[PATCH v4 00/23] Migration to using binman for bootloader

Neha Malcom Francis n-francis at ti.com
Fri May 26 17:23:30 CEST 2023


Hi Simon, Tom

Please keep this series on hold for v5, for a few board configuration fixes.

On 18/05/23 19:56, Neha Malcom Francis wrote:
> This series aims to eliminate the use of additional custom repositories
> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
> Security Development Tools) that was plumbed into the U-Boot build flow
> to generate boot images for TI K3 platform devices. And instead, we move
> towards using binman that aligns better with the community standard build
> flow.
> 
> This series uses binman for all K3 platforms supported on U-Boot currently;
> both HS (High Security, both SE and FS) and GP (General Purpose) devices.
> 
> Background on using k3-image-gen:
> 	* TI K3 devices require a SYSFW (System Firmware) image consisting
> 	of a signed system firmware image and board configuration binaries,
> 	this is needed to bring up system firmware during U-Boot R5 SPL
> 	startup.
> 	* Board configuration data contain board-specific information
> 	such as resource management, power management and security.
> 
> Background on using core-secdev-k3:
> 	* Contains resources to sign x509 certificates for HS devices
> 
> Series intends to use binman to take over the packaging and signing for
> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
> boot flow) instead of k3-image-gen.
> 
> Series also packages the A72/A53 bootloader images (tispl.bin and
> u-boot.img) using ATF, OPTEE and DM (Device Manager)
> 
> Changes in v4:
> 	- added support for iot2050
> 	- documentation fixes
> 	- move to using self.Raise in ti-board-config etype
> 	- introduced common k3-binman.dtsi (further reduction in code
> 	  duplication can be targetted, this as first step)
> 
> Changes in v3:
> 	- added support for HS-FS devices
> 	- added support for AM68-sk
> 	- added back dropped documentation patch
> 	- changed prefix for SYSFW and DM files to expected directory
> 	  name
> 	- extended test coverage to 100%
> 	- documentation fixes
> 	- corrected formatting changes
> 
> Changes in v2:
> 	- removed all external scripts
> 	- created ti-board-config etype to support generation of board
> 	  config binaries
> 	- created ti-secure and ti-secure-rom etypes to handle signing
> 	  instead of using external TI_SECURE_DEV_PKG
> 	- updated openssl btool to support x509 certificate generation
> 	- dropped Makefile changes to obtain external binary components,
> 	  moving to using BINMAN_INDIRS to achieve the same
> 
> CI/CD passes 100% (with series rebased on -master, current series based
> on -next) [1]
> 
> v1: https://patchwork.ozlabs.org/project/uboot/cover/20230120101903.179959-1-n-francis@ti.com/
> v2: https://patchwork.ozlabs.org/project/uboot/cover/20230404121342.446935-1-n-francis@ti.com/
> 
> [1] https://github.com/u-boot/u-boot/pull/291
> 
> Kamlesh Gurudasani (1):
>    configs: am64x: Enable TI_SECURE_DEV options
> 
> Neha Malcom Francis (20):
>    binman: ti-board-config: Add support for TI board config binaries
>    binman: ti-secure: Add support for TI signing
>    arm: dts: k3: Add support for packaging sysfw.itb and tiboot3.bin
>    j721e: schema: yaml: Add general schema and J721E board config files
>    j721e: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
>      u-boot.img
>    j7200: yaml: Add J7200 board config files
>    j7200: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
>    am65x: yaml: Add AM65x board config files
>    am65: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
>      u-boot.img
>    am64x: yaml: Add board configs for AM64x
>    am64x: dts: binman: Package tiboot3.bin, tispl.bin u-boot.img
>    j721s2: yaml: Add board configs for J721S2
>    j721s2: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
>    am62: yaml: Add board configs for AM62
>    am625: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
>    am62a: yaml: Add board configs for AM62ax
>    am62a: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
>    arm: k3-am65x-iot2050: Use binman for tispl.bin for iot2050
>    k3: tools: config.mk: Update makefile and remove scripts
>    doc: board: ti: Update documentation for binman flow
> 
> Tom Rini (2):
>    buildman: Create a requirements.txt file
>    CI: Make use of buildman requirements.txt
> 
>   .azure-pipelines.yml                          |    4 +
>   .gitlab-ci.yml                                |    4 +
>   arch/arm/dts/k3-am625-r5-sk.dts               |    1 +
>   arch/arm/dts/k3-am625-sk-binman.dtsi          |  462 +++
>   arch/arm/dts/k3-am625-sk-u-boot.dtsi          |    2 +
>   arch/arm/dts/k3-am62a-sk-binman.dtsi          |  461 +++
>   arch/arm/dts/k3-am62a7-r5-sk.dts              |    1 +
>   arch/arm/dts/k3-am62a7-sk.dts                 |    1 +
>   arch/arm/dts/k3-am642-evm-u-boot.dtsi         |    2 +
>   arch/arm/dts/k3-am642-r5-evm.dts              |    1 +
>   arch/arm/dts/k3-am64x-binman.dtsi             |  514 +++
>   arch/arm/dts/k3-am65-iot2050-boot-image.dtsi  |   76 +-
>   arch/arm/dts/k3-am654-base-board-u-boot.dtsi  |    1 +
>   .../dts/k3-am654-r5-base-board-u-boot.dtsi    |    1 +
>   arch/arm/dts/k3-am65x-binman.dtsi             |  518 +++
>   arch/arm/dts/k3-binman.dtsi                   |  116 +
>   arch/arm/dts/k3-j7200-binman.dtsi             |  501 +++
>   .../k3-j7200-common-proc-board-u-boot.dtsi    |    2 +
>   arch/arm/dts/k3-j721e-binman.dtsi             |  700 ++++
>   .../k3-j721e-common-proc-board-u-boot.dtsi    |    1 +
>   .../arm/dts/k3-j721e-r5-common-proc-board.dts |    1 +
>   arch/arm/dts/k3-j721s2-binman.dtsi            |  545 ++++
>   .../k3-j721s2-common-proc-board-u-boot.dtsi   |    2 +
>   .../dts/k3-j721s2-r5-common-proc-board.dts    |    1 +
>   arch/arm/mach-k3/config.mk                    |  101 -
>   board/ti/am62ax/Kconfig                       |    2 +
>   board/ti/am62ax/board-cfg.yaml                |   36 +
>   board/ti/am62ax/pm-cfg.yaml                   |   12 +
>   board/ti/am62ax/rm-cfg.yaml                   | 1151 +++++++
>   board/ti/am62ax/sec-cfg.yaml                  |  375 +++
>   board/ti/am62x/Kconfig                        |    2 +
>   board/ti/am62x/board-cfg.yaml                 |   36 +
>   board/ti/am62x/pm-cfg.yaml                    |   12 +
>   board/ti/am62x/rm-cfg.yaml                    | 1088 +++++++
>   board/ti/am62x/sec-cfg.yaml                   |  375 +++
>   board/ti/am64x/Kconfig                        |    2 +
>   board/ti/am64x/board-cfg.yaml                 |   37 +
>   board/ti/am64x/pm-cfg.yaml                    |   12 +
>   board/ti/am64x/rm-cfg.yaml                    | 1400 ++++++++
>   board/ti/am64x/sec-cfg.yaml                   |  378 +++
>   board/ti/am65x/Kconfig                        |    2 +
>   board/ti/am65x/board-cfg.yaml                 |   36 +
>   board/ti/am65x/pm-cfg.yaml                    |   12 +
>   board/ti/am65x/rm-cfg.yaml                    | 2068 ++++++++++++
>   board/ti/am65x/sec-cfg.yaml                   |  375 +++
>   board/ti/common/schema.yaml                   |  355 ++
>   board/ti/j721e/Kconfig                        |    4 +
>   board/ti/j721e/board-cfg.yaml                 |   37 +
>   board/ti/j721e/board-cfg_j7200.yaml           |   36 +
>   board/ti/j721e/pm-cfg.yaml                    |   13 +
>   board/ti/j721e/pm-cfg_j7200.yaml              |   12 +
>   board/ti/j721e/rm-cfg.yaml                    | 2757 ++++++++++++++++
>   board/ti/j721e/rm-cfg_j7200.yaml              | 2065 ++++++++++++
>   board/ti/j721e/sec-cfg.yaml                   |  379 +++
>   board/ti/j721e/sec-cfg_j7200.yaml             |  378 +++
>   board/ti/j721s2/Kconfig                       |    2 +
>   board/ti/j721s2/board-cfg.yaml                |   37 +
>   board/ti/j721s2/pm-cfg.yaml                   |   12 +
>   board/ti/j721s2/rm-cfg.yaml                   | 2901 +++++++++++++++++
>   board/ti/j721s2/sec-cfg.yaml                  |  375 +++
>   board/ti/keys/custMpk.pem                     |   51 +
>   board/ti/keys/ti-degenerate-key.pem           |   10 +
>   configs/am64x_evm_a53_defconfig               |    1 +
>   configs/am64x_evm_r5_defconfig                |    1 +
>   doc/board/ti/am62x_sk.rst                     |   42 +-
>   doc/board/ti/j721e_evm.rst                    |   50 +-
>   doc/board/ti/k3.rst                           |   95 +-
>   tools/binman/btool/openssl.py                 |  244 ++
>   tools/binman/entries.rst                      |  113 +
>   tools/binman/etype/ti_board_config.py         |  259 ++
>   tools/binman/etype/ti_secure.py               |   76 +
>   tools/binman/etype/ti_secure_rom.py           |  247 ++
>   tools/binman/etype/x509_cert.py               |   87 +-
>   tools/binman/ftest.py                         |   72 +
>   tools/binman/pyproject.toml                   |    2 +-
>   tools/binman/test/277_ti_board_cfg.dts        |   14 +
>   .../binman/test/278_ti_board_cfg_combined.dts |   25 +
>   .../binman/test/279_ti_board_cfg_no_type.dts  |   11 +
>   tools/binman/test/279_ti_secure.dts           |   17 +
>   tools/binman/test/280_ti_secure_rom.dts       |   17 +
>   .../test/281_ti_secure_rom_combined.dts       |   25 +
>   tools/binman/test/288_ti_secure_rom_a.dts     |   19 +
>   tools/binman/test/289_ti_secure_rom_b.dts     |   18 +
>   tools/binman/test/yaml/config.yaml            |   19 +
>   tools/binman/test/yaml/schema.yaml            |   51 +
>   tools/binman/test/yaml/schema_notype.yaml     |   40 +
>   tools/buildman/requirements.txt               |    2 +
>   tools/k3_fit_atf.sh                           |  123 -
>   tools/k3_gen_x509_cert.sh                     |  262 --
>   89 files changed, 22175 insertions(+), 611 deletions(-)
>   create mode 100644 arch/arm/dts/k3-am625-sk-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-am62a-sk-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-am64x-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-am65x-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-j7200-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-j721e-binman.dtsi
>   create mode 100644 arch/arm/dts/k3-j721s2-binman.dtsi
>   delete mode 100644 arch/arm/mach-k3/config.mk
>   create mode 100644 board/ti/am62ax/board-cfg.yaml
>   create mode 100644 board/ti/am62ax/pm-cfg.yaml
>   create mode 100644 board/ti/am62ax/rm-cfg.yaml
>   create mode 100644 board/ti/am62ax/sec-cfg.yaml
>   create mode 100644 board/ti/am62x/board-cfg.yaml
>   create mode 100644 board/ti/am62x/pm-cfg.yaml
>   create mode 100644 board/ti/am62x/rm-cfg.yaml
>   create mode 100644 board/ti/am62x/sec-cfg.yaml
>   create mode 100644 board/ti/am64x/board-cfg.yaml
>   create mode 100644 board/ti/am64x/pm-cfg.yaml
>   create mode 100644 board/ti/am64x/rm-cfg.yaml
>   create mode 100644 board/ti/am64x/sec-cfg.yaml
>   create mode 100644 board/ti/am65x/board-cfg.yaml
>   create mode 100644 board/ti/am65x/pm-cfg.yaml
>   create mode 100644 board/ti/am65x/rm-cfg.yaml
>   create mode 100644 board/ti/am65x/sec-cfg.yaml
>   create mode 100644 board/ti/common/schema.yaml
>   create mode 100644 board/ti/j721e/board-cfg.yaml
>   create mode 100644 board/ti/j721e/board-cfg_j7200.yaml
>   create mode 100644 board/ti/j721e/pm-cfg.yaml
>   create mode 100644 board/ti/j721e/pm-cfg_j7200.yaml
>   create mode 100644 board/ti/j721e/rm-cfg.yaml
>   create mode 100644 board/ti/j721e/rm-cfg_j7200.yaml
>   create mode 100644 board/ti/j721e/sec-cfg.yaml
>   create mode 100644 board/ti/j721e/sec-cfg_j7200.yaml
>   create mode 100644 board/ti/j721s2/board-cfg.yaml
>   create mode 100644 board/ti/j721s2/pm-cfg.yaml
>   create mode 100644 board/ti/j721s2/rm-cfg.yaml
>   create mode 100644 board/ti/j721s2/sec-cfg.yaml
>   create mode 100644 board/ti/keys/custMpk.pem
>   create mode 100644 board/ti/keys/ti-degenerate-key.pem
>   create mode 100644 tools/binman/etype/ti_board_config.py
>   create mode 100644 tools/binman/etype/ti_secure.py
>   create mode 100644 tools/binman/etype/ti_secure_rom.py
>   create mode 100644 tools/binman/test/277_ti_board_cfg.dts
>   create mode 100644 tools/binman/test/278_ti_board_cfg_combined.dts
>   create mode 100644 tools/binman/test/279_ti_board_cfg_no_type.dts
>   create mode 100644 tools/binman/test/279_ti_secure.dts
>   create mode 100644 tools/binman/test/280_ti_secure_rom.dts
>   create mode 100644 tools/binman/test/281_ti_secure_rom_combined.dts
>   create mode 100644 tools/binman/test/288_ti_secure_rom_a.dts
>   create mode 100644 tools/binman/test/289_ti_secure_rom_b.dts
>   create mode 100644 tools/binman/test/yaml/config.yaml
>   create mode 100644 tools/binman/test/yaml/schema.yaml
>   create mode 100644 tools/binman/test/yaml/schema_notype.yaml
>   create mode 100644 tools/buildman/requirements.txt
>   delete mode 100755 tools/k3_fit_atf.sh
>   delete mode 100755 tools/k3_gen_x509_cert.sh
> 

-- 
Thanking You
Neha Malcom Francis


More information about the U-Boot mailing list