From patchwork Fri May 26 20:14:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 24583 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6049BC77B7C for ; Fri, 26 May 2023 20:14:21 +0000 (UTC) Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248]) by mx.groups.io with SMTP id smtpd.web11.3702.1685132057731858436 for ; Fri, 26 May 2023 13:14:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=WLBU+pC8; spf=pass (domain: ti.com, ip: 198.47.23.248, mailfrom: afd@ti.com) Received: from lelv0265.itg.ti.com ([10.180.67.224]) by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEGZC093314; Fri, 26 May 2023 15:14:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1685132056; bh=oHCquXJc3s4MEeHIxpnp0zYnrMfFbP1RqFnilpB0A2A=; h=From:To:CC:Subject:Date; b=WLBU+pC8ETOw7tMv/vybmuRydwH2PeVjnpthri0GoOlVL89bpZgK416Pn7PjB1YUx yU3jWgVKdqKc4bzsF2AY+7aZknEihKUYS7P8P28GPM+QY6WGuO7DNYbsFDgdDowzOA A5x3FN2IiHvmNtvmOv/HZ6c3for8fjGad/B8Y7mU= Received: from DFLE114.ent.ti.com (dfle114.ent.ti.com [10.64.6.35]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 34QKEGjU009308 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 May 2023 15:14:16 -0500 Received: from DFLE103.ent.ti.com (10.64.6.24) by DFLE114.ent.ti.com (10.64.6.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Fri, 26 May 2023 15:14:16 -0500 Received: from fllv0040.itg.ti.com (10.64.41.20) by DFLE103.ent.ti.com (10.64.6.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Fri, 26 May 2023 15:14:16 -0500 Received: from lelv0327.itg.ti.com (ileaxei01-snat.itg.ti.com [10.180.69.5]) by fllv0040.itg.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEFNg058314; Fri, 26 May 2023 15:14:16 -0500 From: Andrew Davis To: Denys Dmytriyenko , Ryan Eatmon , CC: Andrew Davis Subject: [meta-ti][master/kirkstone][PATCH 1/3] trusted-firmware-a: Do not sign TF-A image for K3 Date: Fri, 26 May 2023 15:14:12 -0500 Message-ID: <20230526201414.466752-1-afd@ti.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 26 May 2023 20:14:21 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16610 U-Boot with binman will do the signing as these images are packaged. Remove signing steps here. Signed-off-by: Andrew Davis --- .../trusted-firmware-a-ti.inc | 57 ------------------- 1 file changed, 57 deletions(-) diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc index c65ecd9c..cc99f50c 100644 --- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc +++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc @@ -6,62 +6,5 @@ TFA_BUILD_TARGET:k3 = "all" TFA_INSTALL_TARGET:k3 = "bl31" TFA_SPD:k3 = "opteed" -# Use TI SECDEV for signing -inherit ti-secdev - EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}" EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}" - -# Signing procedure for K3 HS devices -tfa_sign_k3hs() { - mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin -} - -do_compile:append:am65xx-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:am64xx-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62xx-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62xx-lp-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62axx-evm() { - tfa_sign_k3hs -} - -do_compile:append:j721e-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j7200-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j721s2-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j784s4-hs-evm() { - tfa_sign_k3hs -} - -do_install:append:k3() { - if [ -f ${BUILD_DIR}/bl31.bin.unsigned ]; then - echo "Install bl31.bin.unsigned" - install -m 0644 ${BUILD_DIR}/bl31.bin.unsigned \ - ${D}/firmware/bl31.bin.unsigned - else - echo "Install bl31.bin.unsigned" - install -m 0644 ${BUILD_DIR}/bl31.bin \ - ${D}/firmware/bl31.bin.unsigned - fi -} From patchwork Fri May 26 20:14:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 24584 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65965C7EE2F for ; Fri, 26 May 2023 20:14:21 +0000 (UTC) Received: from lelv0142.ext.ti.com (lelv0142.ext.ti.com [198.47.23.249]) by mx.groups.io with SMTP id smtpd.web10.3760.1685132058287665314 for ; Fri, 26 May 2023 13:14:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=Nr9qJNU4; spf=pass (domain: ti.com, ip: 198.47.23.249, mailfrom: afd@ti.com) Received: from fllv0035.itg.ti.com ([10.64.41.0]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEHU8103628; Fri, 26 May 2023 15:14:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1685132057; bh=LL9fX+dcJwvhfWTfb2ZzCbTPqmtzkeEMEqwaUgeQtlU=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=Nr9qJNU4O2zoqsraSm2Fvu3nVR371XamsOpYEWmaFNMMLErcN9neuQAhqGF+tfOqr VqklmNKypxu5cizV1wSYgIL46itZT5SPQSRBqudQOkkedIZSW0Jp0DwhvZVgPC0qPS AKmBAQO9HlNpLCf4kn6HR2BcW2fixMTu5fTafEXA= Received: from DLEE102.ent.ti.com (dlee102.ent.ti.com [157.170.170.32]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 34QKEHwV114208 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 May 2023 15:14:17 -0500 Received: from DLEE109.ent.ti.com (157.170.170.41) by DLEE102.ent.ti.com (157.170.170.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Fri, 26 May 2023 15:14:16 -0500 Received: from fllv0040.itg.ti.com (10.64.41.20) by DLEE109.ent.ti.com (157.170.170.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Fri, 26 May 2023 15:14:16 -0500 Received: from lelv0327.itg.ti.com (ileaxei01-snat.itg.ti.com [10.180.69.5]) by fllv0040.itg.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEFNh058314; Fri, 26 May 2023 15:14:16 -0500 From: Andrew Davis To: Denys Dmytriyenko , Ryan Eatmon , CC: Andrew Davis Subject: [meta-ti][master/kirkstone][PATCH 2/3] optee-os: Do not sign OPTEE OS image for K3 Date: Fri, 26 May 2023 15:14:13 -0500 Message-ID: <20230526201414.466752-2-afd@ti.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230526201414.466752-1-afd@ti.com> References: <20230526201414.466752-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 26 May 2023 20:14:21 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16611 U-Boot with binman will do the signing as these images are packaged. Remove signing steps here. Signed-off-by: Andrew Davis --- .../recipes-security/optee/optee-os-ti.inc | 46 ------------------- 1 file changed, 46 deletions(-) diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc index e57ce4c7..ff87f37a 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc @@ -11,7 +11,6 @@ EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" do_compile:append:k3() { cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned cp ${B}/core/tee.elf ${B}/bl32.elf } @@ -42,53 +41,9 @@ do_compile:append:dra7xx() { optee_sign_legacyhs } -# Signing procedure for K3 devices -optee_sign_k3hs() { - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned - cp ${B}/core/tee.elf ${B}/bl32.elf -} - -do_compile:append:am65xx-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:am64xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-lp-evm() { - optee_sign_k3hs -} - -do_compile:append:am62axx-evm() { - optee_sign_k3hs -} - -do_compile:append:j721e-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j7200-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j721s2-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j784s4-hs-evm() { - optee_sign_k3hs -} - do_install:append() { install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true } @@ -109,7 +64,6 @@ do_deploy:append:dra7xx() { do_deploy:append:k3() { ln -sf optee/bl32.bin ${DEPLOYDIR}/ - ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ ln -sf optee/bl32.elf ${DEPLOYDIR}/ } From patchwork Fri May 26 20:14:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 24585 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 633A0C77B73 for ; Fri, 26 May 2023 20:14:21 +0000 (UTC) Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141]) by mx.groups.io with SMTP id smtpd.web10.3761.1685132059460378366 for ; Fri, 26 May 2023 13:14:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=Z+8bMVlJ; spf=pass (domain: ti.com, ip: 198.47.19.141, mailfrom: afd@ti.com) Received: from fllv0034.itg.ti.com ([10.64.40.246]) by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEHqX044252; Fri, 26 May 2023 15:14:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1685132057; bh=FIcVhzA/7GVLkXRTsSnfqKH5RxaISFw62hLfSSVBg3Q=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=Z+8bMVlJqvhulvg1d3GRWJb9GtJ+P8IfaqkGgXQeUt3hCWghqD0jplN95HIDO6tZu C85mcsbqmq7vtQZqdofKA/sORRy1GHqic4DFsT95CBcGknodnro4klI/oi+gR9p+TF 3Z6YqaBCMAuvxJR2gzNq1UsqlnMlz35NFPYLvuW4= Received: from DLEE102.ent.ti.com (dlee102.ent.ti.com [157.170.170.32]) by fllv0034.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 34QKEHQQ036591 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 May 2023 15:14:17 -0500 Received: from DLEE102.ent.ti.com (157.170.170.32) by DLEE102.ent.ti.com (157.170.170.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Fri, 26 May 2023 15:14:17 -0500 Received: from fllv0040.itg.ti.com (10.64.41.20) by DLEE102.ent.ti.com (157.170.170.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Fri, 26 May 2023 15:14:17 -0500 Received: from lelv0327.itg.ti.com (ileaxei01-snat.itg.ti.com [10.180.69.5]) by fllv0040.itg.ti.com (8.15.2/8.15.2) with ESMTP id 34QKEFNi058314; Fri, 26 May 2023 15:14:16 -0500 From: Andrew Davis To: Denys Dmytriyenko , Ryan Eatmon , CC: Andrew Davis Subject: [meta-ti][master/kirkstone][PATCH 3/3] ti-dm-fw: Do not make signed DM image the default for K3 Date: Fri, 26 May 2023 15:14:14 -0500 Message-ID: <20230526201414.466752-3-afd@ti.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230526201414.466752-1-afd@ti.com> References: <20230526201414.466752-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 26 May 2023 20:14:21 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16612 U-Boot with binman will do the signing as these images are packaged. Do not rename the DM image as the signed image. Signed-off-by: Andrew Davis --- meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb b/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb index 8fb40d12..f635565d 100644 --- a/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb +++ b/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb @@ -60,8 +60,8 @@ do_install() { install -d ${D}${INSTALL_DM_FW_DIR} for FW_NAME in ${DM_FW_LIST} do - install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${D}${INSTALL_DM_FW_DIR}/${FW_NAME}.unsigned - install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${D}${INSTALL_DM_FW_DIR}/${FW_NAME} + install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${D}${INSTALL_DM_FW_DIR}/ + install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${D}${INSTALL_DM_FW_DIR}/ done } @@ -70,8 +70,8 @@ do_deploy() { install -d ${DEPLOYDIR} for FW_NAME in ${DM_FW_LIST} do - install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${DEPLOYDIR}/${FW_NAME}.unsigned - install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${DEPLOYDIR}/${FW_NAME} + install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${DEPLOYDIR}/ + install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${DEPLOYDIR}/ done }