[PATCH] binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts
Kumar, Udit
u-kumar1 at ti.com
Mon Sep 25 07:27:03 CEST 2023
On 9/22/2023 2:45 PM, Neha Malcom Francis wrote:
> According to the TRMs of K3 platform of devices, the ROM boot image
Below tear line, giving some link of TRM, with section information
where this format is mentioned will be helpful for reviewers.
> format specifies a "Core Options Field" that provides the capability to
> set the Dual MCU present to lockstep when set to 0 or to split mode when
'Dual MCU present to' or 'Boot core in' or 'Boot MCU in'
> set to 2. Add support for providing the same from the binman DTS. Also
> modify existing test case for ensuring future coverage.
>
> Signed-off-by: Neha Malcom Francis <n-francis at ti.com>
> ---
> tools/binman/btool/openssl.py | 6 ++++--
> tools/binman/etype/ti_secure_rom.py | 12 ++++++++++--
> tools/binman/etype/x509_cert.py | 3 ++-
> tools/binman/test/297_ti_secure_rom.dts | 1 +
> 4 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
> index aad3b61ae2..86cc56fbd7 100644
> --- a/tools/binman/btool/openssl.py
> +++ b/tools/binman/btool/openssl.py
> @@ -155,6 +155,7 @@ authInPlace = INTEGER:2
> C, ST, L, O, OU, CN and emailAddress
> cert_type (int): Certification type
> bootcore (int): Booting core
> + bootcore_opts(int): Booting core option (split/lockstep mode)
> load_addr (int): Load address of image
> sha (int): Hash function
>
> @@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
> imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw,
> hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data,
> hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
> - dm_data_ext_boot_block):
> + dm_data_ext_boot_block, bootcore_opts):
> """Create a certificate
>
> Args:
> @@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']}
> bootcore (int): Booting core
> load_addr (int): Load address of image
> sha (int): Hash function
> + bootcore_opts (int): Boot core option (split/lockstep mode)
>
> Returns:
> str: Tool output
> @@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data
> [sbl]
> compType = INTEGER:1
> bootCore = INTEGER:16
> -compOpts = INTEGER:0
> +compOpts = INTEGER:{bootcore_opts}
> destAddr = FORMAT:HEX,OCT:{load_addr:08x}
> compSize = INTEGER:{imagesize_sbl}
> shaType = OID:{sha_type}
> diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py
> index 9a7ac9e9e0..780f132ea5 100644
> --- a/tools/binman/etype/ti_secure_rom.py
> +++ b/tools/binman/etype/ti_secure_rom.py
> @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
> - core: core on which bootloader runs, valid cores are 'secure' and 'public'
> - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
> in case of combined bootflow
> + - bootcore_opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
>
> The following properties are only for generating a combined bootflow binary:
> - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
> @@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
> self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
> self.sha = fdt_util.GetInt(self._node, 'sha', 512)
> self.core = fdt_util.GetString(self._node, 'core', 'secure')
> + self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
> self.key_fname = self.GetEntryArgsOrProps([
> EntryArg('keyfile', str)], required=True)[0]
> if self.combined:
> @@ -103,11 +105,14 @@ class Entry_ti_secure_rom(Entry_x509_cert):
> else:
> self.cert_type = 2
> self.bootcore = 0
> - self.bootcore_opts = 32
> + if self.bootcore_opts is None:
> + self.bootcore_opts = 32
> else:
> self.cert_type = 1
> self.bootcore = 16
> - self.bootcore_opts = 0
> + if self.bootcore_opts is None:
> + self.bootcore_opts = 0
> +
> return super().GetCertificate(required=required, type='rom')
>
> def CombinedGetCertificate(self, required):
> @@ -126,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
> self.num_comps = 3
> self.sha_type = SHA_OIDS[self.sha]
>
> + if self.bootcore_opts is None:
> + self.bootcore_opts = 0
> +
> # sbl
> self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
> input_data_sbl = self.GetContents(required)
> diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py
> index d028cfe38c..fc0bb12278 100644
> --- a/tools/binman/etype/x509_cert.py
> +++ b/tools/binman/etype/x509_cert.py
> @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection):
> imagesize_sysfw_data=self.imagesize_sysfw_data,
> hashval_sysfw_data=self.hashval_sysfw_data,
> sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
> - dm_data_ext_boot_block=self.dm_data_ext_boot_block
> + dm_data_ext_boot_block=self.dm_data_ext_boot_block,
> + bootcore_opts=self.bootcore_opts
> )
> if stdout is not None:
> data = tools.read_file(output_fname)
> diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts
> index d1313769f4..1a3eca9425 100644
> --- a/tools/binman/test/297_ti_secure_rom.dts
> +++ b/tools/binman/test/297_ti_secure_rom.dts
> @@ -9,6 +9,7 @@
> binman {
> ti-secure-rom {
> content = <&unsecure_binary>;
> + core-opts = <2>;
> };
> unsecure_binary: blob-ext {
> filename = "ti_unsecure.bin";
May be adding one binman dtsi with 'donot merge' tag to show this is to
be used, will be helpful
Rest LGTM
Thanks
Udit
More information about the U-Boot
mailing list