Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-10 15:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts

Browse source 
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Neha Malcom Francis 2023-10-23 13:31:02 +05:30 committed by Tom Rini
parent ad8dbabc22
commit a4ed4c8a51
5 changed files with 17 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tools/binman/btool/openssl.py
View file

@ -155,6 +155,7 @@ authInPlace = INTEGER:2
C, ST, L, O, OU, CN and emailAddress C, ST, L, O, OU, CN and emailAddress
cert_type (int): Certification type cert_type (int): Certification type
bootcore (int): Booting core bootcore (int): Booting core
bootcore_opts(int): Booting core option, lockstep (0) or split (2) mode
load_addr (int): Load address of image load_addr (int): Load address of image
sha (int): Hash function sha (int): Hash function
@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw, imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw,
hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data, hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data,
hashval_sysfw_data, sysfw_inner_cert_ext_boot_block, hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
dm_data_ext_boot_block): dm_data_ext_boot_block, bootcore_opts):
"""Create a certificate """Create a certificate
Args: Args:
@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
bootcore (int): Booting core bootcore (int): Booting core
load_addr (int): Load address of image load_addr (int): Load address of image
sha (int): Hash function sha (int): Hash function
bootcore_opts (int): Booting core option, lockstep (0) or split (2) mode
Returns: Returns:
str: Tool output str: Tool output
@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data
[sbl] [sbl]
compType = INTEGER:1 compType = INTEGER:1
bootCore = INTEGER:16 bootCore = INTEGER:16
compOpts = INTEGER:0 compOpts = INTEGER:{bootcore_opts}
destAddr = FORMAT:HEX,OCT:{load_addr:08x} destAddr = FORMAT:HEX,OCT:{load_addr:08x}
compSize = INTEGER:{imagesize_sbl} compSize = INTEGER:{imagesize_sbl}
shaType = OID:{sha_type} shaType = OID:{sha_type}

1
tools/binman/entries.rst
View file

@ -1944,6 +1944,7 @@ Properties / Entry arguments:
- core: core on which bootloader runs, valid cores are 'secure' and 'public' - core: core on which bootloader runs, valid cores are 'secure' and 'public'
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
in case of combined bootflow in case of combined bootflow
- core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
The following properties are only for generating a combined bootflow binary: The following properties are only for generating a combined bootflow binary:
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate - sysfw-inner-cert: boolean if binary contains sysfw inner certificate

11
tools/binman/etype/ti_secure_rom.py
View file

@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
- core: core on which bootloader runs, valid cores are 'secure' and 'public' - core: core on which bootloader runs, valid cores are 'secure' and 'public'
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
in case of combined bootflow in case of combined bootflow
- core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
The following properties are only for generating a combined bootflow binary: The following properties are only for generating a combined bootflow binary:
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.sha = fdt_util.GetInt(self._node, 'sha', 512)
self.core = fdt_util.GetString(self._node, 'core', 'secure') self.core = fdt_util.GetString(self._node, 'core', 'secure')
self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
self.key_fname = self.GetEntryArgsOrProps([ self.key_fname = self.GetEntryArgsOrProps([
EntryArg('keyfile', str)], required=True)[0] EntryArg('keyfile', str)], required=True)[0]
if self.combined: if self.combined:
@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert):
bytes content of the entry, which is the certificate binary for the bytes content of the entry, which is the certificate binary for the
provided data provided data
""" """
if self.bootcore_opts is None:
self.bootcore_opts = 0
if self.core == 'secure': if self.core == 'secure':
if self.countersign: if self.countersign:
self.cert_type = 3 self.cert_type = 3
else: else:
self.cert_type = 2 self.cert_type = 2
self.bootcore = 0 self.bootcore = 0
self.bootcore_opts = 32
else: else:
self.cert_type = 1 self.cert_type = 1
self.bootcore = 16 self.bootcore = 16
self.bootcore_opts = 0
return super().GetCertificate(required=required, type='rom') return super().GetCertificate(required=required, type='rom')
def CombinedGetCertificate(self, required): def CombinedGetCertificate(self, required):
@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
self.num_comps = 3 self.num_comps = 3
self.sha_type = SHA_OIDS[self.sha] self.sha_type = SHA_OIDS[self.sha]
if self.bootcore_opts is None:
self.bootcore_opts = 0
# sbl # sbl
self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
input_data_sbl = self.GetContents(required) input_data_sbl = self.GetContents(required)

3
tools/binman/etype/x509_cert.py
View file

@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection):
imagesize_sysfw_data=self.imagesize_sysfw_data, imagesize_sysfw_data=self.imagesize_sysfw_data,
hashval_sysfw_data=self.hashval_sysfw_data, hashval_sysfw_data=self.hashval_sysfw_data,
sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
dm_data_ext_boot_block=self.dm_data_ext_boot_block dm_data_ext_boot_block=self.dm_data_ext_boot_block,
bootcore_opts=self.bootcore_opts
) )
if stdout is not None: if stdout is not None:
data = tools.read_file(output_fname) data = tools.read_file(output_fname)

1
tools/binman/test/297_ti_secure_rom.dts
View file

@ -9,6 +9,7 @@
binman { binman {
ti-secure-rom { ti-secure-rom {
content = <&unsecure_binary>; content = <&unsecure_binary>;
core-opts = <2>;
}; };
unsecure_binary: blob-ext { unsecure_binary: blob-ext {
filename = "ti_unsecure.bin"; filename = "ti_unsecure.bin";