[PATCH v4 3/3] binman: etype: Add xilinx-bootgen etype

Simon Glass sjg at chromium.org
Sat Aug 5 21:51:13 CEST 2023 

From: Lukas Funke <lukas.funke at weidmueller.com>

This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.

The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.

Here is an example of the etype in use:

    spl {
        filename = "boot.signed.bin";

        xilinx-bootgen {
            pmufw-filename = "pmu-firmware.elf";
            psk-key-name-hint = "psk0";
            ssk-key-name-hint = "ssk0";
            auth-params = "ppk_select=0", "spk_id=0x00000000";

            u-boot-spl-nodtb {
            };
            u-boot-spl-dtb {
            };
        };
    };

For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.

For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).

Signed-off-by: Lukas Funke <lukas.funke at weidmueller.com>
Reviewed-by: Simon Glass <sjg at chromium.org>

---

Changes in v4:
- Renamed etype from "xilinx-fsbl-auth" to "xilinx-bootgen"
- Add detection of missing bintool
- Promote 'pmufw-filename' to required property

Changes in v3:
- Changed etype from entry to section
- Changed property name "psk-filename" to "psk-key-name-hint"
- Changed property name "ssk-filename" to "ssk-key-name-hint"
- Decode spl elf file instead of reading start symbol
- Improved test coverage
- Improved documentation

Changes in v2:
- Add 'keysrc-enc' property to pass down to Bootgen
- Improved documentation
- Use predictable output names for intermediated results

 tools/binman/entries.rst             |  75 +++++++++
 tools/binman/etype/xilinx_bootgen.py | 225 +++++++++++++++++++++++++++
 2 files changed, 300 insertions(+)
 create mode 100644 tools/binman/etype/xilinx_bootgen.py

Applied to u-boot-dm, thanks!

More information about the U-Boot mailing list