Hi Manorit
On 22/11/23 10:50, Manorit Chawdhry wrote:
Hi Neha,
On 15:40-20231115, Neha Malcom Francis wrote:
Reduce redundancy in code by using templates to generate the A72 boot
binaries (tispl.bin and u-boot.img) as well as R5 boot binary sysfw.itb
(for legacy boot following devices J721E and AM65x).
Signed-off-by: Neha Malcom Francis <n-fran...@ti.com>
---
arch/arm/dts/k3-am625-sk-binman.dtsi | 157 +--------
.../dts/k3-am625-verdin-wifi-dev-binman.dtsi | 155 +-------
arch/arm/dts/k3-am62a-sk-binman.dtsi | 158 +--------
arch/arm/dts/k3-am64x-binman.dtsi | 151 +-------
arch/arm/dts/k3-am65x-binman.dtsi | 273 +-------------
arch/arm/dts/k3-j7200-binman.dtsi | 159 +--------
arch/arm/dts/k3-j721e-binman.dtsi | 332 +-----------------
arch/arm/dts/k3-j721s2-binman.dtsi | 157 +--------
8 files changed, 54 insertions(+), 1488 deletions(-)
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi
b/arch/arm/dts/k3-am625-sk-binman.dtsi
index 41277bf4bf..b7b5368886 100644
--- a/arch/arm/dts/k3-am625-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
@@ -141,10 +141,7 @@
#ifdef CONFIG_TARGET_AM625_A53_EVM
-#define SPL_NODTB "spl/u-boot-spl-nodtb.bin"
#define SPL_AM625_SK_DTB "spl/dts/k3-am625-sk.dtb"
-
-#define UBOOT_NODTB "u-boot-nodtb.bin"
#define AM625_SK_DTB "u-boot.dtb"
&binman {
@@ -155,55 +152,11 @@
};
};
ti-spl {
- filename = "tispl.bin";
- pad-byte = <0xff>;
+ insert-template = <&ti_spl_template>;
fit {
- description = "Configuration to load ATF and SPL";
- #address-cells = <1>;
-
images {
-
- atf {
- description = "ARM Trusted Firmware";
- type = "firmware";
- arch = "arm64";
- compression = "none";
- os = "arm-trusted-firmware";
- load = <CONFIG_K3_ATF_LOAD_ADDR>;
- entry = <CONFIG_K3_ATF_LOAD_ADDR>;
- ti-secure {
- content = <&atf>;
- keyfile = "custMpk.pem";
- };
For ATF/OP-TEE Firewalling, can you keep these nodes intact? Just keep
the ti-secure inside atf and tee nodes similar to how you have done that
for DM as all the ATF/OPTEE nodes in the tispl.bin would be different
for devices w.r.t certifications but we can still use templates for
other common stuff.
I believe you will still be able to process firewalling by adding the extra
parameters in the board binman DTSI file. The reason for retaining DM was
different. For example, for J721E:
diff --git a/arch/arm/dts/k3-j721e-binman.dtsi
b/arch/arm/dts/k3-j721e-binman.dtsi
index 5ddb474e3a..647b5dc629 100644
--- a/arch/arm/dts/k3-j721e-binman.dtsi
+++ b/arch/arm/dts/k3-j721e-binman.dtsi
@@ -146,6 +146,27 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-257-0 {
+ /* cpu_0_cpu_0_msmc Background
Firewall */
+ id = <257>;
+ region = <0>;
+ control = <(FWCTRL_EN |
FWCTRL_LOCK |
+
FWCTRL_BG | FWCTRL_CACHE)>;
+ permissions = <((FWPRIVID_ALL
<< FWPRIVID_SHIFT) |
+
FWPERM_SECURE_PRIV_RWCD |
+
FWPERM_SECURE_USER_RWCD |
+
FWPERM_NON_SECURE_PRIV_RWCD |
+
FWPERM_NON_SECURE_USER_RWCD)>;
+ start_address = <0x0
0x0>;
+ end_address = <0xff
0xffffffff>;
+ };
+ };
+ };
+
dm {
ti-secure {
content = <&dm>;
I have only checked whether this builds fine without any errors. If you could
check whether the intended functionality also works, we should be good.
With this change,
Reviewed-by: Manorit Chawdhry <m-chawd...@ti.com>
Regards,
Manorit
- atf: atf-bl31 {
- };
- };
-
[...]
--
Thanking You
Neha Malcom Francis
