summaryrefslogtreecommitdiffstats
path: root/meta-ti-bsp/recipes-bsp/trusted-firmware-a
diff options
context:
space:
mode:
authorAndrew Davis <afd@ti.com>2023-02-15 13:33:42 -0600
committerRyan Eatmon <reatmon@ti.com>2023-03-01 09:20:15 -0600
commit95e768255193ceadbc2ebcf7beebf299a374b360 (patch)
tree9fe61df806eff432de3b70094c3f702c82f3342c /meta-ti-bsp/recipes-bsp/trusted-firmware-a
parentede16ed8de92e2c8c87356c370e96018b39e0006 (diff)
downloadmeta-ti-95e768255193ceadbc2ebcf7beebf299a374b360.tar.gz
trusted-firmware-a: Use new ti-secdev class to sign the images
Use the new ti-k3-secdev package to pull in the signing tools if they are not provided by the environment. This allows us to use these tools unconditionally. Remove the checks for the script and do the signing for all K3 machines. The signature is automatically stripped from the binaries on non-HS devices at boot time as needed so this change is harmless for GP devices. Signed-off-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Diffstat (limited to 'meta-ti-bsp/recipes-bsp/trusted-firmware-a')
-rw-r--r--meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend39
1 files changed, 7 insertions, 32 deletions
diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 3ccad86b..01d3f7d5 100644
--- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -9,39 +9,14 @@ TFA_SPD:k3 = "opteed"
9SRC_URI:append:k3 = " file://rwx-segments-ti.patch" 9SRC_URI:append:k3 = " file://rwx-segments-ti.patch"
10FILESEXTRAPATHS:prepend := "${THISDIR}/files:" 10FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
11 11
12# Use TI SECDEV for signing
13inherit ti-secdev
14
12EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}" 15EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}"
13EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}" 16EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}"
14 17
15# Signing procedure for K3 HS devices 18# Signing procedure for K3 devices
16tfa_sign_k3hs() { 19do_compile:append:k3() {
17 export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG} 20 mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned
18 ( cd ${BUILD_DIR}; \ 21 ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin
19 mv bl31.bin bl31.bin.unsigned; \
20 if [ -f ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ]; then \
21 ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh bl31.bin.unsigned bl31.bin; \
22 else \
23 echo "Warning: TI_SECURE_DEV_PKG not set, TF-A not signed."; \
24 cp bl31.bin.unsigned bl31.bin; \
25 fi; \
26 )
27}
28
29do_compile:append:am65xx-hs-evm() {
30 tfa_sign_k3hs
31}
32
33do_compile:append:am64xx-evm() {
34 tfa_sign_k3hs
35}
36
37do_compile:append:j721e-hs-evm() {
38 tfa_sign_k3hs
39}
40
41do_compile:append:j7200-hs-evm() {
42 tfa_sign_k3hs
43}
44
45do_compile:append:j721s2-hs-evm() {
46 tfa_sign_k3hs
47} 22}