On 4/10/24 1:24 PM, Jon Humphreys wrote:
Andrew Davis <a...@ti.com> writes:
On 4/8/24 5:17 PM, Jonathan Humphreys wrote:
Signed-off-by: Jonathan Humphreys <j-humphr...@ti.com>
---
arch/arm/dts/k3-j721e-binman.dtsi | 32 +++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/arch/arm/dts/k3-j721e-binman.dtsi
b/arch/arm/dts/k3-j721e-binman.dtsi
index 75a6e9599b9..9169551c422 100644
--- a/arch/arm/dts/k3-j721e-binman.dtsi
+++ b/arch/arm/dts/k3-j721e-binman.dtsi
@@ -207,6 +207,29 @@
};
};
};
+
+#include "k3-binman-capsule-r5.dtsi"
+
+// Capsue update GUIDs. See ti_armv7_common.h.
+#define K3_SYSFW_IMAGE_UUID_STR "6fd10680-361b-431f-80aa-899455819e11"
+
+&binman {
+ capsule-sysfw {
+ filename = "sysfw-capsule.bin";
+ efi-capsule {
+ image-index = <0x4>;
+ image-guid = K3_SYSFW_IMAGE_UUID_STR;
+ private-key = "arch/arm/mach-k3/keys/custMpk.pem";
+ public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt";
+ monotonic-count = <0x1>;
+
+ blob {
+ filename = "sysfw.itb";
+ };
+ };
+ };
+};
+
#endif
#ifdef CONFIG_TARGET_J721E_A72_EVM
@@ -585,4 +608,13 @@
};
};
};
+
+#include "k3-binman-capsule.dtsi"
+&tispl_name {
+ filename = "tispl.bin_unsigned";
Why use the _unsigned images here? HS devices cannot boot unsigned GP images,
but both GP and HS devices *can* boot the normal signed images (GP just strips
the signatures off). So no need to use the _unsigned images anymore (I'm
planning to just remove them at some point to prevent this confusion).
I can do that.
Note that you will then see warnings on GP devices during boot:
Warning: Detected image signing certificate on GP device. Skipping
certificate to prevent boot failure. This will fail if the image was also
encrypted
True, I'll send a fix for that.
Andrew
Jon
Andrew
+};
+&uboot_name {
+ filename = "u-boot.img_unsigned";
+};
+
#endif
