[PATCH] Revert "tree: imx: remove old fit generator script"

ZHIZHIKIN Andrey andrey.zhizhikin at leica-geosystems.com
Thu Jan 6 20:18:51 CET 2022 

Hello Tom,

> -----Original Message-----
> From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Tom Rini
> Sent: Thursday, January 6, 2022 7:52 PM
> To: u-boot at lists.denx.de
> Cc: Tim Harvey <tharvey at gateworks.com>
> Subject: [PATCH] Revert "tree: imx: remove old fit generator script"
> 
> This reverts commit d9a6f0eed66a39206b13513ec914f14084c3bb73.
> 
> For right now, it's too close to the release to merge the series that
> allows for binman to be used to generate the final images, and also not
> break CI, and then also merge all of the series that convert currently
> broken platforms to use binman instead.  So, bring back this script now
> and remove it again for real after the release.

Please note that this might not work, as the FIT generator script would
generate ITS with '@' symbols which are not compatible with mkimage due
to CVE-2021-27138. This revert should be complemented with the fix to
remove those '@' symbols as well.

> 
> Suggested-by: Tim Harvey <tharvey at gateworks.com>
> Signed-off-by: Tom Rini <trini at konsulko.com>
> ---
>  Makefile                             |   3 +
>  arch/arm/mach-imx/mkimage_fit_atf.sh | 143 +++++++++++++++++++++++++++
>  2 files changed, 146 insertions(+)
>  create mode 100755 arch/arm/mach-imx/mkimage_fit_atf.sh
> 
> diff --git a/Makefile b/Makefile
> index ae9bfab91acf..0c478645c3a7 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1343,6 +1343,9 @@ $(U_BOOT_ITS): $(subst ",,$(CONFIG_SPL_FIT_SOURCE))
>  else
>  ifneq ($(CONFIG_USE_SPL_FIT_GENERATOR),)
>  U_BOOT_ITS := u-boot.its
> +ifeq ($(CONFIG_SPL_FIT_GENERATOR),"arch/arm/mach-imx/mkimage_fit_atf.sh")
> +U_BOOT_ITS_DEPS += u-boot-nodtb.bin
> +endif
>  ifeq ($(CONFIG_SPL_FIT_GENERATOR),"arch/arm/mach-rockchip/make_fit_atf.py")
>  U_BOOT_ITS_DEPS += u-boot
>  endif
> diff --git a/arch/arm/mach-imx/mkimage_fit_atf.sh b/arch/arm/mach-
> imx/mkimage_fit_atf.sh
> new file mode 100755
> index 000000000000..2a17968794c1
> --- /dev/null
> +++ b/arch/arm/mach-imx/mkimage_fit_atf.sh
> @@ -0,0 +1,143 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0+
> +#
> +# script to generate FIT image source for i.MX8MQ boards with
> +# ARM Trusted Firmware and multiple device trees (given on the command line)
> +#
> +# usage: $0 <dt_name> [<dt_name> [<dt_name] ...]
> +
> +[ -z "$BL31" ] && BL31="bl31.bin"
> +[ -z "$TEE_LOAD_ADDR" ] && TEE_LOAD_ADDR="0xfe000000"
> +[ -z "$ATF_LOAD_ADDR" ] && ATF_LOAD_ADDR="0x00910000"
> +[ -z "$BL33_LOAD_ADDR" ] && BL33_LOAD_ADDR="0x40200000"
> +
> +if [ ! -f $BL31 ]; then
> +	echo "ERROR: BL31 file $BL31 NOT found" >&2
> +	exit 0
> +else
> +	echo "$BL31 size: " >&2
> +	stat -c %s $BL31 >&2
> +fi
> +
> +BL32="tee.bin"
> +
> +if [ ! -f $BL32 ]; then
> +	BL32=/dev/null
> +else
> +	echo "Building with TEE support, make sure your $BL31 is compiled with
> spd. If you do not want tee, please delete $BL31" >&2
> +	echo "$BL32 size: " >&2
> +	stat -c %s $BL32 >&2
> +fi
> +
> +BL33="u-boot-nodtb.bin"
> +
> +if [ ! -f $BL33 ]; then
> +	echo "ERROR: $BL33 file NOT found" >&2
> +	exit 0
> +else
> +	echo "u-boot-nodtb.bin size: " >&2
> +	stat -c %s u-boot-nodtb.bin >&2
> +fi
> +
> +for dtname in $*
> +do
> +	echo "$dtname size: " >&2
> +	stat -c %s $dtname >&2
> +done
> +
> +
> +cat << __HEADER_EOF
> +/dts-v1/;
> +
> +/ {
> +	description = "Configuration to load ATF before U-Boot";
> +
> +	images {
> +		uboot at 1 {

This (and all other similar places) would be rejected by mkimage... :(

> +			description = "U-Boot (64-bit)";
> +			os = "u-boot";
> +			data = /incbin/("$BL33");
> +			type = "standalone";
> +			arch = "arm64";
> +			compression = "none";
> +			load = <$BL33_LOAD_ADDR>;
> +		};
> +__HEADER_EOF
> +
> +cnt=1
> +for dtname in $*
> +do
> +	cat << __FDT_IMAGE_EOF
> +		fdt@$cnt {
> +			description = "$(basename $dtname .dtb)";
> +			data = /incbin/("$dtname");
> +			type = "flat_dt";
> +			compression = "none";
> +		};
> +__FDT_IMAGE_EOF
> +cnt=$((cnt+1))
> +done
> +
> +cat << __HEADER_EOF
> +		atf at 1 {
> +			description = "ARM Trusted Firmware";
> +			os = "arm-trusted-firmware";
> +			data = /incbin/("$BL31");
> +			type = "firmware";
> +			arch = "arm64";
> +			compression = "none";
> +			load = <$ATF_LOAD_ADDR>;
> +			entry = <$ATF_LOAD_ADDR>;
> +		};
> +__HEADER_EOF
> +
> +if [ -f $BL32 ]; then
> +cat << __HEADER_EOF
> +		tee at 1 {
> +			description = "TEE firmware";
> +			data = /incbin/("$BL32");
> +			type = "firmware";
> +			arch = "arm64";
> +			compression = "none";
> +			load = <$TEE_LOAD_ADDR>;
> +			entry = <$TEE_LOAD_ADDR>;
> +		};
> +__HEADER_EOF
> +fi
> +
> +cat << __CONF_HEADER_EOF
> +	};
> +	configurations {
> +		default = "config at 1";
> +
> +__CONF_HEADER_EOF
> +
> +cnt=1
> +for dtname in $*
> +do
> +if [ -f $BL32 ]; then
> +cat << __CONF_SECTION_EOF
> +		config@$cnt {
> +			description = "$(basename $dtname .dtb)";
> +			firmware = "uboot at 1";
> +			loadables = "atf at 1", "tee at 1";
> +			fdt = "fdt@$cnt";
> +		};
> +__CONF_SECTION_EOF
> +else
> +cat << __CONF_SECTION1_EOF
> +		config@$cnt {
> +			description = "$(basename $dtname .dtb)";
> +			firmware = "uboot at 1";
> +			loadables = "atf at 1";
> +			fdt = "fdt@$cnt";
> +		};
> +__CONF_SECTION1_EOF
> +fi
> +cnt=$((cnt+1))
> +done
> +
> +cat << __ITS_EOF
> +	};
> +};
> +__ITS_EOF
> --
> 2.25.1


-- andrey

More information about the U-Boot mailing list