[U-Boot] [RESEND PATCH 0/9] Add support for secure boot on Keystone2 SoCs
Hello all,
This series adds support for secure Keystone2 K2E and K2HK devices, much of the work is borrowed from the OMAP style devices as the secure workings are very similar, allowing minimal changes for this support addition.
Thanks, Andrew
Changes for resend: - Fixup patch authorship
Andrew F. Davis (1): defconfig: k2hk_hs_evm: Add k2hk_hs_evm_defconfig
Madan Srinivas (5): image: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS arm: mach-omap2: Add secure image name common to OMAP and keystone ARM: Keystone2: Build secure images for K2 doc: Updates info on using Keystone2 secure devices Kconfig: Adds SYS_TEXT_BASE config option for Keystone2
Vitaly Andrianov (3): arm: mach-keystone: Implements FIT post-processing call for keystone SoCs arm: mach-omap2: Enable Kconfig support for K2 HS devices defconfig: k2e_hs_evm: Add k2e_hs_evm_defconfig
Kconfig | 2 +- arch/arm/mach-keystone/config.mk | 6 ++ arch/arm/mach-keystone/mon.c | 73 ++++++++++++++++++++++ arch/arm/mach-omap2/Kconfig | 2 +- arch/arm/mach-omap2/config_secure.mk | 6 ++ configs/k2e_evm_defconfig | 1 + .../{k2e_evm_defconfig => k2e_hs_evm_defconfig} | 15 ++--- configs/k2g_evm_defconfig | 1 + configs/k2hk_evm_defconfig | 1 + .../{k2hk_evm_defconfig => k2hk_hs_evm_defconfig} | 13 ++-- configs/k2l_evm_defconfig | 1 + doc/README.ti-secure | 20 ++++++ include/image.h | 3 +- 13 files changed, 122 insertions(+), 22 deletions(-) copy configs/{k2e_evm_defconfig => k2e_hs_evm_defconfig} (78%) copy configs/{k2hk_evm_defconfig => k2hk_hs_evm_defconfig} (80%)
From: Madan Srinivas madans@ti.com
The function 'board_fit_image_post_process' is defined only when the config option CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not use SPL but do use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will be defined, which will result in an implicit declaration of function 'board_fit_image_post_process' warning while building u-boot. Fix this warning.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Tom Rini trini@konsulko.com --- include/image.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/image.h b/include/image.h index 1e686b76d3..24cdd8cd14 100644 --- a/include/image.h +++ b/include/image.h @@ -1257,7 +1257,8 @@ void android_print_contents(const struct andr_img_hdr *hdr); */ int board_fit_config_name_match(const char *name);
-#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS +#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \ + defined(CONFIG_FIT_IMAGE_POST_PROCESS) /** * board_fit_image_post_process() - Do any post-process on FIT binary data *
From: Vitaly Andrianov vitalya@ti.com
This commit implements the board_fit_image_post_process() function for the keystone architecture. This function calls into the secure boot monitor for secure authentication/decryption of the image. All needed work is handled by the boot monitor and, depending on the keystone platform, the security functions may be offloaded to other secure processing elements in the SoC.
The boot monitor acts as the gateway to these secure functions and the boot monitor for secure devices is available as part of the SECDEV package for KS2. For more details refer doc/README.ti-secure
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/mach-keystone/mon.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+)
diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c index 256f6300ed..81009848d0 100644 --- a/arch/arm/mach-keystone/mon.c +++ b/arch/arm/mach-keystone/mon.c @@ -10,6 +10,7 @@ #include <common.h> #include <command.h> #include <mach/mon.h> +#include <spl.h> asm(".arch_extension sec\n\t");
int mon_install(u32 addr, u32 dpsc, u32 freq) @@ -61,3 +62,75 @@ int mon_power_off(int core_id) : "cc", "r0", "r1", "memory"); return result; } + +#ifdef CONFIG_TI_SECURE_DEVICE +#define KS2_HS_SEC_HEADER_LEN 0x60 +#define KS2_HS_SEC_TAG_OFFSET 0x34 +#define KS2_AUTH_CMD 130 + +/** + * k2_hs_bm_auth() - Invokes security functions using a + * proprietary TI interface. This binary and source for + * this is available in the secure development package or + * SECDEV. For details on how to access this please refer + * doc/README.ti-secure + * + * @cmd: Secure monitor command + * @arg1: Argument for command + * + * returns non-zero value on success, zero on error + */ +static int k2_hs_bm_auth(int cmd, void *arg1) +{ + int result; + + asm volatile ( + "stmfd r13!, {r4-r12, lr}\n" + "mov r0, %1\n" + "mov r1, %2\n" + "smc #2\n" + "ldmfd r13!, {r4-r12, lr}\n" + : "=&r" (result) + : "r" (cmd), "r" (arg1) + : "cc", "r0", "r1", "memory"); + + return result; +} + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + int result = 0; + void *image = *p_image; + + if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) { + printf("No signature found in image!\n"); + hang(); + } + + result = k2_hs_bm_auth(KS2_AUTH_CMD, image); + if (result == 0) { + printf("Authentication failed!\n"); + hang(); + } + + /* + * Overwrite the image headers after authentication + * and decryption. Update size to reflect removal + * of header. + */ + memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size); + *p_size -= KS2_HS_SEC_HEADER_LEN; + + /* + * Output notification of successful authentication to re-assure the + * user that the secure code is being processed as expected. However + * suppress any such log output in case of building for SPL and booting + * via YMODEM. This is done to avoid disturbing the YMODEM serial + * protocol transactions. + */ + if (!(IS_ENABLED(CONFIG_SPL_BUILD) && + IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && + spl_boot_device() == BOOT_DEVICE_UART)) + printf("Authentication passed\n"); +} +#endif
On Fri, Feb 24, 2017 at 06:59:39AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
This commit implements the board_fit_image_post_process() function for the keystone architecture. This function calls into the secure boot monitor for secure authentication/decryption of the image. All needed work is handled by the boot monitor and, depending on the keystone platform, the security functions may be offloaded to other secure processing elements in the SoC.
The boot monitor acts as the gateway to these secure functions and the boot monitor for secure devices is available as part of the SECDEV package for KS2. For more details refer doc/README.ti-secure
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Vitaly Andrianov vitalya@ti.com
Like the OMAP54xx, AM43xx, & AM33xx family SoCs, the keystone family of SoCs also have high security enabled models. Allow K2E devices to be built with HS Device Type Support.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/mach-omap2/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-omap2/Kconfig b/arch/arm/mach-omap2/Kconfig index 24bc485195..d74b068abc 100644 --- a/arch/arm/mach-omap2/Kconfig +++ b/arch/arm/mach-omap2/Kconfig @@ -1,6 +1,6 @@ config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on OMAP54XX || AM43XX || AM33XX + depends on OMAP54XX || AM43XX || AM33XX || ARCH_KEYSTONE help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the
On Fri, Feb 24, 2017 at 06:59:40AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
Like the OMAP54xx, AM43xx, & AM33xx family SoCs, the keystone family of SoCs also have high security enabled models. Allow K2E devices to be built with HS Device Type Support.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Madan Srinivas madans@ti.com
As K2 can directly boot U-Boot, add u-boot_HS_MLO as the secure image name for secure K2 devices, for all boot modes other than SPI flash.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/mach-omap2/config_secure.mk | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk index 0c843338d7..0346cb93ab 100644 --- a/arch/arm/mach-omap2/config_secure.mk +++ b/arch/arm/mach-omap2/config_secure.mk @@ -77,6 +77,12 @@ u-boot-spl_HS_ISSW: $(obj)/u-boot-spl.bin FORCE u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin FORCE $(call if_changed,mkomapsecimg)
+# For supporting single stage boot on keystone, the image is a full u-boot +# file, not an SPL. This will work for all boot devices, other than SPI +# flash +u-boot_HS_MLO: $(obj)/u-boot.bin + $(call if_changed,mkomapsecimg) + # For supporting single stage XiP QSPI on AM43xx, the image is a full u-boot # file, not an SPL. In this case the mkomapsecimg command looks for a # u-boot-HS_* prefix
On Fri, Feb 24, 2017 at 06:59:41AM -0600, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
As K2 can directly boot U-Boot, add u-boot_HS_MLO as the secure image name for secure K2 devices, for all boot modes other than SPI flash.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Madan Srinivas madans@ti.com
Adds an additional image type needed for supporting secure keystone devices. The build generates u-boot_HS_MLO which can be used to boot from all media on secure keystone devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/mach-keystone/config.mk | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/arch/arm/mach-keystone/config.mk b/arch/arm/mach-keystone/config.mk index 9ae1e9ac91..db556ea0a8 100644 --- a/arch/arm/mach-keystone/config.mk +++ b/arch/arm/mach-keystone/config.mk @@ -5,9 +5,15 @@ # SPDX-License-Identifier: GPL-2.0+ #
+include $(srctree)/arch/arm/mach-omap2/config_secure.mk + ifndef CONFIG_SPL_BUILD +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot_HS_MLO +else ALL-y += MLO endif +endif
MKIMAGEFLAGS_u-boot-spl.gph = -A $(ARCH) -T gpimage -C none \ -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE) -n SPL
On Fri, Feb 24, 2017 at 06:59:42AM -0600, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
Adds an additional image type needed for supporting secure keystone devices. The build generates u-boot_HS_MLO which can be used to boot from all media on secure keystone devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Madan Srinivas madans@ti.com
Add a section describing the secure boot image used on Keystone2 secure devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- doc/README.ti-secure | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 9b0fbf9732..4b5380c0f3 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -133,6 +133,26 @@ Booting of U-Boot SPL u-boot-spl_HS_X-LOADER - boot image for all other flash memories including QSPI and NOR flash
+ Invoking the script for Keystone2 Secure Devices + ============================================= + + create-boot-image.sh \ + <UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED> + + <UNUSED> is currently ignored and reserved for future use. + + <INPUT_FILE> is the full path and filename of the public world boot + loader binary file (only u-boot.bin is currently supported on + Keystone2 devices, u-boot-spl.bin is not currently supported). + + <OUTPUT_FILE> is the full path and filename of the final secure image. + The output binary images should be used in place of the standard + non-secure binary images (see the platform-specific user's guides + and releases notes for how the non-secure images are typically used) + u-boot_HS_MLO - signed and encrypted boot image that can be used to + boot from all media. Secure boot from SPI NOR flash is not + currently supported. + Booting of Primary U-Boot (u-boot.img) ======================================
On Fri, Feb 24, 2017 at 06:59:43AM -0600, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
Add a section describing the secure boot image used on Keystone2 secure devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Madan Srinivas madans@ti.com
This patch makes SYS_TEXT_BASE a config option for Keystone2 so that it can be used to load u-boot at different addresses on secure and non-secure Keystone2 devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- Kconfig | 2 +- configs/k2e_evm_defconfig | 1 + configs/k2g_evm_defconfig | 1 + configs/k2hk_evm_defconfig | 1 + configs/k2l_evm_defconfig | 1 + 5 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/Kconfig b/Kconfig index 81b4226463..1a5b105daa 100644 --- a/Kconfig +++ b/Kconfig @@ -285,7 +285,7 @@ config SYS_EXTRA_OPTIONS config SYS_TEXT_BASE depends on SPARC || ARC || X86 || ARCH_UNIPHIER || ARCH_ZYNQMP || \ (M68K && !TARGET_ASTRO_MCF5373L) || MICROBLAZE || MIPS || \ - ARCH_ZYNQ + ARCH_ZYNQ || ARCH_KEYSTONE depends on !EFI_APP hex "Text Base" help diff --git a/configs/k2e_evm_defconfig b/configs/k2e_evm_defconfig index a42a485e2b..95259661c9 100644 --- a/configs/k2e_evm_defconfig +++ b/configs/k2e_evm_defconfig @@ -8,6 +8,7 @@ CONFIG_SPL_POWER_SUPPORT=y CONFIG_SPL_SERIAL_SUPPORT=y CONFIG_SPL_SPI_FLASH_SUPPORT=y CONFIG_SPL_SPI_SUPPORT=y +CONFIG_SYS_TEXT_BASE=0x0c000000 CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y diff --git a/configs/k2g_evm_defconfig b/configs/k2g_evm_defconfig index f3ee01afb1..84b5152e80 100644 --- a/configs/k2g_evm_defconfig +++ b/configs/k2g_evm_defconfig @@ -8,6 +8,7 @@ CONFIG_SPL_POWER_SUPPORT=y CONFIG_SPL_SERIAL_SUPPORT=y CONFIG_SPL_SPI_FLASH_SUPPORT=y CONFIG_SPL_SPI_SUPPORT=y +CONFIG_SYS_TEXT_BASE=0x0c000000 CONFIG_DEFAULT_DEVICE_TREE="keystone-k2g-evm" CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y diff --git a/configs/k2hk_evm_defconfig b/configs/k2hk_evm_defconfig index d924796627..87fe2f437a 100644 --- a/configs/k2hk_evm_defconfig +++ b/configs/k2hk_evm_defconfig @@ -8,6 +8,7 @@ CONFIG_SPL_POWER_SUPPORT=y CONFIG_SPL_SERIAL_SUPPORT=y CONFIG_SPL_SPI_FLASH_SUPPORT=y CONFIG_SPL_SPI_SUPPORT=y +CONFIG_SYS_TEXT_BASE=0x0c000000 CONFIG_DEFAULT_DEVICE_TREE="keystone-k2hk-evm" CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y diff --git a/configs/k2l_evm_defconfig b/configs/k2l_evm_defconfig index c81758571c..9226488409 100644 --- a/configs/k2l_evm_defconfig +++ b/configs/k2l_evm_defconfig @@ -8,6 +8,7 @@ CONFIG_SPL_POWER_SUPPORT=y CONFIG_SPL_SERIAL_SUPPORT=y CONFIG_SPL_SPI_FLASH_SUPPORT=y CONFIG_SPL_SPI_SUPPORT=y +CONFIG_SYS_TEXT_BASE=0x0c000000 CONFIG_DEFAULT_DEVICE_TREE="keystone-k2l-evm" CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_CONSOLE_INFO_QUIET=y
On Fri, Feb 24, 2017 at 06:59:44AM -0600, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
This patch makes SYS_TEXT_BASE a config option for Keystone2 so that it can be used to load u-boot at different addresses on secure and non-secure Keystone2 devices.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
From: Vitaly Andrianov vitalya@ti.com
TI K2E secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- configs/k2e_hs_evm_defconfig | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig
diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000000..d515cedaca --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E HS EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
On Fri, Feb 24, 2017 at 06:59:45AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
TI K2E secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
configs/k2e_hs_evm_defconfig | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig
diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000000..d515cedaca --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E HS EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
This shows a number of the will-be-problems like the AM43/AM33 devices have. More things need to be select'd and imply'd so that the _hs_ variant defconfigs do not get out of sync easily and often.
On 02/27/2017 09:19 AM, Tom Rini wrote:
On Fri, Feb 24, 2017 at 06:59:45AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
TI K2E secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
configs/k2e_hs_evm_defconfig | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig
diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000000..d515cedaca --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E HS EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
This shows a number of the will-be-problems like the AM43/AM33 devices have. More things need to be select'd and imply'd so that the _hs_ variant defconfigs do not get out of sync easily and often.
I do not think selecting all these options in Kconfig files is safe right now, at least until moving some more symbols to Kconfig is complete. After that we can add proper dependencies to all the symbols and some things like _CMD_ symbols could be added automatically.
Defconfigs are easier to cleanup than Kconfig definitions. I do not want to maintain the per-platform Kconfig select'd list before we get symbol dependencies worked out.
Andrew
On Tue, Feb 28, 2017 at 11:47:01AM -0600, Andrew F. Davis wrote:
On 02/27/2017 09:19 AM, Tom Rini wrote:
On Fri, Feb 24, 2017 at 06:59:45AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
TI K2E secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
configs/k2e_hs_evm_defconfig | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig
diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000000..d515cedaca --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E HS EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
This shows a number of the will-be-problems like the AM43/AM33 devices have. More things need to be select'd and imply'd so that the _hs_ variant defconfigs do not get out of sync easily and often.
I do not think selecting all these options in Kconfig files is safe right now, at least until moving some more symbols to Kconfig is complete. After that we can add proper dependencies to all the symbols and some things like _CMD_ symbols could be added automatically.
Defconfigs are easier to cleanup than Kconfig definitions. I do not want to maintain the per-platform Kconfig select'd list before we get symbol dependencies worked out.
Well, at the end of the day, the pain is on you on re-syncing the defconfig files, so if you want to wait on adding more logic, OK, I'll remove my objection.
On 28 February 2017 at 10:58, Tom Rini trini@konsulko.com wrote:
On Tue, Feb 28, 2017 at 11:47:01AM -0600, Andrew F. Davis wrote:
On 02/27/2017 09:19 AM, Tom Rini wrote:
On Fri, Feb 24, 2017 at 06:59:45AM -0600, Andrew F. Davis wrote:
From: Vitaly Andrianov vitalya@ti.com
TI K2E secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Vitaly Andrianov vitalya@ti.com Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
configs/k2e_hs_evm_defconfig | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig
diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000000..d515cedaca --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E HS EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
This shows a number of the will-be-problems like the AM43/AM33 devices have. More things need to be select'd and imply'd so that the _hs_ variant defconfigs do not get out of sync easily and often.
I do not think selecting all these options in Kconfig files is safe right now, at least until moving some more symbols to Kconfig is complete. After that we can add proper dependencies to all the symbols and some things like _CMD_ symbols could be added automatically.
Defconfigs are easier to cleanup than Kconfig definitions. I do not want to maintain the per-platform Kconfig select'd list before we get symbol dependencies worked out.
Well, at the end of the day, the pain is on you on re-syncing the defconfig files, so if you want to wait on adding more logic, OK, I'll remove my objection.
OK
Reviewed-by: Simon Glass sjg@chromium.org
TI K2HK secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Andrew F. Davis afd@ti.com --- configs/k2hk_hs_evm_defconfig | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2hk_hs_evm_defconfig
diff --git a/configs/k2hk_hs_evm_defconfig b/configs/k2hk_hs_evm_defconfig new file mode 100644 index 0000000000..9fe91ea19c --- /dev/null +++ b/configs/k2hk_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2HK_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2hk-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2HK EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
On Fri, Feb 24, 2017 at 06:59:46AM -0600, Andrew F. Davis wrote:
TI K2HK secure devices have to be built with TI_SECURE_DEVICE, FIT, and FIT_IMAGE_POST_PROCESS enabled. Add a dedicated defconfig for this.
Signed-off-by: Andrew F. Davis afd@ti.com
configs/k2hk_hs_evm_defconfig | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 configs/k2hk_hs_evm_defconfig
Same comments as 8/9, thanks!
diff --git a/configs/k2hk_hs_evm_defconfig b/configs/k2hk_hs_evm_defconfig new file mode 100644 index 0000000000..9fe91ea19c --- /dev/null +++ b/configs/k2hk_hs_evm_defconfig @@ -0,0 +1,51 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_SYS_TEXT_BASE=0x0c000060 +CONFIG_TARGET_K2HK_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2hk-evm" +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2HK EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_PART=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
2.11.0
participants (3)
-
Andrew F. Davis -
Simon Glass -
Tom Rini