diff options
author | Roger Quadros <rogerq@kernel.org> | 2022-02-17 22:18:50 +0200 |
---|---|---|
committer | Praneeth Bajjuri <praneeth@ti.com> | 2022-02-18 17:59:11 -0600 |
commit | 4c234bdc0ce852e3401b98c672f9e704c285a14b (patch) | |
tree | 22a5dad048575d0b19f9d2b5d799bd9ad0c82395 /tools | |
parent | a04d820c978863f22d717ef68fa7cc3423bb3ef9 (diff) |
tools: binman: add ti-secure entry type
This entry type is used to create a secured binary
for use with K3 High Security (HS) devices.
This allows us to no longer depend on k3_fit_atf.sh for
A53 SPL and u-boot image generation even for HS devices.
We still depend on the availability of an external
tool provided by the TI_SECURE_DEV_PKG environment
variable to secure the binaries.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/binman/README.entries | 15 | ||||
-rw-r--r-- | tools/binman/etype/ti_secure.py | 59 | ||||
-rw-r--r-- | tools/binman/ftest.py | 8 |
3 files changed, 82 insertions, 0 deletions
diff --git a/tools/binman/README.entries b/tools/binman/README.entries index 79ab1f0b1f..991f004cc7 100644 --- a/tools/binman/README.entries +++ b/tools/binman/README.entries @@ -1290,3 +1290,18 @@ may be used instead. +Entry: ti-secure: Entry containing a Secured binary blob +-------------------------------------------------------- + +Properties / Entry arguments: + - filename: Filename of file to sign and read into entry + +Texas Instruments High-Security (HS) devices need secure binaries to be +provided. This entry uses an external tool to append a x509 certificate +to the file provided in the filename property and places it in the entry. + +The path for the external tool is fetched from TI_SECURE_DEV_PKG +environment variable. + + + diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py new file mode 100644 index 0000000000..86772994bc --- /dev/null +++ b/tools/binman/etype/ti_secure.py @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2022 Texas Instruments Incorporated - https://www.ti.com/ +# + +# Support for secure binaries for TI K3 platform + +from collections import OrderedDict +import os + +from binman.entry import Entry, EntryArg + +from dtoc import fdt_util +from patman import tools + +class Entry_ti_secure(Entry): + """An entry which contains a secure binary for High-Security (HS) device use. + + Properties / Entry arguments: + - filename: filename of binary file to be secured + + Output files: + - filename_HS - output file generated by secure uility (which is + used as the entry contents) + + """ + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.filename = fdt_util.GetString(self._node, 'filename') + self.toolpresent = False + if not self.filename: + self.Raise("ti_secure must have a 'filename' property") + self.toolspath, = self.GetEntryArgsOrProps( + [EntryArg('ti-secure-dev-pkg-path', str)]) + if not self.toolspath: + print("WARNING: TI_SECURE_DEV_PKG environment " \ + "variable must be defined for TI secure devices. " + + self.filename + " was NOT secured!") + return + + self.tool = self.toolspath + "/scripts/secure-binary-image.sh" + self.toolpresent = os.path.exists(self.tool) + if not self.toolpresent: + print(self.tool + " not found. " + + self.filename + " was NOT secured!") + + def ObtainContents(self): + input_fname = self.filename + output_fname = input_fname + "_HS" + args = [ + input_fname, output_fname, + ] + if self.toolpresent: + stdout = tools.Run(self.tool, *args) + else: + stdout = tools.Run('cp', *args) + print(output_fname + ' not secured!') + + self.SetContents(tools.ReadFile(output_fname)) + return True diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 32014ea8d9..1a03eed040 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -81,6 +81,7 @@ SCP_DATA = b'scp' TEST_FDT1_DATA = b'fdt1' TEST_FDT2_DATA = b'test-fdt2' ENV_DATA = b'var1=1\nvar2="2"' +TI_UNSECURE_DATA = b'this is some unsecure data' # Subdirectory of the input dir to use to put test FDTs TEST_FDT_SUBDIR = 'fdts' @@ -189,6 +190,7 @@ class TestFunctional(unittest.TestCase): TEST_FDT2_DATA) TestFunctional._MakeInputFile('env.txt', ENV_DATA) + TestFunctional._MakeInputFile('ti_unsecure.bin', TI_UNSECURE_DATA) # Travis-CI may have an old lz4 cls.have_lz4 = True @@ -4146,6 +4148,12 @@ class TestFunctional(unittest.TestCase): } self.assertEqual(expected, props) + def testPackTisecure(self): + """Test that an image with a TI secured binary can be created""" + data = self._DoReadFile('187_ti_secure.dts') + securedata = tools.ReadFile('ti_unsecure.bin_HS') + self.assertEquals(data, securedata) + if __name__ == "__main__": unittest.main() |