[PATCH 05/10] arch: arm: dts: k3-am625-phycore-som-binman: Add custMpk and ti-degenerate keys with CONFIG entries

Daniel Schultz d.schultz at phytec.de
Wed Feb 5 09:01:41 CET 2025 

From: Nathan Morrisson <nmorrisson at phytec.com>

Add the SMPK and ti-degenerate keys using CONFIG entries. These keys
are set by the build system and are stored outside of u-boot.

Signed-off-by: Nathan Morrisson <nmorrisson at phytec.com>
Signed-off-by: Daniel Schultz <d.schultz at phytec.de>
---
 arch/arm/dts/k3-am625-phycore-som-binman.dtsi | 72 ++++++++++++++-----
 1 file changed, 56 insertions(+), 16 deletions(-)

diff --git a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
index 31456d23167..9682ab532ed 100644
--- a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
@@ -8,6 +8,13 @@
 
 #include "k3-binman.dtsi"
 
+#ifndef CONFIG_PHYTEC_K3_KEY_BLOB_COPY
+&binman {
+		/delete-node/ custMpk;
+		/delete-node/ ti-degenerate-key;
+	};
+#endif
+
 #ifdef CONFIG_TARGET_PHYCORE_AM62X_R5
 &binman {
 	tiboot3-am62x-hs-phycore-som.bin {
@@ -18,7 +25,7 @@
 			combined;
 			dm-data;
 			sysfw-inner-cert;
-			keyfile = "custMpk.pem";
+			keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 			sw-rev = <1>;
 			content-sbl = <&u_boot_spl>;
 			content-sysfw = <&ti_fs_enc>;
@@ -64,7 +71,7 @@
 			combined;
 			dm-data;
 			sysfw-inner-cert;
-			keyfile = "custMpk.pem";
+			keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 			sw-rev = <1>;
 			content-sbl = <&u_boot_spl_fs>;
 			content-sysfw = <&ti_fs_enc_fs>;
@@ -117,7 +124,7 @@
 			content-dm-data = <&combined_dm_cfg_gp>;
 			load-dm-data = <0x43c3a800>;
 			sw-rev = <1>;
-			keyfile = "ti-degenerate-key.pem";
+			keyfile = CONFIG_PHYTEC_K3_DEGENERATE_KEY;
 		};
 		u_boot_spl_unsigned: u-boot-spl {
 			no-expanded;
@@ -172,7 +179,7 @@
 			core = "secure";
 			load = <0x40000>;
 			sw-rev = <CONFIG_K3_X509_SWRV>;
-			keyfile = "custMpk.pem";
+			keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 			countersign;
 			tifsstub;
 		};
@@ -210,7 +217,7 @@
 			core = "secure";
 			load = <0x60000>;
 			sw-rev = <CONFIG_K3_X509_SWRV>;
-			keyfile = "ti-degenerate-key.pem";
+			keyfile = CONFIG_PHYTEC_K3_DEGENERATE_KEY;
 			tifsstub;
 		};
 		tifsstub_gp: tifsstub-gp.bin {
@@ -227,6 +234,24 @@
 		fit {
 
 			images {
+				atf {
+					ti-secure {
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+				};
+
+				tee {
+					ti-secure {
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+				};
+
+				spl {
+					ti-secure {
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
@@ -268,7 +293,7 @@
 				dm {
 					ti-secure {
 						content = <&dm>;
-						keyfile = "custMpk.pem";
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 					};
 					dm: blob-ext {
 						filename = "ti-dm.bin";
@@ -282,7 +307,7 @@
 					compression = "none";
 					ti-secure {
 						content = <&spl_am625_phyboard_lyra_dtb>;
-						keyfile = "custMpk.pem";
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 					};
 					spl_am625_phyboard_lyra_dtb: blob-ext {
 						filename = SPL_AM625_PHYBOARD_LYRA_DTB;
@@ -313,6 +338,9 @@
 			images {
 				uboot {
 					description = "U-Boot for phyCORE-AM62x";
+					ti-secure {
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
 				};
 
 				som-no-rtc {
@@ -321,8 +349,11 @@
 					compression = "none";
 					load = <0x8F000000>;
 					arch = "arm";
-
-					blob-ext {
+					ti-secure {
+						content = <&am6xx_phycore_disable_rtc_dtbo>;
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+					am6xx_phycore_disable_rtc_dtbo: blob-ext {
 						filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-rtc.dtbo";
 					};
 				};
@@ -333,8 +364,11 @@
 					compression = "none";
 					load = <0x8F001000>;
 					arch = "arm";
-
-					blob-ext {
+					ti-secure {
+						content = <&am6xx_phycore_disable_spi_not_dtbo>;
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+					am6xx_phycore_disable_spi_not_dtbo: blob-ext {
 						filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-spi-nor.dtbo";
 					};
 				};
@@ -345,8 +379,11 @@
 					compression = "none";
 					load = <0x8F002000>;
 					arch = "arm";
-
-					blob-ext {
+					ti-secure {
+						content = <&am6xx_phycore_disable_eth_phy_dtbo>;
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+					am6xx_phycore_disable_eth_phy_dtbo: blob-ext {
 						filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-eth-phy.dtbo";
 					};
 				};
@@ -357,8 +394,11 @@
 					compression = "none";
 					load = <0x8F003000>;
 					arch = "arm";
-
-					blob-ext {
+					ti-secure {
+						content = <&am6xx_phycore_disable_qspi_nor_dtbo>;
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+					};
+					am6xx_phycore_disable_qspi_nor_dtbo: blob-ext {
 						filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-qspi-nor.dtbo";
 					};
 				};
@@ -370,7 +410,7 @@
 					compression = "none";
 					ti-secure {
 						content = <&am625_phyboard_lyra_dtb>;
-						keyfile = "custMpk.pem";
+						keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
 					};
 					am625_phyboard_lyra_dtb: blob-ext {
 						filename = AM625_PHYBOARD_LYRA_DTB;
-- 
2.25.1

More information about the U-Boot mailing list