LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts 

According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
This commit is contained in:
Neha Malcom Francis 2023-10-06 15:59:54 +05:30 committed by Udit Kumar
parent d9d7433027
commit d43c636437
4 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/binman/btool/openssl.py
View File

@ -155,6 +155,7 @@ authInPlace = INTEGER:2
C, ST, L, O, OU, CN and emailAddress C, ST, L, O, OU, CN and emailAddress
cert_type (int): Certification type cert_type (int): Certification type
bootcore (int): Booting core bootcore (int): Booting core
bootcore_opts(int): Booting core option (split/lockstep mode)
load_addr (int): Load address of image load_addr (int): Load address of image
sha (int): Hash function sha (int): Hash function

1
tools/binman/entries.rst
View File

@ -1739,6 +1739,7 @@ Properties / Entry arguments:
- core: core on which bootloader runs, valid cores are 'secure' and 'public' - core: core on which bootloader runs, valid cores are 'secure' and 'public'
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
in case of combined bootflow in case of combined bootflow
- core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
The following properties are only for generating a combined bootflow binary: The following properties are only for generating a combined bootflow binary:
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate - sysfw-inner-cert: boolean if binary contains sysfw inner certificate

16
tools/binman/etype/ti_secure_rom.py
View File

@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
- core: core on which bootloader runs, valid cores are 'secure' and 'public' - core: core on which bootloader runs, valid cores are 'secure' and 'public'
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
in case of combined bootflow in case of combined bootflow
- core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
The following properties are only for generating a combined bootflow binary: The following properties are only for generating a combined bootflow binary:
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
@ -70,6 +71,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.sha = fdt_util.GetInt(self._node, 'sha', 512)
self.core = fdt_util.GetString(self._node, 'core', 'secure') self.core = fdt_util.GetString(self._node, 'core', 'secure')
self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
self.key_fname = self.GetEntryArgsOrProps([ self.key_fname = self.GetEntryArgsOrProps([
EntryArg('keyfile', str)], required=True)[0] EntryArg('keyfile', str)], required=True)[0]
if self.combined: if self.combined:
@ -98,22 +100,19 @@ class Entry_ti_secure_rom(Entry_x509_cert):
bytes content of the entry, which is the certificate binary for the bytes content of the entry, which is the certificate binary for the
provided data provided data
""" """
if self.bootcore_opts is None:
self.bootcore_opts = 0
if self.core == 'secure': if self.core == 'secure':
if self.countersign: if self.countersign:
self.cert_type = 3 self.cert_type = 3
else: else:
self.cert_type = 2 self.cert_type = 2
if self.fsstub:
self.bootcore_opts = 0
else:
self.bootcore_opts = 32
self.bootcore = 0 self.bootcore = 0
else: else:
self.cert_type = 1 self.cert_type = 1
self.bootcore = 16 self.bootcore = 16
self.bootcore_opts = 0
return super().GetCertificate(required=required, type='rom') return super().GetCertificate(required=required, type='rom')
def CombinedGetCertificate(self, required): def CombinedGetCertificate(self, required):
@ -132,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
self.num_comps = 3 self.num_comps = 3
self.sha_type = SHA_OIDS[self.sha] self.sha_type = SHA_OIDS[self.sha]
if self.bootcore_opts is None:
self.bootcore_opts = 0
# sbl # sbl
self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
input_data_sbl = self.GetContents(required) input_data_sbl = self.GetContents(required)

1
tools/binman/test/280_ti_secure_rom.dts
View File

@ -9,6 +9,7 @@
binman { binman {
ti-secure-rom { ti-secure-rom {
content = <&unsecure_binary>; content = <&unsecure_binary>;
core-opts = <2>;
}; };
unsecure_binary: blob-ext { unsecure_binary: blob-ext {
filename = "ti_unsecure.bin"; filename = "ti_unsecure.bin";