README - tools/binman/README - U-Boot source code v2020.01

# SPDX-License-Identifier: GPL-2.0+
# Copyright (c) 2016 Google, Inc

Introduction
------------

Firmware often consists of several components which must be packaged together.
For example, we may have SPL, U-Boot, a device tree and an environment area
grouped together and placed in MMC flash. When the system starts, it must be
able to find these pieces.

So far U-Boot has not provided a way to handle creating such images in a
general way. Each SoC does what it needs to build an image, often packing or
concatenating images in the U-Boot build system.

Binman aims to provide a mechanism for building images, from simple
SPL + U-Boot combinations, to more complex arrangements with many parts.


What it does
------------

Binman reads your board's device tree and finds a node which describes the
required image layout. It uses this to work out what to place where. The
output file normally contains the device tree, so it is in principle possible
to read an image and extract its constituent parts.


Features
--------

So far binman is pretty simple. It supports binary blobs, such as 'u-boot',
'spl' and 'fdt'. It supports empty entries (such as setting to 0xff). It can
place entries at a fixed location in the image, or fit them together with
suitable padding and alignment. It provides a way to process binaries before
they are included, by adding a Python plug-in. The device tree is available
to U-Boot at run-time so that the images can be interpreted.

Binman can update the device tree with the final location of everything when it
is done. Entry positions can be provided to U-Boot SPL as run-time symbols,
avoiding device-tree code overhead.

Binman can also support incorporating filesystems in the image if required.
For example x86 platforms may use CBFS in some cases.

Binman is intended for use with U-Boot but is designed to be general enough
to be useful in other image-packaging situations.


Motivation
----------

Packaging of firmware is quite a different task from building the various
parts. In many cases the various binaries which go into the image come from
separate build systems. For example, ARM Trusted Firmware is used on ARMv8
devices but is not built in the U-Boot tree. If a Linux kernel is included
in the firmware image, it is built elsewhere.

It is of course possible to add more and more build rules to the U-Boot
build system to cover these cases. It can shell out to other Makefiles and
build scripts. But it seems better to create a clear divide between building
software and packaging it.

At present this is handled by manual instructions, different for each board,
on how to create images that will boot. By turning these instructions into a
standard format, we can support making valid images for any board without
manual effort, lots of READMEs, etc.

Benefits:
- Each binary can have its own build system and tool chain without creating
any dependencies between them
- Avoids the need for a single-shot build: individual parts can be updated
and brought in as needed
- Provides for a standard image description available in the build and at
run-time
- SoC-specific image-signing tools can be accommodated
- Avoids cluttering the U-Boot build system with image-building code
- The image description is automatically available at run-time in U-Boot,
SPL. It can be made available to other software also
- The image description is easily readable (it's a text file in device-tree
format) and permits flexible packing of binaries


Terminology
-----------

Binman uses the following terms:

- image - an output file containing a firmware image
- binary - an input binary that goes into the image


Relationship to FIT
-------------------

FIT is U-Boot's official image format. It supports multiple binaries with
load / execution addresses, compression. It also supports verification
through hashing and RSA signatures.

FIT was originally designed to support booting a Linux kernel (with an
optional ramdisk) and device tree chosen from various options in the FIT.
Now that U-Boot supports configuration via device tree, it is possible to
load U-Boot from a FIT, with the device tree chosen by SPL.

Binman considers FIT to be one of the binaries it can place in the image.

Where possible it is best to put as much as possible in the FIT, with binman
used to deal with cases not covered by FIT. Examples include initial
execution (since FIT itself does not have an executable header) and dealing
with device boundaries, such as the read-only/read-write separation in SPI
flash.

For U-Boot, binman should not be used to create ad-hoc images in place of
FIT.


Relationship to mkimage
-----------------------

The mkimage tool provides a means to create a FIT. Traditionally it has
needed an image description file: a device tree, like binman, but in a
different format. More recently it has started to support a '-f auto' mode
which can generate that automatically.

More relevant to binman, mkimage also permits creation of many SoC-specific
image types. These can be listed by running 'mkimage -T list'. Examples
include 'rksd', the Rockchip SD/MMC boot format. The mkimage tool is often
called from the U-Boot build system for this reason.

Binman considers the output files created by mkimage to be binary blobs
which it can place in an image. Binman does not replace the mkimage tool or
this purpose. It would be possible in some situations to create a new entry
type for the images in mkimage, but this would not add functionality. It
seems better to use the mkimage tool to generate binaries and avoid blurring
the boundaries between building input files (mkimage) and packaging then
into a final image (binman).


Example use of binman in U-Boot
-------------------------------

Binman aims to replace some of the ad-hoc image creation in the U-Boot
build system.

Consider sunxi. It has the following steps:

1. It uses a custom mksunxiboot tool to build an SPL image called
sunxi-spl.bin. This should probably move into mkimage.

2. It uses mkimage to package U-Boot into a legacy image file (so that it can
hold the load and execution address) called u-boot.img.

3. It builds a final output image called u-boot-sunxi-with-spl.bin which
consists of sunxi-spl.bin, some padding and u-boot.img.

Binman is intended to replace the last step. The U-Boot build system builds
u-boot.bin and sunxi-spl.bin. Binman can then take over creation of
sunxi-spl.bin (by calling mksunxiboot, or hopefully one day mkimage). In any
case, it would then create the image from the component parts.

This simplifies the U-Boot Makefile somewhat, since various pieces of logic
can be replaced by a call to binman.


Example use of binman for x86
-----------------------------

In most cases x86 images have a lot of binary blobs, 'black-box' code
provided by Intel which must be run for the platform to work. Typically
these blobs are not relocatable and must be placed at fixed areas in the
firmware image.

Currently this is handled by ifdtool, which places microcode, FSP, MRC, VGA
BIOS, reference code and Intel ME binaries into a u-boot.rom file.

Binman is intended to replace all of this, with ifdtool left to handle only
the configuration of the Intel-format descriptor.


Running binman
--------------

First install prerequisites, e.g.

	sudo apt-get install python-pyelftools python3-pyelftools lzma-alone \
		liblz4-tool

Type:

	binman build -b <board_name>

to build an image for a board. The board name is the same name used when
configuring U-Boot (e.g. for sandbox_defconfig the board name is 'sandbox').
Binman assumes that the input files for the build are in ../b/<board_name>.

Or you can specify this explicitly:

	binman build -I <build_path>

where <build_path> is the build directory containing the output of the U-Boot
build.

(Future work will make this more configurable)

In either case, binman picks up the device tree file (u-boot.dtb) and looks
for its instructions in the 'binman' node.

Binman has a few other options which you can see by running 'binman -h'.


Enabling binman for a board
---------------------------

At present binman is invoked from a rule in the main Makefile. Typically you
will have a rule like:

ifneq ($(CONFIG_ARCH_<something>),)
u-boot-<your_suffix>.bin: <input_file_1> <input_file_2> checkbinman FORCE
	$(call if_changed,binman)
endif

This assumes that u-boot-<your_suffix>.bin is a target, and is the final file
that you need to produce. You can make it a target by adding it to ALL-y
either in the main Makefile or in a config.mk file in your arch subdirectory.

Once binman is executed it will pick up its instructions from a device-tree
file, typically <soc>-u-boot.dtsi, where <soc> is your CONFIG_SYS_SOC value.
You can use other, more specific CONFIG options - see 'Automatic .dtsi
inclusion' below.


Image description format
------------------------

The binman node is called 'binman'. An example image description is shown
below:

	binman {
		filename = "u-boot-sunxi-with-spl.bin";
		pad-byte = <0xff>;
		blob {
			filename = "spl/sunxi-spl.bin";
		};
		u-boot {
			offset = <CONFIG_SPL_PAD_TO>;
		};
	};


This requests binman to create an image file called u-boot-sunxi-with-spl.bin
consisting of a specially formatted SPL (spl/sunxi-spl.bin, built by the
normal U-Boot Makefile), some 0xff padding, and a U-Boot legacy image. The
padding comes from the fact that the second binary is placed at
CONFIG_SPL_PAD_TO. If that line were omitted then the U-Boot binary would
immediately follow the SPL binary.

The binman node describes an image. The sub-nodes describe entries in the
image. Each entry represents a region within the overall image. The name of
the entry (blob, u-boot) tells binman what to put there. For 'blob' we must
provide a filename. For 'u-boot', binman knows that this means 'u-boot.bin'.

Entries are normally placed into the image sequentially, one after the other.
The image size is the total size of all entries. As you can see, you can
specify the start offset of an entry using the 'offset' property.

Note that due to a device tree requirement, all entries must have a unique
name. If you want to put the same binary in the image multiple times, you can
use any unique name, with the 'type' property providing the type.

The attributes supported for entries are described below.

offset:
	This sets the offset of an entry within the image or section containing
	it. The first byte of the image is normally at offset 0. If 'offset' is
	not provided, binman sets it to the end of the previous region, or the
	start of the image's entry area (normally 0) if there is no previous
	region.

align:
	This sets the alignment of the entry. The entry offset is adjusted
	so that the entry starts on an aligned boundary within the image. For
	example 'align = <16>' means that the entry will start on a 16-byte
	boundary. Alignment shold be a power of 2. If 'align' is not
	provided, no alignment is performed.

size:
	This sets the size of the entry. The contents will be padded out to
	this size. If this is not provided, it will be set to the size of the
	contents.

pad-before:
	Padding before the contents of the entry. Normally this is 0, meaning
	that the contents start at the beginning of the entry. This can be
	offset the entry contents a little. Defaults to 0.

pad-after:
	Padding after the contents of the entry. Normally this is 0, meaning
	that the entry ends at the last byte of content (unless adjusted by
	other properties). This allows room to be created in the image for
	this entry to expand later. Defaults to 0.

align-size:
	This sets the alignment of the entry size. For example, to ensure
	that the size of an entry is a multiple of 64 bytes, set this to 64.
	If 'align-size' is not provided, no alignment is performed.

align-end:
	This sets the alignment of the end of an entry. Some entries require
	that they end on an alignment boundary, regardless of where they
	start. This does not move the start of the entry, so the contents of
	the entry will still start at the beginning. But there may be padding
	at the end. If 'align-end' is not provided, no alignment is performed.

filename:
	For 'blob' types this provides the filename containing the binary to
	put into the entry. If binman knows about the entry type (like
	u-boot-bin), then there is no need to specify this.

type:
	Sets the type of an entry. This defaults to the entry name, but it is
	possible to use any name, and then add (for example) 'type = "u-boot"'
	to specify the type.

offset-unset:
	Indicates that the offset of this entry should not be set by placing
	it immediately after the entry before. Instead, is set by another
	entry which knows where this entry should go. When this boolean
	property is present, binman will give an error if another entry does
	not set the offset (with the GetOffsets() method).

image-pos:
	This cannot be set on entry (or at least it is ignored if it is), but
	with the -u option, binman will set it to the absolute image position
	for each entry. This makes it easy to find out exactly where the entry
	ended up in the image, regardless of parent sections, etc.

expand-size:
	Expand the size of this entry to fit available space. This space is only
	limited by the size of the image/section and the position of the next
	entry.

compress:
	Sets the compression algortihm to use (for blobs only). See the entry
	documentation for details.

The attributes supported for images and sections are described below. Several
are similar to those for entries.

size:
	Sets the image size in bytes, for example 'size = <0x100000>' for a
	1MB image.

offset:
	This is similar to 'offset' in entries, setting the offset of a section
	within the image or section containing it. The first byte of the section
	is normally at offset 0. If 'offset' is not provided, binman sets it to
	the end of the previous region, or the start of the image's entry area
	(normally 0) if there is no previous region.

align-size:
	This sets the alignment of the image size. For example, to ensure
	that the image ends on a 512-byte boundary, use 'align-size = <512>'.
	If 'align-size' is not provided, no alignment is performed.

pad-before:
	This sets the padding before the image entries. The first entry will
	be positioned after the padding. This defaults to 0.

pad-after:
	This sets the padding after the image entries. The padding will be
	placed after the last entry. This defaults to 0.

pad-byte:
	This specifies the pad byte to use when padding in the image. It
	defaults to 0. To use 0xff, you would add 'pad-byte = <0xff>'.

filename:
	This specifies the image filename. It defaults to 'image.bin'.

sort-by-offset:
	This causes binman to reorder the entries as needed to make sure they
	are in increasing positional order. This can be used when your entry
	order may not match the positional order. A common situation is where
	the 'offset' properties are set by CONFIG options, so their ordering is
	not known a priori.

	This is a boolean property so needs no value. To enable it, add a
	line 'sort-by-offset;' to your description.

multiple-images:
	Normally only a single image is generated. To create more than one
	image, put this property in the binman node. For example, this will
	create image1.bin containing u-boot.bin, and image2.bin containing
	both spl/u-boot-spl.bin and u-boot.bin:

	binman {
		multiple-images;
		image1 {
			u-boot {
			};
		};

		image2 {
			spl {
			};
			u-boot {
			};
		};
	};

end-at-4gb:
	For x86 machines the ROM offsets start just before 4GB and extend
	up so that the image finished at the 4GB boundary. This boolean
	option can be enabled to support this. The image size must be
	provided so that binman knows when the image should start. For an
	8MB ROM, the offset of the first entry would be 0xfff80000 with
	this option, instead of 0 without this option.

skip-at-start:
	This property specifies the entry offset of the first entry.

	For PowerPC mpc85xx based CPU, CONFIG_SYS_TEXT_BASE is the entry
	offset of the first entry. It can be 0xeff40000 or 0xfff40000 for
	nor flash boot, 0x201000 for sd boot etc.

	'end-at-4gb' property is not applicable where CONFIG_SYS_TEXT_BASE +
	Image size != 4gb.

Examples of the above options can be found in the tests. See the
tools/binman/test directory.

It is possible to have the same binary appear multiple times in the image,
either by using a unit number suffix (u-boot@0, u-boot@1) or by using a
different name for each and specifying the type with the 'type' attribute.


Sections and hierachical images
-------------------------------

Sometimes it is convenient to split an image into several pieces, each of which
contains its own set of binaries. An example is a flash device where part of
the image is read-only and part is read-write. We can set up sections for each
of these, and place binaries in them independently. The image is still produced
as a single output file.

This feature provides a way of creating hierarchical images. For example here
is an example image with two copies of U-Boot. One is read-only (ro), intended
to be written only in the factory. Another is read-write (rw), so that it can be
upgraded in the field. The sizes are fixed so that the ro/rw boundary is known
and can be programmed:

	binman {
		section@0 {
			read-only;
			name-prefix = "ro-";
			size = <0x100000>;
			u-boot {
			};
		};
		section@1 {
			name-prefix = "rw-";
			size = <0x100000>;
			u-boot {
			};
		};
	};

This image could be placed into a SPI flash chip, with the protection boundary
set at 1MB.

A few special properties are provided for sections:

read-only:
	Indicates that this section is read-only. This has no impact on binman's
	operation, but his property can be read at run time.

name-prefix:
	This string is prepended to all the names of the binaries in the
	section. In the example above, the 'u-boot' binaries which actually be
	renamed to 'ro-u-boot' and 'rw-u-boot'. This can be useful to
	distinguish binaries with otherwise identical names.


Image Properties
----------------

Image nodes act like sections but also have a few extra properties:

filename:
	Output filename for the image. This defaults to image.bin (or in the
	case of multiple images <nodename>.bin where <nodename> is the name of
	the image node.

allow-repack:
	Create an image that can be repacked. With this option it is possible
	to change anything in the image after it is created, including updating
	the position and size of image components. By default this is not
	permitted since it is not possibly to know whether this might violate a
	constraint in the image description. For example, if a section has to
	increase in size to hold a larger binary, that might cause the section
	to fall out of its allow region (e.g. read-only portion of flash).

	Adding this property causes the original offset and size values in the
	image description to be stored in the FDT and fdtmap.


Entry Documentation
-------------------

For details on the various entry types supported by binman and how to use them,
see README.entries. This is generated from the source code using:

	binman entry-docs >tools/binman/README.entries


Listing images
--------------

It is possible to list the entries in an existing firmware image created by
binman, provided that there is an 'fdtmap' entry in the image. For example:

    $ binman ls -i image.bin
    Name              Image-pos  Size  Entry-type    Offset  Uncomp-size
    ----------------------------------------------------------------------
    main-section                  c00  section            0
      u-boot                  0     4  u-boot             0
      section                     5fc  section            4
        cbfs                100   400  cbfs               0
          u-boot            138     4  u-boot            38
          u-boot-dtb        180   108  u-boot-dtb        80          3b5
        u-boot-dtb          500   1ff  u-boot-dtb       400          3b5
      fdtmap                6fc   381  fdtmap           6fc
      image-header          bf8     8  image-header     bf8

This shows the hierarchy of the image, the position, size and type of each
entry, the offset of each entry within its parent and the uncompressed size if
the entry is compressed.

It is also possible to list just some files in an image, e.g.

    $ binman ls -i image.bin section/cbfs
    Name              Image-pos  Size  Entry-type  Offset  Uncomp-size
    --------------------------------------------------------------------
        cbfs                100   400  cbfs             0
          u-boot            138     4  u-boot          38
          u-boot-dtb        180   108  u-boot-dtb      80          3b5

or with wildcards:

    $ binman ls -i image.bin "*cb*" "*head*"
    Name              Image-pos  Size  Entry-type    Offset  Uncomp-size
    ----------------------------------------------------------------------
        cbfs                100   400  cbfs               0
          u-boot            138     4  u-boot            38
          u-boot-dtb        180   108  u-boot-dtb        80          3b5
      image-header          bf8     8  image-header     bf8


Extracting files from images
----------------------------

You can extract files from an existing firmware image created by binman,
provided that there is an 'fdtmap' entry in the image. For example:

    $ binman extract -i image.bin section/cbfs/u-boot

which will write the uncompressed contents of that entry to the file 'u-boot' in
the current directory. You can also extract to a particular file, in this case
u-boot.bin:

    $ binman extract -i image.bin section/cbfs/u-boot -f u-boot.bin

It is possible to extract all files into a destination directory, which will
put files in subdirectories matching the entry hierarchy:

    $ binman extract -i image.bin -O outdir

or just a selection:

    $ binman extract -i image.bin "*u-boot*" -O outdir


Replacing files in an image
---------------------------

You can replace files in an existing firmware image created by binman, provided
that there is an 'fdtmap' entry in the image. For example:

    $ binman replace -i image.bin section/cbfs/u-boot

which will write the contents of the file 'u-boot' from the current directory
to the that entry, compressing if necessary. If the entry size changes, you must
add the 'allow-repack' property to the original image before generating it (see
above), otherwise you will get an error.

You can also use a particular file, in this case u-boot.bin:

    $ binman replace -i image.bin section/cbfs/u-boot -f u-boot.bin

It is possible to replace all files from a source directory which uses the same
hierarchy as the entries:

    $ binman replace -i image.bin -I indir

Files that are missing will generate a warning.

You can also replace just a selection of entries:

    $ binman replace -i image.bin "*u-boot*" -I indir


Logging
-------

Binman normally operates silently unless there is an error, in which case it
just displays the error. The -D/--debug option can be used to create a full
backtrace when errors occur.

Internally binman logs some output while it is running. This can be displayed
by increasing the -v/--verbosity from the default of 1:

   0: silent
   1: warnings only
   2: notices (important messages)
   3: info about major operations
   4: detailed information about each operation
   5: debug (all output)


Hashing Entries
---------------

It is possible to ask binman to hash the contents of an entry and write that
value back to the device-tree node. For example:

	binman {
		u-boot {
			hash {
				algo = "sha256";
			};
		};
	};

Here, a new 'value' property will be written to the 'hash' node containing
the hash of the 'u-boot' entry. Only SHA256 is supported at present. Whole
sections can be hased if desired, by adding the 'hash' node to the section.

The has value can be chcked at runtime by hashing the data actually read and
comparing this has to the value in the device tree.


Order of image creation
-----------------------

Image creation proceeds in the following order, for each entry in the image.

1. AddMissingProperties() - binman can add calculated values to the device
tree as part of its processing, for example the offset and size of each
entry. This method adds any properties associated with this, expanding the
device tree as needed. These properties can have placeholder values which are
set later by SetCalculatedProperties(). By that stage the size of sections
cannot be changed (since it would cause the images to need to be repacked),
but the correct values can be inserted.

2. ProcessFdt() - process the device tree information as required by the
particular entry. This may involve adding or deleting properties. If the
processing is complete, this method should return True. If the processing
cannot complete because it needs the ProcessFdt() method of another entry to
run first, this method should return False, in which case it will be called
again later.

3. GetEntryContents() - the contents of each entry are obtained, normally by
reading from a file. This calls the Entry.ObtainContents() to read the
contents. The default version of Entry.ObtainContents() calls
Entry.GetDefaultFilename() and then reads that file. So a common mechanism
to select a file to read is to override that function in the subclass. The
functions must return True when they have read the contents. Binman will
retry calling the functions a few times if False is returned, allowing
dependencies between the contents of different entries.

4. GetEntryOffsets() - calls Entry.GetOffsets() for each entry. This can
return a dict containing entries that need updating. The key should be the
entry name and the value is a tuple (offset, size). This allows an entry to
provide the offset and size for other entries. The default implementation
of GetEntryOffsets() returns {}.

5. PackEntries() - calls Entry.Pack() which figures out the offset and
size of an entry. The 'current' image offset is passed in, and the function
returns the offset immediately after the entry being packed. The default
implementation of Pack() is usually sufficient.

6. CheckSize() - checks that the contents of all the entries fits within
the image size. If the image does not have a defined size, the size is set
large enough to hold all the entries.

7. CheckEntries() - checks that the entries do not overlap, nor extend
outside the image.

8. SetImagePos() - sets the image position of every entry. This is the absolute
position 'image-pos', as opposed to 'offset' which is relative to the containing
section. This must be done after all offsets are known, which is why it is quite
late in the ordering.

9. SetCalculatedProperties() - update any calculated properties in the device
tree. This sets the correct 'offset' and 'size' vaues, for example.

10. ProcessEntryContents() - this calls Entry.ProcessContents() on each entry.
The default implementatoin does nothing. This can be overriden to adjust the
contents of an entry in some way. For example, it would be possible to create
an entry containing a hash of the contents of some other entries. At this
stage the offset and size of entries should not be adjusted unless absolutely
necessary, since it requires a repack (going back to PackEntries()).

11. ResetForPack() - if the ProcessEntryContents() step failed, in that an entry
has changed its size, then there is no alternative but to go back to step 5 and
try again, repacking the entries with the updated size. ResetForPack() removes
the fixed offset/size values added by binman, so that the packing can start from
scratch.

12. WriteSymbols() - write the value of symbols into the U-Boot SPL binary.
See 'Access to binman entry offsets at run time' below for a description of
what happens in this stage.

13. BuildImage() - builds the image and writes it to a file

14. WriteMap() - writes a text file containing a map of the image. This is the
final step.


Automatic .dtsi inclusion
-------------------------

It is sometimes inconvenient to add a 'binman' node to the .dts file for each
board. This can be done by using #include to bring in a common file. Another
approach supported by the U-Boot build system is to automatically include
a common header. You can then put the binman node (and anything else that is
specific to U-Boot, such as u-boot,dm-pre-reloc properies) in that header
file.

Binman will search for the following files in arch/<arch>/dts:

   <dts>-u-boot.dtsi where <dts> is the base name of the .dts file
   <CONFIG_SYS_SOC>-u-boot.dtsi
   <CONFIG_SYS_CPU>-u-boot.dtsi
   <CONFIG_SYS_VENDOR>-u-boot.dtsi
   u-boot.dtsi

U-Boot will only use the first one that it finds. If you need to include a
more general file you can do that from the more specific file using #include.
If you are having trouble figuring out what is going on, you can uncomment
the 'warning' line in scripts/Makefile.lib to see what it has found:

   # Uncomment for debugging
   # This shows all the files that were considered and the one that we chose.
   # u_boot_dtsi_options_debug = $(u_boot_dtsi_options_raw)


Access to binman entry offsets at run time (symbols)
----------------------------------------------------

Binman assembles images and determines where each entry is placed in the image.
This information may be useful to U-Boot at run time. For example, in SPL it
is useful to be able to find the location of U-Boot so that it can be executed
when SPL is finished.

Binman allows you to declare symbols in the SPL image which are filled in
with their correct values during the build. For example:

    binman_sym_declare(ulong, u_boot_any, image_pos);

declares a ulong value which will be assigned to the image-pos of any U-Boot
image (u-boot.bin, u-boot.img, u-boot-nodtb.bin) that is present in the image.
You can access this value with something like:

    ulong u_boot_offset = binman_sym(ulong, u_boot_any, image_pos);

Thus u_boot_offset will be set to the image-pos of U-Boot in memory, assuming
that the whole image has been loaded, or is available in flash. You can then
jump to that address to start U-Boot.

At present this feature is only supported in SPL and TPL. In principle it is
possible to fill in such symbols in U-Boot proper, as well, but a future C
library is planned for this instead, to read from the device tree.

As well as image-pos, it is possible to read the size of an entry and its
offset (which is the start position of the entry within its parent).

A small technical note: Binman automatically adds the base address of the image
(i.e. __image_copy_start) to the value of the image-pos symbol, so that when the
image is loaded to its linked address, the value will be correct and actually
point into the image.

For example, say SPL is at the start of the image and linked to start at address
80108000. If U-Boot's image-pos is 0x8000 then binman will write an image-pos
for U-Boot of 80110000 into the SPL binary, since it assumes the image is loaded
to 80108000, with SPL at 80108000 and U-Boot at 80110000.

For x86 devices (with the end-at-4gb property) this base address is not added
since it is assumed that images are XIP and the offsets already include the
address.


Access to binman entry offsets at run time (fdt)
------------------------------------------------

Binman can update the U-Boot FDT to include the final position and size of
each entry in the images it processes. The option to enable this is -u and it
causes binman to make sure that the 'offset', 'image-pos' and 'size' properties
are set correctly for every entry. Since it is not necessary to specify these in
the image definition, binman calculates the final values and writes these to
the device tree. These can be used by U-Boot at run-time to find the location
of each entry.

Alternatively, an FDT map entry can be used to add a special FDT containing
just the information about the image. This is preceded by a magic string so can
be located anywhere in the image. An image header (typically at the start or end
of the image) can be used to point to the FDT map. See fdtmap and image-header
entries for more information.


Compression
-----------

Binman support compression for 'blob' entries (those of type 'blob' and
derivatives). To enable this for an entry, add a 'compress' property:

    blob {
        filename = "datafile";
        compress = "lz4";
    };

The entry will then contain the compressed data, using the 'lz4' compression
algorithm. Currently this is the only one that is supported. The uncompressed
size is written to the node in an 'uncomp-size' property, if -u is used.



Map files
---------

The -m option causes binman to output a .map file for each image that it
generates. This shows the offset and size of each entry. For example:

      Offset      Size  Name
    00000000  00000028  main-section
     00000000  00000010  section@0
      00000000  00000004  u-boot
     00000010  00000010  section@1
      00000000  00000004  u-boot

This shows a hierarchical image with two sections, each with a single entry. The
offsets of the sections are absolute hex byte offsets within the image. The
offsets of the entries are relative to their respective sections. The size of
each entry is also shown, in bytes (hex). The indentation shows the entries
nested inside their sections.


Passing command-line arguments to entries
-----------------------------------------

Sometimes it is useful to pass binman the value of an entry property from the
command line. For example some entries need access to files and it is not
always convenient to put these filenames in the image definition (device tree).

The-a option supports this:

    -a<prop>=<value>

where

    <prop> is the property to set
    <value> is the value to set it to

Not all properties can be provided this way. Only some entries support it,
typically for filenames.


External tools
--------------

Binman can make use of external command-line tools to handle processing of
entry contents or to generate entry contents. These tools are executed using
the 'tools' module's Run() method. The tools generally must exist on the PATH,
but the --toolpath option can be used to specify additional search paths to
use. This option can be specified multiple times to add more than one path.


Code coverage
-------------

Binman is a critical tool and is designed to be very testable. Entry
implementations target 100% test coverage. Run 'binman test -T' to check this.

To enable Python test coverage on Debian-type distributions (e.g. Ubuntu):

   $ sudo apt-get install python-coverage python3-coverage python-pytest


Concurrent tests
----------------

Binman tries to run tests concurrently. This means that the tests make use of
all available CPUs to run.

 To enable this:

   $ sudo apt-get install python-subunit python3-subunit

Use '-P 1' to disable this. It is automatically disabled when code coverage is
being used (-T) since they are incompatible.


Debugging tests
---------------

Sometimes when debugging tests it is useful to keep the input and output
directories so they can be examined later. Use -X or --test-preserve-dirs for
this.


Advanced Features / Technical docs
----------------------------------

The behaviour of entries is defined by the Entry class. All other entries are
a subclass of this. An important subclass is Entry_blob which takes binary
data from a file and places it in the entry. In fact most entry types are
subclasses of Entry_blob.

Each entry type is a separate file in the tools/binman/etype directory. Each
file contains a class called Entry_<type> where <type> is the entry type.
New entry types can be supported by adding new files in that directory.
These will automatically be detected by binman when needed.

Entry properties are documented in entry.py. The entry subclasses are free
to change the values of properties to support special behaviour. For example,
when Entry_blob loads a file, it sets content_size to the size of the file.
Entry classes can adjust other entries. For example, an entry that knows
where other entries should be positioned can set up those entries' offsets
so they don't need to be set in the binman decription. It can also adjust
entry contents.

Most of the time such essoteric behaviour is not needed, but it can be
essential for complex images.

If you need to specify a particular device-tree compiler to use, you can define
the DTC environment variable. This can be useful when the system dtc is too
old.

To enable a full backtrace and other debugging features in binman, pass
BINMAN_DEBUG=1 to your build:

   make qemu-x86_defconfig
   make BINMAN_DEBUG=1

To enable verbose logging from binman, base BINMAN_VERBOSE to your build, which
adds a -v<level> option to the call to binman:

   make qemu-x86_defconfig
   make BINMAN_VERBOSE=5


History / Credits
-----------------

Binman takes a lot of inspiration from a Chrome OS tool called
'cros_bundle_firmware', which I wrote some years ago. That tool was based on
a reasonably simple and sound design but has expanded greatly over the
years. In particular its handling of x86 images is convoluted.

Quite a few lessons have been learned which are hopefully applied here.


Design notes
------------

On the face of it, a tool to create firmware images should be fairly simple:
just find all the input binaries and place them at the right place in the
image. The difficulty comes from the wide variety of input types (simple
flat binaries containing code, packaged data with various headers), packing
requirments (alignment, spacing, device boundaries) and other required
features such as hierarchical images.

The design challenge is to make it easy to create simple images, while
allowing the more complex cases to be supported. For example, for most
images we don't much care exactly where each binary ends up, so we should
not have to specify that unnecessarily.

New entry types should aim to provide simple usage where possible. If new
core features are needed, they can be added in the Entry base class.


To do
-----

Some ideas:
- Use of-platdata to make the information available to code that is unable
  to use device tree (such as a very small SPL image)
- Allow easy building of images by specifying just the board name
- Support building an image for a board (-b) more completely, with a
  configurable build directory
- Support adding FITs to an image
- Support for ARM Trusted Firmware (ATF)
- Detect invalid properties in nodes
- Sort the fdtmap by offset

--
Simon Glass <sjg@chromium.org>
7/7/2016