#
fbfd2baf |
|
26-Mar-2024 |
Manorit Chawdhry <m-chawdhry@ti.com> |
binman: ti-secure: Enable debug extension for combined boot To debug using jtag, ROM needs to unlock jtag debugging on HS devices and it does that looking at this debug extension. Add the debug extension and enable it by default. Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Reviewed-by: Neha Malcom Francis <n-francis@ti.com> |
#
a3e407be |
|
29-Dec-2023 |
Manorit Chawdhry <m-chawdhry@ti.com> |
binman: ti-secure: Add support for firewalling entities We can now firewall entities while loading them through our secure entity TIFS, the required information should be present in the certificate that is being parsed by TIFS. The following commit adds the support to enable the certificates to be generated if the firewall configurations are present in the binman dtsi nodes. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> |
#
a4ed4c8a |
|
23-Oct-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
78144826 |
|
21-Jul-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: ti-secure: Add support for TI signing The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com> |
#
953d4177 |
|
02-Mar-2023 |
Simon Glass <sjg@chromium.org> |
binman: Support generation of x509 certificates And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3e407be |
|
29-Dec-2023 |
Manorit Chawdhry <m-chawdhry@ti.com> |
binman: ti-secure: Add support for firewalling entities We can now firewall entities while loading them through our secure entity TIFS, the required information should be present in the certificate that is being parsed by TIFS. The following commit adds the support to enable the certificates to be generated if the firewall configurations are present in the binman dtsi nodes. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> |
#
a4ed4c8a |
|
23-Oct-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
78144826 |
|
21-Jul-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: ti-secure: Add support for TI signing The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com> |
#
953d4177 |
|
02-Mar-2023 |
Simon Glass <sjg@chromium.org> |
binman: Support generation of x509 certificates And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a4ed4c8a |
|
23-Oct-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
78144826 |
|
21-Jul-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: ti-secure: Add support for TI signing The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com> |
#
953d4177 |
|
02-Mar-2023 |
Simon Glass <sjg@chromium.org> |
binman: Support generation of x509 certificates And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
78144826 |
|
21-Jul-2023 |
Neha Malcom Francis <n-francis@ti.com> |
binman: ti-secure: Add support for TI signing The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com> |
#
953d4177 |
|
02-Mar-2023 |
Simon Glass <sjg@chromium.org> |
binman: Support generation of x509 certificates And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
953d4177 |
|
02-Mar-2023 |
Simon Glass <sjg@chromium.org> |
binman: Support generation of x509 certificates And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> |