890 firmware = "atf";
891 loadables = "uboot";
Simon Glassa435cd12020-09-01 05:13:59 -0600892 fdt = "fdt-SEQ";
893 };
894 };
895
Simon Glass9f1c6b92022-02-08 11:50:02 -0700896This tells binman to create nodes `config-1` and `config-2`, i.e. a config
897for each of your two files.
Simon Glassa435cd12020-09-01 05:13:59 -0600898
Simon Glassa435cd12020-09-01 05:13:59 -0600899Note that if no devicetree files are provided (with '-a of-list' as above)
900then no nodes will be generated.
901
Simon Glass5f423422022-03-05 20:19:12 -0700902Generating nodes from an ELF file (split-elf)
903~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
904
905This uses the node as a template to generate multiple nodes. The following
906special properties are available:
907
908split-elf
909 Split an ELF file into a separate node for each segment. This uses the
910 node as a template to generate multiple nodes. The following special
911 properties are available:
912
913 fit,load
914 Generates a `load = <...>` property with the load address of the
915 segment
916
917 fit,entry
918 Generates a `entry = <...>` property with the entry address of the
919 ELF. This is only produced for the first entry
920
921 fit,data
922 Generates a `data = <...>` property with the contents of the segment
923
Jonas Karlman490f73c2023-01-21 19:02:12 +0000924 fit,firmware
925 Generates a `firmware = <...>` property. Provides a list of possible
926 nodes to be used as the `firmware` property value. The first valid
927 node is picked as the firmware. Any remaining valid nodes is
928 prepended to the `loadable` property generated by `fit,loadables`
929
Simon Glass5f423422022-03-05 20:19:12 -0700930 fit,loadables
931 Generates a `loadable = <...>` property with a list of the generated
932 nodes (including all nodes if this operation is used multiple times)
933
934
935Here is an example showing ATF, TEE and a device tree all combined::
936
937 fit {
938 description = "test-desc";
939 #address-cells = <1>;
940 fit,fdt-list = "of-list";
941
942 images {
943 u-boot {
944 description = "U-Boot (64-bit)";
945 type = "standalone";
946 os = "U-Boot";
947 arch = "arm64";
948 compression = "none";
Simon Glass72cc5382022-10-20 18:22:39 -0600949 load = <CONFIG_TEXT_BASE>;
Simon Glass5f423422022-03-05 20:19:12 -0700950 u-boot-nodtb {
951 };
952 };
953 @fdt-SEQ {
954 description = "fdt-NAME.dtb";
955 type = "flat_dt";
956 compression = "none";
957 };
958 @atf-SEQ {
959 fit,operation = "split-elf";
960 description = "ARM Trusted Firmware";
961 type = "firmware";
962 arch = "arm64";
963 os = "arm-trusted-firmware";
964 compression = "none";
965 fit,load;
966 fit,entry;
967 fit,data;
968
969 atf-bl31 {
970 };
Jonas Karlmand2c7d902023-01-21 19:01:48 +0000971 hash {
972 algo = "sha256";
973 };
Simon Glass5f423422022-03-05 20:19:12 -0700974 };
975
976 @tee-SEQ {
977 fit,operation = "split-elf";
978 description = "TEE";
979 type = "tee";
980 arch = "arm64";
981 os = "tee";
982 compression = "none";
983 fit,load;
984 fit,entry;
985 fit,data;
986
987 tee-os {
988 };
Jonas Karlmand2c7d902023-01-21 19:01:48 +0000989 hash {
990 algo = "sha256";
991 };
Simon Glass5f423422022-03-05 20:19:12 -0700992 };
993 };
994
995 configurations {
996 default = "@config-DEFAULT-SEQ";
997 @config-SEQ {
998 description = "conf-NAME.dtb";
999 fdt = "fdt-SEQ";
Jonas Karlman490f73c2023-01-21 19:02:12 +00001000 fit,firmware = "atf-1", "u-boot";
Simon Glass5f423422022-03-05 20:19:12 -07001001 fit,loadables;
1002 };
1003 };
1004 };
1005
1006If ATF-BL31 is available, this generates a node for each segment in the
1007ELF file, for example::
1008
1009 images {
1010 atf-1 {
1011 data = <...contents of first segment...>;
1012 data-offset = <0x00000000>;
1013 entry = <0x00040000>;
1014 load = <0x00040000>;
1015 compression = "none";
1016 os = "arm-trusted-firmware";
1017 arch = "arm64";
1018 type = "firmware";
1019 description = "ARM Trusted Firmware";
Jonas Karlmand2c7d902023-01-21 19:01:48 +00001020 hash {
1021 algo = "sha256";
1022 value = <...hash of first segment...>;
1023 };
Simon Glass5f423422022-03-05 20:19:12 -07001024 };
1025 atf-2 {
1026 data = <...contents of second segment...>;
1027 load = <0xff3b0000>;
1028 compression = "none";
1029 os = "arm-trusted-firmware";
1030 arch = "arm64";
1031 type = "firmware";
1032 description = "ARM Trusted Firmware";
Jonas Karlmand2c7d902023-01-21 19:01:48 +00001033 hash {
1034 algo = "sha256";
1035 value = <...hash of second segment...>;
1036 };
Simon Glass5f423422022-03-05 20:19:12 -07001037 };
1038 };
1039
1040The same applies for OP-TEE if that is available.
1041
1042If each binary is not available, the relevant template node (@atf-SEQ or
1043@tee-SEQ) is removed from the output.
1044
1045This also generates a `config-xxx` node for each device tree in `of-list`.
1046Note that the U-Boot build system uses `-a of-list=$(CONFIG_OF_LIST)`
1047so you can use `CONFIG_OF_LIST` to define that list. In this example it is
1048set up for `firefly-rk3399` with a single device tree and the default set
1049with `-a default-dt=$(CONFIG_DEFAULT_DEVICE_TREE)`, so the resulting output
1050is::
1051
1052 configurations {
1053 default = "config-1";
1054 config-1 {
Jonas Karlman490f73c2023-01-21 19:02:12 +00001055 loadables = "u-boot", "atf-2", "atf-3", "tee-1", "tee-2";
Simon Glass5f423422022-03-05 20:19:12 -07001056 description = "rk3399-firefly.dtb";
1057 fdt = "fdt-1";
Jonas Karlman490f73c2023-01-21 19:02:12 +00001058 firmware = "atf-1";
Simon Glass5f423422022-03-05 20:19:12 -07001059 };
1060 };
1061
Jonas Karlman490f73c2023-01-21 19:02:12 +00001062U-Boot SPL can then load the firmware (ATF) and all the loadables (U-Boot
1063proper, ATF and TEE), then proceed with the boot.
Simon Glass5f423422022-03-05 20:19:12 -07001064
Simon Glass45d556d2020-07-09 18:39:45 -06001065
Simon Glassa7c97782022-08-07 16:33:25 -06001066
1067.. _etype_fmap:
Simon Glass45d556d2020-07-09 18:39:45 -06001068
Simon Glass7a61c6b2018-07-17 13:25:37 -06001069Entry: fmap: An entry which contains an Fmap section
1070----------------------------------------------------
1071
1072Properties / Entry arguments:
1073 None
1074
1075FMAP is a simple format used by flashrom, an open-source utility for
1076reading and writing the SPI flash, typically on x86 CPUs. The format
1077provides flashrom with a list of areas, so it knows what it in the flash.
1078It can then read or write just a single area, instead of the whole flash.
1079
1080The format is defined by the flashrom project, in the file lib/fmap.h -
1081see www.flashrom.org/Flashrom for more information.
1082
1083When used, this entry will be populated with an FMAP which reflects the
1084entries in the current image. Note that any hierarchy is squashed, since
Simon Glassb1d414c2021-04-03 11:05:10 +13001085FMAP does not support this. Sections are represented as an area appearing
1086before its contents, so that it is possible to reconstruct the hierarchy
1087from the FMAP by using the offset information. This convention does not
1088seem to be documented, but is used in Chromium OS.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001089
Simon Glasscda991e2023-02-12 17:11:15 -07001090To mark an area as preserved, use the normal 'preserved' flag in the entry.
1091This will result in the corresponding FMAP area having the
1092FMAP_AREA_PRESERVE flag. This flag does not automatically propagate down to
1093child entries.
1094
Simon Glassb1d414c2021-04-03 11:05:10 +13001095CBFS entries appear as a single entry, i.e. the sub-entries are ignored.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001096
1097
Simon Glassb1d414c2021-04-03 11:05:10 +13001098
Simon Glassa7c97782022-08-07 16:33:25 -06001099.. _etype_gbb:
1100
Simon Glassc1ae83c2018-07-17 13:25:44 -06001101Entry: gbb: An entry which contains a Chromium OS Google Binary Block
1102---------------------------------------------------------------------
1103
1104Properties / Entry arguments:
1105 - hardware-id: Hardware ID to use for this build (a string)
1106 - keydir: Directory containing the public keys to use
1107 - bmpblk: Filename containing images used by recovery
1108
1109Chromium OS uses a GBB to store various pieces of information, in particular
1110the root and recovery keys that are used to verify the boot process. Some
1111more details are here:
1112
1113 https://www.chromium.org/chromium-os/firmware-porting-guide/2-concepts
1114
1115but note that the page dates from 2013 so is quite out of date. See
1116README.chromium for how to obtain the required keys and tools.
1117
1118
Simon Glassa7c97782022-08-07 16:33:25 -06001119
1120.. _etype_image_header:
Simon Glassc1ae83c2018-07-17 13:25:44 -06001121
Simon Glasscec34ba2019-07-08 14:25:28 -06001122Entry: image-header: An entry which contains a pointer to the FDT map
1123---------------------------------------------------------------------
1124
1125Properties / Entry arguments:
1126 location: Location of header ("start" or "end" of image). This is
1127 optional. If omitted then the entry must have an offset property.
1128
1129This adds an 8-byte entry to the start or end of the image, pointing to the
1130location of the FDT map. The format is a magic number followed by an offset
1131from the start or end of the image, in twos-compliment format.
1132
1133This entry must be in the top-level part of the image.
1134
1135NOTE: If the location is at the start/end, you will probably need to specify
1136sort-by-offset for the image, unless you actually put the image header
1137first/last in the entry list.
1138
1139
1140
Simon Glassa7c97782022-08-07 16:33:25 -06001141.. _etype_intel_cmc:
1142
Simon Glass8911fa12021-03-18 20:25:16 +13001143Entry: intel-cmc: Intel Chipset Micro Code (CMC) file
1144-----------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001145
1146Properties / Entry arguments:
1147 - filename: Filename of file to read into entry
1148
1149This file contains microcode for some devices in a special format. An
1150example filename is 'Microcode/C0_22211.BIN'.
1151
1152See README.x86 for information about x86 binary blobs.
1153
1154
1155
Simon Glassa7c97782022-08-07 16:33:25 -06001156.. _etype_intel_descriptor:
1157
Simon Glass7a61c6b2018-07-17 13:25:37 -06001158Entry: intel-descriptor: Intel flash descriptor block (4KB)
1159-----------------------------------------------------------
1160
1161Properties / Entry arguments:
1162 filename: Filename of file containing the descriptor. This is typically
1163 a 4KB binary file, sometimes called 'descriptor.bin'
1164
1165This entry is placed at the start of flash and provides information about
1166the SPI flash regions. In particular it provides the base address and
1167size of the ME (Management Engine) region, allowing us to place the ME
1168binary in the right place.
1169
1170With this entry in your image, the position of the 'intel-me' entry will be
1171fixed in the image, which avoids you needed to specify an offset for that
1172region. This is useful, because it is not possible to change the position
1173of the ME region without updating the descriptor.
1174
1175See README.x86 for information about x86 binary blobs.
1176
1177
1178
Simon Glassa7c97782022-08-07 16:33:25 -06001179.. _etype_intel_fit:
1180
Simon Glass232f90c2019-08-24 07:22:50 -06001181Entry: intel-fit: Intel Firmware Image Table (FIT)
1182--------------------------------------------------
1183
1184This entry contains a dummy FIT as required by recent Intel CPUs. The FIT
1185contains information about the firmware and microcode available in the
1186image.
1187
1188At present binman only supports a basic FIT with no microcode.
1189
1190
1191
Simon Glassa7c97782022-08-07 16:33:25 -06001192.. _etype_intel_fit_ptr:
1193
Simon Glass232f90c2019-08-24 07:22:50 -06001194Entry: intel-fit-ptr: Intel Firmware Image Table (FIT) pointer
1195--------------------------------------------------------------
1196
1197This entry contains a pointer to the FIT. It is required to be at address
11980xffffffc0 in the image.
1199
1200
1201
Simon Glassa7c97782022-08-07 16:33:25 -06001202.. _etype_intel_fsp:
1203
Simon Glass8911fa12021-03-18 20:25:16 +13001204Entry: intel-fsp: Intel Firmware Support Package (FSP) file
1205-----------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001206
1207Properties / Entry arguments:
1208 - filename: Filename of file to read into entry
1209
1210This file contains binary blobs which are used on some devices to make the
1211platform work. U-Boot executes this code since it is not possible to set up
1212the hardware using U-Boot open-source code. Documentation is typically not
1213available in sufficient detail to allow this.
1214
1215An example filename is 'FSP/QUEENSBAY_FSP_GOLD_001_20-DECEMBER-2013.fd'
1216
1217See README.x86 for information about x86 binary blobs.
1218
1219
1220
Simon Glassa7c97782022-08-07 16:33:25 -06001221.. _etype_intel_fsp_m:
1222
Simon Glass8911fa12021-03-18 20:25:16 +13001223Entry: intel-fsp-m: Intel Firmware Support Package (FSP) memory init
1224--------------------------------------------------------------------
Simon Glassba7985d2019-08-24 07:23:07 -06001225
1226Properties / Entry arguments:
1227 - filename: Filename of file to read into entry
1228
1229This file contains a binary blob which is used on some devices to set up
1230SDRAM. U-Boot executes this code in SPL so that it can make full use of
1231memory. Documentation is typically not available in sufficient detail to
1232allow U-Boot do this this itself..
1233
1234An example filename is 'fsp_m.bin'
1235
1236See README.x86 for information about x86 binary blobs.
1237
1238
Simon Glassa7c97782022-08-07 16:33:25 -06001239
1240.. _etype_intel_fsp_s:
Simon Glassba7985d2019-08-24 07:23:07 -06001241
Simon Glass8911fa12021-03-18 20:25:16 +13001242Entry: intel-fsp-s: Intel Firmware Support Package (FSP) silicon init
1243---------------------------------------------------------------------
Simon Glass4d9086d2019-10-20 21:31:35 -06001244
1245Properties / Entry arguments:
1246 - filename: Filename of file to read into entry
1247
1248This file contains a binary blob which is used on some devices to set up
1249the silicon. U-Boot executes this code in U-Boot proper after SDRAM is
1250running, so that it can make full use of memory. Documentation is typically
1251not available in sufficient detail to allow U-Boot do this this itself.
1252
1253An example filename is 'fsp_s.bin'
1254
1255See README.x86 for information about x86 binary blobs.
1256
1257
1258
Simon Glassa7c97782022-08-07 16:33:25 -06001259.. _etype_intel_fsp_t:
1260
Simon Glass8911fa12021-03-18 20:25:16 +13001261Entry: intel-fsp-t: Intel Firmware Support Package (FSP) temp ram init
1262----------------------------------------------------------------------
Simon Glass9ea87b22019-10-20 21:31:36 -06001263
1264Properties / Entry arguments:
1265 - filename: Filename of file to read into entry
1266
1267This file contains a binary blob which is used on some devices to set up
1268temporary memory (Cache-as-RAM or CAR). U-Boot executes this code in TPL so
1269that it has access to memory for its stack and initial storage.
1270
1271An example filename is 'fsp_t.bin'
1272
1273See README.x86 for information about x86 binary blobs.
1274
1275
Simon Glassa7c97782022-08-07 16:33:25 -06001276
1277.. _etype_intel_ifwi:
Simon Glass9ea87b22019-10-20 21:31:36 -06001278
Simon Glass8911fa12021-03-18 20:25:16 +13001279Entry: intel-ifwi: Intel Integrated Firmware Image (IFWI) file
1280--------------------------------------------------------------
Simon Glassc2f1aed2019-07-08 13:18:56 -06001281
1282Properties / Entry arguments:
1283 - filename: Filename of file to read into entry. This is either the
1284 IFWI file itself, or a file that can be converted into one using a
1285 tool
1286 - convert-fit: If present this indicates that the ifwitool should be
1287 used to convert the provided file into a IFWI.
1288
1289This file contains code and data used by the SoC that is required to make
1290it work. It includes U-Boot TPL, microcode, things related to the CSE
1291(Converged Security Engine, the microcontroller that loads all the firmware)
1292and other items beyond the wit of man.
1293
1294A typical filename is 'ifwi.bin' for an IFWI file, or 'fitimage.bin' for a
1295file that will be converted to an IFWI.
1296
1297The position of this entry is generally set by the intel-descriptor entry.
1298
1299The contents of the IFWI are specified by the subnodes of the IFWI node.
1300Each subnode describes an entry which is placed into the IFWFI with a given
1301sub-partition (and optional entry name).
1302
Simon Glass8a5e2492019-08-24 07:22:47 -06001303Properties for subnodes:
Simon Glass0ac96b62021-03-18 20:25:15 +13001304 - ifwi-subpart: sub-parition to put this entry into, e.g. "IBBP"
1305 - ifwi-entry: entry name t use, e.g. "IBBL"
1306 - ifwi-replace: if present, indicates that the item should be replaced
1307 in the IFWI. Otherwise it is added.
Simon Glass8a5e2492019-08-24 07:22:47 -06001308
Simon Glassc2f1aed2019-07-08 13:18:56 -06001309See README.x86 for information about x86 binary blobs.
1310
1311
1312
Simon Glassa7c97782022-08-07 16:33:25 -06001313.. _etype_intel_me:
1314
Simon Glass8911fa12021-03-18 20:25:16 +13001315Entry: intel-me: Intel Management Engine (ME) file
1316--------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001317
1318Properties / Entry arguments:
1319 - filename: Filename of file to read into entry
1320
1321This file contains code used by the SoC that is required to make it work.
1322The Management Engine is like a background task that runs things that are
Thomas Hebbfd37f242019-11-13 18:18:03 -08001323not clearly documented, but may include keyboard, display and network
Simon Glass7a61c6b2018-07-17 13:25:37 -06001324access. For platform that use ME it is not possible to disable it. U-Boot
1325does not directly execute code in the ME binary.
1326
1327A typical filename is 'me.bin'.
1328
Simon Glassc4056b82019-07-08 13:18:38 -06001329The position of this entry is generally set by the intel-descriptor entry.
1330
Simon Glass7a61c6b2018-07-17 13:25:37 -06001331See README.x86 for information about x86 binary blobs.
1332
1333
1334
Simon Glassa7c97782022-08-07 16:33:25 -06001335.. _etype_intel_mrc:
1336
Simon Glass8911fa12021-03-18 20:25:16 +13001337Entry: intel-mrc: Intel Memory Reference Code (MRC) file
1338--------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001339
1340Properties / Entry arguments:
1341 - filename: Filename of file to read into entry
1342
1343This file contains code for setting up the SDRAM on some Intel systems. This
1344is executed by U-Boot when needed early during startup. A typical filename
1345is 'mrc.bin'.
1346
1347See README.x86 for information about x86 binary blobs.
1348
1349
1350
Simon Glassa7c97782022-08-07 16:33:25 -06001351.. _etype_intel_refcode:
1352
Simon Glass8911fa12021-03-18 20:25:16 +13001353Entry: intel-refcode: Intel Reference Code file
1354-----------------------------------------------
Simon Glass17b84eb2019-05-17 22:00:53 -06001355
1356Properties / Entry arguments:
1357 - filename: Filename of file to read into entry
1358
1359This file contains code for setting up the platform on some Intel systems.
1360This is executed by U-Boot when needed early during startup. A typical
1361filename is 'refcode.bin'.
1362
1363See README.x86 for information about x86 binary blobs.
1364
1365
1366
Simon Glassa7c97782022-08-07 16:33:25 -06001367.. _etype_intel_vbt:
1368
Simon Glass8911fa12021-03-18 20:25:16 +13001369Entry: intel-vbt: Intel Video BIOS Table (VBT) file
1370---------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001371
1372Properties / Entry arguments:
1373 - filename: Filename of file to read into entry
1374
1375This file contains code that sets up the integrated graphics subsystem on
1376some Intel SoCs. U-Boot executes this when the display is started up.
1377
1378See README.x86 for information about Intel binary blobs.
1379
1380
1381
Simon Glassa7c97782022-08-07 16:33:25 -06001382.. _etype_intel_vga:
1383
Simon Glass8911fa12021-03-18 20:25:16 +13001384Entry: intel-vga: Intel Video Graphics Adaptor (VGA) file
1385---------------------------------------------------------
Simon Glass7a61c6b2018-07-17 13:25:37 -06001386
1387Properties / Entry arguments:
1388 - filename: Filename of file to read into entry
1389
1390This file contains code that sets up the integrated graphics subsystem on
1391some Intel SoCs. U-Boot executes this when the display is started up.
1392
1393This is similar to the VBT file but in a different format.
1394
1395See README.x86 for information about Intel binary blobs.
1396
1397
1398
Simon Glassa7c97782022-08-07 16:33:25 -06001399.. _etype_mkimage:
1400
Simon Glass8911fa12021-03-18 20:25:16 +13001401Entry: mkimage: Binary produced by mkimage
1402------------------------------------------
Simon Glass48f3aad2020-07-09 18:39:31 -06001403
1404Properties / Entry arguments:
Simon Glass42074dc2022-08-13 11:40:47 -06001405 - args: Arguments to pass
Simon Glass8fbca772022-08-13 11:40:48 -06001406 - data-to-imagename: Indicates that the -d data should be passed in as
1407 the image name also (-n)
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001408 - multiple-data-files: boolean to tell binman to pass all files as
1409 datafiles to mkimage instead of creating a temporary file the result
1410 of datafiles concatenation
Simon Glassda6a9082023-01-07 14:07:10 -07001411 - filename: filename of output binary generated by mkimage
Simon Glass48f3aad2020-07-09 18:39:31 -06001412
Simon Glass42074dc2022-08-13 11:40:47 -06001413The data passed to mkimage via the -d flag is collected from subnodes of the
1414mkimage node, e.g.::
Simon Glass48f3aad2020-07-09 18:39:31 -06001415
1416 mkimage {
Simon Glassda6a9082023-01-07 14:07:10 -07001417 filename = "imximage.bin";
Simon Glass48f3aad2020-07-09 18:39:31 -06001418 args = "-n test -T imximage";
1419
1420 u-boot-spl {
1421 };
1422 };
1423
Simon Glass42074dc2022-08-13 11:40:47 -06001424This calls mkimage to create an imximage with `u-boot-spl.bin` as the data
Simon Glassda6a9082023-01-07 14:07:10 -07001425file, with mkimage being called like this::
Simon Glass42074dc2022-08-13 11:40:47 -06001426
1427 mkimage -d <data_file> -n test -T imximage <output_file>
1428
1429The output from mkimage then becomes part of the image produced by
Simon Glassda6a9082023-01-07 14:07:10 -07001430binman but also is written into `imximage.bin` file. If you need to put
1431multiple things in the data file, you can use a section, or just multiple
1432subnodes like this::
Simon Glass42074dc2022-08-13 11:40:47 -06001433
1434 mkimage {
1435 args = "-n test -T imximage";
1436
1437 u-boot-spl {
1438 };
1439
1440 u-boot-tpl {
1441 };
1442 };
Simon Glass48f3aad2020-07-09 18:39:31 -06001443
Simon Glassda6a9082023-01-07 14:07:10 -07001444Note that binman places the contents (here SPL and TPL) into a single file
1445and passes that to mkimage using the -d option.
1446
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001447To pass all datafiles untouched to mkimage::
1448
1449 mkimage {
Simon Glassda6a9082023-01-07 14:07:10 -07001450 args = "-n rk3399 -T rkspi";
1451 multiple-data-files;
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001452
Simon Glassda6a9082023-01-07 14:07:10 -07001453 u-boot-tpl {
1454 };
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001455
Simon Glassda6a9082023-01-07 14:07:10 -07001456 u-boot-spl {
1457 };
Quentin Schulz9b5c6482022-09-02 15:10:48 +02001458 };
1459
1460This calls mkimage to create a Rockchip RK3399-specific first stage
1461bootloader, made of TPL+SPL. Since this first stage bootloader requires to
1462align the TPL and SPL but also some weird hacks that is handled by mkimage
1463directly, binman is told to not perform the concatenation of datafiles prior
1464to passing the data to mkimage.
1465
Simon Glass948dd3a2022-02-08 11:49:58 -07001466To use CONFIG options in the arguments, use a string list instead, as in
1467this example which also produces four arguments::
1468
1469 mkimage {
1470 args = "-n", CONFIG_SYS_SOC, "-T imximage";
1471
1472 u-boot-spl {
1473 };
1474 };
1475
Simon Glass8fbca772022-08-13 11:40:48 -06001476If you need to pass the input data in with the -n argument as well, then use
1477the 'data-to-imagename' property::
1478
1479 mkimage {
1480 args = "-T imximage";
Simon Glassda6a9082023-01-07 14:07:10 -07001481 data-to-imagename;
Simon Glass8fbca772022-08-13 11:40:48 -06001482
1483 u-boot-spl {
1484 };
1485 };
1486
1487That will pass the data to mkimage both as the data file (with -d) and as
Simon Glassda6a9082023-01-07 14:07:10 -07001488the image name (with -n). In both cases, a filename is passed as the
1489argument, with the actual data being in that file.
Simon Glass948dd3a2022-02-08 11:49:58 -07001490
Simon Glassda6a9082023-01-07 14:07:10 -07001491If need to pass different data in with -n, then use an `imagename` subnode::
Simon Glassb1669752022-08-13 11:40:49 -06001492
1493 mkimage {
1494 args = "-T imximage";
1495
1496 imagename {
1497 blob {
1498 filename = "spl/u-boot-spl.cfgout"
1499 };
1500 };
1501
1502 u-boot-spl {
1503 };
1504 };
1505
1506This will pass in u-boot-spl as the input data and the .cfgout file as the
1507-n data.
1508
Simon Glassa7c97782022-08-07 16:33:25 -06001509
Simon Glassda6a9082023-01-07 14:07:10 -07001510
Simon Glassa4948b22023-01-11 16:10:14 -07001511.. _etype_null:
1512
1513Entry: null: An entry which has no contents of its own
1514------------------------------------------------------
1515
1516Note that the size property must be set since otherwise this entry does not
1517know how large it should be.
1518
1519The contents are set by the containing section, e.g. the section's pad
1520byte.
1521
1522
1523
Simon Glassa7c97782022-08-07 16:33:25 -06001524.. _etype_opensbi:
Simon Glass48f3aad2020-07-09 18:39:31 -06001525
Bin Mengc0b15742021-05-10 20:23:33 +08001526Entry: opensbi: RISC-V OpenSBI fw_dynamic blob
1527----------------------------------------------
1528
1529Properties / Entry arguments:
1530 - opensbi-path: Filename of file to read into entry. This is typically
1531 called fw_dynamic.bin
1532
1533This entry holds the run-time firmware, typically started by U-Boot SPL.
1534See the U-Boot README for your architecture or board for how to use it. See
1535https://github.com/riscv/opensbi for more information about OpenSBI.
1536
1537
1538
Simon Glassa7c97782022-08-07 16:33:25 -06001539.. _etype_powerpc_mpc85xx_bootpg_resetvec:
1540
Jagdish Gediya311d4842018-09-03 21:35:08 +05301541Entry: powerpc-mpc85xx-bootpg-resetvec: PowerPC mpc85xx bootpg + resetvec code for U-Boot
1542-----------------------------------------------------------------------------------------
1543
1544Properties / Entry arguments:
1545 - filename: Filename of u-boot-br.bin (default 'u-boot-br.bin')
1546
Thomas Hebbfd37f242019-11-13 18:18:03 -08001547This entry is valid for PowerPC mpc85xx cpus. This entry holds
Jagdish Gediya311d4842018-09-03 21:35:08 +05301548'bootpg + resetvec' code for PowerPC mpc85xx CPUs which needs to be
1549placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'.
1550
Simon Glass136dd352020-10-26 17:39:59 -06001551
Simon Glassa7c97782022-08-07 16:33:25 -06001552
1553.. _etype_pre_load:
Simon Glass136dd352020-10-26 17:39:59 -06001554
Philippe Reynesebe96cb2022-03-28 22:57:04 +02001555Entry: pre-load: Pre load image header
1556--------------------------------------
1557
1558Properties / Entry arguments:
Simon Glass9f571582022-08-13 11:40:43 -06001559 - pre-load-key-path: Path of the directory that store key (provided by
1560 the environment variable PRE_LOAD_KEY_PATH)
Philippe Reynesebe96cb2022-03-28 22:57:04 +02001561 - content: List of phandles to entries to sign
1562 - algo-name: Hash and signature algo to use for the signature
1563 - padding-name: Name of the padding (pkcs-1.5 or pss)
1564 - key-name: Filename of the private key to sign
1565 - header-size: Total size of the header
1566 - version: Version of the header
1567
1568This entry creates a pre-load header that contains a global
1569image signature.
1570
1571For example, this creates an image with a pre-load header and a binary::
1572
1573 binman {
1574 image2 {
1575 filename = "sandbox.bin";
1576
1577 pre-load {
1578 content = <&image>;
1579 algo-name = "sha256,rsa2048";
1580 padding-name = "pss";
1581 key-name = "private.pem";
1582 header-size = <4096>;
1583 version = <1>;
1584 };
1585
1586 image: blob-ext {
1587 filename = "sandbox.itb";
1588 };
1589 };
1590 };
1591
1592
1593
Jonas Karlman35305492023-02-25 19:01:33 +00001594.. _etype_rockchip_tpl:
1595
1596Entry: rockchip-tpl: Rockchip TPL binary
1597----------------------------------------
1598
1599Properties / Entry arguments:
1600 - rockchip-tpl-path: Filename of file to read into the entry,
1601 typically <soc>_ddr_<version>.bin
1602
1603This entry holds an external TPL binary used by some Rockchip SoCs
1604instead of normal U-Boot TPL, typically to initialize DRAM.
1605
1606
1607
Simon Glassa7c97782022-08-07 16:33:25 -06001608.. _etype_scp:
1609
Simon Glass8911fa12021-03-18 20:25:16 +13001610Entry: scp: System Control Processor (SCP) firmware blob
1611--------------------------------------------------------
Simon Glass136dd352020-10-26 17:39:59 -06001612
1613Properties / Entry arguments:
1614 - scp-path: Filename of file to read into the entry, typically scp.bin
1615
1616This entry holds firmware for an external platform-specific coprocessor.
Jagdish Gediya311d4842018-09-03 21:35:08 +05301617
1618
Simon Glass136dd352020-10-26 17:39:59 -06001619
Simon Glassa7c97782022-08-07 16:33:25 -06001620.. _etype_section:
1621
Simon Glass7a61c6b2018-07-17 13:25:37 -06001622Entry: section: Entry that contains other entries
1623-------------------------------------------------
1624
Simon Glasscc9a41c2021-11-23 11:03:49 -07001625A section is an entry which can contain other entries, thus allowing
1626hierarchical images to be created. See 'Sections and hierarchical images'
1627in the binman README for more information.
1628
1629The base implementation simply joins the various entries together, using
1630various rules about alignment, etc.
1631
1632Subclassing
1633~~~~~~~~~~~
1634
1635This class can be subclassed to support other file formats which hold
1636multiple entries, such as CBFS. To do this, override the following
1637functions. The documentation here describes what your function should do.
1638For example code, see etypes which subclass `Entry_section`, or `cbfs.py`
1639for a more involved example::
1640
1641 $ grep -l \(Entry_section tools/binman/etype/*.py
1642
1643ReadNode()
1644 Call `super().ReadNode()`, then read any special properties for the
1645 section. Then call `self.ReadEntries()` to read the entries.
1646
1647 Binman calls this at the start when reading the image description.
1648
1649ReadEntries()
1650 Read in the subnodes of the section. This may involve creating entries
1651 of a particular etype automatically, as well as reading any special
1652 properties in the entries. For each entry, entry.ReadNode() should be
1653 called, to read the basic entry properties. The properties should be
1654 added to `self._entries[]`, in the correct order, with a suitable name.
1655
1656 Binman calls this at the start when reading the image description.
1657
1658BuildSectionData(required)
1659 Create the custom file format that you want and return it as bytes.
1660 This likely sets up a file header, then loops through the entries,
1661 adding them to the file. For each entry, call `entry.GetData()` to
1662 obtain the data. If that returns None, and `required` is False, then
1663 this method must give up and return None. But if `required` is True then
1664 it should assume that all data is valid.
1665
1666 Binman calls this when packing the image, to find out the size of
1667 everything. It is called again at the end when building the final image.
1668
1669SetImagePos(image_pos):
1670 Call `super().SetImagePos(image_pos)`, then set the `image_pos` values
1671 for each of the entries. This should use the custom file format to find
1672 the `start offset` (and `image_pos`) of each entry. If the file format
1673 uses compression in such a way that there is no offset available (other
1674 than reading the whole file and decompressing it), then the offsets for
1675 affected entries can remain unset (`None`). The size should also be set
1676 if possible.
Simon Glass0ac96b62021-03-18 20:25:15 +13001677
Simon Glasscc9a41c2021-11-23 11:03:49 -07001678 Binman calls this after the image has been packed, to update the
1679 location that all the entries ended up at.
Simon Glass0ac96b62021-03-18 20:25:15 +13001680
Simon Glass637958f2021-11-23 21:09:50 -07001681ReadChildData(child, decomp, alt_format):
Simon Glasscc9a41c2021-11-23 11:03:49 -07001682 The default version of this may be good enough, if you are able to
1683 implement SetImagePos() correctly. But that is a bit of a bypass, so
1684 you can override this method to read from your custom file format. It
1685 should read the entire entry containing the custom file using
1686 `super().ReadData(True)`, then parse the file to get the data for the
1687 given child, then return that data.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001688
Simon Glasscc9a41c2021-11-23 11:03:49 -07001689 If your file format supports compression, the `decomp` argument tells
1690 you whether to return the compressed data (`decomp` is False) or to
1691 uncompress it first, then return the uncompressed data (`decomp` is
1692 True). This is used by the `binman extract -U` option.
Simon Glass21db0ff2020-09-01 05:13:54 -06001693
Simon Glass637958f2021-11-23 21:09:50 -07001694 If your entry supports alternative formats, the alt_format provides the
1695 alternative format that the user has selected. Your function should
1696 return data in that format. This is used by the 'binman extract -l'
1697 option.
1698
Simon Glasscc9a41c2021-11-23 11:03:49 -07001699 Binman calls this when reading in an image, in order to populate all the
1700 entries with the data from that image (`binman ls`).
1701
1702WriteChildData(child):
1703 Binman calls this after `child.data` is updated, to inform the custom
1704 file format about this, in case it needs to do updates.
1705
1706 The default version of this does nothing and probably needs to be
1707 overridden for the 'binman replace' command to work. Your version should
1708 use `child.data` to update the data for that child in the custom file
1709 format.
1710
1711 Binman calls this when updating an image that has been read in and in
1712 particular to update the data for a particular entry (`binman replace`)
1713
1714Properties / Entry arguments
1715~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1716
1717See :ref:`develop/package/binman:Image description format` for more
1718information.
1719
1720align-default
1721 Default alignment for this section, if no alignment is given in the
1722 entry
1723
1724pad-byte
1725 Pad byte to use when padding
1726
1727sort-by-offset
1728 True if entries should be sorted by offset, False if they must be
1729 in-order in the device tree description
1730
1731end-at-4gb
1732 Used to build an x86 ROM which ends at 4GB (2^32)
1733
1734name-prefix
1735 Adds a prefix to the name of every entry in the section when writing out
1736 the map
1737
1738skip-at-start
1739 Number of bytes before the first entry starts. These effectively adjust
1740 the starting offset of entries. For example, if this is 16, then the
1741 first entry would start at 16. An entry with offset = 20 would in fact
1742 be written at offset 4 in the image file, since the first 16 bytes are
1743 skipped when writing.
Simon Glassb1d414c2021-04-03 11:05:10 +13001744
Simon Glassda6a9082023-01-07 14:07:10 -07001745filename
1746 filename to write the unpadded section contents to within the output
1747 directory (None to skip this).
1748
Simon Glass39dd2152019-07-08 14:25:47 -06001749Since a section is also an entry, it inherits all the properies of entries
1750too.
1751
Simon Glasscc9a41c2021-11-23 11:03:49 -07001752Note that the `allow_missing` member controls whether this section permits
1753external blobs to be missing their contents. The option will produce an
1754image but of course it will not work. It is useful to make sure that
1755Continuous Integration systems can build without the binaries being
1756available. This is set by the `SetAllowMissing()` method, if
1757`--allow-missing` is passed to binman.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001758
1759
1760
Simon Glassa7c97782022-08-07 16:33:25 -06001761.. _etype_tee_os:
1762
Roger Quadros5cdcea02022-02-19 20:50:04 +02001763Entry: tee-os: Entry containing an OP-TEE Trusted OS (TEE) blob
1764---------------------------------------------------------------
1765
1766Properties / Entry arguments:
1767 - tee-os-path: Filename of file to read into entry. This is typically
Simon Glassad5cfe12023-01-07 14:07:14 -07001768 called tee.bin or tee.elf
Roger Quadros5cdcea02022-02-19 20:50:04 +02001769
1770This entry holds the run-time firmware, typically started by U-Boot SPL.
1771See the U-Boot README for your architecture or board for how to use it. See
1772https://github.com/OP-TEE/optee_os for more information about OP-TEE.
1773
Simon Glassad5cfe12023-01-07 14:07:14 -07001774Note that if the file is in ELF format, it must go in a FIT. In that case,
1775this entry will mark itself as absent, providing the data only through the
1776read_elf_segments() method.
1777
1778Marking this entry as absent means that it if is used in the wrong context
1779it can be automatically dropped. Thus it is possible to add an OP-TEE entry
1780like this::
1781
1782 binman {
1783 tee-os {
1784 };
1785 };
1786
1787and pass either an ELF or plain binary in with -a tee-os-path <filename>
1788and have binman do the right thing:
1789
1790 - include the entry if tee.bin is provided and it does NOT have the v1
1791 header
1792 - drop it otherwise
1793
1794When used within a FIT, we can do::
1795
1796 binman {
1797 fit {
1798 tee-os {
1799 };
1800 };
1801 };
1802
1803which will split the ELF into separate nodes for each segment, if an ELF
1804file is provided (see :ref:`etype_fit`), or produce a single node if the
1805OP-TEE binary v1 format is provided (see optee_doc_) .
1806
1807.. _optee_doc: https://optee.readthedocs.io/en/latest/architecture/core.html#partitioning-of-the-binary
1808
Roger Quadros5cdcea02022-02-19 20:50:04 +02001809
1810
Simon Glassa7c97782022-08-07 16:33:25 -06001811.. _etype_text:
1812
Simon Glass7a61c6b2018-07-17 13:25:37 -06001813Entry: text: An entry which contains text
1814-----------------------------------------
1815
1816The text can be provided either in the node itself or by a command-line
1817argument. There is a level of indirection to allow multiple text strings
1818and sharing of text.
1819
1820Properties / Entry arguments:
1821 text-label: The value of this string indicates the property / entry-arg
1822 that contains the string to place in the entry
1823 <xxx> (actual name is the value of text-label): contains the string to
1824 place in the entry.
Simon Glass47f6a622019-07-08 13:18:40 -06001825 <text>: The text to place in the entry (overrides the above mechanism).
1826 This is useful when the text is constant.
Simon Glass7a61c6b2018-07-17 13:25:37 -06001827
Simon Glass0ac96b62021-03-18 20:25:15 +13001828Example node::
Simon Glass7a61c6b2018-07-17 13:25:37 -06001829
1830 text {
1831 size = <50>;
1832 text-label = "message";
1833 };
1834
1835You can then use:
1836
1837 binman -amessage="this is my message"
1838
1839and binman will insert that string into the entry.
1840
Simon Glass0ac96b62021-03-18 20:25:15 +13001841It is also possible to put the string directly in the node::
Simon Glass7a61c6b2018-07-17 13:25:37 -06001842
1843 text {
1844 size = <8>;
1845 text-label = "message";
1846 message = "a message directly in the node"
1847 };
1848
Simon Glass0ac96b62021-03-18 20:25:15 +13001849or just::
Simon Glass47f6a622019-07-08 13:18:40 -06001850
1851 text {
1852 size = <8>;
1853 text = "some text directly in the node"
1854 };
1855
Simon Glass7a61c6b2018-07-17 13:25:37 -06001856The text is not itself nul-terminated. This can be achieved, if required,
1857by setting the size of the entry to something larger than the text.
1858
1859
1860
Neha Malcom Francis3b788942023-07-22 00:14:24 +05301861.. _etype_ti_board_config:
1862
1863Entry: ti-board-config: An entry containing a TI schema validated board config binary
1864-------------------------------------------------------------------------------------
1865
1866This etype supports generation of two kinds of board configuration
1867binaries: singular board config binary as well as combined board config
1868binary.
1869
1870Properties / Entry arguments:
1871 - config-file: File containing board configuration data in YAML
1872 - schema-file: File containing board configuration YAML schema against
1873 which the config file is validated
1874
1875Output files:
1876 - board config binary: File containing board configuration binary
1877
1878These above parameters are used only when the generated binary is
1879intended to be a single board configuration binary. Example::
1880
1881 my-ti-board-config {
1882 ti-board-config {
1883 config = "board-config.yaml";
1884 schema = "schema.yaml";
1885 };
1886 };
1887
1888To generate a combined board configuration binary, we pack the
1889needed individual binaries into a ti-board-config binary. In this case,
1890the available supported subnode names are board-cfg, pm-cfg, sec-cfg and
1891rm-cfg. The final binary is prepended with a header containing details about
1892the included board config binaries. Example::
1893
1894 my-combined-ti-board-config {
1895 ti-board-config {
1896 board-cfg {
1897 config = "board-cfg.yaml";
1898 schema = "schema.yaml";
1899 };
1900 sec-cfg {
1901 config = "sec-cfg.yaml";
1902 schema = "schema.yaml";
1903 };
1904 }
1905 }
1906
1907
1908
Neha Malcom Francis59be2552023-12-05 15:12:18 +05301909.. _etype_ti_dm:
1910
1911Entry: ti-dm: TI Device Manager (DM) blob
1912-----------------------------------------
1913
1914Properties / Entry arguments:
1915 - ti-dm-path: Filename of file to read into the entry, typically ti-dm.bin
1916
1917This entry holds the device manager responsible for resource and power management
1918in K3 devices. See https://software-dl.ti.com/tisci/esd/latest/ for more information
1919about TI DM.
1920
1921
1922
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05301923.. _etype_ti_secure:
1924
1925Entry: ti-secure: Entry containing a TI x509 certificate binary
1926---------------------------------------------------------------
1927
1928Properties / Entry arguments:
1929 - content: List of phandles to entries to sign
1930 - keyfile: Filename of file containing key to sign binary with
1931 - sha: Hash function to be used for signing
1932
1933Output files:
1934 - input.<unique_name> - input file passed to openssl
1935 - config.<unique_name> - input file generated for openssl (which is
1936 used as the config file)
1937 - cert.<unique_name> - output file generated by openssl (which is
1938 used as the entry contents)
1939
1940openssl signs the provided data, using the TI templated config file and
1941writes the signature in this entry. This allows verification that the
1942data is genuine.
1943
1944
1945
1946.. _etype_ti_secure_rom:
1947
1948Entry: ti-secure-rom: Entry containing a TI x509 certificate binary for images booted by ROM
1949--------------------------------------------------------------------------------------------
1950
1951Properties / Entry arguments:
1952 - keyfile: Filename of file containing key to sign binary with
1953 - combined: boolean if device follows combined boot flow
1954 - countersign: boolean if device contains countersigned system firmware
1955 - load: load address of SPL
1956 - sw-rev: software revision
1957 - sha: Hash function to be used for signing
1958 - core: core on which bootloader runs, valid cores are 'secure' and 'public'
1959 - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
1960 in case of combined bootflow
Neha Malcom Francis14e93422023-10-23 13:31:02 +05301961 - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
Neha Malcom Francis5f5f0a62023-07-22 00:14:25 +05301962
1963The following properties are only for generating a combined bootflow binary:
1964 - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
1965 - dm-data: boolean if binary contains dm-data binary
1966 - content-sbl: phandle of SPL binary
1967 - content-sysfw: phandle of sysfw binary
1968 - content-sysfw-data: phandle of sysfw-data or tifs-data binary
1969 - content-sysfw-inner-cert (optional): phandle of sysfw inner certificate binary
1970 - content-dm-data (optional): phandle of dm-data binary
1971 - load-sysfw: load address of sysfw binary
1972 - load-sysfw-data: load address of sysfw-data or tifs-data binary
1973 - load-sysfw-inner-cert (optional): load address of sysfw inner certificate binary
1974 - load-dm-data (optional): load address of dm-data binary
1975
1976Output files:
1977 - input.<unique_name> - input file passed to openssl
1978 - config.<unique_name> - input file generated for openssl (which is
1979 used as the config file)
1980 - cert.<unique_name> - output file generated by openssl (which is
1981 used as the entry contents)
1982
1983openssl signs the provided data, using the TI templated config file and
1984writes the signature in this entry. This allows verification that the
1985data is genuine.
1986
1987
1988
Simon Glassa7c97782022-08-07 16:33:25 -06001989.. _etype_u_boot:
1990
Simon Glass7a61c6b2018-07-17 13:25:37 -06001991Entry: u-boot: U-Boot flat binary
1992---------------------------------
1993
1994Properties / Entry arguments:
1995 - filename: Filename of u-boot.bin (default 'u-boot.bin')
1996
1997This is the U-Boot binary, containing relocation information to allow it
1998to relocate itself at runtime. The binary typically includes a device tree
Simon Glass718b5292021-03-18 20:25:07 +13001999blob at the end of it.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002000
Simon Glass18ed9962023-01-07 14:07:11 -07002001U-Boot can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002002
Simon Glass718b5292021-03-18 20:25:07 +13002003Note that this entry is automatically replaced with u-boot-expanded unless
Simon Glass7098b7f2021-03-21 18:24:30 +13002004--no-expanded is used or the node has a 'no-expanded' property.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002005
2006
Simon Glass718b5292021-03-18 20:25:07 +13002007
Simon Glassa7c97782022-08-07 16:33:25 -06002008.. _etype_u_boot_dtb:
2009
Simon Glass7a61c6b2018-07-17 13:25:37 -06002010Entry: u-boot-dtb: U-Boot device tree
2011-------------------------------------
2012
2013Properties / Entry arguments:
2014 - filename: Filename of u-boot.dtb (default 'u-boot.dtb')
2015
2016This is the U-Boot device tree, containing configuration information for
2017U-Boot. U-Boot needs this to know what devices are present and which drivers
2018to activate.
2019
Simon Glasse219aa42018-09-14 04:57:24 -06002020Note: This is mostly an internal entry type, used by others. This allows
2021binman to know which entries contain a device tree.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002022
2023
Simon Glassa7c97782022-08-07 16:33:25 -06002024
2025.. _etype_u_boot_dtb_with_ucode:
Simon Glass7a61c6b2018-07-17 13:25:37 -06002026
2027Entry: u-boot-dtb-with-ucode: A U-Boot device tree file, with the microcode removed
2028-----------------------------------------------------------------------------------
2029
2030Properties / Entry arguments:
2031 - filename: Filename of u-boot.dtb (default 'u-boot.dtb')
2032
2033See Entry_u_boot_ucode for full details of the three entries involved in
2034this process. This entry provides the U-Boot device-tree file, which
2035contains the microcode. If the microcode is not being collated into one
2036place then the offset and size of the microcode is recorded by this entry,
Simon Glass537e0062021-03-18 20:24:54 +13002037for use by u-boot-with-ucode_ptr. If it is being collated, then this
Simon Glass7a61c6b2018-07-17 13:25:37 -06002038entry deletes the microcode from the device tree (to save space) and makes
Simon Glass537e0062021-03-18 20:24:54 +13002039it available to u-boot-ucode.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002040
2041
2042
Simon Glassa7c97782022-08-07 16:33:25 -06002043.. _etype_u_boot_elf:
2044
Simon Glassb1714232018-09-14 04:57:35 -06002045Entry: u-boot-elf: U-Boot ELF image
2046-----------------------------------
2047
2048Properties / Entry arguments:
2049 - filename: Filename of u-boot (default 'u-boot')
2050
2051This is the U-Boot ELF image. It does not include a device tree but can be
2052relocated to any address for execution.
2053
2054
Simon Glassa7c97782022-08-07 16:33:25 -06002055
2056.. _etype_u_boot_env:
Simon Glassb1714232018-09-14 04:57:35 -06002057
Simon Glass136dd352020-10-26 17:39:59 -06002058Entry: u-boot-env: An entry which contains a U-Boot environment
2059---------------------------------------------------------------
2060
2061Properties / Entry arguments:
2062 - filename: File containing the environment text, with each line in the
2063 form var=value
2064
2065
Simon Glass718b5292021-03-18 20:25:07 +13002066
Simon Glassa7c97782022-08-07 16:33:25 -06002067.. _etype_u_boot_expanded:
2068
Simon Glass718b5292021-03-18 20:25:07 +13002069Entry: u-boot-expanded: U-Boot flat binary broken out into its component parts
2070------------------------------------------------------------------------------
2071
2072This is a section containing the U-Boot binary and a devicetree. Using this
2073entry type automatically creates this section, with the following entries
2074in it:
2075
2076 u-boot-nodtb
2077 u-boot-dtb
2078
2079Having the devicetree separate allows binman to update it in the final
2080image, so that the entries positions are provided to the running U-Boot.
2081
2082
Simon Glass136dd352020-10-26 17:39:59 -06002083
Simon Glassa7c97782022-08-07 16:33:25 -06002084.. _etype_u_boot_img:
2085
Simon Glass7a61c6b2018-07-17 13:25:37 -06002086Entry: u-boot-img: U-Boot legacy image
2087--------------------------------------
2088
2089Properties / Entry arguments:
2090 - filename: Filename of u-boot.img (default 'u-boot.img')
2091
2092This is the U-Boot binary as a packaged image, in legacy format. It has a
2093header which allows it to be loaded at the correct address for execution.
2094
2095You should use FIT (Flat Image Tree) instead of the legacy image for new
2096applications.
2097
2098
2099
Simon Glassa7c97782022-08-07 16:33:25 -06002100.. _etype_u_boot_nodtb:
2101
Simon Glass7a61c6b2018-07-17 13:25:37 -06002102Entry: u-boot-nodtb: U-Boot flat binary without device tree appended
2103--------------------------------------------------------------------
2104
2105Properties / Entry arguments:
Simon Glass537e0062021-03-18 20:24:54 +13002106 - filename: Filename to include (default 'u-boot-nodtb.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002107
2108This is the U-Boot binary, containing relocation information to allow it
2109to relocate itself at runtime. It does not include a device tree blob at
Simon Glass537e0062021-03-18 20:24:54 +13002110the end of it so normally cannot work without it. You can add a u-boot-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002111entry after this one, or use a u-boot entry instead, normally expands to a
2112section containing u-boot and u-boot-dtb
Simon Glass7a61c6b2018-07-17 13:25:37 -06002113
2114
2115
Simon Glassa7c97782022-08-07 16:33:25 -06002116.. _etype_u_boot_spl:
2117
Simon Glass7a61c6b2018-07-17 13:25:37 -06002118Entry: u-boot-spl: U-Boot SPL binary
2119------------------------------------
2120
2121Properties / Entry arguments:
2122 - filename: Filename of u-boot-spl.bin (default 'spl/u-boot-spl.bin')
2123
2124This is the U-Boot SPL (Secondary Program Loader) binary. This is a small
2125binary which loads before U-Boot proper, typically into on-chip SRAM. It is
2126responsible for locating, loading and jumping to U-Boot. Note that SPL is
2127not relocatable so must be loaded to the correct address in SRAM, or written
Simon Glass8425a1f2018-07-17 13:25:48 -06002128to run from the correct address if direct flash execution is possible (e.g.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002129on x86 devices).
2130
Simon Glass18ed9962023-01-07 14:07:11 -07002131SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002132
2133in the binman README for more information.
2134
2135The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2136binman uses that to look up symbols to write into the SPL binary.
2137
Simon Glass718b5292021-03-18 20:25:07 +13002138Note that this entry is automatically replaced with u-boot-spl-expanded
Simon Glass7098b7f2021-03-21 18:24:30 +13002139unless --no-expanded is used or the node has a 'no-expanded' property.
Simon Glass718b5292021-03-18 20:25:07 +13002140
Simon Glass7a61c6b2018-07-17 13:25:37 -06002141
2142
Simon Glassa7c97782022-08-07 16:33:25 -06002143.. _etype_u_boot_spl_bss_pad:
2144
Simon Glass7a61c6b2018-07-17 13:25:37 -06002145Entry: u-boot-spl-bss-pad: U-Boot SPL binary padded with a BSS region
2146---------------------------------------------------------------------
2147
2148Properties / Entry arguments:
2149 None
2150
Simon Glass308939b2021-03-18 20:24:55 +13002151This holds the padding added after the SPL binary to cover the BSS (Block
2152Started by Symbol) region. This region holds the various variables used by
2153SPL. It is set to 0 by SPL when it starts up. If you want to append data to
2154the SPL image (such as a device tree file), you must pad out the BSS region
2155to avoid the data overlapping with U-Boot variables. This entry is useful in
2156that case. It automatically pads out the entry size to cover both the code,
2157data and BSS.
2158
2159The contents of this entry will a certain number of zero bytes, determined
2160by __bss_size
Simon Glass7a61c6b2018-07-17 13:25:37 -06002161
2162The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2163binman uses that to look up the BSS address.
2164
2165
2166
Simon Glassa7c97782022-08-07 16:33:25 -06002167.. _etype_u_boot_spl_dtb:
2168
Simon Glass7a61c6b2018-07-17 13:25:37 -06002169Entry: u-boot-spl-dtb: U-Boot SPL device tree
2170---------------------------------------------
2171
2172Properties / Entry arguments:
2173 - filename: Filename of u-boot.dtb (default 'spl/u-boot-spl.dtb')
2174
2175This is the SPL device tree, containing configuration information for
2176SPL. SPL needs this to know what devices are present and which drivers
2177to activate.
2178
2179
Simon Glassa7c97782022-08-07 16:33:25 -06002180
2181.. _etype_u_boot_spl_elf:
Simon Glass7a61c6b2018-07-17 13:25:37 -06002182
Simon Glassb1714232018-09-14 04:57:35 -06002183Entry: u-boot-spl-elf: U-Boot SPL ELF image
2184-------------------------------------------
2185
2186Properties / Entry arguments:
Simon Glass5dcc21d2019-07-08 13:18:45 -06002187 - filename: Filename of SPL u-boot (default 'spl/u-boot-spl')
Simon Glassb1714232018-09-14 04:57:35 -06002188
2189This is the U-Boot SPL ELF image. It does not include a device tree but can
2190be relocated to any address for execution.
2191
Simon Glass718b5292021-03-18 20:25:07 +13002192
2193
Simon Glassa7c97782022-08-07 16:33:25 -06002194.. _etype_u_boot_spl_expanded:
2195
Simon Glass718b5292021-03-18 20:25:07 +13002196Entry: u-boot-spl-expanded: U-Boot SPL flat binary broken out into its component parts
2197--------------------------------------------------------------------------------------
2198
2199Properties / Entry arguments:
2200 - spl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2201 select)
2202
2203This is a section containing the U-Boot binary, BSS padding if needed and a
2204devicetree. Using this entry type automatically creates this section, with
2205the following entries in it:
2206
2207 u-boot-spl-nodtb
2208 u-boot-spl-bss-pad
2209 u-boot-dtb
2210
2211Having the devicetree separate allows binman to update it in the final
2212image, so that the entries positions are provided to the running U-Boot.
2213
2214This entry is selected based on the value of the 'spl-dtb' entryarg. If
2215this is non-empty (and not 'n' or '0') then this expanded entry is selected.
Simon Glassb1714232018-09-14 04:57:35 -06002216
2217
Simon Glassa7c97782022-08-07 16:33:25 -06002218
2219.. _etype_u_boot_spl_nodtb:
Simon Glass718b5292021-03-18 20:25:07 +13002220
Simon Glass7a61c6b2018-07-17 13:25:37 -06002221Entry: u-boot-spl-nodtb: SPL binary without device tree appended
2222----------------------------------------------------------------
2223
2224Properties / Entry arguments:
Simon Glass537e0062021-03-18 20:24:54 +13002225 - filename: Filename to include (default 'spl/u-boot-spl-nodtb.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002226
2227This is the U-Boot SPL binary, It does not include a device tree blob at
2228the end of it so may not be able to work without it, assuming SPL needs
Simon Glass537e0062021-03-18 20:24:54 +13002229a device tree to operate on your platform. You can add a u-boot-spl-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002230entry after this one, or use a u-boot-spl entry instead' which normally
2231expands to a section containing u-boot-spl-dtb, u-boot-spl-bss-pad and
2232u-boot-spl-dtb
Simon Glass7a61c6b2018-07-17 13:25:37 -06002233
Simon Glass18ed9962023-01-07 14:07:11 -07002234SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass31e04cb2021-03-18 20:24:56 +13002235
2236in the binman README for more information.
2237
2238The ELF file 'spl/u-boot-spl' must also be available for this to work, since
2239binman uses that to look up symbols to write into the SPL binary.
2240
Simon Glass7a61c6b2018-07-17 13:25:37 -06002241
2242
Lukas Funkeb4937da2023-07-18 13:53:15 +02002243.. _etype_u_boot_spl_pubkey_dtb:
2244
2245Entry: u-boot-spl-pubkey-dtb: U-Boot SPL device tree including public key
2246-------------------------------------------------------------------------
2247
2248Properties / Entry arguments:
2249 - key-name-hint: Public key name without extension (.crt).
2250 Default is determined by underlying
2251 bintool (fdt_add_pubkey), usually 'key'.
2252 - algo: (Optional) Algorithm used for signing. Default is determined by
2253 underlying bintool (fdt_add_pubkey), usually 'sha1,rsa2048'
2254 - required: (Optional) If present this indicates that the key must be
2255 verified for the image / configuration to be
2256 considered valid
2257
2258The following example shows an image containing an SPL which
2259is packed together with the dtb. Binman will add a signature
2260node to the dtb.
2261
2262Example node::
2263
2264 image {
2265 ...
2266 spl {
2267 filename = "spl.bin"
2268
2269 u-boot-spl-nodtb {
2270 };
2271 u-boot-spl-pubkey-dtb {
2272 algo = "sha384,rsa4096";
2273 required = "conf";
2274 key-name-hint = "dev";
2275 };
2276 };
2277 ...
2278 }
2279
2280
2281
Simon Glassa7c97782022-08-07 16:33:25 -06002282.. _etype_u_boot_spl_with_ucode_ptr:
2283
Simon Glass7a61c6b2018-07-17 13:25:37 -06002284Entry: u-boot-spl-with-ucode-ptr: U-Boot SPL with embedded microcode pointer
2285----------------------------------------------------------------------------
2286
Simon Glass3fb4f422018-09-14 04:57:32 -06002287This is used when SPL must set up the microcode for U-Boot.
2288
Simon Glass7a61c6b2018-07-17 13:25:37 -06002289See Entry_u_boot_ucode for full details of the entries involved in this
2290process.
2291
2292
2293
Simon Glassa7c97782022-08-07 16:33:25 -06002294.. _etype_u_boot_tpl:
2295
Simon Glass8425a1f2018-07-17 13:25:48 -06002296Entry: u-boot-tpl: U-Boot TPL binary
2297------------------------------------
2298
2299Properties / Entry arguments:
2300 - filename: Filename of u-boot-tpl.bin (default 'tpl/u-boot-tpl.bin')
2301
2302This is the U-Boot TPL (Tertiary Program Loader) binary. This is a small
2303binary which loads before SPL, typically into on-chip SRAM. It is
2304responsible for locating, loading and jumping to SPL, the next-stage
2305loader. Note that SPL is not relocatable so must be loaded to the correct
2306address in SRAM, or written to run from the correct address if direct
2307flash execution is possible (e.g. on x86 devices).
2308
Simon Glass18ed9962023-01-07 14:07:11 -07002309SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glass8425a1f2018-07-17 13:25:48 -06002310
2311in the binman README for more information.
2312
2313The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2314binman uses that to look up symbols to write into the TPL binary.
2315
Simon Glass718b5292021-03-18 20:25:07 +13002316Note that this entry is automatically replaced with u-boot-tpl-expanded
Simon Glass7098b7f2021-03-21 18:24:30 +13002317unless --no-expanded is used or the node has a 'no-expanded' property.
Simon Glass718b5292021-03-18 20:25:07 +13002318
Simon Glass8425a1f2018-07-17 13:25:48 -06002319
2320
Simon Glassa7c97782022-08-07 16:33:25 -06002321.. _etype_u_boot_tpl_bss_pad:
2322
Simon Glass63f41d42021-03-18 20:24:58 +13002323Entry: u-boot-tpl-bss-pad: U-Boot TPL binary padded with a BSS region
2324---------------------------------------------------------------------
2325
2326Properties / Entry arguments:
2327 None
2328
2329This holds the padding added after the TPL binary to cover the BSS (Block
2330Started by Symbol) region. This region holds the various variables used by
2331TPL. It is set to 0 by TPL when it starts up. If you want to append data to
2332the TPL image (such as a device tree file), you must pad out the BSS region
2333to avoid the data overlapping with U-Boot variables. This entry is useful in
2334that case. It automatically pads out the entry size to cover both the code,
2335data and BSS.
2336
2337The contents of this entry will a certain number of zero bytes, determined
2338by __bss_size
2339
2340The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2341binman uses that to look up the BSS address.
2342
2343
2344
Simon Glassa7c97782022-08-07 16:33:25 -06002345.. _etype_u_boot_tpl_dtb:
2346
Simon Glass8425a1f2018-07-17 13:25:48 -06002347Entry: u-boot-tpl-dtb: U-Boot TPL device tree
2348---------------------------------------------
2349
2350Properties / Entry arguments:
2351 - filename: Filename of u-boot.dtb (default 'tpl/u-boot-tpl.dtb')
2352
2353This is the TPL device tree, containing configuration information for
2354TPL. TPL needs this to know what devices are present and which drivers
2355to activate.
2356
2357
2358
Simon Glassa7c97782022-08-07 16:33:25 -06002359.. _etype_u_boot_tpl_dtb_with_ucode:
2360
Simon Glass3fb4f422018-09-14 04:57:32 -06002361Entry: u-boot-tpl-dtb-with-ucode: U-Boot TPL with embedded microcode pointer
2362----------------------------------------------------------------------------
2363
2364This is used when TPL must set up the microcode for U-Boot.
2365
2366See Entry_u_boot_ucode for full details of the entries involved in this
2367process.
2368
2369
2370
Simon Glassa7c97782022-08-07 16:33:25 -06002371.. _etype_u_boot_tpl_elf:
2372
Simon Glassa899f712019-07-08 13:18:46 -06002373Entry: u-boot-tpl-elf: U-Boot TPL ELF image
2374-------------------------------------------
2375
2376Properties / Entry arguments:
2377 - filename: Filename of TPL u-boot (default 'tpl/u-boot-tpl')
2378
2379This is the U-Boot TPL ELF image. It does not include a device tree but can
2380be relocated to any address for execution.
2381
2382
Simon Glassa7c97782022-08-07 16:33:25 -06002383
2384.. _etype_u_boot_tpl_expanded:
Simon Glassa899f712019-07-08 13:18:46 -06002385
Simon Glass718b5292021-03-18 20:25:07 +13002386Entry: u-boot-tpl-expanded: U-Boot TPL flat binary broken out into its component parts
2387--------------------------------------------------------------------------------------
2388
2389Properties / Entry arguments:
2390 - tpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2391 select)
2392
2393This is a section containing the U-Boot binary, BSS padding if needed and a
2394devicetree. Using this entry type automatically creates this section, with
2395the following entries in it:
2396
2397 u-boot-tpl-nodtb
2398 u-boot-tpl-bss-pad
2399 u-boot-dtb
2400
2401Having the devicetree separate allows binman to update it in the final
2402image, so that the entries positions are provided to the running U-Boot.
2403
2404This entry is selected based on the value of the 'tpl-dtb' entryarg. If
2405this is non-empty (and not 'n' or '0') then this expanded entry is selected.
2406
2407
2408
Simon Glassa7c97782022-08-07 16:33:25 -06002409.. _etype_u_boot_tpl_nodtb:
2410
Simon Glassc98de972021-03-18 20:24:57 +13002411Entry: u-boot-tpl-nodtb: TPL binary without device tree appended
2412----------------------------------------------------------------
2413
2414Properties / Entry arguments:
2415 - filename: Filename to include (default 'tpl/u-boot-tpl-nodtb.bin')
2416
2417This is the U-Boot TPL binary, It does not include a device tree blob at
2418the end of it so may not be able to work without it, assuming TPL needs
2419a device tree to operate on your platform. You can add a u-boot-tpl-dtb
Simon Glass718b5292021-03-18 20:25:07 +13002420entry after this one, or use a u-boot-tpl entry instead, which normally
2421expands to a section containing u-boot-tpl-dtb, u-boot-tpl-bss-pad and
2422u-boot-tpl-dtb
Simon Glassc98de972021-03-18 20:24:57 +13002423
Simon Glass18ed9962023-01-07 14:07:11 -07002424TPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassc98de972021-03-18 20:24:57 +13002425
2426in the binman README for more information.
2427
2428The ELF file 'tpl/u-boot-tpl' must also be available for this to work, since
2429binman uses that to look up symbols to write into the TPL binary.
2430
2431
Simon Glassa7c97782022-08-07 16:33:25 -06002432
2433.. _etype_u_boot_tpl_with_ucode_ptr:
Simon Glassc98de972021-03-18 20:24:57 +13002434
Simon Glass3fb4f422018-09-14 04:57:32 -06002435Entry: u-boot-tpl-with-ucode-ptr: U-Boot TPL with embedded microcode pointer
2436----------------------------------------------------------------------------
2437
2438See Entry_u_boot_ucode for full details of the entries involved in this
2439process.
2440
2441
2442
Simon Glassa7c97782022-08-07 16:33:25 -06002443.. _etype_u_boot_ucode:
2444
Simon Glass7a61c6b2018-07-17 13:25:37 -06002445Entry: u-boot-ucode: U-Boot microcode block
2446-------------------------------------------
2447
2448Properties / Entry arguments:
2449 None
2450
2451The contents of this entry are filled in automatically by other entries
2452which must also be in the image.
2453
2454U-Boot on x86 needs a single block of microcode. This is collected from
2455the various microcode update nodes in the device tree. It is also unable
2456to read the microcode from the device tree on platforms that use FSP
2457(Firmware Support Package) binaries, because the API requires that the
2458microcode is supplied before there is any SRAM available to use (i.e.
2459the FSP sets up the SRAM / cache-as-RAM but does so in the call that
2460requires the microcode!). To keep things simple, all x86 platforms handle
2461microcode the same way in U-Boot (even non-FSP platforms). This is that
2462a table is placed at _dt_ucode_base_size containing the base address and
2463size of the microcode. This is either passed to the FSP (for FSP
2464platforms), or used to set up the microcode (for non-FSP platforms).
2465This all happens in the build system since it is the only way to get
2466the microcode into a single blob and accessible without SRAM.
2467
2468There are two cases to handle. If there is only one microcode blob in
2469the device tree, then the ucode pointer it set to point to that. This
2470entry (u-boot-ucode) is empty. If there is more than one update, then
2471this entry holds the concatenation of all updates, and the device tree
2472entry (u-boot-dtb-with-ucode) is updated to remove the microcode. This
2473last step ensures that that the microcode appears in one contiguous
2474block in the image and is not unnecessarily duplicated in the device
2475tree. It is referred to as 'collation' here.
2476
2477Entry types that have a part to play in handling microcode:
2478
2479 Entry_u_boot_with_ucode_ptr:
2480 Contains u-boot-nodtb.bin (i.e. U-Boot without the device tree).
2481 It updates it with the address and size of the microcode so that
2482 U-Boot can find it early on start-up.
2483 Entry_u_boot_dtb_with_ucode:
2484 Contains u-boot.dtb. It stores the microcode in a
2485 'self.ucode_data' property, which is then read by this class to
2486 obtain the microcode if needed. If collation is performed, it
2487 removes the microcode from the device tree.
2488 Entry_u_boot_ucode:
2489 This class. If collation is enabled it reads the microcode from
2490 the Entry_u_boot_dtb_with_ucode entry, and uses it as the
2491 contents of this entry.
2492
2493
2494
Simon Glassda6a9082023-01-07 14:07:10 -07002495.. _etype_u_boot_vpl:
2496
2497Entry: u-boot-vpl: U-Boot VPL binary
2498------------------------------------
2499
2500Properties / Entry arguments:
2501 - filename: Filename of u-boot-vpl.bin (default 'vpl/u-boot-vpl.bin')
2502
2503This is the U-Boot VPL (Verifying Program Loader) binary. This is a small
2504binary which loads before SPL, typically into on-chip SRAM. It is
2505responsible for locating, loading and jumping to SPL, the next-stage
2506loader. Note that VPL is not relocatable so must be loaded to the correct
2507address in SRAM, or written to run from the correct address if direct
2508flash execution is possible (e.g. on x86 devices).
2509
Simon Glass18ed9962023-01-07 14:07:11 -07002510SPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassda6a9082023-01-07 14:07:10 -07002511
2512in the binman README for more information.
2513
2514The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2515binman uses that to look up symbols to write into the VPL binary.
2516
2517
2518
2519.. _etype_u_boot_vpl_bss_pad:
2520
2521Entry: u-boot-vpl-bss-pad: U-Boot VPL binary padded with a BSS region
2522---------------------------------------------------------------------
2523
2524Properties / Entry arguments:
2525 None
2526
2527This holds the padding added after the VPL binary to cover the BSS (Block
2528Started by Symbol) region. This region holds the various variables used by
2529VPL. It is set to 0 by VPL when it starts up. If you want to append data to
2530the VPL image (such as a device tree file), you must pad out the BSS region
2531to avoid the data overlapping with U-Boot variables. This entry is useful in
2532that case. It automatically pads out the entry size to cover both the code,
2533data and BSS.
2534
2535The contents of this entry will a certain number of zero bytes, determined
2536by __bss_size
2537
2538The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2539binman uses that to look up the BSS address.
2540
2541
2542
2543.. _etype_u_boot_vpl_dtb:
2544
2545Entry: u-boot-vpl-dtb: U-Boot VPL device tree
2546---------------------------------------------
2547
2548Properties / Entry arguments:
2549 - filename: Filename of u-boot.dtb (default 'vpl/u-boot-vpl.dtb')
2550
2551This is the VPL device tree, containing configuration information for
2552VPL. VPL needs this to know what devices are present and which drivers
2553to activate.
2554
2555
2556
2557.. _etype_u_boot_vpl_elf:
2558
2559Entry: u-boot-vpl-elf: U-Boot VPL ELF image
2560-------------------------------------------
2561
2562Properties / Entry arguments:
2563 - filename: Filename of VPL u-boot (default 'vpl/u-boot-vpl')
2564
2565This is the U-Boot VPL ELF image. It does not include a device tree but can
2566be relocated to any address for execution.
2567
2568
2569
2570.. _etype_u_boot_vpl_expanded:
2571
2572Entry: u-boot-vpl-expanded: U-Boot VPL flat binary broken out into its component parts
2573--------------------------------------------------------------------------------------
2574
2575Properties / Entry arguments:
2576 - vpl-dtb: Controls whether this entry is selected (set to 'y' or '1' to
2577 select)
2578
2579This is a section containing the U-Boot binary, BSS padding if needed and a
2580devicetree. Using this entry type automatically creates this section, with
2581the following entries in it:
2582
2583 u-boot-vpl-nodtb
2584 u-boot-vpl-bss-pad
2585 u-boot-dtb
2586
2587Having the devicetree separate allows binman to update it in the final
2588image, so that the entries positions are provided to the running U-Boot.
2589
2590This entry is selected based on the value of the 'vpl-dtb' entryarg. If
2591this is non-empty (and not 'n' or '0') then this expanded entry is selected.
2592
2593
2594
2595.. _etype_u_boot_vpl_nodtb:
2596
2597Entry: u-boot-vpl-nodtb: VPL binary without device tree appended
2598----------------------------------------------------------------
2599
2600Properties / Entry arguments:
2601 - filename: Filename to include (default 'vpl/u-boot-vpl-nodtb.bin')
2602
2603This is the U-Boot VPL binary, It does not include a device tree blob at
2604the end of it so may not be able to work without it, assuming VPL needs
2605a device tree to operate on your platform. You can add a u_boot_vpl_dtb
2606entry after this one, or use a u_boot_vpl entry instead, which normally
2607expands to a section containing u-boot-vpl-dtb, u-boot-vpl-bss-pad and
2608u-boot-vpl-dtb
2609
Simon Glass18ed9962023-01-07 14:07:11 -07002610VPL can access binman symbols at runtime. See :ref:`binman_fdt`.
Simon Glassda6a9082023-01-07 14:07:10 -07002611
2612The ELF file 'vpl/u-boot-vpl' must also be available for this to work, since
2613binman uses that to look up symbols to write into the VPL binary.
2614
2615
2616
Simon Glassa7c97782022-08-07 16:33:25 -06002617.. _etype_u_boot_with_ucode_ptr:
2618
Simon Glass7a61c6b2018-07-17 13:25:37 -06002619Entry: u-boot-with-ucode-ptr: U-Boot with embedded microcode pointer
2620--------------------------------------------------------------------
2621
2622Properties / Entry arguments:
Masahiro Yamadaa7a0ca42019-12-14 13:47:26 +09002623 - filename: Filename of u-boot-nodtb.bin (default 'u-boot-nodtb.bin')
Simon Glassee21d3a2018-09-14 04:57:07 -06002624 - optional-ucode: boolean property to make microcode optional. If the
2625 u-boot.bin image does not include microcode, no error will
2626 be generated.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002627
2628See Entry_u_boot_ucode for full details of the three entries involved in
2629this process. This entry updates U-Boot with the offset and size of the
2630microcode, to allow early x86 boot code to find it without doing anything
Simon Glass537e0062021-03-18 20:24:54 +13002631complicated. Otherwise it is the same as the u-boot entry.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002632
2633
2634
Simon Glassa7c97782022-08-07 16:33:25 -06002635.. _etype_vblock:
2636
Simon Glass5c350162018-07-17 13:25:47 -06002637Entry: vblock: An entry which contains a Chromium OS verified boot block
2638------------------------------------------------------------------------
2639
2640Properties / Entry arguments:
Simon Glass17b84eb2019-05-17 22:00:53 -06002641 - content: List of phandles to entries to sign
Simon Glass5c350162018-07-17 13:25:47 -06002642 - keydir: Directory containing the public keys to use
2643 - keyblock: Name of the key file to use (inside keydir)
2644 - signprivate: Name of provide key file to use (inside keydir)
2645 - version: Version number of the vblock (typically 1)
2646 - kernelkey: Name of the kernel key to use (inside keydir)
2647 - preamble-flags: Value of the vboot preamble flags (typically 0)
2648
Simon Glass639505b2018-09-14 04:57:11 -06002649Output files:
2650 - input.<unique_name> - input file passed to futility
2651 - vblock.<unique_name> - output file generated by futility (which is
2652 used as the entry contents)
2653
Jagdish Gediya311d4842018-09-03 21:35:08 +05302654Chromium OS signs the read-write firmware and kernel, writing the signature
Simon Glass5c350162018-07-17 13:25:47 -06002655in this block. This allows U-Boot to verify that the next firmware stage
2656and kernel are genuine.
2657
2658
2659
Simon Glassc3fe97f2023-03-02 17:02:45 -07002660.. _etype_x509_cert:
2661
2662Entry: x509-cert: An entry which contains an X509 certificate
2663-------------------------------------------------------------
2664
2665Properties / Entry arguments:
2666 - content: List of phandles to entries to sign
2667
2668Output files:
2669 - input.<unique_name> - input file passed to openssl
2670 - cert.<unique_name> - output file generated by openssl (which is
2671 used as the entry contents)
2672
2673openssl signs the provided data, writing the signature in this entry. This
2674allows verification that the data is genuine
2675
2676
2677
Simon Glassa7c97782022-08-07 16:33:25 -06002678.. _etype_x86_reset16:
2679
Simon Glass0b074d62019-08-24 07:22:48 -06002680Entry: x86-reset16: x86 16-bit reset code for U-Boot
2681----------------------------------------------------
2682
2683Properties / Entry arguments:
2684 - filename: Filename of u-boot-x86-reset16.bin (default
2685 'u-boot-x86-reset16.bin')
2686
2687x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2688must be placed at a particular address. This entry holds that code. It is
2689typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2690for jumping to the x86-start16 code, which continues execution.
2691
2692For 64-bit U-Boot, the 'x86_reset16_spl' entry type is used instead.
2693
2694
2695
Simon Glassa7c97782022-08-07 16:33:25 -06002696.. _etype_x86_reset16_spl:
2697
Simon Glass0b074d62019-08-24 07:22:48 -06002698Entry: x86-reset16-spl: x86 16-bit reset code for U-Boot
2699--------------------------------------------------------
2700
2701Properties / Entry arguments:
2702 - filename: Filename of u-boot-x86-reset16.bin (default
2703 'u-boot-x86-reset16.bin')
2704
2705x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2706must be placed at a particular address. This entry holds that code. It is
2707typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2708for jumping to the x86-start16 code, which continues execution.
2709
2710For 32-bit U-Boot, the 'x86_reset_spl' entry type is used instead.
2711
2712
2713
Simon Glassa7c97782022-08-07 16:33:25 -06002714.. _etype_x86_reset16_tpl:
2715
Simon Glass0b074d62019-08-24 07:22:48 -06002716Entry: x86-reset16-tpl: x86 16-bit reset code for U-Boot
2717--------------------------------------------------------
2718
2719Properties / Entry arguments:
2720 - filename: Filename of u-boot-x86-reset16.bin (default
2721 'u-boot-x86-reset16.bin')
2722
2723x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2724must be placed at a particular address. This entry holds that code. It is
2725typically placed at offset CONFIG_RESET_VEC_LOC. The code is responsible
2726for jumping to the x86-start16 code, which continues execution.
2727
2728For 32-bit U-Boot, the 'x86_reset_tpl' entry type is used instead.
2729
2730
Simon Glassa7c97782022-08-07 16:33:25 -06002731
2732.. _etype_x86_start16:
Simon Glass0b074d62019-08-24 07:22:48 -06002733
Simon Glass7a61c6b2018-07-17 13:25:37 -06002734Entry: x86-start16: x86 16-bit start-up code for U-Boot
2735-------------------------------------------------------
2736
2737Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002738 - filename: Filename of u-boot-x86-start16.bin (default
2739 'u-boot-x86-start16.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002740
2741x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
Simon Glassabab18c2019-08-24 07:22:49 -06002742must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2743entry holds that code. It is typically placed at offset
2744CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2745and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2746U-Boot).
Simon Glass7a61c6b2018-07-17 13:25:37 -06002747
2748For 64-bit U-Boot, the 'x86_start16_spl' entry type is used instead.
2749
2750
2751
Simon Glassa7c97782022-08-07 16:33:25 -06002752.. _etype_x86_start16_spl:
2753
Simon Glass7a61c6b2018-07-17 13:25:37 -06002754Entry: x86-start16-spl: x86 16-bit start-up code for SPL
2755--------------------------------------------------------
2756
2757Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002758 - filename: Filename of spl/u-boot-x86-start16-spl.bin (default
2759 'spl/u-boot-x86-start16-spl.bin')
Simon Glass7a61c6b2018-07-17 13:25:37 -06002760
Simon Glassabab18c2019-08-24 07:22:49 -06002761x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2762must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2763entry holds that code. It is typically placed at offset
2764CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2765and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2766U-Boot).
Simon Glass7a61c6b2018-07-17 13:25:37 -06002767
Simon Glassabab18c2019-08-24 07:22:49 -06002768For 32-bit U-Boot, the 'x86-start16' entry type is used instead.
Simon Glass7a61c6b2018-07-17 13:25:37 -06002769
2770
2771
Simon Glassa7c97782022-08-07 16:33:25 -06002772.. _etype_x86_start16_tpl:
2773
Simon Glassed40e962018-09-14 04:57:10 -06002774Entry: x86-start16-tpl: x86 16-bit start-up code for TPL
2775--------------------------------------------------------
2776
2777Properties / Entry arguments:
Simon Glassabab18c2019-08-24 07:22:49 -06002778 - filename: Filename of tpl/u-boot-x86-start16-tpl.bin (default
2779 'tpl/u-boot-x86-start16-tpl.bin')
Simon Glassed40e962018-09-14 04:57:10 -06002780
Simon Glassabab18c2019-08-24 07:22:49 -06002781x86 CPUs start up in 16-bit mode, even if they are 32-bit CPUs. This code
2782must be placed in the top 64KB of the ROM. The reset code jumps to it. This
2783entry holds that code. It is typically placed at offset
2784CONFIG_SYS_X86_START16. The code is responsible for changing to 32-bit mode
2785and jumping to U-Boot's entry point, which requires 32-bit mode (for 32-bit
2786U-Boot).
Simon Glassed40e962018-09-14 04:57:10 -06002787
Simon Glassabab18c2019-08-24 07:22:49 -06002788If TPL is not being used, the 'x86-start16-spl or 'x86-start16' entry types
Simon Glassed40e962018-09-14 04:57:10 -06002789may be used instead.
2790
2791
2792
Lukas Funkefebfc6d2023-08-03 17:22:15 +02002793.. _etype_xilinx_bootgen:
2794
2795Entry: xilinx-bootgen: Signed SPL boot image for Xilinx ZynqMP devices
2796----------------------------------------------------------------------
2797
2798Properties / Entry arguments:
2799 - auth-params: (Optional) Authentication parameters passed to bootgen
2800 - fsbl-config: (Optional) FSBL parameters passed to bootgen
2801 - keysrc-enc: (Optional) Key source when using decryption engine
2802 - pmufw-filename: Filename of PMU firmware. Default: pmu-firmware.elf
2803 - psk-key-name-hint: Name of primary secret key to use for signing the
2804 secondardy public key. Format: .pem file
2805 - ssk-key-name-hint: Name of secondardy secret key to use for signing
2806 the boot image. Format: .pem file
2807
2808The etype is used to create a boot image for Xilinx ZynqMP
2809devices.
2810
2811Information for signed images:
2812
2813In AMD/Xilinx SoCs, two pairs of public and secret keys are used
2814- primary and secondary. The function of the primary public/secret key pair
2815is to authenticate the secondary public/secret key pair.
2816The function of the secondary key is to sign/verify the boot image. [1]
2817
2818AMD/Xilinx uses the following terms for private/public keys [1]:
2819
2820 PSK = Primary Secret Key (Used to sign Secondary Public Key)
2821 PPK = Primary Public Key (Used to verify Secondary Public Key)
2822 SSK = Secondary Secret Key (Used to sign the boot image/partitions)
2823 SPK = Used to verify the actual boot image
2824
2825The following example builds a signed boot image. The fuses of
2826the primary public key (ppk) should be fused together with the RSA_EN flag.
2827
2828Example node::
2829
2830 spl {
2831 filename = "boot.signed.bin";
2832
2833 xilinx-bootgen {
2834 psk-key-name-hint = "psk0";
2835 ssk-key-name-hint = "ssk0";
2836 auth-params = "ppk_select=0", "spk_id=0x00000000";
2837
2838 u-boot-spl-nodtb {
2839 };
2840 u-boot-spl-pubkey-dtb {
2841 algo = "sha384,rsa4096";
2842 required = "conf";
2843 key-name-hint = "dev";
2844 };
2845 };
2846 };
2847
2848For testing purposes, e.g. if no RSA_EN should be fused, one could add
2849the "bh_auth_enable" flag in the fsbl-config field. This will skip the
2850verification of the ppk fuses and boot the image, even if ppk hash is
2851invalid.
2852
2853Example node::
2854
2855 xilinx-bootgen {
2856 psk-key-name-hint = "psk0";
2857 psk-key-name-hint = "ssk0";
2858 ...
2859 fsbl-config = "bh_auth_enable";
2860 ...
2861 };
2862
2863[1] https://docs.xilinx.com/r/en-US/ug1283-bootgen-user-guide/Using-Authentication
2864
2865
2866
2867