Home Explore Help
Sign In
coolsoul
/
u-boot
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

armv7R: K3: am654: Add support for generating build targets

Update Makefiles to generate:
- tiboot3.bin: Image format that can be processed by ROM.

Below is the tiboot3.bin image format that is required by ROM:

		 _______________________
		|	 X509		|
		|     Certificate	|
		| ____________________	|
		| |		      |	|
		| | u-boot-spl.bin    |	|
		| |		      |	|
		| |___________________|	|
		|_______________________|

Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Lokesh Vutla 6 years ago
parent
23f7b1a776
commit
890b2e750d
3 changed files with 118 additions and 0 deletions
Unified View Show Diff Stats
  1. 11 0
      arch/arm/mach-k3/Kconfig
  2. 59 0
      arch/arm/mach-k3/config.mk
  3. 48 0
      tools/k3_x509template.txt

+ 11 - 0
arch/arm/mach-k3/Kconfig
View File 

@@ -47,5 +47,16 @@ config SYS_K3_BOOT_PARAM_TABLE_INDEX
 
 	  Address at which ROM stores the value which determines if SPL
 
 	  Address at which ROM stores the value which determines if SPL
 
 	  is booted up by primary boot media or secondary boot media.
 
 	  is booted up by primary boot media or secondary boot media.
 
 
 
+config SYS_K3_KEY
 
+	string "Key used to generate x509 certificate"
 
+	help
 
+	  This option enables to provide a custom key that can be used for
 
+	  generating x509 certificate for spl binary. If not needed leave
 
+	  it blank so that a random key is generated and used.
 
+
 
+config SYS_K3_BOOT_CORE_ID
 
+	int
 
+	default 16
 
+
 
 source "board/ti/am65x/Kconfig"
 
 source "board/ti/am65x/Kconfig"
 
 endif
 
 endif

+ 59 - 0
arch/arm/mach-k3/config.mk
View File 

@@ -5,6 +5,65 @@
 
 
 
 ifdef CONFIG_SPL_BUILD
 
 ifdef CONFIG_SPL_BUILD
 
 
 
+# Openssl is required to generate x509 certificate.
 
+# Error out if openssl is not available.
 
+ifeq ($(shell which openssl),)
 
+$(error "No openssl in $(PATH), consider installing openssl")
 
+endif
 
+
 
+SHA_VALUE=  $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g")
 
+IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c)
 
+LOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g")
 
+MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE))
 
+
 
+# Parameters to get populated into the x509 template
 
+SED_OPTS=  -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/
 
+SED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/
 
+SED_OPTS+= -e s/TEST_CERT_TYPE/1/		# CERT_TYPE_PRIMARY_IMAGE_BIN
 
+SED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/
 
+SED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/
 
+SED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/
 
+
 
+# Command to generate ecparam key
 
+quiet_cmd_genkey = OPENSSL $@
 
+cmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey
 
+
 
+# Command to generate x509 certificate
 
+quiet_cmd_gencert = OPENSSL $@
 
+cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \
 
+	openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512
 
+
 
+# If external key is not provided, generate key using openssl.
 
+ifeq ($(CONFIG_SYS_K3_KEY), "")
 
+KEY=u-boot-spl-eckey.pem
 
+else
 
+KEY=$(patsubst "%",%,$(CONFIG_SYS_K3_KEY))
 
+endif
 
+
 
+u-boot-spl-eckey.pem: FORCE
 
+	$(call if_changed,genkey)
 
+
 
+# tiboot3.bin is mandated by ROM and ROM only supports R5 boot.
 
+# So restrict tiboot3.bin creation for CPU_V7R.
 
+ifdef CONFIG_CPU_V7R
 
+u-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE
 
+	$(call if_changed,gencert)
 
+
 
+image_check: $(obj)/u-boot-spl.bin FORCE
 
+	@if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then			    \
 
+		echo "===============================================" >&2; \
 
+		echo "ERROR: Final Image too big. " >&2;		    \
 
+		echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \
 
+		echo "===============================================" >&2; \
 
+		exit 1;							    \
 
+	fi
 
+
 
+tiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE
 
+	$(call if_changed,cat)
 
+
 
+ALL-y	+= tiboot3.bin
 
+endif
 
+
 
 ifdef CONFIG_ARM64
 
 ifdef CONFIG_ARM64
 
 SPL_ITS := u-boot-spl-k3.its
 
 SPL_ITS := u-boot-spl-k3.its
 
 $(SPL_ITS): FORCE
 
 $(SPL_ITS): FORCE

+ 48 - 0
tools/k3_x509template.txt
View File 

@@ -0,0 +1,48 @@
 
+ [ req ]
 
+ distinguished_name     = req_distinguished_name
 
+ x509_extensions        = v3_ca
 
+ prompt                 = no
 
+ dirstring_type         = nobmp
 
+
 
+ [ req_distinguished_name ]
 
+ C                      = US
 
+ ST                     = TX
 
+ L                      = Dallas
 
+ O                      = Texas Instruments Incorporated
 
+ OU                     = Processors
 
+ CN                     = TI Support
 
+ emailAddress           = support@ti.com
 
+
 
+ [ v3_ca ]
 
+ basicConstraints = CA:true
 
+ 1.3.6.1.4.1.294.1.1 = ASN1:SEQUENCE:boot_seq
 
+ 1.3.6.1.4.1.294.1.2 = ASN1:SEQUENCE:image_integrity
 
+ 1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
 
+# 1.3.6.1.4.1.294.1.4 = ASN1:SEQUENCE:encryption
 
+ 1.3.6.1.4.1.294.1.8 = ASN1:SEQUENCE:debug
 
+
 
+ [ boot_seq ]
 
+ certType = INTEGER:TEST_CERT_TYPE
 
+ bootCore = INTEGER:TEST_BOOT_CORE
 
+ bootCoreOpts = INTEGER:TEST_BOOT_ARCH_WIDTH
 
+ destAddr = FORMAT:HEX,OCT:TEST_BOOT_ADDR
 
+ imageSize = INTEGER:TEST_IMAGE_LENGTH
 
+
 
+ [ image_integrity ]
 
+ shaType = OID:2.16.840.1.101.3.4.2.3
 
+ shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL
 
+
 
+ [ swrv ]
 
+ swrv = INTEGER:0
 
+
 
+# [ encryption ]
 
+# initalVector = FORMAT:HEX,OCT:TEST_IMAGE_ENC_IV
 
+# randomString = FORMAT:HEX,OCT:TEST_IMAGE_ENC_RS
 
+# iterationCnt = INTEGER:TEST_IMAGE_KEY_DERIVE_INDEX
 
+# salt = FORMAT:HEX,OCT:TEST_IMAGE_KEY_DERIVE_SALT
 
+
 
+ [ debug ]
 
+ debugType = INTEGER:4
 
+ coreDbgEn = INTEGER:0
 
+ coreDbgSecEn = INTEGER:0
 
+ debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000