[PATCH v3 00/19] Migration to using binman for bootloader

Christian Gmeiner christian.gmeiner at gmail.com
Thu May 4 10:38:38 CEST 2023


Hi

>
> This series aims to eliminate the use of additional custom repositories
> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
> Security Development Tools) that was plumbed into the U-Boot build flow
> to generate boot images for TI K3 platform devices. And instead, we move
> towards using binman that aligns better with the community standard build
> flow.
>
> This series uses binman for all K3 platforms supported on U-Boot currently;
> both HS (High Security, both SE and FS) and GP (General Purpose) devices.
>
> Background on using k3-image-gen:
>         * TI K3 devices require a SYSFW (System Firmware) image consisting
>         of a signed system firmware image and board configuration binaries,
>         this is needed to bring up system firmware during U-Boot R5 SPL
>         startup.
>         * Board configuration data contain board-specific information
>         such as resource management, power management and security.
>
> Background on using core-secdev-k3:
>         * Contains resources to sign x509 certificates for HS devices
>
> Series intends to use binman to take over the packaging and signing for
> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
> boot flow) instead of k3-image-gen.
>
> Series also packages the A72/A53 bootloader images (tispl.bin and
> u-boot.img) using ATF, OPTEE and DM (Device Manager)

This simplifies building U-Boot with sysfw alot - thanks for your
work! I have tested this series on
an am642 based design. One thing is missing for my HSM use case. I
want to build an unsigned
Image and need to sign it with binman in the context of the HSM.
Therefore we need repacking
support. Are you working on that too?

-- 
greets
--
Christian Gmeiner, MSc

https://christian-gmeiner.info/privacypolicy


More information about the U-Boot mailing list