[PATCH V2 0/2] arm: mach-k3: Move TI keys out of board folder
Hi,
V2 of the series broadening the scope a bit more here.
Changes in V2: * Drop the override from verdin binman files since the default depends on k3-binman.dtsi * Move the TI dummy keys out to arch as well (new patch)
V1: https://lore.kernel.org/all/20231103224453.3264313-1-nm@ti.com/
Nishanth Menon (2): arm: mach-k3: Move K3 degenerate keys out of board folder arm: mach-k3: Move TI dummy keys out of board folder
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 8 -------- arch/arm/dts/k3-binman.dtsi | 4 ++-- {board/ti => arch/arm/mach-k3}/keys/custMpk.crt | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.key | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.pem | 0 {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem | 0 6 files changed, 2 insertions(+), 10 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.crt (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.key (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.pem (100%) rename {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem (100%)
This file is common for all of K3, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com --- Changes from V1: * Dropped the override from verdin dtsi
V1: https://lore.kernel.org/all/20231103224453.3264313-1-nm@ti.com/
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 4 ---- arch/arm/dts/k3-binman.dtsi | 2 +- {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem | 0 3 files changed, 1 insertion(+), 5 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem (100%)
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index b489d8afbe36..ea22bfb9bad6 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -9,10 +9,6 @@ filename = "../../ti/keys/custMpk.pem"; };
-&dkey_pem { - filename = "../../ti/keys/ti-degenerate-key.pem"; -}; - #ifdef CONFIG_TARGET_VERDIN_AM62_R5
&binman { diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index 0212d44ee3b2..b941726e6246 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -20,7 +20,7 @@ ti-degenerate-key { filename = "ti-degenerate-key.pem"; dkey_pem: blob-ext { - filename = "../keys/ti-degenerate-key.pem"; + filename = "arch/arm/mach-k3/keys/ti-degenerate-key.pem"; }; }; }; diff --git a/board/ti/keys/ti-degenerate-key.pem b/arch/arm/mach-k3/keys/ti-degenerate-key.pem similarity index 100% rename from board/ti/keys/ti-degenerate-key.pem rename to arch/arm/mach-k3/keys/ti-degenerate-key.pem
On Fri, Nov 03, 2023 at 09:45:10PM -0500, Nishanth Menon wrote:
This file is common for all of K3, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com
Reviewed-by: Francesco Dolcini francesco.dolcini@toradex.com
Francesco
On 11/3/23 9:45 PM, Nishanth Menon wrote:
This file is common for all of K3, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com
Reviewed-by: Andrew Davis afd@ti.com
Changes from V1:
- Dropped the override from verdin dtsi
V1: https://lore.kernel.org/all/20231103224453.3264313-1-nm@ti.com/
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 4 ---- arch/arm/dts/k3-binman.dtsi | 2 +- {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem | 0 3 files changed, 1 insertion(+), 5 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/ti-degenerate-key.pem (100%)
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index b489d8afbe36..ea22bfb9bad6 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -9,10 +9,6 @@ filename = "../../ti/keys/custMpk.pem"; };
-&dkey_pem {
- filename = "../../ti/keys/ti-degenerate-key.pem";
-};
#ifdef CONFIG_TARGET_VERDIN_AM62_R5
&binman {
diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index 0212d44ee3b2..b941726e6246 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -20,7 +20,7 @@ ti-degenerate-key { filename = "ti-degenerate-key.pem"; dkey_pem: blob-ext {
filename = "../keys/ti-degenerate-key.pem";
filename = "arch/arm/mach-k3/keys/ti-degenerate-key.pem";diff --git a/board/ti/keys/ti-degenerate-key.pem b/arch/arm/mach-k3/keys/ti-degenerate-key.pem similarity index 100% rename from board/ti/keys/ti-degenerate-key.pem rename to arch/arm/mach-k3/keys/ti-degenerate-key.pem
On Fri, Nov 03, 2023 at 09:45:10PM -0500, Nishanth Menon wrote:
This file is common for all of K3, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com Reviewed-by: Francesco Dolcini francesco.dolcini@toradex.com Reviewed-by: Andrew Davis afd@ti.com
Applied to u-boot/next, thanks!
This file is used to emulate customer keys on TI development board ecosystems, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com --- New patch in series.
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 4 ---- arch/arm/dts/k3-binman.dtsi | 2 +- {board/ti => arch/arm/mach-k3}/keys/custMpk.crt | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.key | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.pem | 0 5 files changed, 1 insertion(+), 5 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.crt (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.key (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.pem (100%)
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index ea22bfb9bad6..58fde95adf67 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -5,10 +5,6 @@
#include "k3-binman.dtsi"
-&custmpk_pem { - filename = "../../ti/keys/custMpk.pem"; -}; - #ifdef CONFIG_TARGET_VERDIN_AM62_R5
&binman { diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index b941726e6246..8d4b0b2454f6 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -13,7 +13,7 @@ custMpk { filename = "custMpk.pem"; custmpk_pem: blob-ext { - filename = "../keys/custMpk.pem"; + filename = "arch/arm/mach-k3/keys/custMpk.pem"; }; };
diff --git a/board/ti/keys/custMpk.crt b/arch/arm/mach-k3/keys/custMpk.crt similarity index 100% rename from board/ti/keys/custMpk.crt rename to arch/arm/mach-k3/keys/custMpk.crt diff --git a/board/ti/keys/custMpk.key b/arch/arm/mach-k3/keys/custMpk.key similarity index 100% rename from board/ti/keys/custMpk.key rename to arch/arm/mach-k3/keys/custMpk.key diff --git a/board/ti/keys/custMpk.pem b/arch/arm/mach-k3/keys/custMpk.pem similarity index 100% rename from board/ti/keys/custMpk.pem rename to arch/arm/mach-k3/keys/custMpk.pem
On Fri, Nov 03, 2023 at 09:45:11PM -0500, Nishanth Menon wrote:
This file is used to emulate customer keys on TI development board ecosystems, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com
Reviewed-by: Francesco Dolcini francesco.dolcini@toradex.com
On 11/3/23 9:45 PM, Nishanth Menon wrote:
This file is used to emulate customer keys on TI development board ecosystems, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com
Moving custMpk.pem looks good. But I don't know how .crt and .key are actually used right now, I'd guess they already get pulled in during FIT signing using relative paths so this might be okay.
Good to get an ACK from +Manorit to be sure though.
Andrew
New patch in series.
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 4 ---- arch/arm/dts/k3-binman.dtsi | 2 +- {board/ti => arch/arm/mach-k3}/keys/custMpk.crt | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.key | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.pem | 0 5 files changed, 1 insertion(+), 5 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.crt (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.key (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.pem (100%)
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index ea22bfb9bad6..58fde95adf67 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -5,10 +5,6 @@
#include "k3-binman.dtsi"
-&custmpk_pem {
- filename = "../../ti/keys/custMpk.pem";
-};
#ifdef CONFIG_TARGET_VERDIN_AM62_R5
&binman {
diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index b941726e6246..8d4b0b2454f6 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -13,7 +13,7 @@ custMpk { filename = "custMpk.pem"; custmpk_pem: blob-ext {
filename = "../keys/custMpk.pem";
filename = "arch/arm/mach-k3/keys/custMpk.pem";diff --git a/board/ti/keys/custMpk.crt b/arch/arm/mach-k3/keys/custMpk.crt similarity index 100% rename from board/ti/keys/custMpk.crt rename to arch/arm/mach-k3/keys/custMpk.crt diff --git a/board/ti/keys/custMpk.key b/arch/arm/mach-k3/keys/custMpk.key similarity index 100% rename from board/ti/keys/custMpk.key rename to arch/arm/mach-k3/keys/custMpk.key diff --git a/board/ti/keys/custMpk.pem b/arch/arm/mach-k3/keys/custMpk.pem similarity index 100% rename from board/ti/keys/custMpk.pem rename to arch/arm/mach-k3/keys/custMpk.pem
On 11:11-20231106, Andrew Davis wrote:
On 11/3/23 9:45 PM, Nishanth Menon wrote:
This file is used to emulate customer keys on TI development board ecosystems, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com
Moving custMpk.pem looks good. But I don't know how .crt and .key are actually used right now, I'd guess they already get pulled in during FIT signing using relative paths so this might be okay.
Good to get an ACK from +Manorit to be sure though.
I think the current yocto builds are not using the keys so should be okay. I wasn't able to get the u-boot keys and ended up using the keys in core-secdev. Might be a future action to actually use these keys, they currently just help in Upstream and people don't have to go to core-secdev for getting these.
Acked-by: Manorit Chawdhry m-chawdhry@ti.com
Regards, Manorit
Andrew
New patch in series.
arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 4 ---- arch/arm/dts/k3-binman.dtsi | 2 +- {board/ti => arch/arm/mach-k3}/keys/custMpk.crt | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.key | 0 {board/ti => arch/arm/mach-k3}/keys/custMpk.pem | 0 5 files changed, 1 insertion(+), 5 deletions(-) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.crt (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.key (100%) rename {board/ti => arch/arm/mach-k3}/keys/custMpk.pem (100%)
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index ea22bfb9bad6..58fde95adf67 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -5,10 +5,6 @@ #include "k3-binman.dtsi" -&custmpk_pem {
- filename = "../../ti/keys/custMpk.pem";
-};
- #ifdef CONFIG_TARGET_VERDIN_AM62_R5 &binman {
diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index b941726e6246..8d4b0b2454f6 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -13,7 +13,7 @@ custMpk { filename = "custMpk.pem"; custmpk_pem: blob-ext {
filename = "../keys/custMpk.pem";
filename = "arch/arm/mach-k3/keys/custMpk.pem";diff --git a/board/ti/keys/custMpk.crt b/arch/arm/mach-k3/keys/custMpk.crt similarity index 100% rename from board/ti/keys/custMpk.crt rename to arch/arm/mach-k3/keys/custMpk.crt diff --git a/board/ti/keys/custMpk.key b/arch/arm/mach-k3/keys/custMpk.key similarity index 100% rename from board/ti/keys/custMpk.key rename to arch/arm/mach-k3/keys/custMpk.key diff --git a/board/ti/keys/custMpk.pem b/arch/arm/mach-k3/keys/custMpk.pem similarity index 100% rename from board/ti/keys/custMpk.pem rename to arch/arm/mach-k3/keys/custMpk.pem
On Fri, Nov 03, 2023 at 09:45:11PM -0500, Nishanth Menon wrote:
This file is used to emulate customer keys on TI development board ecosystems, move it out of board/ directory and into mach-k3. And change the relative paths to absolute paths in the binman paths.
While at it, drop the reference in verdin-binman file which is redundant.
Signed-off-by: Nishanth Menon nm@ti.com Reviewed-by: Francesco Dolcini francesco.dolcini@toradex.com Acked-by: Manorit Chawdhry m-chawdhry@ti.com
Applied to u-boot/next, thanks!
participants (5)
-
Andrew Davis -
Francesco Dolcini -
Manorit Chawdhry -
Nishanth Menon -
Tom Rini