diff options
author | Lokesh Vutla <lokeshvutla@ti.com> | 2018-11-02 19:51:04 +0530 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2018-11-16 16:51:58 -0500 |
commit | 890b2e750d1eeebdb54b9f0f7b19d1c563f87a7a (patch) | |
tree | cbde7a18ba28a7f8ee5eadaee68f3a621a81de7d /arch/arm | |
parent | 23f7b1a77602d335811aea80af1cacf5bff502af (diff) |
armv7R: K3: am654: Add support for generating build targets
Update Makefiles to generate:
- tiboot3.bin: Image format that can be processed by ROM.
Below is the tiboot3.bin image format that is required by ROM:
_______________________
| X509 |
| Certificate |
| ____________________ |
| | | |
| | u-boot-spl.bin | |
| | | |
| |___________________| |
|_______________________|
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Diffstat (limited to 'arch/arm')
-rw-r--r-- | arch/arm/mach-k3/Kconfig | 11 | ||||
-rw-r--r-- | arch/arm/mach-k3/config.mk | 59 |
2 files changed, 70 insertions, 0 deletions
diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig index 2df6197af7..9f5e8e5ee4 100644 --- a/arch/arm/mach-k3/Kconfig +++ b/arch/arm/mach-k3/Kconfig @@ -47,5 +47,16 @@ config SYS_K3_BOOT_PARAM_TABLE_INDEX Address at which ROM stores the value which determines if SPL is booted up by primary boot media or secondary boot media. +config SYS_K3_KEY + string "Key used to generate x509 certificate" + help + This option enables to provide a custom key that can be used for + generating x509 certificate for spl binary. If not needed leave + it blank so that a random key is generated and used. + +config SYS_K3_BOOT_CORE_ID + int + default 16 + source "board/ti/am65x/Kconfig" endif diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index 9b86ddc715..7fc0b3f357 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -5,6 +5,65 @@ ifdef CONFIG_SPL_BUILD +# Openssl is required to generate x509 certificate. +# Error out if openssl is not available. +ifeq ($(shell which openssl),) +$(error "No openssl in $(PATH), consider installing openssl") +endif + +SHA_VALUE= $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g") +IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c) +LOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g") +MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE)) + +# Parameters to get populated into the x509 template +SED_OPTS= -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/ +SED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/ +SED_OPTS+= -e s/TEST_CERT_TYPE/1/ # CERT_TYPE_PRIMARY_IMAGE_BIN +SED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/ +SED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/ +SED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/ + +# Command to generate ecparam key +quiet_cmd_genkey = OPENSSL $@ +cmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey + +# Command to generate x509 certificate +quiet_cmd_gencert = OPENSSL $@ +cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \ + openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512 + +# If external key is not provided, generate key using openssl. +ifeq ($(CONFIG_SYS_K3_KEY), "") +KEY=u-boot-spl-eckey.pem +else +KEY=$(patsubst "%",%,$(CONFIG_SYS_K3_KEY)) +endif + +u-boot-spl-eckey.pem: FORCE + $(call if_changed,genkey) + +# tiboot3.bin is mandated by ROM and ROM only supports R5 boot. +# So restrict tiboot3.bin creation for CPU_V7R. +ifdef CONFIG_CPU_V7R +u-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE + $(call if_changed,gencert) + +image_check: $(obj)/u-boot-spl.bin FORCE + @if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \ + echo "===============================================" >&2; \ + echo "ERROR: Final Image too big. " >&2; \ + echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \ + echo "===============================================" >&2; \ + exit 1; \ + fi + +tiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE + $(call if_changed,cat) + +ALL-y += tiboot3.bin +endif + ifdef CONFIG_ARM64 SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE |