[PATCH 0/6] Attempt to enforce standard extensions for build output
Tom Rini
trini at konsulko.com
Thu Aug 24 15:38:14 CEST 2023
On Wed, Aug 23, 2023 at 09:02:53PM -0600, Simon Glass wrote:
> In this early stage of using binman to produce output files, we are mostly
> seeing people using common extensions such as '.bin' and '.rom'
>
> But unusual extensions appear in some places.
>
> We would like 'buildman -k' to keep the build outputs, but this is hard if
> there is no consistency as to the extension used.
>
> This series adjusts binman to enforce just 4 extensions for output images:
>
> .bin
> .rom
> .itb
> .img
>
> Other extensions will produce an error. With this rule observed, buildman
> can keep the required files.
>
> Some patches are included to fix up some easy problems. But the following
> boards generate 'custMpk.pem' and it is not clear how to fix this, so I am
> asking for help from the maintainers:
>
> am62ax_evm_r5 am62x_evm_r5 am64x_evm_r5 am65x_evm_r5
> am65x_evm_r5_usbdfu am65x_evm_r5_usbmsc am65x_hs_evm_r5
> j7200_evm_r5 j721e_evm_r5 j721s2_evm_r5 verdin-am62_r5
> am62ax_evm_a53 am62x_evm_a53 am64x_evm_a53 am65x_evm_a53
> am65x_hs_evm_a53 j7200_evm_a72 j721e_evm_a72 j721s2_evm_a72
> verdin-am62_a53
>
> It looks like the .pem files are listed as top-level images, e.g.:
>
> &custmpk_pem {
> filename = "../../ti/keys/custMpk.pem";
> };
>
> but if the only objective is to pick up an existing file, it is better to
> set BINMAN_INDIRS to include that directory. Also we should only have
> simple leafnames in the 'filename' property, so the '../../ti/keys' is not
> correct. It makes it harder for people to get the files from other places.
> Making this easier is one of binman's goals.
>
> Most likely the custmpk_pem node can be removed and the .pem file can be
> included directly in the place that needs it, e.g. by adjusting the
> ti-secure-rom etype (or ex509_cert) to use tools.get_input_filename() when
> reading the key file.
>
> For example, this:
>
> custMpk {
> filename = "custMpk.pem";
> custmpk_pem: blob-ext {
> filename = "../keys/custMpk.pem";
> };
> };
>
> is really just copying a file from '../keys/custMpk.pem' to 'custMpk.pem'
> so is equivalent to:
>
> custMpk {
> type = "blob";
> filename = "custMpk.pem";
> }
>
> (note that blob-ext implies that the blob may be missing, so blob is a
> better choice, since the key cannot be missing)
>
> The fact that the .pem files are at the top level means that they are
> output images, which surely is not intended. They should be buried in the
> image description, at a lower level, as part of something else.
>
> So please take a loke at the above and see if the binman descriptions can
> be reworked slightly to follow these new rules.
>
>
> Simon Glass (6):
> binman: Require image filenames to have certain extensions
> buildman: Keep all permitted output files
> buildman: Show progress when regenerating the board.cfg file
> buildman: Start the clock when the build starts
> kontron_sl28: Use u-boot-update.bin instead of u-boot.update
> stm32mp15: Use u-boot-spl-stm32.bin instead of u-boot-spl.stm32
>
> .../dts/fsl-ls1028a-kontron-sl28-u-boot.dtsi | 2 +-
> arch/arm/dts/stm32mp15-u-boot.dtsi | 2 +-
> doc/board/kontron/sl28.rst | 4 ++--
> doc/board/st/stm32mp1.rst | 18 +++++++++---------
> include/configs/stm32mp15_dh_dhsom.h | 2 +-
> tools/binman/binman.rst | 5 +++++
> tools/binman/etype/section.py | 3 +--
> tools/binman/ftest.py | 12 ++++++++++--
> tools/binman/image.py | 9 +++++++++
> tools/binman/test/022_image_name.dts | 4 ++--
> tools/binman/test/311_bad_image_name.dts | 17 +++++++++++++++++
> tools/buildman/boards.py | 15 ++++++++++++---
> tools/buildman/builder.py | 3 ++-
> tools/buildman/builderthread.py | 11 +++++++----
> tools/buildman/control.py | 3 ++-
> 15 files changed, 81 insertions(+), 29 deletions(-)
> create mode 100644 tools/binman/test/311_bad_image_name.dts
This doesn't seem to address the ones I pointed out on IRC as being the
first order (to me anyhow) problem of needing the _unsigned files on the
platforms you list above for PEM files.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230824/01f46963/attachment.sig>
More information about the U-Boot
mailing list