The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Move the DM entry in tispl.bin FIT image from default fetching an
external blob entry to fetching using ti-dm entry type. This way, the
DM entry will be populated by the TI_DM pathname if provided. Else it
will resort to the ti-dm.bin file.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reduce redundancy in code by using templates to generate the A72 boot
binaries (tispl.bin and u-boot.img) as well as R5 boot binary sysfw.itb
(for legacy boot following devices J721E and AM65x).
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Manorit Chawdhry <m-chawdhry@ti.com>
FIT signature requires the updates to u-boot.dtb and the DTB that we
pack don't get updates with the changes of the signature node.
Pack u-boot.dtb as the default DTB so that the signature node changes
can be reflected in them.
(Note, this is only packaging the primary platform and the secondary
platform will require manual changes for the FIT signature enablement)
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
[ add additional boards that were missing ]
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
By providing entries in the binman node of the device tree, binman will
be able to find and package board config artifacts generated by
TIBoardConfig with sysfw.bin and generate the final image sysfw.itb.
It will also pick out the R5 SPL and sign it with the help of TI signing
entry and generate the final tiboot3.bin.
Entries for A72 build have been added to k3-j721e-binman.dtsi to
generate tispl.bin and u-boot.img.
Support has been added for both HS-SE(SR 1.1), HS-FS(SR 2.0) and GP images
In HS-SE, the encrypted system firmware binary must be signed along with
the signed certificate binary.
HS-SE:
* tiboot3-j721e_sr1_1-hs-evm.bin
* sysfw-j721e_sr1_1-hs-evm.itb
* tispl.bin
* u-boot.img
HS-FS:
* tiboot3-j721e_sr2-hs-fs-evm.bin
* sysfw-j721e_sr2-hs-fs-evm.itb
* tispl.bin
* u-boot.img
GP:
* tiboot3.bin -->tiboot3-j721e-gp-evm.bin
* sysfw.itb --> sysfw-j721e-gp-evm.itb
* tispl.bin_unsigned
* u-boot.img_unsigned
It is to be noted that the bootflow followed by J721E requires:
tiboot3.bin:
* R5 SPL
* R5 SPL dtbs
sysfw.itb:
* TIFS
* board-cfg
* pm-cfg
* sec-cfg
* rm-cfg
tispl.bin:
* DM
* ATF
* OP-TEE
* A72 SPL
* A72 SPL dtbs
u-boot.img:
* A72 U-Boot
* A72 U-Boot dtbs
Reviewed-by: Simon Glass <sjg@chromium.org>
[afd@ti.com: changed output binary names appropriately]
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
