1 .. SPDX-License-Identifier: GPL-2.0+
2 .. Copyright (c) 2016 Google, Inc
7 Firmware often consists of several components which must be packaged together.
8 For example, we may have SPL, U-Boot, a device tree and an environment area
9 grouped together and placed in MMC flash. When the system starts, it must be
10 able to find these pieces.
12 Building firmware should be separate from packaging it. Many of the complexities
13 of modern firmware build systems come from trying to do both at once. With
14 binman, you build all the pieces that are needed, using whatever assortment of
15 projects and build systems are needed, then use binman to stitch everything
22 Binman reads your board's device tree and finds a node which describes the
23 required image layout. It uses this to work out what to place where.
25 Binman provides a mechanism for building images, from simple SPL + U-Boot
26 combinations, to more complex arrangements with many parts. It also allows
27 users to inspect images, extract and replace binaries within them, repacking if
34 Apart from basic padding, alignment and positioning features, Binman supports
35 hierarchical images, compression, hashing and dealing with the binary blobs
36 which are a sad trend in open-source firmware at present.
38 Executable binaries can access the location of other binaries in an image by
39 using special linker symbols (zero-overhead but somewhat limited) or by reading
40 the devicetree description of the image.
42 Binman is designed primarily for use with U-Boot and associated binaries such
43 as ARM Trusted Firmware, but it is suitable for use with other projects, such
44 as Zephyr. Binman also provides facilities useful in Chromium OS, such as CBFS,
47 Binman provides a way to process binaries before they are included, by adding a
50 Binman is intended for use with U-Boot but is designed to be general enough
51 to be useful in other image-packaging situations.
57 As mentioned above, packaging of firmware is quite a different task from
58 building the various parts. In many cases the various binaries which go into
59 the image come from separate build systems. For example, ARM Trusted Firmware
60 is used on ARMv8 devices but is not built in the U-Boot tree. If a Linux kernel
61 is included in the firmware image, it is built elsewhere.
63 It is of course possible to add more and more build rules to the U-Boot
64 build system to cover these cases. It can shell out to other Makefiles and
65 build scripts. But it seems better to create a clear divide between building
66 software and packaging it.
68 At present this is handled by manual instructions, different for each board,
69 on how to create images that will boot. By turning these instructions into a
70 standard format, we can support making valid images for any board without
71 manual effort, lots of READMEs, etc.
75 - Each binary can have its own build system and tool chain without creating
76 any dependencies between them
77 - Avoids the need for a single-shot build: individual parts can be updated
78 and brought in as needed
79 - Provides for a standard image description available in the build and at
81 - SoC-specific image-signing tools can be accommodated
82 - Avoids cluttering the U-Boot build system with image-building code
83 - The image description is automatically available at run-time in U-Boot,
84 SPL. It can be made available to other software also
85 - The image description is easily readable (it's a text file in device-tree
86 format) and permits flexible packing of binaries
92 Binman uses the following terms:
94 - image - an output file containing a firmware image
95 - binary - an input binary that goes into the image
101 You can install binman using::
103 pip install binary-manager
105 The name is chosen since binman conflicts with an existing package.
107 If you are using binman within the U-Boot tree, it may be easiest to add a
108 symlink from your local `~/.bin` directory to `/path/to/tools/binman/binman`.
114 FIT is U-Boot's official image format. It supports multiple binaries with
115 load / execution addresses, compression. It also supports verification
116 through hashing and RSA signatures.
118 FIT was originally designed to support booting a Linux kernel (with an
119 optional ramdisk) and device tree chosen from various options in the FIT.
120 Now that U-Boot supports configuration via device tree, it is possible to
121 load U-Boot from a FIT, with the device tree chosen by SPL.
123 Binman considers FIT to be one of the binaries it can place in the image.
125 Where possible it is best to put as much as possible in the FIT, with binman
126 used to deal with cases not covered by FIT. Examples include initial
127 execution (since FIT itself does not have an executable header) and dealing
128 with device boundaries, such as the read-only/read-write separation in SPI
131 For U-Boot, binman should not be used to create ad-hoc images in place of
134 Note that binman can itself create a FIT. This helps to move mkimage
135 invocations out of the Makefile and into binman image descriptions. It also
136 helps by removing the need for ad-hoc tools like `make_fit_atf.py`.
139 Relationship to mkimage
140 -----------------------
142 The mkimage tool provides a means to create a FIT. Traditionally it has
143 needed an image description file: a device tree, like binman, but in a
144 different format. More recently it has started to support a '-f auto' mode
145 which can generate that automatically.
147 More relevant to binman, mkimage also permits creation of many SoC-specific
148 image types. These can be listed by running 'mkimage -T list'. Examples
149 include 'rksd', the Rockchip SD/MMC boot format. The mkimage tool is often
150 called from the U-Boot build system for this reason.
152 Binman considers the output files created by mkimage to be binary blobs
153 which it can place in an image. Binman does not replace the mkimage tool or
154 this purpose. It would be possible in some situations to create a new entry
155 type for the images in mkimage, but this would not add functionality. It
156 seems better to use the mkimage tool to generate binaries and avoid blurring
157 the boundaries between building input files (mkimage) and packaging then
158 into a final image (binman).
160 Note that binman can itself invoke mkimage. This helps to move mkimage
161 invocations out of the Makefile and into binman image descriptions.
167 Example use of binman in U-Boot
168 -------------------------------
170 Binman aims to replace some of the ad-hoc image creation in the U-Boot
173 Consider sunxi. It has the following steps:
175 #. It uses a custom mksunxiboot tool to build an SPL image called
176 sunxi-spl.bin. This should probably move into mkimage.
178 #. It uses mkimage to package U-Boot into a legacy image file (so that it can
179 hold the load and execution address) called u-boot.img.
181 #. It builds a final output image called u-boot-sunxi-with-spl.bin which
182 consists of sunxi-spl.bin, some padding and u-boot.img.
184 Binman is intended to replace the last step. The U-Boot build system builds
185 u-boot.bin and sunxi-spl.bin. Binman can then take over creation of
186 sunxi-spl.bin by calling mksunxiboot or mkimage. In any case, it would then
187 create the image from the component parts.
189 This simplifies the U-Boot Makefile somewhat, since various pieces of logic
190 can be replaced by a call to binman.
193 Invoking binman within U-Boot
194 -----------------------------
196 Within U-Boot, binman is invoked by the build system, i.e. when you type 'make'
197 or use buildman to build U-Boot. There is no need to run binman independently
198 during development. Everything happens automatically and is set up for your
199 SoC or board so that binman produced the right things.
201 The general policy is that the Makefile builds all the binaries in INPUTS-y
202 (the 'inputs' rule), then binman is run to produce the final images (the 'all'
205 There should be only one invocation of binman in Makefile, the very last step
206 that pulls everything together. At present there are some arch-specific
207 invocations as well, but these should be dropped when those architectures are
208 converted to use binman properly.
210 As above, the term 'binary' is used for something in INPUTS-y and 'image' is
211 used for the things that binman creates. So the binaries are inputs to the
212 image(s) and it is the image that is actually loaded on the board.
214 Again, at present, there are a number of things created in Makefile which should
215 be done by binman (when we get around to it), like `u-boot-ivt.img`,
216 `lpc32xx-spl.img`, `u-boot-with-nand-spl.imx`, `u-boot-spl-padx4.sfp` and
217 `u-boot-mtk.bin`, just to pick on a few. When completed this will remove about
218 400 lines from `Makefile`.
220 Since binman is invoked only once, it must of course create all the images that
221 are needed, in that one invocation. It does this by working through the image
222 descriptions one by one, collecting the input binaries, processing them as
223 needed and producing the final images.
225 The same binaries may be used by multiple images. For example binman may be used
226 to produce an SD-card image and a SPI-flash image. In this case the binaries
227 going into the process are the same, but binman produces slightly different
230 For some SoCs, U-Boot is not the only project that produces the necessary
231 binaries. For example, ARM Trusted Firmware (ATF) is a project that produces
232 binaries which must be incorporate, such as `bl31.elf` or `bl31.bin`. For this
233 to work you must have built ATF before you build U-Boot and you must tell U-Boot
234 where to find the bl31 image, using the BL31 environment variable.
236 How do you know how to incorporate ATF? It is handled by the atf-bl31 entry type
237 (etype). An etype is an implementation of reading a binary into binman, in this
238 case the `bl31.bin` file. When you build U-Boot but do not set the BL31
239 environment variable, binman provides a help message, which comes from
240 `missing-blob-help`::
242 See the documentation for your board. You may need to build ARM Trusted
243 Firmware and build with BL31=/path/to/bl31.bin
245 The mechanism by which binman is advised of this is also in the Makefile. See
246 the `-a atf-bl31-path=${BL31}` piece in `cmd_binman`. This tells binman to
247 set the EntryArg `atf-bl31-path` to the value of the `BL31` environment
248 variable. Within binman, this EntryArg is picked up by the `Entry_atf_bl31`
249 etype. An EntryArg is simply an argument to the entry. The `atf-bl31-path`
250 name is documented in :ref:`etype_atf_bl31`.
252 Taking this a little further, when binman is used to create a FIT, it supports
253 using an ELF file, e.g. `bl31.elf` and splitting it into separate pieces (with
254 `fit,operation = "split-elf"`), each with its own load address.
257 Invoking binman outside U-Boot
258 ------------------------------
260 While binman is invoked from within the U-Boot build system, it is also possible
261 to invoke it separately. This is typically used in a production build system,
262 where signing is completed (with real keys) and any missing binaries are
265 For example, for build testing there is no need to provide a real signature,
266 nor is there any need to provide a real ATF BL31 binary (for example). These can
267 be added later by invoking binman again, providing all the required inputs
268 from the first time, plus any that were missing or placeholders.
270 So in practice binman is often used twice:
272 - once within the U-Boot build system, for development and testing
273 - again outside U-Boot to assembly and final production images
275 While the same input binaries are used in each case, you will of course you will
276 need to create your own binman command line, similar to that in `cmd_binman` in
277 the Makefile. You may find the -I and --toolpath options useful. The
278 device tree file is provided to binman in binary form, so there is no need to
279 have access to the original `.dts` sources.
282 Assembling the image description
283 --------------------------------
285 Since binman uses the device tree for its image description, you can use the
286 same files that describe your board's hardware to describe how the image is
287 assembled. Typically the images description is in a common file used by all
288 boards with a particular SoC (e.g. `imx8mp-u-boot.dtsi`).
290 Where a particular boards needs to make changes, it can override properties in
291 the SoC file, just as it would for any other device tree property. It can also
292 add a image that is specific to the board.
294 Another way to control the image description to make use of CONFIG options in
295 the description. For example, if the start offset of a particular entry varies
296 by board, you can add a Kconfig for that and reference it in the description::
302 offset = <CONFIG_SPL_PAD_TO>;
306 The SoC can provide a default value but boards can override that as needed and
307 binman will take care of it.
309 It is even possible to control which entries appear in the image, by using the
312 #ifdef CONFIG_HAVE_MRC
314 offset = <CFG_X86_MRC_ADDR>;
318 Only boards which enable `HAVE_MRC` will include this entry.
320 Obviously a similar approach can be used to control which images are produced,
321 with a Kconfig option to enable a SPI image, for example. However there is
322 generally no harm in producing an image that is not used. If a board uses MMC
323 but not SPI, but the SoC supports booting from both, then both images can be
324 produced, with only on or other being used by particular boards. This can help
325 reduce the need for having multiple defconfig targets for a board where the
326 only difference is the boot media, enabling / disabling secure boot, etc.
328 Of course you can use the device tree itself to pass any board-specific
329 information that is needed by U-Boot at runtime (see binman_syms_ for how to
330 make binman insert these values directly into executables like SPL).
332 There is one more way this can be done: with individual .dtsi files for each
333 image supported by the SoC. Then the board `.dts` file can include the ones it
334 wants. This is not recommended, since it is likely to be difficult to maintain
335 and harder to understand the relationship between the different boards.
338 Producing images for multiple boards
339 ------------------------------------
341 When invoked within U-Boot, binman only builds a single set of images, for
342 the chosen board. This is set by the `CONFIG_DEFAULT_DEVICE_TREE` option.
344 However, U-Boot generally builds all the device tree files associated with an
345 SoC. These are written to the (e.g. for ARM) `arch/arm/dts` directory. Each of
346 these contains the full binman description for that board. Often the best
347 approach is to build a single image that includes all these device tree binaries
348 and allow SPL to select the correct one on boot.
350 However, it is also possible to build separate images for each board, simply by
351 invoking binman multiple times, once for each device tree file, using a
352 different output directory. This will produce one set of images for each board.
355 Example use of binman for x86
356 -----------------------------
358 In most cases x86 images have a lot of binary blobs, 'black-box' code
359 provided by Intel which must be run for the platform to work. Typically
360 these blobs are not relocatable and must be placed at fixed areas in the
363 Currently this is handled by ifdtool, which places microcode, FSP, MRC, VGA
364 BIOS, reference code and Intel ME binaries into a u-boot.rom file.
366 Binman is intended to replace all of this, with ifdtool left to handle only
367 the configuration of the Intel-format descriptor.
373 First install prerequisites, e.g:
377 sudo apt-get install python-pyelftools python3-pyelftools lzma-alone \
380 You can run binman directly if you put it on your PATH. But if you want to
381 install into your `~/.local` Python directory, use:
385 pip install tools/patman tools/dtoc tools/binman
387 Note that binman makes use of libraries from patman and dtoc, which is why these
388 need to be installed. Also you need `libfdt` and `pylibfdt` which can be
393 git clone git://git.kernel.org/pub/scm/utils/dtc/dtc.git
396 make NO_PYTHON=1 install
398 This installs the `libfdt.so` library into `~/lib` so you can use
399 `LD_LIBRARY_PATH=~/lib` when running binman. If you want to install it in the
400 system-library directory, replace the last line with:
404 make NO_PYTHON=1 PREFIX=/ install
413 make NO_PYTHON=1 PREFIX=/ install
414 binman build -b <board_name>
416 to build an image for a board. The board name is the same name used when
417 configuring U-Boot (e.g. for sandbox_defconfig the board name is 'sandbox').
418 Binman assumes that the input files for the build are in ../b/<board_name>.
420 Or you can specify this explicitly:
424 make NO_PYTHON=1 PREFIX=/ install
425 binman build -I <build_path>
427 where <build_path> is the build directory containing the output of the U-Boot
430 (Future work will make this more configurable)
432 In either case, binman picks up the device tree file (u-boot.dtb) and looks
433 for its instructions in the 'binman' node.
435 Binman has a few other options which you can see by running 'binman -h'.
438 Enabling binman for a board
439 ---------------------------
441 At present binman is invoked from a rule in the main Makefile. You should be
442 able to enable CONFIG_BINMAN to enable this rule.
444 The output file is typically named image.bin and is located in the output
445 directory. If input files are needed to you add these to INPUTS-y either in the
446 main Makefile or in a config.mk file in your arch subdirectory.
448 Once binman is executed it will pick up its instructions from a device-tree
449 file, typically <soc>-u-boot.dtsi, where <soc> is your CONFIG_SYS_SOC value.
450 You can use other, more specific CONFIG options - see 'Automatic .dtsi
455 Access to binman entry offsets at run time (symbols)
456 ----------------------------------------------------
458 Binman assembles images and determines where each entry is placed in the image.
459 This information may be useful to U-Boot at run time. For example, in SPL it
460 is useful to be able to find the location of U-Boot so that it can be executed
461 when SPL is finished.
463 Binman allows you to declare symbols in the SPL image which are filled in
464 with their correct values during the build. For example:
468 binman_sym_declare(ulong, u_boot_any, image_pos);
470 declares a ulong value which will be assigned to the image-pos of any U-Boot
471 image (u-boot.bin, u-boot.img, u-boot-nodtb.bin) that is present in the image.
472 You can access this value with something like:
476 ulong u_boot_offset = binman_sym(ulong, u_boot_any, image_pos);
478 Thus u_boot_offset will be set to the image-pos of U-Boot in memory, assuming
479 that the whole image has been loaded, or is available in flash. You can then
480 jump to that address to start U-Boot.
482 At present this feature is only supported in SPL and TPL. In principle it is
483 possible to fill in such symbols in U-Boot proper, as well, but a future C
484 library is planned for this instead, to read from the device tree.
486 As well as image-pos, it is possible to read the size of an entry and its
487 offset (which is the start position of the entry within its parent).
489 A small technical note: Binman automatically adds the base address of the image
490 (i.e. __image_copy_start) to the value of the image-pos symbol, so that when the
491 image is loaded to its linked address, the value will be correct and actually
492 point into the image.
494 For example, say SPL is at the start of the image and linked to start at address
495 80108000. If U-Boot's image-pos is 0x8000 then binman will write an image-pos
496 for U-Boot of 80110000 into the SPL binary, since it assumes the image is loaded
497 to 80108000, with SPL at 80108000 and U-Boot at 80110000.
499 For x86 devices (with the end-at-4gb property) this base address is not added
500 since it is assumed that images are XIP and the offsets already include the
503 While U-Boot's symbol updating is handled automatically by the u-boot-spl
504 entry type (and others), it is possible to use this feature with any blob. To
505 do this, add a `write-symbols` (boolean) property to the node, set the ELF
506 filename using `elf-filename` and set 'elf-base-sym' to the base symbol for the
507 start of the binary image (this defaults to `__image_copy_start` which is what
508 U-Boot uses). See `testBlobSymbol()` for an example.
512 Access to binman entry offsets at run time (fdt)
513 ------------------------------------------------
515 Binman can update the U-Boot FDT to include the final position and size of
516 each entry in the images it processes. The option to enable this is -u and it
517 causes binman to make sure that the 'offset', 'image-pos' and 'size' properties
518 are set correctly for every entry. Since it is not necessary to specify these in
519 the image definition, binman calculates the final values and writes these to
520 the device tree. These can be used by U-Boot at run-time to find the location
523 Alternatively, an FDT map entry can be used to add a special FDT containing
524 just the information about the image. This is preceded by a magic string so can
525 be located anywhere in the image. An image header (typically at the start or end
526 of the image) can be used to point to the FDT map. See fdtmap and image-header
527 entries for more information.
532 The -m option causes binman to output a .map file for each image that it
533 generates. This shows the offset and size of each entry. For example::
536 00000000 00000028 main-section
537 00000000 00000010 section@0
538 00000000 00000004 u-boot
539 00000010 00000010 section@1
540 00000000 00000004 u-boot
542 This shows a hierarchical image with two sections, each with a single entry. The
543 offsets of the sections are absolute hex byte offsets within the image. The
544 offsets of the entries are relative to their respective sections. The size of
545 each entry is also shown, in bytes (hex). The indentation shows the entries
546 nested inside their sections.
549 Passing command-line arguments to entries
550 -----------------------------------------
552 Sometimes it is useful to pass binman the value of an entry property from the
553 command line. For example some entries need access to files and it is not
554 always convenient to put these filenames in the image definition (device tree).
556 The -a option supports this::
562 <prop> is the property to set
563 <value> is the value to set it to
565 Not all properties can be provided this way. Only some entries support it,
566 typically for filenames.
569 Image description format
570 ========================
572 The binman node is called 'binman'. An example image description is shown
576 filename = "u-boot-sunxi-with-spl.bin";
579 filename = "spl/sunxi-spl.bin";
582 offset = <CONFIG_SPL_PAD_TO>;
587 This requests binman to create an image file called u-boot-sunxi-with-spl.bin
588 consisting of a specially formatted SPL (spl/sunxi-spl.bin, built by the
589 normal U-Boot Makefile), some 0xff padding, and a U-Boot legacy image. The
590 padding comes from the fact that the second binary is placed at
591 CONFIG_SPL_PAD_TO. If that line were omitted then the U-Boot binary would
592 immediately follow the SPL binary.
594 The binman node describes an image. The sub-nodes describe entries in the
595 image. Each entry represents a region within the overall image. The name of
596 the entry (blob, u-boot) tells binman what to put there. For 'blob' we must
597 provide a filename. For 'u-boot', binman knows that this means 'u-boot.bin'.
599 Entries are normally placed into the image sequentially, one after the other.
600 The image size is the total size of all entries. As you can see, you can
601 specify the start offset of an entry using the 'offset' property.
603 Note that due to a device tree requirement, all entries must have a unique
604 name. If you want to put the same binary in the image multiple times, you can
605 use any unique name, with the 'type' property providing the type.
607 The attributes supported for entries are described below.
610 This sets the offset of an entry within the image or section containing
611 it. The first byte of the image is normally at offset 0. If 'offset' is
612 not provided, binman sets it to the end of the previous region, or the
613 start of the image's entry area (normally 0) if there is no previous
617 This sets the alignment of the entry. The entry offset is adjusted
618 so that the entry starts on an aligned boundary within the containing
619 section or image. For example 'align = <16>' means that the entry will
620 start on a 16-byte boundary. This may mean that padding is added before
621 the entry. The padding is part of the containing section but is not
622 included in the entry, meaning that an empty space may be created before
623 the entry starts. Alignment should be a power of 2. If 'align' is not
624 provided, no alignment is performed.
627 This sets the size of the entry. The contents will be padded out to
628 this size. If this is not provided, it will be set to the size of the
632 Sets the minimum size of the entry. This size includes explicit padding
633 ('pad-before' and 'pad-after'), but not padding added to meet alignment
634 requirements. While this does not affect the contents of the entry within
635 binman itself (the padding is performed only when its parent section is
636 assembled), the end result will be that the entry ends with the padding
637 bytes, so may grow. Defaults to 0.
640 Padding before the contents of the entry. Normally this is 0, meaning
641 that the contents start at the beginning of the entry. This can be used
642 to offset the entry contents a little. While this does not affect the
643 contents of the entry within binman itself (the padding is performed
644 only when its parent section is assembled), the end result will be that
645 the entry starts with the padding bytes, so may grow. Defaults to 0.
648 Padding after the contents of the entry. Normally this is 0, meaning
649 that the entry ends at the last byte of content (unless adjusted by
650 other properties). This allows room to be created in the image for
651 this entry to expand later. While this does not affect the contents of
652 the entry within binman itself (the padding is performed only when its
653 parent section is assembled), the end result will be that the entry ends
654 with the padding bytes, so may grow. Defaults to 0.
657 This sets the alignment of the entry size. For example, to ensure
658 that the size of an entry is a multiple of 64 bytes, set this to 64.
659 While this does not affect the contents of the entry within binman
660 itself (the padding is performed only when its parent section is
661 assembled), the end result is that the entry ends with the padding
662 bytes, so may grow. If 'align-size' is not provided, no alignment is
666 This sets the alignment of the end of an entry with respect to the
667 containing section. Some entries require that they end on an alignment
668 boundary, regardless of where they start. This does not move the start
669 of the entry, so the contents of the entry will still start at the
670 beginning. But there may be padding at the end. While this does not
671 affect the contents of the entry within binman itself (the padding is
672 performed only when its parent section is assembled), the end result
673 is that the entry ends with the padding bytes, so may grow.
674 If 'align-end' is not provided, no alignment is performed.
677 For 'blob' types this provides the filename containing the binary to
678 put into the entry. If binman knows about the entry type (like
679 u-boot-bin), then there is no need to specify this.
682 Sets the type of an entry. This defaults to the entry name, but it is
683 possible to use any name, and then add (for example) 'type = "u-boot"'
687 Indicates that the offset of this entry should not be set by placing
688 it immediately after the entry before. Instead, is set by another
689 entry which knows where this entry should go. When this boolean
690 property is present, binman will give an error if another entry does
691 not set the offset (with the GetOffsets() method).
694 This cannot be set on entry (or at least it is ignored if it is), but
695 with the -u option, binman will set it to the absolute image position
696 for each entry. This makes it easy to find out exactly where the entry
697 ended up in the image, regardless of parent sections, etc.
700 Extend the size of this entry to fit available space. This space is only
701 limited by the size of the image/section and the position of the next
705 Sets the compression algortihm to use (for blobs only). See the entry
706 documentation for details.
709 Sets the tag of the message to show if this entry is missing. This is
710 used for external blobs. When they are missing it is helpful to show
711 information about what needs to be fixed. See missing-blob-help for the
712 message for each tag.
715 By default binman substitutes entries with expanded versions if available,
716 so that a `u-boot` entry type turns into `u-boot-expanded`, for example. The
717 `--no-expanded` command-line option disables this globally. The
718 `no-expanded` property disables this just for a single entry. Put the
719 `no-expanded` boolean property in the node to select this behaviour.
722 External blobs are normally required to be present for the image to be
723 built (but see `External blobs`_). This properly allows an entry to be
724 optional, so that when it is cannot be found, this problem is ignored and
725 an empty file is used for this blob. This should be used only when the blob
726 is entirely optional and is not needed for correct operation of the image.
727 Note that missing, optional blobs do not produce a non-zero exit code from
728 binman, although it does show a warning about the missing external blob.
731 This is not strictly speaking an entry property, since it is processed early
732 in Binman before the entries are read. It is a list of phandles of nodes to
733 include in the current (target) node. For each node, its subnodes and their
734 properties are brought into the target node. See Templates_ below for
737 The attributes supported for images and sections are described below. Several
738 are similar to those for entries.
741 Sets the image size in bytes, for example 'size = <0x100000>' for a
745 This is similar to 'offset' in entries, setting the offset of a section
746 within the image or section containing it. The first byte of the section
747 is normally at offset 0. If 'offset' is not provided, binman sets it to
748 the end of the previous region, or the start of the image's entry area
749 (normally 0) if there is no previous region.
752 This sets the alignment of the image size. For example, to ensure
753 that the image ends on a 512-byte boundary, use 'align-size = <512>'.
754 If 'align-size' is not provided, no alignment is performed.
757 This sets the padding before the image entries. The first entry will
758 be positioned after the padding. This defaults to 0.
761 This sets the padding after the image entries. The padding will be
762 placed after the last entry. This defaults to 0.
765 This specifies the pad byte to use when padding in the image. It
766 defaults to 0. To use 0xff, you would add 'pad-byte = <0xff>'.
769 This specifies the image filename. It defaults to 'image.bin'.
772 This causes binman to reorder the entries as needed to make sure they
773 are in increasing positional order. This can be used when your entry
774 order may not match the positional order. A common situation is where
775 the 'offset' properties are set by CONFIG options, so their ordering is
778 This is a boolean property so needs no value. To enable it, add a
779 line 'sort-by-offset;' to your description.
782 Normally only a single image is generated. To create more than one
783 image, put this property in the binman node. For example, this will
784 create image1.bin containing u-boot.bin, and image2.bin containing
785 both spl/u-boot-spl.bin and u-boot.bin::
803 For x86 machines the ROM offsets start just before 4GB and extend
804 up so that the image finished at the 4GB boundary. This boolean
805 option can be enabled to support this. The image size must be
806 provided so that binman knows when the image should start. For an
807 8MB ROM, the offset of the first entry would be 0xfff80000 with
808 this option, instead of 0 without this option.
811 This property specifies the entry offset of the first entry.
813 For PowerPC mpc85xx based CPU, CONFIG_TEXT_BASE is the entry
814 offset of the first entry. It can be 0xeff40000 or 0xfff40000 for
815 nor flash boot, 0x201000 for sd boot etc.
817 'end-at-4gb' property is not applicable where CONFIG_TEXT_BASE +
821 Specifies the default alignment for entries in this section, if they do
822 not specify an alignment. Note that this only applies to top-level entries
823 in the section (direct subentries), not any subentries of those entries.
824 This means that each section must specify its own default alignment, if
828 Adds a symlink to the image with string given in the symlink property.
831 Indicates that this entry overlaps with others in the same section. These
832 entries should appear at the end of the section. Overlapping entries are not
833 packed with other entries, but their contents are written over other entries
834 in the section. Overlapping entries must have an explicit offset and size.
837 Indicates that the blob should be updated with symbol values calculated by
838 binman. This is automatic for certain entry types, e.g. `u-boot-spl`. See
839 binman_syms_ for more information.
842 Disables symbol writing for this entry. This can be used in entry types
843 where symbol writing is automatic. For example, if `u-boot-spl` refers to
844 the `u_boot_any_image_pos` symbol but U-Boot is not available in the image
845 containing SPL, this can be used to disable the writing. Quite likely this
846 indicates a bug in your setup.
849 Sets the file name of a blob's associated ELF file. For example, if the
850 blob is `zephyr.bin` then the ELF file may be `zephyr.elf`. This allows
851 binman to locate symbols and understand the structure of the blob. See
852 binman_syms_ for more information.
855 Sets the name of the ELF symbol that points to the start of a blob. For
856 U-Boot this is `__image_copy_start` and that is the default used by binman
857 if this property is missing. For other projects, a difference symbol may be
858 needed. Add this symbol to the properties for the blob so that symbols can
859 be read correctly. See binman_syms_ for more information.
862 Sets the offset of an entry based on a symbol value in an another entry.
863 The format is <&phandle>, "sym_name", <offset> where phandle is the entry
864 containing the blob (with associated ELF file providing symbols), <sym_name>
865 is the symbol to lookup (relative to elf-base-sym) and <offset> is an offset
866 to add to that value.
869 Indicates that this entry should be preserved by any firmware updates. This
870 flag should be checked by the updater when it is deciding which entries to
871 update. This flag is normally attached to sections but can be attached to
872 a single entry in a section if the updater supports it. Not that binman
873 itself has no control over the updater's behaviour, so this is just a
874 signal. It is not enforced by binman.
876 Examples of the above options can be found in the tests. See the
877 tools/binman/test directory.
879 It is possible to have the same binary appear multiple times in the image,
880 either by using a unit number suffix (u-boot@0, u-boot@1) or by using a
881 different name for each and specifying the type with the 'type' attribute.
884 Sections and hierachical images
885 -------------------------------
887 Sometimes it is convenient to split an image into several pieces, each of which
888 contains its own set of binaries. An example is a flash device where part of
889 the image is read-only and part is read-write. We can set up sections for each
890 of these, and place binaries in them independently. The image is still produced
891 as a single output file.
893 This feature provides a way of creating hierarchical images. For example here
894 is an example image with two copies of U-Boot. One is read-only (ro), intended
895 to be written only in the factory. Another is read-write (rw), so that it can be
896 upgraded in the field. The sizes are fixed so that the ro/rw boundary is known
897 and can be programmed::
915 This image could be placed into a SPI flash chip, with the protection boundary
918 A few special properties are provided for sections:
921 Indicates that this section is read-only. This has no impact on binman's
922 operation, but his property can be read at run time.
925 This string is prepended to all the names of the binaries in the
926 section. In the example above, the 'u-boot' binaries which actually be
927 renamed to 'ro-u-boot' and 'rw-u-boot'. This can be useful to
928 distinguish binaries with otherwise identical names.
931 This allows the contents of the section to be written to a file in the
932 output directory. This can sometimes be useful to use the data in one
933 section in different image, since there is currently no way to share data
934 beteen images other than through files.
939 Image nodes act like sections but also have a few extra properties:
942 Output filename for the image. This defaults to image.bin (or in the
943 case of multiple images <nodename>.bin where <nodename> is the name of
947 Create an image that can be repacked. With this option it is possible
948 to change anything in the image after it is created, including updating
949 the position and size of image components. By default this is not
950 permitted since it is not possibly to know whether this might violate a
951 constraint in the image description. For example, if a section has to
952 increase in size to hold a larger binary, that might cause the section
953 to fall out of its allow region (e.g. read-only portion of flash).
955 Adding this property causes the original offset and size values in the
956 image description to be stored in the FDT and fdtmap.
962 Binman does not currently support images that depend on each other. For example,
963 if one image creates `fred.bin` and then the next uses this `fred.bin` to
964 produce a final `image.bin`, then the behaviour is undefined. It may work, or it
965 may produce an error about `fred.bin` being missing, or it may use a version of
966 `fred.bin` from a previous run.
968 Often this can be handled by incorporating the dependency into the second
969 image. For example, instead of::
984 filename = "fred.bin";
1011 It is possible to ask binman to hash the contents of an entry and write that
1012 value back to the device-tree node. For example::
1022 Here, a new 'value' property will be written to the 'hash' node containing
1023 the hash of the 'u-boot' entry. Only SHA256 is supported at present. Whole
1024 sections can be hased if desired, by adding the 'hash' node to the section.
1026 The has value can be chcked at runtime by hashing the data actually read and
1027 comparing this has to the value in the device tree.
1033 Binman automatically replaces 'u-boot' with an expanded version of that, i.e.
1034 'u-boot-expanded'. This means that when you write::
1042 type = "u-boot-expanded';
1045 which in turn expands to::
1057 U-Boot's various phase binaries actually comprise two or three pieces.
1058 For example, u-boot.bin has the executable followed by a devicetree.
1060 With binman we want to be able to update that devicetree with full image
1061 information so that it is accessible to the executable. This is tricky
1062 if it is not clear where the devicetree starts.
1064 The above feature ensures that the devicetree is clearly separated from the
1065 U-Boot executable and can be updated separately by binman as needed. It can be
1066 disabled with the --no-expanded flag if required.
1068 The same applies for u-boot-spl and u-boot-tpl. In those cases, the expansion
1069 includes the BSS padding, so for example::
1078 type = "u-boot-expanded';
1081 which in turn expands to::
1089 u-boot-spl-bss-pad {
1096 Of course we should not expand SPL if it has no devicetree. Also if the BSS
1097 padding is not needed (because BSS is in RAM as with CONFIG_SPL_SEPARATE_BSS),
1098 the 'u-boot-spl-bss-pad' subnode should not be created. The use of the expaned
1099 entry type is controlled by the UseExpanded() method. In the SPL case it checks
1100 the 'spl-dtb' entry arg, which is 'y' or '1' if SPL has a devicetree.
1102 For the BSS case, a 'spl-bss-pad' entry arg controls whether it is present. All
1103 entry args are provided by the U-Boot Makefile.
1109 Some entries need to exist only if certain conditions are met. For example, an
1110 entry may want to appear in the image only if a file has a particular format.
1111 Obviously the entry must exist in the image description for it to be processed
1112 at all, so a way needs to be found to have the entry remove itself.
1114 To handle this, when entry.ObtainContents() is called, the entry can call
1115 entry.mark_absent() to mark itself as absent, passing a suitable message as the
1118 Any absent entries are dropped immediately after ObtainContents() has been
1119 called on all entries.
1121 It is not possible for an entry to mark itself absent at any other point in the
1122 processing. It must happen in the ObtainContents() method.
1124 The effect is as if the entry had never been present at all, since the image
1125 is packed without it and it disappears from the list of entries.
1131 Binman support compression for 'blob' entries (those of type 'blob' and
1132 derivatives). To enable this for an entry, add a 'compress' property::
1135 filename = "datafile";
1139 The entry will then contain the compressed data, using the 'lz4' compression
1140 algorithm. Currently this is the only one that is supported. The uncompressed
1141 size is written to the node in an 'uncomp-size' property, if -u is used.
1143 Compression is also supported for sections. In that case the entire section is
1144 compressed in one block, including all its contents. This means that accessing
1145 an entry from the section required decompressing the entire section. Also, the
1146 size of a section indicates the space that it consumes in its parent section
1147 (and typically the image). With compression, the section may contain more data,
1148 and the uncomp-size property indicates that, as above. The contents of the
1149 section is compressed first, before any padding is added. This ensures that the
1150 padding itself is not compressed, which would be a waste of time.
1153 Automatic .dtsi inclusion
1154 -------------------------
1156 It is sometimes inconvenient to add a 'binman' node to the .dts file for each
1157 board. This can be done by using #include to bring in a common file. Another
1158 approach supported by the U-Boot build system is to automatically include
1159 a common header. You can then put the binman node (and anything else that is
1160 specific to U-Boot, such as bootph-all properies) in that header file.
1162 Binman will search for the following files in arch/<arch>/dts::
1164 <dts>-u-boot.dtsi where <dts> is the base name of the .dts file
1165 <CONFIG_SYS_SOC>-u-boot.dtsi
1166 <CONFIG_SYS_CPU>-u-boot.dtsi
1167 <CONFIG_SYS_VENDOR>-u-boot.dtsi
1170 U-Boot will only use the first one that it finds. If you need to include a
1171 more general file you can do that from the more specific file using #include.
1172 If you are having trouble figuring out what is going on, you can use
1173 `DEVICE_TREE_DEBUG=1` with your build::
1175 make DEVICE_TREE_DEBUG=1
1176 scripts/Makefile.lib:334: Automatic .dtsi inclusion: options:
1177 arch/arm/dts/juno-r2-u-boot.dtsi arch/arm/dts/-u-boot.dtsi
1178 arch/arm/dts/armv8-u-boot.dtsi arch/arm/dts/armltd-u-boot.dtsi
1179 arch/arm/dts/u-boot.dtsi ... found: "arch/arm/dts/juno-r2-u-boot.dtsi"
1185 Sometimes multiple images need to be created which have all have a common
1186 part. For example, a board may generate SPI and eMMC images which both include
1187 a FIT. Since the FIT includes many entries, it is tedious to repeat them twice
1188 in the image description.
1190 Templates provide a simple way to handle this::
1194 common_part: template-1 {
1197 ... lots of entries in here
1201 text = "base image";
1206 filename = "image-spi.bin";
1207 insert-template = <&fit>;
1209 /* things specific to SPI follow */
1219 filename = "image-mmc.bin";
1220 insert-template = <&fit>;
1222 /* things specific to MMC follow */
1232 The template node name must start with 'template', so it is not considered to be
1235 The mechanism is very simple. For each phandle in the 'insert-templates'
1236 property, the source node is looked up. Then the subnodes of that source node
1237 are copied into the target node, i.e. the one containing the `insert-template`
1240 If the target node has a node with the same name as a template, its properties
1241 override corresponding properties in the template. This allows the template to
1242 be uses as a base, with the node providing updates to the properties as needed.
1243 The overriding happens recursively.
1245 Template nodes appear first in each node that they are inserted into and
1246 ordering of template nodes is preserved. Other nodes come afterwards. If a
1247 template node also appears in the target node, then the template node sets the
1248 order. Thus the template can be used to set the ordering, even if the target
1249 node provides all the properties. In the above example, `fit` and `text` appear
1250 first in the `spi-image` and `mmc-image` images, followed by `footer`.
1252 Where there are multiple template nodes, they are inserted in that order. so
1253 the first template node appears first, then the second.
1255 Properties in the template node are inserted into the destination node if they
1256 do not exist there. In the example above, `some-property` is added to each of
1257 `spi-image` and `mmc-image`.
1259 Note that template nodes are removed from the binman description after
1260 processing and before binman builds the image descriptions.
1262 The initial devicetree produced by the templating process is written to the
1263 `u-boot.dtb.tmpl1` file. This can be useful to see what is going on if there is
1264 a failure before the final `u-boot.dtb.out` file is written. A second
1265 `u-boot.dtb.tmpl2` file is written when the templates themselves are removed.
1267 Dealing with phandles
1268 ---------------------
1270 Templates can contain phandles and these are copied to the destination node.
1271 However this should be used with care, since if a template is instantiated twice
1272 then the phandle will be copied twice, resulting in a devicetree with duplicate
1273 phandles, i.e. the same phandle used by two different nodes. Binman detects this
1274 situation and produces an error, for example::
1276 Duplicate phandle 1 in nodes /binman/image/fit/images/atf/atf-bl31 and
1277 /binman/image-2/fit/images/atf/atf-bl31
1279 In this case an atf-bl31 node containing a phandle has been copied into two
1280 different target nodes, resulting in the same phandle for each. See
1281 testTemplatePhandleDup() for the test case.
1283 The solution is typically to put the phandles in the corresponding target nodes
1284 (one for each) and remove the phandle from the template.
1286 Updating an ELF file
1287 ====================
1289 For the EFI app, where U-Boot is loaded from UEFI and runs as an app, there is
1290 no way to update the devicetree after U-Boot is built. Normally this works by
1291 creating a new u-boot.dtb.out with he updated devicetree, which is automatically
1292 built into the output image. With ELF this is not possible since the ELF is
1293 not part of an image, just a stand-along file. We must create an updated ELF
1294 file with the new devicetree.
1296 This is handled by the --update-fdt-in-elf option. It takes four arguments,
1299 infile - filename of input ELF file, e.g. 'u-boot's
1300 outfile - filename of output ELF file, e.g. 'u-boot.out'
1301 begin_sym - symbol at the start of the embedded devicetree, e.g.
1303 end_sym - symbol at the start of the embedded devicetree, e.g.
1306 When this flag is used, U-Boot does all the normal packaging, but as an
1307 additional step, it creates a new ELF file with the new devicetree embedded in
1310 If logging is enabled you will see a message like this::
1312 Updating file 'u-boot' with data length 0x400a (16394) between symbols
1313 '__dtb_dt_begin' and '__dtb_dt_end'
1315 There must be enough space for the updated devicetree. If not, an error like
1316 the following is produced::
1318 ValueError: Not enough space in 'u-boot' for data length 0x400a (16394);
1319 size is 0x1744 (5956)
1325 For details on the various entry types supported by binman and how to use them,
1326 see entries.rst which is generated from the source code using:
1328 binman entry-docs >tools/binman/entries.rst
1342 It is possible to list the entries in an existing firmware image created by
1343 binman, provided that there is an 'fdtmap' entry in the image. For example::
1345 $ binman ls -i image.bin
1346 Name Image-pos Size Entry-type Offset Uncomp-size
1347 ----------------------------------------------------------------------
1348 main-section c00 section 0
1350 section 5fc section 4
1352 u-boot 138 4 u-boot 38
1353 u-boot-dtb 180 108 u-boot-dtb 80 3b5
1354 u-boot-dtb 500 1ff u-boot-dtb 400 3b5
1355 fdtmap 6fc 381 fdtmap 6fc
1356 image-header bf8 8 image-header bf8
1358 This shows the hierarchy of the image, the position, size and type of each
1359 entry, the offset of each entry within its parent and the uncompressed size if
1360 the entry is compressed.
1362 It is also possible to list just some files in an image, e.g.::
1364 $ binman ls -i image.bin section/cbfs
1365 Name Image-pos Size Entry-type Offset Uncomp-size
1366 --------------------------------------------------------------------
1368 u-boot 138 4 u-boot 38
1369 u-boot-dtb 180 108 u-boot-dtb 80 3b5
1373 $ binman ls -i image.bin "*cb*" "*head*"
1374 Name Image-pos Size Entry-type Offset Uncomp-size
1375 ----------------------------------------------------------------------
1377 u-boot 138 4 u-boot 38
1378 u-boot-dtb 180 108 u-boot-dtb 80 3b5
1379 image-header bf8 8 image-header bf8
1381 If an older version of binman is used to list images created by a newer one, it
1382 is possible that it will contain entry types that are not supported. These still
1383 show with the correct type, but binman just sees them as blobs (plain binary
1384 data). Any special features of that etype are not supported by the old binman.
1387 Extracting files from images
1388 ----------------------------
1390 You can extract files from an existing firmware image created by binman,
1391 provided that there is an 'fdtmap' entry in the image. For example::
1393 $ binman extract -i image.bin section/cbfs/u-boot
1395 which will write the uncompressed contents of that entry to the file 'u-boot' in
1396 the current directory. You can also extract to a particular file, in this case
1399 $ binman extract -i image.bin section/cbfs/u-boot -f u-boot.bin
1401 It is possible to extract all files into a destination directory, which will
1402 put files in subdirectories matching the entry hierarchy::
1404 $ binman extract -i image.bin -O outdir
1406 or just a selection::
1408 $ binman extract -i image.bin "*u-boot*" -O outdir
1410 Some entry types have alternative formats, for example fdtmap which allows
1411 extracted just the devicetree binary without the fdtmap header::
1413 $ binman extract -i /tmp/b/odroid-c4/image.bin -f out.dtb -F fdt fdtmap
1416 // magic: 0xd00dfeed
1417 // totalsize: 0x8ab (2219)
1418 // off_dt_struct: 0x38
1419 // off_dt_strings: 0x82c
1420 // off_mem_rsvmap: 0x28
1422 // last_comp_version: 2
1423 // boot_cpuid_phys: 0x0
1424 // size_dt_strings: 0x7f
1425 // size_dt_struct: 0x7f4
1428 image-node = "binman";
1429 image-pos = <0x00000000>;
1430 size = <0x0011162b>;
1433 Use `-F list` to see what alternative formats are available::
1435 $ binman extract -i /tmp/b/odroid-c4/image.bin -F list
1436 Flag (-F) Entry type Description
1437 fdt fdtmap Extract the devicetree blob from the fdtmap
1440 Replacing files in an image
1441 ---------------------------
1443 You can replace files in an existing firmware image created by binman, provided
1444 that there is an 'fdtmap' entry in the image. For example::
1446 $ binman replace -i image.bin section/cbfs/u-boot
1448 which will write the contents of the file 'u-boot' from the current directory
1449 to the that entry, compressing if necessary. If the entry size changes, you must
1450 add the 'allow-repack' property to the original image before generating it (see
1451 above), otherwise you will get an error.
1453 You can also use a particular file, in this case u-boot.bin::
1455 $ binman replace -i image.bin section/cbfs/u-boot -f u-boot.bin
1457 It is possible to replace all files from a source directory which uses the same
1458 hierarchy as the entries::
1460 $ binman replace -i image.bin -I indir
1462 Files that are missing will generate a warning.
1464 You can also replace just a selection of entries::
1466 $ binman replace -i image.bin "*u-boot*" -I indir
1468 It is possible to replace whole sections as well, but in that case any
1469 information about entries within the section may become outdated. This is
1470 because Binman cannot know whether things have moved around or resized within
1471 the section, once you have updated its data.
1473 Technical note: With 'allow-repack', Binman writes information about the
1474 original offset and size properties of each entry, if any were specified, in
1475 the 'orig-offset' and 'orig-size' properties. This allows Binman to distinguish
1476 between an entry which ended up being packed at an offset (or assigned a size)
1477 and an entry which had a particular offset / size requested in the Binman
1478 configuration. Where are particular offset / size was requested, this is treated
1479 as set in stone, so Binman will ensure it doesn't change. Without this feature,
1480 repacking an entry might cause it to disobey the original constraints provided
1481 when it was created.
1483 Repacking an image involves
1486 Signing FIT container with private key in an image
1487 --------------------------------------------------
1489 You can sign FIT container with private key in your image.
1492 $ binman sign -i image.bin -k privatekey -a sha256,rsa4096 fit
1494 binman will extract FIT container, sign and replace it immediately.
1496 If you want to sign and replace FIT container in place::
1498 $ binman sign -i image.bin -k privatekey -a sha256,rsa4096 -f fit.fit fit
1500 which will sign FIT container with private key and replace it immediately
1503 .. _`BinmanLogging`:
1508 Binman normally operates silently unless there is an error, in which case it
1509 just displays the error. The -D/--debug option can be used to create a full
1510 backtrace when errors occur. You can use BINMAN_DEBUG=1 when building to select
1513 Internally binman logs some output while it is running. This can be displayed
1514 by increasing the -v/--verbosity from the default of 1:
1518 2: notices (important messages)
1519 3: info about major operations
1520 4: detailed information about each operation
1521 5: debug (all output)
1523 You can use BINMAN_VERBOSE=5 (for example) when building to select this.
1529 `Bintool` is the name binman gives to a binary tool which it uses to create and
1530 manipulate binaries that binman cannot handle itself. Bintools are often
1531 necessary since Binman only supports a subset of the available file formats
1534 Many SoC vendors invent ways to load code into their SoC using new file formats,
1535 sometimes changing the format with successive SoC generations. Sometimes the
1536 tool is available as Open Source. Sometimes it is a pre-compiled binary that
1537 must be downloaded from the vendor's website. Sometimes it is available in
1538 source form but difficult or slow to build.
1540 Even for images that use bintools, binman still assembles the image from its
1541 image description. It may handle parts of the image natively and part with
1544 Binman relies on these tools so provides various features to manage them:
1546 - Determining whether the tool is currently installed
1547 - Downloading or building the tool
1548 - Determining the version of the tool that is installed
1549 - Deciding which tools are needed to build an image
1551 The Bintool class is an interface to the tool, a thin level of abstration, using
1552 Python functions to run the tool for each purpose (e.g. creating a new
1553 structure, adding a file to an existing structure) rather than just lists of
1556 As with external blobs, bintools (which are like 'external' tools) can be
1557 missing. When building an image requires a bintool and it is not installed,
1558 binman detects this and reports the problem, but continues to build an image.
1559 This is useful in CI systems which want to check that everything is correct but
1560 don't have access to the bintools.
1562 To make this work, all calls to bintools (e.g. with Bintool.run_cmd()) must cope
1563 with the tool being missing, i.e. when None is returned, by:
1565 - Calling self.record_missing_bintool()
1566 - Setting up some fake contents so binman can continue
1568 Of course the image will not work, but binman reports which bintools are needed
1569 and also provide a way to fetch them.
1571 To see the available bintools, use::
1575 To fetch tools which are missing, use::
1577 binman tool --fetch missing
1579 You can also use `--fetch all` to fetch all tools or `--fetch <tool>` to fetch
1580 a particular tool. Some tools are built from source code, in which case you will
1581 need to have at least the `build-essential` and `git` packages installed.
1583 Tools are fetched into the `~/.binman-tools` directory. This directory is
1584 automatically added to the toolpath so there is no need to use `--toolpath` to
1585 specify it. If you want to use these tools outside binman, you may want to
1586 add this directory to your `PATH`. For example, if you use bash, add this to
1587 the end of `.bashrc`::
1589 PATH="$HOME/.binman-tools:$PATH"
1591 To select a custom directory, use the `--tooldir` option.
1593 Bintool Documentation
1594 =====================
1596 To provide details on the various bintools supported by binman, bintools.rst is
1597 generated from the source code using:
1599 binman bintool-docs >tools/binman/bintools.rst
1606 Binman commands and arguments
1607 =============================
1611 binman [-h] [-B BUILD_DIR] [-D] [--tooldir TOOLDIR] [-H]
1612 [--toolpath TOOLPATH] [-T THREADS] [--test-section-timeout]
1614 {build,bintool-docs,entry-docs,ls,extract,replace,test,tool} ...
1616 Binman provides the following commands:
1618 - **build** - build images
1619 - **bintools-docs** - generate documentation about bintools
1620 - **entry-docs** - generate documentation about entry types
1621 - **ls** - list an image
1622 - **extract** - extract files from an image
1623 - **replace** - replace one or more entries in an image
1624 - **test** - run tests
1625 - **tool** - manage bintools
1630 Show help message and exit
1632 -B BUILD_DIR, --build-dir BUILD_DIR
1633 Directory containing the build output
1636 Enabling debugging (provides a full traceback on error)
1638 --tooldir TOOLDIR Set the directory to store tools
1641 Display the README file
1644 Add a path to the list of directories containing tools
1646 -T THREADS, --threads THREADS
1647 Number of threads to use (0=single-thread). Note that -T0 is useful for
1648 debugging since everything runs in one thread.
1650 -v VERBOSITY, --verbosity VERBOSITY
1651 Control verbosity: 0=silent, 1=warnings, 2=notices, 3=info, 4=detail,
1655 Show the binman version
1659 --test-section-timeout
1660 Use a zero timeout for section multi-threading (for testing)
1662 Commands are described below.
1667 This builds one or more images using the provided image description.
1671 binman build [-h] [-a ENTRY_ARG] [-b BOARD] [-d DT] [--fake-dtb]
1672 [--fake-ext-blobs] [--force-missing-bintools FORCE_MISSING_BINTOOLS]
1673 [-i IMAGE] [-I INDIR] [-m] [-M] [-n] [-O OUTDIR] [-p] [-u]
1674 [--update-fdt-in-elf UPDATE_FDT_IN_ELF] [-W]
1679 Show help message and exit
1681 -a ENTRY_ARG, --entry-arg ENTRY_ARG
1682 Set argument value `arg=value`. See
1683 `Passing command-line arguments to entries`_.
1685 -b BOARD, --board BOARD
1686 Board name to build. This can be used instead of `-d`, in which case the
1687 file `u-boot.dtb` is used, within the build directory's board subdirectory.
1690 Configuration file (.dtb) to use. This must have a top-level node called
1691 `binman`. See `Image description format`_.
1693 -i IMAGE, --image IMAGE
1694 Image filename to build (if not specified, build all)
1696 -I INDIR, --indir INDIR
1697 Add a path to the list of directories to use for input files. This can be
1698 specified multiple times to add more than one path.
1701 Output a map file for each image. See `Map files`_.
1704 Allow external blobs and bintools to be missing. See `External blobs`_.
1707 Don't use 'expanded' versions of entries where available; normally 'u-boot'
1708 becomes 'u-boot-expanded', for example. See `Expanded entries`_.
1710 -O OUTDIR, --outdir OUTDIR
1711 Path to directory to use for intermediate and output files
1714 Preserve temporary output directory even if option -O is not given
1717 Update the binman node with offset/size info. See
1718 `Access to binman entry offsets at run time (fdt)`_.
1720 --update-fdt-in-elf UPDATE_FDT_IN_ELF
1721 Update an ELF file with the output dtb. The argument is a string consisting
1722 of four parts, separated by commas. See `Updating an ELF file`_.
1724 -W, --ignore-missing
1725 Return success even if there are missing blobs/bintools (requires -M)
1727 Options used only for testing:
1730 Use fake device tree contents
1733 Create fake ext blobs with dummy content
1735 --force-missing-bintools FORCE_MISSING_BINTOOLS
1736 Comma-separated list of bintools to consider missing
1743 binman bintool-docs [-h]
1745 This outputs documentation for the bintools in rST format. See
1746 `Bintool Documentation`_.
1753 binman entry-docs [-h]
1755 This outputs documentation for the entry types in rST format. See
1756 `Entry Documentation`_.
1763 binman ls [-h] -i IMAGE [paths ...]
1765 Positional arguments:
1768 Paths within file to list (wildcard)
1773 show help message and exit
1775 -i IMAGE, --image IMAGE
1776 Image filename to list
1778 This lists an image, showing its contents. See `Listing images`_.
1785 binman extract [-h] [-F FORMAT] -i IMAGE [-f FILENAME] [-O OUTDIR] [-U]
1788 Positional arguments:
1791 Paths within file to extract (wildcard)
1796 show help message and exit
1798 -F FORMAT, --format FORMAT
1799 Select an alternative format for extracted data
1801 -i IMAGE, --image IMAGE
1802 Image filename to extract
1804 -f FILENAME, --filename FILENAME
1805 Output filename to write to
1807 -O OUTDIR, --outdir OUTDIR
1808 Path to directory to use for output files
1811 Output raw uncompressed data for compressed entries
1813 This extracts the contents of entries from an image. See
1814 `Extracting files from images`_.
1821 binman replace [-h] [-C] -i IMAGE [-f FILENAME] [-F] [-I INDIR] [-m]
1824 Positional arguments:
1827 Paths within file to replace (wildcard)
1832 show help message and exit
1835 Input data is already compressed if needed for the entry
1837 -i IMAGE, --image IMAGE
1838 Image filename to update
1840 -f FILENAME, --filename FILENAME
1841 Input filename to read from
1844 Don't allow entries to be resized
1846 -I INDIR, --indir INDIR
1847 Path to directory to use for input files
1850 Output a map file for the updated image
1852 -O OUTDIR, --outdir OUTDIR
1853 Path to directory to use for intermediate and output files
1856 Preserve temporary output directory even if option -O is not given
1858 This replaces one or more entries in an existing image. See
1859 `Replacing files in an image`_.
1866 binman test [-h] [-P PROCESSES] [-T] [-X] [tests ...]
1868 Positional arguments:
1871 Test names to run (omit for all)
1876 show help message and exit
1878 -P PROCESSES, --processes PROCESSES
1879 set number of processes to use for running tests. This defaults to the
1880 number of CPUs on the machine
1883 run tests and check for 100% coverage
1885 -X, --test-preserve-dirs
1886 Preserve and display test-created input directories; also preserve the
1887 output directory if a single test is run (pass test name at the end of the
1895 binman sign [-h] -a ALGO [-f FILE] -i IMAGE -k KEY [paths ...]
1897 positional arguments:
1900 Paths within file to sign (wildcard)
1905 show this help message and exit
1907 -a ALGO, --algo ALGO
1908 Hash algorithm e.g. sha256,rsa4096
1910 -f FILE, --file FILE
1911 Input filename to sign
1913 -i IMAGE, --image IMAGE
1914 Image filename to update
1917 Private key file for signing
1924 binman tool [-h] [-l] [-f] [bintools ...]
1926 Positional arguments:
1934 show help message and exit
1937 List all known bintools
1940 Fetch a bintool from a known location. Use `all` to fetch all and `missing`
1941 to fetch any missing tools.
1947 Order of image creation
1948 -----------------------
1950 Image creation proceeds in the following order, for each entry in the image.
1952 1. AddMissingProperties() - binman can add calculated values to the device
1953 tree as part of its processing, for example the offset and size of each
1954 entry. This method adds any properties associated with this, expanding the
1955 device tree as needed. These properties can have placeholder values which are
1956 set later by SetCalculatedProperties(). By that stage the size of sections
1957 cannot be changed (since it would cause the images to need to be repacked),
1958 but the correct values can be inserted.
1960 2. ProcessFdt() - process the device tree information as required by the
1961 particular entry. This may involve adding or deleting properties. If the
1962 processing is complete, this method should return True. If the processing
1963 cannot complete because it needs the ProcessFdt() method of another entry to
1964 run first, this method should return False, in which case it will be called
1967 3. GetEntryContents() - the contents of each entry are obtained, normally by
1968 reading from a file. This calls the Entry.ObtainContents() to read the
1969 contents. The default version of Entry.ObtainContents() calls
1970 Entry.GetDefaultFilename() and then reads that file. So a common mechanism
1971 to select a file to read is to override that function in the subclass. The
1972 functions must return True when they have read the contents. Binman will
1973 retry calling the functions a few times if False is returned, allowing
1974 dependencies between the contents of different entries.
1976 4. GetEntryOffsets() - calls Entry.GetOffsets() for each entry. This can
1977 return a dict containing entries that need updating. The key should be the
1978 entry name and the value is a tuple (offset, size). This allows an entry to
1979 provide the offset and size for other entries. The default implementation
1980 of GetEntryOffsets() returns {}.
1982 5. PackEntries() - calls Entry.Pack() which figures out the offset and
1983 size of an entry. The 'current' image offset is passed in, and the function
1984 returns the offset immediately after the entry being packed. The default
1985 implementation of Pack() is usually sufficient.
1987 Note: for sections, this also checks that the entries do not overlap, nor extend
1988 outside the section. If the section does not have a defined size, the size is
1989 set large enough to hold all the entries. For entries that are explicitly marked
1990 as overlapping, this check is skipped.
1992 6. SetImagePos() - sets the image position of every entry. This is the absolute
1993 position 'image-pos', as opposed to 'offset' which is relative to the containing
1994 section. This must be done after all offsets are known, which is why it is quite
1995 late in the ordering.
1997 7. SetCalculatedProperties() - update any calculated properties in the device
1998 tree. This sets the correct 'offset' and 'size' vaues, for example.
2000 8. ProcessEntryContents() - this calls Entry.ProcessContents() on each entry.
2001 The default implementatoin does nothing. This can be overriden to adjust the
2002 contents of an entry in some way. For example, it would be possible to create
2003 an entry containing a hash of the contents of some other entries. At this
2004 stage the offset and size of entries should not be adjusted unless absolutely
2005 necessary, since it requires a repack (going back to PackEntries()).
2007 9. ResetForPack() - if the ProcessEntryContents() step failed, in that an entry
2008 has changed its size, then there is no alternative but to go back to step 5 and
2009 try again, repacking the entries with the updated size. ResetForPack() removes
2010 the fixed offset/size values added by binman, so that the packing can start from
2013 10. WriteSymbols() - write the value of symbols into the U-Boot SPL binary.
2014 See 'Access to binman entry offsets at run time' below for a description of
2015 what happens in this stage.
2017 11. BuildImage() - builds the image and writes it to a file
2019 12. WriteMap() - writes a text file containing a map of the image. This is the
2023 .. _`External tools`:
2028 Binman can make use of external command-line tools to handle processing of
2029 entry contents or to generate entry contents. These tools are executed using
2030 the 'tools' module's Run() method. The tools generally must exist on the PATH,
2031 but the --toolpath option can be used to specify additional search paths to
2032 use. This option can be specified multiple times to add more than one path.
2034 For some compile tools binman will use the versions specified by commonly-used
2035 environment variables like CC and HOSTCC for the C compiler, based on whether
2036 the tool's output will be used for the target or for the host machine. If those
2037 aren't given, it will also try to derive target-specific versions from the
2038 CROSS_COMPILE environment variable during a cross-compilation.
2040 If the tool is not available in the path you can use BINMAN_TOOLPATHS to specify
2041 a space-separated list of paths to search, e.g.::
2043 BINMAN_TOOLPATHS="/tools/g12a /tools/tegra" binman ...
2046 .. _`External blobs`:
2051 Binary blobs, even if the source code is available, complicate building
2052 firmware. The instructions can involve multiple steps and the binaries may be
2053 hard to build or obtain. Binman at least provides a unified description of how
2054 to build the final image, no matter what steps are needed to get there.
2056 Binman also provides a `blob-ext` entry type that pulls in a binary blob from an
2057 external file. If the file is missing, binman can optionally complete the build
2058 and just report a warning. Use the `-M/--allow-missing` option to enble this.
2059 This is useful in CI systems which want to check that everything is correct but
2060 don't have access to the blobs.
2062 If the blobs are in a different directory, you can specify this with the `-I`
2065 For U-Boot, you can use set the BINMAN_INDIRS environment variable to provide a
2066 space-separated list of directories to search for binary blobs::
2068 BINMAN_INDIRS="odroid-c4/fip/g12a \
2069 odroid-c4/build/board/hardkernel/odroidc4/firmware \
2070 odroid-c4/build/scp_task" binman ...
2072 Note that binman fails with exit code 103 when there are missing blobs. If you
2073 wish binman to continue anyway, you can pass `-W` to binman.
2079 Binman is a critical tool and is designed to be very testable. Entry
2080 implementations target 100% test coverage. Run 'binman test -T' to check this.
2082 To enable Python test coverage on Debian-type distributions (e.g. Ubuntu)::
2084 $ sudo apt-get install python-coverage python3-coverage python-pytest
2090 Binman produces the following exit codes:
2096 Any sort of failure - see output for more details
2099 There are missing external blobs or bintools. This is only returned if
2100 -M is passed to binman, otherwise missing blobs return an exit status of 1.
2101 Note, if -W is passed as well as -M, then this is converted into a warning
2102 and will return an exit status of 0 instead.
2105 U-Boot environment variables for binman
2106 ---------------------------------------
2108 The U-Boot Makefile supports various environment variables to control binman.
2109 All of these are set within the Makefile and result in passing various
2110 environment variables (or make flags) to binman:
2113 Enables backtrace debugging by adding a `-D` argument. See
2114 :ref:`BinmanLogging`.
2117 Sets the search path for input files used by binman by adding one or more
2118 `-I` arguments. See :ref:`External blobs`.
2121 Sets the search path for external tool used by binman by adding one or more
2122 `--toolpath` arguments. See :ref:`External tools`.
2125 Sets the logging verbosity of binman by adding a `-v` argument. See
2126 :ref:`BinmanLogging`.
2132 This section provides some guidance for some of the less obvious error messages
2136 Expected __bss_size symbol
2137 ~~~~~~~~~~~~~~~~~~~~~~~~~~
2141 binman: Node '/binman/u-boot-spl-ddr/u-boot-spl/u-boot-spl-bss-pad':
2142 Expected __bss_size symbol in spl/u-boot-spl
2144 This indicates that binman needs the `__bss_size` symbol to be defined in the
2145 SPL binary, where `spl/u-boot-spl` is the ELF file containing the symbols. The
2146 symbol tells binman the size of the BSS region, in bytes. It needs this to be
2147 able to pad the image so that the following entries do not overlap the BSS,
2148 which would cause them to be overwritte by variable access in SPL.
2150 This symbols is normally defined in the linker script, immediately after
2151 _bss_start and __bss_end are defined, like this::
2153 __bss_size = __bss_end - __bss_start;
2155 You may need to add it to your linker script if you get this error.
2161 Binman tries to run tests concurrently. This means that the tests make use of
2162 all available CPUs to run.
2166 $ sudo apt-get install python-subunit python3-subunit
2168 Use '-P 1' to disable this. It is automatically disabled when code coverage is
2169 being used (-T) since they are incompatible.
2175 Sometimes when debugging tests it is useful to keep the input and output
2176 directories so they can be examined later. Use -X or --test-preserve-dirs for
2180 Running tests on non-x86 architectures
2181 --------------------------------------
2183 Binman's tests have been written under the assumption that they'll be run on a
2184 x86-like host and there hasn't been an attempt to make them portable yet.
2185 However, it's possible to run the tests by cross-compiling to x86.
2187 To install an x86 cross-compiler on Debian-type distributions (e.g. Ubuntu)::
2189 $ sudo apt-get install gcc-x86-64-linux-gnu
2191 Then, you can run the tests under cross-compilation::
2193 $ CROSS_COMPILE=x86_64-linux-gnu- binman test -T
2195 You can also use gcc-i686-linux-gnu similar to the above.
2198 Writing new entries and debugging
2199 ---------------------------------
2201 The behaviour of entries is defined by the Entry class. All other entries are
2202 a subclass of this. An important subclass is Entry_blob which takes binary
2203 data from a file and places it in the entry. In fact most entry types are
2204 subclasses of Entry_blob.
2206 Each entry type is a separate file in the tools/binman/etype directory. Each
2207 file contains a class called Entry_<type> where <type> is the entry type.
2208 New entry types can be supported by adding new files in that directory.
2209 These will automatically be detected by binman when needed.
2211 Entry properties are documented in entry.py. The entry subclasses are free
2212 to change the values of properties to support special behaviour. For example,
2213 when Entry_blob loads a file, it sets content_size to the size of the file.
2214 Entry classes can adjust other entries. For example, an entry that knows
2215 where other entries should be positioned can set up those entries' offsets
2216 so they don't need to be set in the binman decription. It can also adjust
2219 Most of the time such essoteric behaviour is not needed, but it can be
2220 essential for complex images.
2222 If you need to specify a particular device-tree compiler to use, you can define
2223 the DTC environment variable. This can be useful when the system dtc is too
2226 To enable a full backtrace and other debugging features in binman, pass
2227 BINMAN_DEBUG=1 to your build::
2229 make qemu-x86_defconfig
2232 To enable verbose logging from binman, base BINMAN_VERBOSE to your build, which
2233 adds a -v<level> option to the call to binman::
2235 make qemu-x86_defconfig
2236 make BINMAN_VERBOSE=5
2239 Building sections in parallel
2240 -----------------------------
2242 By default binman uses multiprocessing to speed up compilation of large images.
2243 This works at a section level, with one thread for each entry in the section.
2244 This can speed things up if the entries are large and use compression.
2246 This feature can be disabled with the '-T' flag, which defaults to a suitable
2247 value for your machine. This depends on the Python version, e.g on v3.8 it uses
2248 12 threads on an 8-core machine. See ConcurrentFutures_ for more details.
2250 The special value -T0 selects single-threaded mode, useful for debugging during
2251 development, since dealing with exceptions and problems in threads is more
2252 difficult. This avoids any use of ThreadPoolExecutor.
2255 Collecting data for an entry type
2256 ---------------------------------
2258 Some entry types deal with data obtained from others. For example,
2259 `Entry_mkimage` calls the `mkimage` tool with data from its subnodes::
2262 args = "-n test -T script";
2271 This shows mkimage being passed a file consisting of SPL and U-Boot proper. It
2272 is created by calling `Entry.collect_contents_to_file()`. Note that in this
2273 case, the data is passed to mkimage for processing but does not appear
2274 separately in the image. It may not appear at all, depending on what mkimage
2275 does. The contents of the `mkimage` entry are entirely dependent on the
2276 processing done by the entry, with the provided subnodes (`u-boot-spl` and
2277 `u-boot`) simply providing the input data for that processing.
2279 Note that `Entry.collect_contents_to_file()` simply concatenates the data from
2280 the different entries together, with no control over alignment, etc. Another
2281 approach is to subclass `Entry_section` so that those features become available,
2282 such as `size` and `pad-byte`. Then the contents of the entry can be obtained by
2283 calling `super().BuildSectionData()` in the entry's BuildSectionData()
2284 implementation to get the input data, then write it to a file and process it
2287 There are other ways to obtain data also, depending on the situation. If the
2288 entry type is simply signing data which exists elsewhere in the image, then
2289 you can use `Entry_collection` as a base class. It lets you use a property
2290 called `content` which lists the entries containing data to be processed. This
2291 is used by `Entry_vblock`, for example::
2297 content = <&u_boot &dtb>;
2298 keyblock = "firmware.keyblock";
2299 signprivate = "firmware_data_key.vbprivk";
2301 kernelkey = "kernel_subkey.vbpubk";
2302 preamble-flags = <1>;
2308 which shows an image containing `u-boot` and `u-boot-dtb`, with the `vblock`
2309 image collecting their contents to produce input for its signing process,
2310 without affecting those entries, which still appear in the final image
2313 Another example is where an entry type needs several independent pieces of input
2314 to function. For example, `Entry_fip` allows a number of different binary blobs
2315 to be placed in their own individual places in a custom data structure in the
2316 output image. To make that work you can add subnodes for each of them and call
2317 `Entry.Create()` on each subnode, as `Entry_fip` does. Then the data for each
2318 blob can come from any suitable place, such as an `Entry_u_boot` or an
2319 `Entry_blob` or anything else::
2322 fip-hdr-flags = /bits/ 64 <0x123>;
2324 fip-flags = /bits/ 64 <0x123456789abcdef>;
2325 filename = "bl31.bin";
2329 fip-uuid = [fc 65 13 92 4a 5b 11 ec
2330 94 35 ff 2d 1c fc 79 9c];
2334 The `soc-fw` node is a `blob-ext` (i.e. it reads in a named binary file) whereas
2335 `u-boot` is a normal entry type. This works because `Entry_fip` selects the
2336 `blob-ext` entry type if the node name (here `soc-fw`) is recognised as being
2339 When adding new entry types you are encouraged to use subnodes to provide the
2340 data for processing, unless the `content` approach is more suitable. Consider
2341 whether the input entries are contained within (or consumed by) the entry, vs
2342 just being 'referenced' by the entry. In the latter case, the `content` approach
2343 makes more sense. Ad-hoc properties and other methods of obtaining data are
2344 discouraged, since it adds to confusion for users.
2349 Binman takes a lot of inspiration from a Chrome OS tool called
2350 'cros_bundle_firmware', which I wrote some years ago. That tool was based on
2351 a reasonably simple and sound design but has expanded greatly over the
2352 years. In particular its handling of x86 images is convoluted.
2354 Quite a few lessons have been learned which are hopefully applied here.
2360 On the face of it, a tool to create firmware images should be fairly simple:
2361 just find all the input binaries and place them at the right place in the
2362 image. The difficulty comes from the wide variety of input types (simple
2363 flat binaries containing code, packaged data with various headers), packing
2364 requirments (alignment, spacing, device boundaries) and other required
2365 features such as hierarchical images.
2367 The design challenge is to make it easy to create simple images, while
2368 allowing the more complex cases to be supported. For example, for most
2369 images we don't much care exactly where each binary ends up, so we should
2370 not have to specify that unnecessarily.
2372 New entry types should aim to provide simple usage where possible. If new
2373 core features are needed, they can be added in the Entry base class.
2381 - Use of-platdata to make the information available to code that is unable
2382 to use device tree (such as a very small SPL image). For now, limited info is
2383 available via linker symbols
2384 - Allow easy building of images by specifying just the board name
2385 - Support building an image for a board (-b) more completely, with a
2386 configurable build directory
2387 - Detect invalid properties in nodes
2388 - Sort the fdtmap by offset
2389 - Output temporary files to a different directory
2390 - Rationalise the fdt, fdt_util and pylibfdt modules which currently have some
2391 overlapping and confusing functionality
2392 - Update the fdt library to use a better format for Prop.value (the current one
2393 is useful for dtoc but not much else)
2394 - Figure out how to make Fdt support changing the node order, so that
2395 Node.AddSubnode() can support adding a node before another, existing node.
2396 Perhaps it should completely regenerate the flat tree?
2397 - Support images which depend on each other
2400 Simon Glass <sjg@chromium.org>
2403 .. _ConcurrentFutures: https://docs.python.org/3/library/concurrent.futures.html#concurrent.futures.ThreadPoolExecutor