When building for secure devices using non-buildman based image generation
the signed tispl.bin file is called tispl.bin_HS. Also build the unsigned
tispl.bin file as expected.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Read the swrv.txt file from the TI Security Development Tools when
TI_SECURE_DEVICE is enabled. This allows us to set our software
revision in one place and have it used by all the tools that create
TI x509 boot certificates.
Signed-off-by: Andrew Davis <afd@ti.com>
The x509 certificate SWRV is currently hard-coded to 0. This need to be
updated to 1 for j721e 1.1, j7200 and am64x. It is don't care for other
k3 devices.
Added new config K3_X509_SWRV to k3. Default is set to 1.
Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
Reviewed-by: Dave Gerlach <d-gerlach@ti.com>
Add DM (device manager) firmware image to the fit image that is loaded by
R5 SPL. This is needed with the HSM rearch where the firmware allocation
has been changed slightly.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
Add support for providing ATF load address with a Kconfig symbol.
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
Link: https://lore.kernel.org/r/20210604163043.12811-2-a-govindraju@ti.com
If SPL_MULTI_DTB_FIT is not enabled, then CONFIG_SPL_OF_LIST is not defined
And in turn tispl.bin ends up not embedding any DTB.
Fixing it by using CONFIG_DEFAULT_DEVICE_TREE if SPL_OF_LIST is empty.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
When binman is in use, most of the targets built by the Makefile are
inputs to binman. We then need a final rule to run binman to produce the
final outputs.
Rename the variable to indicate this, and add a new 'inputs' target.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Buiding u-boot-spl-k3[_HS].its is currently unconditionally verbose
about what it does. Change that by wrapping the call to k3_fit_atf.sh
into a cmd, also using that chance to reduce duplicate lines of makefile
code - only IS_HS=1 is different when CONFIG_TI_SECURE_DEVICE is on.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Lokesh Vutla <lokeshvutla@ti.com>
K3 HS devices require signed binaries for boot, use the SECDEV tools
to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>
For signing the tiboot3.bin image, an optional KEY file can be passed
using CONFIG_SYS_K3_KEY. Right now, Makefile scripts directly takes
the config value and uses it for signing. This is okay if the build
directory is a sub-directory of source tree, otherwise it fails.
Fix it by using the path relative to the source tree.
Reported-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Update Makefiles to generate:
- tiboot3.bin: Image format that can be processed by ROM.
Below is the tiboot3.bin image format that is required by ROM:
_______________________
| X509 |
| Certificate |
| ____________________ |
| | | |
| | u-boot-spl.bin | |
| | | |
| |___________________| |
|_______________________|
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Update Makefile to generate
- tispl.bin: First stage bootloader on ARMv8 core
- u-boot.img: Second stage bootloader on ARMv8 core.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
