From patchwork Fri Sep 9 05:50:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manorit Chawdhry X-Patchwork-Id: 12532 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D1AAECAAD5 for ; Fri, 9 Sep 2022 05:51:10 +0000 (UTC) Received: from lelv0142.ext.ti.com (lelv0142.ext.ti.com [198.47.23.249]) by mx.groups.io with SMTP id smtpd.web12.3396.1662702661196970047 for ; Thu, 08 Sep 2022 22:51:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=MQWe6J9o; spf=pass (domain: ti.com, ip: 198.47.23.249, mailfrom: m-chawdhry@ti.com) Received: from fllv0035.itg.ti.com ([10.64.41.0]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id 2895p0Wa022050 for ; Fri, 9 Sep 2022 00:51:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1662702660; bh=HArgFjLXMvb2SnFeI0M5M+7t60W7LXa598/XtWhfIg8=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=MQWe6J9oC90uZtyO4xHaJcjmpqCK1hgdCH7tMRCs+FNQY47fuvA1JRKdUtsLXgCk7 FUc+1NvJdz18qff4d562XOhX3WRXp4pmVhXBW8vXZYmmtLJK2Z3hM8KwZUq2A4iAEF uOo5CFnGTsZpCf8rgfpTaY/BGDJvjKmK6jJlkxys= Received: from DLEE111.ent.ti.com (dlee111.ent.ti.com [157.170.170.22]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 2895p0xe105876 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 9 Sep 2022 00:51:00 -0500 Received: from DLEE106.ent.ti.com (157.170.170.36) by DLEE111.ent.ti.com (157.170.170.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6; Fri, 9 Sep 2022 00:51:00 -0500 Received: from fllv0039.itg.ti.com (10.64.41.19) by DLEE106.ent.ti.com (157.170.170.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6 via Frontend Transport; Fri, 9 Sep 2022 00:50:59 -0500 Received: from uda0497581.dhcp.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 2895otIc120128; Fri, 9 Sep 2022 00:50:58 -0500 From: Manorit Chawdhry To: CC: Andrew Davis , Nishanth Menon , Manorit Chawdhry Subject: [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure firmware images Date: Fri, 9 Sep 2022 11:20:53 +0530 Message-ID: <20220909055055.38394-2-m-chawdhry@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220909055055.38394-1-m-chawdhry@ti.com> References: <20220909055055.38394-1-m-chawdhry@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Sep 2022 05:51:10 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/15012 Adds support for secure firmware images in J721E HS EVM. Signed-off-by: Manorit Chawdhry --- recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 80 +++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb index 19ea93f1..78faeae3 100644 --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb @@ -14,6 +14,7 @@ inherit update-alternatives PLAT_SFX = "" PLAT_SFX_j7 = "j721e" +PLAT_SFX_j7-hs-evm = "j721e" PLAT_SFX_j7200-evm = "j7200" PLAT_SFX_j7200-hs-evm = "j7200" PLAT_SFX_j721s2-evm = "j721s2" @@ -31,7 +32,7 @@ PV = "${CORESDK_RTOS_VERSION}" CLEANBROKEN = "1" PR = "${INC_PR}.0" -# Secure Build +# Secure Build DEPENDS += "openssl-native" FILES_${PN} += "${base_libdir}" @@ -57,6 +58,28 @@ do_install_prepend_j7-hs-evm() { mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \ ) + ( + cd ${RTOS_IPC_FW_DIR}; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \ + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \ + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \ + ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \ + ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_1_release_strip.xe66 \ + ipc_echo_test_c66xdsp_1_release_strip.xe66.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_2_release_strip.xe66 \ + ipc_echo_test_c66xdsp_2_release_strip.xe66.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \ + ipc_echo_test_c7x_1_release_strip.xe71.signed; \ + ) + ( + cd ${RTOS_ETH_FW_DIR}; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \ + app_remoteswitchcfg_server_strip.xer5f.signed; + ) } # J7 HS support @@ -117,6 +140,18 @@ do_install_j7() { install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR} } +do_install_append_j7-hs-evm() { + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR} + # ETH firmware + install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR} +} + do_install_j7200-evm() { install -d ${LEGACY_IPC_FW_DIR} install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR} @@ -223,6 +258,25 @@ ALTERNATIVE_${PN}_am62xx = "\ am62-main-r5f0_0-fw \ " +ALTERNATIVE_${PN}_j7-hs-evm = "\ + j7-mcu-r5f0_0-fw \ + j7-mcu-r5f0_1-fw \ + j7-main-r5f0_0-fw \ + j7-main-r5f0_1-fw \ + j7-main-r5f1_0-fw \ + j7-main-r5f1_1-fw \ + j7-c66_0-fw \ + j7-c66_1-fw \ + j7-c71_0-fw\ + j7-main-r5f0_0-fw-sec \ + j7-main-r5f0_1-fw-sec \ + j7-main-r5f1_0-fw-sec \ + j7-main-r5f1_1-fw-sec \ + j7-c66_0-fw-sec \ + j7-c66_1-fw-sec \ + j7-c71_0-fw-sec \ + " + ALTERNATIVE_${PN}_j7 = "\ j7-mcu-r5f0_0-fw \ j7-mcu-r5f0_1-fw \ @@ -295,6 +349,14 @@ TARGET_C66_0_j7 = "j7-c66_0-fw" TARGET_C66_1_j7 = "j7-c66_1-fw" TARGET_C7X_0_j7 = "j7-c71_0-fw" +TARGET_MAIN_R5FSS0_0_SIGNED_j7-hs-evm = "j7-main-r5f0_0-fw-sec" +TARGET_MAIN_R5FSS0_1_SIGNED_j7-hs-evm = "j7-main-r5f0_1-fw-sec" +TARGET_MAIN_R5FSS1_0_SIGNED_j7-hs-evm = "j7-main-r5f1_0-fw-sec" +TARGET_MAIN_R5FSS1_1_SIGNED_j7-hs-evm = "j7-main-r5f1_1-fw-sec" +TARGET_C66_0_SIGNED_j7-hs-evm = "j7-c66_0-fw-sec" +TARGET_C66_1_SIGNED_j7-hs-evm = "j7-c66_1-fw-sec" +TARGET_C7X_0_SIGNED_j7-hs-evm = "j7-c71_0-fw-sec" + TARGET_MCU_R5FSS0_0_j7200-evm = "j7200-mcu-r5f0_0-fw" TARGET_MCU_R5FSS0_1_j7200-evm = "j7200-mcu-r5f0_1-fw" TARGET_MAIN_R5FSS0_0_j7200-evm = "j7200-main-r5f0_0-fw" @@ -345,6 +407,14 @@ ALTERNATIVE_LINK_NAME[j7-c66_0-fw] = "${base_libdir}/firmware/${TARGET_C66_0}" ALTERNATIVE_LINK_NAME[j7-c66_1-fw] = "${base_libdir}/firmware/${TARGET_C66_1}" ALTERNATIVE_LINK_NAME[j7-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}" +ALTERNATIVE_LINK_NAME[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-c66_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-c66_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_1_SIGNED}" +ALTERNATIVE_LINK_NAME[j7-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}" + ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}" ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}" ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}" @@ -383,6 +453,14 @@ ALTERNATIVE_TARGET[j7-c66_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test ALTERNATIVE_TARGET[j7-c66_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66" ALTERNATIVE_TARGET[j7-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71" +ALTERNATIVE_TARGET[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed" +ALTERNATIVE_TARGET[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j7-c66_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed" +ALTERNATIVE_TARGET[j7-c66_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed" +ALTERNATIVE_TARGET[j7-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed" + ALTERNATIVE_TARGET[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f" ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f" ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f" From patchwork Fri Sep 9 05:50:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manorit Chawdhry X-Patchwork-Id: 12530 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F822ECAAA1 for ; Fri, 9 Sep 2022 05:51:10 +0000 (UTC) Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142]) by mx.groups.io with SMTP id smtpd.web08.3333.1662702662934101880 for ; Thu, 08 Sep 2022 22:51:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=IuHugjC9; spf=pass (domain: ti.com, ip: 198.47.19.142, mailfrom: m-chawdhry@ti.com) Received: from lelv0266.itg.ti.com ([10.180.67.225]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 2895p2TM077714 for ; Fri, 9 Sep 2022 00:51:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1662702662; bh=P/M+EjxtzOr4je1dxn/Ukdwgw4OYEZsrrRsMSu5orlQ=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=IuHugjC9S1jqKfEw/whAtwIcj2k5nYE/Bq9wBqCsImheXcWAitb2Vo0HEDxE2v2qp jwqpLqUdKWMxQVXv0/3STyFhKTbDi1folUlbYC5Nt5mZ87PL4GWcnZE+lHR2246cZ/ ObT/uZs+GnSnQhYTlJ8JoSYKgrhsXjdnW++cqssw= Received: from DFLE101.ent.ti.com (dfle101.ent.ti.com [10.64.6.22]) by lelv0266.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 2895p2fd039505 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 9 Sep 2022 00:51:02 -0500 Received: from DFLE114.ent.ti.com (10.64.6.35) by DFLE101.ent.ti.com (10.64.6.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6; Fri, 9 Sep 2022 00:51:01 -0500 Received: from fllv0039.itg.ti.com (10.64.41.19) by DFLE114.ent.ti.com (10.64.6.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6 via Frontend Transport; Fri, 9 Sep 2022 00:51:01 -0500 Received: from uda0497581.dhcp.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 2895otId120128; Fri, 9 Sep 2022 00:51:00 -0500 From: Manorit Chawdhry To: CC: Andrew Davis , Nishanth Menon , Manorit Chawdhry Subject: [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: add secure firmware images Date: Fri, 9 Sep 2022 11:20:54 +0530 Message-ID: <20220909055055.38394-3-m-chawdhry@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220909055055.38394-1-m-chawdhry@ti.com> References: <20220909055055.38394-1-m-chawdhry@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Sep 2022 05:51:10 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/15013 Adds support for secure firmware images in J7200 HS EVM. Signed-off-by: Manorit Chawdhry --- recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb index 78faeae3..f7a28218 100644 --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb @@ -89,6 +89,18 @@ do_install_prepend_j7200-hs-evm() { mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \ ) + ( + cd ${RTOS_IPC_FW_DIR}; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \ + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \ + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \ + ) + ( + cd ${RTOS_ETH_FW_DIR}; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \ + app_remoteswitchcfg_server_strip.xer5f.signed; + ) } # J7 HS support @@ -169,11 +181,16 @@ do_install_j7200-hs-evm() { install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR} install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f ${LEGACY_IPC_FW_DIR} install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR} + # Signed Firmwares + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} # DM Firmware install -m 0644 ${RTOS_DM_FW_DIR}/ipc_echo_testb_mcu1_0_release_strip.xer5f ${LEGACY_DM_FW_DIR} # ETH firmware install -d ${LEGACY_ETH_FW_DIR} install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR} + # ETH Signed firmware + install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR} } do_install_j721s2-evm() { @@ -301,6 +318,8 @@ ALTERNATIVE_${PN}_j7200-hs-evm = "\ j7200-mcu-r5f0_1-fw \ j7200-main-r5f0_0-fw \ j7200-main-r5f0_1-fw \ + j7200-main-r5f0_0-fw-sec \ + j7200-main-r5f0_1-fw-sec \ " ALTERNATIVE_${PN}_j721s2-evm = "\ @@ -367,6 +386,9 @@ TARGET_MCU_R5FSS0_1_j7200-hs-evm = "j7200-mcu-r5f0_1-fw" TARGET_MAIN_R5FSS0_0_j7200-hs-evm = "j7200-main-r5f0_0-fw" TARGET_MAIN_R5FSS0_1_j7200-hs-evm = "j7200-main-r5f0_1-fw" +TARGET_MAIN_R5FSS0_0_SIGNED_j7200-hs-evm = "j7200-main-r5f0_0-fw-sec" +TARGET_MAIN_R5FSS0_1_SIGNED_j7200-hs-evm = "j7200-main-r5f0_1-fw-sec" + TARGET_MCU_R5FSS0_0_j721s2-evm = "j721s2-mcu-r5f0_0-fw" TARGET_MCU_R5FSS0_1_j721s2-evm = "j721s2-mcu-r5f0_1-fw" TARGET_MAIN_R5FSS0_0_j721s2-evm = "j721s2-main-r5f0_0-fw" @@ -420,6 +442,9 @@ ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_M ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}" ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1}" +ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}" + ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}" ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}" ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}" @@ -466,6 +491,9 @@ ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_e ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f" ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f" +ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed" +ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed" + ALTERNATIVE_TARGET[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f" ALTERNATIVE_TARGET[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f" ALTERNATIVE_TARGET[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_0_release_strip.xer5f" From patchwork Fri Sep 9 05:50:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manorit Chawdhry X-Patchwork-Id: 12531 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C499ECAAD3 for ; Fri, 9 Sep 2022 05:51:10 +0000 (UTC) Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141]) by mx.groups.io with SMTP id smtpd.web12.3398.1662702665298425676 for ; Thu, 08 Sep 2022 22:51:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ti.com header.s=ti-com-17q1 header.b=MmX3Z6YG; spf=pass (domain: ti.com, ip: 198.47.19.141, mailfrom: m-chawdhry@ti.com) Received: from lelv0265.itg.ti.com ([10.180.67.224]) by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id 2895p4sb057104 for ; Fri, 9 Sep 2022 00:51:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1662702664; bh=Q9g8QKfT4D6d11MutVN9r7GXthpxhA9CGcV8wSrZ3aI=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=MmX3Z6YGQ9ONh7ceTtk3JcSkVxZBZ9TCMSlu9llvic/R8fZ9LTJnrTnQaaOjaN98R ho9bp/u0RdMZ9GiCzhwHaObr6lUzKXc/ehw4LgBdqGNQ3J63cuhM19iG31DQPl45O6 KIkv1tjL64svvD6p2Sq47rbiWmbMYgsz/P8/SdVw= Received: from DLEE107.ent.ti.com (dlee107.ent.ti.com [157.170.170.37]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 2895p44T002790 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 9 Sep 2022 00:51:04 -0500 Received: from DLEE100.ent.ti.com (157.170.170.30) by DLEE107.ent.ti.com (157.170.170.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6; Fri, 9 Sep 2022 00:51:03 -0500 Received: from fllv0039.itg.ti.com (10.64.41.19) by DLEE100.ent.ti.com (157.170.170.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.6 via Frontend Transport; Fri, 9 Sep 2022 00:51:04 -0500 Received: from uda0497581.dhcp.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 2895otIe120128; Fri, 9 Sep 2022 00:51:02 -0500 From: Manorit Chawdhry To: CC: Andrew Davis , Nishanth Menon , Manorit Chawdhry Subject: [meta-ti][dunfell][PATCH 3/3] ti-rtos-firmware: j721s2-hs-evm: add secure firmware images Date: Fri, 9 Sep 2022 11:20:55 +0530 Message-ID: <20220909055055.38394-4-m-chawdhry@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220909055055.38394-1-m-chawdhry@ti.com> References: <20220909055055.38394-1-m-chawdhry@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Sep 2022 05:51:10 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/15014 Adds support for secure firmware images in J721S2 HS EVM. Signed-off-by: Manorit Chawdhry --- recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 49 ++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb index f7a28218..afff8d15 100644 --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb @@ -110,6 +110,21 @@ do_install_prepend_j721s2-hs-evm() { mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \ ) + ( + cd ${RTOS_IPC_FW_DIR}; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \ + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \ + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \ + ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \ + ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \ + ipc_echo_test_c7x_1_release_strip.xe71.signed; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_2_release_strip.xe71 \ + ipc_echo_test_c7x_2_release_strip.xe71.signed; \ + ) } # Update the am64xx ipc binaries to be consistent with other platforms @@ -218,6 +233,13 @@ do_install_j721s2-hs-evm() { install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR} install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71 ${LEGACY_IPC_FW_DIR} install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_2_release_strip.xe71 ${LEGACY_IPC_FW_DIR} + # Signed firmware + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR} + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_2_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR} # DM Firmware install -m 0644 ${RTOS_DM_FW_DIR}/ipc_echo_testb_mcu1_0_release_strip.xer5f ${LEGACY_DM_FW_DIR} # ETH firmware @@ -342,6 +364,12 @@ ALTERNATIVE_${PN}_j721s2-hs-evm = "\ j721s2-main-r5f1_1-fw \ j721s2-c71_0-fw \ j721s2-c71_1-fw \ + j721s2-main-r5f0_0-fw-sec \ + j721s2-main-r5f0_1-fw-sec \ + j721s2-main-r5f1_0-fw-sec \ + j721s2-main-r5f1_1-fw-sec \ + j721s2-c71_0-fw-sec \ + j721s2-c71_1-fw-sec \ " # Set up link names for the firmwares @@ -407,6 +435,13 @@ TARGET_MAIN_R5FSS1_1_j721s2-hs-evm = "j721s2-main-r5f1_1-fw" TARGET_C7X_0_j721s2-hs-evm = "j721s2-c71_0-fw" TARGET_C7X_1_j721s2-hs-evm = "j721s2-c71_1-fw" +TARGET_MAIN_R5FSS0_0_SIGNED_j721s2-hs-evm = "j721s2-main-r5f0_0-fw-sec" +TARGET_MAIN_R5FSS0_1_SIGNED_j721s2-hs-evm = "j721s2-main-r5f0_1-fw-sec" +TARGET_MAIN_R5FSS1_0_SIGNED_j721s2-hs-evm = "j721s2-main-r5f1_0-fw-sec" +TARGET_MAIN_R5FSS1_1_SIGNED_j721s2-hs-evm = "j721s2-main-r5f1_1-fw-sec" +TARGET_C7X_0_SIGNED_j721s2-hs-evm = "j721s2-c71_0-fw-sec" +TARGET_C7X_1_SIGNED_j721s2-hs-evm = "j721s2-c71_1-fw-sec" + ALTERNATIVE_LINK_NAME[am65x-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}" ALTERNATIVE_LINK_NAME[am65x-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}" @@ -454,6 +489,13 @@ ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_1-fw] = "${base_libdir}/firmware/${TARGET ALTERNATIVE_LINK_NAME[j721s2-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}" ALTERNATIVE_LINK_NAME[j721s2-c71_1-fw] = "${base_libdir}/firmware/${TARGET_C7X_1}" +ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}" +ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}" +ALTERNATIVE_LINK_NAME[j721s2-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}" +ALTERNATIVE_LINK_NAME[j721s2-c71_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_1_SIGNED}" + # Create the firmware alternatives ALTERNATIVE_TARGET[am65x-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_0_release_strip.xer5f" @@ -503,6 +545,13 @@ ALTERNATIVE_TARGET[j721s2-main-r5f1_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc ALTERNATIVE_TARGET[j721s2-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71" ALTERNATIVE_TARGET[j721s2-c71_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_2_release_strip.xe71" +ALTERNATIVE_TARGET[j721s2-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_0_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j721s2-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j721s2-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j721s2-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed" +ALTERNATIVE_TARGET[j721s2-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed" +ALTERNATIVE_TARGET[j721s2-c71_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_2_release_strip.xe71.signed" + ALTERNATIVE_PRIORITY = "10" # make sure that lib/firmware, and all its contents are part of the package