The HSM M4 core needs to be booted at R5 SPL stage so that it can be used for further Authentication and security services. Therefore, the firmware for the HSM core needs to be packed in tispl.bin fit image so that it can be used by R5 SPL to boot the HSM core.
Add a template for packing the HSM firmware in tispl.bin. The template also contains necessary fields which will be populated in the boot extension and load extension in the x509 certificate for HSM firmware. This is required as the HSM firmware needs to be signed before invoking TIFS to authenticate and load the blob to HSM core. Signed-off-by: Beleswar Padhi <[email protected]> --- v3: Changelog: 1. Added ti-secure node for signing hsm firmware image in U-Boot. Link to v2: https://lore.kernel.org/all/[email protected]/ v2: Changelog: 1. Got rid of 'load' and 'entry' properties. Rely on U-Boot to set it. Link to v1: https://lore.kernel.org/all/[email protected]/ arch/arm/dts/k3-binman.dtsi | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index 761b1730464..de5f2aef30c 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -297,6 +297,26 @@ }; }; +#ifdef CONFIG_K3_HSM_FW + hsm { + description = "HSM binary"; + type = "standalone"; + compression = "none"; + os = "hsm"; + + ti-secure { + content = <&hsm>; + keyfile = "custMpk.pem"; + proc_id = <0x80>; + flags_set = <0x04>; + flags_clr = <0x00>; + reset_vector = <0x00>; + dest_addr = <0x43C00000>; + auth_type = <0xFD00>; + }; + }; +#endif + dm { description = "DM binary"; type = "firmware"; -- 2.34.1
