FIT signature requires the updates to u-boot.dtb and the DTB that we
pack don't get updates with the changes of the signature node.
Pack u-boot.dtb as the default DTB so that the signature node changes
can be reflected in them.
(Note, this is only packaging the primary platform and the secondary
platform will require manual changes for the FIT signature enablement)
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
[ add additional boards that were missing ]
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fit signature mechanism through the standards require the presence of
.key and .crt in the folder with the same name, since we are using our
custMpk only for the signing, update the format to that of standards to
be compatible for packaging easily.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Default to common bootcmd that is set across all k3 devices.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Since K3 devices are moving towards distroboot, remove duplicates and
add it in common file to import from.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
[trini: Add am65x_evm to this patch]
Signed-off-by: Tom Rini <trini@konsulko.com>
The 'gsub' setexpr sub command is using when creating the FIT image
configuration string on K3 devices. Enable this for K3.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
This is used when building the FIT image configuration string. Enable
it for all FIT using TI platforms.
Signed-off-by: Andrew Davis <afd@ti.com>
[ extend to other k3 boards ]
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Since get_fdt_mmc is common, factor it out into mmc.env and remove
it from each platform env file along with changing the directory path to
reflect the standards. Use it in mmcloados but keep loadfdt
defined in case it is still used by some external uEnv.txt script.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
In Linux the ARM64 DTSs are stored in vendor directories to help organize
the files and prevent naming collisions. The deployed DTBs will mirror
this and so the vendor prefix should be added to the variable used to
locate these files.
Suggested-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Nikhil M Jain <n-jain1@ti.com>
Having saved environments usually causes inconsistencies while in
development workflow. The saved environments conflict with the
default ones that U-boot should be updating during development
but that doesn't happen and the saved environments need to be
reset during bootups to test the changes causing extra debugs.
Remove the saved environments as a default. Environments can always
be re-enabled locally if one does like them or needs them for
some production environment. Optionally, Uenv.txt can also be used on
some of the boot media.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
The background firewall calculations were wrong, fix that to determine
both the background and foreground correctly.
Fixes: 8bfce2f998 ("arm: mach-k3: common: reorder removal of firewalls")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Set fdtfile env variable similar to other k3 socs.
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Nikhil M Jain <n-jain1@ti.com>
Fix the regression that occurred during the alignment of binman series
merges along with these HS fixes that caused silent regression in this.
Fixes: 30a7ee87fd ("Kconfig: j721s2: Change K3_MCU_SCRATCHPAD_BASE to non firewalled region")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Fix regression occurred during refactoring for the mentioned commit.
Fixes: bd6a247593 ("arm: mach-k3: security: separate out validating binary logic")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Now that buildman has a requirements.txt file we need to make use of it.
Reviewed-by: Simon Glass <sjg@chromium.org>
[n-francis@ti.com: Adding missing command from .azure-pipelines.yml]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point, buildman requires a few different modules and so we need
a requirements.txt to track what modules are needed.
Cc: Simon Glass <sjg@chromium.org>
Cc: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Earlier documentation specified builds for generating bootloader images
using an external TI repository k3-image-gen and core-secdev-k3. Modify
this to using the binman flow so that user understands how to build the
final boot images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Since binman is used to package bootloader images for all K3 devices, we
do not have to rely on the earlier methods to package them.
Scripts that were used to generate x509 certificate for tiboot3.bin and
generate tispl.bin, u-boot.img have been removed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Move to using binman to generate tispl.bin which is used to generate the
final flash.bin bootloader for iot2050 boards.
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
By providing entries in the binman node of the device tree, binman will
be able to find and package board config artifacts generated by
TIBoardConfig with sysfw.bin and generate the final image sysfw.itb.
It will also pick out the R5 SPL and sign it with the help of TI signing
entry and generate the final tiboot3.bin.
Entries for A72 build have been added to k3-j721e-binman.dtsi to
generate tispl.bin and u-boot.img.
Support has been added for both HS-SE(SR 1.1), HS-FS(SR 2.0) and GP images
In HS-SE, the encrypted system firmware binary must be signed along with
the signed certificate binary.
HS-SE:
* tiboot3-j721e_sr1_1-hs-evm.bin
* sysfw-j721e_sr1_1-hs-evm.itb
* tispl.bin
* u-boot.img
HS-FS:
* tiboot3-j721e_sr2-hs-fs-evm.bin
* sysfw-j721e_sr2-hs-fs-evm.itb
* tispl.bin
* u-boot.img
GP:
* tiboot3.bin -->tiboot3-j721e-gp-evm.bin
* sysfw.itb --> sysfw-j721e-gp-evm.itb
* tispl.bin_unsigned
* u-boot.img_unsigned
It is to be noted that the bootflow followed by J721E requires:
tiboot3.bin:
* R5 SPL
* R5 SPL dtbs
sysfw.itb:
* TIFS
* board-cfg
* pm-cfg
* sec-cfg
* rm-cfg
tispl.bin:
* DM
* ATF
* OP-TEE
* A72 SPL
* A72 SPL dtbs
u-boot.img:
* A72 U-Boot
* A72 U-Boot dtbs
Reviewed-by: Simon Glass <sjg@chromium.org>
[afd@ti.com: changed output binary names appropriately]
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Schema file in YAML must be provided in board/ti/common for validating
input config files and packaging system firmware. The schema includes
entries for rm-cfg, board-cfg, pm-cfg and sec-cfg.
Board config files must be provided in board/ti/<devicename> in YAML.
These can then be consumed for generation of binaries to package system
firmware. Added YAML configs for J721E in particular.
Signed-off-by: Tarun Sahu <t-sahu@ti.com>
[n-francis@ti.com: prepared patch for upstreaming]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Board config binary artifacts must be generated to be used by binman to
package sysfw.itb and tiboot3.bin for all K3 devices.
For devices that follow combined flow, these board configuration
binaries must again be packaged into a combined board configuration
blobs to be used by binman to package tiboot3.bin.
Add common k3-binman.dtsi to generate all the board configuration
binaries needed.
Also add custMpk.pem and ti-degenerate-key.pem needed for signing GP and
HS bootloader images common to all K3 devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Using `default y` will not select BMP when CMD_BMP has been enabled, if
it was already configured.
By using `select`, if `CMD_BMP` is turned on, it will force the presence
of `BMP`.
Fixes: 072b0e16c4 ("common: Kconfig: Add BMP configs")
Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
To understand usage of DDR in A53 SPL stage, add a table showing region
and space used by major components of SPL.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Use config SPL_VIDEO_REMOVE to remove video driver at SPL stage before
jumping to next stage, in place of CONFIG_SPL_VIDEO, to allow user to
remove video if required.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is required since user may want to either call the remove method
of video driver and reset the display or not call the remove method
to continue displaying until next stage.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
U-boot proper can use frame buffer address passed from SPL to reserve
the memory area used by framebuffer set in SPL so that splash image
set in SPL continues to get displayed while u-boot proper is running.
Put the framebuffer address and size in a bloblist to make them
available at u-boot proper, if in u-boot proper CONFIG_VIDEO is defined.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add method to reserve video framebuffer information using blob,
received from previous stage.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use spl_dcache_enable, in place of setup_dram, arch_reserve_mmu to set
up pagetable, initialise DRAM and enable Dcache to avoid multiple
function calls.
Check for CONFIG_SPL_VIDEO in place of CONFIG_SPL_VIDEO_TIDSS to prevent
any build failure in case video config is not defined and video related
functions are called.
Check for CONFIG_SPL_SPLASH_SCREEN and CONFIG_SPL_BMP before calling
splash_display to avoid compilation failure.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
In spl_dcache_enable after setting up page table, set gd->relocaddr
pointer to tlb_addr, to get next location to reserve memory. Align
tlb_addr with 64KB address.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Devarsh Thakkar <devarsht@ti.com>
At SPL stage when stack is relocated, the stack pointer needs to be
updated, the stack pointer may point to stack in on chip memory even
though stack is relocated.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
There is little need to print the devstat information or when we exit a
function during a typical boot. Remove them to reduce the noise during
typical operation
Signed-off-by: Bryan Brattlof <bb@ti.com>