1. 28 Jan, 2017 2 commits
    • Masahiro Yamada's avatar
      fiptool: support --align option to add desired alignment to image offset · 1c75d5df
      Masahiro Yamada authored
      
      
      The current fiptool packs all the images without any padding between
      them.  So, the offset to each image has no alignment.  This is not
      efficient, for example, when the FIP is read from a block-oriented
      device.
      
      For example, (e)MMC is accessed by block-addressing.  The block size
      is 512 byte.  So, the best case is each image is aligned by 512 byte
      since the DMA engine can transfer the whole of the image to its load
      address directly.  The worst case is the offset does not have even
      DMA-capable alignment (this is where we stand now).  In this case,
      we need to transfer every block to a bounce buffer, then do memcpy()
      from the bounce buffer to our final destination.  At least, this
      should work with the abstraction by the block I/O layer, but the
      CPU-intervention for the whole data transfer makes it really slow.
      
      This commit adds a new option --align to the fiptool.  This option,
      if given, requests the tool to align each component in the FIP file
      by the specified byte.  Also, add a new Make option FIP_ALIGN for
      easier access to this feature; users can give something like
      FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
      their platform.mk file.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1c75d5df
    • Masahiro Yamada's avatar
      fiptool: embed fip_toc_entry in struct image · 65caa3d0
      Masahiro Yamada authored
      
      
      The struct image has "uuid" and "size" to memorize the field values
      they had in the TOC entry.  So, parse_fip() copies them from struct
      fip_toc_entry to struct image, then pack_images() copies them back
      to struct fip_toc_entry.
      
      The next commit (support --align option) will require to save the
      "offset" field as well.  This makes me realize that struct image
      can embed struct fip_toc_entry.
      
      This commit will allow the "flags" field to persevere the "update"
      command.  At this moment, the "flags" is not used in a useful way.
      (Yet, platforms can save their own parameters in the flags field.)
      It makes sense to save it unless users explicitly replace the image.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      65caa3d0
  2. 27 Jan, 2017 8 commits
  3. 14 Jan, 2017 2 commits
    • Masahiro Yamada's avatar
      fiptool: fix add_image() and add_image_desc() implementation · 11c0a4ff
      Masahiro Yamada authored
      The "make fip" shows the content of the generated FIP at the end of
      the build.  (This is shown by "fiptool info" command.)
      
      Prior to commit e0f083a0 ("fiptool: Prepare ground for expanding
      the set of images at runtime"), the last part of the build log of
       make CROSS_COMPILE=aarch64-linux-gnu- BL33=../u-boot/u-boot.bin fip
      was like follows:
      
       Trusted Boot Firmware BL2: offset=0xB0, size=0x4188, cmdline="--tb-fw"
       EL3 Runtime Firmware BL31: offset=0x4238, size=0x6090, cmdline="--soc-fw"
       Non-Trusted Firmware BL33: offset=0xA2C8, size=0x58B51, cmdline="--nt-fw"
      
      With that commit, now it is displayed like follows:
      
       Non-Trusted Firmware BL33: offset=0xB0, size=0x58B51, cmdline="--nt-fw"
       EL3 Runtime Firmware BL31: offset=0x58C01, size=0x6090, cmdline="--soc-fw"
       Trusted Boot Firmware BL2: offset=0x5EC91, size=0x4188, cmdline="--tb-fw"
      
      You will notice two differences:
        - the contents are displayed in BL33, BL31, BL2 order
        - the offset values are wrong
      
      The latter is more serious, and means "fiptool info" is broken.
      
      Another interesting change is "fiptool update" every time reverses
      the image order.  For example, if you input FIP with BL2, BL31, BL33
      in this order, the command will pack BL33, BL31, BL2 into FIP, in
      this order.  Of course, the order of components is not a big deal
      except that users will have poor impression about this.
      
      The root cause is in the implementation of add_image(); the
      image_head points to the last added image.  For example, if you call
      add_image() for BL2, BL31, BL33 in this order, the resulted image
      chain is:
      
        image_head -> BL33 -> BL31 -> BL2
      
      Then, they are processed from the image_head in "for" loops:
      
        for (image = image_head; image != NULL; image = image->next) {
      
      This means images are handled in Last-In First-Out manner.
      
      Interestingly, "fiptool create" is still correct because
      add_image_desc() also reverses the descriptor order and the command
      works as before due to the double reverse.
      
      The implementation of add_image() is efficient, but it made the
      situation too complicated.
      
      Let's make image_head point to the first added image.  This will
      add_image() inefficient because every call of add_image() follows
      the ->next chain to get the tail.  We can solve it by adopting a
      nicer linked list structure, but I am not doing as far as that
      because we handle only limited number of images anyway.
      
      Do likewise for add_image_desc().
      
      Fixes: e0f083a0
      
       ("fiptool: Prepare ground for expanding the set of images at runtime")
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      11c0a4ff
    • Masahiro Yamada's avatar
      fiptool: introduce xzalloc() helper function · 696ccba6
      Masahiro Yamada authored
      
      
      We often want to zero out allocated memory.
      
      My main motivation for this commit is to set image::next and
      image_desc::next to NULL automatically in the next commit.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      696ccba6
  4. 30 Dec, 2016 5 commits
  5. 05 Dec, 2016 4 commits
  6. 26 Oct, 2016 1 commit
  7. 18 Oct, 2016 1 commit
    • dp-arm's avatar
      fiptool: Link `toc_entry` and `image` structures via UUID · b04efcce
      dp-arm authored
      
      
      The `toc_entry` and `image` data structures had a cyclic
      relationship.  This patch removes the explicit dependencies and introduces
      functions to link them via the UUID.
      
      This change highlights the intent of the code better and makes it more
      flexible for future enhancements.
      
      Change-Id: I0c3dd7bfda2a631a3827c8ba4831849c500affe9
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      b04efcce
  8. 15 Sep, 2016 1 commit
    • dp-arm's avatar
      fiptool: Invoke command specific usage function · 85ee2778
      dp-arm authored
      Instead of always calling the top level usage function when an
      error is detected, call the command-specific usage function.
      
      For example running `fiptool create` will produce the same output
      as `fiptool help create`.  This is more convenient for the user
      when they make a mistake.
      
      Change-Id: I60178ab89d47adf93cdfe6d8b5d5f778a5ea3bca
      85ee2778
  9. 12 Sep, 2016 1 commit
    • dp-arm's avatar
      fiptool: Add support for printing the sha256 digest with info command · 9df69ba3
      dp-arm authored
      This feature allows one to quickly verify that the expected
      image is contained in the FIP without extracting the image and
      running sha256sum(1) on it.
      
      The sha256 digest is only shown when the verbose flag is used.
      
      This change requires libssl-dev to be installed in order to build
      Trusted Firmware. Previously, libssl-dev was optionally needed only
      to support Trusted Board Boot configurations.
      
      Fixes ARM-Software/tf-issues#124
      
      Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6
      9df69ba3
  10. 25 Aug, 2016 1 commit
  11. 15 Aug, 2016 1 commit
  12. 29 Jul, 2016 1 commit
    • dp-arm's avatar
      Replace fip_create with fiptool · 819281ee
      dp-arm authored
      fiptool provides a more consistent and intuitive interface compared to
      the fip_create program.  It serves as a better base to build on more
      features in the future.
      
      fiptool supports various subcommands.  Below are the currently
      supported subcommands:
      
      1) info   - List the images contained in a FIP file.
      2) create - Create a new FIP file with the given images.
      3) update - Update an existing FIP with the given images.
      4) unpack - Extract a selected set or all the images from a FIP file.
      5) remove - Remove images from a FIP file.  This is a new command that
         was not present in fip_create.
      
      To create a new FIP file, replace "fip_create" with "fiptool create".
      
      To update a FIP file, replace "fip_create" with "fiptool update".
      
      To dump the contents of a FIP file, replace "fip_create --dump" with
      "fiptool info".
      
      A compatibility script that emulates the basic functionality of
      fip_create is provided.  Existing scripts might or might not work with
      the compatibility script.  Users are strongly encouraged to migrate to
      fiptool.
      
      Fixes ARM-Software/tf-issues#87
      Fixes ARM-Software/tf-issues#108
      Fixes ARM-Software/tf-issues#361
      
      Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
      819281ee
  13. 05 Jul, 2016 1 commit
    • Yatharth Kochar's avatar
      Fix `cert_create` tool for Segmentation fault · f16db56a
      Yatharth Kochar authored
      With the introduction of commit `96103d5a`, the Certificate
      Generation tool is not able to generate FWU certificate and
      while doing so it does segmentation fault.
      
      This happens because it is now required to pass non-volatile
      counter values to the `cert_create` tool from the command line
      for creating the trusted firmware certificates.
      
      But in case of creating FWU certificate these counter values are not
      being passed to the tool and as a consequence the `cert_create` tool
      try to use the NULL argument and errors out with Segmentation fault.
      
      This patch fixes this issue by providing a check before using the
      command line argument passed in the case of `EXT_TYPE_NVCOUNTER`
      certificate extension.
      
      Change-Id: Ie17d0c1502b52aaa8500f3659c2da2448ab0347a
      f16db56a
  14. 03 Jun, 2016 1 commit
    • Dan Handley's avatar
      Move stdlib header files to include/lib/stdlib · f0b489c1
      Dan Handley authored
      * Move stdlib header files from include/stdlib to include/lib/stdlib for
        consistency with other library headers.
      * Fix checkpatch paths to continue excluding stdlib files.
      * Create stdlib.mk to define the stdlib source files and include directories.
      * Include stdlib.mk from the top level Makefile.
      * Update stdlib header path in the fip_create Makefile.
      * Update porting-guide.md with the new paths.
      
      Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
      f0b489c1
  15. 27 Apr, 2016 1 commit
  16. 06 Apr, 2016 1 commit
    • Juan Castillo's avatar
      fip_create: add support for image unpacking · c49a805d
      Juan Castillo authored
      This patch adds support for image unpacking to the FIP packaging
      tool. Command line option '-u,--unpack' may be used to unpack the
      contents of an existing FIP file into the working directory. The
      tool uses default hardcoded filenames for the unpacked images. If
      the files already exist, they can be overwritten by specifying the
      option '-f,--force'.
      
      Change-Id: I360b11d9c5403e8c0a7a9cac32c1d90ebb228063
      c49a805d
  17. 01 Apr, 2016 7 commits
    • Evan Lloyd's avatar
      Make:Allow for extension in tool names. · 42a45b51
      Evan Lloyd authored
      In some build environments executable programs have a specific file
      extension.  The value of BIN_EXT is appended to the relevant tool file
      names to allow for this.
      The value of BIN_EXT is set, where appropriate, by the build environment
      specific make helper (to .exe for Windows build environments).
      
      .gitignore is updated to hide the new (.exe) files.
      
      Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
      42a45b51
    • Evan Lloyd's avatar
      Make:Use "simply expanded" make variables. · b169f6a9
      Evan Lloyd authored
      Replace some "recursively expanded" make variables with "simply
      expanded" variables (i.e. replace = with :=). This has no functional
      impact but is more consistent and theoretically more efficient.
      
      Change-Id: Iaf33d7c8ad48464ae0d39923515d1e7f230c95c1
      b169f6a9
    • Evan Lloyd's avatar
      Build:Replace soft links with file copy. · bb5a762c
      Evan Lloyd authored
      Some build environments do not support symbolic links. This patch
      removes the symlinks previously used to build fip_create and instead
      copies the relevant header files.
      The original motivation for using symlinks was to avoid Trusted Firmware
      library headers conflicting with headers in the compiler standard
      include path. Copying the header files instead has the same effect.
      
      Like other build artefacts, the copied files are listed in .gitignore.
      
      The distclean targets have also been updated to remove the copies.
      
      Change-Id: Ie8b67bcb133f7f1d660ae93b857950aa15e42b1e
      bb5a762c
    • Evan Lloyd's avatar
      Make:Use environment variables for OS detection. · e7f54dbd
      Evan Lloyd authored
      Add make helper files to select the appropriate settings for the build
      environment. Selection is made in make_helpers/build_env.mk, which
      selects other files to include using generic build environment settings.
      The Trusted Firmware Makefile and supporting tool Makefiles are updated
      to include build_env.mk instead of unix.mk.
      
      NOTE: This change does not fully enable builds in other build
            environments. It facilitates this without compromising the
            existing build environments.
      
      Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
      e7f54dbd
    • Evan Lloyd's avatar
      Make:Make shell commands more portable · f1477d4a
      Evan Lloyd authored
      Macros are inserted to replace direct invocations of commands that are
      problematic on some build environments. (e.g. Some environments expect
      \ in paths instead of /.)
      The changes take into account mismatched command mappings across
      environments.
      The new helper file unix.mk retains existing makefile behaviour on unix
      like build environments by providing the following macro definitions:
        SHELL_COPY        cp -f
        SHELL_COPY_TREE   cp -rf
        SHELL_DELETE      rm -f
        SHELL_DELETE_ALL  rm -rf
        MAKE_PREREQ_DIR   mkdir -p  (As make target)
        SHELL_REMOVE_DIR  rm -rf
      
      Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb
      f1477d4a
    • Evan Lloyd's avatar
      Make:Add realclean to .PHONY list · aeb25668
      Evan Lloyd authored
      Update the cert_create Makefile to list realclean as .PHONY
      (like clean)
      
      Change-Id: I9dc8a61a11574a044372e0952b5b12b74e133747
      aeb25668
    • Evan Lloyd's avatar
      Make:Remove calls to shell from makefiles. · 231c1470
      Evan Lloyd authored
      As an initial stage of making Trusted Firmware build environment more
      portable, we remove most uses of the $(shell ) function and replace them
      with more portable make function based solutions.
      
      Note that the setting of BUILD_STRING still uses $(shell ) since it's
      not possible to reimplement this as a make function. Avoiding invocation
      of this on incompatible host platforms will be implemented separately.
      
      Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8
      231c1470
  18. 30 Mar, 2016 1 commit
    • Juan Castillo's avatar
      cert_create: add non-volatile counter support · 96103d5a
      Juan Castillo authored
      This patch adds non-volatile counter support to the Certificate
      Generation tool. The TBBR Chain of Trust definition in the tool
      has been extended to include the counters as certificate extensions.
      The counter values can be specified in the command line.
      
      The following default counter values are specified in the build
      system:
      
        * Trusted FW Non-Volatile counter = 0
        * Non-Trusted FW Non-Volatile counter = 0
      
      These values can be overridden by the platform at build time.
      
      Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c
      96103d5a