aboutsummaryrefslogtreecommitdiff
path: root/boot
Commit message (Collapse)AuthorAgeFilesLines
* boot/uboot: bump to version 2021.01Gravatar Michael Walle3 days2-3/+3
| | | | | Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/barebox, package/linux-headers: carry site-method archive format ↵Gravatar Yann E. MORIN3 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version when overriding _SOURCE Commit 5b95a5dc2 (support/download: change format of archives generated from git) changed the way the archives generated from git repositories are named, adding a "format-version" identifier right between the package version and the file extension. Commit c043ecb20 (support/download: change format of archives generated from svn) did so for archives generated from a subversion checkout. However, for a few packages, we manually force the _SOURCE variable, because we want to share the archive with another package, to avoid downloading and storing those archives twice. This is the case for: - linux-headers and linux - barebox-aux and barebox When the generated tarballs were renamed with the aforementioned commits, those packages were not updated accordingly. Fix that by manually propagating the per-site-method format-version. Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/shim: add SHIM_CPE_ID_VENDORGravatar Fabrice Fontaine4 days1-0/+1
| | | | | | | | | cpe:2.3:a:redhat:shim is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Ashim Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/barebox: bump version to 2020.11.0Gravatar Bartosz Bilas5 days2-5/+5
| | | | | Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: introduce BR2_TARGET_UBOOT_NEEDS_OPENSBIGravatar Bin Meng5 days2-0/+15
| | | | | | | | | Some RISC-V platforms (such as SiFive HiFive Unleashed) encapsulate the OpenSBI firmware image inside U-Boot. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* support/download: change format of archives generated from gitGravatar Yann E. MORIN11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch to using the tarball helper, that can generate reproducible archives whatever the tar version >= 1.27. However, those archives are not identical to the previous ones generated in the (now-broken) gnu format. To avoid any clashing between old and new archives, and new and old Buildroot versions, we need to name the new generated archives differently from the existing ones. So, we bump the git-specific format-version to -br1. The %ci date has been supported by git back to 1.6.0, released August 2008); it is not strictly ISO8601, but is still accepted as a PAX date header. The strict ISO8601 placeholder, %cI, was only introduced with 2.2.0, release in November 2014, so too recent to be widely available. As the format and the names of the archives changes, we need to update all the hash files with the new names and hashes. Of all the bootloaders that have a git download method, vexpress-firmware is the only one to have a hash. Others have no hash files, or they have explicitly set BR_NO_CHECK_HASH_FOR. For the packages, linux-headers is the special snowflake, as the git download is only for custom git tree, so it is excluded from the hash verification with BR_NO_CHECK_HASH_FOR. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Vincent Fazio <vfazio@xes-inc.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: Vincent Fazio <vfazio@xes-inc.com> ---8<------8<------8<------8<--- #!/bin/sh # Find and download all packages using git as backend. # Manually fix hashes for affected packages. # Packages that only have a host variant HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils' # Packages that have a non-git main _SOURCE, and/or which # have BR_NO_CHECK_HASH_FOR for the git _SOURCE NOT_GIT='aufs|aufs-util|xenomai|linux-headers' export BR2_DL_DIR=$(pwd)/temp-dl-dir make defconfig make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \ boot/vexpress-firmware/ package/ \ |sed -r -e 's,.*/([^/]+)\.mk,\1,' \ |sed -r -e '/^('"${NOT_GIT}"')$/d;' \ -e 's/^('"${HOST_ONLY}"')/host-\1/;' \ -e 's/$/-legal-info/;' ) ---8<------8<------8<------8<---
* package: provide CPE ID details for numerous packagesGravatar Matt Weber2021-01-042-0/+3
| | | | | | | | This patch adds CPE ID information for a significant number of packages. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/boot-wrapper-aarch64: bump versionGravatar Vincent Stehlé2021-01-021-1/+1
| | | | | | | | Bump bootwrapper to the latest version. Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/mv-ddr-marvell: Bump to HEAD as of 20201207Gravatar D. Olsson2020-12-303-34/+3
| | | | | | | | Rebase on the mv-ddr-devel branch as the release branches are no longer maintained. Signed-off-by: Dick Olsson <hi@senzilla.io> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/arm-trusted-firmware: Bump to version 2.4Gravatar D. Olsson2020-12-302-3/+3
| | | | | | | | Required in order to build properly with the latest stable release of EDK2 UEFI firmware. Signed-off-by: Dick Olsson <hi@senzilla.io> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/barebox: kconfig needs the toolchainGravatar Jules Maselbas2020-12-291-0/+5
| | | | | | | | | | | | In barebox v2020.09.0, kconfig has been updated to a newer version based on Linux 5.9-rc2. As in linux, kconfig can call the compiler to test its capabilities. We have no way to know if a custom version would require it or not, so we just unconditionally depend on the toolchain Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/lpc32xxcdl: switch upstream locationGravatar Yann E. MORIN2020-12-292-6/+9
| | | | | | | | | | | | | | The upstream git tree has disappeared, but a ZIP file is still hosted somewhere at NXP. The content of that zip file has been verified to be 100% identical to the tarball we hosted on s.b.o. As this is a zip file, we can't use the generic extract commands, and must come up with our own. As such, it no longer makes sense to fix the CRLF as a post-extract hook; this is moved to the extract command. Add a hash file while at it. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/arm-trusted-firmware: Forward stack protection configurationGravatar Christoph Müllner2020-12-151-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TF-A supports stack smashing protection (-fstack-protector-*). However, that feature is currently silently disabled because ENABLE_STACK_PROTECTOR is not set during build time. As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR is required to enable stack protection support. When enabled the symbols for the stack protector (e.g. __stack_chk_guard) are built. This needs to be done because TF-A does not link against an external library that provides that symbols (e.g. libc). So in case we see that BR2_SSP_* is enabled, let's enable the corresponding ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide. This patch also fixes a the following linker errors with older TF-A versions if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag) and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing stack protector symbols: [...] params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail' aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend': pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard' [...] TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent these issue by explicitliy and silently disabling the stack protector by appending '-fno-stack-protector' to the compiler flags in case ENABLE_STACK_PROTECTOR is not set. Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master). Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com> Reviewed-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* boot/uboot: fix custom repo error messageGravatar Garret Kelly2020-11-161-1/+1
| | | | | | | | | | When using a custom git or mercurial repository for u-boot the error message indicating a version had not been provided incorrectly stated that the URL was missing. Update the error message to indicate that it's the version that's missing. Signed-off-by: Garret Kelly <garret.kelly@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/optee-os: bump to version 3.11.0Gravatar Etienne Carriere2020-10-315-319/+4
| | | | | | | | | Bump OP-TEE OS package version to OP-TEE release 3.11.0. Remove patches since merged in OP-TEE OS 3.11.0 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: add stm32 binary formatGravatar Shlomi Vaknin2020-10-132-0/+9
| | | | | | | | Add `.stm32` binary format that U-Boot generates for the trusted configuration of STM32MP platforms. Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: bump to version 2020.10Gravatar Pierre-Jean Texier2020-10-082-3/+3
| | | | | | | See: https://lists.denx.de/pipermail/u-boot/2020-October/428516.html Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/uboot-tools: migrate BR2_TARGET_UBOOT_BOOT_SCRIPT from U-Boot pkgGravatar Matt Weber2020-10-062-29/+0
| | | | | | | | | | For consistancy and dependencies between uboot and uboot-tools, this patch migrates the script creation over in a similar way as the env image creation. Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/uboot-tools: migrate BR2_TARGET_UBOOT_ENVIMAGE from U-Boot pkgGravatar Matt Weber2020-10-062-68/+0
| | | | | | | | | | | | | | | | | | | | Migrating the support for this feature to uboot-tools to gain the ability to build env files when BR2_TARGET_UBOOT isn't selected. When _ENVIMAGE_SOURCE is not set, we generate a default environment. However, this default depends on the U-Boot configuration. Therefore, this can only be done if uboot itself is built as well, and host-uboot-tools needs to depend on uboot. For the same reason, the commands for creating the environment have to be adapted a little. Take this occasion to drastically simplify them. Note: This patch creates a circular dependency with uboot until the similar migration patch is merged for uboot scripts Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* boot/uboot/Config.in: sort uboot's format extensions alphabeticallyGravatar Bartosz Bilas2020-10-061-27/+27
| | | | | | | It's easier to locate given format when it's sorted. Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/barebox: fix target bareboxenv command compileGravatar Peter Seiderer2020-10-041-9/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The buildroot custom bareboxenv compile command misses the additional include path 'scripts/include' to gain access to the local copy of the kernel header files (which leads to compile error when using an older toolchain). This could be fixed by enhancing the custom bareboxenv compile command (see [1]) or by using the barebox build system by simply enabling the CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2]) instead (as suggested by Yann E. MORIN). Fixes (with BR2_TARGET_BAREBOX_BAREBOXENV enabled): build/barebox-2019.12.0/scripts/bareboxenv.c:100:10: fatal error: linux/list.h: No such file or directory [1] http://lists.busybox.net/pipermail/buildroot/2020-January/270942.html [2] https://git.pengutronix.de/cgit/barebox/commit/?id=afb03d7a554a2911a3742e316f011319fcb416f1 Note: a user who would previously provide a barebox config file which had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target built, but it would not be installed in the target. Now, and unset BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a regression: it was anyway previously not installed. Reported-by: Frederick Gotham <cauldwell.thomas@gmail.com> Signed-off-by: Peter Seiderer <ps.report@gmx.net> [yann.morin.1998@free.fr: - also explicitly disable it when not selected - rewrap commit log ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/barebox: bump version to 2020.09.0Gravatar Bartosz Bilas2020-10-012-5/+5
| | | | | Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/afboot-stm32: fix build with gcc 10Gravatar Thomas Petazzoni2020-09-101-0/+46
| | | | | | | | | | | | | This commit adds a patch that passes -fno-builtin to fix the build with gcc 10. The patch has been submitted upstream. There are no autobuilder failures, since it's a bootloader package, and therefore not tested by the autobuilders. However, a build failure was detected when building toolchains and a minimal ARMv7-M system at https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359529. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/barebox: bump version to 2020.08.1Gravatar Bartosz Bilas2020-09-072-5/+5
| | | | | Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Merge branch 'master' into nextGravatar Thomas Petazzoni2020-08-122-2/+252
|\
| * boot/optee-os: depend on host-python3Gravatar Dick Olsson2020-08-092-2/+252
| | | | | | | | | | | | | | | | | | | | Recent versions of OP-TEE depend on Python 3. Currently, OP-TEE is building with the Python interpreter provided by the user. This patch includes an upstream patch that makes the interpreter configurable, and makes use of this configuration with host-python3. Signed-off-by: Dick Olsson <hi@senzilla.io> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* | boot/at91bootstrap3: bump version to 3.9.3Gravatar Thomas Petazzoni2020-08-072-3/+3
|/ | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: Fix kconfig to use $(BR2_MAKE)Gravatar Brandon Maier2020-08-061-2/+3
| | | | | | | | | | | | U-Boot must use $(BR2_MAKE) as it uses a Make feature from v4.0. We already use $(BR2_MAKE) in the BUILD_CMDS, but the kconfig commands still uses $(MAKE). Without this fix, building U-Boot with kconfig will fail with the following cryptic error. > Makefile:37: *** missing separator. Stop. Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/at91bootstrap3: enable for cortexa7Gravatar Eugen Hristev2020-08-051-1/+1
| | | | | | | | | Enable this bootloader for cortex a7 based SoCs: support for the sama7g5 SoC is now in upstream at91bootstrap3, and it is a Cortex-A7 based SoC. Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/grub2: Backport Boothole securify fixesGravatar Stefan Sørensen2020-08-0328-0/+5951
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html Fixes the following security issues: * CVE-2020-10713 A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. * CVE-2020-14309 There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. * CVE-2020-14310 An integer overflow in read_section_from_string may lead to a heap based buffer overflow. * CVE-2020-14311 An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow. * CVE-2020-15706 GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass * CVE-2020-15707 Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/barebox: bump version to 2020.07.0Gravatar Bartosz Bilas2020-07-262-5/+5
| | | | | Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/arm-trusted-firmware: bump to version 2.2Gravatar Dick Olsson2020-07-202-4/+4
| | | | | | | | | | Release notes: https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html#version-2-2 Take this opportunity to fix the hash file spacing. Signed-off-by: Dick Olsson <hi@senzilla.io> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: bump to version 2020.07Gravatar Fabio Estevam2020-07-152-3/+3
| | | | | Signed-off-by: Fabio Estevam <festevam@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/optee-os: bump to version 3.9.0Gravatar Etienne Carriere2020-07-145-68/+70
| | | | | | | | | | | | Bump OP-TEE OS package version to OP-TEE release 3.9.0. Update patch on pydrypto/pycryptodome to match 3.9.0. Add patch on CFG_OPTEE_REVISION_MINOR that was not updated in release 3.9.0 and fixed only few commits above. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* uboot: zynqmp: Support loading a PMU configGravatar Brandon Maier2020-06-272-0/+39
| | | | | | | | | | | | | | | | | Before now, U-Boot SPL could only load the Platform Management Unit (PMU) by patching the board-specific pm_cfg_obj.c file into the generic PMU firmware, but that then requires generating a new PMU firmware for every board configuration. To fix that, Luca Ceresoli added support to U-Boot to load the pm_cfg_obj[1]. Like the PMU firmware, we need a way to pass the PMU cfg to U-Boot during build. U-Boot only accepts the binary format of the cfg, so we must convert the source file with the tool provided with U-Boot. [1] https://lucaceresoli.net/zynqmp-uboot-spl-pmufw-cfg-load/ Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/opensbi: bump to version 0.8Gravatar Mark Corbin2020-06-242-3/+3
| | | | | | | | | | | | | The OpenSBI platform 'qemu/virt' has been removed in v0.8. Builds for the QEMU 'virt' machine can use the 'generic' platform instead. Tested with qemu_riscv32_virt_defconfig and qemu_riscv64_virt_defconfig using Buildroot host-qemu 5.0.0. Signed-off-by: Mark Corbin <mark@dibsco.co.uk> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> [yann.morin.1998@free.fr: two spaces in hash file] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* legacy: drop options removed more than 5 years ago nowGravatar Yann E. MORIN2020-06-221-4/+0
| | | | | Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/grub2: Fix GRUB i386-pc build with Ubuntu gccGravatar Fabrice Fontaine2020-06-052-0/+321
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport a patch from upstream to fix the build on certain versions of gsc, notably: Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0 Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008 The upstream patch is simply a change in the gentpl.py script, which is used to generate parts of the automake machinery, so if we just backport the upstream patch, we need to call the script to regenerate those files. However, the modified script is a python script, so we would need to add a dependency on host-python (2 or 3), which is not so nice. Furthermore, calling the script is not enough: it needs a specific set of optionss for each file it is to generate. That set of options is not static; it is constructed in the convoluted autogen.sh. Calling autogen.sh is usally not so good an idea in the Buildroot context, and indeed this fails becasue it calls to autoreconf, but without our carefuly crafted options and environment variables. There was a little light in the tunnel, in that autogen.sh can be told not to run autoreconf, by setting the environemnt variable FROM_BOOTSTRAP to an non-=empty string, but this is fraught with various other side-effects, as in that cause, autogen.sh expects to be valled by an upper sciopt, bootstrap, which is not provided in the tarball distribution... So, between all those issues, autogen, bootstrap, and a host-python (2 or 3) dependency, we choose another route: path the script *and* the one generated file affected by the change. Since that patched file is a .am file, we also patch the corresponding .in file However, we're faced with another issue: the other generated file is now older than the script, so the automake machinery will now want to re-run autoconf et al during the build step, which is still not a good idea for us. So we touch the other generated file so it is mopre recent than the script. This is still not sufficient, because the patched file also has a dependency on the generated file, so we need to touch as well. Fixes: - https://bugs.buildroot.org/show_bug.cgi?id=12946 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [yann.morin.1998@free.fr: - keep the hunk about patching gentpl.py - make it a git-formatted patch - add the touch - drastically expand the commit log ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/uboot: change from FTP to HTTPS for official releasesGravatar Joachim Nilsson2020-06-041-1/+1
| | | | | | | | | The HTTPS URL seems to be more reliable and quicker for download than FTP. FTP may also be a blocked protocol on some sites and in CI/CD setups. Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Merge branch 'next'Gravatar Thomas Petazzoni2020-06-024-8/+8
|\ | | | | | | | | | | | | | | | | | | A few conflicts had to be resolved: - Version number and hash for mesa3d-headers/mesa3d - Patches added in qemu, and the qemu version number - The gnuconfig README.buildroot Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
| * boot/at91bootstrap3: bump to version 3.9.2Gravatar Pierre-Jean Texier2020-05-282-3/+3
| | | | | | | | | | Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
| * boot/barebox: bump version to 2020.05.0Gravatar Bartosz Bilas2020-05-152-5/+5
| | | | | | | | | | Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* | boot/arm-trusted-firmware: ignore licencing check for user defined official ↵Gravatar Romain Naour2020-05-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version The commit [1] "licensing info is only valid for v1.4" fixed the legal-info issues when a custom ATF tarball or a version from git is used. But we need to ignore licencing for a used defined official ATF version. Althougt the ATF version are licensed under BSD-3-Clause, the license file can be updated between version (for example between v1.4 and v2.0). Ignore the licencing check if the user provide a custom official version. [1] d1a61703f728340ec894c367398d2a3a394a3360 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Yann E. MORIN <yann.morin.1998@free.fr> [yann.morin.1998@free.fr: use positive logic with the _LATEST option] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* | boot/optee-os: replace pycrypto by pycryptodomexGravatar Romain Naour2020-05-212-1/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | >From [1] included in optee-os release 3.7.0: "PyCryptodome is a fork of PyCrypto, which is not maintained any more (the last release dates back to 2013 [2]). It exposes almost the same API, but there are a few incompatibilities [3]." pem_to_pub_c.py/sign.py scripts still use pycrypto that is replaced by pycryptodomex. Add a patch to use pycryptodomex but don't use upstream commit since it also switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when replacing pycrypto to pycryptodomex [4]. [1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0 [2] https://pypi.org/project/pycrypto/#history [3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html [4] https://github.com/OP-TEE/optee_os/commit/ababd72d2fd76cb2ded8e202b49db28d6545f6eb Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/526035730 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: James Hilliard <james.hilliard1@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* | boot/uboot: support building U-Boot with Python 3.xGravatar Thomas Petazzoni2020-05-152-1/+42
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | U-Boot versions newer than 2020.01 use Python 3.x instead of Python 2.x in various scripts. We already had the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT and BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS options, but depending on the U-Boot version, we now need to indicate if Python 2.x or Python 3.x should be used. In addition, it turns out that some U-Boot configurations need a Python interpreter, without needing pylibfdt or pyelftools. Some of our defconfigs were abusing the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT option to make sure a Python interpreter was built. To solve this issue, we introduce a choice, that let the users specify what, if any, host python version is needed. The default is 'no', to preserve the previous behaviour, unless any of the pylibfdt or the pyelftools options is enabled, in which case we hide the 'no' option, and use python 2 by default. This dfault is guaranteed by the order of options in the choice. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [yann.morin.1998@free.fr: - explicitly make the choice a bool - make BR2_TARGET_UBOOT_NEEDS_PYTHON a blind option - introduce the 'no' option in the choice - reword the commit log accordingly ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* boot/uboot: don't specify .config to mungeGravatar Yann E. MORIN2020-05-011-4/+2
| | | | | Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/barebox: don't specify .config to mungeGravatar Yann E. MORIN2020-05-011-2/+2
| | | | | Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/uboot: bump to version 2020.04Gravatar Pierre-Jean Texier2020-04-132-3/+3
| | | | | | | See https://lists.denx.de/pipermail/u-boot/2020-April/406522.html Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/syslinux: fix build of efi part with gnu-efi 3.0.10Gravatar Thomas Petazzoni2020-04-041-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | The following defconfig: BR2_x86_i686=y BR2_TOOLCHAIN_EXTERNAL=y BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2" BR2_TOOLCHAIN_EXTERNAL_GCC_8=y BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y BR2_TOOLCHAIN_EXTERNAL_CXX=y BR2_INIT_NONE=y BR2_TARGET_SYSLINUX=y BR2_TARGET_SYSLINUX_EFI=y fails to build due to missing setjmp/longjmp definitions, which is a consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10. This build failure is fixed by adding another syslinux paytch, which has been submitted upstream. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* boot/arm-trusted-firmware: add optional host-arm-gnu-a-toolchain dependencyGravatar Suniel Mahesh2020-03-292-0/+12
| | | | | | | | | | | | | | | | | Some ATF configurations, require a pre-built bare metal toolchain to build some platforms which host cortex-m series core, for instance rockchip rk3399 has a cortex-m0 core. Without a pre-built bare metal toolchain, the build fails: make[3]: arm-none-eabi-gcc: Command not found To solve this, this commit implements a BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN option. Platforms which have such requirement should enable this config option. Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>