This commit adds a package for 'shim', an EFI bootloader for secure
boot chain loading.
While gnu-efi supports 32bit ARM, this is currently broken in shim.
Patches to fix this have been submitted upstream but are not included
here for now.
https://github.com/rhboot/shim/pull/162
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends
on to exclude ARM32 build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be used in packages that depend on gnu-efi, and we take this
opportunity to propagate this dependency where it was missing in
gummiboot and syslinux. In practice, it was not a problem because
gummiboot and syslinux are only available on i386 and x86-64, which is
a subset of the architectures supported by gnu-efi.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Following d0f4f95e39 ("Makefile: rework
main directory creation logic"), BINARIES_DIR is not implicitly
created by the main Makefile at the beginning of the build, leaving
that up to whatever piece of code needs to install something in
$(BINARIES_DIR).
The afboot-stm32 package didn't pay attention to this, which this
commit fixes.
While at it, we move the afboot-stm32 installation into
<pkg>_INSTALL_IMAGES_CMDS, because using <pkg>_INSTALL_TARGET_CMDS to
install only files to BINARIES_DIR is a bit strange.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/131217111
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add notes to test grub2 running on ARM using qemu. The arm section
describes how to run it using u-boot and aarch64 shows how to do it
using efi, which is similar to what has to be done for x86_64.
The source for OVMF builds is also changed to
https://www.kraxel.org/repos/jenkins/edk2/ which is the source for
nightly builds (as rpms but which can be extracted in any distribution),
as the sourceforge link provided only very old builds.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas:
- formatting fixes
- simplify the AArch64/EFI example by using the aarch64_efi_defconfig]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit enables the arm-uboot, arm-efi and aarch64-efi grub2
platforms in Buildroot.
With the uboot platform, the grub2 image gets built as a u-boot image
and is loaded from u-boot through a regular "bootm". The only
requirement from the u-boot side in order to allow this is that u-boot
is built with CONFIG_API enabled. CONFIG_API seems to not be enabled
by default in most in-tree configurations, however, it seems to be
available for quite some time now. So it might be possible to use this
even on older u-boot versions. This is available only for arm
(32-bit).
With the efi platform, grub2 gets built as an EFI executable. This
allows EFI firmware to find and load it similarly as it can be done
for x86_64. Also, since u-boot v2016.05, u-boot is able to load and
boot an EFI executable, so the uboot efi platform can also be used
from u-boot in recent versions. This has been enabled (mostly) by
default for ARM u-boot. efi platform is available for both arm and
aarch64.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: move the BR2_USE_MMU dependency in
BR2_TARGET_GRUB2_ARCH_SUPPORTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an option to install grub2 support tools to the target.
In the context of Buildroot, some useful target tools provided are
grub2-editenv, grub2-reboot, which provide means to manage the grub2,
environment, boot order, and others.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
grub2 requires the host grub2-mkimage tool to build some of its target
images. The current way of building this tool in the grub2 package is
to perform a simultaneous host-tools/target-bootloader build during
the grub2 build step.
This method makes the recipe complex to understand, and proved to be a
complication during the work to enable grub2 support for architectures
other than x86.
This patch tries to do a better separation between the build of grub2
host tools and target boot loader image, as a partial step to enable
grub2 to build for other architectures.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building with glibc 2.28+, the "major", "minor" and "makedev"
functions are defined in "sys/sysmacros.h". This commit backports
upstream commit 1a74985b2a404639b08882c57f3147229605dfd5 to fix the
build with glibc 2.28.
Link: https://www.syslinux.org/wiki/index.php?title=Building
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE_ARCH) in lots of places; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-boot has provided SPL support as a viable replacement for the
2nd stage bootloader on TI platforms. The X-loader project
hasn't had a commit in the log since 12-05-2011.
(https://gitorious.org/x-loader/x-loader)
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.
The fix was provided by Jeff himself on bugzilla.
Fixes bug #11396.
Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Passing CFLAGS/CPPFLAGS in the environment confuses the ATF version
provided by Marvell, and we in fact only need to pass CROSS_COMPILE,
which is already in ARM_TRUSTED_FIRMWARE_MAKE_OPTS.
We however keep TARGET_MAKE_ENV so that the PATH with $(HOST_DIR) is
kept.
This change has been tested with all current defconfigs that build
ATF:
- arm_juno
- bananapi_m64
- freescale_imx8mqevk
- friendlyarm_nanopi_a64
- friendlyarm_nanopi_neo2
- nitrogen8m
- olimex_a64_olinuxino
- orangepi_pc2
- orangepi_prime
- orangepi_win
- orangepi_zero_plus2
- pine64
- pine64_sopine
- solidrun_macchiatobin_mainline
- solidrun_macchiatobin_marvell
- zynqmp_zcu106
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Note that the license file has been entirely rewritten (hence the
change in the hash), but it is still GPL-2.0 with FreeRTOS exception.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is necessary to be able to bump the ARM Trusted Firmware version
used on Marvell platforms.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the RISC-V Proxy Kernel (pk) package which provides the Berkeley
Boot Loader for booting RISC-V kernel images.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
[Thomas:
- fix prompt of option to be just "riscv-pk"
- add blank line between help text and upstream URL in Config.in file
- use $(INSTALL) instead of cp to install the generated image]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using the legacy buildsystem, the kconfig parser may still be used,
as reported by Thomas:
>>> uboot 2018.09 Configuring
...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
bin/sh: 1: bison: not found
ake[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
ake[3]: *** Waiting for unfinished jobs....
LEX scripts/kconfig/zconf.lex.c
bin/sh: 1: flex: not found
However, in that case, the kconfig parser is only generated during the
'configure' step, so we can add bison/flex as standard dependencies.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot fails to build in a GitLab CI context because the kconfig-package
build stage is unable to find bison or flex even though they are
installed in HOST_DIR.
To fix this, set UBOOT_MAKE_ENV so that UBOOT_KCONFIG_MAKE uses the
correct PATH.
Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some U-Boot configurations use lzop, which may not be available on the
build machine since it's not a mandatory dependency of Buildroot.
To solve this, a new option BR2_TARGET_UBOOT_NEEDS_LZOP is introduced,
and handled in a similar way to the existing
BR2_TARGET_UBOOT_NEEDS_OPENSSL option.
This fixes the build of the dra7xx_evm U-Boot defconfig as of U-Boot
2018.07, on a build machine without lzop installed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot SPL configures pinmuxes, clocks and other low-level devices. On
the Xilinx ZynqMP SoCs the code to do this resides in a file called
psu_init_gpl.c which is initially generated by the Xilinx development
tools. Add an option to pass these files from the outside (e.g. in the
board files).
For this to work properly, a patch to U-Boot is needed. However this
patch must be applied by each defconfig using
BR2_TARGET_UBOOT_ZYNQMP_PSU_INIT_DIR. If it were in boot/uboot/ to be
applied unconditionally, it would break the build for configs using a
U-Boot version where the patch is already applied.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Joel Carlson <joelsoncarl@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas: add comment about U-Boot version requirements to use this
option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to boot on the Xilinx ZynqMP SoCs, U-Boot SPL requires a
recent PMU firmware loaded. Instruct U-Boot to add pmufw.bin to the
boot.bin file together with U-Boot SPL, and the boot ROM will load
both.
For this to work properly, a patch to U-Boot is needed. However this
patch must be applied by each defconfig that wishes to use
BR2_TARGET_UBOOT_ZYNQMP_PMUFW. If it were in boot/uboot/ to be applied
unconditionally, it would break the build for configs using a U-Boot
version higher than 2018.7-rc1 where the patch is already applied.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Joel Carlson <joelsoncarl@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas:
- indicate that this feature requires U-Boot 2018.07, since commit
c7df098a71e05dc81cee818747759e8060b59626 is needed.
- define UBOOT_ZYNQMP_KCONFIG_PMUFW only once, and instead use a
variable named UBOOT_ZYNQMP_PMUFW_PATH to store the path to the PMU
firmware]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some i.MX boards which use device tree to describe the hardware
for U-Boot generate a u-boot-dtb.imx binary.
Introduce the BR2_TARGET_UBOOT_FORMAT_DTB_IMX option to
handle such case.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
So the host ncurses includes and library are used instead of a mix of both,
causing corrupted characters. Similar to the linux fix in commit
6d3d09e232 (linux: don't override HOSTCC for kconfig), except that we
pass the linker flags in HOSTLDFLAGS.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot SPL for the Xilinx ZynqMP SoCs needs ATF in this format to load
it.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The path to the binary images is very long. Since we are about to make
a larger use of it, let's use a variable to make it somewhat shorter.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the builsystem for uboot defaults to 'legacy', while the
default version is very well capable of using the 'kconfig' buildsystem
instead.
Having the 'legacy' buildsystem be the default in that case makes it
quite inconvenient for users: they would expect to be able to use e.g.
uboot-menuconfig et al. with the default uboot version.
Switch to using 'kconfig' when we use the latest version. Keep the
'legacy' as default for everything else.
Also, invert the 'legacy' and 'kconfig' entries in the choice: it is
nicer to have the recent and future-proof entry first.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 2a27294e9a ("grub2: force
-fno-stack-protector in CFLAGS"), a fix was made to the grub2 package
to make it build properly even when SSP support is enabled.
However, commit 20a4583ebf ("security
hardening: add RELFO, FORTIFY options") reworked how SSP options are
passed, and they are now passed in CPPFLAGS instead of CFLAGS, making
the fix introduced by 2a27294e9a no
longer operating.
This commit will force no-stack-protector in CPPFLAGS instead of
CFLAGS.
Fixes bug #10961.
Signed-off-by: Tarek El-Sherbiny <tarek_el-sherbiny@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of DL_DIR, the package should now use $(PKG)_DL_DIR to ease the
transition into a new directory structure for DL_DIR.
This commit has been generated with the following scripts:
for i in $(find . -iname "*.mk"); do
if ! grep -q "\$(DL_DIR)" ${i}; then
continue
fi
pkg_name="$(basename $(dirname ${i}))"
[ "${pkg_name}" = "package" ] && continue
raw_pkg_name=$(echo ${pkg_name} | tr [a-z] [A-Z] | tr '-' '_')
pkg_dl_dir="${raw_pkg_name}_DL_DIR"
sed -i "s/\$(DL_DIR)/\$($pkg_dl_dir)/" ${i}
done
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Like the utilities, it is meant to run on the host machine, hence must
be built using the host toolchain.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
... to follow the convention: type, default, depends on, select, help.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use only one space before backslash.
Indent with tabs.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>