summaryrefslogtreecommitdiff
path: root/doc/usage
diff options
context:
space:
mode:
Diffstat (limited to 'doc/usage')
-rw-r--r--doc/usage/cmd/bootflow.rst5
-rw-r--r--doc/usage/cmd/cli.rst74
-rw-r--r--doc/usage/cmd/imxtract.rst6
-rw-r--r--doc/usage/cmd/scmi.rst126
-rw-r--r--doc/usage/cmd/wget.rst3
-rw-r--r--doc/usage/environment.rst4
-rw-r--r--doc/usage/fit/beaglebone_vboot.rst74
-rw-r--r--doc/usage/fit/howto.rst40
-rw-r--r--doc/usage/fit/kernel.rst6
-rw-r--r--doc/usage/fit/kernel_fdt.rst4
-rw-r--r--doc/usage/fit/kernel_fdts_compressed.rst6
-rw-r--r--doc/usage/fit/multi-with-fpga.rst6
-rw-r--r--doc/usage/fit/multi-with-loadables.rst8
-rw-r--r--doc/usage/fit/multi.rst12
-rw-r--r--doc/usage/fit/sign-configs.rst6
-rw-r--r--doc/usage/fit/sign-images.rst4
-rw-r--r--doc/usage/fit/signature.rst24
-rw-r--r--doc/usage/fit/update3.rst6
-rw-r--r--doc/usage/fit/update_uboot.rst2
-rw-r--r--doc/usage/fit/x86-fit-boot.rst8
-rw-r--r--doc/usage/index.rst2
21 files changed, 319 insertions, 107 deletions
diff --git a/doc/usage/cmd/bootflow.rst b/doc/usage/cmd/bootflow.rst
index 2198ff60493..27e1330ad8a 100644
--- a/doc/usage/cmd/bootflow.rst
+++ b/doc/usage/cmd/bootflow.rst
@@ -52,6 +52,8 @@ Flags are:
matters, since by then the system boots in the OS and U-Boot is no-longer
running. `bootflow scan -b` is a quick way to boot the first available OS.
A valid bootflow is one that made it all the way to the `loaded` state.
+ Note that if `-m` is provided as well, booting is delayed until the user
+ selects a bootflow.
-e
Used with -l to also show errors for each bootflow. The shows detailed error
@@ -71,6 +73,9 @@ Flags are:
priority or label is tried, to see if more bootdevs can be discovered, but
this flag disables that process.
+-m
+ Show a menu of available bootflows for the user to select. When used with
+ -b it then boots the one that was selected, if any.
The optional argument specifies a particular bootdev to scan. This can either be
the name of a bootdev or its sequence number (both shown with `bootdev list`).
diff --git a/doc/usage/cmd/cli.rst b/doc/usage/cmd/cli.rst
new file mode 100644
index 00000000000..a0cf5958fb9
--- /dev/null
+++ b/doc/usage/cmd/cli.rst
@@ -0,0 +1,74 @@
+.. SPDX-License-Identifier: GPL-2.0+
+
+cli command
+===========
+
+Synopis
+-------
+
+::
+
+ cli get
+ cli set cli_flavor
+
+Description
+-----------
+
+The cli command permits getting and changing the current parser at runtime.
+
+cli get
+~~~~~~~
+
+It shows the current value of the parser used by the CLI.
+
+cli set
+~~~~~~~
+
+It permits setting the value of the parser used by the CLI.
+
+Possible values are old and modern.
+Note that, to use a specific parser its code should have been compiled, that
+is to say you need to enable the corresponding CONFIG_HUSH*.
+Otherwise, an error message is printed.
+
+Examples
+--------
+
+Get the current parser::
+
+ => cli get
+ old
+
+Change the current parser::
+
+ => cli get
+ old
+ => cli set modern
+ => cli get
+ modern
+ => cli set old
+ => cli get
+ old
+
+Trying to set the current parser to an unknown value::
+
+ => cli set foo
+ Bad value for parser name: foo
+ cli - cli
+
+ Usage:
+ cli get - print current cli
+ set - set the current cli, possible values are: old, modern
+
+Trying to set the current parser to a correct value but its code was not
+compiled::
+
+ => cli get
+ modern
+ => cli set old
+ Want to set current parser to old, but its code was not compiled!
+
+Return value
+------------
+
+The return value $? indicates whether the command succeeded.
diff --git a/doc/usage/cmd/imxtract.rst b/doc/usage/cmd/imxtract.rst
index eb64b1cefab..16be60b4aab 100644
--- a/doc/usage/cmd/imxtract.rst
+++ b/doc/usage/cmd/imxtract.rst
@@ -45,14 +45,14 @@ Examples
With verify=no incorrect hashes, signatures, or check sums don't stop the
extraction. But correct hashes are still indicated in the output
-(here: md5, sha1).
+(here: sha256, sha512).
.. code-block:: console
=> setenv verify no
=> imxtract $loadaddr kernel-1 $kernel_addr_r
## Copying 'kernel-1' subimage from FIT image at 40200000 ...
- md5+ sha1+ Loading part 0 ... OK
+ sha256+ sha512+ Loading part 0 ... OK
=>
With verify=yes incorrect hashes, signatures, or check sums stop the extraction.
@@ -62,7 +62,7 @@ With verify=yes incorrect hashes, signatures, or check sums stop the extraction.
=> setenv verify yes
=> imxtract $loadaddr kernel-1 $kernel_addr_r
## Copying 'kernel-1' subimage from FIT image at 40200000 ...
- md5 error!
+ sha256 error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
=>
diff --git a/doc/usage/cmd/scmi.rst b/doc/usage/cmd/scmi.rst
new file mode 100644
index 00000000000..9ea7e0e41da
--- /dev/null
+++ b/doc/usage/cmd/scmi.rst
@@ -0,0 +1,126 @@
+.. SPDX-License-Identifier: GPL-2.0+:
+
+scmi command
+============
+
+Synopsis
+--------
+
+::
+
+ scmi info
+ scmi perm_dev <agent id> <device id> <flags>
+ scmi perm_proto <agent id> <device id> <protocol id> <flags>
+ scmi reset <agent id> <flags>
+
+Description
+-----------
+
+Arm System Control and Management Interface (SCMI hereafter) is a set of
+standardised interfaces to manage system resources, like clocks, power
+domains, pin controls, reset and so on, in a system-wide manner.
+
+An entity which provides those services is called a SCMI firmware (or
+SCMI server if you like) may be placed/implemented by EL3 software or
+by a dedicated system control processor (SCP) or else.
+
+A user of SCMI interfaces, including U-Boot, is called a SCMI agent and
+may issues commands, which are defined in each protocol for specific system
+resources, to SCMI server via a communication channel, called a transport.
+Those interfaces are independent from the server's implementation thanks to
+a transport layer.
+
+For more details, see the `SCMI specification`_.
+
+While most of system resources managed under SCMI protocols are implemented
+and handled as standard U-Boot devices, for example clk_scmi, scmi command
+provides additional management functionality against SCMI server.
+
+scmi info
+~~~~~~~~~
+ Show base information about SCMI server and supported protocols
+
+scmi perm_dev
+~~~~~~~~~~~~~
+ Allow or deny access permission to the device
+
+scmi perm_proto
+~~~~~~~~~~~~~~~
+ Allow or deny access to the protocol on the device
+
+scmi reset
+~~~~~~~~~~
+ Reset the already-configured permissions against the device
+
+Parameters are used as follows:
+
+<agent id>
+ SCMI Agent ID, hex value
+
+<device id>
+ SCMI Device ID, hex value
+
+ Please note that what a device means is not defined
+ in the specification.
+
+<protocol id>
+ SCMI Protocol ID, hex value
+
+ It must not be 0x10 (base protocol)
+
+<flags>
+ Flags to control the action, hex value
+
+ 0 to deny, 1 to allow. The other values are reserved and allowed
+ values may depend on the implemented version of SCMI server in
+ the future. See SCMI specification for more details.
+
+Example
+-------
+
+Obtain basic information about SCMI server:
+
+::
+
+ => scmi info
+ SCMI device: scmi
+ protocol version: 0x20000
+ # of agents: 3
+ 0: platform
+ > 1: OSPM
+ 2: PSCI
+ # of protocols: 4
+ Power domain management
+ Performance domain management
+ Clock management
+ Sensor management
+ vendor: Linaro
+ sub vendor: PMWG
+ impl version: 0x20b0000
+
+Ask for access permission to device#0:
+
+::
+
+ => scmi perm_dev 1 0 1
+
+Reset configurations with all access permission settings retained:
+
+::
+
+ => scmi reset 1 0
+
+Configuration
+-------------
+
+The scmi command is only available if CONFIG_CMD_SCMI=y.
+Default n because this command is mainly for debug purpose.
+
+Return value
+------------
+
+The return value ($?) is set to 0 if the operation succeeded,
+1 if the operation failed or -1 if the operation failed due to
+a syntax error.
+
+.. _`SCMI specification`: https://developer.arm.com/documentation/den0056/e/?lang=en
diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst
index e1e7f8d8145..8e7383b6c60 100644
--- a/doc/usage/cmd/wget.rst
+++ b/doc/usage/cmd/wget.rst
@@ -16,7 +16,8 @@ Description
The wget command is used to download a file from an HTTP server.
wget command will use HTTP over TCP to download files from an HTTP server.
-Currently it can only download image from an HTTP server hosted on port 80.
+By default the destination port is 80 and the source port is pseudo-random.
+The environment variable *httpdstp* can be used to set the destination port.
address
memory address for the data downloaded
diff --git a/doc/usage/environment.rst b/doc/usage/environment.rst
index c57b717caaf..82b6ea7b6e7 100644
--- a/doc/usage/environment.rst
+++ b/doc/usage/environment.rst
@@ -306,6 +306,10 @@ ethrotate
anything other than "no", U-Boot does go through all
available network interfaces.
+httpdstp
+ If this is set, the value is used for HTTP's TCP
+ destination port instead of the default port 80.
+
netretry
When set to "no" each network operation will
either succeed or fail without retrying.
diff --git a/doc/usage/fit/beaglebone_vboot.rst b/doc/usage/fit/beaglebone_vboot.rst
index a102be187bd..cd6bb141910 100644
--- a/doc/usage/fit/beaglebone_vboot.rst
+++ b/doc/usage/fit/beaglebone_vboot.rst
@@ -145,7 +145,7 @@ Put this into a file in that directory called sign.its::
load = <0x80008000>;
entry = <0x80008000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -155,7 +155,7 @@ Put this into a file in that directory called sign.its::
arch = "arm";
compression = "none";
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -165,7 +165,7 @@ Put this into a file in that directory called sign.its::
kernel = "kernel";
fdt = "fdt-1";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
@@ -227,8 +227,8 @@ You should see something like this::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Image 1 (fdt-1)
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
@@ -236,8 +236,8 @@ You should see something like this::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: unavailable
@@ -255,11 +255,11 @@ You can also run fit_check_sign to check it::
which results in::
- Verifying Hash Integrity ... sha1,rsa2048:dev+
+ Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7fc6ee469000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
- sha1,rsa2048:dev+
+ sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@@ -272,10 +272,10 @@ which results in::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Unimplemented compression type 4
@@ -288,10 +288,10 @@ which results in::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Loading Flat Device Tree ... OK
@@ -303,14 +303,14 @@ which results in::
Signature check OK
-At the top, you see "sha1,rsa2048:dev+". This means that it checked an RSA key
-of size 2048 bits using SHA1 as the hash algorithm. The key name checked was
+At the top, you see "sha256,rsa2048:dev+". This means that it checked an RSA key
+of size 2048 bits using SHA256 as the hash algorithm. The key name checked was
'dev' and the '+' means that it verified. If it showed '-' that would be bad.
Once the configuration is verified it is then possible to rely on the hashes
in each image referenced by that configuration. So fit_check_sign goes on to
load each of the images. We have a kernel and an FDT but no ramkdisk. In each
-case fit_check_sign checks the hash and prints sha1+ meaning that the SHA1
+case fit_check_sign checks the hash and prints sha256+ meaning that the SHA256
hash verified. This means that none of the images has been tampered with.
There is a test in test/vboot which uses U-Boot's sandbox build to verify that
@@ -328,11 +328,11 @@ This tells us that the kernel starts at byte offset 168 (decimal) in image.fit
and extends for about 7MB. Try changing a byte at 0x2000 (say) and run
fit_check_sign again. You should see something like::
- Verifying Hash Integrity ... sha1,rsa2048:dev+
+ Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7f5a39571000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
- sha1,rsa2048:dev+
+ sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@@ -345,10 +345,10 @@ fit_check_sign again. You should see something like::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
- sha1 error
+ sha256 error
Bad hash value for 'hash-1' hash node in 'kernel' image node
Bad Data Hash
@@ -361,10 +361,10 @@ fit_check_sign again. You should see something like::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Loading Flat Device Tree ... OK
@@ -419,13 +419,13 @@ need to change the hash to match. Let's simulate that by changing a byte of
the hash::
fdtget -tx image.fit /images/kernel/hash-1 value
- c9436464 6427e10f 423837e5 59898ef0 2c97b988
- fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
+ 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c1
+ fdtput -tx image.fit /images/kernel/hash-1 value 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c8
Now check it again::
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
- Verifying Hash Integrity ... sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+ Verifying Hash Integrity ... sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@@ -446,7 +446,7 @@ running the mkimage link again. Then::
fdtput -p image.fit /configurations/conf-1/signature-1 value fred
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... -
- sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+ sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@@ -528,7 +528,7 @@ You should then see something like this::
U-Boot# bootm 82000000
## Loading kernel from FIT Image at 82000000 ...
Using 'conf-1' configuration
- Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
+ Verifying Hash Integrity ... sha256,rsa2048:dev+ OK
Trying 'kernel' kernel subimage
Description: unavailable
Created: 2014-06-01 19:32:54 UTC
@@ -540,9 +540,9 @@ You should then see something like this::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
- Verifying Hash Integrity ... sha1+ OK
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
+ Verifying Hash Integrity ... sha256+ OK
## Loading fdt from FIT Image at 82000000 ...
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
@@ -553,9 +553,9 @@ You should then see something like this::
Data Start: 0x8276e2ec
Data Size: 31547 Bytes = 30.8 KiB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
- Verifying Hash Integrity ... sha1+ OK
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
+ Verifying Hash Integrity ... sha256+ OK
Booting using the fdt blob at 0x8276e2ec
Uncompressing Kernel Image ... OK
Loading Device Tree to 8fff5000, end 8ffffb3a ... OK
diff --git a/doc/usage/fit/howto.rst b/doc/usage/fit/howto.rst
index def12a70f7b..b5097d4460b 100644
--- a/doc/usage/fit/howto.rst
+++ b/doc/usage/fit/howto.rst
@@ -8,7 +8,7 @@ Overview
The new uImage format allows more flexibility in handling images of various
types (kernel, ramdisk, etc.), it also enhances integrity protection of images
-with sha1 and md5 checksums.
+with cryptographic checksums.
Two auxiliary tools are needed on the development host system in order to
create an uImage in the new format: mkimage and dtc, although only one
@@ -99,7 +99,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
load = <0x8 0x8000000>;
entry = <0x8 0x8000000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
atf {
@@ -112,7 +112,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
load = <0xfffea000>;
entry = <0xfffea000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
fdt_1 {
@@ -123,7 +123,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
compression = "none";
load = <0x100000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
};
@@ -190,8 +190,8 @@ its contents:
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@@ -236,8 +236,8 @@ specific to the new image format).
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@@ -258,8 +258,8 @@ specific to the new image format).
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
Memory BAT mapping: BAT2=256Mb, BAT3=0Mb, residual: 0Mb
@@ -302,8 +302,8 @@ modified to take the files from some other location if needed):
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
- Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash algo: sha256
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@@ -312,8 +312,8 @@ modified to take the files from some other location if needed):
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
- Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash algo: sha256
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@@ -353,8 +353,8 @@ inspected and booted:
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
- Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash algo: sha256
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@@ -364,8 +364,8 @@ inspected and booted:
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
- Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash algo: sha256
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@@ -387,7 +387,7 @@ inspected and booted:
Hash algo: crc32
Hash value: 2c0cc807
Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
## Flattened Device Tree from FIT Image at 00900000
@@ -402,7 +402,7 @@ inspected and booted:
Hash algo: crc32
Hash value: 0d655d71
Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0xa0abdc
Loading Device Tree to 007fc000, end 007fffff ... OK
diff --git a/doc/usage/fit/kernel.rst b/doc/usage/fit/kernel.rst
index 012a81efead..e56017985b2 100644
--- a/doc/usage/fit/kernel.rst
+++ b/doc/usage/fit/kernel.rst
@@ -25,7 +25,7 @@ Single kernel
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -59,7 +59,7 @@ For x86 a setup node is also required: see x86-fit-boot::
load = <0x01000000>;
entry = <0x00000000>;
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -73,7 +73,7 @@ For x86 a setup node is also required: see x86-fit-boot::
load = <0x00090000>;
entry = <0x00090000>;
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/kernel_fdt.rst b/doc/usage/fit/kernel_fdt.rst
index 8eee13af780..9cc26fb7831 100644
--- a/doc/usage/fit/kernel_fdt.rst
+++ b/doc/usage/fit/kernel_fdt.rst
@@ -25,7 +25,7 @@ Single kernel and FDT blob
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -38,7 +38,7 @@ Single kernel and FDT blob
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/kernel_fdts_compressed.rst b/doc/usage/fit/kernel_fdts_compressed.rst
index 0b169c7c27c..b57871da58b 100644
--- a/doc/usage/fit/kernel_fdts_compressed.rst
+++ b/doc/usage/fit/kernel_fdts_compressed.rst
@@ -28,7 +28,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt@1 {
@@ -41,7 +41,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt@2 {
@@ -54,7 +54,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi-with-fpga.rst b/doc/usage/fit/multi-with-fpga.rst
index 28d7d5d2626..4c7f1bebd5a 100644
--- a/doc/usage/fit/multi-with-fpga.rst
+++ b/doc/usage/fit/multi-with-fpga.rst
@@ -20,7 +20,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0x10000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -33,7 +33,7 @@ This example makes use of the 'loadables' field::
load = <0x30000000>;
compatible = "u-boot,fpga-legacy"
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -47,7 +47,7 @@ This example makes use of the 'loadables' field::
load = <0x8000>;
entry = <0x8000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi-with-loadables.rst b/doc/usage/fit/multi-with-loadables.rst
index a0241df96ca..7849cb544f1 100644
--- a/doc/usage/fit/multi-with-loadables.rst
+++ b/doc/usage/fit/multi-with-loadables.rst
@@ -22,7 +22,7 @@ This example makes use of the 'loadables' field::
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -34,7 +34,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0xb0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -46,7 +46,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0xb0400000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -60,7 +60,7 @@ This example makes use of the 'loadables' field::
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi.rst b/doc/usage/fit/multi.rst
index 2e6ae58c409..e68752b2ad0 100644
--- a/doc/usage/fit/multi.rst
+++ b/doc/usage/fit/multi.rst
@@ -22,10 +22,10 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
hash-2 {
- algo = "sha1";
+ algo = "sha512";
};
};
@@ -39,7 +39,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -53,7 +53,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -67,7 +67,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -104,7 +104,7 @@ Multiple kernels, ramdisks and FDT blobs
compression = "none";
load = <00700000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
diff --git a/doc/usage/fit/sign-configs.rst b/doc/usage/fit/sign-configs.rst
index 6a3df8f2c5b..6d98d44430c 100644
--- a/doc/usage/fit/sign-configs.rst
+++ b/doc/usage/fit/sign-configs.rst
@@ -22,7 +22,7 @@ Signed configurations
entry = <0x8>;
kernel-version = <1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -33,7 +33,7 @@ Signed configurations
compression = "none";
fdt-version = <1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -43,7 +43,7 @@ Signed configurations
kernel = "kernel";
fdt = "fdt-1";
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
diff --git a/doc/usage/fit/sign-images.rst b/doc/usage/fit/sign-images.rst
index 7d54d702c97..ca7d10fab83 100644
--- a/doc/usage/fit/sign-images.rst
+++ b/doc/usage/fit/sign-images.rst
@@ -22,7 +22,7 @@ Signed Images
entry = <0x8>;
kernel-version = <1>;
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
@@ -34,7 +34,7 @@ Signed Images
compression = "none";
fdt-version = <1>;
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
diff --git a/doc/usage/fit/signature.rst b/doc/usage/fit/signature.rst
index 0804bffd1ed..03a71b5192d 100644
--- a/doc/usage/fit/signature.rst
+++ b/doc/usage/fit/signature.rst
@@ -93,7 +93,7 @@ Public keys should be stored as sub-nodes in a /signature node. Required
properties are:
algo
- Algorithm name (e.g. "sha1,rsa2048" or "sha256,ecdsa256")
+ Algorithm name (e.g. "sha256,rsa2048" or "sha512,ecdsa256")
Optional properties are:
@@ -219,28 +219,28 @@ As an example, consider this FIT::
kernel-1 {
data = <data for kernel1>
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...kernel signature 1...>
};
};
kernel-2 {
data = <data for kernel2>
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...kernel signature 2...>
};
};
fdt-1 {
data = <data for fdt1>;
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...fdt signature 1...>
};
};
fdt-2 {
data = <data for fdt2>;
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...fdt signature 2...>
};
};
@@ -291,28 +291,28 @@ So the above example is adjusted to look like this::
kernel-1 {
data = <data for kernel1>
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...kernel hash 1...>
};
};
kernel-2 {
data = <data for kernel2>
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...kernel hash 2...>
};
};
fdt-1 {
data = <data for fdt1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...fdt hash 1...>
};
};
fdt-2 {
data = <data for fdt2>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...fdt hash 2...>
};
};
@@ -323,7 +323,7 @@ So the above example is adjusted to look like this::
kernel = "kernel-1";
fdt = "fdt-1";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};
@@ -331,7 +331,7 @@ So the above example is adjusted to look like this::
kernel = "kernel-2";
fdt = "fdt-2";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};
@@ -671,7 +671,7 @@ Create the fitImage::
Sign the fitImage with the hardware key::
$ ./tools/mkimage -F -k \
- "model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \
+ "pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \
-K u-boot.dtb -N pkcs11 -r fitImage
diff --git a/doc/usage/fit/update3.rst b/doc/usage/fit/update3.rst
index 4ff3950c01e..24235801470 100644
--- a/doc/usage/fit/update3.rst
+++ b/doc/usage/fit/update3.rst
@@ -19,7 +19,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FF700000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
update-2 {
@@ -29,7 +29,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FF8E0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -40,7 +40,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FFAC0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/update_uboot.rst b/doc/usage/fit/update_uboot.rst
index a9288ee6367..811d008d13d 100644
--- a/doc/usage/fit/update_uboot.rst
+++ b/doc/usage/fit/update_uboot.rst
@@ -21,7 +21,7 @@ Make sure the flashing addresses ('load' prop) is correct for your board!
type = "firmware";
load = <0xFFFC0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/x86-fit-boot.rst b/doc/usage/fit/x86-fit-boot.rst
index 93b73bb9019..9e3e32204d5 100644
--- a/doc/usage/fit/x86-fit-boot.rst
+++ b/doc/usage/fit/x86-fit-boot.rst
@@ -207,16 +207,16 @@ You can take a look at the resulting fit file if you like::
OS: Linux
Load Address: 0x01000000
Entry Point: 0x00000000
- Hash algo: sha1
- Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
+ Hash algo: sha256
+ Hash value: 4bbf49981ade163ed089f8525236fedfe44508e9b02a21a48294a96a1518107b
Image 1 (setup)
Description: Linux setup.bin
Created: Tue Oct 7 10:57:24 2014
Type: x86 setup.bin
Compression: uncompressed
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
- Hash algo: sha1
- Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
+ Hash algo: sha256
+ Hash value: 6aa50c2e0392cb119cdf0971dce8339f100608ed3757c8200b0e39e889e432d2
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
diff --git a/doc/usage/index.rst b/doc/usage/index.rst
index d8e23fcacff..c171c029b80 100644
--- a/doc/usage/index.rst
+++ b/doc/usage/index.rst
@@ -43,6 +43,7 @@ Shell commands
cmd/cat
cmd/cbsysinfo
cmd/cedit
+ cmd/cli
cmd/cls
cmd/cmp
cmd/coninfo
@@ -94,6 +95,7 @@ Shell commands
cmd/rng
cmd/saves
cmd/sbi
+ cmd/scmi
cmd/scp03
cmd/seama
cmd/setexpr
generated by cgit v1.2.3 (git 2.0.4) at 2025-09-25 17:56:19 +0000