Hi Simon, On 20:41-20231011, Simon Glass wrote: > Hi Manorit, > > On Tue, 10 Oct 2023 at 23:25, Manorit Chawdhry <m-chawd...@ti.com> wrote: > > > > We can now firewall entities while loading them through our secure > > entity TIFS, the required information should be present in the > > certificate that is being parsed by TIFS. > > > > The following commit adds the support to enable the certificates to be > > generated if the firewall configurations are present in the binman dtsi > > nodes. > > > > Signed-off-by: Manorit Chawdhry <m-chawd...@ti.com> > > --- > > tools/binman/btool/openssl.py | 16 +++++++- > > tools/binman/etype/ti_secure.py | 90 > > +++++++++++++++++++++++++++++++++++++++++ > > tools/binman/etype/x509_cert.py | 3 +- > > 3 files changed, 106 insertions(+), 3 deletions(-) > > > > Reviewed-by: Simon Glass <s...@chromium.org> > > I'm still a little worried about the error reporting if the user > leaves out a property. Does it do the right thing? >
I did make a test also along the lines that would check all the firewalling properties and just auth-in-place isn't checked at this stage and people could end up adding the firewalling node without auth-in-place. Do you want to cover that test case as well? Regarding the other firewalling properties ( immitating the test by removing "id"), We get this: [..] AR spl/common/spl/built-in.o LD spl/u-boot-spl OBJCOPY spl/u-boot-spl-nodtb.bin SYM spl/u-boot-spl.sym CAT spl/u-boot-spl-dtb.bin COPY spl/u-boot-spl.bin BINMAN .binman_stamp binman: id can't be None in firewall node > Regards, > Simon