[PATCH v2 04/43] binman: ti: Regenerate entry docs
Simon Glass
sjg at chromium.org
Fri Jun 21 21:51:25 CEST 2024
Correct formatting errors in the documentation.
Regenerate the entries.rst file to include this recent addition.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
(no changes since v1)
tools/binman/entries.rst | 35 +++++++++++++++++++++++++
tools/binman/etype/ti_secure.py | 45 +++++++++++++++++----------------
2 files changed, 58 insertions(+), 22 deletions(-)
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index ecccf77d112..f59c0341840 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -1958,6 +1958,12 @@ Properties / Entry arguments:
- content: List of phandles to entries to sign
- keyfile: Filename of file containing key to sign binary with
- sha: Hash function to be used for signing
+ - auth-in-place: This is an integer field that contains two pieces
+ of information:
+
+ - Lower Byte - Remains 0x02 as per our use case
+ ( 0x02: Move the authenticated binary back to the header )
+ - Upper Byte - The Host ID of the core owning the firewall
Output files:
- input.<unique_name> - input file passed to openssl
@@ -1966,6 +1972,35 @@ Output files:
- cert.<unique_name> - output file generated by openssl (which is
used as the entry contents)
+Depending on auth-in-place information in the inputs, we read the
+firewall nodes that describe the configurations of firewall that TIFS
+will be doing after reading the certificate.
+
+The syntax of the firewall nodes are as such::
+
+ firewall-257-0 {
+ id = <257>; /* The ID of the firewall being configured */
+ region = <0>; /* Region number to configure */
+
+ control = /* The control register */
+ <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>;
+
+ permissions = /* The permission registers */
+ <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
+ FWPERM_SECURE_PRIV_RWCD |
+ FWPERM_SECURE_USER_RWCD |
+ FWPERM_NON_SECURE_PRIV_RWCD |
+ FWPERM_NON_SECURE_USER_RWCD)>;
+
+ /* More defines can be found in k3-security.h */
+
+ start_address = /* The Start Address of the firewall */
+ <0x0 0x0>;
+ end_address = /* The End Address of the firewall */
+ <0xff 0xffffffff>;
+ };
+
+
openssl signs the provided data, using the TI templated config file and
writes the signature in this entry. This allows verification that the
data is genuine.
diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py
index 704dcf8a381..420ee263e4f 100644
--- a/tools/binman/etype/ti_secure.py
+++ b/tools/binman/etype/ti_secure.py
@@ -53,10 +53,11 @@ class Entry_ti_secure(Entry_x509_cert):
- keyfile: Filename of file containing key to sign binary with
- sha: Hash function to be used for signing
- auth-in-place: This is an integer field that contains two pieces
- of information
- Lower Byte - Remains 0x02 as per our use case
- ( 0x02: Move the authenticated binary back to the header )
- Upper Byte - The Host ID of the core owning the firewall
+ of information:
+
+ - Lower Byte - Remains 0x02 as per our use case
+ ( 0x02: Move the authenticated binary back to the header )
+ - Upper Byte - The Host ID of the core owning the firewall
Output files:
- input.<unique_name> - input file passed to openssl
@@ -69,29 +70,29 @@ class Entry_ti_secure(Entry_x509_cert):
firewall nodes that describe the configurations of firewall that TIFS
will be doing after reading the certificate.
- The syntax of the firewall nodes are as such:
+ The syntax of the firewall nodes are as such::
- firewall-257-0 {
- id = <257>; /* The ID of the firewall being configured */
- region = <0>; /* Region number to configure */
+ firewall-257-0 {
+ id = <257>; /* The ID of the firewall being configured */
+ region = <0>; /* Region number to configure */
- control = /* The control register */
- <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>;
+ control = /* The control register */
+ <(FWCTRL_EN | FWCTRL_LOCK | FWCTRL_BG | FWCTRL_CACHE)>;
- permissions = /* The permission registers */
- <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
- FWPERM_SECURE_PRIV_RWCD |
- FWPERM_SECURE_USER_RWCD |
- FWPERM_NON_SECURE_PRIV_RWCD |
- FWPERM_NON_SECURE_USER_RWCD)>;
+ permissions = /* The permission registers */
+ <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
+ FWPERM_SECURE_PRIV_RWCD |
+ FWPERM_SECURE_USER_RWCD |
+ FWPERM_NON_SECURE_PRIV_RWCD |
+ FWPERM_NON_SECURE_USER_RWCD)>;
- /* More defines can be found in k3-security.h */
+ /* More defines can be found in k3-security.h */
- start_address = /* The Start Address of the firewall */
- <0x0 0x0>;
- end_address = /* The End Address of the firewall */
- <0xff 0xffffffff>;
- };
+ start_address = /* The Start Address of the firewall */
+ <0x0 0x0>;
+ end_address = /* The End Address of the firewall */
+ <0xff 0xffffffff>;
+ };
openssl signs the provided data, using the TI templated config file and
--
2.34.1
More information about the U-Boot
mailing list