From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D92EAC433EF for ; Wed, 25 May 2022 15:15:15 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 558A2842FF; Wed, 25 May 2022 17:15:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="VHTxw8Nd"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 40DB68430D; Wed, 25 May 2022 17:15:09 +0200 (CEST) Received: from lelv0142.ext.ti.com (lelv0142.ext.ti.com [198.47.23.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E3E0884300 for ; Wed, 25 May 2022 17:15:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=afd@ti.com Received: from fllv0035.itg.ti.com ([10.64.41.0]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id 24PFEoXw122470; Wed, 25 May 2022 10:14:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1653491690; bh=QyjEgXO6VbFop8bSwqzWxXQMdszniPsX1dMVQK8K8FY=; h=Date:Subject:To:CC:References:From:In-Reply-To; b=VHTxw8Ndka38GYNcHEtRZcIoVjrcXSfQFiaJ68TX8v0Bn0R1YrtMSYPHCQKistajw 3nVbnM535Upvi/7rogtqcBsTPi3nRZB2j59rmWy6tHctrEZ7CMQY3SxQszCahwfO5k Fwl+M83ASY3Sq1HEFjgVgM+FiJDTwGOUDgsKXFAg= Received: from DLEE114.ent.ti.com (dlee114.ent.ti.com [157.170.170.25]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 24PFEoxR067042 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 25 May 2022 10:14:50 -0500 Received: from DLEE103.ent.ti.com (157.170.170.33) by DLEE114.ent.ti.com (157.170.170.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14; Wed, 25 May 2022 10:14:49 -0500 Received: from lelv0327.itg.ti.com (10.180.67.183) by DLEE103.ent.ti.com (157.170.170.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14 via Frontend Transport; Wed, 25 May 2022 10:14:50 -0500 Received: from [10.247.31.37] (ileax41-snat.itg.ti.com [10.172.224.153]) by lelv0327.itg.ti.com (8.15.2/8.15.2) with ESMTP id 24PFEn4a022085; Wed, 25 May 2022 10:14:49 -0500 Message-ID: <28124041-81c8-265f-5f54-57a7fb7562e4@ti.com> Date: Wed, 25 May 2022 10:14:49 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Content-Language: en-US To: Roger Quadros , , , CC: , , References: <20220509072936.12899-1-rogerq@kernel.org> <20220509072936.12899-4-rogerq@kernel.org> <3dec7c74-e486-79da-e4e7-cad6205471a5@ti.com> From: Andrew Davis In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 5/25/22 3:30 AM, Roger Quadros wrote: > Hi Andrew, > > On 25/05/2022 01:03, Andrew Davis wrote: >> On 5/9/22 2:29 AM, Roger Quadros wrote: >>> Introduce k3-am642-evm-binman.dtsi to provide binman configuration. >>> >>> R5 build is still not converted to use binman so restrict binman.dtsi >>> to A53 builds only. >>> >>> This patch also take care of building Secure (HS) images using >>> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set. >>> >>> Signed-off-by: Roger Quadros >>> --- >>>   arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++ >>>   arch/arm/dts/k3-am642-evm-u-boot.dtsi |   3 + >>>   arch/arm/mach-k3/Kconfig              |   1 + >>>   arch/arm/mach-k3/config.mk            |   7 + >>>   4 files changed, 241 insertions(+) >>>   create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi >>> >>> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi >>> new file mode 100644 >>> index 0000000000..9e85ef41b0 >>> --- /dev/null >>> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi >>> @@ -0,0 +1,230 @@ >>> +// SPDX-License-Identifier: GPL-2.0 >>> +/* >>> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/ >>> + */ >>> + >>> +/ { >>> +    binman: binman { >>> +        multiple-images; >>> +    }; >>> +}; >>> + >>> +#ifdef CONFIG_TARGET_AM642_A53_EVM >>> + >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +#define TISPL "tispl.bin_HS" >>> +#define UBOOT_IMG "u-boot.img_HS" >>> +#else >>> +#define TISPL "tispl.bin" >>> +#define UBOOT_IMG "u-boot.img" >>> +#endif >>> + >>> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin" >>> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb" >>> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb" >>> + >>> +#define UBOOT_NODTB "u-boot-nodtb.bin" >>> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb" >>> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb" >>> + >>> +&binman { >>> +    ti-spl { >>> +        filename = TISPL; >>> +        pad-byte = <0xff>; >>> + >>> +        fit { >>> +            description = "Configuration to load ATF and SPL"; >>> +            #address-cells = <1>; >>> + >>> +            images { >>> + >>> +                atf { >>> +                    description = "ARM Trusted Firmware"; >>> +                    type = "firmware"; >>> +                    arch = "arm64"; >>> +                    compression = "none"; >>> +                    os = "arm-trusted-firmware"; >>> +                    load = ; >>> +                    entry = ; >>> +                    atf-bl31 { >>> +                        filename = "bl31.bin"; >>> +                    }; >> >> >> On HS, bl31.bin and the below TEE and DM images must also be signed >> before being packaged into tispl.bin. >> Can we add signing here? > > I'm wondering how this is working as is on HS boards. > Today we manually sign those two before we feed them to U-Boot build. I'd like to fix that and have them signed along with all the other parts here when packaging them together. > Another thing to note is that the atf and tee entries take into consideration > the below environment variables > -a atf-bl31-path=${BL31} \ > -a tee-os-path=${TEE} \ > > How do we continue to support that while adding the signing bits? > That's my question also, I'm not sure how we would make the type 'ti-secure' while also changing their path names, seems like a limitation currently of using etypes to do the signing, since we can do path renames from command line. Andrew > cheers, > -roger > >> >> Andrew >> >> >>> +                }; >>> + >>> +                tee { >>> +                    description = "OPTEE"; >>> +                    type = "tee"; >>> +                    arch = "arm64"; >>> +                    compression = "none"; >>> +                    os = "tee"; >>> +                    load = <0x9e800000>; >>> +                    entry = <0x9e800000>; >>> +                    tee-os { >>> +                        filename = "tee-pager_v2.bin"; >>> +                    }; >>> +                }; >>> + >>> +                dm { >>> +                    description = "DM binary"; >>> +                    type = "firmware"; >>> +                    arch = "arm32"; >>> +                    compression = "none"; >>> +                    os = "DM"; >>> +                    load = <0x89000000>; >>> +                    entry = <0x89000000>; >>> +                    blob-ext { >>> +                        filename = "/dev/null"; >>> +                    }; >>> +                }; >>> + >>> +                spl { >>> +                    description = "SPL (64-bit)"; >>> +                    type = "standalone"; >>> +                    os = "U-Boot"; >>> +                    arch = "arm64"; >>> +                    compression = "none"; >>> +                    load = <0x80080000>; >>> +                    entry = <0x80080000>; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = SPL_NODTB; >>> +                    }; >>> +                }; >>> + >>> +                fdt-1 { >>> +                    description = "k3-am642-evm"; >>> +                    type = "flat_dt"; >>> +                    arch = "arm"; >>> +                    compression = "none"; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = SPL_AM642_EVM_DTB; >>> +                    }; >>> +                }; >>> + >>> +                fdt-2 { >>> +                    description = "k3-am642-sk"; >>> +                    type = "flat_dt"; >>> +                    arch = "arm"; >>> +                    compression = "none"; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = SPL_AM642_SK_DTB; >>> +                    }; >>> +                }; >>> +            }; >>> + >>> +            configurations { >>> +                default = "conf-1"; >>> + >>> +                conf-1 { >>> +                    description = "k3-am642-evm"; >>> +                    firmware = "atf"; >>> +                    loadables = "tee", "dm", "spl"; >>> +                    fdt = "fdt-1"; >>> +                }; >>> + >>> +                conf-2 { >>> +                    description = "k3-am642-sk"; >>> +                    firmware = "atf"; >>> +                    loadables = "tee", "dm", "spl"; >>> +                    fdt = "fdt-2"; >>> +                }; >>> +            }; >>> +        }; >>> +    }; >>> +}; >>> + >>> +&binman { >>> +    u-boot { >>> +        filename = UBOOT_IMG; >>> +        pad-byte = <0xff>; >>> + >>> +        fit { >>> +            description = "FIT image with multiple configurations"; >>> + >>> +            images { >>> +                uboot { >>> +                    description = "U-Boot for am64x board"; >>> +                    type = "firmware"; >>> +                    os = "u-boot"; >>> +                    arch = "arm"; >>> +                    compression = "none"; >>> +                    load = ; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = UBOOT_NODTB; >>> +                    }; >>> +                    hash { >>> +                        algo = "crc32"; >>> +                    }; >>> +                }; >>> + >>> +                fdt-1 { >>> +                    description = "k3-am642-evm"; >>> +                    type = "flat_dt"; >>> +                    arch = "arm"; >>> +                    compression = "none"; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = AM642_EVM_DTB; >>> +                    }; >>> +                    hash { >>> +                        algo = "crc32"; >>> +                    }; >>> +                }; >>> + >>> +                fdt-2 { >>> +                    description = "k3-am642-sk"; >>> +                    type = "flat_dt"; >>> +                    arch = "arm"; >>> +                    compression = "none"; >>> +#ifdef CONFIG_TI_SECURE_DEVICE >>> +                    ti-secure { >>> +#else >>> +                    blob { >>> +#endif >>> +                        filename = AM642_SK_DTB; >>> +                    }; >>> +                    hash { >>> +                        algo = "crc32"; >>> +                    }; >>> +                }; >>> +            }; >>> + >>> +            configurations { >>> +                default = "conf-1"; >>> + >>> +                conf-1 { >>> +                    description = "k3-am642-evm"; >>> +                    firmware = "uboot"; >>> +                    loadables = "uboot"; >>> +                    fdt = "fdt-1"; >>> +                }; >>> + >>> +                conf-2 { >>> +                    description = "k3-am642-sk"; >>> +                    firmware = "uboot"; >>> +                    loadables = "uboot"; >>> +                    fdt = "fdt-2"; >>> +                }; >>> +            }; >>> +        }; >>> +    }; >>> +}; >>> +#endif >>> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi >>> index 03688a51a3..db0a529f0f 100644 >>> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi >>> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi >>> @@ -2,6 +2,9 @@ >>>   /* >>>    * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/ >>>    */ >>> +#include >>> + >>> +#include "k3-am642-evm-binman.dtsi" >>>     / { >>>       chosen { >>> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig >>> index a01bf23514..a4c561254d 100644 >>> --- a/arch/arm/mach-k3/Kconfig >>> +++ b/arch/arm/mach-k3/Kconfig >>> @@ -15,6 +15,7 @@ config SOC_K3_J721S2 >>>     config SOC_K3_AM642 >>>       bool "TI's K3 based AM642 SoC Family Support" >>> +    select BINMAN if TARGET_AM642_A53_EVM >>>     endchoice >>>   diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk >>> index da458bcfb2..d2c490818a 100644 >>> --- a/arch/arm/mach-k3/config.mk >>> +++ b/arch/arm/mach-k3/config.mk >>> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE >>>   INPUTS-y    += tiboot3.bin >>>   endif >>>   +ifndef CONFIG_BINMAN >>>   ifdef CONFIG_ARM64 >>>     ifeq ($(CONFIG_SOC_K3_J721E),) >>> @@ -77,9 +78,11 @@ cmd_k3_mkits = \ >>>   $(SPL_ITS): FORCE >>>       $(call cmd,k3_mkits) >>>   endif >>> +endif >>>     else >>>   +ifndef CONFIG_BINMAN >>>   ifeq ($(CONFIG_TI_SECURE_DEVICE),y) >>>   INPUTS-y    += u-boot.img_HS >>>   else >>> @@ -87,4 +90,8 @@ INPUTS-y    += u-boot.img >>>   endif >>>   endif >>>   +endif >>> + >>> +ifndef CONFIG_BINMAN >>>   include $(srctree)/arch/arm/mach-k3/config_secure.mk >>> +endif