Add a test for this code. It requires some defconfig files and a test
Kconfig to work with, so copy these into the temporary directory at the
start.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than using the global thoughout each function, pass in these
values. This allows tests to use different values when testing the same
functions.
Improve a few comments while we are here.
No functional change is intended.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed anymore, so drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 252ed872 ("kconfig: remove meaningless prefixes in defconfig files")
The -D option is used, but plumb it through --debug to enable a full
traceback when something goes wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the
dtb and checks if the required nodes will be added to the images dtb.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype 'u-boot-spl-pubkey-dtb'. The etype adds the public
key from a certificate to the dtb. This creates a '/signature' node which
is turn contains the fields which make up the public key. Usually this
is done by 'mkimage -K'. However, 'binman sign' does not add the public
key to the SPL. This is why the pubkey is added using this etype.
The etype calls the underlying 'fdt_add_pubkey' tool.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add documentation for btool which calls 'fdt_add_pubkey'
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The method 'connect_contents_to_file()' calls ObtainsContents() with
'fake_size' argument. Without providing the argument in the blob_dtb
we are not able to call this method without error.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While signing a fit compressed data (i.e. 'blob-ext') is decompressed,
but never compressed again. When compressed data was wrapped in a
section, decompression leads to an error because the outer section had
the original compressed size but the inner entry has the
uncompressed size now.
While singing there is no reason to decompress data. Thus, decompression
should be disabled.
Furthermore, bintools should be collected before loading the data. This
way bintools are available if processing is required on a node.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The new encrypted etype generates a cipher node in the device tree
that should not be evaluated by binman, but still be kept in the
output device tree.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a new etype encrypted.
It creates a new cipher node in the related image similar to the
cipher node used by u-boot, see boot/image-cipher.c.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the use of a numbered key file since numbering is just for the test
devicetree files. Also adjust the tests to avoid putting a hard-coded
path to binman in the file, using the entry arg instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that buildman has a requirements.txt file we need to make use of it.
Reviewed-by: Simon Glass <sjg@chromium.org>
[n-francis@ti.com: Adding missing command from .azure-pipelines.yml]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point, buildman requires a few different modules and so we need
a requirements.txt to track what modules are needed.
Cc: Simon Glass <sjg@chromium.org>
Cc: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Without this re-building will fail with an error when trying to create
the symlink for the second time with an already exists error.
Signed-off-by: Andrew Davis <afd@ti.com>
[n-francis@ti.com: Added support for test output dir and testcase]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Earlier documentation specified builds for generating bootloader images
using an external TI repository k3-image-gen and core-secdev-k3. Modify
this to using the binman flow so that user understands how to build the
final boot images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Since binman is used to package bootloader images for all K3 devices, we
do not have to rely on the earlier methods to package them.
Scripts that were used to generate x509 certificate for tiboot3.bin and
generate tispl.bin, u-boot.img have been removed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Move to using binman to generate tispl.bin which is used to generate the
final flash.bin bootloader for iot2050 boards.
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
By providing entries in the binman node of the device tree, binman will
be able to find and package board config artifacts generated by
TIBoardConfig with sysfw.bin and generate the final image sysfw.itb.
It will also pick out the R5 SPL and sign it with the help of TI signing
entry and generate the final tiboot3.bin.
Entries for A72 build have been added to k3-j721e-binman.dtsi to
generate tispl.bin and u-boot.img.
Support has been added for both HS-SE(SR 1.1), HS-FS(SR 2.0) and GP images
In HS-SE, the encrypted system firmware binary must be signed along with
the signed certificate binary.
HS-SE:
* tiboot3-j721e_sr1_1-hs-evm.bin
* sysfw-j721e_sr1_1-hs-evm.itb
* tispl.bin
* u-boot.img
HS-FS:
* tiboot3-j721e_sr2-hs-fs-evm.bin
* sysfw-j721e_sr2-hs-fs-evm.itb
* tispl.bin
* u-boot.img
GP:
* tiboot3.bin -->tiboot3-j721e-gp-evm.bin
* sysfw.itb --> sysfw-j721e-gp-evm.itb
* tispl.bin_unsigned
* u-boot.img_unsigned
It is to be noted that the bootflow followed by J721E requires:
tiboot3.bin:
* R5 SPL
* R5 SPL dtbs
sysfw.itb:
* TIFS
* board-cfg
* pm-cfg
* sec-cfg
* rm-cfg
tispl.bin:
* DM
* ATF
* OP-TEE
* A72 SPL
* A72 SPL dtbs
u-boot.img:
* A72 U-Boot
* A72 U-Boot dtbs
Reviewed-by: Simon Glass <sjg@chromium.org>
[afd@ti.com: changed output binary names appropriately]
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Schema file in YAML must be provided in board/ti/common for validating
input config files and packaging system firmware. The schema includes
entries for rm-cfg, board-cfg, pm-cfg and sec-cfg.
Board config files must be provided in board/ti/<devicename> in YAML.
These can then be consumed for generation of binaries to package system
firmware. Added YAML configs for J721E in particular.
Signed-off-by: Tarun Sahu <t-sahu@ti.com>
[n-francis@ti.com: prepared patch for upstreaming]
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Board config binary artifacts must be generated to be used by binman to
package sysfw.itb and tiboot3.bin for all K3 devices.
For devices that follow combined flow, these board configuration
binaries must again be packaged into a combined board configuration
blobs to be used by binman to package tiboot3.bin.
Add common k3-binman.dtsi to generate all the board configuration
binaries needed.
Also add custMpk.pem and ti-degenerate-key.pem needed for signing GP and
HS bootloader images common to all K3 devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
The ti-board-config entry loads and validates a given YAML config file
against a given schema, and generates the board config binary. K3
devices require these binaries to be packed into the final system
firmware images.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Using `default y` will not select BMP when CMD_BMP has been enabled, if
it was already configured.
By using `select`, if `CMD_BMP` is turned on, it will force the presence
of `BMP`.
Fixes: 072b0e16c4 ("common: Kconfig: Add BMP configs")
Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
To understand usage of DDR in A53 SPL stage, add a table showing region
and space used by major components of SPL.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Use config SPL_VIDEO_REMOVE to remove video driver at SPL stage before
jumping to next stage, in place of CONFIG_SPL_VIDEO, to allow user to
remove video if required.
Signed-off-by: Nikhil M Jain <n-jain1@ti.com>
Reviewed-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>