[PATCH 2/2] arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images

Neha Malcom Francis n-francis at ti.com
Thu Apr 4 06:50:21 CEST 2024 

Hi Dhruva

On 03/04/24 17:33, Dhruva Gole wrote:
> From: Kamlesh Gurudasani <kamlesh at ti.com>
> 
> Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> and include them in tispl.bin and tispl.bin_unsigned.
> 
> Signed-off-by: Kamlesh Gurudasani <kamlesh at ti.com>
> Signed-off-by: Dhruva Gole <d-gole at ti.com>
> ---
>   arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++-
>   1 file changed, 139 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi
> index 5b058bd03a07..dfd38d64f638 100644
> --- a/arch/arm/dts/k3-am625-sk-binman.dtsi
> +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
> @@ -151,11 +151,107 @@
>   			filename = "ti-dm/am62xx/ipc_echo_testb_mcu1_0_release_strip.xer5f";
>   		};
>   	};
> +
> +	tifsstub-hs {
> +		filename = "tifsstub.bin_hs";
> +		ti-secure-rom {
> +			content = <&tifsstub_hs_cert>;
> +			core = "secure";
> +			load = <0x40000>;
> +			sw-rev = <CONFIG_K3_X509_SWRV>;
> +			keyfile = "custMpk.pem";
> +			countersign;
> +			tifsstub;
> +		};
> +		tifsstub_hs_cert: tifsstub-hs-cert.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +		tifsstub_hs_enc: tifsstub-hs-enc.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +	};
> +
> +	tifsstub-fs {
> +		filename = "tifsstub.bin_fs";
> +		tifsstub_fs_cert: tifsstub-fs-cert.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +		tifsstub_fs_enc: tifsstub-fs-enc.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +
> +	};
> +
> +	tifsstub-gp {
> +		filename = "tifsstub.bin_gp";
> +		ti-secure-rom {
> +			content = <&tifsstub_gp>;
> +			core = "secure";
> +			load = <0x60000>;
> +			sw-rev = <CONFIG_K3_X509_SWRV>;
> +			keyfile = "ti-degenerate-key.pem";
> +			tifsstub;
> +		};
> +		tifsstub_gp: tifsstub-gp.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-gp.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +	};
> +
>   	ti-spl {
>   		insert-template = <&ti_spl_template>;
>   
>   		fit {
>   			images {
> +
> +				tifsstub-hs {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-hs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_hs";
> +					};
> +				};
> +
> +				tifsstub-fs {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-fs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_fs";
> +					};
> +				};
> +
> +				tifsstub-gp {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-gp";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_gp";
> +					};
> +				};
> +
>   				dm {
>   					ti-secure {
>   						content = <&dm>;
> @@ -189,7 +285,8 @@
>   				conf-0 {
>   					description = "k3-am625-sk";
>   					firmware = "atf";
> -					loadables = "tee", "dm", "spl";
> +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> +					"tifsstub-gp", "dm", "spl";
>   					fdt = "fdt-0";
>   				};
>   			};
> @@ -247,6 +344,45 @@
>   		fit {
>   			images {
>   
> +				tifsstub-hs {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-hs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_hs";
> +					};
> +				};
> +
> +				tifsstub-fs {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-fs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_fs";
> +					};
> +				};
> +
> +				tifsstub-gp {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-gp";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_gp";
> +					};
> +				};
> +
>   				dm {
>   					ti-dm {
>   						filename = "ti-dm.bin";
> @@ -270,7 +406,8 @@
>   				conf-0 {
>   					description = "k3-am625-sk";
>   					firmware = "atf";
> -					loadables = "tee", "dm", "spl";
> +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> +						  "tifsstub-gp", "dm", "spl";
>   					fdt = "fdt-0";
>   				};
>   			};


If there are multiple boards that will support TIFSSTUB in future, I would 
prefer templating these out and putting them in k3-binman.dtsi. However 
considering there's a lot of movement currently (cleanup and OF_STREAM) in that 
file, you can maybe take this up when adding support for the next board.

Reviewed-by: Neha Malcom Francis <n-francis at ti.com>

-- 
Thanking You
Neha Malcom Francis

More information about the U-Boot mailing list