[PATCH v4 0/8] Qualcomm: teach the build system to emit signed ELF images

Casey Connolly casey.connolly at linaro.org
Mon Jun 16 18:13:15 CEST 2025 

Hi Tom,

So I've been testing this a bit harder (really should have noticed this 
sooner) and it turns out using binman makes things a whole lot more 
complicated...

Specifically, the new trogdor chromebook board doesn't need binman, the 
U-Boot ELF is used directly since they have their own bootloader beforehand.

But since CONFIG_BINMAN can't be enabled in a defconfig and only 
selected by some other Kconfig there isn't really a nice way to handle 
this. The trogdor board doesn't add any Kconfigs of it's own and doing 
something like

depends on BINMAN if !CONFIG_SYS_COREBOOT

would be a huge hack...

This wouldn't be an issue in and of itself, but binman makes the build 
fail since of course the DT doesn't have a binman node and the trogdor 
defconfig doesn't define CONFIG_BINMAN_DTB (and shouldn't have to...).

Possibly the easiest solution would be to allow defconfigs to set 
CONFIG_BINMAN, or add some additional kconfig we can use to pull it in 
(CONFIG_QCOM_BUILD_MBN ?), maybe the latter is the most comprehensible 
solution.

I think I'll go with that unless anyone can chime in with some other 
suggestions.

Kind regards,

On 6/13/25 19:23, Casey Connolly wrote:
> With several new Qualcomm platforms appearing on the mailing list, all
> of which build U-Boot as an ELF, sign it, and then flash it to some
> partition on the board, we're getting a lot of defconfigs which just
> contain a debug UART and a TEXT_BASE address. This leads to needless
> rebuilds in CI of effectively the same image, and needless duplication
> of build instructions.
> 
> To address this, let's introduce a new tool "mkmbn.py", this is based
> on the existing qtestsign[1] tool but is (currently) hardcoded to
> only handle the Dragonwing and IPQ boards which use MBN header v6.
> Additionally, the tool contains a lookup table that maps from a boards
> DT compatible property to the load address it needs. Since it's highly
> unusual for different boards using the same SoC to have different load
> addresses, generic platform matching is also done (e.g. "qcom,qcm6490").
> 
> With this tool in place, we teach binman to use it and introduce
> a qcom-binman.dts file to describe the image. The tool will emit a
> u-boot.mbn file for supported platforms, for unsupported platforms the
> u-boot MBN etype in binman will print a notice explaining that no mbn
> file is built and to look at tools/qcom/mkmbn/mkmbn.py
> 
> Finally, the defconfigs are cleaned up by moving the debug UART
> definitions to config fragments (since it doesn't make sense to have
> them enabled by default anyway) and remove CONFIG_REMAKE_ELF. Notably,
> the qcs9100_defconfig is removed entirely since the same binary can
> be created with just make arguments. This platform entirely lacked
> documentation to begin with, which should be addressed by future
> patches.
> 
> The Qualcomm documentation is also cleaned up, a new "signing" page
> is added to briefly cover the what and why of MBN signing, and board
> specific pages are updated to explain the new build process.
> 
> These patches have been tested on the RB3 Gen 2, but additional
> testing for other platforms would be super useful.
> 
> [1]: https://github.com/msm8916-mainline/qtestsign
> 
> To: Tom Rini <trini at konsulko.com>
> To: Neil Armstrong <neil.armstrong at linaro.org>
> To: Sumit Garg <sumit.garg at kernel.org>
> Cc: u-boot at lists.denx.de
> Cc: u-boot-qcom at groups.io
> Cc: Varadarajan Narayanan <quic_varada at quicinc.com>
> Cc: Balaji Selvanathan <balaji.selvanathan at oss.qualcomm.com>
> Cc: Aswin Murugan <aswin.murugan at oss.qualcomm.com>
> 
> Signed-off-by: Casey Connolly <casey.connolly at linaro.org>
> ---
> Changes in v4:
> - Rework how qtestsign code is imported to make it easier to sync with upstream in the future.
> - Actually raise an exception when mkmbn fails in an unexpected way.
> - Link to v3: https://lore.kernel.org/r/20250612-b4-qcom-tooling-improvements-v3-0-76f34cf216e2@linaro.org
> 
> Changes in v3:
> - Fixup Makefiles and add missing qcom-binman.dts
> - Adjust wording to reflect changes to build process
> - Link to v2: https://lore.kernel.org/r/20250602-b4-qcom-tooling-improvements-v2-0-c7d19c0d4a8b@linaro.org
> 
> Changes in v2:
> - Reworked to use binman with a plugin to build the u-boot.mbn file
> - Added some fixes for binman to work with OF_UPSTREAM and with tools
>    in the srctree toolpath rather than objtree for out of tree builds.
> - Link to v1: https://lore.kernel.org/r/20250522-b4-qcom-tooling-improvements-v1-0-8141b8955cfb@linaro.org
> 
> ---
> Casey Connolly (8):
>        binman: add $(srctree)/tools to toolpath
>        binman: support building binman dtb when OF_UPSTREAM is enabled
>        tools: qcom: introduce mkmbn library
>        tools: qcom: add mkmbn.py
>        binman: add support for building Qualcomm signed MBN ELF images
>        configs: qualcomm: use fragments for debug UART
>        qualcomm: use mkmbn via binman and stop creating ELF files
>        doc: board/qualcomm: update docs for new u-boot.mbn target
> 
>   Makefile                            |   5 +
>   arch/arm/Kconfig                    |   1 +
>   arch/arm/dts/qcom-binman.dts        |  16 ++
>   board/qualcomm/debug-qcm6490.config |   5 +
>   board/qualcomm/debug-qcs9100.config |   5 +
>   configs/qcm6490_defconfig           |  10 --
>   configs/qcom_defconfig              |   2 +
>   configs/qcom_ipq9574_mmc_defconfig  |   1 -
>   configs/qcs9100_defconfig           |  10 --
>   doc/board/qualcomm/index.rst        |   1 +
>   doc/board/qualcomm/rb3gen2.rst      |  27 ++--
>   doc/board/qualcomm/rdp.rst          |   5 +-
>   doc/board/qualcomm/signing.rst      |  29 ++++
>   dts/Makefile                        |  19 ++-
>   tools/binman/btool/mkmbn.py         |  29 ++++
>   tools/binman/etype/u_boot_mbn.py    |  53 +++++++
>   tools/mkmbn                         |   1 +
>   tools/qcom/mkmbn/cert.py            | 127 ++++++++++++++++
>   tools/qcom/mkmbn/elf.py             | 238 ++++++++++++++++++++++++++++++
>   tools/qcom/mkmbn/hashseg.py         | 281 ++++++++++++++++++++++++++++++++++++
>   tools/qcom/mkmbn/mkmbn.py           | 154 ++++++++++++++++++++
>   21 files changed, 981 insertions(+), 38 deletions(-)
> ---
> base-commit: 783f365c9dbb5c9e9341753fbad6a44dcdc7a069
> change-id: 20250522-b4-qcom-tooling-improvements-ab40585b11a1
> 
> Casey Connolly <casey.connolly at linaro.org>
> 

-- 
Casey (she/they)

More information about the U-Boot mailing list