blob: f3a979e217908489ae8b50b5827788018371915e [file] [log] [blame]
Tom Rini83d290c2018-05-06 17:58:06 -04001# SPDX-License-Identifier: GPL-2.0+
Simon Glassbf7fd502016-11-25 20:15:51 -07002# Copyright (c) 2016 Google, Inc
Simon Glassbf7fd502016-11-25 20:15:51 -07003
4Introduction
5------------
6
7Firmware often consists of several components which must be packaged together.
8For example, we may have SPL, U-Boot, a device tree and an environment area
9grouped together and placed in MMC flash. When the system starts, it must be
10able to find these pieces.
11
12So far U-Boot has not provided a way to handle creating such images in a
13general way. Each SoC does what it needs to build an image, often packing or
14concatenating images in the U-Boot build system.
15
16Binman aims to provide a mechanism for building images, from simple
17SPL + U-Boot combinations, to more complex arrangements with many parts.
18
19
20What it does
21------------
22
23Binman reads your board's device tree and finds a node which describes the
24required image layout. It uses this to work out what to place where. The
25output file normally contains the device tree, so it is in principle possible
26to read an image and extract its constituent parts.
27
28
29Features
30--------
31
32So far binman is pretty simple. It supports binary blobs, such as 'u-boot',
33'spl' and 'fdt'. It supports empty entries (such as setting to 0xff). It can
34place entries at a fixed location in the image, or fit them together with
35suitable padding and alignment. It provides a way to process binaries before
36they are included, by adding a Python plug-in. The device tree is available
37to U-Boot at run-time so that the images can be interpreted.
38
39Binman does not yet update the device tree with the final location of
40everything when it is done. A simple C structure could be generated for
41constrained environments like SPL (using dtoc) but this is also not
42implemented.
43
44Binman can also support incorporating filesystems in the image if required.
45For example x86 platforms may use CBFS in some cases.
46
47Binman is intended for use with U-Boot but is designed to be general enough
48to be useful in other image-packaging situations.
49
50
51Motivation
52----------
53
54Packaging of firmware is quite a different task from building the various
55parts. In many cases the various binaries which go into the image come from
56separate build systems. For example, ARM Trusted Firmware is used on ARMv8
57devices but is not built in the U-Boot tree. If a Linux kernel is included
58in the firmware image, it is built elsewhere.
59
60It is of course possible to add more and more build rules to the U-Boot
61build system to cover these cases. It can shell out to other Makefiles and
62build scripts. But it seems better to create a clear divide between building
63software and packaging it.
64
65At present this is handled by manual instructions, different for each board,
66on how to create images that will boot. By turning these instructions into a
67standard format, we can support making valid images for any board without
68manual effort, lots of READMEs, etc.
69
70Benefits:
71- Each binary can have its own build system and tool chain without creating
72any dependencies between them
73- Avoids the need for a single-shot build: individual parts can be updated
74and brought in as needed
75- Provides for a standard image description available in the build and at
76run-time
77- SoC-specific image-signing tools can be accomodated
78- Avoids cluttering the U-Boot build system with image-building code
79- The image description is automatically available at run-time in U-Boot,
80SPL. It can be made available to other software also
81- The image description is easily readable (it's a text file in device-tree
82format) and permits flexible packing of binaries
83
84
85Terminology
86-----------
87
88Binman uses the following terms:
89
90- image - an output file containing a firmware image
91- binary - an input binary that goes into the image
92
93
94Relationship to FIT
95-------------------
96
97FIT is U-Boot's official image format. It supports multiple binaries with
98load / execution addresses, compression. It also supports verification
99through hashing and RSA signatures.
100
101FIT was originally designed to support booting a Linux kernel (with an
102optional ramdisk) and device tree chosen from various options in the FIT.
103Now that U-Boot supports configuration via device tree, it is possible to
104load U-Boot from a FIT, with the device tree chosen by SPL.
105
106Binman considers FIT to be one of the binaries it can place in the image.
107
108Where possible it is best to put as much as possible in the FIT, with binman
109used to deal with cases not covered by FIT. Examples include initial
110execution (since FIT itself does not have an executable header) and dealing
111with device boundaries, such as the read-only/read-write separation in SPI
112flash.
113
114For U-Boot, binman should not be used to create ad-hoc images in place of
115FIT.
116
117
118Relationship to mkimage
119-----------------------
120
121The mkimage tool provides a means to create a FIT. Traditionally it has
122needed an image description file: a device tree, like binman, but in a
123different format. More recently it has started to support a '-f auto' mode
124which can generate that automatically.
125
126More relevant to binman, mkimage also permits creation of many SoC-specific
127image types. These can be listed by running 'mkimage -T list'. Examples
128include 'rksd', the Rockchip SD/MMC boot format. The mkimage tool is often
129called from the U-Boot build system for this reason.
130
131Binman considers the output files created by mkimage to be binary blobs
132which it can place in an image. Binman does not replace the mkimage tool or
133this purpose. It would be possible in some situtions to create a new entry
134type for the images in mkimage, but this would not add functionality. It
135seems better to use the mkiamge tool to generate binaries and avoid blurring
136the boundaries between building input files (mkimage) and packaging then
137into a final image (binman).
138
139
140Example use of binman in U-Boot
141-------------------------------
142
143Binman aims to replace some of the ad-hoc image creation in the U-Boot
144build system.
145
146Consider sunxi. It has the following steps:
147
1481. It uses a custom mksunxiboot tool to build an SPL image called
149sunxi-spl.bin. This should probably move into mkimage.
150
1512. It uses mkimage to package U-Boot into a legacy image file (so that it can
152hold the load and execution address) called u-boot.img.
153
1543. It builds a final output image called u-boot-sunxi-with-spl.bin which
155consists of sunxi-spl.bin, some padding and u-boot.img.
156
157Binman is intended to replace the last step. The U-Boot build system builds
158u-boot.bin and sunxi-spl.bin. Binman can then take over creation of
159sunxi-spl.bin (by calling mksunxiboot, or hopefully one day mkimage). In any
160case, it would then create the image from the component parts.
161
162This simplifies the U-Boot Makefile somewhat, since various pieces of logic
163can be replaced by a call to binman.
164
165
166Example use of binman for x86
167-----------------------------
168
169In most cases x86 images have a lot of binary blobs, 'black-box' code
170provided by Intel which must be run for the platform to work. Typically
171these blobs are not relocatable and must be placed at fixed areas in the
172firmare image.
173
174Currently this is handled by ifdtool, which places microcode, FSP, MRC, VGA
175BIOS, reference code and Intel ME binaries into a u-boot.rom file.
176
177Binman is intended to replace all of this, with ifdtool left to handle only
178the configuration of the Intel-format descriptor.
179
180
181Running binman
182--------------
183
184Type:
185
186 binman -b <board_name>
187
188to build an image for a board. The board name is the same name used when
189configuring U-Boot (e.g. for sandbox_defconfig the board name is 'sandbox').
190Binman assumes that the input files for the build are in ../b/<board_name>.
191
192Or you can specify this explicitly:
193
194 binman -I <build_path>
195
196where <build_path> is the build directory containing the output of the U-Boot
197build.
198
199(Future work will make this more configurable)
200
201In either case, binman picks up the device tree file (u-boot.dtb) and looks
202for its instructions in the 'binman' node.
203
204Binman has a few other options which you can see by running 'binman -h'.
205
206
Simon Glass9c0a8b12017-11-12 21:52:06 -0700207Enabling binman for a board
208---------------------------
209
210At present binman is invoked from a rule in the main Makefile. Typically you
211will have a rule like:
212
213ifneq ($(CONFIG_ARCH_<something>),)
214u-boot-<your_suffix>.bin: <input_file_1> <input_file_2> checkbinman FORCE
215 $(call if_changed,binman)
216endif
217
218This assumes that u-boot-<your_suffix>.bin is a target, and is the final file
219that you need to produce. You can make it a target by adding it to ALL-y
220either in the main Makefile or in a config.mk file in your arch subdirectory.
221
222Once binman is executed it will pick up its instructions from a device-tree
223file, typically <soc>-u-boot.dtsi, where <soc> is your CONFIG_SYS_SOC value.
224You can use other, more specific CONFIG options - see 'Automatic .dtsi
225inclusion' below.
226
227
Simon Glassbf7fd502016-11-25 20:15:51 -0700228Image description format
229------------------------
230
231The binman node is called 'binman'. An example image description is shown
232below:
233
234 binman {
235 filename = "u-boot-sunxi-with-spl.bin";
236 pad-byte = <0xff>;
237 blob {
238 filename = "spl/sunxi-spl.bin";
239 };
240 u-boot {
241 pos = <CONFIG_SPL_PAD_TO>;
242 };
243 };
244
245
246This requests binman to create an image file called u-boot-sunxi-with-spl.bin
247consisting of a specially formatted SPL (spl/sunxi-spl.bin, built by the
248normal U-Boot Makefile), some 0xff padding, and a U-Boot legacy image. The
249padding comes from the fact that the second binary is placed at
250CONFIG_SPL_PAD_TO. If that line were omitted then the U-Boot binary would
251immediately follow the SPL binary.
252
253The binman node describes an image. The sub-nodes describe entries in the
254image. Each entry represents a region within the overall image. The name of
255the entry (blob, u-boot) tells binman what to put there. For 'blob' we must
256provide a filename. For 'u-boot', binman knows that this means 'u-boot.bin'.
257
258Entries are normally placed into the image sequentially, one after the other.
259The image size is the total size of all entries. As you can see, you can
260specify the start position of an entry using the 'pos' property.
261
262Note that due to a device tree requirement, all entries must have a unique
263name. If you want to put the same binary in the image multiple times, you can
264use any unique name, with the 'type' property providing the type.
265
266The attributes supported for entries are described below.
267
268pos:
269 This sets the position of an entry within the image. The first byte
270 of the image is normally at position 0. If 'pos' is not provided,
271 binman sets it to the end of the previous region, or the start of
272 the image's entry area (normally 0) if there is no previous region.
273
274align:
275 This sets the alignment of the entry. The entry position is adjusted
276 so that the entry starts on an aligned boundary within the image. For
277 example 'align = <16>' means that the entry will start on a 16-byte
278 boundary. Alignment shold be a power of 2. If 'align' is not
279 provided, no alignment is performed.
280
281size:
282 This sets the size of the entry. The contents will be padded out to
283 this size. If this is not provided, it will be set to the size of the
284 contents.
285
286pad-before:
287 Padding before the contents of the entry. Normally this is 0, meaning
288 that the contents start at the beginning of the entry. This can be
289 offset the entry contents a little. Defaults to 0.
290
291pad-after:
292 Padding after the contents of the entry. Normally this is 0, meaning
293 that the entry ends at the last byte of content (unless adjusted by
294 other properties). This allows room to be created in the image for
295 this entry to expand later. Defaults to 0.
296
297align-size:
298 This sets the alignment of the entry size. For example, to ensure
299 that the size of an entry is a multiple of 64 bytes, set this to 64.
300 If 'align-size' is not provided, no alignment is performed.
301
302align-end:
303 This sets the alignment of the end of an entry. Some entries require
304 that they end on an alignment boundary, regardless of where they
305 start. If 'align-end' is not provided, no alignment is performed.
306
307 Note: This is not yet implemented in binman.
308
309filename:
310 For 'blob' types this provides the filename containing the binary to
311 put into the entry. If binman knows about the entry type (like
312 u-boot-bin), then there is no need to specify this.
313
314type:
315 Sets the type of an entry. This defaults to the entry name, but it is
316 possible to use any name, and then add (for example) 'type = "u-boot"'
317 to specify the type.
318
Simon Glass258fb0e2018-06-01 09:38:17 -0600319pos-unset:
320 Indicates that the position of this entry should not be set by placing
321 it immediately after the entry before. Instead, is set by another
322 entry which knows where this entry should go. When this boolean
323 property is present, binman will give an error if another entry does
324 not set the position (with the GetPositions() method).
325
Simon Glassbf7fd502016-11-25 20:15:51 -0700326
327The attributes supported for images are described below. Several are similar
328to those for entries.
329
330size:
331 Sets the image size in bytes, for example 'size = <0x100000>' for a
332 1MB image.
333
334align-size:
335 This sets the alignment of the image size. For example, to ensure
336 that the image ends on a 512-byte boundary, use 'align-size = <512>'.
337 If 'align-size' is not provided, no alignment is performed.
338
339pad-before:
340 This sets the padding before the image entries. The first entry will
341 be positionad after the padding. This defaults to 0.
342
343pad-after:
344 This sets the padding after the image entries. The padding will be
345 placed after the last entry. This defaults to 0.
346
347pad-byte:
348 This specifies the pad byte to use when padding in the image. It
349 defaults to 0. To use 0xff, you would add 'pad-byte = <0xff>'.
350
351filename:
352 This specifies the image filename. It defaults to 'image.bin'.
353
354sort-by-pos:
355 This causes binman to reorder the entries as needed to make sure they
356 are in increasing positional order. This can be used when your entry
357 order may not match the positional order. A common situation is where
358 the 'pos' properties are set by CONFIG options, so their ordering is
359 not known a priori.
360
361 This is a boolean property so needs no value. To enable it, add a
362 line 'sort-by-pos;' to your description.
363
364multiple-images:
365 Normally only a single image is generated. To create more than one
366 image, put this property in the binman node. For example, this will
367 create image1.bin containing u-boot.bin, and image2.bin containing
368 both spl/u-boot-spl.bin and u-boot.bin:
369
370 binman {
371 multiple-images;
372 image1 {
373 u-boot {
374 };
375 };
376
377 image2 {
378 spl {
379 };
380 u-boot {
381 };
382 };
383 };
384
385end-at-4gb:
386 For x86 machines the ROM positions start just before 4GB and extend
387 up so that the image finished at the 4GB boundary. This boolean
388 option can be enabled to support this. The image size must be
389 provided so that binman knows when the image should start. For an
390 8MB ROM, the position of the first entry would be 0xfff80000 with
391 this option, instead of 0 without this option.
392
393
394Examples of the above options can be found in the tests. See the
395tools/binman/test directory.
396
Simon Glassdd57c132018-06-01 09:38:11 -0600397It is possible to have the same binary appear multiple times in the image,
398either by using a unit number suffix (u-boot@0, u-boot@1) or by using a
399different name for each and specifying the type with the 'type' attribute.
400
Simon Glassbf7fd502016-11-25 20:15:51 -0700401
Simon Glass18546952018-06-01 09:38:16 -0600402Sections and hiearchical images
403-------------------------------
404
405Sometimes it is convenient to split an image into several pieces, each of which
406contains its own set of binaries. An example is a flash device where part of
407the image is read-only and part is read-write. We can set up sections for each
408of these, and place binaries in them independently. The image is still produced
409as a single output file.
410
411This feature provides a way of creating hierarchical images. For example here
Simon Glass7ae5f312018-06-01 09:38:19 -0600412is an example image with two copies of U-Boot. One is read-only (ro), intended
413to be written only in the factory. Another is read-write (rw), so that it can be
Simon Glass18546952018-06-01 09:38:16 -0600414upgraded in the field. The sizes are fixed so that the ro/rw boundary is known
415and can be programmed:
416
417 binman {
418 section@0 {
419 read-only;
420 size = <0x100000>;
421 u-boot {
422 };
423 };
424 section@1 {
425 size = <0x100000>;
426 u-boot {
427 };
428 };
429 };
430
431This image could be placed into a SPI flash chip, with the protection boundary
432set at 1MB.
433
434A few special properties are provided for sections:
435
436read-only:
437 Indicates that this section is read-only. This has no impact on binman's
438 operation, but his property can be read at run time.
439
440
Simon Glasse0ff8552016-11-25 20:15:53 -0700441Special properties
442------------------
443
444Some entries support special properties, documented here:
445
446u-boot-with-ucode-ptr:
447 optional-ucode: boolean property to make microcode optional. If the
448 u-boot.bin image does not include microcode, no error will
449 be generated.
450
451
Simon Glassbf7fd502016-11-25 20:15:51 -0700452Order of image creation
453-----------------------
454
455Image creation proceeds in the following order, for each entry in the image.
456
4571. GetEntryContents() - the contents of each entry are obtained, normally by
458reading from a file. This calls the Entry.ObtainContents() to read the
459contents. The default version of Entry.ObtainContents() calls
460Entry.GetDefaultFilename() and then reads that file. So a common mechanism
461to select a file to read is to override that function in the subclass. The
462functions must return True when they have read the contents. Binman will
463retry calling the functions a few times if False is returned, allowing
464dependencies between the contents of different entries.
465
4662. GetEntryPositions() - calls Entry.GetPositions() for each entry. This can
467return a dict containing entries that need updating. The key should be the
468entry name and the value is a tuple (pos, size). This allows an entry to
469provide the position and size for other entries. The default implementation
470of GetEntryPositions() returns {}.
471
4723. PackEntries() - calls Entry.Pack() which figures out the position and
473size of an entry. The 'current' image position is passed in, and the function
474returns the position immediately after the entry being packed. The default
475implementation of Pack() is usually sufficient.
476
4774. CheckSize() - checks that the contents of all the entries fits within
478the image size. If the image does not have a defined size, the size is set
479large enough to hold all the entries.
480
4815. CheckEntries() - checks that the entries do not overlap, nor extend
482outside the image.
483
4846. ProcessEntryContents() - this calls Entry.ProcessContents() on each entry.
485The default implementatoin does nothing. This can be overriden to adjust the
486contents of an entry in some way. For example, it would be possible to create
487an entry containing a hash of the contents of some other entries. At this
488stage the position and size of entries should not be adjusted.
489
Simon Glass39c15022017-11-13 18:55:05 -07004906. WriteEntryInfo()
491
Simon Glassbf7fd502016-11-25 20:15:51 -07004927. BuildImage() - builds the image and writes it to a file. This is the final
493step.
494
495
Simon Glass6d427c62016-11-25 20:15:59 -0700496Automatic .dtsi inclusion
497-------------------------
498
499It is sometimes inconvenient to add a 'binman' node to the .dts file for each
500board. This can be done by using #include to bring in a common file. Another
501approach supported by the U-Boot build system is to automatically include
502a common header. You can then put the binman node (and anything else that is
503specific to U-Boot, such as u-boot,dm-pre-reloc properies) in that header
504file.
505
506Binman will search for the following files in arch/<arch>/dts:
507
508 <dts>-u-boot.dtsi where <dts> is the base name of the .dts file
509 <CONFIG_SYS_SOC>-u-boot.dtsi
510 <CONFIG_SYS_CPU>-u-boot.dtsi
511 <CONFIG_SYS_VENDOR>-u-boot.dtsi
512 u-boot.dtsi
513
514U-Boot will only use the first one that it finds. If you need to include a
515more general file you can do that from the more specific file using #include.
516If you are having trouble figuring out what is going on, you can uncomment
517the 'warning' line in scripts/Makefile.lib to see what it has found:
518
519 # Uncomment for debugging
Simon Glass511fd0b2017-11-12 21:52:05 -0700520 # This shows all the files that were considered and the one that we chose.
521 # u_boot_dtsi_options_debug = $(u_boot_dtsi_options_raw)
Simon Glass6d427c62016-11-25 20:15:59 -0700522
523
Simon Glass39c15022017-11-13 18:55:05 -0700524Access to binman entry positions at run time
525--------------------------------------------
526
527Binman assembles images and determines where each entry is placed in the image.
528This information may be useful to U-Boot at run time. For example, in SPL it
529is useful to be able to find the location of U-Boot so that it can be executed
530when SPL is finished.
531
532Binman allows you to declare symbols in the SPL image which are filled in
533with their correct values during the build. For example:
534
535 binman_sym_declare(ulong, u_boot_any, pos);
536
537declares a ulong value which will be assigned to the position of any U-Boot
538image (u-boot.bin, u-boot.img, u-boot-nodtb.bin) that is present in the image.
539You can access this value with something like:
540
541 ulong u_boot_pos = binman_sym(ulong, u_boot_any, pos);
542
543Thus u_boot_pos will be set to the position of U-Boot in memory, assuming that
544the whole image has been loaded, or is available in flash. You can then jump to
545that address to start U-Boot.
546
547At present this feature is only supported in SPL. In principle it is possible
548to fill in such symbols in U-Boot proper, as well.
549
550
Simon Glass6d427c62016-11-25 20:15:59 -0700551Code coverage
552-------------
553
554Binman is a critical tool and is designed to be very testable. Entry
555implementations target 100% test coverage. Run 'binman -T' to check this.
556
557To enable Python test coverage on Debian-type distributions (e.g. Ubuntu):
558
559 $ sudo apt-get install python-pip python-pytest
560 $ sudo pip install coverage
561
562
Simon Glassbf7fd502016-11-25 20:15:51 -0700563Advanced Features / Technical docs
564----------------------------------
565
566The behaviour of entries is defined by the Entry class. All other entries are
567a subclass of this. An important subclass is Entry_blob which takes binary
568data from a file and places it in the entry. In fact most entry types are
569subclasses of Entry_blob.
570
571Each entry type is a separate file in the tools/binman/etype directory. Each
572file contains a class called Entry_<type> where <type> is the entry type.
573New entry types can be supported by adding new files in that directory.
574These will automatically be detected by binman when needed.
575
576Entry properties are documented in entry.py. The entry subclasses are free
577to change the values of properties to support special behaviour. For example,
578when Entry_blob loads a file, it sets content_size to the size of the file.
579Entry classes can adjust other entries. For example, an entry that knows
580where other entries should be positioned can set up those entries' positions
581so they don't need to be set in the binman decription. It can also adjust
582entry contents.
583
584Most of the time such essoteric behaviour is not needed, but it can be
585essential for complex images.
586
Simon Glass3ed0de32017-12-24 12:12:07 -0700587If you need to specify a particular device-tree compiler to use, you can define
588the DTC environment variable. This can be useful when the system dtc is too
589old.
590
Simon Glassbf7fd502016-11-25 20:15:51 -0700591
592History / Credits
593-----------------
594
595Binman takes a lot of inspiration from a Chrome OS tool called
596'cros_bundle_firmware', which I wrote some years ago. That tool was based on
597a reasonably simple and sound design but has expanded greatly over the
598years. In particular its handling of x86 images is convoluted.
599
Simon Glass7ae5f312018-06-01 09:38:19 -0600600Quite a few lessons have been learned which are hopefully applied here.
Simon Glassbf7fd502016-11-25 20:15:51 -0700601
602
603Design notes
604------------
605
606On the face of it, a tool to create firmware images should be fairly simple:
607just find all the input binaries and place them at the right place in the
608image. The difficulty comes from the wide variety of input types (simple
609flat binaries containing code, packaged data with various headers), packing
610requirments (alignment, spacing, device boundaries) and other required
611features such as hierarchical images.
612
613The design challenge is to make it easy to create simple images, while
614allowing the more complex cases to be supported. For example, for most
615images we don't much care exactly where each binary ends up, so we should
616not have to specify that unnecessarily.
617
618New entry types should aim to provide simple usage where possible. If new
619core features are needed, they can be added in the Entry base class.
620
621
622To do
623-----
624
625Some ideas:
626- Fill out the device tree to include the final position and size of each
Simon Glass39c15022017-11-13 18:55:05 -0700627 entry (since the input file may not always specify these). See also
628 'Access to binman entry positions at run time' above
Simon Glassbf7fd502016-11-25 20:15:51 -0700629- Use of-platdata to make the information available to code that is unable
630 to use device tree (such as a very small SPL image)
631- Write an image map to a text file
632- Allow easy building of images by specifying just the board name
633- Produce a full Python binding for libfdt (for upstream)
634- Add an option to decode an image into the constituent binaries
Simon Glassbf7fd502016-11-25 20:15:51 -0700635- Support building an image for a board (-b) more completely, with a
636 configurable build directory
637- Consider making binman work with buildman, although if it is used in the
638 Makefile, this will be automatic
639- Implement align-end
640
641--
642Simon Glass <sjg@chromium.org>
6437/7/2016