* [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
@ 2022-05-09 7:29 Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 1/3] tools: binman: add ti-secure entry type Roger Quadros
` (3 more replies)
0 siblings, 4 replies; 17+ messages in thread
From: Roger Quadros @ 2022-05-09 7:29 UTC (permalink / raw)
To: sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot, Roger Quadros
Hi,
This series introduces ti-secure entry type for binman.
It switches from using custom tool tools/k3_fit_atf.sh to
binman for generating boot images for AM64 for both HS and non-HS
devices.
cheers,
-roger
Roger Quadros (3):
tools: binman: add ti-secure entry type
tools/fdtgrep: Include __symbols__ table
k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
Makefile | 1 +
arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
arch/arm/mach-k3/Kconfig | 1 +
arch/arm/mach-k3/config.mk | 7 +
tools/binman/entries.rst | 15 ++
tools/binman/etype/ti_secure.py | 59 +++++++
tools/binman/ftest.py | 7 +
tools/binman/test/225_ti_secure.dts | 14 ++
tools/fdtgrep.c | 4 +
10 files changed, 341 insertions(+)
create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
create mode 100644 tools/binman/etype/ti_secure.py
create mode 100644 tools/binman/test/225_ti_secure.dts
--
2.17.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* [u-boot PATCH 1/3] tools: binman: add ti-secure entry type
2022-05-09 7:29 [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
@ 2022-05-09 7:29 ` Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table Roger Quadros
` (2 subsequent siblings)
3 siblings, 0 replies; 17+ messages in thread
From: Roger Quadros @ 2022-05-09 7:29 UTC (permalink / raw)
To: sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot, Roger Quadros
This entry type is used to create a secured binary
for use with K3 High Security (HS) devices.
This allows us to no longer depend on k3_fit_atf.sh for
A53 SPL and u-boot image generation for HS devices.
We still depend on the availability of an external
tool provided by the TI_SECURE_DEV_PKG environment
variable to secure the binaries.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
---
Makefile | 1 +
tools/binman/entries.rst | 15 ++++++++
tools/binman/etype/ti_secure.py | 59 +++++++++++++++++++++++++++++
tools/binman/ftest.py | 7 ++++
tools/binman/test/225_ti_secure.dts | 14 +++++++
5 files changed, 96 insertions(+)
create mode 100644 tools/binman/etype/ti_secure.py
create mode 100644 tools/binman/test/225_ti_secure.dts
diff --git a/Makefile b/Makefile
index ad83d60dc3..d9aac41d60 100644
--- a/Makefile
+++ b/Makefile
@@ -1328,6 +1328,7 @@ cmd_binman = $(srctree)/tools/binman/binman $(if $(BINMAN_DEBUG),-D) \
$(foreach f,$(BINMAN_INDIRS),-I $(f)) \
-a atf-bl31-path=${BL31} \
-a tee-os-path=${TEE} \
+ -a ti-secure-dev-pkg-path=${TI_SECURE_DEV_PKG} \
-a opensbi-path=${OPENSBI} \
-a default-dt=$(default_dt) \
-a scp-path=$(SCP) \
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index 484cde5c80..c9faad51b6 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -1788,3 +1788,18 @@ may be used instead.
+Entry: ti-secure: Entry containing a Secured binary blob
+--------------------------------------------------------
+
+Properties / Entry arguments:
+ - filename: Filename of file to sign and read into entry
+
+Texas Instruments High-Security (HS) devices need secure binaries to be
+provided. This entry uses an external tool to append a x509 certificate
+to the file provided in the filename property and places it in the entry.
+
+The path for the external tool is fetched from TI_SECURE_DEV_PKG
+environment variable.
+
+
+
diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py
new file mode 100644
index 0000000000..86772994bc
--- /dev/null
+++ b/tools/binman/etype/ti_secure.py
@@ -0,0 +1,59 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (c) 2022 Texas Instruments Incorporated - https://www.ti.com/
+#
+
+# Support for secure binaries for TI K3 platform
+
+from collections import OrderedDict
+import os
+
+from binman.entry import Entry, EntryArg
+
+from dtoc import fdt_util
+from patman import tools
+
+class Entry_ti_secure(Entry):
+ """An entry which contains a secure binary for High-Security (HS) device use.
+
+ Properties / Entry arguments:
+ - filename: filename of binary file to be secured
+
+ Output files:
+ - filename_HS - output file generated by secure uility (which is
+ used as the entry contents)
+
+ """
+ def __init__(self, section, etype, node):
+ super().__init__(section, etype, node)
+ self.filename = fdt_util.GetString(self._node, 'filename')
+ self.toolpresent = False
+ if not self.filename:
+ self.Raise("ti_secure must have a 'filename' property")
+ self.toolspath, = self.GetEntryArgsOrProps(
+ [EntryArg('ti-secure-dev-pkg-path', str)])
+ if not self.toolspath:
+ print("WARNING: TI_SECURE_DEV_PKG environment " \
+ "variable must be defined for TI secure devices. " +
+ self.filename + " was NOT secured!")
+ return
+
+ self.tool = self.toolspath + "/scripts/secure-binary-image.sh"
+ self.toolpresent = os.path.exists(self.tool)
+ if not self.toolpresent:
+ print(self.tool + " not found. " +
+ self.filename + " was NOT secured!")
+
+ def ObtainContents(self):
+ input_fname = self.filename
+ output_fname = input_fname + "_HS"
+ args = [
+ input_fname, output_fname,
+ ]
+ if self.toolpresent:
+ stdout = tools.Run(self.tool, *args)
+ else:
+ stdout = tools.Run('cp', *args)
+ print(output_fname + ' not secured!')
+
+ self.SetContents(tools.ReadFile(output_fname))
+ return True
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 8f00db6945..996e4d9aa6 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -91,6 +91,7 @@ SCP_DATA = b'scp'
TEST_FDT1_DATA = b'fdt1'
TEST_FDT2_DATA = b'test-fdt2'
ENV_DATA = b'var1=1\nvar2="2"'
+TI_UNSECURE_DATA = b'this is some unsecure data'
# Subdirectory of the input dir to use to put test FDTs
TEST_FDT_SUBDIR = 'fdts'
@@ -201,6 +202,7 @@ class TestFunctional(unittest.TestCase):
TEST_FDT2_DATA)
TestFunctional._MakeInputFile('env.txt', ENV_DATA)
+ TestFunctional._MakeInputFile('ti_unsecure.bin', TI_UNSECURE_DATA)
cls.have_lz4 = comp_util.HAVE_LZ4
@@ -5321,6 +5323,11 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self.assertIn("Node '/binman/fit': Unknown operation 'unknown'",
str(exc.exception))
+ def testPackTisecure(self):
+ """Test that an image with a TI secured binary can be created"""
+ data = self._DoReadFile('225_ti_secure.dts')
+ securedata = tools.ReadFile('ti_unsecure.bin_HS')
+ self.assertGreater(len(securedata), len(data))
if __name__ == "__main__":
unittest.main()
diff --git a/tools/binman/test/225_ti_secure.dts b/tools/binman/test/225_ti_secure.dts
new file mode 100644
index 0000000000..1a9f4374f9
--- /dev/null
+++ b/tools/binman/test/225_ti_secure.dts
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};
--
2.17.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table
2022-05-09 7:29 [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 1/3] tools: binman: add ti-secure entry type Roger Quadros
@ 2022-05-09 7:29 ` Roger Quadros
2022-06-10 13:42 ` Tom Rini
2022-05-09 7:29 ` [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
2022-05-09 13:39 ` [u-boot PATCH 0/3] " Tom Rini
3 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-05-09 7:29 UTC (permalink / raw)
To: sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot, Roger Quadros
This is required for overlays to work at SPL.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
---
tools/fdtgrep.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/fdtgrep.c b/tools/fdtgrep.c
index 641d6a2e3e..d904f679ae 100644
--- a/tools/fdtgrep.c
+++ b/tools/fdtgrep.c
@@ -1230,6 +1230,10 @@ int main(int argc, char *argv[])
disp.fout = stdout;
}
+ /* include symbol table */
+ if (value_add(&disp, &disp.value_head, FDT_IS_NODE, 1, "/__symbols__"))
+ usage("Cannot add __symbols__ value");
+
/* Run the grep and output the results */
ret = do_fdtgrep(&disp, filename);
if (disp.output_fname)
--
2.17.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-09 7:29 [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 1/3] tools: binman: add ti-secure entry type Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table Roger Quadros
@ 2022-05-09 7:29 ` Roger Quadros
2022-05-24 22:03 ` Andrew Davis
2022-05-09 13:39 ` [u-boot PATCH 0/3] " Tom Rini
3 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-05-09 7:29 UTC (permalink / raw)
To: sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot, Roger Quadros
Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
R5 build is still not converted to use binman so restrict binman.dtsi
to A53 builds only.
This patch also take care of building Secure (HS) images using
binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
---
arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
arch/arm/mach-k3/Kconfig | 1 +
arch/arm/mach-k3/config.mk | 7 +
4 files changed, 241 insertions(+)
create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
new file mode 100644
index 0000000000..9e85ef41b0
--- /dev/null
+++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
@@ -0,0 +1,230 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
+ */
+
+/ {
+ binman: binman {
+ multiple-images;
+ };
+};
+
+#ifdef CONFIG_TARGET_AM642_A53_EVM
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+#define TISPL "tispl.bin_HS"
+#define UBOOT_IMG "u-boot.img_HS"
+#else
+#define TISPL "tispl.bin"
+#define UBOOT_IMG "u-boot.img"
+#endif
+
+#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
+#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
+#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
+
+#define UBOOT_NODTB "u-boot-nodtb.bin"
+#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
+#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
+
+&binman {
+ ti-spl {
+ filename = TISPL;
+ pad-byte = <0xff>;
+
+ fit {
+ description = "Configuration to load ATF and SPL";
+ #address-cells = <1>;
+
+ images {
+
+ atf {
+ description = "ARM Trusted Firmware";
+ type = "firmware";
+ arch = "arm64";
+ compression = "none";
+ os = "arm-trusted-firmware";
+ load = <CONFIG_K3_ATF_LOAD_ADDR>;
+ entry = <CONFIG_K3_ATF_LOAD_ADDR>;
+ atf-bl31 {
+ filename = "bl31.bin";
+ };
+ };
+
+ tee {
+ description = "OPTEE";
+ type = "tee";
+ arch = "arm64";
+ compression = "none";
+ os = "tee";
+ load = <0x9e800000>;
+ entry = <0x9e800000>;
+ tee-os {
+ filename = "tee-pager_v2.bin";
+ };
+ };
+
+ dm {
+ description = "DM binary";
+ type = "firmware";
+ arch = "arm32";
+ compression = "none";
+ os = "DM";
+ load = <0x89000000>;
+ entry = <0x89000000>;
+ blob-ext {
+ filename = "/dev/null";
+ };
+ };
+
+ spl {
+ description = "SPL (64-bit)";
+ type = "standalone";
+ os = "U-Boot";
+ arch = "arm64";
+ compression = "none";
+ load = <0x80080000>;
+ entry = <0x80080000>;
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = SPL_NODTB;
+ };
+ };
+
+ fdt-1 {
+ description = "k3-am642-evm";
+ type = "flat_dt";
+ arch = "arm";
+ compression = "none";
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = SPL_AM642_EVM_DTB;
+ };
+ };
+
+ fdt-2 {
+ description = "k3-am642-sk";
+ type = "flat_dt";
+ arch = "arm";
+ compression = "none";
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = SPL_AM642_SK_DTB;
+ };
+ };
+ };
+
+ configurations {
+ default = "conf-1";
+
+ conf-1 {
+ description = "k3-am642-evm";
+ firmware = "atf";
+ loadables = "tee", "dm", "spl";
+ fdt = "fdt-1";
+ };
+
+ conf-2 {
+ description = "k3-am642-sk";
+ firmware = "atf";
+ loadables = "tee", "dm", "spl";
+ fdt = "fdt-2";
+ };
+ };
+ };
+ };
+};
+
+&binman {
+ u-boot {
+ filename = UBOOT_IMG;
+ pad-byte = <0xff>;
+
+ fit {
+ description = "FIT image with multiple configurations";
+
+ images {
+ uboot {
+ description = "U-Boot for am64x board";
+ type = "firmware";
+ os = "u-boot";
+ arch = "arm";
+ compression = "none";
+ load = <CONFIG_SYS_TEXT_BASE>;
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = UBOOT_NODTB;
+ };
+ hash {
+ algo = "crc32";
+ };
+ };
+
+ fdt-1 {
+ description = "k3-am642-evm";
+ type = "flat_dt";
+ arch = "arm";
+ compression = "none";
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = AM642_EVM_DTB;
+ };
+ hash {
+ algo = "crc32";
+ };
+ };
+
+ fdt-2 {
+ description = "k3-am642-sk";
+ type = "flat_dt";
+ arch = "arm";
+ compression = "none";
+#ifdef CONFIG_TI_SECURE_DEVICE
+ ti-secure {
+#else
+ blob {
+#endif
+ filename = AM642_SK_DTB;
+ };
+ hash {
+ algo = "crc32";
+ };
+ };
+ };
+
+ configurations {
+ default = "conf-1";
+
+ conf-1 {
+ description = "k3-am642-evm";
+ firmware = "uboot";
+ loadables = "uboot";
+ fdt = "fdt-1";
+ };
+
+ conf-2 {
+ description = "k3-am642-sk";
+ firmware = "uboot";
+ loadables = "uboot";
+ fdt = "fdt-2";
+ };
+ };
+ };
+ };
+};
+#endif
diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
index 03688a51a3..db0a529f0f 100644
--- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
+++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
@@ -2,6 +2,9 @@
/*
* Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
*/
+#include <config.h>
+
+#include "k3-am642-evm-binman.dtsi"
/ {
chosen {
diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
index a01bf23514..a4c561254d 100644
--- a/arch/arm/mach-k3/Kconfig
+++ b/arch/arm/mach-k3/Kconfig
@@ -15,6 +15,7 @@ config SOC_K3_J721S2
config SOC_K3_AM642
bool "TI's K3 based AM642 SoC Family Support"
+ select BINMAN if TARGET_AM642_A53_EVM
endchoice
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index da458bcfb2..d2c490818a 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
INPUTS-y += tiboot3.bin
endif
+ifndef CONFIG_BINMAN
ifdef CONFIG_ARM64
ifeq ($(CONFIG_SOC_K3_J721E),)
@@ -77,9 +78,11 @@ cmd_k3_mkits = \
$(SPL_ITS): FORCE
$(call cmd,k3_mkits)
endif
+endif
else
+ifndef CONFIG_BINMAN
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
INPUTS-y += u-boot.img_HS
else
@@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
endif
endif
+endif
+
+ifndef CONFIG_BINMAN
include $(srctree)/arch/arm/mach-k3/config_secure.mk
+endif
--
2.17.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-09 7:29 [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
` (2 preceding siblings ...)
2022-05-09 7:29 ` [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
@ 2022-05-09 13:39 ` Tom Rini
3 siblings, 0 replies; 17+ messages in thread
From: Tom Rini @ 2022-05-09 13:39 UTC (permalink / raw)
To: Roger Quadros, Alper Nebi Yasak; +Cc: sjg, vigneshr, nm, praneeth, u-boot
[-- Attachment #1: Type: text/plain, Size: 1300 bytes --]
On Mon, May 09, 2022 at 10:29:33AM +0300, Roger Quadros wrote:
> Hi,
>
> This series introduces ti-secure entry type for binman.
>
> It switches from using custom tool tools/k3_fit_atf.sh to
> binman for generating boot images for AM64 for both HS and non-HS
> devices.
>
> cheers,
> -roger
>
> Roger Quadros (3):
> tools: binman: add ti-secure entry type
> tools/fdtgrep: Include __symbols__ table
> k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
>
> Makefile | 1 +
> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
> arch/arm/mach-k3/Kconfig | 1 +
> arch/arm/mach-k3/config.mk | 7 +
> tools/binman/entries.rst | 15 ++
> tools/binman/etype/ti_secure.py | 59 +++++++
> tools/binman/ftest.py | 7 +
> tools/binman/test/225_ti_secure.dts | 14 ++
> tools/fdtgrep.c | 4 +
> 10 files changed, 341 insertions(+)
> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
> create mode 100644 tools/binman/etype/ti_secure.py
> create mode 100644 tools/binman/test/225_ti_secure.dts
Adding the other binman maintainer..
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-09 7:29 ` [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
@ 2022-05-24 22:03 ` Andrew Davis
2022-05-25 8:30 ` Roger Quadros
0 siblings, 1 reply; 17+ messages in thread
From: Andrew Davis @ 2022-05-24 22:03 UTC (permalink / raw)
To: Roger Quadros, sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot
On 5/9/22 2:29 AM, Roger Quadros wrote:
> Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
>
> R5 build is still not converted to use binman so restrict binman.dtsi
> to A53 builds only.
>
> This patch also take care of building Secure (HS) images using
> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
>
> Signed-off-by: Roger Quadros <rogerq@kernel.org>
> ---
> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
> arch/arm/mach-k3/Kconfig | 1 +
> arch/arm/mach-k3/config.mk | 7 +
> 4 files changed, 241 insertions(+)
> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
>
> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
> new file mode 100644
> index 0000000000..9e85ef41b0
> --- /dev/null
> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
> @@ -0,0 +1,230 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
> + */
> +
> +/ {
> + binman: binman {
> + multiple-images;
> + };
> +};
> +
> +#ifdef CONFIG_TARGET_AM642_A53_EVM
> +
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +#define TISPL "tispl.bin_HS"
> +#define UBOOT_IMG "u-boot.img_HS"
> +#else
> +#define TISPL "tispl.bin"
> +#define UBOOT_IMG "u-boot.img"
> +#endif
> +
> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
> +
> +#define UBOOT_NODTB "u-boot-nodtb.bin"
> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
> +
> +&binman {
> + ti-spl {
> + filename = TISPL;
> + pad-byte = <0xff>;
> +
> + fit {
> + description = "Configuration to load ATF and SPL";
> + #address-cells = <1>;
> +
> + images {
> +
> + atf {
> + description = "ARM Trusted Firmware";
> + type = "firmware";
> + arch = "arm64";
> + compression = "none";
> + os = "arm-trusted-firmware";
> + load = <CONFIG_K3_ATF_LOAD_ADDR>;
> + entry = <CONFIG_K3_ATF_LOAD_ADDR>;
> + atf-bl31 {
> + filename = "bl31.bin";
> + };
On HS, bl31.bin and the below TEE and DM images must also be signed
before being packaged into tispl.bin.
Can we add signing here?
Andrew
> + };
> +
> + tee {
> + description = "OPTEE";
> + type = "tee";
> + arch = "arm64";
> + compression = "none";
> + os = "tee";
> + load = <0x9e800000>;
> + entry = <0x9e800000>;
> + tee-os {
> + filename = "tee-pager_v2.bin";
> + };
> + };
> +
> + dm {
> + description = "DM binary";
> + type = "firmware";
> + arch = "arm32";
> + compression = "none";
> + os = "DM";
> + load = <0x89000000>;
> + entry = <0x89000000>;
> + blob-ext {
> + filename = "/dev/null";
> + };
> + };
> +
> + spl {
> + description = "SPL (64-bit)";
> + type = "standalone";
> + os = "U-Boot";
> + arch = "arm64";
> + compression = "none";
> + load = <0x80080000>;
> + entry = <0x80080000>;
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = SPL_NODTB;
> + };
> + };
> +
> + fdt-1 {
> + description = "k3-am642-evm";
> + type = "flat_dt";
> + arch = "arm";
> + compression = "none";
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = SPL_AM642_EVM_DTB;
> + };
> + };
> +
> + fdt-2 {
> + description = "k3-am642-sk";
> + type = "flat_dt";
> + arch = "arm";
> + compression = "none";
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = SPL_AM642_SK_DTB;
> + };
> + };
> + };
> +
> + configurations {
> + default = "conf-1";
> +
> + conf-1 {
> + description = "k3-am642-evm";
> + firmware = "atf";
> + loadables = "tee", "dm", "spl";
> + fdt = "fdt-1";
> + };
> +
> + conf-2 {
> + description = "k3-am642-sk";
> + firmware = "atf";
> + loadables = "tee", "dm", "spl";
> + fdt = "fdt-2";
> + };
> + };
> + };
> + };
> +};
> +
> +&binman {
> + u-boot {
> + filename = UBOOT_IMG;
> + pad-byte = <0xff>;
> +
> + fit {
> + description = "FIT image with multiple configurations";
> +
> + images {
> + uboot {
> + description = "U-Boot for am64x board";
> + type = "firmware";
> + os = "u-boot";
> + arch = "arm";
> + compression = "none";
> + load = <CONFIG_SYS_TEXT_BASE>;
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = UBOOT_NODTB;
> + };
> + hash {
> + algo = "crc32";
> + };
> + };
> +
> + fdt-1 {
> + description = "k3-am642-evm";
> + type = "flat_dt";
> + arch = "arm";
> + compression = "none";
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = AM642_EVM_DTB;
> + };
> + hash {
> + algo = "crc32";
> + };
> + };
> +
> + fdt-2 {
> + description = "k3-am642-sk";
> + type = "flat_dt";
> + arch = "arm";
> + compression = "none";
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + ti-secure {
> +#else
> + blob {
> +#endif
> + filename = AM642_SK_DTB;
> + };
> + hash {
> + algo = "crc32";
> + };
> + };
> + };
> +
> + configurations {
> + default = "conf-1";
> +
> + conf-1 {
> + description = "k3-am642-evm";
> + firmware = "uboot";
> + loadables = "uboot";
> + fdt = "fdt-1";
> + };
> +
> + conf-2 {
> + description = "k3-am642-sk";
> + firmware = "uboot";
> + loadables = "uboot";
> + fdt = "fdt-2";
> + };
> + };
> + };
> + };
> +};
> +#endif
> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> index 03688a51a3..db0a529f0f 100644
> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> @@ -2,6 +2,9 @@
> /*
> * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
> */
> +#include <config.h>
> +
> +#include "k3-am642-evm-binman.dtsi"
>
> / {
> chosen {
> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
> index a01bf23514..a4c561254d 100644
> --- a/arch/arm/mach-k3/Kconfig
> +++ b/arch/arm/mach-k3/Kconfig
> @@ -15,6 +15,7 @@ config SOC_K3_J721S2
>
> config SOC_K3_AM642
> bool "TI's K3 based AM642 SoC Family Support"
> + select BINMAN if TARGET_AM642_A53_EVM
>
> endchoice
>
> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
> index da458bcfb2..d2c490818a 100644
> --- a/arch/arm/mach-k3/config.mk
> +++ b/arch/arm/mach-k3/config.mk
> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
> INPUTS-y += tiboot3.bin
> endif
>
> +ifndef CONFIG_BINMAN
> ifdef CONFIG_ARM64
>
> ifeq ($(CONFIG_SOC_K3_J721E),)
> @@ -77,9 +78,11 @@ cmd_k3_mkits = \
> $(SPL_ITS): FORCE
> $(call cmd,k3_mkits)
> endif
> +endif
>
> else
>
> +ifndef CONFIG_BINMAN
> ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> INPUTS-y += u-boot.img_HS
> else
> @@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
> endif
> endif
>
> +endif
> +
> +ifndef CONFIG_BINMAN
> include $(srctree)/arch/arm/mach-k3/config_secure.mk
> +endif
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-24 22:03 ` Andrew Davis
@ 2022-05-25 8:30 ` Roger Quadros
2022-05-25 15:14 ` Andrew Davis
0 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-05-25 8:30 UTC (permalink / raw)
To: Andrew Davis, sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot
Hi Andrew,
On 25/05/2022 01:03, Andrew Davis wrote:
> On 5/9/22 2:29 AM, Roger Quadros wrote:
>> Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
>>
>> R5 build is still not converted to use binman so restrict binman.dtsi
>> to A53 builds only.
>>
>> This patch also take care of building Secure (HS) images using
>> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
>>
>> Signed-off-by: Roger Quadros <rogerq@kernel.org>
>> ---
>> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
>> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
>> arch/arm/mach-k3/Kconfig | 1 +
>> arch/arm/mach-k3/config.mk | 7 +
>> 4 files changed, 241 insertions(+)
>> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
>>
>> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
>> new file mode 100644
>> index 0000000000..9e85ef41b0
>> --- /dev/null
>> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
>> @@ -0,0 +1,230 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
>> + */
>> +
>> +/ {
>> + binman: binman {
>> + multiple-images;
>> + };
>> +};
>> +
>> +#ifdef CONFIG_TARGET_AM642_A53_EVM
>> +
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> +#define TISPL "tispl.bin_HS"
>> +#define UBOOT_IMG "u-boot.img_HS"
>> +#else
>> +#define TISPL "tispl.bin"
>> +#define UBOOT_IMG "u-boot.img"
>> +#endif
>> +
>> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
>> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
>> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
>> +
>> +#define UBOOT_NODTB "u-boot-nodtb.bin"
>> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
>> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
>> +
>> +&binman {
>> + ti-spl {
>> + filename = TISPL;
>> + pad-byte = <0xff>;
>> +
>> + fit {
>> + description = "Configuration to load ATF and SPL";
>> + #address-cells = <1>;
>> +
>> + images {
>> +
>> + atf {
>> + description = "ARM Trusted Firmware";
>> + type = "firmware";
>> + arch = "arm64";
>> + compression = "none";
>> + os = "arm-trusted-firmware";
>> + load = <CONFIG_K3_ATF_LOAD_ADDR>;
>> + entry = <CONFIG_K3_ATF_LOAD_ADDR>;
>> + atf-bl31 {
>> + filename = "bl31.bin";
>> + };
>
>
> On HS, bl31.bin and the below TEE and DM images must also be signed
> before being packaged into tispl.bin.
> Can we add signing here?
I'm wondering how this is working as is on HS boards.
Another thing to note is that the atf and tee entries take into consideration
the below environment variables
-a atf-bl31-path=${BL31} \
-a tee-os-path=${TEE} \
How do we continue to support that while adding the signing bits?
cheers,
-roger
>
> Andrew
>
>
>> + };
>> +
>> + tee {
>> + description = "OPTEE";
>> + type = "tee";
>> + arch = "arm64";
>> + compression = "none";
>> + os = "tee";
>> + load = <0x9e800000>;
>> + entry = <0x9e800000>;
>> + tee-os {
>> + filename = "tee-pager_v2.bin";
>> + };
>> + };
>> +
>> + dm {
>> + description = "DM binary";
>> + type = "firmware";
>> + arch = "arm32";
>> + compression = "none";
>> + os = "DM";
>> + load = <0x89000000>;
>> + entry = <0x89000000>;
>> + blob-ext {
>> + filename = "/dev/null";
>> + };
>> + };
>> +
>> + spl {
>> + description = "SPL (64-bit)";
>> + type = "standalone";
>> + os = "U-Boot";
>> + arch = "arm64";
>> + compression = "none";
>> + load = <0x80080000>;
>> + entry = <0x80080000>;
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = SPL_NODTB;
>> + };
>> + };
>> +
>> + fdt-1 {
>> + description = "k3-am642-evm";
>> + type = "flat_dt";
>> + arch = "arm";
>> + compression = "none";
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = SPL_AM642_EVM_DTB;
>> + };
>> + };
>> +
>> + fdt-2 {
>> + description = "k3-am642-sk";
>> + type = "flat_dt";
>> + arch = "arm";
>> + compression = "none";
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = SPL_AM642_SK_DTB;
>> + };
>> + };
>> + };
>> +
>> + configurations {
>> + default = "conf-1";
>> +
>> + conf-1 {
>> + description = "k3-am642-evm";
>> + firmware = "atf";
>> + loadables = "tee", "dm", "spl";
>> + fdt = "fdt-1";
>> + };
>> +
>> + conf-2 {
>> + description = "k3-am642-sk";
>> + firmware = "atf";
>> + loadables = "tee", "dm", "spl";
>> + fdt = "fdt-2";
>> + };
>> + };
>> + };
>> + };
>> +};
>> +
>> +&binman {
>> + u-boot {
>> + filename = UBOOT_IMG;
>> + pad-byte = <0xff>;
>> +
>> + fit {
>> + description = "FIT image with multiple configurations";
>> +
>> + images {
>> + uboot {
>> + description = "U-Boot for am64x board";
>> + type = "firmware";
>> + os = "u-boot";
>> + arch = "arm";
>> + compression = "none";
>> + load = <CONFIG_SYS_TEXT_BASE>;
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = UBOOT_NODTB;
>> + };
>> + hash {
>> + algo = "crc32";
>> + };
>> + };
>> +
>> + fdt-1 {
>> + description = "k3-am642-evm";
>> + type = "flat_dt";
>> + arch = "arm";
>> + compression = "none";
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = AM642_EVM_DTB;
>> + };
>> + hash {
>> + algo = "crc32";
>> + };
>> + };
>> +
>> + fdt-2 {
>> + description = "k3-am642-sk";
>> + type = "flat_dt";
>> + arch = "arm";
>> + compression = "none";
>> +#ifdef CONFIG_TI_SECURE_DEVICE
>> + ti-secure {
>> +#else
>> + blob {
>> +#endif
>> + filename = AM642_SK_DTB;
>> + };
>> + hash {
>> + algo = "crc32";
>> + };
>> + };
>> + };
>> +
>> + configurations {
>> + default = "conf-1";
>> +
>> + conf-1 {
>> + description = "k3-am642-evm";
>> + firmware = "uboot";
>> + loadables = "uboot";
>> + fdt = "fdt-1";
>> + };
>> +
>> + conf-2 {
>> + description = "k3-am642-sk";
>> + firmware = "uboot";
>> + loadables = "uboot";
>> + fdt = "fdt-2";
>> + };
>> + };
>> + };
>> + };
>> +};
>> +#endif
>> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>> index 03688a51a3..db0a529f0f 100644
>> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>> @@ -2,6 +2,9 @@
>> /*
>> * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
>> */
>> +#include <config.h>
>> +
>> +#include "k3-am642-evm-binman.dtsi"
>> / {
>> chosen {
>> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
>> index a01bf23514..a4c561254d 100644
>> --- a/arch/arm/mach-k3/Kconfig
>> +++ b/arch/arm/mach-k3/Kconfig
>> @@ -15,6 +15,7 @@ config SOC_K3_J721S2
>> config SOC_K3_AM642
>> bool "TI's K3 based AM642 SoC Family Support"
>> + select BINMAN if TARGET_AM642_A53_EVM
>> endchoice
>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>> index da458bcfb2..d2c490818a 100644
>> --- a/arch/arm/mach-k3/config.mk
>> +++ b/arch/arm/mach-k3/config.mk
>> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
>> INPUTS-y += tiboot3.bin
>> endif
>> +ifndef CONFIG_BINMAN
>> ifdef CONFIG_ARM64
>> ifeq ($(CONFIG_SOC_K3_J721E),)
>> @@ -77,9 +78,11 @@ cmd_k3_mkits = \
>> $(SPL_ITS): FORCE
>> $(call cmd,k3_mkits)
>> endif
>> +endif
>> else
>> +ifndef CONFIG_BINMAN
>> ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>> INPUTS-y += u-boot.img_HS
>> else
>> @@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
>> endif
>> endif
>> +endif
>> +
>> +ifndef CONFIG_BINMAN
>> include $(srctree)/arch/arm/mach-k3/config_secure.mk
>> +endif
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-25 8:30 ` Roger Quadros
@ 2022-05-25 15:14 ` Andrew Davis
2022-05-26 7:28 ` Roger Quadros
0 siblings, 1 reply; 17+ messages in thread
From: Andrew Davis @ 2022-05-25 15:14 UTC (permalink / raw)
To: Roger Quadros, sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot
On 5/25/22 3:30 AM, Roger Quadros wrote:
> Hi Andrew,
>
> On 25/05/2022 01:03, Andrew Davis wrote:
>> On 5/9/22 2:29 AM, Roger Quadros wrote:
>>> Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
>>>
>>> R5 build is still not converted to use binman so restrict binman.dtsi
>>> to A53 builds only.
>>>
>>> This patch also take care of building Secure (HS) images using
>>> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
>>>
>>> Signed-off-by: Roger Quadros <rogerq@kernel.org>
>>> ---
>>> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
>>> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
>>> arch/arm/mach-k3/Kconfig | 1 +
>>> arch/arm/mach-k3/config.mk | 7 +
>>> 4 files changed, 241 insertions(+)
>>> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
>>>
>>> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
>>> new file mode 100644
>>> index 0000000000..9e85ef41b0
>>> --- /dev/null
>>> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
>>> @@ -0,0 +1,230 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/*
>>> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
>>> + */
>>> +
>>> +/ {
>>> + binman: binman {
>>> + multiple-images;
>>> + };
>>> +};
>>> +
>>> +#ifdef CONFIG_TARGET_AM642_A53_EVM
>>> +
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> +#define TISPL "tispl.bin_HS"
>>> +#define UBOOT_IMG "u-boot.img_HS"
>>> +#else
>>> +#define TISPL "tispl.bin"
>>> +#define UBOOT_IMG "u-boot.img"
>>> +#endif
>>> +
>>> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
>>> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
>>> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
>>> +
>>> +#define UBOOT_NODTB "u-boot-nodtb.bin"
>>> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
>>> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
>>> +
>>> +&binman {
>>> + ti-spl {
>>> + filename = TISPL;
>>> + pad-byte = <0xff>;
>>> +
>>> + fit {
>>> + description = "Configuration to load ATF and SPL";
>>> + #address-cells = <1>;
>>> +
>>> + images {
>>> +
>>> + atf {
>>> + description = "ARM Trusted Firmware";
>>> + type = "firmware";
>>> + arch = "arm64";
>>> + compression = "none";
>>> + os = "arm-trusted-firmware";
>>> + load = <CONFIG_K3_ATF_LOAD_ADDR>;
>>> + entry = <CONFIG_K3_ATF_LOAD_ADDR>;
>>> + atf-bl31 {
>>> + filename = "bl31.bin";
>>> + };
>>
>>
>> On HS, bl31.bin and the below TEE and DM images must also be signed
>> before being packaged into tispl.bin.
>> Can we add signing here?
>
> I'm wondering how this is working as is on HS boards.
>
Today we manually sign those two before we feed them to U-Boot build.
I'd like to fix that and have them signed along with all the other
parts here when packaging them together.
> Another thing to note is that the atf and tee entries take into consideration
> the below environment variables
> -a atf-bl31-path=${BL31} \
> -a tee-os-path=${TEE} \
>
> How do we continue to support that while adding the signing bits?
>
That's my question also, I'm not sure how we would make the type 'ti-secure'
while also changing their path names, seems like a limitation currently
of using etypes to do the signing, since we can do path renames from
command line.
Andrew
> cheers,
> -roger
>
>>
>> Andrew
>>
>>
>>> + };
>>> +
>>> + tee {
>>> + description = "OPTEE";
>>> + type = "tee";
>>> + arch = "arm64";
>>> + compression = "none";
>>> + os = "tee";
>>> + load = <0x9e800000>;
>>> + entry = <0x9e800000>;
>>> + tee-os {
>>> + filename = "tee-pager_v2.bin";
>>> + };
>>> + };
>>> +
>>> + dm {
>>> + description = "DM binary";
>>> + type = "firmware";
>>> + arch = "arm32";
>>> + compression = "none";
>>> + os = "DM";
>>> + load = <0x89000000>;
>>> + entry = <0x89000000>;
>>> + blob-ext {
>>> + filename = "/dev/null";
>>> + };
>>> + };
>>> +
>>> + spl {
>>> + description = "SPL (64-bit)";
>>> + type = "standalone";
>>> + os = "U-Boot";
>>> + arch = "arm64";
>>> + compression = "none";
>>> + load = <0x80080000>;
>>> + entry = <0x80080000>;
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = SPL_NODTB;
>>> + };
>>> + };
>>> +
>>> + fdt-1 {
>>> + description = "k3-am642-evm";
>>> + type = "flat_dt";
>>> + arch = "arm";
>>> + compression = "none";
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = SPL_AM642_EVM_DTB;
>>> + };
>>> + };
>>> +
>>> + fdt-2 {
>>> + description = "k3-am642-sk";
>>> + type = "flat_dt";
>>> + arch = "arm";
>>> + compression = "none";
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = SPL_AM642_SK_DTB;
>>> + };
>>> + };
>>> + };
>>> +
>>> + configurations {
>>> + default = "conf-1";
>>> +
>>> + conf-1 {
>>> + description = "k3-am642-evm";
>>> + firmware = "atf";
>>> + loadables = "tee", "dm", "spl";
>>> + fdt = "fdt-1";
>>> + };
>>> +
>>> + conf-2 {
>>> + description = "k3-am642-sk";
>>> + firmware = "atf";
>>> + loadables = "tee", "dm", "spl";
>>> + fdt = "fdt-2";
>>> + };
>>> + };
>>> + };
>>> + };
>>> +};
>>> +
>>> +&binman {
>>> + u-boot {
>>> + filename = UBOOT_IMG;
>>> + pad-byte = <0xff>;
>>> +
>>> + fit {
>>> + description = "FIT image with multiple configurations";
>>> +
>>> + images {
>>> + uboot {
>>> + description = "U-Boot for am64x board";
>>> + type = "firmware";
>>> + os = "u-boot";
>>> + arch = "arm";
>>> + compression = "none";
>>> + load = <CONFIG_SYS_TEXT_BASE>;
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = UBOOT_NODTB;
>>> + };
>>> + hash {
>>> + algo = "crc32";
>>> + };
>>> + };
>>> +
>>> + fdt-1 {
>>> + description = "k3-am642-evm";
>>> + type = "flat_dt";
>>> + arch = "arm";
>>> + compression = "none";
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = AM642_EVM_DTB;
>>> + };
>>> + hash {
>>> + algo = "crc32";
>>> + };
>>> + };
>>> +
>>> + fdt-2 {
>>> + description = "k3-am642-sk";
>>> + type = "flat_dt";
>>> + arch = "arm";
>>> + compression = "none";
>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>> + ti-secure {
>>> +#else
>>> + blob {
>>> +#endif
>>> + filename = AM642_SK_DTB;
>>> + };
>>> + hash {
>>> + algo = "crc32";
>>> + };
>>> + };
>>> + };
>>> +
>>> + configurations {
>>> + default = "conf-1";
>>> +
>>> + conf-1 {
>>> + description = "k3-am642-evm";
>>> + firmware = "uboot";
>>> + loadables = "uboot";
>>> + fdt = "fdt-1";
>>> + };
>>> +
>>> + conf-2 {
>>> + description = "k3-am642-sk";
>>> + firmware = "uboot";
>>> + loadables = "uboot";
>>> + fdt = "fdt-2";
>>> + };
>>> + };
>>> + };
>>> + };
>>> +};
>>> +#endif
>>> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>> index 03688a51a3..db0a529f0f 100644
>>> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>> @@ -2,6 +2,9 @@
>>> /*
>>> * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
>>> */
>>> +#include <config.h>
>>> +
>>> +#include "k3-am642-evm-binman.dtsi"
>>> / {
>>> chosen {
>>> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
>>> index a01bf23514..a4c561254d 100644
>>> --- a/arch/arm/mach-k3/Kconfig
>>> +++ b/arch/arm/mach-k3/Kconfig
>>> @@ -15,6 +15,7 @@ config SOC_K3_J721S2
>>> config SOC_K3_AM642
>>> bool "TI's K3 based AM642 SoC Family Support"
>>> + select BINMAN if TARGET_AM642_A53_EVM
>>> endchoice
>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>>> index da458bcfb2..d2c490818a 100644
>>> --- a/arch/arm/mach-k3/config.mk
>>> +++ b/arch/arm/mach-k3/config.mk
>>> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
>>> INPUTS-y += tiboot3.bin
>>> endif
>>> +ifndef CONFIG_BINMAN
>>> ifdef CONFIG_ARM64
>>> ifeq ($(CONFIG_SOC_K3_J721E),)
>>> @@ -77,9 +78,11 @@ cmd_k3_mkits = \
>>> $(SPL_ITS): FORCE
>>> $(call cmd,k3_mkits)
>>> endif
>>> +endif
>>> else
>>> +ifndef CONFIG_BINMAN
>>> ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>> INPUTS-y += u-boot.img_HS
>>> else
>>> @@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
>>> endif
>>> endif
>>> +endif
>>> +
>>> +ifndef CONFIG_BINMAN
>>> include $(srctree)/arch/arm/mach-k3/config_secure.mk
>>> +endif
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-25 15:14 ` Andrew Davis
@ 2022-05-26 7:28 ` Roger Quadros
2022-05-26 14:15 ` Tom Rini
0 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-05-26 7:28 UTC (permalink / raw)
To: Andrew Davis, sjg, vigneshr, nm; +Cc: trini, praneeth, u-boot
On 25/05/2022 18:14, Andrew Davis wrote:
> On 5/25/22 3:30 AM, Roger Quadros wrote:
>> Hi Andrew,
>>
>> On 25/05/2022 01:03, Andrew Davis wrote:
>>> On 5/9/22 2:29 AM, Roger Quadros wrote:
>>>> Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
>>>>
>>>> R5 build is still not converted to use binman so restrict binman.dtsi
>>>> to A53 builds only.
>>>>
>>>> This patch also take care of building Secure (HS) images using
>>>> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
>>>>
>>>> Signed-off-by: Roger Quadros <rogerq@kernel.org>
>>>> ---
>>>> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
>>>> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
>>>> arch/arm/mach-k3/Kconfig | 1 +
>>>> arch/arm/mach-k3/config.mk | 7 +
>>>> 4 files changed, 241 insertions(+)
>>>> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
>>>>
>>>> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
>>>> new file mode 100644
>>>> index 0000000000..9e85ef41b0
>>>> --- /dev/null
>>>> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
>>>> @@ -0,0 +1,230 @@
>>>> +// SPDX-License-Identifier: GPL-2.0
>>>> +/*
>>>> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
>>>> + */
>>>> +
>>>> +/ {
>>>> + binman: binman {
>>>> + multiple-images;
>>>> + };
>>>> +};
>>>> +
>>>> +#ifdef CONFIG_TARGET_AM642_A53_EVM
>>>> +
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> +#define TISPL "tispl.bin_HS"
>>>> +#define UBOOT_IMG "u-boot.img_HS"
>>>> +#else
>>>> +#define TISPL "tispl.bin"
>>>> +#define UBOOT_IMG "u-boot.img"
>>>> +#endif
>>>> +
>>>> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
>>>> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
>>>> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
>>>> +
>>>> +#define UBOOT_NODTB "u-boot-nodtb.bin"
>>>> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
>>>> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
>>>> +
>>>> +&binman {
>>>> + ti-spl {
>>>> + filename = TISPL;
>>>> + pad-byte = <0xff>;
>>>> +
>>>> + fit {
>>>> + description = "Configuration to load ATF and SPL";
>>>> + #address-cells = <1>;
>>>> +
>>>> + images {
>>>> +
>>>> + atf {
>>>> + description = "ARM Trusted Firmware";
>>>> + type = "firmware";
>>>> + arch = "arm64";
>>>> + compression = "none";
>>>> + os = "arm-trusted-firmware";
>>>> + load = <CONFIG_K3_ATF_LOAD_ADDR>;
>>>> + entry = <CONFIG_K3_ATF_LOAD_ADDR>;
>>>> + atf-bl31 {
>>>> + filename = "bl31.bin";
>>>> + };
>>>
>>>
>>> On HS, bl31.bin and the below TEE and DM images must also be signed
>>> before being packaged into tispl.bin.
>>> Can we add signing here?
>>
>> I'm wondering how this is working as is on HS boards.
>>
>
>
> Today we manually sign those two before we feed them to U-Boot build.
> I'd like to fix that and have them signed along with all the other
> parts here when packaging them together.
>
OK. Then this is new feature. Do you mind if I make a separate patch for it?
But first I need to figure out what to do ;)
>
>> Another thing to note is that the atf and tee entries take into consideration
>> the below environment variables
>> -a atf-bl31-path=${BL31} \
>> -a tee-os-path=${TEE} \
>>
>> How do we continue to support that while adding the signing bits?
>>
>
>
> That's my question also, I'm not sure how we would make the type 'ti-secure'
> while also changing their path names, seems like a limitation currently
> of using etypes to do the signing, since we can do path renames from
> command line.
Simon,
Any thoughts on how to get the new ti-secure etype work with atf-bl31 and
tee-os etypes so that it can take the data output of those entries and create
a signed binary with filenames from those entries or atf-bl31-path and
tee-os-path?
Can something like this work?
ti-secure {
atf-bl31 {
filename = "bl31.bin";
};
}
We could probably get rid of filename property from ti-secure etype and use
blob for regular files.
ti-secure {
blob {
filename = "somefile.ext";
}
}
cheers,
-roger
>
> Andrew
>
>
>> cheers,
>> -roger
>>
>>>
>>> Andrew
>>>
>>>
>>>> + };
>>>> +
>>>> + tee {
>>>> + description = "OPTEE";
>>>> + type = "tee";
>>>> + arch = "arm64";
>>>> + compression = "none";
>>>> + os = "tee";
>>>> + load = <0x9e800000>;
>>>> + entry = <0x9e800000>;
>>>> + tee-os {
>>>> + filename = "tee-pager_v2.bin";
>>>> + };
>>>> + };
>>>> +
>>>> + dm {
>>>> + description = "DM binary";
>>>> + type = "firmware";
>>>> + arch = "arm32";
>>>> + compression = "none";
>>>> + os = "DM";
>>>> + load = <0x89000000>;
>>>> + entry = <0x89000000>;
>>>> + blob-ext {
>>>> + filename = "/dev/null";
>>>> + };
>>>> + };
>>>> +
>>>> + spl {
>>>> + description = "SPL (64-bit)";
>>>> + type = "standalone";
>>>> + os = "U-Boot";
>>>> + arch = "arm64";
>>>> + compression = "none";
>>>> + load = <0x80080000>;
>>>> + entry = <0x80080000>;
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = SPL_NODTB;
>>>> + };
>>>> + };
>>>> +
>>>> + fdt-1 {
>>>> + description = "k3-am642-evm";
>>>> + type = "flat_dt";
>>>> + arch = "arm";
>>>> + compression = "none";
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = SPL_AM642_EVM_DTB;
>>>> + };
>>>> + };
>>>> +
>>>> + fdt-2 {
>>>> + description = "k3-am642-sk";
>>>> + type = "flat_dt";
>>>> + arch = "arm";
>>>> + compression = "none";
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = SPL_AM642_SK_DTB;
>>>> + };
>>>> + };
>>>> + };
>>>> +
>>>> + configurations {
>>>> + default = "conf-1";
>>>> +
>>>> + conf-1 {
>>>> + description = "k3-am642-evm";
>>>> + firmware = "atf";
>>>> + loadables = "tee", "dm", "spl";
>>>> + fdt = "fdt-1";
>>>> + };
>>>> +
>>>> + conf-2 {
>>>> + description = "k3-am642-sk";
>>>> + firmware = "atf";
>>>> + loadables = "tee", "dm", "spl";
>>>> + fdt = "fdt-2";
>>>> + };
>>>> + };
>>>> + };
>>>> + };
>>>> +};
>>>> +
>>>> +&binman {
>>>> + u-boot {
>>>> + filename = UBOOT_IMG;
>>>> + pad-byte = <0xff>;
>>>> +
>>>> + fit {
>>>> + description = "FIT image with multiple configurations";
>>>> +
>>>> + images {
>>>> + uboot {
>>>> + description = "U-Boot for am64x board";
>>>> + type = "firmware";
>>>> + os = "u-boot";
>>>> + arch = "arm";
>>>> + compression = "none";
>>>> + load = <CONFIG_SYS_TEXT_BASE>;
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = UBOOT_NODTB;
>>>> + };
>>>> + hash {
>>>> + algo = "crc32";
>>>> + };
>>>> + };
>>>> +
>>>> + fdt-1 {
>>>> + description = "k3-am642-evm";
>>>> + type = "flat_dt";
>>>> + arch = "arm";
>>>> + compression = "none";
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = AM642_EVM_DTB;
>>>> + };
>>>> + hash {
>>>> + algo = "crc32";
>>>> + };
>>>> + };
>>>> +
>>>> + fdt-2 {
>>>> + description = "k3-am642-sk";
>>>> + type = "flat_dt";
>>>> + arch = "arm";
>>>> + compression = "none";
>>>> +#ifdef CONFIG_TI_SECURE_DEVICE
>>>> + ti-secure {
>>>> +#else
>>>> + blob {
>>>> +#endif
>>>> + filename = AM642_SK_DTB;
>>>> + };
>>>> + hash {
>>>> + algo = "crc32";
>>>> + };
>>>> + };
>>>> + };
>>>> +
>>>> + configurations {
>>>> + default = "conf-1";
>>>> +
>>>> + conf-1 {
>>>> + description = "k3-am642-evm";
>>>> + firmware = "uboot";
>>>> + loadables = "uboot";
>>>> + fdt = "fdt-1";
>>>> + };
>>>> +
>>>> + conf-2 {
>>>> + description = "k3-am642-sk";
>>>> + firmware = "uboot";
>>>> + loadables = "uboot";
>>>> + fdt = "fdt-2";
>>>> + };
>>>> + };
>>>> + };
>>>> + };
>>>> +};
>>>> +#endif
>>>> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>>> index 03688a51a3..db0a529f0f 100644
>>>> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>>> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
>>>> @@ -2,6 +2,9 @@
>>>> /*
>>>> * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
>>>> */
>>>> +#include <config.h>
>>>> +
>>>> +#include "k3-am642-evm-binman.dtsi"
>>>> / {
>>>> chosen {
>>>> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
>>>> index a01bf23514..a4c561254d 100644
>>>> --- a/arch/arm/mach-k3/Kconfig
>>>> +++ b/arch/arm/mach-k3/Kconfig
>>>> @@ -15,6 +15,7 @@ config SOC_K3_J721S2
>>>> config SOC_K3_AM642
>>>> bool "TI's K3 based AM642 SoC Family Support"
>>>> + select BINMAN if TARGET_AM642_A53_EVM
>>>> endchoice
>>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>>>> index da458bcfb2..d2c490818a 100644
>>>> --- a/arch/arm/mach-k3/config.mk
>>>> +++ b/arch/arm/mach-k3/config.mk
>>>> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
>>>> INPUTS-y += tiboot3.bin
>>>> endif
>>>> +ifndef CONFIG_BINMAN
>>>> ifdef CONFIG_ARM64
>>>> ifeq ($(CONFIG_SOC_K3_J721E),)
>>>> @@ -77,9 +78,11 @@ cmd_k3_mkits = \
>>>> $(SPL_ITS): FORCE
>>>> $(call cmd,k3_mkits)
>>>> endif
>>>> +endif
>>>> else
>>>> +ifndef CONFIG_BINMAN
>>>> ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>>> INPUTS-y += u-boot.img_HS
>>>> else
>>>> @@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
>>>> endif
>>>> endif
>>>> +endif
>>>> +
>>>> +ifndef CONFIG_BINMAN
>>>> include $(srctree)/arch/arm/mach-k3/config_secure.mk
>>>> +endif
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-26 7:28 ` Roger Quadros
@ 2022-05-26 14:15 ` Tom Rini
2022-05-27 17:50 ` Alper Nebi Yasak
0 siblings, 1 reply; 17+ messages in thread
From: Tom Rini @ 2022-05-26 14:15 UTC (permalink / raw)
To: Roger Quadros, Alper Nebi Yasak
Cc: Andrew Davis, sjg, vigneshr, nm, praneeth, u-boot
[-- Attachment #1: Type: text/plain, Size: 13444 bytes --]
On Thu, May 26, 2022 at 10:28:45AM +0300, Roger Quadros wrote:
> On 25/05/2022 18:14, Andrew Davis wrote:
> > On 5/25/22 3:30 AM, Roger Quadros wrote:
> >> Hi Andrew,
> >>
> >> On 25/05/2022 01:03, Andrew Davis wrote:
> >>> On 5/9/22 2:29 AM, Roger Quadros wrote:
> >>>> Introduce k3-am642-evm-binman.dtsi to provide binman configuration.
> >>>>
> >>>> R5 build is still not converted to use binman so restrict binman.dtsi
> >>>> to A53 builds only.
> >>>>
> >>>> This patch also take care of building Secure (HS) images using
> >>>> binman instead of tools/k3_fit_atf.sh if CONFIG_BINMAN is set.
> >>>>
> >>>> Signed-off-by: Roger Quadros <rogerq@kernel.org>
> >>>> ---
> >>>> arch/arm/dts/k3-am642-evm-binman.dtsi | 230 ++++++++++++++++++++++++++
> >>>> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 3 +
> >>>> arch/arm/mach-k3/Kconfig | 1 +
> >>>> arch/arm/mach-k3/config.mk | 7 +
> >>>> 4 files changed, 241 insertions(+)
> >>>> create mode 100644 arch/arm/dts/k3-am642-evm-binman.dtsi
> >>>>
> >>>> diff --git a/arch/arm/dts/k3-am642-evm-binman.dtsi b/arch/arm/dts/k3-am642-evm-binman.dtsi
> >>>> new file mode 100644
> >>>> index 0000000000..9e85ef41b0
> >>>> --- /dev/null
> >>>> +++ b/arch/arm/dts/k3-am642-evm-binman.dtsi
> >>>> @@ -0,0 +1,230 @@
> >>>> +// SPDX-License-Identifier: GPL-2.0
> >>>> +/*
> >>>> + * Copyright (C) 2021 Texas Instruments Incorporated - https://www.ti.com/
> >>>> + */
> >>>> +
> >>>> +/ {
> >>>> + binman: binman {
> >>>> + multiple-images;
> >>>> + };
> >>>> +};
> >>>> +
> >>>> +#ifdef CONFIG_TARGET_AM642_A53_EVM
> >>>> +
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> +#define TISPL "tispl.bin_HS"
> >>>> +#define UBOOT_IMG "u-boot.img_HS"
> >>>> +#else
> >>>> +#define TISPL "tispl.bin"
> >>>> +#define UBOOT_IMG "u-boot.img"
> >>>> +#endif
> >>>> +
> >>>> +#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
> >>>> +#define SPL_AM642_EVM_DTB "spl/dts/k3-am642-evm.dtb"
> >>>> +#define SPL_AM642_SK_DTB "spl/dts/k3-am642-sk.dtb"
> >>>> +
> >>>> +#define UBOOT_NODTB "u-boot-nodtb.bin"
> >>>> +#define AM642_EVM_DTB "arch/arm/dts/k3-am642-evm.dtb"
> >>>> +#define AM642_SK_DTB "arch/arm/dts/k3-am642-sk.dtb"
> >>>> +
> >>>> +&binman {
> >>>> + ti-spl {
> >>>> + filename = TISPL;
> >>>> + pad-byte = <0xff>;
> >>>> +
> >>>> + fit {
> >>>> + description = "Configuration to load ATF and SPL";
> >>>> + #address-cells = <1>;
> >>>> +
> >>>> + images {
> >>>> +
> >>>> + atf {
> >>>> + description = "ARM Trusted Firmware";
> >>>> + type = "firmware";
> >>>> + arch = "arm64";
> >>>> + compression = "none";
> >>>> + os = "arm-trusted-firmware";
> >>>> + load = <CONFIG_K3_ATF_LOAD_ADDR>;
> >>>> + entry = <CONFIG_K3_ATF_LOAD_ADDR>;
> >>>> + atf-bl31 {
> >>>> + filename = "bl31.bin";
> >>>> + };
> >>>
> >>>
> >>> On HS, bl31.bin and the below TEE and DM images must also be signed
> >>> before being packaged into tispl.bin.
> >>> Can we add signing here?
> >>
> >> I'm wondering how this is working as is on HS boards.
> >>
> >
> >
> > Today we manually sign those two before we feed them to U-Boot build.
> > I'd like to fix that and have them signed along with all the other
> > parts here when packaging them together.
> >
>
> OK. Then this is new feature. Do you mind if I make a separate patch for it?
> But first I need to figure out what to do ;)
>
> >
> >> Another thing to note is that the atf and tee entries take into consideration
> >> the below environment variables
> >> -a atf-bl31-path=${BL31} \
> >> -a tee-os-path=${TEE} \
> >>
> >> How do we continue to support that while adding the signing bits?
> >>
> >
> >
> > That's my question also, I'm not sure how we would make the type 'ti-secure'
> > while also changing their path names, seems like a limitation currently
> > of using etypes to do the signing, since we can do path renames from
> > command line.
>
> Simon,
>
> Any thoughts on how to get the new ti-secure etype work with atf-bl31 and
> tee-os etypes so that it can take the data output of those entries and create
> a signed binary with filenames from those entries or atf-bl31-path and
> tee-os-path?
>
> Can something like this work?
>
> ti-secure {
> atf-bl31 {
> filename = "bl31.bin";
> };
> }
>
> We could probably get rid of filename property from ti-secure etype and use
> blob for regular files.
>
> ti-secure {
> blob {
> filename = "somefile.ext";
> }
> }
Adding in Alper as well..
>
> cheers,
> -roger
>
> >
> > Andrew
> >
> >
> >> cheers,
> >> -roger
> >>
> >>>
> >>> Andrew
> >>>
> >>>
> >>>> + };
> >>>> +
> >>>> + tee {
> >>>> + description = "OPTEE";
> >>>> + type = "tee";
> >>>> + arch = "arm64";
> >>>> + compression = "none";
> >>>> + os = "tee";
> >>>> + load = <0x9e800000>;
> >>>> + entry = <0x9e800000>;
> >>>> + tee-os {
> >>>> + filename = "tee-pager_v2.bin";
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + dm {
> >>>> + description = "DM binary";
> >>>> + type = "firmware";
> >>>> + arch = "arm32";
> >>>> + compression = "none";
> >>>> + os = "DM";
> >>>> + load = <0x89000000>;
> >>>> + entry = <0x89000000>;
> >>>> + blob-ext {
> >>>> + filename = "/dev/null";
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + spl {
> >>>> + description = "SPL (64-bit)";
> >>>> + type = "standalone";
> >>>> + os = "U-Boot";
> >>>> + arch = "arm64";
> >>>> + compression = "none";
> >>>> + load = <0x80080000>;
> >>>> + entry = <0x80080000>;
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = SPL_NODTB;
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + fdt-1 {
> >>>> + description = "k3-am642-evm";
> >>>> + type = "flat_dt";
> >>>> + arch = "arm";
> >>>> + compression = "none";
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = SPL_AM642_EVM_DTB;
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + fdt-2 {
> >>>> + description = "k3-am642-sk";
> >>>> + type = "flat_dt";
> >>>> + arch = "arm";
> >>>> + compression = "none";
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = SPL_AM642_SK_DTB;
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + configurations {
> >>>> + default = "conf-1";
> >>>> +
> >>>> + conf-1 {
> >>>> + description = "k3-am642-evm";
> >>>> + firmware = "atf";
> >>>> + loadables = "tee", "dm", "spl";
> >>>> + fdt = "fdt-1";
> >>>> + };
> >>>> +
> >>>> + conf-2 {
> >>>> + description = "k3-am642-sk";
> >>>> + firmware = "atf";
> >>>> + loadables = "tee", "dm", "spl";
> >>>> + fdt = "fdt-2";
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> +};
> >>>> +
> >>>> +&binman {
> >>>> + u-boot {
> >>>> + filename = UBOOT_IMG;
> >>>> + pad-byte = <0xff>;
> >>>> +
> >>>> + fit {
> >>>> + description = "FIT image with multiple configurations";
> >>>> +
> >>>> + images {
> >>>> + uboot {
> >>>> + description = "U-Boot for am64x board";
> >>>> + type = "firmware";
> >>>> + os = "u-boot";
> >>>> + arch = "arm";
> >>>> + compression = "none";
> >>>> + load = <CONFIG_SYS_TEXT_BASE>;
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = UBOOT_NODTB;
> >>>> + };
> >>>> + hash {
> >>>> + algo = "crc32";
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + fdt-1 {
> >>>> + description = "k3-am642-evm";
> >>>> + type = "flat_dt";
> >>>> + arch = "arm";
> >>>> + compression = "none";
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = AM642_EVM_DTB;
> >>>> + };
> >>>> + hash {
> >>>> + algo = "crc32";
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + fdt-2 {
> >>>> + description = "k3-am642-sk";
> >>>> + type = "flat_dt";
> >>>> + arch = "arm";
> >>>> + compression = "none";
> >>>> +#ifdef CONFIG_TI_SECURE_DEVICE
> >>>> + ti-secure {
> >>>> +#else
> >>>> + blob {
> >>>> +#endif
> >>>> + filename = AM642_SK_DTB;
> >>>> + };
> >>>> + hash {
> >>>> + algo = "crc32";
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> +
> >>>> + configurations {
> >>>> + default = "conf-1";
> >>>> +
> >>>> + conf-1 {
> >>>> + description = "k3-am642-evm";
> >>>> + firmware = "uboot";
> >>>> + loadables = "uboot";
> >>>> + fdt = "fdt-1";
> >>>> + };
> >>>> +
> >>>> + conf-2 {
> >>>> + description = "k3-am642-sk";
> >>>> + firmware = "uboot";
> >>>> + loadables = "uboot";
> >>>> + fdt = "fdt-2";
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> + };
> >>>> +};
> >>>> +#endif
> >>>> diff --git a/arch/arm/dts/k3-am642-evm-u-boot.dtsi b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> >>>> index 03688a51a3..db0a529f0f 100644
> >>>> --- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> >>>> +++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
> >>>> @@ -2,6 +2,9 @@
> >>>> /*
> >>>> * Copyright (C) 2020-2021 Texas Instruments Incorporated - https://www.ti.com/
> >>>> */
> >>>> +#include <config.h>
> >>>> +
> >>>> +#include "k3-am642-evm-binman.dtsi"
> >>>> / {
> >>>> chosen {
> >>>> diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
> >>>> index a01bf23514..a4c561254d 100644
> >>>> --- a/arch/arm/mach-k3/Kconfig
> >>>> +++ b/arch/arm/mach-k3/Kconfig
> >>>> @@ -15,6 +15,7 @@ config SOC_K3_J721S2
> >>>> config SOC_K3_AM642
> >>>> bool "TI's K3 based AM642 SoC Family Support"
> >>>> + select BINMAN if TARGET_AM642_A53_EVM
> >>>> endchoice
> >>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
> >>>> index da458bcfb2..d2c490818a 100644
> >>>> --- a/arch/arm/mach-k3/config.mk
> >>>> +++ b/arch/arm/mach-k3/config.mk
> >>>> @@ -47,6 +47,7 @@ tiboot3.bin: image_check FORCE
> >>>> INPUTS-y += tiboot3.bin
> >>>> endif
> >>>> +ifndef CONFIG_BINMAN
> >>>> ifdef CONFIG_ARM64
> >>>> ifeq ($(CONFIG_SOC_K3_J721E),)
> >>>> @@ -77,9 +78,11 @@ cmd_k3_mkits = \
> >>>> $(SPL_ITS): FORCE
> >>>> $(call cmd,k3_mkits)
> >>>> endif
> >>>> +endif
> >>>> else
> >>>> +ifndef CONFIG_BINMAN
> >>>> ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> >>>> INPUTS-y += u-boot.img_HS
> >>>> else
> >>>> @@ -87,4 +90,8 @@ INPUTS-y += u-boot.img
> >>>> endif
> >>>> endif
> >>>> +endif
> >>>> +
> >>>> +ifndef CONFIG_BINMAN
> >>>> include $(srctree)/arch/arm/mach-k3/config_secure.mk
> >>>> +endif
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-26 14:15 ` Tom Rini
@ 2022-05-27 17:50 ` Alper Nebi Yasak
2022-05-31 5:06 ` Roger Quadros
0 siblings, 1 reply; 17+ messages in thread
From: Alper Nebi Yasak @ 2022-05-27 17:50 UTC (permalink / raw)
To: Roger Quadros; +Cc: Andrew Davis, sjg, vigneshr, nm, praneeth, u-boot, Tom Rini
On 26/05/2022 17:15, Tom Rini wrote:
> On Thu, May 26, 2022 at 10:28:45AM +0300, Roger Quadros wrote:
>> Any thoughts on how to get the new ti-secure etype work with atf-bl31 and
>> tee-os etypes so that it can take the data output of those entries and create
>> a signed binary with filenames from those entries or atf-bl31-path and
>> tee-os-path?
>>
>> Can something like this work?
>>
>> ti-secure {
>> atf-bl31 {
>> filename = "bl31.bin";
>> };
>> }
>>
>> We could probably get rid of filename property from ti-secure etype and use
>> blob for regular files.
>>
>> ti-secure {
>> blob {
>> filename = "somefile.ext";
>> }
>> }
This would definitely work, see etype/mkimage.py for example. I'd prefer
to know the file-format details (and maybe replicate them in binman) if
you could afford to publish them, though...
Sorry I couldn't look at either series yet, but I see mentions of
k3_fit_atf.sh, so let me point out another series [1][2] that might also
interest you:
[1] [RESEND, RFC 0/8] Integration of sysfw and tispl with U-Boot
https://lore.kernel.org/u-boot/20220406122919.6104-1-n-francis@ti.com/
[2] [PATCH RFC v2 00/11] Integration of sysfw, tispl and tiboot3
https://lore.kernel.org/u-boot/20220506043759.8193-1-n-francis@ti.com/
>
> Adding in Alper as well..
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-27 17:50 ` Alper Nebi Yasak
@ 2022-05-31 5:06 ` Roger Quadros
2022-05-31 14:15 ` Andrew Davis
0 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-05-31 5:06 UTC (permalink / raw)
To: Alper Nebi Yasak, Andrew F. Davis, Nishanth Menon
Cc: sjg, vigneshr, praneeth, u-boot, Tom Rini, n-francis
Hi,
On 27/05/2022 20:50, Alper Nebi Yasak wrote:
> On 26/05/2022 17:15, Tom Rini wrote:
>> On Thu, May 26, 2022 at 10:28:45AM +0300, Roger Quadros wrote:
>>> Any thoughts on how to get the new ti-secure etype work with atf-bl31 and
>>> tee-os etypes so that it can take the data output of those entries and create
>>> a signed binary with filenames from those entries or atf-bl31-path and
>>> tee-os-path?
>>>
>>> Can something like this work?
>>>
>>> ti-secure {
>>> atf-bl31 {
>>> filename = "bl31.bin";
>>> };
>>> }
>>>
>>> We could probably get rid of filename property from ti-secure etype and use
>>> blob for regular files.
>>>
>>> ti-secure {
>>> blob {
>>> filename = "somefile.ext";
>>> }
>>> }
>
> This would definitely work, see etype/mkimage.py for example. I'd prefer
> to know the file-format details (and maybe replicate them in binman) if
> you could afford to publish them, though...
This is a question to Nishanth/Andrew.
>
>
> Sorry I couldn't look at either series yet, but I see mentions of
> k3_fit_atf.sh, so let me point out another series [1][2] that might also
> interest you:
>
> [1] [RESEND, RFC 0/8] Integration of sysfw and tispl with U-Boot
> https://lore.kernel.org/u-boot/20220406122919.6104-1-n-francis@ti.com/
>
> [2] [PATCH RFC v2 00/11] Integration of sysfw, tispl and tiboot3
> https://lore.kernel.org/u-boot/20220506043759.8193-1-n-francis@ti.com/
Thanks for this pointer. I will review those patches and see how we can
consolidate.
cheers,
-roger
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-31 5:06 ` Roger Quadros
@ 2022-05-31 14:15 ` Andrew Davis
2022-06-02 17:34 ` Alper Nebi Yasak
0 siblings, 1 reply; 17+ messages in thread
From: Andrew Davis @ 2022-05-31 14:15 UTC (permalink / raw)
To: Roger Quadros, Alper Nebi Yasak, Nishanth Menon
Cc: sjg, vigneshr, praneeth, u-boot, Tom Rini, n-francis
On 5/31/22 12:06 AM, Roger Quadros wrote:
> Hi,
>
> On 27/05/2022 20:50, Alper Nebi Yasak wrote:
>> On 26/05/2022 17:15, Tom Rini wrote:
>>> On Thu, May 26, 2022 at 10:28:45AM +0300, Roger Quadros wrote:
>>>> Any thoughts on how to get the new ti-secure etype work with atf-bl31 and
>>>> tee-os etypes so that it can take the data output of those entries and create
>>>> a signed binary with filenames from those entries or atf-bl31-path and
>>>> tee-os-path?
>>>>
>>>> Can something like this work?
>>>>
>>>> ti-secure {
>>>> atf-bl31 {
>>>> filename = "bl31.bin";
>>>> };
>>>> }
>>>>
>>>> We could probably get rid of filename property from ti-secure etype and use
>>>> blob for regular files.
>>>>
>>>> ti-secure {
>>>> blob {
>>>> filename = "somefile.ext";
>>>> }
>>>> }
>>
>> This would definitely work, see etype/mkimage.py for example. I'd prefer
>> to know the file-format details (and maybe replicate them in binman) if
>> you could afford to publish them, though...
>
> This is a question to Nishanth/Andrew.
>
What file format are we talking about here? If it is the signed format,
it's an attached x509 certificate, that is already published [0] and
the tools to make it are public [1].
There is also an effort to replicate some of this in binman too [2].
Thanks,
Andrew
[0] https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html
[1] https://git.ti.com/cgit/security-development-tools/core-secdev-k3
[2] https://lore.kernel.org/all/20220510200511.GK3901321@bill-the-cat/T/
>>
>>
>> Sorry I couldn't look at either series yet, but I see mentions of
>> k3_fit_atf.sh, so let me point out another series [1][2] that might also
>> interest you:
>>
>> [1] [RESEND, RFC 0/8] Integration of sysfw and tispl with U-Boot
>> https://lore.kernel.org/u-boot/20220406122919.6104-1-n-francis@ti.com/
>>
>> [2] [PATCH RFC v2 00/11] Integration of sysfw, tispl and tiboot3
>> https://lore.kernel.org/u-boot/20220506043759.8193-1-n-francis@ti.com/
>
> Thanks for this pointer. I will review those patches and see how we can
> consolidate.
>
> cheers,
> -roger
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin
2022-05-31 14:15 ` Andrew Davis
@ 2022-06-02 17:34 ` Alper Nebi Yasak
0 siblings, 0 replies; 17+ messages in thread
From: Alper Nebi Yasak @ 2022-06-02 17:34 UTC (permalink / raw)
To: Andrew Davis
Cc: sjg, vigneshr, praneeth, u-boot, Tom Rini, n-francis,
Roger Quadros, Nishanth Menon
On 31/05/2022 17:15, Andrew Davis wrote:
> On 5/31/22 12:06 AM, Roger Quadros wrote:
>> On 27/05/2022 20:50, Alper Nebi Yasak wrote:
>>> This would definitely work, see etype/mkimage.py for example. I'd prefer
>>> to know the file-format details (and maybe replicate them in binman) if
>>> you could afford to publish them, though...
>>
>> This is a question to Nishanth/Andrew.
>
> What file format are we talking about here? If it is the signed format,
> it's an attached x509 certificate, that is already published [0] and
> the tools to make it are public [1].
Thanks, I meant this. I saw 'secure-binary-image.sh' in the first patch,
which lead me to 'doc/README.ti-secure', which mentions NDA and logins,
so I stopped looking there.
> There is also an effort to replicate some of this in binman too [2].
>
> Thanks,
> Andrew
>
> [0] https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html
> [1] https://git.ti.com/cgit/security-development-tools/core-secdev-k3
> [2] https://lore.kernel.org/all/20220510200511.GK3901321@bill-the-cat/T/
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table
2022-05-09 7:29 ` [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table Roger Quadros
@ 2022-06-10 13:42 ` Tom Rini
2022-06-11 8:43 ` Roger Quadros
0 siblings, 1 reply; 17+ messages in thread
From: Tom Rini @ 2022-06-10 13:42 UTC (permalink / raw)
To: Roger Quadros; +Cc: sjg, vigneshr, nm, praneeth, u-boot
[-- Attachment #1: Type: text/plain, Size: 248 bytes --]
On Mon, May 09, 2022 at 10:29:35AM +0300, Roger Quadros wrote:
> This is required for overlays to work at SPL.
>
> Signed-off-by: Roger Quadros <rogerq@kernel.org>
This breaks booting my dra7xx_evm and I get no output in SPL.
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table
2022-06-10 13:42 ` Tom Rini
@ 2022-06-11 8:43 ` Roger Quadros
2022-06-11 13:26 ` Tom Rini
0 siblings, 1 reply; 17+ messages in thread
From: Roger Quadros @ 2022-06-11 8:43 UTC (permalink / raw)
To: Tom Rini; +Cc: sjg, vigneshr, nm, praneeth, u-boot
On 10/06/2022 16:42, Tom Rini wrote:
> On Mon, May 09, 2022 at 10:29:35AM +0300, Roger Quadros wrote:
>
>> This is required for overlays to work at SPL.
>>
>> Signed-off-by: Roger Quadros <rogerq@kernel.org>
>
> This breaks booting my dra7xx_evm and I get no output in SPL.
>
Thanks for checking. I'll try to debug what's wrong using beagle_x15.
Is SPL size increase to blame?
Maybe we should enable this only based on some config symbol?
cheers,
-roger
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table
2022-06-11 8:43 ` Roger Quadros
@ 2022-06-11 13:26 ` Tom Rini
0 siblings, 0 replies; 17+ messages in thread
From: Tom Rini @ 2022-06-11 13:26 UTC (permalink / raw)
To: Roger Quadros; +Cc: sjg, vigneshr, nm, praneeth, u-boot
[-- Attachment #1: Type: text/plain, Size: 708 bytes --]
On Sat, Jun 11, 2022 at 11:43:48AM +0300, Roger Quadros wrote:
> On 10/06/2022 16:42, Tom Rini wrote:
> > On Mon, May 09, 2022 at 10:29:35AM +0300, Roger Quadros wrote:
> >
> >> This is required for overlays to work at SPL.
> >>
> >> Signed-off-by: Roger Quadros <rogerq@kernel.org>
> >
> > This breaks booting my dra7xx_evm and I get no output in SPL.
> >
>
> Thanks for checking. I'll try to debug what's wrong using beagle_x15.
> Is SPL size increase to blame?
>
> Maybe we should enable this only based on some config symbol?
We're likely running out of memory space in one way or another, yes. So
making this opt-in when needed rather than default is probably best.
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2022-06-11 13:26 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-09 7:29 [u-boot PATCH 0/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 1/3] tools: binman: add ti-secure entry type Roger Quadros
2022-05-09 7:29 ` [u-boot PATCH 2/3] tools/fdtgrep: Include __symbols__ table Roger Quadros
2022-06-10 13:42 ` Tom Rini
2022-06-11 8:43 ` Roger Quadros
2022-06-11 13:26 ` Tom Rini
2022-05-09 7:29 ` [u-boot PATCH 3/3] k3-am642-evm-u-boot: Use binman to generate u-boot.img and tispl.bin Roger Quadros
2022-05-24 22:03 ` Andrew Davis
2022-05-25 8:30 ` Roger Quadros
2022-05-25 15:14 ` Andrew Davis
2022-05-26 7:28 ` Roger Quadros
2022-05-26 14:15 ` Tom Rini
2022-05-27 17:50 ` Alper Nebi Yasak
2022-05-31 5:06 ` Roger Quadros
2022-05-31 14:15 ` Andrew Davis
2022-06-02 17:34 ` Alper Nebi Yasak
2022-05-09 13:39 ` [u-boot PATCH 0/3] " Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.