Andrew Davis afd@ti.com writes:
On 4/8/24 5:17 PM, Jonathan Humphreys wrote:
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com
arch/arm/dts/k3-j721e-binman.dtsi | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi index 75a6e9599b9..9169551c422 100644 --- a/arch/arm/dts/k3-j721e-binman.dtsi +++ b/arch/arm/dts/k3-j721e-binman.dtsi @@ -207,6 +207,29 @@ }; }; };
+#include "k3-binman-capsule-r5.dtsi"
+// Capsue update GUIDs. See ti_armv7_common.h. +#define K3_SYSFW_IMAGE_UUID_STR "6fd10680-361b-431f-80aa-899455819e11"
+&binman {
- capsule-sysfw {
filename = "sysfw-capsule.bin";efi-capsule {image-index = <0x4>;image-guid = K3_SYSFW_IMAGE_UUID_STR;private-key = "arch/arm/mach-k3/keys/custMpk.pem";public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt";monotonic-count = <0x1>;blob {filename = "sysfw.itb";};};- };
+};
#endif
#ifdef CONFIG_TARGET_J721E_A72_EVM
@@ -585,4 +608,13 @@ }; }; };
+#include "k3-binman-capsule.dtsi" +&tispl_name {
- filename = "tispl.bin_unsigned";
Why use the _unsigned images here? HS devices cannot boot unsigned GP images, but both GP and HS devices *can* boot the normal signed images (GP just strips the signatures off). So no need to use the _unsigned images anymore (I'm planning to just remove them at some point to prevent this confusion).
I can do that.
Note that you will then see warnings on GP devices during boot:
Warning: Detected image signing certificate on GP device. Skipping certificate to prevent boot failure. This will fail if the image was also encrypted
Jon
Andrew
+}; +&uboot_name {
- filename = "u-boot.img_unsigned";
+};
- #endif