[PATCH v4 00/23] Migration to using binman for bootloader
Neha Malcom Francis
n-francis at ti.com
Fri May 26 17:23:30 CEST 2023
Hi Simon, Tom
Please keep this series on hold for v5, for a few board configuration fixes.
On 18/05/23 19:56, Neha Malcom Francis wrote:
> This series aims to eliminate the use of additional custom repositories
> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3
> Security Development Tools) that was plumbed into the U-Boot build flow
> to generate boot images for TI K3 platform devices. And instead, we move
> towards using binman that aligns better with the community standard build
> flow.
>
> This series uses binman for all K3 platforms supported on U-Boot currently;
> both HS (High Security, both SE and FS) and GP (General Purpose) devices.
>
> Background on using k3-image-gen:
> * TI K3 devices require a SYSFW (System Firmware) image consisting
> of a signed system firmware image and board configuration binaries,
> this is needed to bring up system firmware during U-Boot R5 SPL
> startup.
> * Board configuration data contain board-specific information
> such as resource management, power management and security.
>
> Background on using core-secdev-k3:
> * Contains resources to sign x509 certificates for HS devices
>
> Series intends to use binman to take over the packaging and signing for
> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined
> boot flow) instead of k3-image-gen.
>
> Series also packages the A72/A53 bootloader images (tispl.bin and
> u-boot.img) using ATF, OPTEE and DM (Device Manager)
>
> Changes in v4:
> - added support for iot2050
> - documentation fixes
> - move to using self.Raise in ti-board-config etype
> - introduced common k3-binman.dtsi (further reduction in code
> duplication can be targetted, this as first step)
>
> Changes in v3:
> - added support for HS-FS devices
> - added support for AM68-sk
> - added back dropped documentation patch
> - changed prefix for SYSFW and DM files to expected directory
> name
> - extended test coverage to 100%
> - documentation fixes
> - corrected formatting changes
>
> Changes in v2:
> - removed all external scripts
> - created ti-board-config etype to support generation of board
> config binaries
> - created ti-secure and ti-secure-rom etypes to handle signing
> instead of using external TI_SECURE_DEV_PKG
> - updated openssl btool to support x509 certificate generation
> - dropped Makefile changes to obtain external binary components,
> moving to using BINMAN_INDIRS to achieve the same
>
> CI/CD passes 100% (with series rebased on -master, current series based
> on -next) [1]
>
> v1: https://patchwork.ozlabs.org/project/uboot/cover/20230120101903.179959-1-n-francis@ti.com/
> v2: https://patchwork.ozlabs.org/project/uboot/cover/20230404121342.446935-1-n-francis@ti.com/
>
> [1] https://github.com/u-boot/u-boot/pull/291
>
> Kamlesh Gurudasani (1):
> configs: am64x: Enable TI_SECURE_DEV options
>
> Neha Malcom Francis (20):
> binman: ti-board-config: Add support for TI board config binaries
> binman: ti-secure: Add support for TI signing
> arm: dts: k3: Add support for packaging sysfw.itb and tiboot3.bin
> j721e: schema: yaml: Add general schema and J721E board config files
> j721e: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
> u-boot.img
> j7200: yaml: Add J7200 board config files
> j7200: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
> am65x: yaml: Add AM65x board config files
> am65: dts: binman: Package tiboot3.bin, sysfw.itb, tispl.bin,
> u-boot.img
> am64x: yaml: Add board configs for AM64x
> am64x: dts: binman: Package tiboot3.bin, tispl.bin u-boot.img
> j721s2: yaml: Add board configs for J721S2
> j721s2: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
> am62: yaml: Add board configs for AM62
> am625: dts: binman: Package tiboot3.bin, tispl.bin and u-boot.img
> am62a: yaml: Add board configs for AM62ax
> am62a: dts: binman: Package tiboot3.bin, tispl.bin, u-boot.img
> arm: k3-am65x-iot2050: Use binman for tispl.bin for iot2050
> k3: tools: config.mk: Update makefile and remove scripts
> doc: board: ti: Update documentation for binman flow
>
> Tom Rini (2):
> buildman: Create a requirements.txt file
> CI: Make use of buildman requirements.txt
>
> .azure-pipelines.yml | 4 +
> .gitlab-ci.yml | 4 +
> arch/arm/dts/k3-am625-r5-sk.dts | 1 +
> arch/arm/dts/k3-am625-sk-binman.dtsi | 462 +++
> arch/arm/dts/k3-am625-sk-u-boot.dtsi | 2 +
> arch/arm/dts/k3-am62a-sk-binman.dtsi | 461 +++
> arch/arm/dts/k3-am62a7-r5-sk.dts | 1 +
> arch/arm/dts/k3-am62a7-sk.dts | 1 +
> arch/arm/dts/k3-am642-evm-u-boot.dtsi | 2 +
> arch/arm/dts/k3-am642-r5-evm.dts | 1 +
> arch/arm/dts/k3-am64x-binman.dtsi | 514 +++
> arch/arm/dts/k3-am65-iot2050-boot-image.dtsi | 76 +-
> arch/arm/dts/k3-am654-base-board-u-boot.dtsi | 1 +
> .../dts/k3-am654-r5-base-board-u-boot.dtsi | 1 +
> arch/arm/dts/k3-am65x-binman.dtsi | 518 +++
> arch/arm/dts/k3-binman.dtsi | 116 +
> arch/arm/dts/k3-j7200-binman.dtsi | 501 +++
> .../k3-j7200-common-proc-board-u-boot.dtsi | 2 +
> arch/arm/dts/k3-j721e-binman.dtsi | 700 ++++
> .../k3-j721e-common-proc-board-u-boot.dtsi | 1 +
> .../arm/dts/k3-j721e-r5-common-proc-board.dts | 1 +
> arch/arm/dts/k3-j721s2-binman.dtsi | 545 ++++
> .../k3-j721s2-common-proc-board-u-boot.dtsi | 2 +
> .../dts/k3-j721s2-r5-common-proc-board.dts | 1 +
> arch/arm/mach-k3/config.mk | 101 -
> board/ti/am62ax/Kconfig | 2 +
> board/ti/am62ax/board-cfg.yaml | 36 +
> board/ti/am62ax/pm-cfg.yaml | 12 +
> board/ti/am62ax/rm-cfg.yaml | 1151 +++++++
> board/ti/am62ax/sec-cfg.yaml | 375 +++
> board/ti/am62x/Kconfig | 2 +
> board/ti/am62x/board-cfg.yaml | 36 +
> board/ti/am62x/pm-cfg.yaml | 12 +
> board/ti/am62x/rm-cfg.yaml | 1088 +++++++
> board/ti/am62x/sec-cfg.yaml | 375 +++
> board/ti/am64x/Kconfig | 2 +
> board/ti/am64x/board-cfg.yaml | 37 +
> board/ti/am64x/pm-cfg.yaml | 12 +
> board/ti/am64x/rm-cfg.yaml | 1400 ++++++++
> board/ti/am64x/sec-cfg.yaml | 378 +++
> board/ti/am65x/Kconfig | 2 +
> board/ti/am65x/board-cfg.yaml | 36 +
> board/ti/am65x/pm-cfg.yaml | 12 +
> board/ti/am65x/rm-cfg.yaml | 2068 ++++++++++++
> board/ti/am65x/sec-cfg.yaml | 375 +++
> board/ti/common/schema.yaml | 355 ++
> board/ti/j721e/Kconfig | 4 +
> board/ti/j721e/board-cfg.yaml | 37 +
> board/ti/j721e/board-cfg_j7200.yaml | 36 +
> board/ti/j721e/pm-cfg.yaml | 13 +
> board/ti/j721e/pm-cfg_j7200.yaml | 12 +
> board/ti/j721e/rm-cfg.yaml | 2757 ++++++++++++++++
> board/ti/j721e/rm-cfg_j7200.yaml | 2065 ++++++++++++
> board/ti/j721e/sec-cfg.yaml | 379 +++
> board/ti/j721e/sec-cfg_j7200.yaml | 378 +++
> board/ti/j721s2/Kconfig | 2 +
> board/ti/j721s2/board-cfg.yaml | 37 +
> board/ti/j721s2/pm-cfg.yaml | 12 +
> board/ti/j721s2/rm-cfg.yaml | 2901 +++++++++++++++++
> board/ti/j721s2/sec-cfg.yaml | 375 +++
> board/ti/keys/custMpk.pem | 51 +
> board/ti/keys/ti-degenerate-key.pem | 10 +
> configs/am64x_evm_a53_defconfig | 1 +
> configs/am64x_evm_r5_defconfig | 1 +
> doc/board/ti/am62x_sk.rst | 42 +-
> doc/board/ti/j721e_evm.rst | 50 +-
> doc/board/ti/k3.rst | 95 +-
> tools/binman/btool/openssl.py | 244 ++
> tools/binman/entries.rst | 113 +
> tools/binman/etype/ti_board_config.py | 259 ++
> tools/binman/etype/ti_secure.py | 76 +
> tools/binman/etype/ti_secure_rom.py | 247 ++
> tools/binman/etype/x509_cert.py | 87 +-
> tools/binman/ftest.py | 72 +
> tools/binman/pyproject.toml | 2 +-
> tools/binman/test/277_ti_board_cfg.dts | 14 +
> .../binman/test/278_ti_board_cfg_combined.dts | 25 +
> .../binman/test/279_ti_board_cfg_no_type.dts | 11 +
> tools/binman/test/279_ti_secure.dts | 17 +
> tools/binman/test/280_ti_secure_rom.dts | 17 +
> .../test/281_ti_secure_rom_combined.dts | 25 +
> tools/binman/test/288_ti_secure_rom_a.dts | 19 +
> tools/binman/test/289_ti_secure_rom_b.dts | 18 +
> tools/binman/test/yaml/config.yaml | 19 +
> tools/binman/test/yaml/schema.yaml | 51 +
> tools/binman/test/yaml/schema_notype.yaml | 40 +
> tools/buildman/requirements.txt | 2 +
> tools/k3_fit_atf.sh | 123 -
> tools/k3_gen_x509_cert.sh | 262 --
> 89 files changed, 22175 insertions(+), 611 deletions(-)
> create mode 100644 arch/arm/dts/k3-am625-sk-binman.dtsi
> create mode 100644 arch/arm/dts/k3-am62a-sk-binman.dtsi
> create mode 100644 arch/arm/dts/k3-am64x-binman.dtsi
> create mode 100644 arch/arm/dts/k3-am65x-binman.dtsi
> create mode 100644 arch/arm/dts/k3-binman.dtsi
> create mode 100644 arch/arm/dts/k3-j7200-binman.dtsi
> create mode 100644 arch/arm/dts/k3-j721e-binman.dtsi
> create mode 100644 arch/arm/dts/k3-j721s2-binman.dtsi
> delete mode 100644 arch/arm/mach-k3/config.mk
> create mode 100644 board/ti/am62ax/board-cfg.yaml
> create mode 100644 board/ti/am62ax/pm-cfg.yaml
> create mode 100644 board/ti/am62ax/rm-cfg.yaml
> create mode 100644 board/ti/am62ax/sec-cfg.yaml
> create mode 100644 board/ti/am62x/board-cfg.yaml
> create mode 100644 board/ti/am62x/pm-cfg.yaml
> create mode 100644 board/ti/am62x/rm-cfg.yaml
> create mode 100644 board/ti/am62x/sec-cfg.yaml
> create mode 100644 board/ti/am64x/board-cfg.yaml
> create mode 100644 board/ti/am64x/pm-cfg.yaml
> create mode 100644 board/ti/am64x/rm-cfg.yaml
> create mode 100644 board/ti/am64x/sec-cfg.yaml
> create mode 100644 board/ti/am65x/board-cfg.yaml
> create mode 100644 board/ti/am65x/pm-cfg.yaml
> create mode 100644 board/ti/am65x/rm-cfg.yaml
> create mode 100644 board/ti/am65x/sec-cfg.yaml
> create mode 100644 board/ti/common/schema.yaml
> create mode 100644 board/ti/j721e/board-cfg.yaml
> create mode 100644 board/ti/j721e/board-cfg_j7200.yaml
> create mode 100644 board/ti/j721e/pm-cfg.yaml
> create mode 100644 board/ti/j721e/pm-cfg_j7200.yaml
> create mode 100644 board/ti/j721e/rm-cfg.yaml
> create mode 100644 board/ti/j721e/rm-cfg_j7200.yaml
> create mode 100644 board/ti/j721e/sec-cfg.yaml
> create mode 100644 board/ti/j721e/sec-cfg_j7200.yaml
> create mode 100644 board/ti/j721s2/board-cfg.yaml
> create mode 100644 board/ti/j721s2/pm-cfg.yaml
> create mode 100644 board/ti/j721s2/rm-cfg.yaml
> create mode 100644 board/ti/j721s2/sec-cfg.yaml
> create mode 100644 board/ti/keys/custMpk.pem
> create mode 100644 board/ti/keys/ti-degenerate-key.pem
> create mode 100644 tools/binman/etype/ti_board_config.py
> create mode 100644 tools/binman/etype/ti_secure.py
> create mode 100644 tools/binman/etype/ti_secure_rom.py
> create mode 100644 tools/binman/test/277_ti_board_cfg.dts
> create mode 100644 tools/binman/test/278_ti_board_cfg_combined.dts
> create mode 100644 tools/binman/test/279_ti_board_cfg_no_type.dts
> create mode 100644 tools/binman/test/279_ti_secure.dts
> create mode 100644 tools/binman/test/280_ti_secure_rom.dts
> create mode 100644 tools/binman/test/281_ti_secure_rom_combined.dts
> create mode 100644 tools/binman/test/288_ti_secure_rom_a.dts
> create mode 100644 tools/binman/test/289_ti_secure_rom_b.dts
> create mode 100644 tools/binman/test/yaml/config.yaml
> create mode 100644 tools/binman/test/yaml/schema.yaml
> create mode 100644 tools/binman/test/yaml/schema_notype.yaml
> create mode 100644 tools/buildman/requirements.txt
> delete mode 100755 tools/k3_fit_atf.sh
> delete mode 100755 tools/k3_gen_x509_cert.sh
>
--
Thanking You
Neha Malcom Francis
More information about the U-Boot
mailing list