leandrof/u-boot
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

armv7R: K3: am654: Add support for generating build targets

Browse Source 
Update Makefiles to generate:
- tiboot3.bin: Image format that can be processed by ROM.

Below is the tiboot3.bin image format that is required by ROM:

		 _______________________
		|	 X509		|
		|     Certificate	|
		| ____________________	|
		| |		      |	|
		| | u-boot-spl.bin    |	|
		| |		      |	|
		| |___________________|	|
		|_______________________|

Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
This commit is contained in:
Lokesh Vutla 2018-11-02 19:51:04 +05:30 committed by Tom Rini
parent 23f7b1a776
commit 890b2e750d
3 changed files with 118 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
arch/arm/mach-k3/Kconfig
View File

@ -47,5 +47,16 @@ config SYS_K3_BOOT_PARAM_TABLE_INDEX
Address at which ROM stores the value which determines if SPL Address at which ROM stores the value which determines if SPL
is booted up by primary boot media or secondary boot media. is booted up by primary boot media or secondary boot media.
config SYS_K3_KEY
string "Key used to generate x509 certificate"
help
This option enables to provide a custom key that can be used for
generating x509 certificate for spl binary. If not needed leave
it blank so that a random key is generated and used.
config SYS_K3_BOOT_CORE_ID
int
default 16
source "board/ti/am65x/Kconfig" source "board/ti/am65x/Kconfig"
endif endif

59
arch/arm/mach-k3/config.mk
View File

@ -5,6 +5,65 @@
ifdef CONFIG_SPL_BUILD ifdef CONFIG_SPL_BUILD
# Openssl is required to generate x509 certificate.
# Error out if openssl is not available.
ifeq ($(shell which openssl),)
$(error "No openssl in $(PATH), consider installing openssl")
endif
SHA_VALUE= $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g")
IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c)
LOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g")
MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE))
# Parameters to get populated into the x509 template
SED_OPTS= -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/
SED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/
SED_OPTS+= -e s/TEST_CERT_TYPE/1/ # CERT_TYPE_PRIMARY_IMAGE_BIN
SED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/
SED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/
SED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/
# Command to generate ecparam key
quiet_cmd_genkey = OPENSSL $@
cmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey
# Command to generate x509 certificate
quiet_cmd_gencert = OPENSSL $@
cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \
openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512
# If external key is not provided, generate key using openssl.
ifeq ($(CONFIG_SYS_K3_KEY), "")
KEY=u-boot-spl-eckey.pem
else
KEY=$(patsubst "%",%,$(CONFIG_SYS_K3_KEY))
endif
u-boot-spl-eckey.pem: FORCE
$(call if_changed,genkey)
# tiboot3.bin is mandated by ROM and ROM only supports R5 boot.
# So restrict tiboot3.bin creation for CPU_V7R.
ifdef CONFIG_CPU_V7R
u-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE
$(call if_changed,gencert)
image_check: $(obj)/u-boot-spl.bin FORCE
@if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \
echo "===============================================" >&2; \
echo "ERROR: Final Image too big. " >&2; \
echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \
echo "===============================================" >&2; \
exit 1; \
fi
tiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE
$(call if_changed,cat)
ALL-y += tiboot3.bin
endif
ifdef CONFIG_ARM64 ifdef CONFIG_ARM64
SPL_ITS := u-boot-spl-k3.its SPL_ITS := u-boot-spl-k3.its
$(SPL_ITS): FORCE $(SPL_ITS): FORCE

48
tools/k3_x509template.txt Normal file
View File

@ -0,0 +1,48 @@
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
dirstring_type = nobmp
[ req_distinguished_name ]
C = US
ST = TX
L = Dallas
O = Texas Instruments Incorporated
OU = Processors
CN = TI Support
emailAddress = support@ti.com
[ v3_ca ]
basicConstraints = CA:true
1.3.6.1.4.1.294.1.1 = ASN1:SEQUENCE:boot_seq
1.3.6.1.4.1.294.1.2 = ASN1:SEQUENCE:image_integrity
1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
# 1.3.6.1.4.1.294.1.4 = ASN1:SEQUENCE:encryption
1.3.6.1.4.1.294.1.8 = ASN1:SEQUENCE:debug
[ boot_seq ]
certType = INTEGER:TEST_CERT_TYPE
bootCore = INTEGER:TEST_BOOT_CORE
bootCoreOpts = INTEGER:TEST_BOOT_ARCH_WIDTH
destAddr = FORMAT:HEX,OCT:TEST_BOOT_ADDR
imageSize = INTEGER:TEST_IMAGE_LENGTH
[ image_integrity ]
shaType = OID:2.16.840.1.101.3.4.2.3
shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL
[ swrv ]
swrv = INTEGER:0
# [ encryption ]
# initalVector = FORMAT:HEX,OCT:TEST_IMAGE_ENC_IV
# randomString = FORMAT:HEX,OCT:TEST_IMAGE_ENC_RS
# iterationCnt = INTEGER:TEST_IMAGE_KEY_DERIVE_INDEX
# salt = FORMAT:HEX,OCT:TEST_IMAGE_KEY_DERIVE_SALT
[ debug ]
debugType = INTEGER:4
coreDbgEn = INTEGER:0
coreDbgSecEn = INTEGER:0
debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000