Support bootcore_opts field in x509 template. The bootcore_opts argument
had been defined earlier but not utilised into the final certificate.
Fixes: d43c636437 ("binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts")
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 953d4177afa0bee0ba0db4b81036d3197595b997 upstream
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Neha Malcom Francis
Manorit Chawdhry
Simon Glass