From 16f2894dc267ab515a0b441f2d5ad0695a2c9f07 Mon Sep 17 00:00:00 2001
From: Tom Hochstein <tom.hochstein@nxp.com>
Date: Thu, 13 Jan 2022 12:33:35 -0600
Subject: imx-mkimage: Update to 5.10.72-2.2.0

Includes update to patch 0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
which is partially applied by 1527fb9.

Fixes in update:
---
7a277c8 LF-4794 iMX8ULP: move OPTEE OS base address to 0xa6000000
9a04474 Update iMX8DXL clean target to remove intermediate files
dfe6265 Fix build warning
c78d727 Fix iMX8DXL ahab container image extraction
9bd94cc LF-4522 Parse and extract the u-boot-atf container
6cf67ed iMX8QM/QX/DXL/ULP: Add core id to -data option
1527fb9 iMX8M: fix FIT DT node unit address
cbf03b6 Fix issue with C0 versus B0 nightly pull for VAL.
7f98709 iMX8M: soc: fix support to override u-boot DTB file name
c9cce4f iMX8ULP: support xip for m33 and add README
----

Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
---
 ...age_fit_atf-fix-fit-generator-node-naming.patch | 135 ++-------------------
 recipes-bsp/imx-mkimage/imx-mkimage_git.inc        |   4 +-
 2 files changed, 14 insertions(+), 125 deletions(-)

diff --git a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
index 3c2842af..5a4a895b 100644
--- a/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
+++ b/recipes-bsp/imx-mkimage/files/0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch
@@ -1,19 +1,10 @@
-From 9cf936493388897379f33b511ec869c6fa5409ce Mon Sep 17 00:00:00 2001
+From f281b935985f1b592534ee2837ce0d0b28c7dc43 Mon Sep 17 00:00:00 2001
 From: Andrey Zhizhikin <andrey.z@gmail.com>
-Date: Thu, 22 Apr 2021 12:20:28 +0000
+Date: Tue, 11 Jan 2022 15:32:05 -0600
 Subject: [PATCH] mkimage_fit_atf: fix fit generator node naming
 
-Since upstream commit 79af75f777 ("fit: Don't allow verification of images
-with @ nodes") [1], unit addresses on the nodes are prohibited and nodes
-that do contain those addresses are ignored during the ITS parsing. This
-is done in an effort to cover the CVE-2021-27138, where nodes with unit
-addresses can be mis-interpreted by libfdt.
-
-Correct FIT generator script and replace nodes with unit addresses to
-plain node names with "-" instead of "@" to create a unique naming.
-
-In addition, extend sections which contains "firmware" in their types
-with "os" parameter to conform to the latest FIT specification.
+Extend sections which contains "firmware" in their types with "os"
+parameter to conform to the latest FIT specification.
 
 Indicate that load and entry addresses are covered by one 32-bit value
 by adding "address-cells" in the root node of the generated ITS.
@@ -23,40 +14,13 @@ Link: [1] https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c
 Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
 Cc: Tom Hochstein <tom.hochstein@nxp.com>
 ---
- iMX8M/mkimage_fit_atf.sh | 40 ++++++++++++++++++++++------------------
- 1 file changed, 22 insertions(+), 18 deletions(-)
+ iMX8M/mkimage_fit_atf.sh | 4 ++++
+ 1 file changed, 4 insertions(+)
 
 diff --git a/iMX8M/mkimage_fit_atf.sh b/iMX8M/mkimage_fit_atf.sh
-index 95749b1..10903ea 100755
+index 4f2b3f3..10903ea 100755
 --- a/iMX8M/mkimage_fit_atf.sh
 +++ b/iMX8M/mkimage_fit_atf.sh
-@@ -23,7 +23,7 @@ else
- fi
- 
- BL32="tee.bin"
--LOADABLES="\"atf@1\""
-+LOADABLES="\"atf-1\""
- 
- if [ ! -f $BL32 ]; then
- 	BL32=/dev/null
-@@ -31,7 +31,7 @@ else
- 	echo "Building with TEE support, make sure your bl31 is compiled with spd. If you do not want tee, please delete tee.bin" >&2
- 	echo "tee.bin size: " >&2
- 	ls -lct tee.bin | awk '{print $5}' >&2
--	LOADABLES="$LOADABLES, \"tee@1\""
-+	LOADABLES="$LOADABLES, \"tee-1\""
- fi
- 
- BL33="u-boot-nodtb.bin"
-@@ -41,7 +41,7 @@ if [ ! -f $DEK_BLOB ]; then
- 	DEK_BLOB=/dev/null
- else
- 	echo "Building with encrypted boot support, make sure to replace DEK Blob in final image." >&2
--	LOADABLES="\"dek_blob@1\", $LOADABLES"
-+	LOADABLES="\"dek_blob-1\", $LOADABLES"
- fi
- 
- if [ ! -f $BL33 ]; then
 @@ -64,10 +64,12 @@ cat << __HEADER_EOF
  
  / {
@@ -64,103 +28,28 @@ index 95749b1..10903ea 100755
 +	#address-cells = <1>;
  
  	images {
--		uboot@1 {
-+		uboot-1 {
+ 		uboot-1 {
  			description = "U-Boot (64-bit)";
 +			os = "u-boot";
  			data = /incbin/("$BL33");
  			type = "standalone";
  			arch = "arm64";
-@@ -80,7 +82,7 @@ cnt=1
- for dtname in $*
- do
- 	cat << __FDT_IMAGE_EOF
--		fdt@$cnt {
-+		fdt-$cnt {
- 			description = "$(basename $dtname .dtb)";
- 			data = /incbin/("$dtname");
- 			type = "flat_dt";
-@@ -91,8 +93,9 @@ cnt=$((cnt+1))
- done
- 
+@@ -93,6 +95,7 @@ done
  cat << __HEADER_EOF
--		atf@1 {
-+		atf-1 {
+ 		atf-1 {
  			description = "ARM Trusted Firmware";
 +			os = "arm-trusted-firmware";
  			data = /incbin/("$BL31");
  			type = "firmware";
  			arch = "arm64";
-@@ -104,8 +107,9 @@ __HEADER_EOF
- 
- if [ -f $BL32 ]; then
+@@ -106,6 +109,7 @@ if [ -f $BL32 ]; then
  cat << __HEADER_EOF
--		tee@1 {
-+		tee-1 {
+ 		tee-1 {
  			description = "TEE firmware";
 +			os = "op-tee-firmware";
  			data = /incbin/("$BL32");
  			type = "firmware";
  			arch = "arm64";
-@@ -118,7 +122,7 @@ fi
- 
- if [ -f $DEK_BLOB ]; then
- cat << __HEADER_EOF
--		dek_blob@1 {
-+		dek_blob-1 {
- 			description = "dek_blob";
- 			data = /incbin/("$DEK_BLOB");
- 			type = "script";
-@@ -131,7 +135,7 @@ fi
- cat << __CONF_HEADER_EOF
- 	};
- 	configurations {
--		default = "config@1";
-+		default = "config-1";
- 
- __CONF_HEADER_EOF
- 
-@@ -141,31 +145,31 @@ do
- if [ -f $BL32 ]; then
- if [ $ROLLBACK_INDEX_IN_FIT ]; then
- cat << __CONF_SECTION_EOF
--		config@$cnt {
-+		config-$cnt {
- 			description = "$(basename $dtname .dtb)";
--			firmware = "uboot@1";
-+			firmware = "uboot-1";
- 			loadables = $LOADABLES;
--			fdt = "fdt@$cnt";
-+			fdt = "fdt-$cnt";
- 			rbindex = "$ROLLBACK_INDEX_IN_FIT";
- 		};
- __CONF_SECTION_EOF
- else
- cat << __CONF_SECTION_EOF
--		config@$cnt {
-+		config-$cnt {
- 			description = "$(basename $dtname .dtb)";
--			firmware = "uboot@1";
-+			firmware = "uboot-1";
- 			loadables = $LOADABLES;
--			fdt = "fdt@$cnt";
-+			fdt = "fdt-$cnt";
- 		};
- __CONF_SECTION_EOF
- fi
- else
- cat << __CONF_SECTION1_EOF
--		config@$cnt {
-+		config-$cnt {
- 			description = "$(basename $dtname .dtb)";
--			firmware = "uboot@1";
-+			firmware = "uboot-1";
- 			loadables = $LOADABLES;
--			fdt = "fdt@$cnt";
-+			fdt = "fdt-$cnt";
- 		};
- __CONF_SECTION1_EOF
- fi
 -- 
 2.17.1
 
diff --git a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
index c51c1e08..b4d32a54 100644
--- a/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
+++ b/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
@@ -2,12 +2,12 @@
 
 DEPENDS = "zlib-native openssl-native"
 
-SRCBRANCH = "lf-5.10.52_2.1.0"
+SRCBRANCH = "lf-5.10.72_2.2.0"
 SRC_URI = "git://source.codeaurora.org/external/imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \
            file://0001-mkimage_fit_atf-fix-fit-generator-node-naming.patch \
            file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \
 "
-SRCREV = "1112c88470f339dc631e2a7117087f416af6d6b5"
+SRCREV = "7a277c8a1a21ff921d217889dde6a9f84e6d2168"
 S = "${WORKDIR}/git"
 
 BOOT_TOOLS = "imx-boot-tools"
-- 
cgit v1.2.3-54-g00ecf