mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-01-12 13:18:52 +00:00
121596a98f
Read the swrv.txt file from the TI Security Development Tools when TI_SECURE_DEVICE is enabled. This allows us to set our software revision in one place and have it used by all the tools that create TI x509 boot certificates. Signed-off-by: Andrew Davis <afd@ti.com>
101 lines
2.7 KiB
Makefile
101 lines
2.7 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0+
|
|
#
|
|
# Copyright (C) 2017-2018 Texas Instruments Incorporated - http://www.ti.com/
|
|
# Lokesh Vutla <lokeshvutla@ti.com>
|
|
|
|
ifdef CONFIG_SPL_BUILD
|
|
|
|
# Openssl is required to generate x509 certificate.
|
|
# Error out if openssl is not available.
|
|
ifeq ($(shell which openssl),)
|
|
$(error "No openssl in $(PATH), consider installing openssl")
|
|
endif
|
|
|
|
IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c)
|
|
MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE))
|
|
|
|
ifeq ($(CONFIG_SYS_K3_KEY), "")
|
|
KEY=""
|
|
# On HS use real key or warn if not available
|
|
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
|
|
ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
|
|
KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
|
|
else
|
|
$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
|
|
endif
|
|
endif
|
|
else
|
|
KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
|
|
endif
|
|
|
|
# X509 SWRV default
|
|
SWRV = $(CONFIG_K3_X509_SWRV)
|
|
# On HS use SECDEV provided software revision or warn if not available
|
|
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
|
|
ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/swrv.txt),)
|
|
SWRV= $(shell cat $(TI_SECURE_DEV_PKG)/keys/swrv.txt)
|
|
else
|
|
$(warning "WARNING: Software revision file not found. Default may not work on HS hardware.")
|
|
endif
|
|
endif
|
|
|
|
# tiboot3.bin is mandated by ROM and ROM only supports R5 boot.
|
|
# So restrict tiboot3.bin creation for CPU_V7R.
|
|
ifdef CONFIG_CPU_V7R
|
|
image_check: $(obj)/u-boot-spl.bin FORCE
|
|
@if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \
|
|
echo "===============================================" >&2; \
|
|
echo "ERROR: Final Image too big. " >&2; \
|
|
echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \
|
|
echo "===============================================" >&2; \
|
|
exit 1; \
|
|
fi
|
|
|
|
tiboot3.bin: image_check FORCE
|
|
$(srctree)/tools/k3_gen_x509_cert.sh -c 16 -b $(obj)/u-boot-spl.bin \
|
|
-o $@ -l $(CONFIG_SPL_TEXT_BASE) -r $(SWRV) -k $(KEY)
|
|
|
|
INPUTS-y += tiboot3.bin
|
|
endif
|
|
|
|
ifdef CONFIG_ARM64
|
|
|
|
ifeq ($(CONFIG_SOC_K3_J721E),)
|
|
export DM := /dev/null
|
|
endif
|
|
|
|
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
|
|
SPL_ITS := u-boot-spl-k3_HS.its
|
|
$(SPL_ITS): export IS_HS=1
|
|
INPUTS-y += tispl.bin_HS
|
|
else
|
|
SPL_ITS := u-boot-spl-k3.its
|
|
INPUTS-y += tispl.bin
|
|
endif
|
|
|
|
ifeq ($(CONFIG_SPL_OF_LIST),)
|
|
LIST_OF_DTB := $(CONFIG_DEFAULT_DEVICE_TREE)
|
|
else
|
|
LIST_OF_DTB := $(CONFIG_SPL_OF_LIST)
|
|
endif
|
|
|
|
quiet_cmd_k3_mkits = MKITS $@
|
|
cmd_k3_mkits = \
|
|
$(srctree)/tools/k3_fit_atf.sh \
|
|
$(CONFIG_K3_ATF_LOAD_ADDR) \
|
|
$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(LIST_OF_DTB))) > $@
|
|
|
|
$(SPL_ITS): FORCE
|
|
$(call cmd,k3_mkits)
|
|
endif
|
|
|
|
else
|
|
|
|
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
|
|
INPUTS-y += u-boot.img_HS
|
|
else
|
|
INPUTS-y += u-boot.img
|
|
endif
|
|
endif
|
|
|
|
include $(srctree)/arch/arm/mach-k3/config_secure.mk
|