On 5/31/22 12:06 AM, Roger Quadros wrote:
Hi,
On 27/05/2022 20:50, Alper Nebi Yasak wrote:
On 26/05/2022 17:15, Tom Rini wrote:
On Thu, May 26, 2022 at 10:28:45AM +0300, Roger Quadros wrote:
Any thoughts on how to get the new ti-secure etype work with atf-bl31 and tee-os etypes so that it can take the data output of those entries and create a signed binary with filenames from those entries or atf-bl31-path and tee-os-path?
Can something like this work?
ti-secure { atf-bl31 { filename = "bl31.bin"; }; }
We could probably get rid of filename property from ti-secure etype and use blob for regular files.
ti-secure { blob { filename = "somefile.ext"; } }
This would definitely work, see etype/mkimage.py for example. I'd prefer to know the file-format details (and maybe replicate them in binman) if you could afford to publish them, though...
This is a question to Nishanth/Andrew.
What file format are we talking about here? If it is the signed format, it's an attached x509 certificate, that is already published [0] and the tools to make it are public [1].
There is also an effort to replicate some of this in binman too [2].
Thanks, Andrew
[0] https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_f... [1] https://git.ti.com/cgit/security-development-tools/core-secdev-k3 [2] https://lore.kernel.org/all/20220510200511.GK3901321@bill-the-cat/T/
Sorry I couldn't look at either series yet, but I see mentions of k3_fit_atf.sh, so let me point out another series [1][2] that might also interest you:
[1] [RESEND, RFC 0/8] Integration of sysfw and tispl with U-Boot https://lore.kernel.org/u-boot/20220406122919.6104-1-n-francis@ti.com/
[2] [PATCH RFC v2 00/11] Integration of sysfw, tispl and tiboot3 https://lore.kernel.org/u-boot/20220506043759.8193-1-n-francis@ti.com/
Thanks for this pointer. I will review those patches and see how we can consolidate.
cheers, -roger