[PATCH v5 00/23] Migration to using binman for bootloader
Neha Malcom Francis
n-francis at ti.com
Fri Jul 7 14:34:27 CEST 2023
This series aims to eliminate the use of additional custom repositories
such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
Security Development Tools) that was plumbed into the U-Boot build flow
to generate boot images for TI K3 platform devices. And instead, we move
towards using binman that aligns better with the community standard build
flow.
This series uses binman for all K3 platforms supported on U-Boot currently;
both HS (High Security, both SE and FS) and GP (General Purpose) devices.
Background on using k3-image-gen:
* TI K3 devices require a SYSFW (System Firmware) image consisting
of a signed system firmware image and board configuration binaries,
this is needed to bring up system firmware during U-Boot R5 SPL
startup.
* Board configuration data contain board-specific information
such as resource management, power management and security.
Background on using core-secdev-k3:
* Contains resources to sign x509 certificates for HS devices
Series intends to use binman to take over the packaging and signing for
the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
boot flow) instead of k3-image-gen.
Series also packages the A72/A53 bootloader images (tispl.bin and
u-boot.img) using ATF, OPTEE and DM (Device Manager)
Changes in v5:
- updated all board configurations to latest
- changed output binary filenames
- fixed multiple certificate generation leading to packaging
inconsistency in ti-secure*.py
- added patch to overwrite symlink if exists, patch 21/23
("binman: Overwrite symlink if it already exists")
Changes in v4:
- added support for iot2050
- documentation fixes
- move to using self.Raise in ti-board-config etype
- introduced common k3-binman.dtsi (further reduction in code
duplication can be targeted, this as first step)
Changes in v3:
- added support for HS-FS devices
- added support for AM68-sk
- added back dropped documentation patch
- changed prefix for SYSFW and DM files to expected directory
name
- extended test coverage to 100%
- documentation fixes
- corrected formatting changes
Changes in v2:
- removed all external scripts
- created ti-board-config etype to support generation of board
config binaries
- created ti-secure and ti-secure-rom etypes to handle signing
instead of using external TI_SECURE_DEV_PKG
- updated openssl btool to support x509 certificate generation
- dropped Makefile changes to obtain external binary components,
moving to using BINMAN_INDIRS to achieve the same
CI/CD passes 100% (with series rebased on -master, current series based
on -next) [1]
v1: https://patchwork.ozlabs.org/project/uboot/cover/20230120101903.179959-1-n-francis@ti.com/
v2: https://patchwork.ozlabs.org/project/uboot/cover/20230404121342.446935-1-n-francis@ti.com/
v3: https://patchwork.ozlabs.org/project/uboot/cover/20230421123203.1315330-1-n-francis@ti.com/
v4: https://patchwork.ozlabs.org/project/uboot/cover/20230518142713.184164-1-n-francis@ti.com/
[1] https://github.com/u-boot/u-boot/pull/341
Andrew Davis (1):
binman: Overwrite symlink if it already exists
Neha Malcom Francis (20):
binman: ti-board-config: Add support for TI board config binaries
binman: ti-secure: Add support for TI signing
arm: dts: k3: Add support for packaging sysfw.itb and tiboot3.bin
j721e: schema: yaml: Add general schema and J721E board config files
j721e: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
u-boot.img
j7200: yaml: Add J7200 board config files
j7200: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
am65x: yaml: Add AM65x board config files
am65: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
u-boot.img
am64x: yaml: Add board configs for AM64x
am64x: dts: binman: Package tiboot3.bin, tispl.bin u-boot.img
j721s2: yaml: Add board configs for J721S2
j721s2: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
am62: yaml: Add board configs for AM62
am625: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
am62a: yaml: Add board configs for AM62ax
am62a: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
arm: k3-am65x-iot2050: Use binman for tispl.bin for iot2050
k3: tools: config.mk: Update makefile and remove scripts
doc: board: ti: Update documentation for binman flow
Tom Rini (2):
buildman: Create a requirements.txt file
CI: Make use of buildman requirements.txt
.azure-pipelines.yml | 4 +
.gitlab-ci.yml | 4 +
arch/arm/dts/k3-am625-r5-sk.dts | 1 +
arch/arm/dts/k3-am625-sk-binman.dtsi | 463 +++
arch/arm/dts/k3-am625-sk-u-boot.dtsi | 2 +
arch/arm/dts/k3-am62a-sk-binman.dtsi | 466 +++
arch/arm/dts/k3-am62a7-r5-sk.dts | 1 +
arch/arm/dts/k3-am62a7-sk.dts | 1 +
arch/arm/dts/k3-am642-evm-u-boot.dtsi | 2 +
arch/arm/dts/k3-am642-r5-evm.dts | 1 +
arch/arm/dts/k3-am642-sk-u-boot.dtsi | 2 +
arch/arm/dts/k3-am64x-binman.dtsi | 515 +++
arch/arm/dts/k3-am65-iot2050-boot-image.dtsi | 76 +-
arch/arm/dts/k3-am654-base-board-u-boot.dtsi | 1 +
.../dts/k3-am654-r5-base-board-u-boot.dtsi | 1 +
arch/arm/dts/k3-am65x-binman.dtsi | 518 +++
.../arm/dts/k3-am68-sk-base-board-u-boot.dtsi | 2 +
arch/arm/dts/k3-binman.dtsi | 116 +
arch/arm/dts/k3-j7200-binman.dtsi | 502 +++
.../k3-j7200-common-proc-board-u-boot.dtsi | 2 +
arch/arm/dts/k3-j721e-binman.dtsi | 701 ++++
.../k3-j721e-common-proc-board-u-boot.dtsi | 1 +
.../arm/dts/k3-j721e-r5-common-proc-board.dts | 1 +
arch/arm/dts/k3-j721e-sk-u-boot.dtsi | 1 +
arch/arm/dts/k3-j721s2-binman.dtsi | 546 +++
.../k3-j721s2-common-proc-board-u-boot.dtsi | 2 +
.../dts/k3-j721s2-r5-common-proc-board.dts | 1 +
arch/arm/mach-k3/config.mk | 103 -
board/ti/am62ax/Kconfig | 2 +
board/ti/am62ax/board-cfg.yaml | 36 +
board/ti/am62ax/pm-cfg.yaml | 12 +
board/ti/am62ax/rm-cfg.yaml | 1151 ++++++
board/ti/am62ax/sec-cfg.yaml | 379 ++
board/ti/am62ax/tifs-rm-cfg.yaml | 1011 ++++++
board/ti/am62x/Kconfig | 2 +
board/ti/am62x/board-cfg.yaml | 36 +
board/ti/am62x/pm-cfg.yaml | 12 +
board/ti/am62x/rm-cfg.yaml | 1088 ++++++
board/ti/am62x/sec-cfg.yaml | 379 ++
board/ti/am64x/Kconfig | 2 +
board/ti/am64x/board-cfg.yaml | 37 +
board/ti/am64x/pm-cfg.yaml | 12 +
board/ti/am64x/rm-cfg.yaml | 1400 ++++++++
board/ti/am64x/sec-cfg.yaml | 380 ++
board/ti/am65x/Kconfig | 2 +
board/ti/am65x/board-cfg.yaml | 36 +
board/ti/am65x/pm-cfg.yaml | 12 +
board/ti/am65x/rm-cfg.yaml | 2068 +++++++++++
board/ti/am65x/sec-cfg.yaml | 379 ++
board/ti/common/schema.yaml | 436 +++
board/ti/j721e/Kconfig | 4 +
board/ti/j721e/board-cfg.yaml | 37 +
board/ti/j721e/board-cfg_j7200.yaml | 36 +
board/ti/j721e/pm-cfg.yaml | 13 +
board/ti/j721e/pm-cfg_j7200.yaml | 12 +
board/ti/j721e/rm-cfg.yaml | 3174 +++++++++++++++++
board/ti/j721e/rm-cfg_j7200.yaml | 2065 +++++++++++
board/ti/j721e/sec-cfg.yaml | 381 ++
board/ti/j721e/sec-cfg_j7200.yaml | 380 ++
board/ti/j721s2/Kconfig | 2 +
board/ti/j721s2/board-cfg.yaml | 37 +
board/ti/j721s2/pm-cfg.yaml | 12 +
board/ti/j721s2/rm-cfg.yaml | 2901 +++++++++++++++
board/ti/j721s2/sec-cfg.yaml | 379 ++
board/ti/keys/custMpk.pem | 51 +
board/ti/keys/ti-degenerate-key.pem | 10 +
doc/board/ti/am62x_sk.rst | 42 +-
doc/board/ti/j721e_evm.rst | 50 +-
doc/board/ti/k3.rst | 95 +-
tools/binman/btool/openssl.py | 244 ++
tools/binman/entries.rst | 113 +
tools/binman/etype/ti_board_config.py | 259 ++
tools/binman/etype/ti_secure.py | 78 +
tools/binman/etype/ti_secure_rom.py | 249 ++
tools/binman/etype/x509_cert.py | 87 +-
tools/binman/ftest.py | 72 +
tools/binman/image.py | 2 +
tools/binman/test/277_ti_board_cfg.dts | 14 +
.../binman/test/278_ti_board_cfg_combined.dts | 25 +
.../binman/test/279_ti_board_cfg_no_type.dts | 11 +
tools/binman/test/279_ti_secure.dts | 17 +
tools/binman/test/280_ti_secure_rom.dts | 17 +
.../test/281_ti_secure_rom_combined.dts | 25 +
tools/binman/test/288_ti_secure_rom_a.dts | 19 +
tools/binman/test/289_ti_secure_rom_b.dts | 18 +
tools/binman/test/yaml/config.yaml | 19 +
tools/binman/test/yaml/schema.yaml | 51 +
tools/binman/test/yaml/schema_notype.yaml | 40 +
tools/buildman/requirements.txt | 2 +
tools/k3_fit_atf.sh | 123 -
tools/k3_gen_x509_cert.sh | 262 --
91 files changed, 23724 insertions(+), 612 deletions(-)
create mode 100644 arch/arm/dts/k3-am625-sk-binman.dtsi
create mode 100644 arch/arm/dts/k3-am62a-sk-binman.dtsi
create mode 100644 arch/arm/dts/k3-am64x-binman.dtsi
create mode 100644 arch/arm/dts/k3-am65x-binman.dtsi
create mode 100644 arch/arm/dts/k3-binman.dtsi
create mode 100644 arch/arm/dts/k3-j7200-binman.dtsi
create mode 100644 arch/arm/dts/k3-j721e-binman.dtsi
create mode 100644 arch/arm/dts/k3-j721s2-binman.dtsi
delete mode 100644 arch/arm/mach-k3/config.mk
create mode 100644 board/ti/am62ax/board-cfg.yaml
create mode 100644 board/ti/am62ax/pm-cfg.yaml
create mode 100644 board/ti/am62ax/rm-cfg.yaml
create mode 100644 board/ti/am62ax/sec-cfg.yaml
create mode 100644 board/ti/am62ax/tifs-rm-cfg.yaml
create mode 100644 board/ti/am62x/board-cfg.yaml
create mode 100644 board/ti/am62x/pm-cfg.yaml
create mode 100644 board/ti/am62x/rm-cfg.yaml
create mode 100644 board/ti/am62x/sec-cfg.yaml
create mode 100644 board/ti/am64x/board-cfg.yaml
create mode 100644 board/ti/am64x/pm-cfg.yaml
create mode 100644 board/ti/am64x/rm-cfg.yaml
create mode 100644 board/ti/am64x/sec-cfg.yaml
create mode 100644 board/ti/am65x/board-cfg.yaml
create mode 100644 board/ti/am65x/pm-cfg.yaml
create mode 100644 board/ti/am65x/rm-cfg.yaml
create mode 100644 board/ti/am65x/sec-cfg.yaml
create mode 100644 board/ti/common/schema.yaml
create mode 100644 board/ti/j721e/board-cfg.yaml
create mode 100644 board/ti/j721e/board-cfg_j7200.yaml
create mode 100644 board/ti/j721e/pm-cfg.yaml
create mode 100644 board/ti/j721e/pm-cfg_j7200.yaml
create mode 100644 board/ti/j721e/rm-cfg.yaml
create mode 100644 board/ti/j721e/rm-cfg_j7200.yaml
create mode 100644 board/ti/j721e/sec-cfg.yaml
create mode 100644 board/ti/j721e/sec-cfg_j7200.yaml
create mode 100644 board/ti/j721s2/board-cfg.yaml
create mode 100644 board/ti/j721s2/pm-cfg.yaml
create mode 100644 board/ti/j721s2/rm-cfg.yaml
create mode 100644 board/ti/j721s2/sec-cfg.yaml
create mode 100644 board/ti/keys/custMpk.pem
create mode 100644 board/ti/keys/ti-degenerate-key.pem
create mode 100644 tools/binman/etype/ti_board_config.py
create mode 100644 tools/binman/etype/ti_secure.py
create mode 100644 tools/binman/etype/ti_secure_rom.py
create mode 100644 tools/binman/test/277_ti_board_cfg.dts
create mode 100644 tools/binman/test/278_ti_board_cfg_combined.dts
create mode 100644 tools/binman/test/279_ti_board_cfg_no_type.dts
create mode 100644 tools/binman/test/279_ti_secure.dts
create mode 100644 tools/binman/test/280_ti_secure_rom.dts
create mode 100644 tools/binman/test/281_ti_secure_rom_combined.dts
create mode 100644 tools/binman/test/288_ti_secure_rom_a.dts
create mode 100644 tools/binman/test/289_ti_secure_rom_b.dts
create mode 100644 tools/binman/test/yaml/config.yaml
create mode 100644 tools/binman/test/yaml/schema.yaml
create mode 100644 tools/binman/test/yaml/schema_notype.yaml
create mode 100644 tools/buildman/requirements.txt
delete mode 100755 tools/k3_fit_atf.sh
delete mode 100755 tools/k3_gen_x509_cert.sh
--
2.34.1
More information about the U-Boot
mailing list