| Message ID | 20250228-uboot-cleanup-v1-1-3f7d3f2a4ee2@ti.com |
|---|---|
| State | Accepted |
| Delegated to: | Ryan Eatmon |
| Headers | show |
| Series | [master/scarthgap] conf: machine: k3: disable all fit signing for uboot | expand |
On Fri, Feb 28, 2025 at 1:12 PM Bryan Brattlof via lists.yoctoproject.org <bb=ti.com@lists.yoctoproject.org> wrote: > > All K3 SoCs utilize the binman packaging tools in U-Boot to package > and sign the different boot firmware components needed to boot the > various security variants of K3 platform. Disable UBOOT_SIGN_ENABLE > to simplify the build Are you trying to say that because binman does the signing, the UBOOT_SIGN_ENABLE isn't needed? Or does removing UBOOT_SIGN_ENABLE disable the binman signing? > > Signed-off-by: Bryan Brattlof <bb@ti.com> > --- > meta-ti-bsp/conf/machine/include/k3.inc | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/meta-ti-bsp/conf/machine/include/k3.inc b/meta-ti-bsp/conf/machine/include/k3.inc > index dd3cbecab3d51..b98b45802bc76 100644 > --- a/meta-ti-bsp/conf/machine/include/k3.inc > +++ b/meta-ti-bsp/conf/machine/include/k3.inc > @@ -25,10 +25,6 @@ SPL_BINARY = "tispl.bin" > SPL_BINARYNAME = "tispl.bin" > UBOOT_SUFFIX = "img" > > -UBOOT_SIGN_ENABLE = "1" > -UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb" > -UBOOT_SIGN_KEYNAME ?= "custMpk" > -UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys" > FIT_HASH_ALG ?= "sha512" > FIT_SIGN_ALG ?= "rsa4096" > > > --- > base-commit: c3d050c2c9db34e250b4b61e90a67bacbfa45066 > change-id: 20250228-uboot-cleanup-35cb26c61905 > > Best regards, > -- > Bryan Brattlof <bb@ti.com> > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#18341): https://lists.yoctoproject.org/g/meta-ti/message/18341 > Mute This Topic: https://lists.yoctoproject.org/mt/111439202/7902621 > Group Owner: meta-ti+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [jcormier@criticallink.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On February 28, 2025 thus sayeth Jon Cormier: > On Fri, Feb 28, 2025 at 1:12 PM Bryan Brattlof via > lists.yoctoproject.org <bb=ti.com@lists.yoctoproject.org> wrote: > > > > All K3 SoCs utilize the binman packaging tools in U-Boot to package > > and sign the different boot firmware components needed to boot the > > various security variants of K3 platform. Disable UBOOT_SIGN_ENABLE > > to simplify the build > Are you trying to say that because binman does the signing, the > UBOOT_SIGN_ENABLE isn't needed? Or does removing UBOOT_SIGN_ENABLE > disable the binman signing? Hey! yep because binman is signing these binaries during the do_compile() step we do not need the UBOOT_SIGN_ENABLE here ~Bryan > > > > Signed-off-by: Bryan Brattlof <bb@ti.com> > > --- > > meta-ti-bsp/conf/machine/include/k3.inc | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/meta-ti-bsp/conf/machine/include/k3.inc b/meta-ti-bsp/conf/machine/include/k3.inc > > index dd3cbecab3d51..b98b45802bc76 100644 > > --- a/meta-ti-bsp/conf/machine/include/k3.inc > > +++ b/meta-ti-bsp/conf/machine/include/k3.inc > > @@ -25,10 +25,6 @@ SPL_BINARY = "tispl.bin" > > SPL_BINARYNAME = "tispl.bin" > > UBOOT_SUFFIX = "img" > > > > -UBOOT_SIGN_ENABLE = "1" > > -UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb" > > -UBOOT_SIGN_KEYNAME ?= "custMpk" > > -UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys" > > FIT_HASH_ALG ?= "sha512" > > FIT_SIGN_ALG ?= "rsa4096" > > > > > > --- > > base-commit: c3d050c2c9db34e250b4b61e90a67bacbfa45066 > > change-id: 20250228-uboot-cleanup-35cb26c61905 > > > > Best regards, > > -- > > Bryan Brattlof <bb@ti.com> > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#18341): https://lists.yoctoproject.org/g/meta-ti/message/18341 > > Mute This Topic: https://lists.yoctoproject.org/mt/111439202/7902621 > > Group Owner: meta-ti+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [jcormier@criticallink.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > -- > Jonathan Cormier > Senior Software Engineer > > Voice: 315.425.4045 x222 > > http://www.CriticalLink.com > 6712 Brooklawn Parkway, Syracuse, NY 13211 >
Ok, thanks for the clarification. On Fri, Feb 28, 2025, 1:34 PM Bryan Brattlof <bb@ti.com> wrote: > On February 28, 2025 thus sayeth Jon Cormier: > > On Fri, Feb 28, 2025 at 1:12 PM Bryan Brattlof via > > lists.yoctoproject.org <bb=ti.com@lists.yoctoproject.org> wrote: > > > > > > All K3 SoCs utilize the binman packaging tools in U-Boot to package > > > and sign the different boot firmware components needed to boot the > > > various security variants of K3 platform. Disable UBOOT_SIGN_ENABLE > > > to simplify the build > > Are you trying to say that because binman does the signing, the > > UBOOT_SIGN_ENABLE isn't needed? Or does removing UBOOT_SIGN_ENABLE > > disable the binman signing? > > Hey! yep because binman is signing these binaries during the > do_compile() step we do not need the UBOOT_SIGN_ENABLE here > > ~Bryan > > > > > > > Signed-off-by: Bryan Brattlof <bb@ti.com> > > > --- > > > meta-ti-bsp/conf/machine/include/k3.inc | 4 ---- > > > 1 file changed, 4 deletions(-) > > > > > > diff --git a/meta-ti-bsp/conf/machine/include/k3.inc > b/meta-ti-bsp/conf/machine/include/k3.inc > > > index dd3cbecab3d51..b98b45802bc76 100644 > > > --- a/meta-ti-bsp/conf/machine/include/k3.inc > > > +++ b/meta-ti-bsp/conf/machine/include/k3.inc > > > @@ -25,10 +25,6 @@ SPL_BINARY = "tispl.bin" > > > SPL_BINARYNAME = "tispl.bin" > > > UBOOT_SUFFIX = "img" > > > > > > -UBOOT_SIGN_ENABLE = "1" > > > -UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb" > > > -UBOOT_SIGN_KEYNAME ?= "custMpk" > > > -UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys" > > > FIT_HASH_ALG ?= "sha512" > > > FIT_SIGN_ALG ?= "rsa4096" > > > > > > > > > --- > > > base-commit: c3d050c2c9db34e250b4b61e90a67bacbfa45066 > > > change-id: 20250228-uboot-cleanup-35cb26c61905 > > > > > > Best regards, > > > -- > > > Bryan Brattlof <bb@ti.com> > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#18341): > https://lists.yoctoproject.org/g/meta-ti/message/18341 > > > Mute This Topic: https://lists.yoctoproject.org/mt/111439202/7902621 > > > Group Owner: meta-ti+owner@lists.yoctoproject.org > > > Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [ > jcormier@criticallink.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > > > > > -- > > Jonathan Cormier > > Senior Software Engineer > > > > Voice: 315.425.4045 x222 > > > > http://www.CriticalLink.com > > 6712 Brooklawn Parkway, Syracuse, NY 13211 > > >
diff --git a/meta-ti-bsp/conf/machine/include/k3.inc b/meta-ti-bsp/conf/machine/include/k3.inc index dd3cbecab3d51..b98b45802bc76 100644 --- a/meta-ti-bsp/conf/machine/include/k3.inc +++ b/meta-ti-bsp/conf/machine/include/k3.inc @@ -25,10 +25,6 @@ SPL_BINARY = "tispl.bin" SPL_BINARYNAME = "tispl.bin" UBOOT_SUFFIX = "img" -UBOOT_SIGN_ENABLE = "1" -UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb" -UBOOT_SIGN_KEYNAME ?= "custMpk" -UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys" FIT_HASH_ALG ?= "sha512" FIT_SIGN_ALG ?= "rsa4096"
All K3 SoCs utilize the binman packaging tools in U-Boot to package and sign the different boot firmware components needed to boot the various security variants of K3 platform. Disable UBOOT_SIGN_ENABLE to simplify the build Signed-off-by: Bryan Brattlof <bb@ti.com> --- meta-ti-bsp/conf/machine/include/k3.inc | 4 ---- 1 file changed, 4 deletions(-) --- base-commit: c3d050c2c9db34e250b4b61e90a67bacbfa45066 change-id: 20250228-uboot-cleanup-35cb26c61905 Best regards,