[PATCH v3 3/6] binman: Add special subnodes to the nodes generated by split-elf

Jonas Karlman jonas at kwiboo.se
Sat Jan 21 20:01:48 CET 2023


Special nodes, hash and signature, is not being added to the nodes
generated for each segment in split-elf operation.

Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to
ensure special nodes are added to the generated nodes.

Signed-off-by: Jonas Karlman <jonas at kwiboo.se>
Reviewed-by: Simon Glass <sjg at chromium.org>
---
v3:
- Collect r-b tag
v2:
- Add test
- Update commit message and documentation
- Update entries.rst

 tools/binman/entries.rst                | 14 ++++++++++++++
 tools/binman/etype/fit.py               | 23 +++++++++++++++++++++--
 tools/binman/ftest.py                   | 12 ++++++++++++
 tools/binman/test/226_fit_split_elf.dts |  6 ++++++
 4 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index 8f11189b7bf0..78f95dae1a4e 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -762,6 +762,9 @@ Here is an example showing ATF, TEE and a device tree all combined::
 
                 atf-bl31 {
                 };
+                hash {
+                    algo = "sha256";
+                };
             };
 
             @tee-SEQ {
@@ -777,6 +780,9 @@ Here is an example showing ATF, TEE and a device tree all combined::
 
                 tee-os {
                 };
+                hash {
+                    algo = "sha256";
+                };
             };
         };
 
@@ -805,6 +811,10 @@ ELF file, for example::
             arch = "arm64";
             type = "firmware";
             description = "ARM Trusted Firmware";
+            hash {
+                algo = "sha256";
+                value = <...hash of first segment...>;
+            };
         };
         atf-2 {
             data = <...contents of second segment...>;
@@ -814,6 +824,10 @@ ELF file, for example::
             arch = "arm64";
             type = "firmware";
             description = "ARM Trusted Firmware";
+            hash {
+                algo = "sha256";
+                value = <...hash of second segment...>;
+            };
         };
     };
 
diff --git a/tools/binman/etype/fit.py b/tools/binman/etype/fit.py
index df1ce81f9c07..bcb606f3f94c 100644
--- a/tools/binman/etype/fit.py
+++ b/tools/binman/etype/fit.py
@@ -228,6 +228,9 @@ class Entry_fit(Entry_section):
 
                     atf-bl31 {
                     };
+                    hash {
+                        algo = "sha256";
+                    };
                 };
 
                 @tee-SEQ {
@@ -243,6 +246,9 @@ class Entry_fit(Entry_section):
 
                     tee-os {
                     };
+                    hash {
+                        algo = "sha256";
+                    };
                 };
             };
 
@@ -271,6 +277,10 @@ class Entry_fit(Entry_section):
                 arch = "arm64";
                 type = "firmware";
                 description = "ARM Trusted Firmware";
+                hash {
+                    algo = "sha256";
+                    value = <...hash of first segment...>;
+                };
             };
             atf-2 {
                 data = <...contents of second segment...>;
@@ -280,6 +290,10 @@ class Entry_fit(Entry_section):
                 arch = "arm64";
                 type = "firmware";
                 description = "ARM Trusted Firmware";
+                hash {
+                    algo = "sha256";
+                    value = <...hash of second segment...>;
+                };
             };
         };
 
@@ -548,12 +562,13 @@ class Entry_fit(Entry_section):
                     else:
                         self.Raise("Generator node requires 'fit,fdt-list' property")
 
-        def _gen_split_elf(base_node, node, segments, entry_addr):
+        def _gen_split_elf(base_node, node, depth, segments, entry_addr):
             """Add nodes for the ELF file, one per group of contiguous segments
 
             Args:
                 base_node (Node): Template node from the binman definition
                 node (Node): Node to replace (in the FIT being built)
+                depth: Current node depth (0 is the base 'fit' node)
                 segments (list): list of segments, each:
                     int: Segment number (0 = first)
                     int: Start address of segment in memory
@@ -578,6 +593,10 @@ class Entry_fit(Entry_section):
                             self._raise_subnode(
                                 node, f"Unknown directive '{pname}'")
 
+                    for subnode in node.subnodes:
+                        with fsw.add_node(subnode.name):
+                            _add_node(node, depth + 1, subnode)
+
         def _gen_node(base_node, node, depth, in_images, entry):
             """Generate nodes from a template
 
@@ -631,7 +650,7 @@ class Entry_fit(Entry_section):
                             self._raise_subnode(
                                 node, f'Failed to read ELF file: {str(exc)}')
 
-                    _gen_split_elf(base_node, node, segments, entry_addr)
+                    _gen_split_elf(base_node, node, depth, segments, entry_addr)
 
         def _add_node(base_node, depth, node):
             """Add nodes to the output FIT
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index f0d0afd5b808..cd2757257178 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -5439,6 +5439,10 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
                          fdt_util.fdt32_to_cpu(atf1.props['load'].value))
         self.assertEqual(data, atf1.props['data'].bytes)
 
+        hash_node = atf1.FindNode('hash')
+        self.assertIsNotNone(hash_node)
+        self.assertEqual({'algo', 'value'}, hash_node.props.keys())
+
         atf2 = dtb.GetNode('/images/atf-2')
         self.assertEqual(base_keys, atf2.props.keys())
         _, start, data = segments[1]
@@ -5446,6 +5450,14 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
                          fdt_util.fdt32_to_cpu(atf2.props['load'].value))
         self.assertEqual(data, atf2.props['data'].bytes)
 
+        hash_node = atf2.FindNode('hash')
+        self.assertIsNotNone(hash_node)
+        self.assertEqual({'algo', 'value'}, hash_node.props.keys())
+
+        hash_node = dtb.GetNode('/images/tee-1/hash-1')
+        self.assertIsNotNone(hash_node)
+        self.assertEqual({'algo', 'value'}, hash_node.props.keys())
+
         conf = dtb.GetNode('/configurations')
         self.assertEqual({'default'}, conf.props.keys())
 
diff --git a/tools/binman/test/226_fit_split_elf.dts b/tools/binman/test/226_fit_split_elf.dts
index fab15338b204..22c453e6037b 100644
--- a/tools/binman/test/226_fit_split_elf.dts
+++ b/tools/binman/test/226_fit_split_elf.dts
@@ -33,6 +33,9 @@
 
 					atf-bl31 {
 					};
+					hash {
+						algo = "sha256";
+					};
 				};
 
 				@tee-SEQ {
@@ -48,6 +51,9 @@
 
 					tee-os {
 					};
+					hash-1 {
+						algo = "sha256";
+					};
 				};
 			};
 
-- 
2.39.1



More information about the U-Boot mailing list