[PATCH 3/7] dts: j721e: binman: Include firmware capsules binman nodes

Jon Humphreys j-humphreys at ti.com
Wed Apr 10 20:24:22 CEST 2024 

Andrew Davis <afd at ti.com> writes:

> On 4/8/24 5:17 PM, Jonathan Humphreys wrote:
>> Signed-off-by: Jonathan Humphreys <j-humphreys at ti.com>
>> ---
>>   arch/arm/dts/k3-j721e-binman.dtsi | 32 +++++++++++++++++++++++++++++++
>>   1 file changed, 32 insertions(+)
>> 
>> diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi
>> index 75a6e9599b9..9169551c422 100644
>> --- a/arch/arm/dts/k3-j721e-binman.dtsi
>> +++ b/arch/arm/dts/k3-j721e-binman.dtsi
>> @@ -207,6 +207,29 @@
>>   		};
>>   	};
>>   };
>> +
>> +#include "k3-binman-capsule-r5.dtsi"
>> +
>> +// Capsue update GUIDs.  See ti_armv7_common.h.
>> +#define K3_SYSFW_IMAGE_UUID_STR "6fd10680-361b-431f-80aa-899455819e11"
>> +
>> +&binman {
>> +	capsule-sysfw {
>> +		filename = "sysfw-capsule.bin";
>> +		efi-capsule {
>> +			image-index = <0x4>;
>> +			image-guid = K3_SYSFW_IMAGE_UUID_STR;
>> +			private-key = "arch/arm/mach-k3/keys/custMpk.pem";
>> +			public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt";
>> +			monotonic-count = <0x1>;
>> +
>> +			blob {
>> +				filename = "sysfw.itb";
>> +			};
>> +		};
>> +	};
>> +};
>> +
>>   #endif
>>   
>>   #ifdef CONFIG_TARGET_J721E_A72_EVM
>> @@ -585,4 +608,13 @@
>>   		};
>>   	};
>>   };
>> +
>> +#include "k3-binman-capsule.dtsi"
>> +&tispl_name {
>> +	filename = "tispl.bin_unsigned";
>
> Why use the _unsigned images here? HS devices cannot boot unsigned GP images,
> but both GP and HS devices *can* boot the normal signed images (GP just strips
> the signatures off). So no need to use the _unsigned images anymore (I'm
> planning to just remove them at some point to prevent this confusion).
>
I can do that.

Note that you will then see warnings on GP devices during boot:

  Warning: Detected image signing certificate on GP device. Skipping certificate to prevent boot failure. This will fail if the image was also encrypted

Jon

> Andrew
>
>> +};
>> +&uboot_name {
>> +	filename = "u-boot.img_unsigned";
>> +};
>> +
>>   #endif

More information about the U-Boot mailing list