[PATCH v3 0/9] binman: ti: create binman nodes for EFI capsules
Add binman nodes for EFI capsules of firmware components so that capsules are automatically created during the UBoot builds.
This is enabled for several TI SoC based platforms: AM64, AM62, AM62p, BeaglePlay, AM69, J7, and BeagleboneAI.
Changes from v1: - on GP devices, still use signed images in capsules where available - Insert board specific capsule GUIDs into the capsule node's image-guid.
Changes from v2: - trigger building mkeficapsule tool on EFI_LOADER. This addresses buildman failures found with CI. - Added AM69 board support Link to v2: https://lore.kernel.org/r/20240419212819.170033-1-j-humphreys@ti.com
Jonathan Humphreys (9): tools: Build mkeficapsule tool by default if EFI_LOADER is set dts: ti: binman: Add base K3 firmware capsule nodes dts: am64x: binman: Include firmware capsules binman nodes dts: j721e: binman: Include firmware capsules binman nodes dts: beagleplay: binman: Include firmware capsules binman nodes dts: am62px: binman: Include firmware capsules binman nodes dts: am62x: binman: Include firmware capsules binman nodes dts: beagleboneai64: binman: Include firmware capsules binman nodes dts: j784s4: binman: Include firmware capsules binman nodes
arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi | 27 ++++++++++ arch/arm/dts/k3-am625-r5-beagleplay.dts | 15 ++++++ arch/arm/dts/k3-am625-sk-binman.dtsi | 30 ++++++++++++ arch/arm/dts/k3-am62p-sk-binman.dtsi | 29 +++++++++++ arch/arm/dts/k3-am64x-binman.dtsi | 30 ++++++++++++ arch/arm/dts/k3-binman-capsule-r5.dtsi | 21 ++++++++ arch/arm/dts/k3-binman-capsule.dtsi | 38 ++++++++++++++ .../dts/k3-j721e-beagleboneai64-u-boot.dtsi | 23 +++++++++ arch/arm/dts/k3-j721e-binman.dtsi | 49 +++++++++++++++++++ arch/arm/dts/k3-j721e-r5-beagleboneai64.dts | 29 +++++++++++ arch/arm/dts/k3-j784s4-binman.dtsi | 35 +++++++++++++ tools/Kconfig | 2 +- 12 files changed, 327 insertions(+), 1 deletion(-) create mode 100644 arch/arm/dts/k3-binman-capsule-r5.dtsi create mode 100644 arch/arm/dts/k3-binman-capsule.dtsi
Trigger the building of the mkeficapsule tool if EFI_LOADER is enabled. Previously it was triggered on EFI_CAPSULE_ON_DISK, but mkeficapsule is needed when a capsule is being generated for a bootloader stage, not just from the stage applying them. EFI_LOADER is a more accurate approximation of when a capsule may need to be generated.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- tools/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/Kconfig b/tools/Kconfig index 667807b3317..5c75af48fe3 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -98,7 +98,7 @@ config TOOLS_SHA512
config TOOLS_MKEFICAPSULE bool "Build efimkcapsule command" - default y if EFI_CAPSULE_ON_DISK + default y if EFI_LOADER help This command allows users to create a UEFI capsule file and, optionally sign that file. If you want to enable UEFI capsule
Create capsule files for tiboot3.bin, tispl.bin, and u-boot.img.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-binman-capsule-r5.dtsi | 21 ++++++++++++++ arch/arm/dts/k3-binman-capsule.dtsi | 38 ++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 arch/arm/dts/k3-binman-capsule-r5.dtsi create mode 100644 arch/arm/dts/k3-binman-capsule.dtsi
diff --git a/arch/arm/dts/k3-binman-capsule-r5.dtsi b/arch/arm/dts/k3-binman-capsule-r5.dtsi new file mode 100644 index 00000000000..959ceb7479d --- /dev/null +++ b/arch/arm/dts/k3-binman-capsule-r5.dtsi @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2024 Texas Instruments Incorporated - https://www.ti.com/ + */ + +&binman { + capsule_tiboot3: capsule-tiboot3 { + filename = "tiboot3-capsule.bin"; + efi-capsule { + image-index = <0x1>; + image-guid = "00000000-0000-0000-0000-000000000000"; + private-key = "arch/arm/mach-k3/keys/custMpk.pem"; + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt"; + monotonic-count = <0x1>; + + blob { + filename = "tiboot3.bin"; + }; + }; + }; +}; diff --git a/arch/arm/dts/k3-binman-capsule.dtsi b/arch/arm/dts/k3-binman-capsule.dtsi new file mode 100644 index 00000000000..17e83c9fa44 --- /dev/null +++ b/arch/arm/dts/k3-binman-capsule.dtsi @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2024 Texas Instruments Incorporated - https://www.ti.com/ + */ + +&binman { + capsule_tispl: capsule-tispl { + filename = "tispl-capsule.bin"; + efi-capsule { + image-index = <0x2>; + image-guid = "00000000-0000-0000-0000-000000000000"; + private-key = "arch/arm/mach-k3/keys/custMpk.pem"; + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt"; + monotonic-count = <0x1>; + + blob { + filename = "tispl.bin"; + }; + }; + }; +}; + +&binman { + capsule_uboot: capsule-uboot { + filename = "uboot-capsule.bin"; + efi-capsule { + image-index = <0x3>; + image-guid = "00000000-0000-0000-0000-000000000000"; + private-key = "arch/arm/mach-k3/keys/custMpk.pem"; + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt"; + monotonic-count = <0x1>; + + blob { + filename = "u-boot.img"; + }; + }; + }; +};
Fill in the am64x SK's capsule GUID properties of the base binman capsule nodes.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-am64x-binman.dtsi | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
diff --git a/arch/arm/dts/k3-am64x-binman.dtsi b/arch/arm/dts/k3-am64x-binman.dtsi index 37817ba60d2..f768c4d946d 100644 --- a/arch/arm/dts/k3-am64x-binman.dtsi +++ b/arch/arm/dts/k3-am64x-binman.dtsi @@ -114,6 +114,17 @@ }; };
+#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See am64x_evm.h +#define AM64X_SK_TIBOOT3_IMAGE_GUID_STR "ede0a0d5-9116-4bfb-aa54-09e97b5afe1a" + +&capsule_tiboot3 { + efi-capsule { + image-guid = AM64X_SK_TIBOOT3_IMAGE_GUID_STR; + }; +}; + #endif
#ifdef CONFIG_TARGET_AM642_A53_EVM @@ -373,4 +384,23 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See am64x_evm.h +#define AM64X_SK_SPL_IMAGE_GUID_STR "77678f5c-64d4-4910-ad75-52c9d95cdb1d" +#define AM64X_SK_UBOOT_IMAGE_GUID_STR "c6ad43a9-7d31-4f5d-83e9-b8efecae05bf" + +&capsule_tispl { + efi-capsule { + image-guid = AM64X_SK_SPL_IMAGE_GUID_STR; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = AM64X_SK_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif
Fill in the J721e SK's capsule GUID properties of the base binman capsule nodes. Also add it's SYSFW binman capsule node.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-j721e-binman.dtsi | 49 +++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)
diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi index 1514d897634..7b426729eb8 100644 --- a/arch/arm/dts/k3-j721e-binman.dtsi +++ b/arch/arm/dts/k3-j721e-binman.dtsi @@ -295,6 +295,36 @@ }; }; }; + +#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See j721e_evm.h +#define J721E_SK_TIBOOT3_IMAGE_GUID_STR "e672b518-7cd7-4014-bd8d-40724d0ad4dc" +#define J721E_SK_SYSFW_IMAGE_GUID_STR "6fd10680-361b-431f-80aa-899455819e11" + +&capsule_tiboot3 { + efi-capsule { + image-guid = J721E_SK_TIBOOT3_IMAGE_GUID_STR; + }; +}; + +&binman { + capsule-sysfw { + filename = "sysfw-capsule.bin"; + efi-capsule { + image-index = <0x4>; + image-guid = J721E_SK_SYSFW_IMAGE_GUID_STR; + private-key = "arch/arm/mach-k3/keys/custMpk.pem"; + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt"; + monotonic-count = <0x1>; + + blob { + filename = "sysfw.itb"; + }; + }; + }; +}; + #endif
#ifdef CONFIG_TARGET_J721E_A72_EVM @@ -673,4 +703,23 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See j721e_evm.h +#define J721E_SK_SPL_IMAGE_GUID_STR "86f710ad-10cf-46ea-ac67-856ae06efad2" +#define J721E_SK_UBOOT_IMAGE_GUID_STR "81b58fb0-3b00-4add-a20a-c185bbaca1ed" + +&capsule_tispl { + efi-capsule { + image-guid = J721E_SK_SPL_IMAGE_GUID_STR; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = J721E_SK_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif
Fill in the BeaglePlay's capsule GUID properties of the base binman capsule nodes.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi | 27 ++++++++++++++++++++ arch/arm/dts/k3-am625-r5-beagleplay.dts | 15 +++++++++++ 2 files changed, 42 insertions(+)
diff --git a/arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi b/arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi index 9ac4a825f84..cbb428de1a8 100644 --- a/arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi +++ b/arch/arm/dts/k3-am625-beagleplay-u-boot.dtsi @@ -214,6 +214,33 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See beagleplay.h +#define BEAGLEPLAY_SPL_IMAGE_GUID_STR "b2e7cc49-1a5a-4036-ae01-3387c3bef657" +#define BEAGLEPLAY_UBOOT_IMAGE_GUID_STR "92c92b11-a7ee-486f-aaa2-713d84425b0e" + +&capsule_tispl { + efi-capsule { + image-guid = BEAGLEPLAY_SPL_IMAGE_GUID_STR; + + blob { + filename = "tispl.bin_unsigned"; + }; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = BEAGLEPLAY_UBOOT_IMAGE_GUID_STR; + + blob { + filename = "u-boot.img_unsigned"; + }; + }; +}; + #endif
&main_bcdma { diff --git a/arch/arm/dts/k3-am625-r5-beagleplay.dts b/arch/arm/dts/k3-am625-r5-beagleplay.dts index 9db58f093c8..162d4800b17 100644 --- a/arch/arm/dts/k3-am625-r5-beagleplay.dts +++ b/arch/arm/dts/k3-am625-r5-beagleplay.dts @@ -114,3 +114,18 @@
}; }; + +#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See beagleplay.h +#define BEAGLEPLAY_TIBOOT3_IMAGE_GUID_STR "0e225a09-f720-4d57-9120-e28f737f5a5e" + +&capsule_tiboot3 { + efi-capsule { + image-guid = BEAGLEPLAY_TIBOOT3_IMAGE_GUID_STR; + + blob { + filename = "tiboot3-am62x-gp-evm.bin"; + }; + }; +};
Fill in the am62px SK's capsule GUID properties of the base binman capsule nodes.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-am62p-sk-binman.dtsi | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
diff --git a/arch/arm/dts/k3-am62p-sk-binman.dtsi b/arch/arm/dts/k3-am62p-sk-binman.dtsi index dea14945bf5..3ec73022c60 100644 --- a/arch/arm/dts/k3-am62p-sk-binman.dtsi +++ b/arch/arm/dts/k3-am62p-sk-binman.dtsi @@ -59,6 +59,17 @@ }; };
+#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See am62px_evm.h +#define AM62PX_SK_TIBOOT3_IMAGE_GUID_STR "b08471b7-be2d-4489-87a1-cab28a0cf743" + +&capsule_tiboot3 { + efi-capsule { + image-guid = AM62PX_SK_TIBOOT3_IMAGE_GUID_STR; + }; +}; + #endif /* CONFIG_TARGET_AM62P5_R5_EVM */
#if IS_ENABLED(CONFIG_TARGET_AM62P5_A53_EVM) @@ -170,4 +181,22 @@ }; };
+#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See am62px_evm.h +#define AM62PX_SK_SPL_IMAGE_GUID_STR "d02ed781-6d71-4c1a-a999-3c6a41c36324" +#define AM62PX_SK_UBOOT_IMAGE_GUID_STR "7e6aea51-965c-44ab-b388-daeb03b54f66" + +&capsule_tispl { + efi-capsule { + image-guid = AM62PX_SK_SPL_IMAGE_GUID_STR; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = AM62PX_SK_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif /* CONFIG_TARGET_AM62P5_A53_EVM */
Fill in the am62x SK's capsule GUID properties of the base binman capsule nodes.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-am625-sk-binman.dtsi | 30 ++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi index dfd38d64f63..eadfa398fa3 100644 --- a/arch/arm/dts/k3-am625-sk-binman.dtsi +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi @@ -137,6 +137,17 @@ }; };
+#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See am62x_evm.h +#define AM62X_SK_TIBOOT3_IMAGE_GUID_STR "abcb83d2-9cb6-4351-b8f1-6494bbe3700a" + +&capsule_tiboot3 { + efi-capsule { + image-guid = AM62X_SK_TIBOOT3_IMAGE_GUID_STR; + }; +}; + #endif
#ifdef CONFIG_TARGET_AM625_A53_EVM @@ -452,4 +463,23 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See am62x_evm.h +#define AM62X_SK_SPL_IMAGE_GUID_STR "aee355fc-bf97-4264-8c82-437255efdc1d" +#define AM62X_SK_UBOOT_IMAGE_GUID_STR "28ab8c6c-fca8-41d3-8ea1-5f171b7d2929" + +&capsule_tispl { + efi-capsule { + image-guid = AM62X_SK_SPL_IMAGE_GUID_STR; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = AM62X_SK_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif
Fill in the BeagleBoneAI64's capsule GUID properties of the base binman capsule nodes. Also add it's SYSFW binman capsule node.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- .../dts/k3-j721e-beagleboneai64-u-boot.dtsi | 23 +++++++++++++++ arch/arm/dts/k3-j721e-r5-beagleboneai64.dts | 29 +++++++++++++++++++ 2 files changed, 52 insertions(+)
diff --git a/arch/arm/dts/k3-j721e-beagleboneai64-u-boot.dtsi b/arch/arm/dts/k3-j721e-beagleboneai64-u-boot.dtsi index e202ae16644..884f44239e1 100644 --- a/arch/arm/dts/k3-j721e-beagleboneai64-u-boot.dtsi +++ b/arch/arm/dts/k3-j721e-beagleboneai64-u-boot.dtsi @@ -351,4 +351,27 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See beagleboneai64.h +#define BEAGLEBONEAI64_SPL_IMAGE_GUID_STR "83447222-1e26-40cd-a395-b7de0957e875" +#define BEAGLEBONEAI64_UBOOT_IMAGE_GUID_STR "4249ff77-c17d-4eb7-a1db-45aa9887d49e" + +&capsule_tispl { + efi-capsule { + image-guid = BEAGLEBONEAI64_SPL_IMAGE_GUID_STR; + + blob { + filename = "tispl.bin_unsigned"; + }; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = BEAGLEBONEAI64_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif diff --git a/arch/arm/dts/k3-j721e-r5-beagleboneai64.dts b/arch/arm/dts/k3-j721e-r5-beagleboneai64.dts index 43da4dafba8..d4ef18248b0 100644 --- a/arch/arm/dts/k3-j721e-r5-beagleboneai64.dts +++ b/arch/arm/dts/k3-j721e-r5-beagleboneai64.dts @@ -183,3 +183,32 @@ }; }; }; + +#include "k3-binman-capsule-r5.dtsi" + +// Capsue update GUIDs. See beagleboneai64.h. +#define BEAGLEBONEAI64_TIBOOT3_IMAGE_GUID_STR "772a4810-2194-4923-8754-0115870ef367" +#define BEAGLEBONEAI64_SYSFW_IMAGE_GUID_STR "dfc9c683-49b7-46bd-b3c1-3a3b2fdb135b" + +&capsule_tiboot3 { + efi-capsule { + image-guid = BEAGLEBONEAI64_TIBOOT3_IMAGE_GUID_STR; + }; +}; + +&binman { + capsule-sysfw { + filename = "sysfw-capsule.bin"; + efi-capsule { + image-index = <0x4>; + image-guid = BEAGLEBONEAI64_SYSFW_IMAGE_GUID_STR; + private-key = "arch/arm/mach-k3/keys/custMpk.pem"; + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt"; + monotonic-count = <0x1>; + + blob { + filename = "sysfw.itb"; + }; + }; + }; +};
Fill in the AM69 SK's capsule GUID properties of the base binman capsule nodes.
Signed-off-by: Jonathan Humphreys j-humphreys@ti.com --- arch/arm/dts/k3-j784s4-binman.dtsi | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+)
diff --git a/arch/arm/dts/k3-j784s4-binman.dtsi b/arch/arm/dts/k3-j784s4-binman.dtsi index e4dd6e14a66..7daa86ff4c5 100644 --- a/arch/arm/dts/k3-j784s4-binman.dtsi +++ b/arch/arm/dts/k3-j784s4-binman.dtsi @@ -157,6 +157,22 @@
}; }; + +#include "k3-binman-capsule-r5.dtsi" + +// Capsule update GUIDs in string form. See j784s4_evm.h +#define AM69_SK_TIBOOT3_IMAGE_GUID_STR "adf49ec5-61bb-4dbe-8b8d-39df4d7ebf46" + +&capsule_tiboot3 { + efi-capsule { + image-guid = AM69_SK_TIBOOT3_IMAGE_GUID_STR; + + blob { + filename = "tiboot3-j784s4-hs-fs-evm.bin"; + }; + }; +}; + #endif
#ifdef CONFIG_TARGET_J784S4_A72_EVM @@ -342,4 +358,23 @@ }; }; }; + +#include "k3-binman-capsule.dtsi" + +// Capsule update GUIDs in string form. See j784s4_evm.h +#define AM69_SK_SPL_IMAGE_GUID_STR "787f0059-63a1-461c-a18e-9d838345fe8e" +#define AM69_SK_UBOOT_IMAGE_GUID_STR "9300505d-6ec5-4ff8-99e4-5459a04be617" + +&capsule_tispl { + efi-capsule { + image-guid = AM69_SK_SPL_IMAGE_GUID_STR; + }; +}; + +&capsule_uboot { + efi-capsule { + image-guid = AM69_SK_UBOOT_IMAGE_GUID_STR; + }; +}; + #endif
On Fri, 31 May 2024 17:51:01 -0500, Jonathan Humphreys wrote:
Add binman nodes for EFI capsules of firmware components so that capsules are automatically created during the UBoot builds.
This is enabled for several TI SoC based platforms: AM64, AM62, AM62p, BeaglePlay, AM69, J7, and BeagleboneAI.
Changes from v1:
- on GP devices, still use signed images in capsules where available
- Insert board specific capsule GUIDs into the capsule node's image-guid.
[...]
Applied to u-boot/next, thanks!
participants (2)
-
Jonathan Humphreys -
Tom Rini