Tom Rini <trini@konsulko.com> says:
This series switches to always using $(PHASE_) in Makefiles when
building rather than $(PHASE_) or $(XPL_). It also starts on documenting
this part of the build, but as a follow-up we need to rename
doc/develop/spl.rst and expand on explaining things a bit.
Link: https://lore.kernel.org/r/20250401225851.1125678-1-trini@konsulko.com
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.
Signed-off-by: Tom Rini <trini@konsulko.com>
commit ddf67daac39d ("efi_capsule: Move signature from DTB to .rodata")
was reverted in
commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"")
because that's what U-Boot was usually doing -- using the DT to store
configuration and data. Some of the discussions can be found here [0].
(Ab)using the device tree to store random data isn't ideal though.
On top of that with new features introduced over the years, keeping
the certificates in the DT has proven to be problematic.
One of the reasons is that platforms might send U-Boot a DTB
from the previous stage loader using a transfer list which won't contain
the signatures since other loaders are not aware of internal
U-Boot ABIs. On top of that QEMU creates the DTB on the fly, so adding
the capsule certificate there does not work and requires users to dump
it and re-create it injecting the public keys.
Now that we have proper memory permissions for arm64, move the certificate
to .rodata and read it from there.
[0] https://lore.kernel.org/u-boot/CAPnjgZ2uM=n8Qo-a=DUkx5VW5Bzp5Xy8=Wgmrw8ESqUBK00YJQ@mail.gmail.com/
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com> # on TI sk-am62p-lp
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on AML-A311D-CC
Tested-by: Raymond Mao <raymond.mao@linaro.org>
Note that this undoes the changes of commit cf6d4535cc4c ("x86:
emulation: Disable bloblist for now") as that was intended only for the
release due to time.
Sam Edwards <cfsworks@gmail.com> says:
This is v2 of my "misc. fixes" series, sent to prepare the codebase for more
direct LLVM support in the near future. This series contains several fixes that
I found in the process of preparing that support and which address issues
independent of any future feature or enhancement. I am sending these now, both
so that their inclusion is not delayed by discussion on my upcoming series and
to make the latter more manageable.
Link: https://lore.kernel.org/r/20250315221813.1265193-1-CFSworks@gmail.com
This allows setting READELF=llvm-readelf in order to use the LLVM
version of the readelf utility. It also aligns with the practice of not
using $(CROSS_COMPILE) in any build recipes directly, reducing the
number of places where $(CROSS_COMPILE) is used.
Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
RELRO is an instruction to a dynamic loader to make a memory range
read-only after relocations are applied, for added security. Some
linkers (e.g. LLD) require that all sections covered by the RELRO are
contiguous, so that only a single RELRO is needed. U-Boot at present
neither satisfies this requirement (e.g. x86_64 linker script currently
puts .dynamic too far from .got) nor preserves the RELRO when converting
away from ELF, therefore add `-z norelro` to global linker options.
This can be brought back in the future when the linker scripts are
cleaned up and U-Boot understands RELROs.
Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This flag only makes sense for `binary` output, because .hex/.srec are
sparse formats and represent gaps without filler. While the GNU binutils
version of objcopy does not seem to mind the extra flag being passed,
llvm-objcopy considers this a fatal error.
There is already a version of the objcopy command template in the
Makefile that doesn't use --gap-fill, which is provided for EFI. So use
this other version for all .hex/.srec outputs as well.
Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmfPdnYACgkQFHw5/5Y0
tyw17wv+KqFxDoJKTGVWeP4fu+zhTQlFo0f2tAlWylAdJnDP6nR/I49zid2mjRbZ
2Bq3mE3G2Ag1efJ3UGHck0Zn1O9OpqVvk734IHSJFygN77l2xmNSMXZd8MLOsbaU
4JXhxbLUdumCSkwVjjc9/sN+kJUfpwmFBwjqPWmE8rVU+IjApdZP0hBmfxACivl3
p0JJZ870JkgSd5KuAGO/MUbinl/QYOdpitbo2EinOyqnLnivw5PzlcAYF0STNcgJ
XfsT7Ap9T3woPTkT1mXGo+0gBs1OPxXcXp6nywFY75EVIGYRetDEXr8/jf74Jg83
XK8+mqFP+bhlLOMydCdRHyQU8+WGNPfWtcOa7ekC3DjR9Kf7VwoTujqa9B9ILg6m
UBagI/zUIWGAHi4oe2vMV16nR1cPT1ZexPoswZJrj/iDC6WaN0gWwDQgcPODm0UL
rPYYNPWne/iGYgbkhy1zqZMEj7ytnvtjaVMRFdbTSwWUR3s23q9btqjlOwfXbtYZ
0ENfAAu0
=xGcd
-----END PGP SIGNATURE-----
Merge tag 'v2025.04-rc4' into next
This uses Heinrich's merge of lib/efi_loader/efi_net.c which results in
no changes.
Some boards use a CONFIG option to specify the value of this variable.
This is normally handled by efi_get_distro_fdt_name() but in the case
of sunxi this does not work, since 'soc' is sunxi, but the files are
in the allwinner directory.
Provide a work-around for this particular case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The lone user of the legacy USB device framework have been removed for
some time. Remove the final parts of the code that were missed.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Link: https://lore.kernel.org/r/20250227205101.4127604-1-trini@konsulko.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile
and default config file using 'XPL_', in order to have independent
mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL.
User can choose legacy or mbedtls libraries for them independently.
Set mbedtls native hashing libraries as default when MBEDTLS_LIB,
SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected.
If users prefer using U-Boot legacy hashing libraries, please select
MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT,
TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot
Proper, SPL, TPL and VPL respectively.
Moreover, rename a few kconfig options and update their descriptions to
improve the consistency of terminology.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Not all MediaTek platforms needs u-boot-mtk.bin.
This patch will let u-boot generates u-boot-mtk.bin only if
CONFIG_MTK_BROM_HEADER_INFO is not empty.
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
When performing a build consisting of only a defconfig target and then
this tool, we were missing two dependencies. Add them.
Signed-off-by: Tom Rini <trini@konsulko.com>
Documentation:
* Correct the defconfig name in the coolpi documentation
UEFI:
* Carve out the biggest part of the RISC-V and ARM linker scripts for EFI
binary into a common include.
* Correct the values of SizeOfCode and SizeOfInitializedData in generated
EFI binaries for RISC-V and ARM.
* Avoid gaps between sections in EFI binaries causing a failure in secure
boot.
* Makefile: let clean remove capsule_in.capsule*.efi-capsule
* Refactor some of the code used for launching EFI binaries.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmeLyu8ACgkQhO4vgnE3
U0tLDA//TSLPk2ovu8bibonuptFZs/fB8/X7ZyIy154L65cNpyk69ZiR+1R77FRG
9C8YhiF+XSABgckpGHTVqH8vPHZLRKawKgVhSi8CU31OrT9ahjfcDujvGuO8ZlsD
LxrVL2T55711buRDX1kw6VzEqtSGvQxI2IDoNnkeoiBZ29D8lptHvmvzD3G8CCPC
Z75Xxd4ly8euT3jDNznp10IoAu5eEp+rcmEEFC7UYJnDpFencuSWZjYcv3N1nKD6
nTVQPqkWvx6jOA/tcNgK3ERrSD2Zhmc1TZrvfDxg/ecynho9DZrMyq/MINpHo4Fk
OcDMZXG9C820qSYTkVdmaMnxklH4Sr+D6jyZDl523+GqCLiDD/lUOGt3qRAxhfwB
j6IdFynB3djE2Mlu0ep9MQ556gvqJPUaXeR/K8dQ/rOXmNpwOMmerqy0eqK1mrxO
IKXuyBVZWlRyMonnxQmDQAL4wXqlzhmSXevipaOupahHB0hSZKFT6z9mo6zKG7UH
g2fDMGMpOZfvfmxV4EoD59mDHJESSY5Aorm/vfpLqYJsDsPfu3v9+tHKOEfm5rOS
b0ykBQjhfVwda7JNpbwW+w1xVEpBEuWT41HbI6lijeGeFocJ8T6m7/eHlEYUvtmv
1rQ2DhVwvoVha0YW8rNa+stLqpWjjiqLI5DaUhsexoaGmReaZ3o=
=7RxC
-----END PGP SIGNATURE-----
Merge tag 'efi-2025-04-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-2025-04-rc1
Documentation:
* Correct the defconfig name in the coolpi documentation
UEFI:
* Carve out the biggest part of the RISC-V and ARM linker scripts for EFI
binary into a common include.
* Correct the values of SizeOfCode and SizeOfInitializedData in generated
EFI binaries for RISC-V and ARM.
* Avoid gaps between sections in EFI binaries causing a failure in secure
boot.
* Makefile: let clean remove capsule_in.capsule*.efi-capsule
* Refactor some of the code used for launching EFI binaries.
In case the build system builds a directory with empty Makefile,
one which does not contain any obj-y entries, the build fails to
link due to missing built-in.o .
This happens because of this part of scripts/Makefile.build
81 ifneq ($(strip $(obj-y) $(obj-m) $(obj-) $(subdir-m) $(lib-target)),)
82 builtin-target := $(obj)/built-in.o
83 endif
which does not assign builtin-target in case obj-y is empty. The
built-in target is then not built at all, and built-in.o is not
generated by this part of scripts/Makefile.build
325 ifdef builtin-target
326 quiet_cmd_link_o_target = AR $@
327 # If the list of objects to link is empty, just create an empty built-in.o
...
335 targets += $(builtin-target)
336 endif # builtin-target
This is the correct behavior.
The final link however expects the built-in.o to exist in every directory
included in the build, even in those where the aforementioned code skipped
generation of built-in.o . Make sure the built-in.o does exist for every
directory used in final link simply by doing touch on every built-in.o used
for the link, which will create empty built-in.o in case any built-in.o is
missing.
A possible alternative fix is the always define the builtin-target
and always generate built-in.o .
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Tested-by: Quentin Schulz <quentin.schulz@cherry.de>
The flash_writer tool and previous recovery tools require the SREC load
address to be 0x5000_0000 . The PIE U-Boot build sets the address to 0x0
instead, so override the address back to make u-boot-elf.srec compatible
with the recovery tools.
Tested-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Update the CLEAN_FILES list to remove capsule*.*.efi-capsule.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
One can use ccache by keeping ccache in PATH or by providing the full
path to ccache as well. Providing the full path to ccache fails as the
current regex tries to look for ccache being the initial token during
filtering.
Do a greedy search to remove anything before ccache for regex matching.
Fixes: 04b1d84221d5 ("Makefile: fix empty MK_ARCH when using ccache")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
The '?' that is used in the sed expression that determines MK_ARCH
is part of the extended regular expression syntax, but the default
behaviour of sed as specified by POSIX is to use only basic regular
expression syntax. Use the equivalent '\{0,1\}' instead as
suggested by the OpenBSD re_format(7) man page.
Fixes: 04b1d84221d5 ("Makefile: fix empty MK_ARCH when using ccache")
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Tested-by: Quentin Schulz <quentin.schulz@cherry.de>
The SPL_FIT_GENERATOR is long superseded by binman, drop SPL_FIT_GENERATOR
support as there are no more users.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/22109373594b6a5d1110be9420ccd8fbb93a61d3.1730452668.git.michal.simek@amd.com
Adding binman node with target images description can be unwanted feature
but as of today there is no way to disable it.
Also on size constrained systems it is not useful to add binman description
to DTB.
Introduce BINMAN_DTB Kconfig symbol which allows separate DTB for target
from DTB for binman itself.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/f1379d2587f9bf279a7a75c318aabbc1b35ee0c6.1730452668.git.michal.simek@amd.com
One can use ccache by prefixing the typical CROSS_COMPILE value with
"ccache " (e.g. "ccache aarch64-gnu-linux-" for Aarch64). This however
makes the MK_ARCH empty because sed won't find a match anymore since it
expects the CROSS_COMPILE value to start with the actual toolchain (with
an unlimited number of white spaces before).
This is failing builds since commit 7506c1566998 ("sandbox: Report host
default-filename in native mode").
Add "ccache" prefix to ignore but participate in the matching regex used
by sed to identify the target architecture.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
This flag was lost by a previous change and has never been restored.
Without it, binman cannot fully handle missing blobs which are
themselves inputs to mkimage.
Discussion on this at [1] indicated that this was necessary but the
patch was not updated.
Restore the flag so that all missing blobs are reported.
Link: https://patchwork.ozlabs.org/project/uboot/patch/20221206020336.315465-1-trini@konsulko.com/
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 93685d0dcb9 ("Makefile: With BINMAN_ALLOW_MISSING=1 don't error")
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/22796
- Switch to using upstream DT on DH i.MX8MP DHCOM PDK2/PDK3.
- Add ability to build fallback DTBOs from arch/$(ARCH)/dts.
- Remove fdt_high and initrd_high env variables from imx6-dhcom.
- Add dummy clk for imx8.
- Fix DT corruption in imx8_cpu.
- Improve DDR stability on pico-imx7d.
Currently the enablement of OF_UPSTREAM results on the build system
searching for DTs only in dts/upstream/ . There are platforms which
use U-Boot specific DTBOs applied on top of U-Boot control DT during
SPL stage, and source DTs for these are located in arch/$(ARCH)/dtb.
Add dedicated 'dtbos' target which builds only .dtbos and not .dtbs and
in case CONFIG_OF_UPSTREAM_INCLUDE_LOCAL_FALLBACK_DTBOS is enabled, build
this target for arch/$(ARCH)/dtb to generate local U-Boot specific DTBOs.
Adjust top level Makefile so binman would search for .dtb and .dtbo in
both OF_UPSTREAM specific paths and arch/$(ARCH)/dtb for the .dtbo case
in case CONFIG_OF_UPSTREAM_INCLUDE_LOCAL_FALLBACK_DTBOS is enabled.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Marek Vasut <marex@denx.de>
