Re: [PATCH] binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts

On 9/22/2023 2:45 PM, Neha Malcom Francis wrote:

According to the TRMs of K3 platform of devices, the ROM boot image

Below tear line, giving  some link of TRM, with section information

where this format is mentioned will be helpful for reviewers.

format specifies a "Core Options Field" that provides the capability to set the Dual MCU present to lockstep when set to 0 or to split mode when

'Dual MCU present to' or 'Boot core in' or 'Boot MCU in'

set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis n-francis@ti.com

tools/binman/btool/openssl.py | 6 ++++-- tools/binman/etype/ti_secure_rom.py | 12 ++++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py index aad3b61ae2..86cc56fbd7 100644 --- a/tools/binman/btool/openssl.py +++ b/tools/binman/btool/openssl.py @@ -155,6 +155,7 @@ authInPlace = INTEGER:2 C, ST, L, O, OU, CN and emailAddress cert_type (int): Certification type bootcore (int): Booting core

•        bootcore_opts(int): Booting core option (split/lockstep mode)
          load_addr (int): Load address of image
          sha (int): Hash function
  
  

@@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw, hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data, hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,

•              dm_data_ext_boot_block):
  

•              dm_data_ext_boot_block, bootcore_opts):
      """Create a certificate
  
      Args:
  

@@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} bootcore (int): Booting core load_addr (int): Load address of image sha (int): Hash function

•        bootcore_opts (int): Boot core option (split/lockstep mode)
  
      Returns:
          str: Tool output
  

@@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data [sbl] compType = INTEGER:1 bootCore = INTEGER:16 -compOpts = INTEGER:0 +compOpts = INTEGER:{bootcore_opts} destAddr = FORMAT:HEX,OCT:{load_addr:08x} compSize = INTEGER:{imagesize_sbl} shaType = OID:{sha_type} diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index 9a7ac9e9e0..780f132ea5 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow

•    - bootcore_opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
  
  The following properties are only for generating a combined bootflow binary:
      - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
  

@@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.core = fdt_util.GetString(self._node, 'core', 'secure')

•    self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
      self.key_fname = self.GetEntryArgsOrProps([
          EntryArg('keyfile', str)], required=True)[0]
      if self.combined:
  

@@ -103,11 +105,14 @@ class Entry_ti_secure_rom(Entry_x509_cert): else: self.cert_type = 2 self.bootcore = 0

•        self.bootcore_opts = 32
  

•        if self.bootcore_opts is None:
  

•            self.bootcore_opts = 32
      else:
          self.cert_type = 1
          self.bootcore = 16
  

•        self.bootcore_opts = 0
  

•        if self.bootcore_opts is None:
  

•            self.bootcore_opts = 0
  

•     return super().GetCertificate(required=required, type='rom')
  
  def CombinedGetCertificate(self, required):
  

@@ -126,6 +131,9 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.num_comps = 3 self.sha_type = SHA_OIDS[self.sha]

•    if self.bootcore_opts is None:
  

•        self.bootcore_opts = 0
  

•     # sbl
      self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
      input_data_sbl = self.GetContents(required)
  

diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py index d028cfe38c..fc0bb12278 100644 --- a/tools/binman/etype/x509_cert.py +++ b/tools/binman/etype/x509_cert.py @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection): imagesize_sysfw_data=self.imagesize_sysfw_data, hashval_sysfw_data=self.hashval_sysfw_data, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,

•            dm_data_ext_boot_block=self.dm_data_ext_boot_block
  

•            dm_data_ext_boot_block=self.dm_data_ext_boot_block,
  

•            bootcore_opts=self.bootcore_opts
          )
      if stdout is not None:
          data = tools.read_file(output_fname)
  

diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;

• 	core-opts = <2>;
  

  }; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";

May be adding one binman dtsi with 'donot merge' tag to show this is to be used, will be helpful

Rest LGTM

Thanks

Udit