[PATCH 0/2] Add TIFS Stub support in AM62x
Add support for signing, detection and loading of TIFSSTUB images for for HSSE, HSFS and GP AM62x devices.
Boot tested and Deepsleep entry exist tested with ti-linux: https://gist.github.com/DhruvaG2000/036010f6ae75aa6443fc77f61fd74893
Patches are based on top of tag: v2024.04
Cc: Tom Rini trini@konsulko.com Cc: Neha Malcom Francis n-francis@ti.com Cc: Kamlesh Gurudasani kamlesh@ti.com Cc: Vibhore Vardhan vibhore@ti.com Cc: Vishal Mahaveer vishalm@ti.com Cc: Akashdeep Kaur a-kaur@ti.com Cc: Sebin Francis sebin.francis@ti.com
Kamlesh Gurudasani (2): arm: mach-k3: add support for detecting TIFSSTUB images arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images
arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++- arch/arm/mach-k3/r5/common.c | 24 +++++ 2 files changed, 163 insertions(+), 2 deletions(-)
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for detecting and processing TIFSSTUB images for HS, HSFS and GP devices.
TIFSSTUB image for related device type will be loaded, rest TIFSSTUB images will be discarded.
Example, for GP device, tifsstub-gp will be loaded, tifsstub-hs and tifsstub-fs will be discarded.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com --- arch/arm/mach-k3/r5/common.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/arch/arm/mach-k3/r5/common.c b/arch/arm/mach-k3/r5/common.c index c02f8d330998..0f6c294f1eb2 100644 --- a/arch/arm/mach-k3/r5/common.c +++ b/arch/arm/mach-k3/r5/common.c @@ -24,6 +24,9 @@ enum { IMAGE_ID_OPTEE, IMAGE_ID_SPL, IMAGE_ID_DM_FW, + IMAGE_ID_TIFSSTUB_HS, + IMAGE_ID_TIFSSTUB_FS, + IMAGE_ID_T, IMAGE_AMT, };
@@ -33,6 +36,9 @@ static const char *image_os_match[IMAGE_AMT] = { "tee", "U-Boot", "DM", + "tifsstub-hs", + "tifsstub-fs", + "tifsstub-gp", }; #endif
@@ -314,6 +320,24 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, break; } } + + if (i < IMAGE_AMT && i > IMAGE_ID_DM_FW) { + int device_type = get_device_type(); + + if ((device_type == K3_DEVICE_TYPE_HS_SE && + strcmp(os, "tifsstub-hs")) || + (device_type == K3_DEVICE_TYPE_HS_FS && + strcmp(os, "tifsstub-fs")) || + (device_type == K3_DEVICE_TYPE_GP && + strcmp(os, "tifsstub-gp"))) { + *p_size = 0; + } else { + debug("tifsstub-type: %s\n", os); + } + + return; + } + /* * Only DM and the DTBs are being authenticated here, * rest will be authenticated when A72 cluster is up
Hi Dhruva,
On 03/04/24 17:33, Dhruva Gole wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for detecting and processing TIFSSTUB images for HS, HSFS and GP devices.
TIFSSTUB image for related device type will be loaded, rest TIFSSTUB images will be discarded.
Example, for GP device, tifsstub-gp will be loaded, tifsstub-hs and tifsstub-fs will be discarded.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com
arch/arm/mach-k3/r5/common.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/arch/arm/mach-k3/r5/common.c b/arch/arm/mach-k3/r5/common.c index c02f8d330998..0f6c294f1eb2 100644 --- a/arch/arm/mach-k3/r5/common.c +++ b/arch/arm/mach-k3/r5/common.c @@ -24,6 +24,9 @@ enum { IMAGE_ID_OPTEE, IMAGE_ID_SPL, IMAGE_ID_DM_FW,
- IMAGE_ID_TIFSSTUB_HS,
- IMAGE_ID_TIFSSTUB_FS,
- IMAGE_ID_T, IMAGE_AMT, };
@@ -33,6 +36,9 @@ static const char *image_os_match[IMAGE_AMT] = { "tee", "U-Boot", "DM",
- "tifsstub-hs",
- "tifsstub-fs",
- "tifsstub-gp", }; #endif
@@ -314,6 +320,24 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, break; } }
- if (i < IMAGE_AMT && i > IMAGE_ID_DM_FW) {
int device_type = get_device_type();if ((device_type == K3_DEVICE_TYPE_HS_SE &&strcmp(os, "tifsstub-hs")) ||(device_type == K3_DEVICE_TYPE_HS_FS &&strcmp(os, "tifsstub-fs")) ||(device_type == K3_DEVICE_TYPE_GP &&strcmp(os, "tifsstub-gp"))) {*p_size = 0;} else {debug("tifsstub-type: %s\n", os);}return;- }
- /*
- Only DM and the DTBs are being authenticated here,
- rest will be authenticated when A72 cluster is up
Reviewed-by: Neha Malcom Francis n-francis@ti.com
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices and include them in tispl.bin and tispl.bin_unsigned.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com --- arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 2 deletions(-)
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi index 5b058bd03a07..dfd38d64f638 100644 --- a/arch/arm/dts/k3-am625-sk-binman.dtsi +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi @@ -151,11 +151,107 @@ filename = "ti-dm/am62xx/ipc_echo_testb_mcu1_0_release_strip.xer5f"; }; }; + + tifsstub-hs { + filename = "tifsstub.bin_hs"; + ti-secure-rom { + content = <&tifsstub_hs_cert>; + core = "secure"; + load = <0x40000>; + sw-rev = <CONFIG_K3_X509_SWRV>; + keyfile = "custMpk.pem"; + countersign; + tifsstub; + }; + tifsstub_hs_cert: tifsstub-hs-cert.bin { + filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin"; + type = "blob-ext"; + optional; + }; + tifsstub_hs_enc: tifsstub-hs-enc.bin { + filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin"; + type = "blob-ext"; + optional; + }; + }; + + tifsstub-fs { + filename = "tifsstub.bin_fs"; + tifsstub_fs_cert: tifsstub-fs-cert.bin { + filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin"; + type = "blob-ext"; + optional; + }; + tifsstub_fs_enc: tifsstub-fs-enc.bin { + filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin"; + type = "blob-ext"; + optional; + }; + + }; + + tifsstub-gp { + filename = "tifsstub.bin_gp"; + ti-secure-rom { + content = <&tifsstub_gp>; + core = "secure"; + load = <0x60000>; + sw-rev = <CONFIG_K3_X509_SWRV>; + keyfile = "ti-degenerate-key.pem"; + tifsstub; + }; + tifsstub_gp: tifsstub-gp.bin { + filename = "ti-sysfw/ti-fs-stub-firmware-am62x-gp.bin"; + type = "blob-ext"; + optional; + }; + }; + ti-spl { insert-template = <&ti_spl_template>;
fit { images { + + tifsstub-hs { + description = "TIFSSTUB"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-hs"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_hs"; + }; + }; + + tifsstub-fs { + description = "TIFSSTUB"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-fs"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_fs"; + }; + }; + + tifsstub-gp { + description = "TIFSSTUB"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-gp"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_gp"; + }; + }; + dm { ti-secure { content = <&dm>; @@ -189,7 +285,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf"; - loadables = "tee", "dm", "spl"; + loadables = "tee", "tifsstub-hs", "tifsstub-fs", + "tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; }; @@ -247,6 +344,45 @@ fit { images {
+ tifsstub-hs { + description = "tifsstub"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-hs"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_hs"; + }; + }; + + tifsstub-fs { + description = "tifsstub"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-fs"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_fs"; + }; + }; + + tifsstub-gp { + description = "tifsstub"; + type = "firmware"; + arch = "arm32"; + compression = "none"; + os = "tifsstub-gp"; + load = <0x9dc00000>; + entry = <0x9dc00000>; + blob-ext { + filename = "tifsstub.bin_gp"; + }; + }; + dm { ti-dm { filename = "ti-dm.bin"; @@ -270,7 +406,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf"; - loadables = "tee", "dm", "spl"; + loadables = "tee", "tifsstub-hs", "tifsstub-fs", + "tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; };
Hi Dhruva
On 03/04/24 17:33, Dhruva Gole wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices and include them in tispl.bin and tispl.bin_unsigned.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com
arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 2 deletions(-)
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi index 5b058bd03a07..dfd38d64f638 100644 --- a/arch/arm/dts/k3-am625-sk-binman.dtsi +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi @@ -151,11 +151,107 @@ filename = "ti-dm/am62xx/ipc_echo_testb_mcu1_0_release_strip.xer5f"; }; };
tifsstub-hs {
filename = "tifsstub.bin_hs";ti-secure-rom {content = <&tifsstub_hs_cert>;core = "secure";load = <0x40000>;sw-rev = <CONFIG_K3_X509_SWRV>;keyfile = "custMpk.pem";countersign;tifsstub;};tifsstub_hs_cert: tifsstub-hs-cert.bin {filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";type = "blob-ext";optional;};tifsstub_hs_enc: tifsstub-hs-enc.bin {filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";type = "blob-ext";optional;};};
tifsstub-fs {
filename = "tifsstub.bin_fs";tifsstub_fs_cert: tifsstub-fs-cert.bin {filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";type = "blob-ext";optional;};tifsstub_fs_enc: tifsstub-fs-enc.bin {filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";type = "blob-ext";optional;};};
tifsstub-gp {
filename = "tifsstub.bin_gp";ti-secure-rom {content = <&tifsstub_gp>;core = "secure";load = <0x60000>;sw-rev = <CONFIG_K3_X509_SWRV>;keyfile = "ti-degenerate-key.pem";tifsstub;};tifsstub_gp: tifsstub-gp.bin {filename = "ti-sysfw/ti-fs-stub-firmware-am62x-gp.bin";type = "blob-ext";optional;};};
ti-spl { insert-template = <&ti_spl_template>;
fit { images {
tifsstub-hs {description = "TIFSSTUB";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-hs";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_hs";};};tifsstub-fs {description = "TIFSSTUB";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-fs";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_fs";};};tifsstub-gp {description = "TIFSSTUB";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-gp";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_gp";};};dm { ti-secure { content = <&dm>;@@ -189,7 +285,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf";
loadables = "tee", "dm", "spl";
loadables = "tee", "tifsstub-hs", "tifsstub-fs","tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; };@@ -247,6 +344,45 @@ fit { images {
tifsstub-hs {description = "tifsstub";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-hs";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_hs";};};tifsstub-fs {description = "tifsstub";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-fs";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_fs";};};tifsstub-gp {description = "tifsstub";type = "firmware";arch = "arm32";compression = "none";os = "tifsstub-gp";load = <0x9dc00000>;entry = <0x9dc00000>;blob-ext {filename = "tifsstub.bin_gp";};};dm { ti-dm { filename = "ti-dm.bin";@@ -270,7 +406,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf";
loadables = "tee", "dm", "spl";
loadables = "tee", "tifsstub-hs", "tifsstub-fs","tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; };
If there are multiple boards that will support TIFSSTUB in future, I would prefer templating these out and putting them in k3-binman.dtsi. However considering there's a lot of movement currently (cleanup and OF_STREAM) in that file, you can maybe take this up when adding support for the next board.
Reviewed-by: Neha Malcom Francis n-francis@ti.com
On Thu, Apr 04, 2024 at 10:20:21AM +0530, Neha Malcom Francis wrote:
On 03/04/24 17:33, Dhruva Gole wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices and include them in tispl.bin and tispl.bin_unsigned.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com
[...]
@@ -270,7 +406,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf";
loadables = "tee", "dm", "spl";
loadables = "tee", "tifsstub-hs", "tifsstub-fs","tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; };If there are multiple boards that will support TIFSSTUB in future, I would
I would assume that this will be the case. Verdin AM62 would need the same, for example.
Francesco
Hi Neha!
On Apr 04, 2024 at 10:20:21 +0530, Neha Malcom Francis wrote:
Hi Dhruva
On 03/04/24 17:33, Dhruva Gole wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices and include them in tispl.bin and tispl.bin_unsigned.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com Signed-off-by: Dhruva Gole d-gole@ti.com
arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 2 deletions(-)
[...]
dm { ti-dm { filename = "ti-dm.bin";@@ -270,7 +406,8 @@ conf-0 { description = "k3-am625-sk"; firmware = "atf";
loadables = "tee", "dm", "spl";
loadables = "tee", "tifsstub-hs", "tifsstub-fs","tifsstub-gp", "dm", "spl"; fdt = "fdt-0"; }; };If there are multiple boards that will support TIFSSTUB in future, I would prefer templating these out and putting them in k3-binman.dtsi. However
That's a great idea. From the next set of boards for which also need binman TIFS Stub support we will keep in mind as you said below. Currently amidst all the movement and cleanup I don't want to push out too many changes at once.
I also have cleanup and OF_UPSTREAM changes for am62x pending which I plan on posting sometime soon..
considering there's a lot of movement currently (cleanup and OF_STREAM) in that file, you can maybe take this up when adding support for the next board.
Reviewed-by: Neha Malcom Francis n-francis@ti.com
Thanks!
On Wed, 03 Apr 2024 17:33:08 +0530, Dhruva Gole wrote:
Add support for signing, detection and loading of TIFSSTUB images for for HSSE, HSFS and GP AM62x devices.
Boot tested and Deepsleep entry exist tested with ti-linux: https://gist.github.com/DhruvaG2000/036010f6ae75aa6443fc77f61fd74893
Patches are based on top of tag: v2024.04
[...]
Applied to u-boot/master, thanks!
participants (4)
-
Dhruva Gole -
Francesco Dolcini -
Neha Malcom Francis -
Tom Rini