[PATCH v3 0/2] Enable split mode in binman
This series extends the functionality of ti-secure-rom entry type in binman to support enabling of split mode vs. the default lockstep mode via changing the field in the x509 certificate. A DONOTMERGE patch is added to give an example of how this can be done via the binman.dtsi
Changes in v3: - Simon - added entries.rst change - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - Udit: - included TRM link in commit message - added DONOTMERGE patch showing example
Neha Malcom Francis (2): binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts DONOTMERGE: arm: dts: k3-j7200-binman: Enable split mode for MCU R5
arch/arm/dts/k3-j7200-binman.dtsi | 3 +++ tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 6 files changed, 20 insertions(+), 5 deletions(-)
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com --- Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py index aad3b61ae2..86cc56fbd7 100644 --- a/tools/binman/btool/openssl.py +++ b/tools/binman/btool/openssl.py @@ -155,6 +155,7 @@ authInPlace = INTEGER:2 C, ST, L, O, OU, CN and emailAddress cert_type (int): Certification type bootcore (int): Booting core + bootcore_opts(int): Booting core option (split/lockstep mode) load_addr (int): Load address of image sha (int): Hash function
@@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw, hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data, hashval_sysfw_data, sysfw_inner_cert_ext_boot_block, - dm_data_ext_boot_block): + dm_data_ext_boot_block, bootcore_opts): """Create a certificate
Args: @@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} bootcore (int): Booting core load_addr (int): Load address of image sha (int): Hash function + bootcore_opts (int): Boot core option (split/lockstep mode)
Returns: str: Tool output @@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data [sbl] compType = INTEGER:1 bootCore = INTEGER:16 -compOpts = INTEGER:0 +compOpts = INTEGER:{bootcore_opts} destAddr = FORMAT:HEX,OCT:{load_addr:08x} compSize = INTEGER:{imagesize_sbl} shaType = OID:{sha_type} diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 801bd94674..b401f9426a 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1900,6 +1900,7 @@ Properties / Entry arguments: - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index 9a7ac9e9e0..17c50cefa1 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow + - core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate @@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.core = fdt_util.GetString(self._node, 'core', 'secure') + self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts') self.key_fname = self.GetEntryArgsOrProps([ EntryArg('keyfile', str)], required=True)[0] if self.combined: @@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert): bytes content of the entry, which is the certificate binary for the provided data """ + if self.bootcore_opts is None: + self.bootcore_opts = 0 + if self.core == 'secure': if self.countersign: self.cert_type = 3 else: self.cert_type = 2 self.bootcore = 0 - self.bootcore_opts = 32 else: self.cert_type = 1 self.bootcore = 16 - self.bootcore_opts = 0 + return super().GetCertificate(required=required, type='rom')
def CombinedGetCertificate(self, required): @@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.num_comps = 3 self.sha_type = SHA_OIDS[self.sha]
+ if self.bootcore_opts is None: + self.bootcore_opts = 0 + # sbl self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') input_data_sbl = self.GetContents(required) diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py index d028cfe38c..fc0bb12278 100644 --- a/tools/binman/etype/x509_cert.py +++ b/tools/binman/etype/x509_cert.py @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection): imagesize_sysfw_data=self.imagesize_sysfw_data, hashval_sysfw_data=self.hashval_sysfw_data, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block, - dm_data_ext_boot_block=self.dm_data_ext_boot_block + dm_data_ext_boot_block=self.dm_data_ext_boot_block, + bootcore_opts=self.bootcore_opts ) if stdout is not None: data = tools.read_file(output_fname) diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>; + core-opts = <2>; }; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py index aad3b61ae2..86cc56fbd7 100644 --- a/tools/binman/btool/openssl.py +++ b/tools/binman/btool/openssl.py @@ -155,6 +155,7 @@ authInPlace = INTEGER:2 C, ST, L, O, OU, CN and emailAddress cert_type (int): Certification type bootcore (int): Booting core
bootcore_opts(int): Booting core option (split/lockstep mode)
Please indicate what possible values are allowed
load_addr (int): Load address of image sha (int): Hash function@@ -225,7 +226,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw, hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data, hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
dm_data_ext_boot_block):
dm_data_ext_boot_block, bootcore_opts): """Create a certificate Args:@@ -241,6 +242,7 @@ emailAddress = {req_dist_name_dict['emailAddress']} bootcore (int): Booting core load_addr (int): Load address of image sha (int): Hash function
bootcore_opts (int): Boot core option (split/lockstep mode) Returns: str: Tool output@@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data [sbl] compType = INTEGER:1 bootCore = INTEGER:16 -compOpts = INTEGER:0 +compOpts = INTEGER:{bootcore_opts} destAddr = FORMAT:HEX,OCT:{load_addr:08x} compSize = INTEGER:{imagesize_sbl} shaType = OID:{sha_type} diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 801bd94674..b401f9426a 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1900,6 +1900,7 @@ Properties / Entry arguments: - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow
- core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by default
Here it is 1 but below it says 2
The following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index 9a7ac9e9e0..17c50cefa1 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): - core: core on which bootloader runs, valid cores are 'secure' and 'public' - content: phandle of SPL in case of legacy bootflow or phandles of component binaries in case of combined bootflow
- core-opts (optional): split-mode (0) or lockstep mode (1) set to 0 by defaultThe following properties are only for generating a combined bootflow binary: - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
@@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1) self.sha = fdt_util.GetInt(self._node, 'sha', 512) self.core = fdt_util.GetString(self._node, 'core', 'secure')
self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts') self.key_fname = self.GetEntryArgsOrProps([ EntryArg('keyfile', str)], required=True)[0] if self.combined:@@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert): bytes content of the entry, which is the certificate binary for the provided data """
if self.bootcore_opts is None:self.bootcore_opts = 0if self.core == 'secure': if self.countersign: self.cert_type = 3 else: self.cert_type = 2 self.bootcore = 0
self.bootcore_opts = 32 else: self.cert_type = 1 self.bootcore = 16self.bootcore_opts = 0
return super().GetCertificate(required=required, type='rom')def CombinedGetCertificate(self, required):
@@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert): self.num_comps = 3 self.sha_type = SHA_OIDS[self.sha]
if self.bootcore_opts is None:self.bootcore_opts = 0# sbl self.content = fdt_util.GetPhandleList(self._node, 'content-sbl') input_data_sbl = self.GetContents(required)diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py index d028cfe38c..fc0bb12278 100644 --- a/tools/binman/etype/x509_cert.py +++ b/tools/binman/etype/x509_cert.py @@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection): imagesize_sysfw_data=self.imagesize_sysfw_data, hashval_sysfw_data=self.hashval_sysfw_data, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
dm_data_ext_boot_block=self.dm_data_ext_boot_block
dm_data_ext_boot_block=self.dm_data_ext_boot_block,bootcore_opts=self.bootcore_opts ) if stdout is not None: data = tools.read_file(output_fname)diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;
here ^
Do you think there could be a binding file in dt-bindings/ for this value?
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
[...]
diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
Hi Neha,
On Tue, 17 Oct 2023 at 03:58, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
[...]
diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
Yes it is difficult to do anything genuinely new.
I am anticipating something like compatible = "ti,secure-rom"
so I suppose you could create a header file with suitable values for this property.
On the other hand, you could wait until there is progress with the bindings.
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
Hi Simon
On 18/10/23 09:03, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 03:58, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
[...]
diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
Yes it is difficult to do anything genuinely new.
I am anticipating something like compatible = "ti,secure-rom"
so I suppose you could create a header file with suitable values for this property.
On the other hand, you could wait until there is progress with the bindings.
I can try adding a header file for now, but follow up question; shouldn't it be added to arch/arm/dts rather than include/dt-bindings? There was traction by DT maintainers to move all such constants not directly used by the driver (in this case binman) to arch/arm/dts? [1] If you mean to use these constants in binman, will need to see how we can do that.
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
[1] https://lore.kernel.org/all/c4d53e9c-dac0-8ccc-dc86-faada324beba@linaro.org/
Hi Neha,
On Tue, 17 Oct 2023 at 23:20, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 18/10/23 09:03, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 03:58, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)
[...]
diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
Yes it is difficult to do anything genuinely new.
I am anticipating something like compatible = "ti,secure-rom"
so I suppose you could create a header file with suitable values for this property.
On the other hand, you could wait until there is progress with the bindings.
I can try adding a header file for now, but follow up question; shouldn't it be added to arch/arm/dts rather than include/dt-bindings? There was traction by DT maintainers to move all such constants not directly used by the driver (in this case binman) to arch/arm/dts? [1] If you mean to use these constants in binman, will need to see how we can do that.
You can put the constant in the .dtsi and #include your binding file. But if you hit problems, let's worry about it later.
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
[1] https://lore.kernel.org/all/c4d53e9c-dac0-8ccc-dc86-faada324beba@linaro.org/
Regards, Simon
Hi Simon
On 19/10/23 19:25, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 23:20, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 18/10/23 09:03, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 03:58, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote:
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage.
Signed-off-by: Neha Malcom Francis n-francis@ti.com
Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 Section 4.5.4.1 Boot Info
Changes in v3: - updated function comments - removed inconsistency in setting bootcore_opts to 32
Changes in v2: - included TRM link in commit message
tools/binman/btool/openssl.py | 6 ++++-- tools/binman/entries.rst | 1 + tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- tools/binman/etype/x509_cert.py | 3 ++- tools/binman/test/297_ti_secure_rom.dts | 1 + 5 files changed, 17 insertions(+), 5 deletions(-)[...]
diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts index d1313769f4..1a3eca9425 100644 --- a/tools/binman/test/297_ti_secure_rom.dts +++ b/tools/binman/test/297_ti_secure_rom.dts @@ -9,6 +9,7 @@ binman { ti-secure-rom { content = <&unsecure_binary>;
core-opts = <2>;here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
Yes it is difficult to do anything genuinely new.
I am anticipating something like compatible = "ti,secure-rom"
so I suppose you could create a header file with suitable values for this property.
On the other hand, you could wait until there is progress with the bindings.
I can try adding a header file for now, but follow up question; shouldn't it be added to arch/arm/dts rather than include/dt-bindings? There was traction by DT maintainers to move all such constants not directly used by the driver (in this case binman) to arch/arm/dts? [1] If you mean to use these constants in binman, will need to see how we can do that.
You can put the constant in the .dtsi and #include your binding file. But if you hit problems, let's worry about it later.
I'm a little confused on what has to be done regarding the binding ATM, so I'll stick to waiting for some progress with the binman bindings and then tackle it.
}; unsecure_binary: blob-ext { filename = "ti_unsecure.bin";-- 2.34.1
Regards, Simon
[1] https://lore.kernel.org/all/c4d53e9c-dac0-8ccc-dc86-faada324beba@linaro.org/
Regards, Simon
Hi Neha,
On Mon, 23 Oct 2023 at 00:06, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 19/10/23 19:25, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 23:20, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 18/10/23 09:03, Simon Glass wrote:
Hi Neha,
On Tue, 17 Oct 2023 at 03:58, Neha Malcom Francis n-francis@ti.com wrote:
Hi Simon
On 08/10/23 04:39, Simon Glass wrote:
Hi Neha,
On Fri, 6 Oct 2023 at 04:07, Neha Malcom Francis n-francis@ti.com wrote: > > According to the TRMs of K3 platform of devices, the ROM boot image > format specifies a "Core Options Field" that provides the capability to > set the boot core in lockstep when set to 0 or to split mode when set > to 2. Add support for providing the same from the binman DTS. Also > modify existing test case for ensuring future coverage. > > Signed-off-by: Neha Malcom Francis n-francis@ti.com > --- > Link to J721E TRM: https://www.ti.com/lit/zip/spruil1 > Section 4.5.4.1 Boot Info > > Changes in v3: > - updated function comments > - removed inconsistency in setting bootcore_opts to 32 > > Changes in v2: > - included TRM link in commit message > > tools/binman/btool/openssl.py | 6 ++++-- > tools/binman/entries.rst | 1 + > tools/binman/etype/ti_secure_rom.py | 11 +++++++++-- > tools/binman/etype/x509_cert.py | 3 ++- > tools/binman/test/297_ti_secure_rom.dts | 1 + > 5 files changed, 17 insertions(+), 5 deletions(-) >
[...]
> diff --git a/tools/binman/test/297_ti_secure_rom.dts b/tools/binman/test/297_ti_secure_rom.dts > index d1313769f4..1a3eca9425 100644 > --- a/tools/binman/test/297_ti_secure_rom.dts > +++ b/tools/binman/test/297_ti_secure_rom.dts > @@ -9,6 +9,7 @@ > binman { > ti-secure-rom { > content = <&unsecure_binary>; > + core-opts = <2>;
here ^
Do you think there could be a binding file in dt-bindings/ for this value?
Sorry for getting back to this patch so late, but wanted to ask about this. I had seen a last version of getting the binman compatible in dt-bindings but I don't see it merged. Not sure where I would add this property in.
Yes it is difficult to do anything genuinely new.
I am anticipating something like compatible = "ti,secure-rom"
so I suppose you could create a header file with suitable values for this property.
On the other hand, you could wait until there is progress with the bindings.
I can try adding a header file for now, but follow up question; shouldn't it be added to arch/arm/dts rather than include/dt-bindings? There was traction by DT maintainers to move all such constants not directly used by the driver (in this case binman) to arch/arm/dts? [1] If you mean to use these constants in binman, will need to see how we can do that.
You can put the constant in the .dtsi and #include your binding file. But if you hit problems, let's worry about it later.
I'm a little confused on what has to be done regarding the binding ATM, so I'll stick to waiting for some progress with the binman bindings and then tackle it.
Yes that sounds fine.
> }; > unsecure_binary: blob-ext { > filename = "ti_unsecure.bin"; > -- > 2.34.1 >
Regards, Simon
[1] https://lore.kernel.org/all/c4d53e9c-dac0-8ccc-dc86-faada324beba@linaro.org/
Regards, Simon
Regards, Simon
Set boot core-opts to enable split mode for MCU R5 cluster by default. This patch serves to demonstrate how this can be done.
Signed-off-by: Neha Malcom Francis n-francis@ti.com --- No change since v2
arch/arm/dts/k3-j7200-binman.dtsi | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/arch/arm/dts/k3-j7200-binman.dtsi b/arch/arm/dts/k3-j7200-binman.dtsi index 14f7dea65e..025a0bd071 100644 --- a/arch/arm/dts/k3-j7200-binman.dtsi +++ b/arch/arm/dts/k3-j7200-binman.dtsi @@ -55,6 +55,7 @@ <&combined_dm_cfg>, <&sysfw_inner_cert>; combined; dm-data; + core-opts = <2>; sysfw-inner-cert; keyfile = "custMpk.pem"; sw-rev = <1>; @@ -100,6 +101,7 @@ <&combined_dm_cfg_fs>, <&sysfw_inner_cert_fs>; combined; dm-data; + core-opts = <2>; sysfw-inner-cert; keyfile = "custMpk.pem"; sw-rev = <1>; @@ -146,6 +148,7 @@ <&combined_tifs_cfg_gp>, <&combined_dm_cfg_gp>; combined; dm-data; + core-opts = <2>; content-sbl = <&u_boot_spl_unsigned>; load = <0x41c00000>; content-sysfw = <&ti_fs_gp>;
participants (2)
-
Neha Malcom Francis -
Simon Glass