DistroKit Mailinglist
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: distrokit@pengutronix.de
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [DistroKit] [PATCH 3/8] genimage: patch in Firmware Image Package (FIP) support
Date: Mon, 25 Jul 2022 14:04:40 +0200	[thread overview]
Message-ID: <20220725120445.1295669-3-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20220725120445.1295669-1-a.fatoum@pengutronix.de>

genimage master has support for calling fiptool, which makes it
straight-forward to generate eMMC boot partition images with the
same genimage.config generating the image for the user area.

TF-A also has a fip target that can call fiptool for us, but is only
works when generating a single bootloader image, but we generate
multiple images, so we can't reuse the current tf-a rule as is.

One more option would be to write a custom image rule, but as genimage
master has support, let's just backport the patch. The autogen.sh is
necessary, because we touch Makefile.am and we want autogen to rerun to
account for changes between our host autotools and the one used to
build the shipped files.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 ...d-Firmware-Image-Package-FIP-support.patch | 311 ++++++++++++++++++
 patches/genimage-15/series                    |   1 +
 2 files changed, 312 insertions(+)
 create mode 100644 patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch
 create mode 100644 patches/genimage-15/series

diff --git a/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch b/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch
new file mode 100644
index 000000000000..72d2aaaaa80c
--- /dev/null
+++ b/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch
@@ -0,0 +1,311 @@
+From de9a29b0c03696bf6d851c5fad9b4ab976ee48f1 Mon Sep 17 00:00:00 2001
+From: Ahmad Fatoum <a.fatoum@pengutronix.de>
+Date: Fri, 1 Apr 2022 14:00:53 +0200
+Subject: [PATCH] Add Firmware Image Package (FIP) support
+
+Platforms where ARM Trusted Firmware is the first stage bootloader are
+converging to use FIP as bundle format for further firmware including
+trusted OS and non secure bootloader. Teach genimage to call fiptool to
+generate FIP images.
+
+Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
+Origin: master, 1e224789bacfa7b1411c3b5d5bee66aa61681cda
+---
+ Makefile.am            |   2 +
+ README.rst             |  39 ++++++++++++
+ config.c               |   5 ++
+ genimage.c             |   1 +
+ genimage.h             |   1 +
+ image-fip.c            | 135 +++++++++++++++++++++++++++++++++++++++++
+ test/basic-images.test |   8 +++
+ test/fip.config        |   7 +++
+ 8 files changed, 198 insertions(+)
+ create mode 100644 image-fip.c
+ create mode 100644 test/fip.config
+
+diff --git a/Makefile.am b/Makefile.am
+index 30fe973cfb38..c1d42e4cedd3 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -23,6 +23,7 @@ genimage_SOURCES = \
+ 	image-cramfs.c \
+ 	image-ext2.c \
+ 	image-file.c \
++	image-fip.c \
+ 	image-fit.c \
+ 	image-flash.c \
+ 	image-hd.c \
+@@ -66,6 +67,7 @@ EXTRA_DIST += \
+ 	test/ext4.config \
+ 	test/ext4test.0.dump \
+ 	test/ext4test.1.dump \
++	test/fip.config \
+ 	test/fit.its \
+ 	test/fit.config \
+ 	test/flash-types.config \
+diff --git a/README.rst b/README.rst
+index a2cc76b2af6b..234bc57ce384 100644
+--- a/README.rst
++++ b/README.rst
+@@ -496,6 +496,45 @@ Options:
+ Note: If no content is specified with ``file`` or ``files`` then
+ ``rootpath`` and ``mountpoint`` are used to provide the content.
+ 
++fip
++***
++Generates a Firmware Image Package (FIP). A format used to bundle
++firmware to be loaded by ARM Trusted Firmware.
++
++Options:
++
++:extraargs:		Extra arguments passed to fiptool
++:fw-config:		Firmware Configuration (device tree), usually provided by BL2 (Trusted Firmware)
++:nt-fw:			Non-Trusted Firmware (BL33)
++:hw-config:		Hardware Configuration (device tree), passed to BL33
++:tos-fw:		Trusted OS (BL32) binaries. Second and third binary are used as
++			extra1 and extra2 binaries if specified. Example:
++			``tos-fw = {"tee-header_v2.bin", "tee-pager_v2.bin", "tee-pageable_v2.bin"}``
++:scp-fwu-cfg:		SCP Firmware Updater Configuration FWU SCP_BL2U
++:ap-fwu-cfg:		AP Firmware Updater Configuration BL2U
++:fwu:			Firmware Updater NS_BL2U
++:fwu-cert:		Non-Trusted Firmware Updater certificate
++:tb-fw:			Trusted Boot Firmware BL2
++:scp-fw:		SCP Firmware SCP_BL2
++:soc-fw:		EL3 Runtime Firmware BL31
++:tb-fw-config:		TB_FW_CONFIG
++:soc-fw-config:		SOC_FW_CONFIG
++:tos-fw-config:		TOS_FW_CONFIG
++:nt-fw-config:		NT_FW_CONFIG
++:rot-cert:		Root Of Trust key certificate
++:trusted-key-cert:	Trusted key certificate
++:scp-fw-key-cert:	SCP Firmware key certificate
++:soc-fw-key-cert:	SoC Firmware key certificate
++:tos-fw-key-cert:	Trusted OS Firmware key certificate
++:nt-fw-key-cert:	Non-Trusted Firmware key certificate
++:tb-fw-cert:		Trusted Boot Firmware BL2 certificate
++:scp-fw-cert:		SCP Firmware content certificate
++:soc-fw-cert:		SoC Firmware content certificate
++:tos-fw-cert:		Trusted OS Firmware content certificate
++:nt-fw-cert:		Non-Trusted Firmware content certificate
++:sip-sp-cert:		SiP owned Secure Partition content certificate
++:plat-sp-cert:		Platform owned Secure Partition content certificate
++
+ The Flash Section
+ -----------------
+ 
+diff --git a/config.c b/config.c
+index e3289169e779..db31dad7212d 100644
+--- a/config.c
++++ b/config.c
+@@ -438,6 +438,11 @@ static struct config opts[] = {
+ 		.opt = CFG_STR("mkimage", NULL, CFGF_NONE),
+ 		.env = "GENIMAGE_MKIMAGE",
+ 		.def = "mkimage",
++	}, {
++		.name = "fiptool",
++		.opt = CFG_STR("fiptool", NULL, CFGF_NONE),
++		.env = "GENIMAGE_FIPTOOL",
++		.def = "fiptool",
+ 	}, {
+ 		.name = "config",
+ 		.env = "GENIMAGE_CONFIG",
+diff --git a/genimage.c b/genimage.c
+index 205c70fba338..fbb29f3deae7 100644
+--- a/genimage.c
++++ b/genimage.c
+@@ -46,6 +46,7 @@ static struct image_handler *handlers[] = {
+ 	&ext4_handler,
+ 	&file_handler,
+ 	&fit_handler,
++	&fip_handler,
+ 	&flash_handler,
+ 	&hdimage_handler,
+ 	&iso_handler,
+diff --git a/genimage.h b/genimage.h
+index ca273f58047d..24354670ff4d 100644
+--- a/genimage.h
++++ b/genimage.h
+@@ -118,6 +118,7 @@ extern struct image_handler ubi_handler;
+ extern struct image_handler ubifs_handler;
+ extern struct image_handler vfat_handler;
+ extern struct image_handler fit_handler;
++extern struct image_handler fip_handler;
+ 
+ #define ARRAY_SIZE(arr)		(sizeof(arr) / sizeof((arr)[0]))
+ 
+diff --git a/image-fip.c b/image-fip.c
+new file mode 100644
+index 000000000000..774c4222aeb6
+--- /dev/null
++++ b/image-fip.c
+@@ -0,0 +1,135 @@
++/*
++ * Copyright (c) 2022 Ahmad Fatoum <a.fatoum@pengutronix.de>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <confuse.h>
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <errno.h>
++
++#include "genimage.h"
++
++static int fip_generate(struct image *image)
++{
++	struct partition *part;
++	char *args = strdup("");
++	const char *extraargs = cfg_getstr(image->imagesec, "extraargs");
++	int ret;
++
++	list_for_each_entry(part, &image->partitions, list) {
++		struct image *child = image_get(part->image);
++		char *oldargs;
++
++		oldargs = args;
++		xasprintf(&args, "%s --%s '%s'", args, part->name, imageoutfile(child));
++		free(oldargs);
++	}
++
++	ret = systemp(image, "%s create %s %s '%s'", get_opt("fiptool"),
++		      args, extraargs, imageoutfile(image));
++
++	free(args);
++
++	return ret;
++}
++
++static void fip_add_part(struct image *image,
++			 const char *name, const char *path)
++{
++	struct partition *part;
++
++	part = xzalloc(sizeof *part);
++	part->image = path;
++	part->name = name;
++	list_add_tail(&part->list, &image->partitions);
++}
++
++static cfg_opt_t fip_opts[] = {
++	CFG_STR("extraargs",		"", CFGF_NONE),
++	CFG_STR_LIST("tos-fw",		NULL, CFGF_NONE),	/* Secure Payload BL32 (Trusted OS, Extra1, Extra 2) */
++	/* CFGF_NODEFAULT marks options passed as-is */
++	CFG_STR("scp-fwu-cfg",		NULL, CFGF_NODEFAULT),	/* SCP Firmware Updater Configuration FWU SCP_BL2U */
++	CFG_STR("ap-fwu-cfg",		NULL, CFGF_NODEFAULT),	/* AP Firmware Updater Configuration BL2U */
++	CFG_STR("fwu",			NULL, CFGF_NODEFAULT),	/* Firmware Updater NS_BL2U */
++	CFG_STR("fwu-cert",		NULL, CFGF_NODEFAULT),	/* Non-Trusted Firmware Updater certificate */
++	CFG_STR("tb-fw",		NULL, CFGF_NODEFAULT),	/* Trusted Boot Firmware BL2 */
++	CFG_STR("scp-fw",		NULL, CFGF_NODEFAULT),	/* SCP Firmware SCP_BL2 */
++	CFG_STR("soc-fw",		NULL, CFGF_NODEFAULT),	/* EL3 Runtime Firmware BL31 */
++	CFG_STR("nt-fw",		NULL, CFGF_NODEFAULT),	/* Non-Trusted Firmware BL33 */
++	CFG_STR("fw-config",		NULL, CFGF_NODEFAULT),	/* FW_CONFIG */
++	CFG_STR("hw-config",		NULL, CFGF_NODEFAULT),	/* HW_CONFIG */
++	CFG_STR("tb-fw-config",		NULL, CFGF_NODEFAULT),	/* TB_FW_CONFIG */
++	CFG_STR("soc-fw-config",	NULL, CFGF_NODEFAULT),	/* SOC_FW_CONFIG */
++	CFG_STR("tos-fw-config",	NULL, CFGF_NODEFAULT),	/* TOS_FW_CONFIG */
++	CFG_STR("nt-fw-config",		NULL, CFGF_NODEFAULT),	/* NT_FW_CONFIG */
++
++	CFG_STR("rot-cert",		NULL, CFGF_NODEFAULT),	/* Root Of Trust key certificate */
++
++	CFG_STR("trusted-key-cert",	NULL, CFGF_NODEFAULT),	/* Trusted key certificate */
++	CFG_STR("scp-fw-key-cert",	NULL, CFGF_NODEFAULT),	/* SCP Firmware key certificate */
++	CFG_STR("soc-fw-key-cert",	NULL, CFGF_NODEFAULT),	/* SoC Firmware key certificate */
++	CFG_STR("tos-fw-key-cert",	NULL, CFGF_NODEFAULT),	/* Trusted OS Firmware key certificate */
++	CFG_STR("nt-fw-key-cert",	NULL, CFGF_NODEFAULT),	/* Non-Trusted Firmware key certificate */
++
++	CFG_STR("tb-fw-cert",		NULL, CFGF_NODEFAULT),	/* Trusted Boot Firmware BL2 certificate */
++	CFG_STR("scp-fw-cert",		NULL, CFGF_NODEFAULT),	/* SCP Firmware content certificate */
++	CFG_STR("soc-fw-cert",		NULL, CFGF_NODEFAULT),	/* SoC Firmware content certificate */
++	CFG_STR("tos-fw-cert",		NULL, CFGF_NODEFAULT),	/* Trusted OS Firmware content certificate */
++	CFG_STR("nt-fw-cert",		NULL, CFGF_NODEFAULT),	/* Non-Trusted Firmware content certificate */
++
++	CFG_STR("sip-sp-cert",		NULL, CFGF_NODEFAULT),	/* SiP owned Secure Partition content certificate */
++	CFG_STR("plat-sp-cert",		NULL, CFGF_NODEFAULT),	/* Platform owned Secure Partition content certificate */
++
++	CFG_END()
++};
++
++static const char *tos_fw[] = { "tos-fw", "tos-fw-extra1", "tos-fw-extra2" };
++
++static int fip_parse(struct image *image, cfg_t *cfg)
++{
++	unsigned int i, num_tos_fw;
++	cfg_opt_t *opt;
++
++	num_tos_fw = cfg_size(cfg, "tos-fw");
++	if (num_tos_fw > ARRAY_SIZE(tos_fw)) {
++		image_error(image, "%u tos-fw binaries given, but maximum is %zu\n",
++			    num_tos_fw, ARRAY_SIZE(tos_fw));
++		return -EINVAL;
++	}
++
++	for (i = 0; i < num_tos_fw; i++)
++		fip_add_part(image, tos_fw[i], cfg_getnstr(cfg, "tos-fw", i));
++
++	for (opt = fip_opts; opt->type; opt++) {
++		const char *file;
++
++		if (opt->flags != CFGF_NODEFAULT)
++			continue;
++
++		file = cfg_getstr(cfg, opt->name);
++		if (file)
++			fip_add_part(image, opt->name, file);
++	}
++
++	return 0;
++}
++
++struct image_handler fip_handler = {
++	.type = "fip",
++	.generate = fip_generate,
++	.parse = fip_parse,
++	.opts = fip_opts,
++};
+diff --git a/test/basic-images.test b/test/basic-images.test
+index efddc34a6fd3..91e7f09dd9ed 100755
+--- a/test/basic-images.test
++++ b/test/basic-images.test
+@@ -548,6 +548,14 @@ test_expect_success !includepath "includepath5" "
+ "
+ 
+ 
++exec_test_set_prereq fiptool
++test_expect_success fiptool "fip" "
++	setup_test_images &&
++	run_genimage fip.config test.fip &&
++	check_size_range images/test.fip 12804 13056 &&
++	fiptool info images/test.fip
++"
++
+ test_done
+ 
+ # vim: syntax=sh
+diff --git a/test/fip.config b/test/fip.config
+new file mode 100644
+index 000000000000..31a7914d69ce
+--- /dev/null
++++ b/test/fip.config
+@@ -0,0 +1,7 @@
++image test.fip {
++	fip {
++		extraargs = "--align 64"
++		fw-config = "part1.img"
++		tos-fw = { "part2.img", "part1.img" }
++	}
++}
+-- 
+2.30.2
+
diff --git a/patches/genimage-15/series b/patches/genimage-15/series
new file mode 100644
index 000000000000..9b36f2745ad7
--- /dev/null
+++ b/patches/genimage-15/series
@@ -0,0 +1 @@
+0001-Add-Firmware-Image-Package-FIP-support.patch
-- 
2.30.2




  parent reply	other threads:[~2022-07-25 12:05 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-25 12:04 [DistroKit] [PATCH 1/8] v7a: tf-a: don't compile in unused NAND/NOR boot in FSBL Ahmad Fatoum
2022-07-25 12:04 ` [DistroKit] [PATCH 2/8] v7a: tf-a: update to v2.7 Ahmad Fatoum
2022-07-25 12:04 ` Ahmad Fatoum [this message]
2022-09-05 14:28   ` [DistroKit] [PATCH 3/8] genimage: patch in Firmware Image Package (FIP) support Robert Schwebel
2022-07-25 12:04 ` [DistroKit] [PATCH 4/8] v7a: barebox-stm32mp: start collecting device tree blobs Ahmad Fatoum
2022-07-25 12:04 ` [DistroKit] [PATCH 5/8] v7a: tf-a: start collecting FIP image components Ahmad Fatoum
2022-07-25 12:04 ` [DistroKit] [PATCH 6/8] v7a: tf-a: switch to FIP image Ahmad Fatoum
2022-07-25 12:04 ` [DistroKit] [PATCH 7/8] v7a: barebox: update v2022.04.0 → v2022.06.0 Ahmad Fatoum
2022-07-25 12:04 ` [DistroKit] [PATCH 8/8] v7a: barebox: ignore card-detect for booted SD-Card Ahmad Fatoum
2022-09-05 13:51 ` [DistroKit] [PATCH 1/8] v7a: tf-a: don't compile in unused NAND/NOR boot in FSBL Robert Schwebel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220725120445.1295669-3-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=distrokit@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox