imx-mkimage: Update to 5.10.72-2.2.0

Includes update to patch 0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch which is partially applied by 1527fb9. Fixes in update: --- 7a277c8 LF-4794 iMX8ULP: move OPTEE OS base address to 0xa6000000 9a04474 Update iMX8DXL clean target to remove intermediate files dfe6265 Fix build warning c78d727 Fix iMX8DXL ahab container image extraction 9bd94cc LF-4522 Parse and extract the u-boot-atf container 6cf67ed iMX8QM/QX/DXL/ULP: Add core id to -data option 1527fb9 iMX8M: fix FIT DT node unit address cbf03b6 Fix issue with C0 versus B0 nightly pull for VAL. 7f98709 iMX8M: soc: fix support to override u-boot DTB file name c9cce4f iMX8ULP: support xip for m33 and add README ---- Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
author: Tom Hochstein <tom.hochstein@nxp.com> 2022-01-13 12:33:35 -0600
committer: Tom Hochstein <tom.hochstein@nxp.com> 2022-01-17 12:24:39 -0600
commit: 16f2894dc267ab515a0b441f2d5ad0695a2c9f07 (patch)
tree: fab688b4b8cbe33aff887863bd62fd18d45acbdc
parent: 8e14a624fdc8f2b9862c630e05724cfa4500894e (diff)
download: meta-freescale-16f2894dc267ab515a0b441f2d5ad0695a2c9f07.tar.gz
2 files changed, 14 insertions, 125 deletions
diff --git a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
index 3c2842af..5a4a895b 100644
--- a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
+++ b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
@@ -1,19 +1,10 @@
-From 9cf936493388897379f33b511ec869c6fa5409ce Mon Sep 17 00:00:00 2001
+From f281b935985f1b592534ee2837ce0d0b28c7dc43 Mon Sep 17 00:00:00 2001
 From: Andrey Zhizhikin <andrey.z@gmail.com>
-Date: Thu, 22 Apr 2021 12:20:28 +0000
+Date: Tue, 11 Jan 2022 15:32:05 -0600
 Subject: [PATCH] mkimage_fit_atf: fix fit generator node naming
-Since upstream commit 79af75f777 ("fit: Don't allow verification of images
+Extend sections which contains "firmware" in their types with "os"
-with @ nodes") [1], unit addresses on the nodes are prohibited and nodes
+parameter to conform to the latest FIT specification.
-that do contain those addresses are ignored during the ITS parsing. This
-is done in an effort to cover the CVE-2021-27138, where nodes with unit
-addresses can be mis-interpreted by libfdt.
-Correct FIT generator script and replace nodes with unit addresses to
-plain node names with "-" instead of "@" to create a unique naming.
-In addition, extend sections which contains "firmware" in their types
-with "os" parameter to conform to the latest FIT specification.
 Indicate that load and entry addresses are covered by one 32-bit value
 by adding "address-cells" in the root node of the generated ITS.
@@ -23,40 +14,13 @@ Link: [1] https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c
 Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
 Cc: Tom Hochstein <tom.hochstein@nxp.com>
 ---
- iMX8M/mkimage_fit_atf.sh | 40 ++++++++++++++++++++++------------------
+ iMX8M/mkimage_fit_atf.sh | 4 ++++
- 1 file changed, 22 insertions(+), 18 deletions(-)
+ 1 file changed, 4 insertions(+)
 diff --git a/iMX8M/mkimage_fit_atf.sh b/iMX8M/mkimage_fit_atf.sh
-index 95749b1..10903ea 100755
+index 4f2b3f3..10903ea 100755
 --- a/iMX8M/mkimage_fit_atf.sh
 +++ b/iMX8M/mkimage_fit_atf.sh
-@@ -23,7 +23,7 @@ else
- fi
- 
- BL32="tee.bin"
-LOADABLES="\"atf@1\""
-+LOADABLES="\"atf-1\""
- 
- if [ ! -f $BL32 ]; then
-        BL32=/dev/null
-@@ -31,7 +31,7 @@ else
-        echo "Building with TEE support, make sure your bl31 is compiled with spd. If you do not want tee, please delete tee.bin" >&2
-        echo "tee.bin size: " >&2
-        ls -lct tee.bin | awk '{print $5}' >&2
-       LOADABLES="$LOADABLES, \"tee@1\""
-+       LOADABLES="$LOADABLES, \"tee-1\""
- fi
- 
- BL33="u-boot-nodtb.bin"
-@@ -41,7 +41,7 @@ if [ ! -f $DEK_BLOB ]; then
-        DEK_BLOB=/dev/null
- else
-        echo "Building with encrypted boot support, make sure to replace DEK Blob in final image." >&2
-       LOADABLES="\"dek_blob@1\", $LOADABLES"
-+       LOADABLES="\"dek_blob-1\", $LOADABLES"
- fi
- 
- if [ ! -f $BL33 ]; then
 @@ -64,10 +64,12 @@ cat << __HEADER_EOF
 
 / {
@@ -64,103 +28,28 @@ index 95749b1..10903ea 100755
 +       #address-cells = <1>;
 
        images {
-               uboot@1 {
+                uboot-1 {
-+               uboot-1 {
                        description = "U-Boot (64-bit)";
 +                       os = "u-boot";
                        data = /incbin/("$BL33");
                        type = "standalone";
                        arch = "arm64";
-@@ -80,7 +82,7 @@ cnt=1
+@@ -93,6 +95,7 @@ done
- for dtname in $*
- do
-        cat << __FDT_IMAGE_EOF
-               fdt@$cnt {
-+               fdt-$cnt {
-                        description = "$(basename $dtname .dtb)";
-                        data = /incbin/("$dtname");
-                        type = "flat_dt";
-@@ -91,8 +93,9 @@ cnt=$((cnt+1))
- done
- 
 cat << __HEADER_EOF
-               atf@1 {
+                atf-1 {
-+               atf-1 {
                        description = "ARM Trusted Firmware";
 +                       os = "arm-trusted-firmware";
                        data = /incbin/("$BL31");
                        type = "firmware";
                        arch = "arm64";
-@@ -104,8 +107,9 @@ __HEADER_EOF
+@@ -106,6 +109,7 @@ if [ -f $BL32 ]; then
- 
- if [ -f $BL32 ]; then
 cat << __HEADER_EOF
-               tee@1 {
+                tee-1 {
-+               tee-1 {
                        description = "TEE firmware";
 +                       os = "op-tee-firmware";
                        data = /incbin/("$BL32");
                        type = "firmware";
                        arch = "arm64";
-@@ -118,7 +122,7 @@ fi
- 
- if [ -f $DEK_BLOB ]; then
- cat << __HEADER_EOF
-               dek_blob@1 {
-+               dek_blob-1 {
-                        description = "dek_blob";
-                        data = /incbin/("$DEK_BLOB");
-                        type = "script";
-@@ -131,7 +135,7 @@ fi
- cat << __CONF_HEADER_EOF
-        };
-        configurations {
-               default = "config@1";
-+               default = "config-1";
- 
- __CONF_HEADER_EOF
- 
-@@ -141,31 +145,31 @@ do
- if [ -f $BL32 ]; then
- if [ $ROLLBACK_INDEX_IN_FIT ]; then
- cat << __CONF_SECTION_EOF
-               config@$cnt {
-+               config-$cnt {
-                        description = "$(basename $dtname .dtb)";
-                       firmware = "uboot@1";
-+                       firmware = "uboot-1";
-                        loadables = $LOADABLES;
-                       fdt = "fdt@$cnt";
-+                       fdt = "fdt-$cnt";
-                        rbindex = "$ROLLBACK_INDEX_IN_FIT";
-                };
- __CONF_SECTION_EOF
- else
- cat << __CONF_SECTION_EOF
-               config@$cnt {
-+               config-$cnt {
-                        description = "$(basename $dtname .dtb)";
-                       firmware = "uboot@1";
-+                       firmware = "uboot-1";
-                        loadables = $LOADABLES;
-                       fdt = "fdt@$cnt";
-+                       fdt = "fdt-$cnt";
-                };
- __CONF_SECTION_EOF
- fi
- else
- cat << __CONF_SECTION1_EOF
-               config@$cnt {
-+               config-$cnt {
-                        description = "$(basename $dtname .dtb)";
-                       firmware = "uboot@1";
-+                       firmware = "uboot-1";
-                        loadables = $LOADABLES;
-                       fdt = "fdt@$cnt";
-+                       fdt = "fdt-$cnt";
-                };
- __CONF_SECTION1_EOF
- fi
 -- 
 2.17.1
diff --git a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
index c51c1e08..b4d32a54 100644
--- a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
+++ b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
@@ -2,12 +2,12 @@
 DEPENDS = "zlib-native openssl-native"
-SRCBRANCH = "lf-5.10.52_2.1.0"
+SRCBRANCH = "lf-5.10.72_2.2.0"
 SRC_URI = "git://source.codeaurora.org/external/imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \
           file://0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch \
           file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \
 "
-SRCREV = "1112c88470f339dc631e2a7117087f416af6d6b5"
+SRCREV = "7a277c8a1a21ff921d217889dde6a9f84e6d2168"
 S = "${WORKDIR}/git"
 BOOT_TOOLS = "imx-boot-tools"
author	Tom Hochstein <tom.hochstein@nxp.com>	2022-01-13 12:33:35 -0600
committer	Tom Hochstein <tom.hochstein@nxp.com>	2022-01-17 12:24:39 -0600
commit	16f2894dc267ab515a0b441f2d5ad0695a2c9f07 (patch)
tree	fab688b4b8cbe33aff887863bd62fd18d45acbdc
parent	8e14a624fdc8f2b9862c630e05724cfa4500894e (diff)
download	meta-freescale-16f2894dc267ab515a0b441f2d5ad0695a2c9f07.tar.gz

diff --git a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch index 3c2842af..5a4a895b 100644 --- a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch +++ b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
@@ -1,19 +1,10 @@
1	From 9cf936493388897379f33b511ec869c6fa5409ce Mon Sep 17 00:00:00 2001	1	From f281b935985f1b592534ee2837ce0d0b28c7dc43 Mon Sep 17 00:00:00 2001
2	From: Andrey Zhizhikin <andrey.z@gmail.com>	2	From: Andrey Zhizhikin <andrey.z@gmail.com>
3	Date: Thu, 22 Apr 2021 12:20:28 +0000	3	Date: Tue, 11 Jan 2022 15:32:05 -0600
4	Subject: [PATCH] mkimage_fit_atf: fix fit generator node naming	4	Subject: [PATCH] mkimage_fit_atf: fix fit generator node naming
5		5
6	Since upstream commit 79af75f777 ("fit: Don't allow verification of images	6	Extend sections which contains "firmware" in their types with "os"
7	with @ nodes") [1], unit addresses on the nodes are prohibited and nodes	7	parameter to conform to the latest FIT specification.
8	that do contain those addresses are ignored during the ITS parsing. This
9	is done in an effort to cover the CVE-2021-27138, where nodes with unit
10	addresses can be mis-interpreted by libfdt.
11
12	Correct FIT generator script and replace nodes with unit addresses to
13	plain node names with "-" instead of "@" to create a unique naming.
14
15	In addition, extend sections which contains "firmware" in their types
16	with "os" parameter to conform to the latest FIT specification.
17		8
18	Indicate that load and entry addresses are covered by one 32-bit value	9	Indicate that load and entry addresses are covered by one 32-bit value
19	by adding "address-cells" in the root node of the generated ITS.	10	by adding "address-cells" in the root node of the generated ITS.
@@ -23,40 +14,13 @@ Link: [1] https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c
23	Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>	14	Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
24	Cc: Tom Hochstein <tom.hochstein@nxp.com>	15	Cc: Tom Hochstein <tom.hochstein@nxp.com>
25	---	16	---
26	iMX8M/mkimage_fit_atf.sh \| 40 ++++++++++++++++++++++------------------	17	iMX8M/mkimage_fit_atf.sh \| 4 ++++
27	1 file changed, 22 insertions(+), 18 deletions(-)	18	1 file changed, 4 insertions(+)
28		19
29	diff --git a/iMX8M/mkimage_fit_atf.sh b/iMX8M/mkimage_fit_atf.sh	20	diff --git a/iMX8M/mkimage_fit_atf.sh b/iMX8M/mkimage_fit_atf.sh
30	index 95749b1..10903ea 100755	21	index 4f2b3f3..10903ea 100755
31	--- a/iMX8M/mkimage_fit_atf.sh	22	--- a/iMX8M/mkimage_fit_atf.sh
32	+++ b/iMX8M/mkimage_fit_atf.sh	23	+++ b/iMX8M/mkimage_fit_atf.sh
33	@@ -23,7 +23,7 @@ else
34	fi
35
36	BL32="tee.bin"
37	-LOADABLES="\"atf@1\""
38	+LOADABLES="\"atf-1\""
39
40	if [ ! -f $BL32 ]; then
41	BL32=/dev/null
42	@@ -31,7 +31,7 @@ else
43	echo "Building with TEE support, make sure your bl31 is compiled with spd. If you do not want tee, please delete tee.bin" >&2
44	echo "tee.bin size: " >&2
45	ls -lct tee.bin \| awk '{print $5}' >&2
46	- LOADABLES="$LOADABLES, \"tee@1\""
47	+ LOADABLES="$LOADABLES, \"tee-1\""
48	fi
49
50	BL33="u-boot-nodtb.bin"
51	@@ -41,7 +41,7 @@ if [ ! -f $DEK_BLOB ]; then
52	DEK_BLOB=/dev/null
53	else
54	echo "Building with encrypted boot support, make sure to replace DEK Blob in final image." >&2
55	- LOADABLES="\"dek_blob@1\", $LOADABLES"
56	+ LOADABLES="\"dek_blob-1\", $LOADABLES"
57	fi
58
59	if [ ! -f $BL33 ]; then
60	@@ -64,10 +64,12 @@ cat << __HEADER_EOF	24	@@ -64,10 +64,12 @@ cat << __HEADER_EOF
61		25
62	/ {	26	/ {
@@ -64,103 +28,28 @@ index 95749b1..10903ea 100755
64	+ #address-cells = <1>;	28	+ #address-cells = <1>;
65		29
66	images {	30	images {
67	- uboot@1 {	31	uboot-1 {
68	+ uboot-1 {
69	description = "U-Boot (64-bit)";	32	description = "U-Boot (64-bit)";
70	+ os = "u-boot";	33	+ os = "u-boot";
71	data = /incbin/("$BL33");	34	data = /incbin/("$BL33");
72	type = "standalone";	35	type = "standalone";
73	arch = "arm64";	36	arch = "arm64";
74	@@ -80,7 +82,7 @@ cnt=1	37	@@ -93,6 +95,7 @@ done
75	for dtname in $*
76	do
77	cat << __FDT_IMAGE_EOF
78	- fdt@$cnt {
79	+ fdt-$cnt {
80	description = "$(basename $dtname .dtb)";
81	data = /incbin/("$dtname");
82	type = "flat_dt";
83	@@ -91,8 +93,9 @@ cnt=$((cnt+1))
84	done
85
86	cat << __HEADER_EOF	38	cat << __HEADER_EOF
87	- atf@1 {	39	atf-1 {
88	+ atf-1 {
89	description = "ARM Trusted Firmware";	40	description = "ARM Trusted Firmware";
90	+ os = "arm-trusted-firmware";	41	+ os = "arm-trusted-firmware";
91	data = /incbin/("$BL31");	42	data = /incbin/("$BL31");
92	type = "firmware";	43	type = "firmware";
93	arch = "arm64";	44	arch = "arm64";
94	@@ -104,8 +107,9 @@ __HEADER_EOF	45	@@ -106,6 +109,7 @@ if [ -f $BL32 ]; then
95
96	if [ -f $BL32 ]; then
97	cat << __HEADER_EOF	46	cat << __HEADER_EOF
98	- tee@1 {	47	tee-1 {
99	+ tee-1 {
100	description = "TEE firmware";	48	description = "TEE firmware";
101	+ os = "op-tee-firmware";	49	+ os = "op-tee-firmware";
102	data = /incbin/("$BL32");	50	data = /incbin/("$BL32");
103	type = "firmware";	51	type = "firmware";
104	arch = "arm64";	52	arch = "arm64";
105	@@ -118,7 +122,7 @@ fi
106
107	if [ -f $DEK_BLOB ]; then
108	cat << __HEADER_EOF
109	- dek_blob@1 {
110	+ dek_blob-1 {
111	description = "dek_blob";
112	data = /incbin/("$DEK_BLOB");
113	type = "script";
114	@@ -131,7 +135,7 @@ fi
115	cat << __CONF_HEADER_EOF
116	};
117	configurations {
118	- default = "config@1";
119	+ default = "config-1";
120
121	__CONF_HEADER_EOF
122
123	@@ -141,31 +145,31 @@ do
124	if [ -f $BL32 ]; then
125	if [ $ROLLBACK_INDEX_IN_FIT ]; then
126	cat << __CONF_SECTION_EOF
127	- config@$cnt {
128	+ config-$cnt {
129	description = "$(basename $dtname .dtb)";
130	- firmware = "uboot@1";
131	+ firmware = "uboot-1";
132	loadables = $LOADABLES;
133	- fdt = "fdt@$cnt";
134	+ fdt = "fdt-$cnt";
135	rbindex = "$ROLLBACK_INDEX_IN_FIT";
136	};
137	__CONF_SECTION_EOF
138	else
139	cat << __CONF_SECTION_EOF
140	- config@$cnt {
141	+ config-$cnt {
142	description = "$(basename $dtname .dtb)";
143	- firmware = "uboot@1";
144	+ firmware = "uboot-1";
145	loadables = $LOADABLES;
146	- fdt = "fdt@$cnt";
147	+ fdt = "fdt-$cnt";
148	};
149	__CONF_SECTION_EOF
150	fi
151	else
152	cat << __CONF_SECTION1_EOF
153	- config@$cnt {
154	+ config-$cnt {
155	description = "$(basename $dtname .dtb)";
156	- firmware = "uboot@1";
157	+ firmware = "uboot-1";
158	loadables = $LOADABLES;
159	- fdt = "fdt@$cnt";
160	+ fdt = "fdt-$cnt";
161	};
162	__CONF_SECTION1_EOF
163	fi
164	--	53	--
165	2.17.1	54	2.17.1
166		55


diff --git a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc index c51c1e08..b4d32a54 100644 --- a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc +++ b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
@@ -2,12 +2,12 @@
2		2
3	DEPENDS = "zlib-native openssl-native"	3	DEPENDS = "zlib-native openssl-native"
4		4
5	SRCBRANCH = "lf-5.10.52_2.1.0"	5	SRCBRANCH = "lf-5.10.72_2.2.0"
6	SRC_URI = "git://source.codeaurora.org/external/imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \	6	SRC_URI = "git://source.codeaurora.org/external/imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \
7	file://0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch \	7	file://0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch \
8	file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \	8	file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \
9	"	9	"
10	SRCREV = "1112c88470f339dc631e2a7117087f416af6d6b5"	10	SRCREV = "7a277c8a1a21ff921d217889dde6a9f84e6d2168"
11	S = "${WORKDIR}/git"	11	S = "${WORKDIR}/git"
12		12
13	BOOT_TOOLS = "imx-boot-tools"	13	BOOT_TOOLS = "imx-boot-tools"