[PATCH v2 1/2] binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts
Neha Malcom Francis
n-francis at ti.com
Tue Oct 3 05:59:12 CEST 2023
Hi Simon
On 02/10/23 06:46, Simon Glass wrote:
> Hi Neha,
>
> On Tue, 26 Sept 2023 at 22:08, Neha Malcom Francis <n-francis at ti.com> wrote:
>>
>> According to the TRMs of K3 platform of devices, the ROM boot image
>> format specifies a "Core Options Field" that provides the capability to
>> set the boot core in lockstep when set to 0 or to split mode when set
>> to 2. Add support for providing the same from the binman DTS. Also
>> modify existing test case for ensuring future coverage.
>>
>> Signed-off-by: Neha Malcom Francis <n-francis at ti.com>
>> ---
>> Link to J721E TRM: https://www.ti.com/lit/zip/spruil1
>> Section 4.5.4.1 Boot Info
>>
>> tools/binman/btool/openssl.py | 6 ++++--
>> tools/binman/etype/ti_secure_rom.py | 12 ++++++++++--
>> tools/binman/etype/x509_cert.py | 3 ++-
>> tools/binman/test/297_ti_secure_rom.dts | 1 +
>> 4 files changed, 17 insertions(+), 5 deletions(-)
>>
>> diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
>> index aad3b61ae2..86cc56fbd7 100644
>> --- a/tools/binman/btool/openssl.py
>> +++ b/tools/binman/btool/openssl.py
>> @@ -155,6 +155,7 @@ authInPlace = INTEGER:2
>> C, ST, L, O, OU, CN and emailAddress
>> cert_type (int): Certification type
>> bootcore (int): Booting core
>> + bootcore_opts(int): Booting core option (split/lockstep mode)
>> load_addr (int): Load address of image
>> sha (int): Hash function
>>
>> @@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
>> imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw,
>> hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data,
>> hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
>> - dm_data_ext_boot_block):
>> + dm_data_ext_boot_block, bootcore_opts):
>> """Create a certificate
>>
>> Args:
>> @@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
>> bootcore (int): Booting core
>> load_addr (int): Load address of image
>> sha (int): Hash function
>> + bootcore_opts (int): Boot core option (split/lockstep mode)
>>
>> Returns:
>> str: Tool output
>> @@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data
>> [sbl]
>> compType = INTEGER:1
>> bootCore = INTEGER:16
>> -compOpts = INTEGER:0
>> +compOpts = INTEGER:{bootcore_opts}
>> destAddr = FORMAT:HEX,OCT:{load_addr:08x}
>> compSize = INTEGER:{imagesize_sbl}
>> shaType = OID:{sha_type}
>> diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py
>> index 9a7ac9e9e0..780f132ea5 100644
>> --- a/tools/binman/etype/ti_secure_rom.py
>> +++ b/tools/binman/etype/ti_secure_rom.py
>> @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
>> - core: core on which bootloader runs, valid cores are 'secure' and 'public'
>> - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
>> in case of combined bootflow
>> + - bootcore_opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
>
> core-opts is what it is called in your .dts so you should use the same
> name here. Please also regen the entries.rst file
>
>>
>> The following properties are only for generating a combined bootflow binary:
>> - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
>> @@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
>> self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
>> self.sha = fdt_util.GetInt(self._node, 'sha', 512)
>> self.core = fdt_util.GetString(self._node, 'core', 'secure')
>> + self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
>
>> self.key_fname = self.GetEntryArgsOrProps([
>> EntryArg('keyfile', str)], required=True)[0]
>> if self.combined:
>> @@ -103,11 +105,14 @@ class Entry_ti_secure_rom(Entry_x509_cert):
>> else:
>> self.cert_type = 2
>> self.bootcore = 0
>> - self.bootcore_opts = 32
>> + if self.bootcore_opts is None:
>> + self.bootcore_opts = 32
>
> How come it is 32? I thought it was 0 or 1 (as documented above)?
> Please add docs to explain this.
>
>> else:
>> self.cert_type = 1
>> self.bootcore = 16
>> - self.bootcore_opts = 0
>> + if self.bootcore_opts is None:
>> + self.bootcore_opts = 0
>> +
>> return super().GetCertificate(required=required, type='rom')
>>
>> def CombinedGetCertificate(self, required):
>> @@ -126,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
>> self.num_comps = 3
>> self.sha_type = SHA_OIDS[self.sha]
>>
>> + if self.bootcore_opts is None:
>> + self.bootcore_opts = 0
>> +
>> # sbl
>> self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
>> input_data_sbl = self.GetContents(required)
>> diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py
>> index d028cfe38c..fc0bb12278 100644
>> --- a/tools/binman/etype/x509_cert.py
>> +++ b/tools/binman/etype/x509_cert.py
>> @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection):
>> imagesize_sysfw_data=self.imagesize_sysfw_data,
>> hashval_sysfw_data=self.hashval_sysfw_data,
>> sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
>> - dm_data_ext_boot_block=self.dm_data_ext_boot_block
>> + dm_data_ext_boot_block=self.dm_data_ext_boot_block,
>> + bootcore_opts=self.bootcore_opts
>
> When you add args to a function, please update the function comment.
>
>> )
>> if stdout is not None:
>> data = tools.read_file(output_fname)
>> diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts
>> index d1313769f4..1a3eca9425 100644
>> --- a/tools/binman/test/297_ti_secure_rom.dts
>> +++ b/tools/binman/test/297_ti_secure_rom.dts
>> @@ -9,6 +9,7 @@
>> binman {
>> ti-secure-rom {
>> content = <&unsecure_binary>;
>> + core-opts = <2>;
>> };
>> unsecure_binary: blob-ext {
>> filename = "ti_unsecure.bin";
>> --
>> 2.34.1
>>
>
> Regards,
> Simonm
Thanks for the review comments! Will send out v3.
--
Thanking You
Neha Malcom Francis
More information about the U-Boot
mailing list