Re: [PATCH 2/2] arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images
Hi Neha!
On Apr 04, 2024 at 10:20:21 +0530, Neha Malcom Francis wrote:
> Hi Dhruva
>
> On 03/04/24 17:33, Dhruva Gole wrote:
> > From: Kamlesh Gurudasani
> >
> > Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> > and include them in tispl.bin and tispl.bin_unsigned.
> >
> > Signed-off-by: Kamlesh Gurudasani
> > Signed-off-by: Dhruva Gole
> > ---
> > arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++-
> > 1 file changed, 139 insertions(+), 2 deletions(-)
> >
[...]
> > dm {
> > ti-dm {
> > filename = "ti-dm.bin";
> > @@ -270,7 +406,8 @@
> > conf-0 {
> > description = "k3-am625-sk";
> > firmware = "atf";
> > - loadables = "tee", "dm", "spl";
> > + loadables = "tee", "tifsstub-hs",
> > "tifsstub-fs",
> > + "tifsstub-gp", "dm", "spl";
> > fdt = "fdt-0";
> > };
> > };
>
>
> If there are multiple boards that will support TIFSSTUB in future, I would
> prefer templating these out and putting them in k3-binman.dtsi. However
That's a great idea. From the next set of boards for which also need
binman TIFS Stub support we will keep in mind as you said below.
Currently amidst all the movement and cleanup I don't want to push out
too many changes at once.
I also have cleanup and OF_UPSTREAM changes for am62x pending which I
plan on posting sometime soon..
> considering there's a lot of movement currently (cleanup and OF_STREAM) in
> that file, you can maybe take this up when adding support for the next
> board.
>
> Reviewed-by: Neha Malcom Francis
Thanks!
--
Best regards,
Dhruva Gole
Re: [PATCH 2/2] arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images
On Thu, Apr 04, 2024 at 10:20:21AM +0530, Neha Malcom Francis wrote:
> On 03/04/24 17:33, Dhruva Gole wrote:
> > From: Kamlesh Gurudasani
> >
> > Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> > and include them in tispl.bin and tispl.bin_unsigned.
> >
> > Signed-off-by: Kamlesh Gurudasani
> > Signed-off-by: Dhruva Gole
[...]
> > @@ -270,7 +406,8 @@
> > conf-0 {
> > description = "k3-am625-sk";
> > firmware = "atf";
> > - loadables = "tee", "dm", "spl";
> > + loadables = "tee", "tifsstub-hs",
> > "tifsstub-fs",
> > + "tifsstub-gp", "dm", "spl";
> > fdt = "fdt-0";
> > };
> > };
>
>
> If there are multiple boards that will support TIFSSTUB in future, I would
I would assume that this will be the case. Verdin AM62 would need the
same, for example.
Francesco
Re: [PATCH 2/2] arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images
Hi Dhruva
On 03/04/24 17:33, Dhruva Gole wrote:
From: Kamlesh Gurudasani
Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
and include them in tispl.bin and tispl.bin_unsigned.
Signed-off-by: Kamlesh Gurudasani
Signed-off-by: Dhruva Gole
---
arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++-
1 file changed, 139 insertions(+), 2 deletions(-)
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi
b/arch/arm/dts/k3-am625-sk-binman.dtsi
index 5b058bd03a07..dfd38d64f638 100644
--- a/arch/arm/dts/k3-am625-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
@@ -151,11 +151,107 @@
filename =
"ti-dm/am62xx/ipc_echo_testb_mcu1_0_release_strip.xer5f";
};
};
+
+ tifsstub-hs {
+ filename = "tifsstub.bin_hs";
+ ti-secure-rom {
+ content = <&tifsstub_hs_cert>;
+ core = "secure";
+ load = <0x4>;
+ sw-rev = ;
+ keyfile = "custMpk.pem";
+ countersign;
+ tifsstub;
+ };
+ tifsstub_hs_cert: tifsstub-hs-cert.bin {
+ filename =
"ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
+ type = "blob-ext";
+ optional;
+ };
+ tifsstub_hs_enc: tifsstub-hs-enc.bin {
+ filename =
"ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
+ type = "blob-ext";
+ optional;
+ };
+ };
+
+ tifsstub-fs {
+ filename = "tifsstub.bin_fs";
+ tifsstub_fs_cert: tifsstub-fs-cert.bin {
+ filename =
"ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
+ type = "blob-ext";
+ optional;
+ };
+ tifsstub_fs_enc: tifsstub-fs-enc.bin {
+ filename =
"ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
+ type = "blob-ext";
+ optional;
+ };
+
+ };
+
+ tifsstub-gp {
+ filename = "tifsstub.bin_gp";
+ ti-secure-rom {
+ content = <&tifsstub_gp>;
+ core = "secure";
+ load = <0x6>;
+ sw-rev = ;
+ keyfile = "ti-degenerate-key.pem";
+ tifsstub;
+ };
+ tifsstub_gp: tifsstub-gp.bin {
+ filename = "ti-sysfw/ti-fs-stub-firmware-am62x-gp.bin";
+ type = "blob-ext";
+ optional;
+ };
+ };
+
ti-spl {
insert-template = <&ti_spl_template>;
fit {
images {
+
+ tifsstub-hs {
+ description = "TIFSSTUB";
+ type = "firmware";
+ arch = "arm32";
+ compression = "none";
+ os = "tifsstub-hs";
+ load = <0x9dc0>;
+ entry = <0x9dc0>;
+ blob-ext {
+ filename = "tifsstub.bin_hs";
+ };
+ };
+
+ tifsstub-fs {
+ description = "TIFSSTUB";
+ type = "firmware";
+ arch = "arm32";
+ compression = "none";
+ os = "tifsstub-fs";
+ load = <0x9dc0>;
+ entry = <0x9dc0>;
+ blob-ext {
+ filename = "tifsstub.bin_fs";
+ };
+ };
+
+ tifsstub-gp {
+ description = "TIFSSTUB";
+ type = "firmware";
+ arch = "arm32";
+ compression = "none";
+ os = "tifsstub-gp";
+ load = <0x9dc0>;
+ entry = <0x9dc0>;
+ blob-ext {
+ filename = "tifsstub.bin_gp";
+ };
+ };
