[PATCH v5 00/23] Migration to using binman for bootloader

Neha Malcom Francis n-francis at ti.com
Fri Jul 7 14:34:27 CEST 2023


This series aims to eliminate the use of additional custom repositories
such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
Security Development Tools) that was plumbed into the U-Boot build flow
to generate boot images for TI K3 platform devices. And instead, we move
towards using binman that aligns better with the community standard build
flow.

This series uses binman for all K3 platforms supported on U-Boot currently;
both HS (High Security, both SE and FS) and GP (General Purpose) devices.

Background on using k3-image-gen:
	* TI K3 devices require a SYSFW (System Firmware) image consisting
	of a signed system firmware image and board configuration binaries,
	this is needed to bring up system firmware during U-Boot R5 SPL
	startup.
	* Board configuration data contain board-specific information
	such as resource management, power management and security.

Background on using core-secdev-k3:
	* Contains resources to sign x509 certificates for HS devices

Series intends to use binman to take over the packaging and signing for
the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
boot flow) instead of k3-image-gen.

Series also packages the A72/A53 bootloader images (tispl.bin and
u-boot.img) using ATF, OPTEE and DM (Device Manager)

Changes in v5:
	- updated all board configurations to latest
	- changed output binary filenames
	- fixed multiple certificate generation leading to packaging
	  inconsistency in ti-secure*.py
	- added patch to overwrite symlink if exists, patch 21/23
	  ("binman: Overwrite symlink if it already exists")

Changes in v4:
	- added support for iot2050
	- documentation fixes
	- move to using self.Raise in ti-board-config etype
	- introduced common k3-binman.dtsi (further reduction in code
	  duplication can be targeted, this as first step)

Changes in v3:
	- added support for HS-FS devices
	- added support for AM68-sk
	- added back dropped documentation patch
	- changed prefix for SYSFW and DM files to expected directory
	  name
	- extended test coverage to 100%
	- documentation fixes
	- corrected formatting changes

Changes in v2:
	- removed all external scripts
	- created ti-board-config etype to support generation of board
	  config binaries
	- created ti-secure and ti-secure-rom etypes to handle signing
	  instead of using external TI_SECURE_DEV_PKG
	- updated openssl btool to support x509 certificate generation
	- dropped Makefile changes to obtain external binary components,
	  moving to using BINMAN_INDIRS to achieve the same

CI/CD passes 100% (with series rebased on -master, current series based
on -next) [1]

v1: https://patchwork.ozlabs.org/project/uboot/cover/20230120101903.179959-1-n-francis@ti.com/
v2: https://patchwork.ozlabs.org/project/uboot/cover/20230404121342.446935-1-n-francis@ti.com/
v3: https://patchwork.ozlabs.org/project/uboot/cover/20230421123203.1315330-1-n-francis@ti.com/ 
v4: https://patchwork.ozlabs.org/project/uboot/cover/20230518142713.184164-1-n-francis@ti.com/

[1] https://github.com/u-boot/u-boot/pull/341

Andrew Davis (1):
  binman: Overwrite symlink if it already exists

Neha Malcom Francis (20):
  binman: ti-board-config: Add support for TI board config binaries
  binman: ti-secure: Add support for TI signing
  arm: dts: k3: Add support for packaging sysfw.itb and tiboot3.bin
  j721e: schema: yaml: Add general schema and J721E board config files
  j721e: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
    u-boot.img
  j7200: yaml: Add J7200 board config files
  j7200: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
  am65x: yaml: Add AM65x board config files
  am65: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
    u-boot.img
  am64x: yaml: Add board configs for AM64x
  am64x: dts: binman: Package tiboot3.bin, tispl.bin u-boot.img
  j721s2: yaml: Add board configs for J721S2
  j721s2: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
  am62: yaml: Add board configs for AM62
  am625: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
  am62a: yaml: Add board configs for AM62ax
  am62a: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
  arm: k3-am65x-iot2050: Use binman for tispl.bin for iot2050
  k3: tools: config.mk: Update makefile and remove scripts
  doc: board: ti: Update documentation for binman flow

Tom Rini (2):
  buildman: Create a requirements.txt file
  CI: Make use of buildman requirements.txt

 .azure-pipelines.yml                          |    4 +
 .gitlab-ci.yml                                |    4 +
 arch/arm/dts/k3-am625-r5-sk.dts               |    1 +
 arch/arm/dts/k3-am625-sk-binman.dtsi          |  463 +++
 arch/arm/dts/k3-am625-sk-u-boot.dtsi          |    2 +
 arch/arm/dts/k3-am62a-sk-binman.dtsi          |  466 +++
 arch/arm/dts/k3-am62a7-r5-sk.dts              |    1 +
 arch/arm/dts/k3-am62a7-sk.dts                 |    1 +
 arch/arm/dts/k3-am642-evm-u-boot.dtsi         |    2 +
 arch/arm/dts/k3-am642-r5-evm.dts              |    1 +
 arch/arm/dts/k3-am642-sk-u-boot.dtsi          |    2 +
 arch/arm/dts/k3-am64x-binman.dtsi             |  515 +++
 arch/arm/dts/k3-am65-iot2050-boot-image.dtsi  |   76 +-
 arch/arm/dts/k3-am654-base-board-u-boot.dtsi  |    1 +
 .../dts/k3-am654-r5-base-board-u-boot.dtsi    |    1 +
 arch/arm/dts/k3-am65x-binman.dtsi             |  518 +++
 .../arm/dts/k3-am68-sk-base-board-u-boot.dtsi |    2 +
 arch/arm/dts/k3-binman.dtsi                   |  116 +
 arch/arm/dts/k3-j7200-binman.dtsi             |  502 +++
 .../k3-j7200-common-proc-board-u-boot.dtsi    |    2 +
 arch/arm/dts/k3-j721e-binman.dtsi             |  701 ++++
 .../k3-j721e-common-proc-board-u-boot.dtsi    |    1 +
 .../arm/dts/k3-j721e-r5-common-proc-board.dts |    1 +
 arch/arm/dts/k3-j721e-sk-u-boot.dtsi          |    1 +
 arch/arm/dts/k3-j721s2-binman.dtsi            |  546 +++
 .../k3-j721s2-common-proc-board-u-boot.dtsi   |    2 +
 .../dts/k3-j721s2-r5-common-proc-board.dts    |    1 +
 arch/arm/mach-k3/config.mk                    |  103 -
 board/ti/am62ax/Kconfig                       |    2 +
 board/ti/am62ax/board-cfg.yaml                |   36 +
 board/ti/am62ax/pm-cfg.yaml                   |   12 +
 board/ti/am62ax/rm-cfg.yaml                   | 1151 ++++++
 board/ti/am62ax/sec-cfg.yaml                  |  379 ++
 board/ti/am62ax/tifs-rm-cfg.yaml              | 1011 ++++++
 board/ti/am62x/Kconfig                        |    2 +
 board/ti/am62x/board-cfg.yaml                 |   36 +
 board/ti/am62x/pm-cfg.yaml                    |   12 +
 board/ti/am62x/rm-cfg.yaml                    | 1088 ++++++
 board/ti/am62x/sec-cfg.yaml                   |  379 ++
 board/ti/am64x/Kconfig                        |    2 +
 board/ti/am64x/board-cfg.yaml                 |   37 +
 board/ti/am64x/pm-cfg.yaml                    |   12 +
 board/ti/am64x/rm-cfg.yaml                    | 1400 ++++++++
 board/ti/am64x/sec-cfg.yaml                   |  380 ++
 board/ti/am65x/Kconfig                        |    2 +
 board/ti/am65x/board-cfg.yaml                 |   36 +
 board/ti/am65x/pm-cfg.yaml                    |   12 +
 board/ti/am65x/rm-cfg.yaml                    | 2068 +++++++++++
 board/ti/am65x/sec-cfg.yaml                   |  379 ++
 board/ti/common/schema.yaml                   |  436 +++
 board/ti/j721e/Kconfig                        |    4 +
 board/ti/j721e/board-cfg.yaml                 |   37 +
 board/ti/j721e/board-cfg_j7200.yaml           |   36 +
 board/ti/j721e/pm-cfg.yaml                    |   13 +
 board/ti/j721e/pm-cfg_j7200.yaml              |   12 +
 board/ti/j721e/rm-cfg.yaml                    | 3174 +++++++++++++++++
 board/ti/j721e/rm-cfg_j7200.yaml              | 2065 +++++++++++
 board/ti/j721e/sec-cfg.yaml                   |  381 ++
 board/ti/j721e/sec-cfg_j7200.yaml             |  380 ++
 board/ti/j721s2/Kconfig                       |    2 +
 board/ti/j721s2/board-cfg.yaml                |   37 +
 board/ti/j721s2/pm-cfg.yaml                   |   12 +
 board/ti/j721s2/rm-cfg.yaml                   | 2901 +++++++++++++++
 board/ti/j721s2/sec-cfg.yaml                  |  379 ++
 board/ti/keys/custMpk.pem                     |   51 +
 board/ti/keys/ti-degenerate-key.pem           |   10 +
 doc/board/ti/am62x_sk.rst                     |   42 +-
 doc/board/ti/j721e_evm.rst                    |   50 +-
 doc/board/ti/k3.rst                           |   95 +-
 tools/binman/btool/openssl.py                 |  244 ++
 tools/binman/entries.rst                      |  113 +
 tools/binman/etype/ti_board_config.py         |  259 ++
 tools/binman/etype/ti_secure.py               |   78 +
 tools/binman/etype/ti_secure_rom.py           |  249 ++
 tools/binman/etype/x509_cert.py               |   87 +-
 tools/binman/ftest.py                         |   72 +
 tools/binman/image.py                         |    2 +
 tools/binman/test/277_ti_board_cfg.dts        |   14 +
 .../binman/test/278_ti_board_cfg_combined.dts |   25 +
 .../binman/test/279_ti_board_cfg_no_type.dts  |   11 +
 tools/binman/test/279_ti_secure.dts           |   17 +
 tools/binman/test/280_ti_secure_rom.dts       |   17 +
 .../test/281_ti_secure_rom_combined.dts       |   25 +
 tools/binman/test/288_ti_secure_rom_a.dts     |   19 +
 tools/binman/test/289_ti_secure_rom_b.dts     |   18 +
 tools/binman/test/yaml/config.yaml            |   19 +
 tools/binman/test/yaml/schema.yaml            |   51 +
 tools/binman/test/yaml/schema_notype.yaml     |   40 +
 tools/buildman/requirements.txt               |    2 +
 tools/k3_fit_atf.sh                           |  123 -
 tools/k3_gen_x509_cert.sh                     |  262 --
 91 files changed, 23724 insertions(+), 612 deletions(-)
 create mode 100644 arch/arm/dts/k3-am625-sk-binman.dtsi
 create mode 100644 arch/arm/dts/k3-am62a-sk-binman.dtsi
 create mode 100644 arch/arm/dts/k3-am64x-binman.dtsi
 create mode 100644 arch/arm/dts/k3-am65x-binman.dtsi
 create mode 100644 arch/arm/dts/k3-binman.dtsi
 create mode 100644 arch/arm/dts/k3-j7200-binman.dtsi
 create mode 100644 arch/arm/dts/k3-j721e-binman.dtsi
 create mode 100644 arch/arm/dts/k3-j721s2-binman.dtsi
 delete mode 100644 arch/arm/mach-k3/config.mk
 create mode 100644 board/ti/am62ax/board-cfg.yaml
 create mode 100644 board/ti/am62ax/pm-cfg.yaml
 create mode 100644 board/ti/am62ax/rm-cfg.yaml
 create mode 100644 board/ti/am62ax/sec-cfg.yaml
 create mode 100644 board/ti/am62ax/tifs-rm-cfg.yaml
 create mode 100644 board/ti/am62x/board-cfg.yaml
 create mode 100644 board/ti/am62x/pm-cfg.yaml
 create mode 100644 board/ti/am62x/rm-cfg.yaml
 create mode 100644 board/ti/am62x/sec-cfg.yaml
 create mode 100644 board/ti/am64x/board-cfg.yaml
 create mode 100644 board/ti/am64x/pm-cfg.yaml
 create mode 100644 board/ti/am64x/rm-cfg.yaml
 create mode 100644 board/ti/am64x/sec-cfg.yaml
 create mode 100644 board/ti/am65x/board-cfg.yaml
 create mode 100644 board/ti/am65x/pm-cfg.yaml
 create mode 100644 board/ti/am65x/rm-cfg.yaml
 create mode 100644 board/ti/am65x/sec-cfg.yaml
 create mode 100644 board/ti/common/schema.yaml
 create mode 100644 board/ti/j721e/board-cfg.yaml
 create mode 100644 board/ti/j721e/board-cfg_j7200.yaml
 create mode 100644 board/ti/j721e/pm-cfg.yaml
 create mode 100644 board/ti/j721e/pm-cfg_j7200.yaml
 create mode 100644 board/ti/j721e/rm-cfg.yaml
 create mode 100644 board/ti/j721e/rm-cfg_j7200.yaml
 create mode 100644 board/ti/j721e/sec-cfg.yaml
 create mode 100644 board/ti/j721e/sec-cfg_j7200.yaml
 create mode 100644 board/ti/j721s2/board-cfg.yaml
 create mode 100644 board/ti/j721s2/pm-cfg.yaml
 create mode 100644 board/ti/j721s2/rm-cfg.yaml
 create mode 100644 board/ti/j721s2/sec-cfg.yaml
 create mode 100644 board/ti/keys/custMpk.pem
 create mode 100644 board/ti/keys/ti-degenerate-key.pem
 create mode 100644 tools/binman/etype/ti_board_config.py
 create mode 100644 tools/binman/etype/ti_secure.py
 create mode 100644 tools/binman/etype/ti_secure_rom.py
 create mode 100644 tools/binman/test/277_ti_board_cfg.dts
 create mode 100644 tools/binman/test/278_ti_board_cfg_combined.dts
 create mode 100644 tools/binman/test/279_ti_board_cfg_no_type.dts
 create mode 100644 tools/binman/test/279_ti_secure.dts
 create mode 100644 tools/binman/test/280_ti_secure_rom.dts
 create mode 100644 tools/binman/test/281_ti_secure_rom_combined.dts
 create mode 100644 tools/binman/test/288_ti_secure_rom_a.dts
 create mode 100644 tools/binman/test/289_ti_secure_rom_b.dts
 create mode 100644 tools/binman/test/yaml/config.yaml
 create mode 100644 tools/binman/test/yaml/schema.yaml
 create mode 100644 tools/binman/test/yaml/schema_notype.yaml
 create mode 100644 tools/buildman/requirements.txt
 delete mode 100755 tools/k3_fit_atf.sh
 delete mode 100755 tools/k3_gen_x509_cert.sh

-- 
2.34.1



More information about the U-Boot mailing list