binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts

According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
author: Neha Malcom Francis <n-francis@ti.com> 2023-10-06 15:59:54 +0530
committer: Udit Kumar <u-kumar1@ti.com> 2023-10-07 13:55:21 +0530
commit: d43c636437d116c4dbe74c9a1ae8e9373941169f (patch)
tree: 8e16b9c560e93377377cfc5e04ea23fc224a1645 /tools
parent: d9d74330270642d1ee45682ea3491cfd2ad40531 (diff)
4 files changed, 12 insertions, 7 deletions
diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
index aad3b61ae2..e2db8da206 100644
--- a/tools/binman/btool/openssl.py
+++ b/tools/binman/btool/openssl.py
@@ -155,6 +155,7 @@ authInPlace = INTEGER:2
             C, ST, L, O, OU, CN and emailAddress
             cert_type (int): Certification type
             bootcore (int): Booting core
+            bootcore_opts(int): Booting core option (split/lockstep mode)
             load_addr (int): Load address of image
             sha (int): Hash function
 
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index f9900fe6be..fa6d1b6afa 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -1739,6 +1739,7 @@ Properties / Entry arguments:
     - core: core on which bootloader runs, valid cores are 'secure' and 'public'
     - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
       in case of combined bootflow
+    - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
 
 The following properties are only for generating a combined bootflow binary:
     - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py
index da03c90ef1..ff55d9d1a4 100644
--- a/tools/binman/etype/ti_secure_rom.py
+++ b/tools/binman/etype/ti_secure_rom.py
@@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
         - core: core on which bootloader runs, valid cores are 'secure' and 'public'
         - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
           in case of combined bootflow
+        - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
 
     The following properties are only for generating a combined bootflow binary:
         - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
@@ -70,6 +71,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
         self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
         self.sha = fdt_util.GetInt(self._node, 'sha', 512)
         self.core = fdt_util.GetString(self._node, 'core', 'secure')
+        self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
         self.key_fname = self.GetEntryArgsOrProps([
             EntryArg('keyfile', str)], required=True)[0]
         if self.combined:
@@ -98,22 +100,19 @@ class Entry_ti_secure_rom(Entry_x509_cert):
             bytes content of the entry, which is the certificate binary for the
                 provided data
         """
+        if self.bootcore_opts is None:
+            self.bootcore_opts = 0
+
         if self.core == 'secure':
             if self.countersign:
                 self.cert_type = 3
             else:
                 self.cert_type = 2
-
-            if self.fsstub:
-                self.bootcore_opts = 0
-            else:
-                self.bootcore_opts = 32
-
             self.bootcore = 0
         else:
             self.cert_type = 1
             self.bootcore = 16
-            self.bootcore_opts = 0
+
         return super().GetCertificate(required=required, type='rom')
 
     def CombinedGetCertificate(self, required):
@@ -132,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
         self.num_comps = 3
         self.sha_type = SHA_OIDS[self.sha]
 
+        if self.bootcore_opts is None:
+            self.bootcore_opts = 0
+
         # sbl
         self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
         input_data_sbl = self.GetContents(required)
diff --git a/tools/binman/test/280_ti_secure_rom.dts b/tools/binman/test/280_ti_secure_rom.dts
index d1313769f4..1a3eca9425 100644
--- a/tools/binman/test/280_ti_secure_rom.dts
+++ b/tools/binman/test/280_ti_secure_rom.dts
@@ -9,6 +9,7 @@
 	binman {
 		ti-secure-rom {
 			content = <&unsecure_binary>;
+			core-opts = <2>;
 		};
 		unsecure_binary: blob-ext {
 			filename = "ti_unsecure.bin";
author	Neha Malcom Francis <n-francis@ti.com>	2023-10-06 15:59:54 +0530
committer	Udit Kumar <u-kumar1@ti.com>	2023-10-07 13:55:21 +0530
commit	d43c636437d116c4dbe74c9a1ae8e9373941169f (patch)
tree	8e16b9c560e93377377cfc5e04ea23fc224a1645 /tools
parent	d9d74330270642d1ee45682ea3491cfd2ad40531 (diff)