[PATCH v3 00/19] Migration to using binman for bootloader
Christian Gmeiner
christian.gmeiner at gmail.com
Thu May 4 10:38:38 CEST 2023
Hi
>
> This series aims to eliminate the use of additional custom repositories
> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
> Security Development Tools) that was plumbed into the U-Boot build flow
> to generate boot images for TI K3 platform devices. And instead, we move
> towards using binman that aligns better with the community standard build
> flow.
>
> This series uses binman for all K3 platforms supported on U-Boot currently;
> both HS (High Security, both SE and FS) and GP (General Purpose) devices.
>
> Background on using k3-image-gen:
> * TI K3 devices require a SYSFW (System Firmware) image consisting
> of a signed system firmware image and board configuration binaries,
> this is needed to bring up system firmware during U-Boot R5 SPL
> startup.
> * Board configuration data contain board-specific information
> such as resource management, power management and security.
>
> Background on using core-secdev-k3:
> * Contains resources to sign x509 certificates for HS devices
>
> Series intends to use binman to take over the packaging and signing for
> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
> boot flow) instead of k3-image-gen.
>
> Series also packages the A72/A53 bootloader images (tispl.bin and
> u-boot.img) using ATF, OPTEE and DM (Device Manager)
This simplifies building U-Boot with sysfw alot - thanks for your
work! I have tested this series on
an am642 based design. One thing is missing for my HSM use case. I
want to build an unsigned
Image and need to sign it with binman in the context of the HSM.
Therefore we need repacking
support. Are you working on that too?
--
greets
--
Christian Gmeiner, MSc
https://christian-gmeiner.info/privacypolicy
More information about the U-Boot
mailing list