[PATCH 4/4] arch: arm: dts: k3-am642-phycore-som-binman: Add custMpk and ti-degenerate keys with CONFIG entries
Daniel Schultz
d.schultz at phytec.de
Fri Feb 7 07:51:22 CET 2025
From: Nathan Morrisson <nmorrisson at phytec.com>
Add the SMPK and ti-degenerate keys using CONFIG entries. These keys
are set by the build system and are stored outside of u-boot.
Signed-off-by: Nathan Morrisson <nmorrisson at phytec.com>
Signed-off-by: Daniel Schultz <d.schultz at phytec.de>
---
arch/arm/dts/k3-am642-phycore-som-binman.dtsi | 70 +++++++++++++++----
1 file changed, 55 insertions(+), 15 deletions(-)
diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
index 3710564cd4a..5d86da7754e 100644
--- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
@@ -8,6 +8,13 @@
#include "k3-binman.dtsi"
+#ifndef CONFIG_PHYTEC_K3_KEY_BLOB_COPY
+&binman {
+ /delete-node/ custMpk;
+ /delete-node/ ti-degenerate-key;
+};
+#endif
+
#ifdef CONFIG_TARGET_PHYCORE_AM64X_R5
&binman {
tiboot3-am64x_sr2-hs-phycore-som.bin {
@@ -17,7 +24,7 @@
<&combined_sysfw_cfg>, <&sysfw_inner_cert>;
combined;
sysfw-inner-cert;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
sw-rev = <1>;
content-sbl = <&u_boot_spl>;
content-sysfw = <&ti_sci_enc>;
@@ -57,7 +64,7 @@
<&combined_sysfw_cfg_fs>, <&sysfw_inner_cert_fs>;
combined;
sysfw-inner-cert;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
sw-rev = <1>;
content-sbl = <&u_boot_spl_fs>;
content-sysfw = <&ti_sci_enc_fs>;
@@ -101,7 +108,7 @@
content-sysfw-data = <&combined_sysfw_cfg_gp>;
load-sysfw-data = <0x7b000>;
sw-rev = <1>;
- keyfile = "ti-degenerate-key.pem";
+ keyfile = CONFIG_PHYTEC_K3_DEGENERATE_KEY;
};
u_boot_spl_unsigned: u-boot-spl {
no-expanded;
@@ -146,6 +153,24 @@
#address-cells = <1>;
images {
+ atf {
+ ti-secure {
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ };
+
+ tee {
+ ti-secure {
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ };
+
+ spl {
+ ti-secure {
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ };
+
dm {
blob-ext {
filename = "/dev/null";
@@ -159,7 +184,7 @@
compression = "none";
ti-secure {
content = <&spl_am642_phyboard_electra_dtb>;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
};
spl_am642_phyboard_electra_dtb: blob-ext {
filename = SPL_AM642_PHYBOARD_ELECTRA_DTB;
@@ -190,6 +215,9 @@
images {
uboot {
description = "U-Boot for AM64 board";
+ ti-secure {
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
};
fdt-0 {
@@ -199,7 +227,7 @@
compression = "none";
ti-secure {
content = <&am642_phyboard_electra_dtb>;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
};
am642_phyboard_electra_dtb: blob-ext {
filename = AM642_PHYBOARD_ELECTRA_DTB;
@@ -324,7 +352,7 @@
compression = "none";
ti-secure {
content = <&spl_am642_phyboard_electra_dtb>;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
};
spl_am642_phyboard_electra_dtb: blob-ext {
filename = SPL_AM642_PHYBOARD_ELECTRA_DTB;
@@ -363,8 +391,11 @@
compression = "none";
load = <0x8F000000>;
arch = "arm";
-
- blob-ext {
+ ti-secure {
+ content = <&am6xx_phycore_disable_rtc_dtbo>;
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ am6xx_phycore_disable_rtc_dtbo: blob-ext {
filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-rtc.dtbo";
};
};
@@ -375,8 +406,11 @@
compression = "none";
load = <0x8F001000>;
arch = "arm";
-
- blob-ext {
+ ti-secure {
+ content = <&am6xx_phycore_disable_spi_not_dtbo>;
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ am6xx_phycore_disable_spi_not_dtbo: blob-ext {
filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-spi-nor.dtbo";
};
};
@@ -387,8 +421,11 @@
compression = "none";
load = <0x8F002000>;
arch = "arm";
-
- blob-ext {
+ ti-secure {
+ content = <&am6xx_phycore_disable_eth_phy_dtbo>;
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ am6xx_phycore_disable_eth_phy_dtbo: blob-ext {
filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-eth-phy.dtbo";
};
};
@@ -399,8 +436,11 @@
compression = "none";
load = <0x8F003000>;
arch = "arm";
-
- blob-ext {
+ ti-secure {
+ content = <&am6xx_phycore_disable_qspi_nor_dtbo>;
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
+ };
+ am6xx_phycore_disable_qspi_nor_dtbo: blob-ext {
filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-qspi-nor.dtbo";
};
};
@@ -412,7 +452,7 @@
compression = "none";
ti-secure {
content = <&am642_phyboard_electra_dtb>;
- keyfile = "custMpk.pem";
+ keyfile = CONFIG_PHYTEC_K3_MPK_KEY;
};
am642_phyboard_electra_dtb: blob-ext {
filename = AM642_PHYBOARD_ELECTRA_DTB;
--
2.25.1
More information about the U-Boot
mailing list