[PATCH v3 00/19] Migration to using binman for bootloader

Christian Gmeiner christian.gmeiner at gmail.com
Thu May 4 10:38:38 CEST 2023


> This series aims to eliminate the use of additional custom repositories
> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
> Security Development Tools) that was plumbed into the U-Boot build flow
> to generate boot images for TI K3 platform devices. And instead, we move
> towards using binman that aligns better with the community standard build
> flow.
> This series uses binman for all K3 platforms supported on U-Boot currently;
> both HS (High Security, both SE and FS) and GP (General Purpose) devices.
> Background on using k3-image-gen:
>         * TI K3 devices require a SYSFW (System Firmware) image consisting
>         of a signed system firmware image and board configuration binaries,
>         this is needed to bring up system firmware during U-Boot R5 SPL
>         startup.
>         * Board configuration data contain board-specific information
>         such as resource management, power management and security.
> Background on using core-secdev-k3:
>         * Contains resources to sign x509 certificates for HS devices
> Series intends to use binman to take over the packaging and signing for
> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
> boot flow) instead of k3-image-gen.
> Series also packages the A72/A53 bootloader images (tispl.bin and
> u-boot.img) using ATF, OPTEE and DM (Device Manager)

This simplifies building U-Boot with sysfw alot - thanks for your
work! I have tested this series on
an am642 based design. One thing is missing for my HSM use case. I
want to build an unsigned
Image and need to sign it with binman in the context of the HSM.
Therefore we need repacking
support. Are you working on that too?

Christian Gmeiner, MSc


More information about the U-Boot mailing list