[PATCH 06/18] configs: k3: Remove saved environments
Manorit Chawdhry
m-chawdhry at ti.com
Fri Jul 14 07:52:29 CEST 2023
Having saved environments usually causes inconsistencies while in
development workflow. The saved environments conflict with the
default ones that U-boot should be updating during development
but that doesn't happen and the saved environments need to be
reset during bootups to test the changes causing extra debugs.
Remove the saved environments as a default. Environments can always
be re-enabled locally if one does like them or needs them for
some production environment. Optionally, Uenv.txt can also be used on
some of the boot media.
Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
---
configs/am64x_evm_a53_defconfig | 4 +-
configs/j7200_evm_a72_defconfig | 4 -
configs/j721e_evm_a72_defconfig | 4 -
configs/j721s2_evm_a72_defconfig | 3 -
doc/board/ti/k3.rst | 172 +++++++++++++++++++++++++++++++++++++++
5 files changed, 173 insertions(+), 14 deletions(-)
diff --git a/configs/am64x_evm_a53_defconfig b/configs/am64x_evm_a53_defconfig
index 6485ed108a90..123a70049aeb 100644
--- a/configs/am64x_evm_a53_defconfig
+++ b/configs/am64x_evm_a53_defconfig
@@ -14,7 +14,7 @@ CONFIG_TARGET_AM642_A53_EVM=y
CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y
CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80480000
CONFIG_ENV_SIZE=0x20000
-CONFIG_ENV_OFFSET=0x680000
+CONFIG_SYS_SPI_U_BOOT_OFFS=0x300000
CONFIG_DM_GPIO=y
CONFIG_SPL_DM_SPI=y
CONFIG_DEFAULT_DEVICE_TREE="k3-am642-evm"
@@ -79,8 +79,6 @@ CONFIG_OF_LIST="k3-am642-evm k3-am642-sk"
CONFIG_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_IS_IN_MMC=y
-CONFIG_SYS_MMC_ENV_PART=1
CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_SPL_DM=y
CONFIG_SPL_DM_SEQ_ALIAS=y
diff --git a/configs/j7200_evm_a72_defconfig b/configs/j7200_evm_a72_defconfig
index cc68a2121797..5fc46ec8c13e 100644
--- a/configs/j7200_evm_a72_defconfig
+++ b/configs/j7200_evm_a72_defconfig
@@ -12,7 +12,6 @@ CONFIG_TARGET_J7200_A72_EVM=y
CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y
CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80480000
CONFIG_ENV_SIZE=0x20000
-CONFIG_ENV_OFFSET=0x680000
CONFIG_DM_GPIO=y
CONFIG_SPL_DM_SPI=y
CONFIG_DEFAULT_DEVICE_TREE="k3-j7200-common-proc-board"
@@ -23,7 +22,6 @@ CONFIG_SPL_MMC=y
CONFIG_SPL_SERIAL=y
CONFIG_SPL_DRIVERS_MISC=y
CONFIG_SPL_STACK_R_ADDR=0x82000000
-CONFIG_ENV_OFFSET_REDUND=0x6A0000
CONFIG_SPL_FS_FAT=y
CONFIG_SPL_LIBDISK_SUPPORT=y
CONFIG_SPL_SPI_FLASH_SUPPORT=y
@@ -90,8 +88,6 @@ CONFIG_OF_CONTROL=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_OVERWRITE=y
-CONFIG_ENV_IS_IN_MMC=y
CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
CONFIG_SYS_RELOC_GD_ENV_ADDR=y
CONFIG_NET_RANDOM_ETHADDR=y
diff --git a/configs/j721e_evm_a72_defconfig b/configs/j721e_evm_a72_defconfig
index 32ac47cbdb59..bf353aafefe4 100644
--- a/configs/j721e_evm_a72_defconfig
+++ b/configs/j721e_evm_a72_defconfig
@@ -91,11 +91,7 @@ CONFIG_OF_LIST="k3-j721e-common-proc-board k3-j721e-sk"
CONFIG_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_OVERWRITE=y
-CONFIG_ENV_IS_NOWHERE=y
-CONFIG_ENV_IS_IN_FAT=y
CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
-CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
CONFIG_SYS_RELOC_GD_ENV_ADDR=y
CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_SPL_DM=y
diff --git a/configs/j721s2_evm_a72_defconfig b/configs/j721s2_evm_a72_defconfig
index 37c1fdedc41e..5ce4eb5390c6 100644
--- a/configs/j721s2_evm_a72_defconfig
+++ b/configs/j721s2_evm_a72_defconfig
@@ -89,10 +89,7 @@ CONFIG_SPL_OF_CONTROL=y
CONFIG_OF_LIST="k3-j721s2-common-proc-board k3-am68-sk-base-board"
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_OVERWRITE=y
-CONFIG_ENV_IS_IN_FAT=y
CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
-CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
CONFIG_SYS_RELOC_GD_ENV_ADDR=y
CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_SPL_DM=y
diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst
index 214a22b1ae62..58e4ad2f6f29 100644
--- a/doc/board/ti/k3.rst
+++ b/doc/board/ti/k3.rst
@@ -240,3 +240,175 @@ wakeup and main domain and to boot to the U-Boot prompt
| `tispl.bin`
| `u-boot.img`
+
+
+
+Fit Signature Signing
+---------------------
+
+K3 Platforms have fit signature signing enabled by default on their primary
+platforms. Here we'll take an example for creating fit image for J721e platform
+and the same can be extended to other platforms
+
+1. Describing FIT source
+
+ .. code-block:: bash
+
+ /dts-v1/;
+
+ / {
+ description = "Kernel fitImage for j721e-hs-evm";
+ #address-cells = <1>;
+
+ images {
+ kernel-1 {
+ description = "Linux kernel";
+ data = /incbin/("Image");
+ type = "kernel";
+ arch = "arm64";
+ os = "linux";
+ compression = "none";
+ load = <0x80080000>;
+ entry = <0x80080000>;
+ hash-1 {
+ algo = "sha512";
+ };
+
+ };
+ fdt-ti_k3-j721e-common-proc-board.dtb {
+ description = "Flattened Device Tree blob";
+ data = /incbin/("k3-j721e-common-proc-board.dtb");
+ type = "flat_dt";
+ arch = "arm64";
+ compression = "none";
+ load = <0x83000000>;
+ hash-1 {
+ algo = "sha512";
+ };
+
+ };
+ };
+
+ configurations {
+ default = "conf-ti_k3-j721e-common-proc-board.dtb";
+ conf-ti_k3-j721e-common-proc-board.dtb {
+ description = "Linux kernel, FDT blob";
+ fdt = "fdt-ti_k3-j721e-common-proc-board.dtb";
+ kernel = "kernel-1";
+ signature-1 {
+ algo = "sha512,rsa4096";
+ key-name-hint = "custMpk";
+ sign-images = "kernel", "fdt";
+ };
+ };
+ };
+ };
+
+ You would require to change the '/incbin/' lines to point to the respective
+ files in your local machine and the key-name-hint also needs to be changed
+ if you are using some other key other than the TI dummy key that we are
+ using for this example.
+
+2. Compile U-boot for the respective board
+
+ .. code-block:: bash
+
+ make O=build/a72 CROSS_COMPILE=aarch64-none-linux-gnu- ARCH=arm
+ BL31=/path/to/bl31.bin TEE=/path/to/bl32.bin
+ BINMAN_INDIRS="/path/to/ti-linux-firmware" -j15
+
+ .. note::
+
+ The changes only affect a72 binaries so the example just builds that
+
+3. Sign the fit image and embed the dtb in uboot
+
+ Now once the build is done, you'll have a dtb for your board that you'll
+ be passing to mkimage for signing the fitImage and embedding the key in
+ the u-boot dtb.
+
+ .. code-block:: bash
+
+ mkimage -r -f fitImage.its -k $UBOOT_PATH/board/ti/keys -K
+ $UBOOT_PATH/build/a72/dts/dt.dtb
+
+ For signing a secondary platform, pass the -K parameter to that DTB
+
+ .. code-block:: bash
+
+ mkimage -f fitImage.its -k $UBOOT_PATH/board/ti/keys -K
+ $UBOOT_PATH/build/a72/arch/arm/dts/k3-j721e-sk.dtb
+
+ .. note::
+
+ If changing `CONFIG_DEFAULT_DEVICE_TREE` to the secondary platform,
+ binman changes would also be required so that correct dtb gets packaged.
+
+ .. code-block:: bash
+
+ diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi
+ index 673be646b1e3..752fa805fe8d 100644
+ --- a/arch/arm/dts/k3-j721e-binman.dtsi
+ +++ b/arch/arm/dts/k3-j721e-binman.dtsi
+ @@ -299,8 +299,8 @@
+ #define SPL_J721E_SK_DTB "spl/dts/k3-j721e-sk.dtb"
+
+ #define UBOOT_NODTB "u-boot-nodtb.bin"
+ -#define J721E_EVM_DTB "u-boot.dtb"
+ -#define J721E_SK_DTB "arch/arm/dts/k3-j721e-sk.dtb"
+ +#define J721E_EVM_DTB "arch/arm/dts/k3-j721e-common-proc-board.dtb"
+ +#define J721E_SK_DTB "u-boot.dtb"
+
+5. Rebuilt u-boot
+
+ This is required so that the modified dtb gets updated in u-boot.img
+
+ .. code-block:: bash
+
+ make O=build/a72 CROSS_COMPILE=aarch64-none-linux-gnu- ARCH=arm
+ BL31=/path/to/bl31.bin TEE=/path/to/bl32.bin
+ BINMAN_INDIRS="/path/to/ti-linux-firmware" -j15
+
+6. (Optional) Enabled FIT_SIGNATURE_ENFORCED
+
+ By default u-boot will boot up the fit image without any authentication as
+ such if the public key is not embedded properly, to check if the public key
+ nodes are proper you can enable FIT_SIGNATURE_ENFORCED that would not rely
+ on the dtb for anything else then the signature node for checking the fit
+ image, rest other things will be enforced such as the property of
+ required-keys. This is not an extensive check so do manual checks also
+
+ This is by default enabled for devices with TI_SECURE_DEVICE enabled.
+
+.. note::
+
+ The devices now also have distroboot enabled so if the fit image doesn't
+ work then the fallback to normal distroboot will be there on hs devices,
+ this will need to be explicitly disabled by changing the boot_targets.
+
+Saving environment
+------------------
+
+SAVEENV is disabled by default and for the new flow uses Uenv.txt as the default
+way for saving the environments. This has been done as Uenv.txt is more granular
+then the saveenv command and can be used across various bootmodes too.
+
+**Writing to MMC/EMMC**
+
+.. code-block::
+
+ => env export -t $loadaddr <list of variables>
+ => fatwrite mmc ${mmcdev} ${loadaddr} ${bootenvfile} ${filesize}
+
+**Reading from MMC/EMMC**
+
+By default run envboot will read it from the MMC/EMMC partition ( based on
+mmcdev) and set the environments.
+
+If manually needs to be done then the environment can be read from the
+filesystem and then imported
+
+.. code-block::
+
+ => fatload mmc ${mmcdev} ${loadaddr} ${bootenvfile}
+ => env import -t ${loadaddr} ${filesize}
--
2.40.1
More information about the U-Boot
mailing list