On Wed, Feb 15, 2023 at 01:33:42PM -0600, Andrew Davis via lists.yoctoproject.org wrote: > Use the new ti-k3-secdev package to pull in the signing tools if they are > not provided by the environment. This allows us to use these tools > unconditionally. Remove the checks for the script and do the signing > for all K3 machines. The signature is automatically stripped from > the binaries on non-HS devices at boot time as needed so this change > is harmless for GP devices. > > Signed-off-by: Andrew Davis <a...@ti.com>
Tested-by: Denys Dmytriyenko <de...@konsulko.com> > --- > .../trusted-firmware-a_%.bbappend | 39 ++++--------------- > 1 file changed, 7 insertions(+), 32 deletions(-) > > diff --git > a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend > b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend > index 5acc5c2e..be601e62 100644 > --- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend > +++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend > @@ -6,39 +6,14 @@ TFA_BUILD_TARGET:k3 = "all" > TFA_INSTALL_TARGET:k3 = "bl31" > TFA_SPD:k3 = "opteed" > > +# Use TI SECDEV for signing > +inherit ti-secdev > + > EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if > d.getVar('TFA_K3_USART') else ''}" > EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + > d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else > ''}" > > -# Signing procedure for K3 HS devices > -tfa_sign_k3hs() { > - export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG} > - ( cd ${BUILD_DIR}; \ > - mv bl31.bin bl31.bin.unsigned; \ > - if [ -f ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ]; > then \ > - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh > bl31.bin.unsigned bl31.bin; \ > - else \ > - echo "Warning: TI_SECURE_DEV_PKG not set, TF-A not > signed."; \ > - cp bl31.bin.unsigned bl31.bin; \ > - fi; \ > - ) > -} > - > -do_compile:append:am65xx-hs-evm() { > - tfa_sign_k3hs > -} > - > -do_compile:append:am64xx-evm() { > - tfa_sign_k3hs > -} > - > -do_compile:append:j721e-hs-evm() { > - tfa_sign_k3hs > -} > - > -do_compile:append:j7200-hs-evm() { > - tfa_sign_k3hs > -} > - > -do_compile:append:j721s2-hs-evm() { > - tfa_sign_k3hs > +# Signing procedure for K3 devices > +do_compile:append:k3() { > + mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh > ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin > } > -- > 2.39.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15908): https://lists.yoctoproject.org/g/meta-ti/message/15908 Mute This Topic: https://lists.yoctoproject.org/mt/96991002/21656 Group Owner: meta-ti+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/leave/6695321/21656/1393940836/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-