mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-09-20 14:41:58 +00:00
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
ad8dbabc22
commit
a4ed4c8a51
5 changed files with 17 additions and 5 deletions
|
@ -155,6 +155,7 @@ authInPlace = INTEGER:2
|
|||
C, ST, L, O, OU, CN and emailAddress
|
||||
cert_type (int): Certification type
|
||||
bootcore (int): Booting core
|
||||
bootcore_opts(int): Booting core option, lockstep (0) or split (2) mode
|
||||
load_addr (int): Load address of image
|
||||
sha (int): Hash function
|
||||
|
||||
|
@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
|
|||
imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw,
|
||||
hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data,
|
||||
hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
|
||||
dm_data_ext_boot_block):
|
||||
dm_data_ext_boot_block, bootcore_opts):
|
||||
"""Create a certificate
|
||||
|
||||
Args:
|
||||
|
@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
|
|||
bootcore (int): Booting core
|
||||
load_addr (int): Load address of image
|
||||
sha (int): Hash function
|
||||
bootcore_opts (int): Booting core option, lockstep (0) or split (2) mode
|
||||
|
||||
Returns:
|
||||
str: Tool output
|
||||
|
@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data
|
|||
[sbl]
|
||||
compType = INTEGER:1
|
||||
bootCore = INTEGER:16
|
||||
compOpts = INTEGER:0
|
||||
compOpts = INTEGER:{bootcore_opts}
|
||||
destAddr = FORMAT:HEX,OCT:{load_addr:08x}
|
||||
compSize = INTEGER:{imagesize_sbl}
|
||||
shaType = OID:{sha_type}
|
||||
|
|
|
@ -1944,6 +1944,7 @@ Properties / Entry arguments:
|
|||
- core: core on which bootloader runs, valid cores are 'secure' and 'public'
|
||||
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries
|
||||
in case of combined bootflow
|
||||
- core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
|
||||
|
||||
The following properties are only for generating a combined bootflow binary:
|
||||
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate
|
||||
|
|
|
@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
|
|||
- core: core on which bootloader runs, valid cores are 'secure' and 'public'
|
||||
- content: phandle of SPL in case of legacy bootflow or phandles of component binaries
|
||||
in case of combined bootflow
|
||||
- core-opts (optional): lockstep (0) or split (2) mode set to 0 by default
|
||||
|
||||
The following properties are only for generating a combined bootflow binary:
|
||||
- sysfw-inner-cert: boolean if binary contains sysfw inner certificate
|
||||
|
@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
|
|||
self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
|
||||
self.sha = fdt_util.GetInt(self._node, 'sha', 512)
|
||||
self.core = fdt_util.GetString(self._node, 'core', 'secure')
|
||||
self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
|
||||
self.key_fname = self.GetEntryArgsOrProps([
|
||||
EntryArg('keyfile', str)], required=True)[0]
|
||||
if self.combined:
|
||||
|
@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert):
|
|||
bytes content of the entry, which is the certificate binary for the
|
||||
provided data
|
||||
"""
|
||||
if self.bootcore_opts is None:
|
||||
self.bootcore_opts = 0
|
||||
|
||||
if self.core == 'secure':
|
||||
if self.countersign:
|
||||
self.cert_type = 3
|
||||
else:
|
||||
self.cert_type = 2
|
||||
self.bootcore = 0
|
||||
self.bootcore_opts = 32
|
||||
else:
|
||||
self.cert_type = 1
|
||||
self.bootcore = 16
|
||||
self.bootcore_opts = 0
|
||||
|
||||
return super().GetCertificate(required=required, type='rom')
|
||||
|
||||
def CombinedGetCertificate(self, required):
|
||||
|
@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
|
|||
self.num_comps = 3
|
||||
self.sha_type = SHA_OIDS[self.sha]
|
||||
|
||||
if self.bootcore_opts is None:
|
||||
self.bootcore_opts = 0
|
||||
|
||||
# sbl
|
||||
self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
|
||||
input_data_sbl = self.GetContents(required)
|
||||
|
|
|
@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection):
|
|||
imagesize_sysfw_data=self.imagesize_sysfw_data,
|
||||
hashval_sysfw_data=self.hashval_sysfw_data,
|
||||
sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
|
||||
dm_data_ext_boot_block=self.dm_data_ext_boot_block
|
||||
dm_data_ext_boot_block=self.dm_data_ext_boot_block,
|
||||
bootcore_opts=self.bootcore_opts
|
||||
)
|
||||
if stdout is not None:
|
||||
data = tools.read_file(output_fname)
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
binman {
|
||||
ti-secure-rom {
|
||||
content = <&unsecure_binary>;
|
||||
core-opts = <2>;
|
||||
};
|
||||
unsecure_binary: blob-ext {
|
||||
filename = "ti_unsecure.bin";
|
||||
|
|
Loading…
Reference in a new issue