diff options
author | Neha Malcom Francis <n-francis@ti.com> | 2023-10-06 15:59:54 +0530 |
---|---|---|
committer | Udit Kumar <u-kumar1@ti.com> | 2023-10-07 13:55:21 +0530 |
commit | d43c636437d116c4dbe74c9a1ae8e9373941169f (patch) | |
tree | 8e16b9c560e93377377cfc5e04ea23fc224a1645 /tools | |
parent | d9d74330270642d1ee45682ea3491cfd2ad40531 (diff) |
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/binman/btool/openssl.py | 1 | ||||
-rw-r--r-- | tools/binman/entries.rst | 1 | ||||
-rw-r--r-- | tools/binman/etype/ti_secure_rom.py | 16 | ||||
-rw-r--r-- | tools/binman/test/280_ti_secure_rom.dts | 1 |
4 files changed, 12 insertions, 7 deletions
diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py index aad3b61ae2..e2db8da206 100644 --- a/tools/binman/btool/openssl.py +++ b/tools/binman/btool/openssl.py @@ -155,6 +155,7 @@ authInPlace = INTEGER:2 C, ST, L, O, OU, CN and emailAddress cert_type (int): Certification type bootcore (int): Booting core + bootcore_opts(int): Booting core option (split/lockstep mode) load_addr (int): Load address of image sha (int): Hash function diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index f9900fe6be..fa6d1b6afa 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1739,6 +1739,7 @@ Properties / Entry arguments: - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index da03c90ef1..ff55d9d1a4 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate @@ -70,6 +71,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.core = fdt_util.GetString(self._node, 'core', 'secure') + self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts') self.key_fname = self.GetEntryArgsOrProps([ EntryArg('keyfile', str)], required=True)[0] if self.combined: @@ -98,22 +100,19 @@ class Entry_ti_secure_rom(Entry_x509_cert): bytes content of the entry, which is the certificate binary for the provided data """ + if self.bootcore_opts is None: + self.bootcore_opts = 0 + if self.core == 'secure': if self.countersign: self.cert_type = 3 else: self.cert_type = 2 - - if self.fsstub: - self.bootcore_opts = 0 - else: - self.bootcore_opts = 32 - self.bootcore = 0 else: self.cert_type = 1 self.bootcore = 16 - self.bootcore_opts = 0 + return super().GetCertificate(required=required, type='rom') def CombinedGetCertificate(self, required): @@ -132,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.num_comps = 3 self.sha_type = SHA_OIDS[self.sha] + if self.bootcore_opts is None: + self.bootcore_opts = 0 + # sbl self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') input_data_sbl = self.GetContents(required) diff --git a/tools/binman/test/280_ti_secure_rom.dts b/tools/binman/test/280_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/280_ti_secure_rom.dts +++ b/tools/binman/test/280_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>; + core-opts = <2>; }; unsecure_binary: blob-ext { filename = "ti_unsecure.bin"; |