According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis n-francis@ti.com --- Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info

Changes in v4: - corrected function comments, 0 for lockstep, 2 for split mode

Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32

Changes in v2: - included TRM link in commit message

tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py index aad3b61ae2..7ee2683ab2 100644 --- a/tools/binman/btool/openssl.py +++ b/tools/binman/btool/openssl.py @@ -155,6 +155,7 @@ authInPlace = INTEGER:2 C, ST, L, O, OU, CN and emailAddress cert_type (int): Certification type bootcore (int): Booting core + bootcore_opts(int): Booting core option, lockstep (0) or split (2) mode load_addr (int): Load address of image sha (int): Hash function

@@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw, hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data, hashval_sysfw_data, sysfw_inner_cert_ext_boot_block, - dm_data_ext_boot_block): + dm_data_ext_boot_block, bootcore_opts): """Create a certificate

Args: @@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} bootcore (int): Booting core load_addr (int): Load address of image sha (int): Hash function + bootcore_opts (int): Booting core option, lockstep (0) or split (2) mode

Returns: str: Tool output @@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data [sbl] compType = INTEGER:1 bootCore = INTEGER:16 -compOpts = INTEGER:0 +compOpts = INTEGER:{bootcore_opts} destAddr = FORMAT:HEX,OCT:{load_addr:08x} compSize = INTEGER:{imagesize_sbl} shaType = OID:{sha_type} diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index e7b4e9380e..2402adb3d9 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1944,6 +1944,7 @@ Properties / Entry arguments: - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default

The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index 9a7ac9e9e0..f6fc3f90f8 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default

The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate @@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.core = fdt_util.GetString(self._node, 'core', 'secure') + self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts') self.key_fname = self.GetEntryArgsOrProps([ EntryArg('keyfile', str)], required=True)[0] if self.combined: @@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert): bytes content of the entry, which is the certificate binary for the provided data """ + if self.bootcore_opts is None: + self.bootcore_opts = 0 + if self.core == 'secure': if self.countersign: self.cert_type = 3 else: self.cert_type = 2 self.bootcore = 0 - self.bootcore_opts = 32 else: self.cert_type = 1 self.bootcore = 16 - self.bootcore_opts = 0 + return super().GetCertificate(required=required, type='rom')

def CombinedGetCertificate(self, required): @@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.num_comps = 3 self.sha_type = SHA_OIDS[self.sha]

+ if self.bootcore_opts is None: + self.bootcore_opts = 0 + # sbl self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') input_data_sbl = self.GetContents(required) diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py index d028cfe38c..fc0bb12278 100644 --- a/tools/binman/etype/x509_cert.py +++ b/tools/binman/etype/x509_cert.py @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection): imagesize_sysfw_data=self.imagesize_sysfw_data, hashval_sysfw_data=self.hashval_sysfw_data, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block, - dm_data_ext_boot_block=self.dm_data_ext_boot_block + dm_data_ext_boot_block=self.dm_data_ext_boot_block, + bootcore_opts=self.bootcore_opts ) if stdout is not None: data = tools.read_file(output_fname) diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>; + core-opts = <2>; }; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";