diff options
author | Andrew Davis <afd@ti.com> | 2023-02-15 13:33:42 -0600 |
---|---|---|
committer | Ryan Eatmon <reatmon@ti.com> | 2023-03-01 09:20:15 -0600 |
commit | 95e768255193ceadbc2ebcf7beebf299a374b360 (patch) | |
tree | 9fe61df806eff432de3b70094c3f702c82f3342c /meta-ti-bsp/recipes-bsp/trusted-firmware-a | |
parent | ede16ed8de92e2c8c87356c370e96018b39e0006 (diff) | |
download | meta-ti-95e768255193ceadbc2ebcf7beebf299a374b360.tar.gz |
trusted-firmware-a: Use new ti-secdev class to sign the images
Use the new ti-k3-secdev package to pull in the signing tools if they are
not provided by the environment. This allows us to use these tools
unconditionally. Remove the checks for the script and do the signing
for all K3 machines. The signature is automatically stripped from
the binaries on non-HS devices at boot time as needed so this change
is harmless for GP devices.
Signed-off-by: Andrew Davis <afd@ti.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Diffstat (limited to 'meta-ti-bsp/recipes-bsp/trusted-firmware-a')
-rw-r--r-- | meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend | 39 |
1 files changed, 7 insertions, 32 deletions
diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index 3ccad86b..01d3f7d5 100644 --- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend | |||
@@ -9,39 +9,14 @@ TFA_SPD:k3 = "opteed" | |||
9 | SRC_URI:append:k3 = " file://rwx-segments-ti.patch" | 9 | SRC_URI:append:k3 = " file://rwx-segments-ti.patch" |
10 | FILESEXTRAPATHS:prepend := "${THISDIR}/files:" | 10 | FILESEXTRAPATHS:prepend := "${THISDIR}/files:" |
11 | 11 | ||
12 | # Use TI SECDEV for signing | ||
13 | inherit ti-secdev | ||
14 | |||
12 | EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}" | 15 | EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}" |
13 | EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}" | 16 | EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}" |
14 | 17 | ||
15 | # Signing procedure for K3 HS devices | 18 | # Signing procedure for K3 devices |
16 | tfa_sign_k3hs() { | 19 | do_compile:append:k3() { |
17 | export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG} | 20 | mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned |
18 | ( cd ${BUILD_DIR}; \ | 21 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin |
19 | mv bl31.bin bl31.bin.unsigned; \ | ||
20 | if [ -f ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ]; then \ | ||
21 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh bl31.bin.unsigned bl31.bin; \ | ||
22 | else \ | ||
23 | echo "Warning: TI_SECURE_DEV_PKG not set, TF-A not signed."; \ | ||
24 | cp bl31.bin.unsigned bl31.bin; \ | ||
25 | fi; \ | ||
26 | ) | ||
27 | } | ||
28 | |||
29 | do_compile:append:am65xx-hs-evm() { | ||
30 | tfa_sign_k3hs | ||
31 | } | ||
32 | |||
33 | do_compile:append:am64xx-evm() { | ||
34 | tfa_sign_k3hs | ||
35 | } | ||
36 | |||
37 | do_compile:append:j721e-hs-evm() { | ||
38 | tfa_sign_k3hs | ||
39 | } | ||
40 | |||
41 | do_compile:append:j7200-hs-evm() { | ||
42 | tfa_sign_k3hs | ||
43 | } | ||
44 | |||
45 | do_compile:append:j721s2-hs-evm() { | ||
46 | tfa_sign_k3hs | ||
47 | } | 22 | } |