The project at https://github.com/linux4sam/at91bootstrap was until
now releasing 3.x versions, which were packaged using
boot/at91bootstrap3/ in Buildroot. Microchip has now started a new
branch of at91bootstrap, called 4.x, which will only support the
following devices: sam9x60, sama5d2, sama5d3, sama5d4, sama7g5. A
number of older devices from Microchip will only be supported by the
existing 3.x series.
Therefore, we cannot simply remove support for the 3.x series, and
allow using only the 4.x series.
So what this commit does is extend the boot/at91bootstrap3 package to
support building both 3.x and 4.x versions. In detail, this implies:
* Having the BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION symbol point to
the latest 4.x version. Indeed, we want
BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION to really point to the
latest upstream version, even if that means potential breakage for
users. Users who want to use a fixed version of at91bootstrap
should anyway not be using
BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION.
* Introduce BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION_3X for users who
would like to use the latest 3.x series.
* Adjust the installation logic, as images to install are now in
build/binaries/*.bin instead of binaries/*.bin. In order to not
have to differentiate 3.x and 4.x, we simply use $(wildcard ...) to
expand the list of files to install.
* To make it clear that boot/at91bootstrap3 supports both 3.x and
4.x, we also update the prompt of the package.
at911bootstrap does not carry a license file; so far we were using
main.c as the license file, as it carries the license blurb. Now that we
have a known alternate version, we would need a per-version hash for
that file. However, this is a bit too cumbersome to handle, so just drop
using main.c as the license file. When upstream introduces a proper
license file, we can revisit the situation.
Update the two defconfigs that were using the upstream 3.9.3 version;
all other defconfigs are using custom tarballs or custom git trees.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
[Thomas: while this patch is based on previous work by Eugen, it was
reworked quite significantly.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- drop main.c as license file, explain why
- update the two defconfigs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
EDK2 is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications.
The initial version of this bootloader package makes it possible to
build firmware for the following seven configurations:
* QEMU x86-64 pc machine
* QEMU aarch64 virt machine, booting directly from flash
* QEMU aarch64 virt machine, booting via the kernel protocol
* QEMU aarch64 sbsa-ref machine
* ARM FVP vexpress machine
* Socionext SynQuacer Developerbox
* SolidRun MacchiatoBin
Support the use of EDK2 UEFI payloads as BL33 in ARM Trusted Firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr:
- duplicate defaults in Config.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the license file name / hash will be correct in all
cases, so only specify COPYING.BSD when _LATEST_VERSION is used, similar to
how we do it for the Linux kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the Buildroot patches can be applied - So move them to a
0.9 subdir to ensure they are only applied when the _LATEST_VERSION is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3b551f68a5 (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to
match renamed upstream repo) forgot to update the include in boot/Config.in,
breaking menuconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This packages allows to build the first stage bootloader used on the
BeagleV, which is used even before the DDR initialization and
OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first
stage bootloader, but that's the upstream name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- add hash file
- commit is HEAD only right now, so don't reference HEAD
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a package for the DDR initialization code used on the
BeagleV platform.
The typo in the package name is upstream's typo, and we just keep it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- upstream name is beaglev_ddrlnit, not *init (keep their typo)
- rename package and variables accordingly
- the referenced commit is no longer the HEAD of said branch
- add a hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified,
opensbi.mk was assuming that both fw_jump and fw_dynamic would be
produced. However, this is not the case: the OpenSBI per-platform
config.mk can decide which image to build.
As an example, the config.mk for VIC7100-based BeagleV only enables
producing the fw_payload image.
This commit adds three options to enable the installation of images:
one for fw_jump, one for fw_dynamic, one for fw_payload.
The options for fw_jump and fw_dynamic are "default y" when
BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior.
The option for fw_payload is forcefully selected when either Linux or
U-Boot are selected as payloads.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The opensbi package already allows to use Linux as a payload for
OpenSBI, but in some cases, U-Boot as payload is useful. This commit
adds a BR2_TARGET_OPENSBI_UBOOT_PAYLOAD option, modeled after the
existing BR2_TARGET_OPENSBI_LINUX_PAYLOAD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenSBI contains platform-specific code, so very much like Linux,
U-Boot or other bootloaders, using the upstream version of OpenSBI
will very often not be sufficient.
This commit therefore adds the possibility of specifying a custom
version of OpenSBI, either custom from upstream, custom tarball, or
custom from Git. Support for other version control systems has not
been implemented for now, but could be added later if needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
shim 15.4 builds just fine on ARM32.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use the tarball provided by upstream developers instead of the one
generated by Github. Indeed
https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
usual, please use the shim-15.4.tar.bz2 tarball, rather than the
other two archives github automatically produces."
- The tarball now includes the gnu-efi code, so we no longer need to
select gnu-efi and have it as a build dependency. We continue to use
BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
architectures that have gnu-efi support. We also drop the
EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
needs to be searched in STAGING_DIR.
- Drop all four patches, which were backports from upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport a set of upstream patches to fix:
MokManager.c: In function ‘write_back_mok_list’:
MokManager.c:1081:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1081 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
| ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1103 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~
MokManager.c: In function ‘delete_cert’:
MokManager.c:1144:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1144 | if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_hash_in_list’:
MokManager.c:1195:20: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1195 | if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_keys’:
MokManager.c:1359:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1359 | if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
shim fails to build with:
console.c:448:5: error: ‘EFI_WARN_UNKOWN_GLYPH’ undeclared here (not in a function); did you mean ‘EFI_WARN_UNKNOWN_GLYPH’?
448 | { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"},
| ^~~~~~~~~~~~~~~~~~~~~
| EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....
Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:
* CVE-2020-14372 is already fixed by a patch we have in our patch
stack for grub2
* CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
not affect grub2 upstream, nor grub2 with the stack of patches we
have in Buildroot
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615 and
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_20006 options were last selected by the
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 toolchain, but this
toolchain has been removed as part of commit
d87e114a8f in August 2020.
It's time to get rid of those two options that are never enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
As detailed in commit 7e64a050fb, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.
In addition to the security fixes, these required patches has been
backported:
f76a27996 efi: Make shim_lock GUID and protocol type public
04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
ac5c93675 efi: Add a function to read EFI variables with attributes
d7e54b2e5 efi: Add secure boot detection
The following security issues are fixed:
CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.
Reported-by: Máté Kukri
*******************************************************************************
CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.
Reported-by: Chris Coulson (Canonical)
*******************************************************************************
CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.
Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)
*******************************************************************************
CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.
Reported-by: Chris Coulson (Canonical)
*******************************************************************************
CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.
Reported-by: Teddy Reed
*******************************************************************************
CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.
If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.
This flaw only affects upstream and distributions using the shim_lock verifier.
Reported-by: Dimitri John Ledkov (Canonical)
*******************************************************************************
CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.
Reported-by: Daniel Axtens (IBM)
*******************************************************************************
CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.
Reported-by: Daniel Axtens (IBM)
*******************************************************************************
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If PER_PACKAGE_DIRECTORIES=Y and using host-make package (because
BR2_FORCE_HOST_BUILD=Y or local make is too old) .stamp_dotconfig
target needs per-package/uboot/host/bin/host-make that doesn't
exist yet.
Add host-make into UBOOT_KCONFIG_DEPENDENCIES.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit ca1604388a updated the checksum of
the tarball, but failed to update the one of main.c, which serves as a
license file.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump OP-TEE OS package version to OP-TEE release 3.12.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
since 2021.01, tools/binman is broken.
tools/binman/control.py imports pkg_resources
the module pkg_resources is supplied by setuptools,
so this new dependency is required.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.
Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.
However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:
- linux-headers and linux
- barebox-aux and barebox
When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.
Fix that by manually propagating the per-site-method format-version.
Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some RISC-V platforms (such as SiFive HiFive Unleashed) encapsulate
the OpenSBI firmware image inside U-Boot.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.
However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.
To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.
So, we bump the git-specific format-version to -br1.
The %ci date has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.
As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.
Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.
For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
#!/bin/sh
# Find and download all packages using git as backend.
# Manually fix hashes for affected packages.
# Packages that only have a host variant
HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'
# Packages that have a non-git main _SOURCE, and/or which
# have BR_NO_CHECK_HASH_FOR for the git _SOURCE
NOT_GIT='aufs|aufs-util|xenomai|linux-headers'
export BR2_DL_DIR=$(pwd)/temp-dl-dir
make defconfig
make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
boot/vexpress-firmware/ package/ \
|sed -r -e 's,.*/([^/]+)\.mk,\1,' \
|sed -r -e '/^('"${NOT_GIT}"')$/d;' \
-e 's/^('"${HOST_ONLY}"')/host-\1/;' \
-e 's/$/-legal-info/;'
)
---8<------8<------8<------8<---
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump bootwrapper to the latest version.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rebase on the mv-ddr-devel branch as the release branches are no longer
maintained.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2. As in linux, kconfig can call the compiler
to test its capabilities.
We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
[...]
params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
[...]
TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.
Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump OP-TEE OS package version to OP-TEE release 3.11.0.
Remove patches since merged in OP-TEE OS 3.11.0
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add `.stm32` binary format that U-Boot generates for the trusted
configuration of STM32MP platforms.
Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For consistancy and dependencies between uboot and uboot-tools,
this patch migrates the script creation over in a similar way as
the env image creation.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Migrating the support for this feature to uboot-tools to gain the
ability to build env files when BR2_TARGET_UBOOT isn't selected.
When _ENVIMAGE_SOURCE is not set, we generate a default environment.
However, this default depends on the U-Boot configuration. Therefore,
this can only be done if uboot itself is built as well, and
host-uboot-tools needs to depend on uboot.
For the same reason, the commands for creating the environment have to
be adapted a little. Take this occasion to drastically simplify them.
Note: This patch creates a circular dependency with uboot until the
similar migration patch is merged for uboot scripts
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It's easier to locate given format when it's sorted.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The buildroot custom bareboxenv compile command misses the additional
include path 'scripts/include' to gain access to the local copy of the
kernel header files (which leads to compile error when using an older
toolchain).
This could be fixed by enhancing the custom bareboxenv compile command
(see [1]) or by using the barebox build system by simply enabling the
CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2])
instead (as suggested by Yann E. MORIN).
Fixes (with BR2_TARGET_BAREBOX_BAREBOXENV enabled):
build/barebox-2019.12.0/scripts/bareboxenv.c💯10: fatal error: linux/list.h: No such file or directory
[1] http://lists.busybox.net/pipermail/buildroot/2020-January/270942.html
[2] https://git.pengutronix.de/cgit/barebox/commit/?id=afb03d7a554a2911a3742e316f011319fcb416f1
Note: a user who would previously provide a barebox config file which
had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did
not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target
built, but it would not be installed in the target. Now, and unset
BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a
regression: it was anyway previously not installed.
Reported-by: Frederick Gotham <cauldwell.thomas@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- also explicitly disable it when not selected
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a patch that passes -fno-builtin to fix the build
with gcc 10. The patch has been submitted upstream.
There are no autobuilder failures, since it's a bootloader package,
and therefore not tested by the autobuilders. However, a build failure
was detected when building toolchains and a minimal ARMv7-M system at
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359529.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent versions of OP-TEE depend on Python 3. Currently, OP-TEE is
building with the Python interpreter provided by the user. This patch
includes an upstream patch that makes the interpreter configurable,
and makes use of this configuration with host-python3.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot must use $(BR2_MAKE) as it uses a Make feature from v4.0. We
already use $(BR2_MAKE) in the BUILD_CMDS, but the kconfig commands
still uses $(MAKE). Without this fix, building U-Boot with kconfig will
fail with the following cryptic error.
> Makefile:37: *** missing separator. Stop.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable this bootloader for cortex a7 based SoCs: support for the
sama7g5 SoC is now in upstream at91bootstrap3, and it is a Cortex-A7
based SoC.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
Fixes the following security issues:
* CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may
use the GRUB 2 flaw to hijack and tamper the GRUB verification
process. This flaw also allows the bypass of Secure Boot
protections. In order to load an untrusted or modified kernel, an
attacker would first need to establish access to the system such as
gaining physical access, obtain the ability to alter a pxe-boot
network, or have remote access to a networked system with root
access. With this access, an attacker could then craft a string to
cause a buffer overflow by injecting a malicious payload that leads
to arbitrary code execution within GRUB. The highest threat from
this vulnerability is to data confidentiality and integrity as well
as system availability.
* CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't
check for possible arithmetic overflows on the requested allocation
size. This leads the function to return invalid memory allocations
which can be further used to cause possible integrity,
confidentiality and availability impacts during the boot process.
* CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when
handling squashfs filesystems containing a symbolic link with name
length of UINT32 bytes in size. The name size leads to an
arithmetic overflow leading to a zero-size allocation further
causing a heap-based buffer overflow with attacker controlled data.
* CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap
based buffer overflow.
* CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
* CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create()
leading to a use-after-free vulnerability which can be triggered by
redefining a function whilst the same function is already
executing, leading to arbitrary code execution and secure boot
restriction bypass
* CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd
and grub_initrd_init in the efilinux component of GRUB2, as shipped
in Debian, Red Hat, and Ubuntu (the functionality is not included
in GRUB2 upstream), leading to a heap-based buffer overflow. These
could be triggered by an extremely large number of arguments to the
initrd command on 32-bit architectures, or a crafted filesystem
with very large files on any architecture. An attacker could use
this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. This issue affects GRUB2 version 2.04 and prior
versions.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump OP-TEE OS package version to OP-TEE release 3.9.0.
Update patch on pydrypto/pycryptodome to match 3.9.0.
Add patch on CFG_OPTEE_REVISION_MINOR that was not updated in release
3.9.0 and fixed only few commits above.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Before now, U-Boot SPL could only load the Platform Management Unit
(PMU) by patching the board-specific pm_cfg_obj.c file into the generic
PMU firmware, but that then requires generating a new PMU firmware for
every board configuration. To fix that, Luca Ceresoli added support to
U-Boot to load the pm_cfg_obj[1].
Like the PMU firmware, we need a way to pass the PMU cfg to U-Boot
during build. U-Boot only accepts the binary format of the cfg, so we
must convert the source file with the tool provided with U-Boot.
[1] https://lucaceresoli.net/zynqmp-uboot-spl-pmufw-cfg-load/
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The OpenSBI platform 'qemu/virt' has been removed in v0.8. Builds for
the QEMU 'virt' machine can use the 'generic' platform instead.
Tested with qemu_riscv32_virt_defconfig and
qemu_riscv64_virt_defconfig using Buildroot host-qemu 5.0.0.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport a patch from upstream to fix the build on certain versions of
gsc, notably:
Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0
Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
The upstream patch is simply a change in the gentpl.py script, which is
used to generate parts of the automake machinery, so if we just backport
the upstream patch, we need to call the script to regenerate those files.
However, the modified script is a python script, so we would need to add
a dependency on host-python (2 or 3), which is not so nice.
Furthermore, calling the script is not enough: it needs a specific set
of optionss for each file it is to generate. That set of options is not
static; it is constructed in the convoluted autogen.sh. Calling
autogen.sh is usally not so good an idea in the Buildroot context, and
indeed this fails becasue it calls to autoreconf, but without our
carefuly crafted options and environment variables.
There was a little light in the tunnel, in that autogen.sh can be told
not to run autoreconf, by setting the environemnt variable
FROM_BOOTSTRAP to an non-=empty string, but this is fraught with various
other side-effects, as in that cause, autogen.sh expects to be valled by
an upper sciopt, bootstrap, which is not provided in the tarball
distribution...
So, between all those issues, autogen, bootstrap, and a host-python (2
or 3) dependency, we choose another route: path the script *and* the one
generated file affected by the change. Since that patched file is a .am
file, we also patch the corresponding .in file
However, we're faced with another issue: the other generated file is
now older than the script, so the automake machinery will now want to
re-run autoconf et al during the build step, which is still not a good
idea for us. So we touch the other generated file so it is mopre recent
than the script.
This is still not sufficient, because the patched file also has a
dependency on the generated file, so we need to touch as well.
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=12946
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- keep the hunk about patching gentpl.py
- make it a git-formatted patch
- add the touch
- drastically expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The HTTPS URL seems to be more reliable and quicker for download than
FTP. FTP may also be a blocked protocol on some sites and in CI/CD
setups.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A few conflicts had to be resolved:
- Version number and hash for mesa3d-headers/mesa3d
- Patches added in qemu, and the qemu version number
- The gnuconfig README.buildroot
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commit [1] "licensing info is only valid for v1.4" fixed the legal-info
issues when a custom ATF tarball or a version from git is used.
But we need to ignore licencing for a used defined official ATF version.
Althougt the ATF version are licensed under BSD-3-Clause, the license
file can be updated between version (for example between v1.4 and v2.0).
Ignore the licencing check if the user provide a custom official version.
[1] d1a61703f7
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: use positive logic with the _LATEST option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
>From [1] included in optee-os release 3.7.0:
"PyCryptodome is a fork of PyCrypto, which is not maintained any more
(the last release dates back to 2013 [2]). It exposes almost the same
API, but there are a few incompatibilities [3]."
pem_to_pub_c.py/sign.py scripts still use pycrypto that is replaced
by pycryptodomex. Add a patch to use pycryptodomex but don't use
upstream commit since it also switches from the algorithm
TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256
when replacing pycrypto to pycryptodomex [4].
[1] 90ad245043
[2] https://pypi.org/project/pycrypto/#history
[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html
[4] ababd72d2f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/526035730
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot versions newer than 2020.01 use Python 3.x instead of Python
2.x in various scripts.
We already had the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT and
BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS options, but depending on the U-Boot
version, we now need to indicate if Python 2.x or Python 3.x should be
used.
In addition, it turns out that some U-Boot configurations need a
Python interpreter, without needing pylibfdt or pyelftools. Some of
our defconfigs were abusing the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT option
to make sure a Python interpreter was built.
To solve this issue, we introduce a choice, that let the users specify
what, if any, host python version is needed. The default is 'no', to
preserve the previous behaviour, unless any of the pylibfdt or the
pyelftools options is enabled, in which case we hide the 'no' option,
and use python 2 by default. This dfault is guaranteed by the order of
options in the choice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- explicitly make the choice a bool
- make BR2_TARGET_UBOOT_NEEDS_PYTHON a blind option
- introduce the 'no' option in the choice
- reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The following defconfig:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_TARGET_SYSLINUX=y
BR2_TARGET_SYSLINUX_EFI=y
fails to build due to missing setjmp/longjmp definitions, which is a
consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10.
This build failure is fixed by adding another syslinux paytch, which
has been submitted upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some ATF configurations, require a pre-built bare metal toolchain to
build some platforms which host cortex-m series core, for instance
rockchip rk3399 has a cortex-m0 core. Without a pre-built bare metal
toolchain, the build fails:
make[3]: arm-none-eabi-gcc: Command not found
To solve this, this commit implements a
BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
option. Platforms which have such requirement should enable this
config option.
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When barebox, and thus barebox-aux, are downloaded from a git tree, then
barebox-aux download fails because a hash check is attempted on the
downloaded archive:
Could not fetch special ref 'v2020.03.0'; assuming it is not special.
ERROR: No hash found for barebox-aux-v2020.03.0.tar.gz
This is because we only exclude from the check the archive of the bare
barebox:
BR_NO_CHECK_HASH_FOR += $(BAREBOX_SOURCE)
However, the default name of an archive is based on the package name,
which for barebox-aux is not 'barebox'.
Since barebox-aux really uses the exact same source as the bare barebox,
it should also share the archive name.
This has two direct consequences and advantages:
- the hash check is completely avoided for the barebox-aux archive;
- the barebox-aux archive is not downloaded as it is already
downloaded for barebox.
Reported-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
barebox and barebox-aux are really the same package, from the same URL
and the same version. They deserve being stored in the same directory.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some ATF configurations, such as the ones for the STM32MP1 processor
family, require DTC during the build as Device Tree files are
used. Without dtc, the build fails:
/bin/sh: 1: dtc: not found
dtc version too old (), you need at least version 1.4.4
plat/st/stm32mp1/platform.mk:239: recipe for target 'check_dtc_version' failed
make[1]: *** [check_dtc_version] Error 1
To solve this, this commit implements a
BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC option, in a way that mimics
the BR2_TARGET_UBOOT_NEEDS_DTC option we already have for the U-Boot
package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested with qemu_riscv32_virt_defconfig and
qemu_riscv64_virt_defconfig using Buildroot host-qemu 4.2.0.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing qstrip wrapping to the new
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS option.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can only know the details of the license files for known versions. For
custom, older or newer versions, the license files may change, or may be
moved around.
So, do for optee-os as was done for other packages in the recent past,
and only define the list of license files for the latest version.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can only know the details of the license files for known versions. For
custom, older or newer versions, the license files may change, or may be
moved around.
So, do for at91bootstrap3 as was done for other packages in the recent
past, and only define the list of license files for the latest version.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can only know the details of the license files for known versions. For
custom, older or newer versions, the license files may change, or may be
moved around.
So, do for Barebox as was done for ATF, linux, and linux-headers, and
only define the list of license files for the latest version.
Add the hash for that license file, and align hashes to the new spacing
convention.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can only know the details of the license files for known versions. For
custom, older or newer versions, the license files may change, or may be
moved around.
So, do for U-Boot as was done for ATF, linux, and linux-headers, and only
define the list of license files for the latest version.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with 2020.01, uboot started using the 'undefine' make
directive, which was only introduced with make 4.0.
In the general case, we do not have a way to know if the uboot
selected by the user is older or later than 2020.01, so we have
no way to know before hand if make >= 4.0 is needed or not. As
such, we have no other option than to always require it.
So, use the existing $(BR2_MAKE_HOST_DEPENDENCY) and $(BR2_MAKE),
both of each will ensure that we do use a make that is at least 4.0.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow specifying additional build targets for ATF.
This might be more useful when using a custom git repository.
For example, when using with the ATF repository from NXP QorIQ,
there is a new build target 'pbl' which is used to build the
pbl binary image. Note that in the specific case of the 'pbl'
target, additional build variables also need to be specified
through BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The original UBOOT_FIXUP_LIBFDT_INCLUDE hook only works for u-boot versions
starting from v2017.11.
As older u-boot versions are still in common use today, e.g. in the
ci20_defconfig, extend the hook to cover a wider range of u-boot versions.
The main code change was proposed by Arnout Vandecappelle in [1].
Testing and comment changes were done by Thomas De Schampheleire.
Additional (build) testing done by Yann.
[1] http://lists.busybox.net/pipermail/buildroot/2019-May/251231.html
This was tested with the following defconfigs, that each excercise one
case:
----.-- No defconfig identified
2010.06 'lib/libfdt/', used to be simply 'libfdt' before upstream commit 0de71d507157...
2013.10 ci20_defconfig
2014.04 'srctree' used to be called 'SRCTREE' before upstream commit 01286329b27b27ea...
2017.05 olimex_a13_olinuxino_defconfig
2017.11 scripts/dtc/libfdt only exists since upstream commit c0e032e0090d6541549b19cc...
2018.01 mx6udoo_defconfig
2018.03 core change is equivalent to upstream commit e0d20dc1521e74b82dbd69be53a04884...
2019.10 nanopi_neo_defconfig
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: add the build-test results]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add an upstream URL to the help text in Config.in. This
addresses the issue where an incorrect URL is displayed
on the package stats web page.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When at91bootstrap3 was bumped to 3.9.0 in commit
513899e471, an incorrect hash was set:
it was the hash of the tarball generated by the Git download logic of
Buildroot, and not the hash of the tarball auto-generated by Github,
which is the one that we really download by default.
Fixes:
ERROR: at91bootstrap3-v3.9.0.tar.gz has wrong sha256 hash:
ERROR: expected: 9960b0d18fe42feee566d4c52efa0d7c8251685bf9acfdf343f30a27951ada1e
ERROR: got : e23e6df23b79ca81e412cb73a1f48bd95df8d46c7d52a1d073c2ed9d4f3a1a71
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Reported-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Implement possibility to download AT91Bootstrap from a custom tarball
URL.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds support for GICv3 (such as GIC-500).
Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch improves the DTB handling, using a parameter
in more recent versions of the bootwrapper.
Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps the bootwrapper version to the latest.
Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It allows you to add the u-boot.itb to the list of U-Boot images that
can be created. Like the others, this one is also copied to the image
folder.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, when BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33 is
enabled, the arm-trusted-firmware package assumes that the BL33 image
provided by U-Boot is u-boot.bin. However for some platforms, the name
may be different (for example u-boot-dtb.bin). To support such use
cases, this commit adds a string option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE to configure the
U-Boot image name, which defaults to u-boot.bin to preserve backward
compatibility.
Signed-off-by: Jerry Huang <jerry.huang@nxp.com>
Reviewed-by: Sergey Matyukevich <geomatsi@mail.com>
[Thomas: rewrite commit log and Config.in help text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds support for different platforms where the binaries have
different extensions.
Signed-off-by: Michael Schenk <michael.schenk@noser.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.7.0.
This adds host-python-pyelftools to optee-os dependencies
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In commit 2c8ff251cb ("boot/uboot: add
option to generate env image from default env"), the possibility of
generating an environment image using the built-in U-Boot environment
as a source was added.
This is meant to happen when the string option
BR2_TARGET_UBOOT_ENVIMAGE_SOURCE is empty, but the original commit
added the Config.in help text to BR2_TARGET_UBOOT_ENVIMAGE, which is a
boolean option, and therefore cannot be empty.
Move the help text to BR2_TARGET_UBOOT_ENVIMAGE_SOURCE, where it
belongs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump OpenSBI to the latest version. We need a patch for RV32 to avoid
hard/soft float build failures.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The RISCV Proxy Kernel (AKA BBL) isn't being used by most distros so has
very limited testing. It has been replaced by OpenSBI and been
deprecated for awhile, so let's just remove it.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump version of Marvell DDR training software. This update accompanies
update of the ARM Trusted Firmware used on Marvell A8K platforms.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since release 18.12 binaries-marvell repository provides
common firmware supporting both A7K and A8K SoC families.
This commit bumps package version to 18.12 and removes
platform specific binary selections from Config.in.
Single firmware image suitable for both A7K and A8K
platforms is now specified in mk file explicitely.
Legacy handling is not needed, as configs which did have
the option set will continue to work without change.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Arnout:
- Remove BINARIES_MARVELL_IMAGE entirely;
- Add remark about legacy handling;
- Remove the deprecated option from the defconfigs and test that use
it.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since the ts4800_defconfig has been removed, the ts4800-mrboot package
is no longer useful, therefore we drop it.
Cc: Patrick Keroulas <patrick.keroulas@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot supports a number of environment variables to pass specific
information. The following patches were submitted in the past to one
some specific Config.in option to pass some of these variables:
- http://patchwork.ozlabs.org/patch/881197/ proposed an option to
pass a custom EXT_DTB= variable
- http://patchwork.ozlabs.org/patch/1018245/ proposed an option to
pass a custom DEVICE_TREE= variable
Instead of adding one Config.in option for each of those variables,
let's provide a generic mechanism to pass arbitrary variables during
U-Boot build step.
Cc: Konstantin Porotchkin <kostap@marvell.com>
Cc: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some platform may generate specific boot image files instead of
the generic files tee.bin and tee-*_v2.bin when building OP-TEE OS
package.
This change introduces optee-os configuration directive
BR2_TARGET_OPTEE_OS_CORE_IMAGES that allows board configuration
to specify its expected boot image file names.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: use the current hardcoded values as the default for the new
config option, to avoid breaking existing setups, and therefore use
$(wildcard ...) to support wildcards]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
[Thomas:
- Config.in: move the BR2_TARGET_OPENSBI_PLAT dependency to a
"depends on", there's no need to have an if...endif block just for
that.
- Config.in: drop the BR2_TARGET_OPENSBI_LIBRARY_ONLY dependency,
since this option doesn't exist
- opensbi.mk: don't use qstrip on BR2_TARGET_OPENSBI_LINUX_PAYLOAD,
since it's a boolean option
- opensbi.mk: use += when adding linux to DEPENDENCIES
- opensbki.mk: refactor the firmware file installation with a loop]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds support to extract compiled in default env
via u-boot's get_default_envs script and generate env image from it.
Signed-off-by: Denis Osterland <Denis.Osterland@diehl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The licensing information, and especially the name of the license file,
is known only for the official v1.4 version. For example, in later
versions, the license file has been renamed.
Since we can't be sure of the licensing information for custom versions,
or for versions from git, define that only for the known v1.4 version.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
>>> uboot 2019.07 Collecting legal info
ERROR: No hash found for Licenses/gpl-2.0.txt
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Barebox starting from 2019.02 no longer ships flex/bison generated
parser. Add conditional kconfig dependencies, same as we did for kernel
and uboot.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add upstream patch fixing a build warning that is considered as error.
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On Github, a large number of projects name their tag vXYZ (i.e v3.0,
v0.1, etc.). In some packages we do:
<pkg>_VERSION = v0.3
<pkg>_SITE = $(call github foo,bar,$(<pkg>_VERSION))
And in some other packages we do:
<pkg>_VERSION = 0.3
<pkg>_SITE = $(call github foo,bar,v$(<pkg>_VERSION))
I.e in one case we consider the version to be v0.3, in the other case
we consider 0.3 to be the version.
The problem with v0.3 is that when used in conjunction with
release-monitoring.org, it doesn't work very well, because
release-monitoring.org has the concept of "version prefix" and using
that they drop the "v" prefix for the version.
Therefore, a number of packages in Buildroot have a version that
doesn't match with release-monitoring.org because Buildroot has 'v0.3'
and release-monitoring.org has '0.3'.
Since really the version number of 0.3, is makes sense to update our
packages to drop this 'v'.
This commit only addresses the (common) case of github packages where
the prefix is simply 'v'. Other cases will be handled by separate
commits. Also, there are a few cases that couldn't be handled
mechanically that aren't covered by this commit.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
[Arnout: don't change flatbuffers, json-for-modern-cpp, libpagekite,
python-scapy3k, softether]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump OP-TEE OS package version to OP-TEE release 3.5.0.
The hash of the license file changed due to a fairly minor change in
the file:
-Unless it has its own copyright/license embedded in its body, each source file
+Unless it has its own copyright/license embedded in its body, each file
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install generated trusted shared libraries in the target file
system next to the trusted applications.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change fixes the TA binary files install sequence that were
previously install in target filesystem though
OPTEE_OS_INSTALL_IMAGES_CMDS instead of expected
OPTEE_OS_INSTALL_TARGET_CMDS.
This change removes useless mkdir prior call to $(INSTALL) that
already handles parent directory creation when needed.
This change conditions the .ta files installation upon their
availability as they may exist or not depending on the exact OPTEE
version/configuration selected.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rockchip rk3399 SOC based boards require python pyelftools library for
parsing dtb files, so lets add it as uboot dependency.
This commit introduces a new config option
BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS to achieve this.
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All downloads performed by buildroot should be integrity-checked if
possible. Enable integrity-checking for the RISC-V OpenSBI sources by
adding a corresponding hash file.
Signed-off-by: Karsten Merker <merker@debian.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
boot/barebox/barebox.hash:5: missing newline at end of file
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes#11756
This fixes the following build error with newer binutils:
objcopy -O binary mbr.elf mbr.bin
perl /build/syslinux/src/syslinux/mbr/checksize.pl mbr.bin
mbr.bin: too big (452 > 440)
Corresponding bug reports:
- https://bugs.archlinux.org/task/60405
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906414
Strip the .note.gnu.property in the linker scripts for the MBRs.
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenSBI is a much improved alternative to BBL (riscv-pk). Add OpenSBI
support to buildroot.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
[Thomas:
- disable target installation, as we install nothing
- enable staging installation
- enable images installation only when needed
- improve the comment about the staging installation]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the trusted firmware is built with debug support (DEBUG defined),
the generated images are located in a different path compared to a
build without debug support. The non debug images are located in
generated directory build/<platform>/release/ while the debug images
are located in generated directory build/<platform>/debug/.
This change introduces the boolean option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG to define whether the release or
debug configuration is used to build trusted firmware.
Note that enabling trusted firmware debug support using
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="... DEBUG=1 ..."
would not work since Buildroot will try to copy the generated files
from the wrong path.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build trusted firmware (TF-A) with OP-TEE as
BL32 secure payload.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT is enabled TF-A
builds a BL32 stage according the TF-A configuration directive. If
these specify no BL32 stage then TF-A will build without BL32
support. This is the default configuration and reflects TF-A legacy
integration in BR.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE is enabled TF-A builds
with support for the OP-TEE OS as BL32.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: rename config options, simplify option prompts, and rework
option description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build the TF-A (Trusted Firmware A) for
32bit architectures Armv7 and Armv8 platforms. TF-A supports these
configuration since release v1.5.
Change dependency on BR2_aarch64 into a dependency on either
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A to better define
the target architectures supported by the package.
Set package configuration directive ARM_ARCH_MAJOR according to
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A. Set package configuration
directive ARCH based on BR2_aarch64/BR2_arm.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This upgrades to version 48 plus the last commits done after that.
Note, that after that, gummiboot is officially dead, so there will
be no more upstream commits after this.
For various reasons, there are still users of gummiboot, so let's base our
work on the latest gummiboot "version".
Signed-off-by: Esben Haabendal <esben@haabendal.dk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a new variable OPTEE_OS_SDK, define by the optee-os
package, which points to the OPTEE SDK installed in STAGING_DIR. This
will allow other pakage to find this SDK more easily.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: improve commit log, rename variable to just OPTEE_OS_SDK]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 1a437fd22f bumped gnu-efi to version 3.0.9. This breaks the build
of syslinux with EFI support due to multiple definitions of 'memset' and
'memcpy'. Backport a patch already applied upstream to fix the problem.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OP-TEE OS is maintained by the OP-TEE project. It provides an
open source solution for development and integration of secure
services for Armv7-A and Armv8-A CPU based platforms supporting
the TrustZone technology. This technology enables CPUs to
concurrently host a secure world as the OP-TEE OS and a non-secure
world as a Linux based OS.
The OP-TEE project maintains other packages to leverage OP-TEE on
Linux kernel based OSes. An OP-TEE interface driver is available
in the Linux kernel since 4.12 upon CONFIG_OPTEE.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
https://www.op-tee.org/https://github.com/OP-TEE/optee_os
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- pass CFG_ARM32_core=y when building for ARMv7, otherwise the build
fails
- add a check that verifies that BR2_TARGET_OPTEE_OS_PLATFORM is not
empty
- minor formatting fixes/adjustements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
boot/uboot/Config.in:185: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rockchip's rk3328 encapsulates the BL31 part of ATP but it needs
image in ELF format. This is extension to
2c4809e608
This commit introduces a BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF variable
to achieve this.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow user to choose specific, stable version from official ATF
repository
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
At kconfig time, dependencies are not built, and therefore host-ccache
is not ready. Due to this, using $(HOSTCC) as the host compiler in
KCONFIG_OPTS does not work: a "make uboot-menuconfig" invocation from
a clean tree with ccache enabled fails.
This commit fixes this by using $(HOSTCC_NOCCACHE). We cannot rely on
the default value of HOSTCC passed by the kconfig-package
infrastructure, because $(UBOOT_MAKE_OPTS) also contains a HOSTCC
definition that would override the one passed by the kconfig-package
infrastructure.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a package for 'shim', an EFI bootloader for secure
boot chain loading.
While gnu-efi supports 32bit ARM, this is currently broken in shim.
Patches to fix this have been submitted upstream but are not included
here for now.
https://github.com/rhboot/shim/pull/162
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends
on to exclude ARM32 build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be used in packages that depend on gnu-efi, and we take this
opportunity to propagate this dependency where it was missing in
gummiboot and syslinux. In practice, it was not a problem because
gummiboot and syslinux are only available on i386 and x86-64, which is
a subset of the architectures supported by gnu-efi.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Following d0f4f95e39 ("Makefile: rework
main directory creation logic"), BINARIES_DIR is not implicitly
created by the main Makefile at the beginning of the build, leaving
that up to whatever piece of code needs to install something in
$(BINARIES_DIR).
The afboot-stm32 package didn't pay attention to this, which this
commit fixes.
While at it, we move the afboot-stm32 installation into
<pkg>_INSTALL_IMAGES_CMDS, because using <pkg>_INSTALL_TARGET_CMDS to
install only files to BINARIES_DIR is a bit strange.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/131217111
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add notes to test grub2 running on ARM using qemu. The arm section
describes how to run it using u-boot and aarch64 shows how to do it
using efi, which is similar to what has to be done for x86_64.
The source for OVMF builds is also changed to
https://www.kraxel.org/repos/jenkins/edk2/ which is the source for
nightly builds (as rpms but which can be extracted in any distribution),
as the sourceforge link provided only very old builds.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas:
- formatting fixes
- simplify the AArch64/EFI example by using the aarch64_efi_defconfig]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit enables the arm-uboot, arm-efi and aarch64-efi grub2
platforms in Buildroot.
With the uboot platform, the grub2 image gets built as a u-boot image
and is loaded from u-boot through a regular "bootm". The only
requirement from the u-boot side in order to allow this is that u-boot
is built with CONFIG_API enabled. CONFIG_API seems to not be enabled
by default in most in-tree configurations, however, it seems to be
available for quite some time now. So it might be possible to use this
even on older u-boot versions. This is available only for arm
(32-bit).
With the efi platform, grub2 gets built as an EFI executable. This
allows EFI firmware to find and load it similarly as it can be done
for x86_64. Also, since u-boot v2016.05, u-boot is able to load and
boot an EFI executable, so the uboot efi platform can also be used
from u-boot in recent versions. This has been enabled (mostly) by
default for ARM u-boot. efi platform is available for both arm and
aarch64.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: move the BR2_USE_MMU dependency in
BR2_TARGET_GRUB2_ARCH_SUPPORTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an option to install grub2 support tools to the target.
In the context of Buildroot, some useful target tools provided are
grub2-editenv, grub2-reboot, which provide means to manage the grub2,
environment, boot order, and others.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
grub2 requires the host grub2-mkimage tool to build some of its target
images. The current way of building this tool in the grub2 package is
to perform a simultaneous host-tools/target-bootloader build during
the grub2 build step.
This method makes the recipe complex to understand, and proved to be a
complication during the work to enable grub2 support for architectures
other than x86.
This patch tries to do a better separation between the build of grub2
host tools and target boot loader image, as a partial step to enable
grub2 to build for other architectures.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building with glibc 2.28+, the "major", "minor" and "makedev"
functions are defined in "sys/sysmacros.h". This commit backports
upstream commit 1a74985b2a404639b08882c57f3147229605dfd5 to fix the
build with glibc 2.28.
Link: https://www.syslinux.org/wiki/index.php?title=Building
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE_ARCH) in lots of places; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-boot has provided SPL support as a viable replacement for the
2nd stage bootloader on TI platforms. The X-loader project
hasn't had a commit in the log since 12-05-2011.
(https://gitorious.org/x-loader/x-loader)
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.
The fix was provided by Jeff himself on bugzilla.
Fixes bug #11396.
Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Passing CFLAGS/CPPFLAGS in the environment confuses the ATF version
provided by Marvell, and we in fact only need to pass CROSS_COMPILE,
which is already in ARM_TRUSTED_FIRMWARE_MAKE_OPTS.
We however keep TARGET_MAKE_ENV so that the PATH with $(HOST_DIR) is
kept.
This change has been tested with all current defconfigs that build
ATF:
- arm_juno
- bananapi_m64
- freescale_imx8mqevk
- friendlyarm_nanopi_a64
- friendlyarm_nanopi_neo2
- nitrogen8m
- olimex_a64_olinuxino
- orangepi_pc2
- orangepi_prime
- orangepi_win
- orangepi_zero_plus2
- pine64
- pine64_sopine
- solidrun_macchiatobin_mainline
- solidrun_macchiatobin_marvell
- zynqmp_zcu106
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Note that the license file has been entirely rewritten (hence the
change in the hash), but it is still GPL-2.0 with FreeRTOS exception.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is necessary to be able to bump the ARM Trusted Firmware version
used on Marvell platforms.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the RISC-V Proxy Kernel (pk) package which provides the Berkeley
Boot Loader for booting RISC-V kernel images.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
[Thomas:
- fix prompt of option to be just "riscv-pk"
- add blank line between help text and upstream URL in Config.in file
- use $(INSTALL) instead of cp to install the generated image]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using the legacy buildsystem, the kconfig parser may still be used,
as reported by Thomas:
>>> uboot 2018.09 Configuring
...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
bin/sh: 1: bison: not found
ake[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
ake[3]: *** Waiting for unfinished jobs....
LEX scripts/kconfig/zconf.lex.c
bin/sh: 1: flex: not found
However, in that case, the kconfig parser is only generated during the
'configure' step, so we can add bison/flex as standard dependencies.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot fails to build in a GitLab CI context because the kconfig-package
build stage is unable to find bison or flex even though they are
installed in HOST_DIR.
To fix this, set UBOOT_MAKE_ENV so that UBOOT_KCONFIG_MAKE uses the
correct PATH.
Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some U-Boot configurations use lzop, which may not be available on the
build machine since it's not a mandatory dependency of Buildroot.
To solve this, a new option BR2_TARGET_UBOOT_NEEDS_LZOP is introduced,
and handled in a similar way to the existing
BR2_TARGET_UBOOT_NEEDS_OPENSSL option.
This fixes the build of the dra7xx_evm U-Boot defconfig as of U-Boot
2018.07, on a build machine without lzop installed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot SPL configures pinmuxes, clocks and other low-level devices. On
the Xilinx ZynqMP SoCs the code to do this resides in a file called
psu_init_gpl.c which is initially generated by the Xilinx development
tools. Add an option to pass these files from the outside (e.g. in the
board files).
For this to work properly, a patch to U-Boot is needed. However this
patch must be applied by each defconfig using
BR2_TARGET_UBOOT_ZYNQMP_PSU_INIT_DIR. If it were in boot/uboot/ to be
applied unconditionally, it would break the build for configs using a
U-Boot version where the patch is already applied.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Joel Carlson <joelsoncarl@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas: add comment about U-Boot version requirements to use this
option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to boot on the Xilinx ZynqMP SoCs, U-Boot SPL requires a
recent PMU firmware loaded. Instruct U-Boot to add pmufw.bin to the
boot.bin file together with U-Boot SPL, and the boot ROM will load
both.
For this to work properly, a patch to U-Boot is needed. However this
patch must be applied by each defconfig that wishes to use
BR2_TARGET_UBOOT_ZYNQMP_PMUFW. If it were in boot/uboot/ to be applied
unconditionally, it would break the build for configs using a U-Boot
version higher than 2018.7-rc1 where the patch is already applied.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Joel Carlson <joelsoncarl@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas:
- indicate that this feature requires U-Boot 2018.07, since commit
c7df098a71e05dc81cee818747759e8060b59626 is needed.
- define UBOOT_ZYNQMP_KCONFIG_PMUFW only once, and instead use a
variable named UBOOT_ZYNQMP_PMUFW_PATH to store the path to the PMU
firmware]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some i.MX boards which use device tree to describe the hardware
for U-Boot generate a u-boot-dtb.imx binary.
Introduce the BR2_TARGET_UBOOT_FORMAT_DTB_IMX option to
handle such case.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
So the host ncurses includes and library are used instead of a mix of both,
causing corrupted characters. Similar to the linux fix in commit
6d3d09e232 (linux: don't override HOSTCC for kconfig), except that we
pass the linker flags in HOSTLDFLAGS.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot SPL for the Xilinx ZynqMP SoCs needs ATF in this format to load
it.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The path to the binary images is very long. Since we are about to make
a larger use of it, let's use a variable to make it somewhat shorter.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the builsystem for uboot defaults to 'legacy', while the
default version is very well capable of using the 'kconfig' buildsystem
instead.
Having the 'legacy' buildsystem be the default in that case makes it
quite inconvenient for users: they would expect to be able to use e.g.
uboot-menuconfig et al. with the default uboot version.
Switch to using 'kconfig' when we use the latest version. Keep the
'legacy' as default for everything else.
Also, invert the 'legacy' and 'kconfig' entries in the choice: it is
nicer to have the recent and future-proof entry first.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 2a27294e9a ("grub2: force
-fno-stack-protector in CFLAGS"), a fix was made to the grub2 package
to make it build properly even when SSP support is enabled.
However, commit 20a4583ebf ("security
hardening: add RELFO, FORTIFY options") reworked how SSP options are
passed, and they are now passed in CPPFLAGS instead of CFLAGS, making
the fix introduced by 2a27294e9a no
longer operating.
This commit will force no-stack-protector in CPPFLAGS instead of
CFLAGS.
Fixes bug #10961.
Signed-off-by: Tarek El-Sherbiny <tarek_el-sherbiny@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of DL_DIR, the package should now use $(PKG)_DL_DIR to ease the
transition into a new directory structure for DL_DIR.
This commit has been generated with the following scripts:
for i in $(find . -iname "*.mk"); do
if ! grep -q "\$(DL_DIR)" ${i}; then
continue
fi
pkg_name="$(basename $(dirname ${i}))"
[ "${pkg_name}" = "package" ] && continue
raw_pkg_name=$(echo ${pkg_name} | tr [a-z] [A-Z] | tr '-' '_')
pkg_dl_dir="${raw_pkg_name}_DL_DIR"
sed -i "s/\$(DL_DIR)/\$($pkg_dl_dir)/" ${i}
done
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Like the utilities, it is meant to run on the host machine, hence must
be built using the host toolchain.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
... to follow the convention: type, default, depends on, select, help.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use only one space before backslash.
Indent with tabs.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The change in commit bf73334232 only works
for newer uboot source trees. Add a check that scripts/dtc/libfdt
directory exists before making this change.
[Peter: add comment explaining why]
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When libfdt-devel is installed system-wide, the build of U-Boot host
programs currently fails with lots of:
HOSTCC tools/aisimage.o
In file included from tools/../include/../lib/libfdt/libfdt.h:10:0,
from tools/../include/libfdt.h:1,
from tools/fdt_host.h:11,
from tools/imagetool.h:24,
from tools/aisimage.c:8:
/usr/include/libfdt_env.h:70:30: error: conflicting types for ‘fdt64_t’
typedef uint64_t FDT_BITWISE fdt64_t;
^~~~~~~
In file included from <command-line>:0:0:
././include/libfdt_env.h:19:16: note: previous declaration of ‘fdt64_t’ was here
typedef __be64 fdt64_t;
^~~~~~~
In file included from ././include/libfdt_env.h:12:0,
from <command-line>:0:
/usr/include/libfdt_env.h:90:24: error: expected ‘)’ before ‘x’
static inline uint32_t fdt32_to_cpu(fdt32_t x)
^
This commit adds a fixup in the U-Boot code to fix this problem. The
fixup is equivalent to applying upstream commit
http://git.denx.de/?p=u-boot.git;a=commitdiff;h=e0d20dc1521e74b82dbd69be53a048847798a90a,
but we can't use a patch for the uboot package, since people are using
arbitrary versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit baae5156ce (uboot: use local fdt headers) changed the uboot logic
to pass the host include directories with -idirafter instead of -I, so
include files local to u-boot would be preferred over host includes.
This unfortunately breaks configurations using
BR2_TARGET_UBOOT_NEEDS_OPENSSL on hosts with incompatible openssl headers
installed in the system default include directories as explained here:
http://lists.busybox.net/pipermail/buildroot/2018-March/214651.html
The problem is that -idirafter directories gets added to the very end of the
search order, AFTER the system default directories.
Instead use -isystem which causes the directories to be added after -I but
before the system default directories. With this in place, the include
directories of u-boot will first be scanned, followed by the host includes
and finally the system default include directories.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 3a6573ccee.
It is no longer necessary after solving the problem differently.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After commit b8c3e94173 ("package/dtc: qemu system build need libfdt")
changed the dtc install target from 'install-bin' to 'install', uboot
compilation failures occurred because libfdt related headers were now
suddenly taken from output/host/include rather than from the uboot sources
itself.
Commit 3a6573ccee ("uboot: use local libfdt.h") solved this by patching
one specific uboot source file, tools/fdtgrep.c, to replace '<...>'-style
includes by '"..."'-style includes.
However, depending on the uboot version, this may not be enough: there may
be other references to fdt header files. In particular taking into account
that it is not uncommon to have vendor-provided uboot trees which have
custom changes.
The root of the problem is that the uboot.mk file passes the host compiler
as follows:
UBOOT_MAKE_OPTS += \
...
HOSTCC="$(HOSTCC) $(HOST_CFLAGS)" \
...
where HOST_CFLAGS contains the string '-I$(HOST_DIR)/include'
The uboot makefiles then use constructs of the form:
$(CC) $(CPPFLAGS) $(CFLAGS) .....
where CPPFLAGS may contain -I references pointing to local directories.
On the expanded compiler command-line, Buildroot's '-I$(HOST_DIR)/include'
is thus present _before_ any -I to local directories, and thus takes
precedence. And that becomes a problem for header files present both
locally as in the Buildroot host directory, which is the case for libfdt.
To fix this problem without having to patch u-boot sources, use '-idirafter'
rather than '-I' to pass the Buildroot host include directory. '-idirafter'
is basically the same thing, but adds the specified directory at the end
of the include precedence chain, rather than at the beginning.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ATF >= 1.3 builds a host program called fiptool which uses
OpenSSL, so we need to build host-openssl. We could have made it an
optional dependency like U-Boot does, but since most ATF versions are
going to be >= 1.3 in the near future, we simply make host-openssl a
mandatory dependency.
However, the ATF build system is not very good, and you can't easily
pass flags that will affect the build of host programs. Therefore, we
take the approach of building fiptool separately before triggering the
real build process.
It would obviously be better to fix ATF itself, but as usual with
those bootloader packages, we fetch different versions depending on
the platform/configuration, making it difficult to use patches.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/44868961
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 0542bb79e8 (uboot: Support multiple environment source files),
missing user-supplied environment source files is no longer detected.
This is because we cat them all, and feed the concatenation to the stdin
of mkenvimage. So, if one source file is missing, the cat exits in error,
but the compound command exits with the exit code of the last command,
which is that of mkenvimage, which happens to be happy with whatever it
is fed on its stdin, even is empty.
We fix that by creating a temporary file, that we even leave afterward
for the user to inspect.
We also move it out of the _CMDS block and into a macro of its own, so
that it is easier to write and maintain.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Cam Hutchison <camh@xdna.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add Marvell Armada 7k/8k SoCs support to arm-trusted-firmware package.
Marvell ATF needs two additional dependencies:
DDR training code and SCP_BL2 image.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: adjust to previous ATF changes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following our feedback, Marvell has added a README.md file into the
branch that contains the firmware. Thereore, this commit bumps the
version to the commit that includes the README.md file (it's the only
change, the firmware files are unmodified), updates
<pkg>_LICENSE_FILES to point to README.md, and adds the hash for this
license files.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some systems, including Marvell Armada 7k/8k SoCs, have a separate
System Control Processor (SCP) for power management, clocks, reset
and system control. ATF Boot Loader stage 2 (BL2) loads optional
SCP_BL2 image into a platform-specific region of secure memory.
This package adds SCP_BL2 firmware for Marvell Armada 7040 and 8040 SoCs.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas:
- Use "binaries-marvell" in the Config.in prompt and in the .mk file
header.
- Change the license information.
- Adjust license information: it is GPL-2.0 with the FreeRTOS
exception, and therefore can be redistributed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package adds Marvell Armada SoC DDR training algorithms.
This code is not built separately, it is needed as dependency
to build ATF firmware for Marvell Armada SoCs.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas:
- Remove MV_DDR_MARVELL_SRC_SYMLINK, ATF will directly pick up the
mv-ddr-marvell code from where it is.
- Use "mv-ddr-marvell" as the Config.in prompt, and in the comment
header of the .mk file.
- Add upstream URL in Config.in help text
- Adjust license information.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some ARM64 platforms (such as Allwinner A64/H5) have a boot process
where U-Boot encapsulates the BL31 part of the ARM trusted
firmware. For such platforms, we need to build ATF before U-Boot, and
pass a BL31 variable pointing to ATF bl31.bin to the U-Boot build
process.
This commit introduces a BR2_TARGET_UBOOT_NEEDS_ATF_BL31 variable to
achieve this.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas:
- Rename option to BR2_TARGET_UBOOT_NEEDS_ATF_BL31
- Drop changes to arm-trusted-firmware.mk, they are taken care of by
previous commits.
- Improve Config.in help text
- Add missing dependency on arm-trusted-firmware when
BR2_TARGET_UBOOT_NEEDS_ATF_BL31 is enabled.
- Use bl31.bin from $(BINARIES_DIR) instead of taking it from ATF's
build dir.]
[Peter: depend on toplevel atf option and select bl31 option. Ensure it
cannot be enabled together with ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
as that would cause circular dependencies]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some platforms (e.g Allwinner ARM64) don't build a FIP image out of
ATF, but only a BL31 image, which is then encapsulated in U-Boot. This
commit adds an ATF option to build such an image.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ATF can be used in different ways:
- ATF encapsulates U-Boot as the BL33, which is what is done on ARM
Juno (currently supported in Buildroot) and Marvell platforms (soon
to be supported)
- U-Boot encapsulates ATF's BL31, which is what is done on Allwinner
ARM64 platforms.
Until now we were assumming the former was always the case, but
obviously it isn't. Therefore, this patch adds an option that allows
to explicitly tell ATF that it encapsulates U-Boot as its BL33.
We adapt the only defconfig that uses ATF so that it enables this
option as appropriate.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, our arm-trusted-firmware unconditionally builds a FIP
(Firmware Image Package). While this is often needed on platforms
where ATF encapsulates U-Boot, it is not the case on some other
platforms where it's U-Boot that encapsulates parts of ATF.
In order to prepare the support for the later platforms, we make
building the FIP image optional, and update the only defconfig we have
that uses ARM Trusted Firmware.
Note: we considered adding a "default y" here to preserve backward
compatibility, but there really isn't any default that is sane:
whether a FIP image needs to be built or not is purely platform
specific.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the BR2_TARGET_UBOOT_SPL_NAME option accepts a space-separated
list of binaries, the same option can be reuses for TPL binaries as
well. This commit updates the string and help text to indicate that
the same option can be used for SPL and TPL.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use of libfdt.h by u-boot is currently using
the <system-path>.
Jan submitted the following upstream
https://patchwork.ozlabs.org/patch/833760/
Resolves a failure like this one observed on uboot-tools
http://autobuild.buildroot.net/results/347cde4b5c0e6ca76d354396385be4ec1294da73
[Peter: only sed if file exists]
CC: Jan Kundrát <jan.kundrat@cesnet.cz>
CC: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license file got reformatted as reStructuredText, but the license itself
didn't change.
Drop unneeded md5sum and add license hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
U-Boot nowadays also uses kconfig, so we can handle config fragments like we
do for barebox/busybox/linux.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
grub is no longer maintained: it is stuck at version 0.97 with huge
patches that have no opportunity to be applied upstream, as upstream
has even renamed it grub-legacy.
Besides, it no longer builds correctly with recent binutils versions,
and even the huge patches we could grab from Debian do not help the
slightest.
Since upstream really considers it dead, and there are at least two
alternatives (grub2 and syslinux), just remove grub.
Add a legacy entry.
Remove the test cases as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:
checking whether -fno-asynchronous-unwind-tables works... yes
checking whether -fno-unwind-tables works... yes
checking for target linking format... unknown
configure: error: no suitable link format found
This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.
Fixes bug #10261.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When we use the cross-compiler to build syslinux with a recent binutils
version, it fails with:
/builds/arnout/buildroot/output/host/bin/i586-buildroot-linux-uclibc-ld -Bsymbolic -pie -E --hash-style=gnu -T
/builds/arnout/buildroot/output/build/syslinux-6.03/core/i386/syslinux.ld -M -o ldlinux.elf ldlinux.o \
--start-group libcom32.a --whole-archive /builds/arnout/buildroot/output/build/syslinux-6.03/bios/com32/lib/libcom32core.a libldlinux.a --end-group -N
--no-omagic \
> ldlinux.map
/builds/arnout/buildroot/output/host/bin/i586-buildroot-linux-uclibc-ld: ldlinux.elf: Not enough room for program headers, try linking with -N
/builds/arnout/buildroot/output/host/bin/i586-buildroot-linux-uclibc-ld: final link failed: Bad value
/builds/arnout/buildroot/output/build/syslinux-6.03/core/Makefile:167: recipe for target 'ldlinux.elf' failed
Backport an upstream patch that reorganises the i386 bios build by
removing some symbols and making others hidden. To simplify the
backport, an additional patch that also touches the link script is
also included - it anyway looks like that patch could be relevant as
well.
Partially fixes: https://gitlab.com/arnout/buildroot/-/jobs/28979377
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also the last two are regenerated, their context has changed due to
the patches that have been removed earlier.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a new config option BR2_TARGET_UBOOT_NEEDS_PYLIBFDT for U-Boot
targets, like sunxi, needing the Python libfdt library.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas: drop bogus selects on BR2_PACKAGE_HOST_{PYTHON,SWIG}.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As discussed in the mailing list, grub2 usage notes were growing too big
for a Config.in documentation, and so it was agreed that a readme.txt in
the package directory is a better place to put them.
This commit simply moves the documentation as-is to preserve the
original contents as they were in Config.in which can be worked on in
further commits.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.
Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.
Since we're adding a Config.in comment, we also introduce a
BR2_TARGET_GRUB2_ARCH_SUPPORTS hidden boolean, in order to avoid
repeating the architecture dependencies.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add BR2_TARGET_GRUB2_ARCH_SUPPORTS, remove bogus dependencies
on ARM and AArch64, since enabling Grub2 on those architectures is
done in another commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
