[U-Boot] [PATCH 2/3] arm: k3: config.mk: Use k3_gen_x509_cert.sh to generate boot images
Lokesh Vutla
lokeshvutla at ti.com
Thu May 2 10:05:51 UTC 2019
Instead of overlading makefile, use the k3_gen_x509_cert.sh script
to generate boot images.
Signed-off-by: Lokesh Vutla <lokeshvutla at ti.com>
---
arch/arm/mach-k3/config.mk | 33 ++++----------------------
tools/k3_x509template.txt | 48 --------------------------------------
2 files changed, 4 insertions(+), 77 deletions(-)
delete mode 100644 tools/k3_x509template.txt
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index 2d8f61f9db..f6b63db349 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -11,31 +11,11 @@ ifeq ($(shell which openssl),)
$(error "No openssl in $(PATH), consider installing openssl")
endif
-SHA_VALUE= $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g")
IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c)
-LOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g")
MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE))
-# Parameters to get populated into the x509 template
-SED_OPTS= -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/
-SED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/
-SED_OPTS+= -e s/TEST_CERT_TYPE/1/ # CERT_TYPE_PRIMARY_IMAGE_BIN
-SED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/
-SED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/
-SED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/
-
-# Command to generate ecparam key
-quiet_cmd_genkey = OPENSSL $@
-cmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey
-
-# Command to generate x509 certificate
-quiet_cmd_gencert = OPENSSL $@
-cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \
- openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512
-
-# If external key is not provided, generate key using openssl.
ifeq ($(CONFIG_SYS_K3_KEY), "")
-KEY=u-boot-spl-eckey.pem
+KEY=""
# On HS use real key or warn if not available
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
@@ -48,15 +28,9 @@ else
KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
endif
-u-boot-spl-eckey.pem: FORCE
- $(call if_changed,genkey)
-
# tiboot3.bin is mandated by ROM and ROM only supports R5 boot.
# So restrict tiboot3.bin creation for CPU_V7R.
ifdef CONFIG_CPU_V7R
-u-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE
- $(call if_changed,gencert)
-
image_check: $(obj)/u-boot-spl.bin FORCE
@if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \
echo "===============================================" >&2; \
@@ -66,8 +40,9 @@ image_check: $(obj)/u-boot-spl.bin FORCE
exit 1; \
fi
-tiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE
- $(call if_changed,cat)
+tiboot3.bin: image_check FORCE
+ $(srctree)/tools/k3_gen_x509_cert.sh -c 16 -b $(obj)/u-boot-spl.bin \
+ -o $@ -l $(CONFIG_SPL_TEXT_BASE) -k $(KEY)
ALL-y += tiboot3.bin
endif
diff --git a/tools/k3_x509template.txt b/tools/k3_x509template.txt
deleted file mode 100644
index f176ff3ad2..0000000000
--- a/tools/k3_x509template.txt
+++ /dev/null
@@ -1,48 +0,0 @@
- [ req ]
- distinguished_name = req_distinguished_name
- x509_extensions = v3_ca
- prompt = no
- dirstring_type = nobmp
-
- [ req_distinguished_name ]
- C = US
- ST = TX
- L = Dallas
- O = Texas Instruments Incorporated
- OU = Processors
- CN = TI Support
- emailAddress = support at ti.com
-
- [ v3_ca ]
- basicConstraints = CA:true
- 1.3.6.1.4.1.294.1.1 = ASN1:SEQUENCE:boot_seq
- 1.3.6.1.4.1.294.1.2 = ASN1:SEQUENCE:image_integrity
- 1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
-# 1.3.6.1.4.1.294.1.4 = ASN1:SEQUENCE:encryption
- 1.3.6.1.4.1.294.1.8 = ASN1:SEQUENCE:debug
-
- [ boot_seq ]
- certType = INTEGER:TEST_CERT_TYPE
- bootCore = INTEGER:TEST_BOOT_CORE
- bootCoreOpts = INTEGER:TEST_BOOT_ARCH_WIDTH
- destAddr = FORMAT:HEX,OCT:TEST_BOOT_ADDR
- imageSize = INTEGER:TEST_IMAGE_LENGTH
-
- [ image_integrity ]
- shaType = OID:2.16.840.1.101.3.4.2.3
- shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL
-
- [ swrv ]
- swrv = INTEGER:0
-
-# [ encryption ]
-# initalVector = FORMAT:HEX,OCT:TEST_IMAGE_ENC_IV
-# randomString = FORMAT:HEX,OCT:TEST_IMAGE_ENC_RS
-# iterationCnt = INTEGER:TEST_IMAGE_KEY_DERIVE_INDEX
-# salt = FORMAT:HEX,OCT:TEST_IMAGE_KEY_DERIVE_SALT
-
- [ debug ]
- debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
- debugType = INTEGER:4
- coreDbgEn = INTEGER:0
- coreDbgSecEn = INTEGER:0
--
2.21.0
More information about the U-Boot
mailing list