diff --git a/recipes-bsp/u-boot/files/0011-arm-dts-iot2050-Disable-lock-step-mode-for-all-iot20.patch b/recipes-bsp/u-boot/files/0011-arm-dts-iot2050-Disable-lock-step-mode-for-all-iot20.patch index 80b4bec6e..4b41f2a72 100644 --- a/recipes-bsp/u-boot/files/0011-arm-dts-iot2050-Disable-lock-step-mode-for-all-iot20.patch +++ b/recipes-bsp/u-boot/files/0011-arm-dts-iot2050-Disable-lock-step-mode-for-all-iot20.patch @@ -1,4 +1,4 @@ -From b38646e913886c05ec35ccffe7071cfeed5b5161 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Li Hua Qian Date: Fri, 22 Mar 2024 10:24:26 +0800 Subject: [PATCH] arm: dts: iot2050: Disable lock-step mode for all iot2050 @@ -18,7 +18,7 @@ Signed-off-by: Li Hua Qian 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/arch/arm/dts/k3-am65-iot2050-common-pg2.dtsi b/arch/arm/dts/k3-am65-iot2050-common-pg2.dtsi -index 42adb881..48f187f2 100644 +index 42adb8815f38..48f187f23cf8 100644 --- a/arch/arm/dts/k3-am65-iot2050-common-pg2.dtsi +++ b/arch/arm/dts/k3-am65-iot2050-common-pg2.dtsi @@ -9,11 +9,6 @@ @@ -34,7 +34,7 @@ index 42adb881..48f187f2 100644 cp2102n_reset_pin_default: cp2102n-reset-default-pins { pinctrl-single,pins = < diff --git a/arch/arm/dts/k3-am65-iot2050-common.dtsi b/arch/arm/dts/k3-am65-iot2050-common.dtsi -index 279d97a1..f4f6aeba 100644 +index 279d97a16c7a..f4f6aeba2586 100644 --- a/arch/arm/dts/k3-am65-iot2050-common.dtsi +++ b/arch/arm/dts/k3-am65-iot2050-common.dtsi @@ -599,3 +599,8 @@ @@ -47,7 +47,7 @@ index 279d97a1..f4f6aeba 100644 + ti,cluster-mode = <0>; +}; diff --git a/arch/arm/dts/k3-am6528-iot2050-basic.dts b/arch/arm/dts/k3-am6528-iot2050-basic.dts -index be9c8db4..87928ff2 100644 +index be9c8db4c43a..87928ff28214 100644 --- a/arch/arm/dts/k3-am6528-iot2050-basic.dts +++ b/arch/arm/dts/k3-am6528-iot2050-basic.dts @@ -22,8 +22,3 @@ @@ -59,6 +59,3 @@ index be9c8db4..87928ff2 100644 - /* lock-step mode not supported on this board */ - ti,cluster-mode = <0>; -}; --- -2.30.2 - diff --git a/recipes-bsp/u-boot/files/keys/x509-sysfw-template.txt b/recipes-bsp/u-boot/files/keys/x509-sysfw-template.txt deleted file mode 100644 index 9befe2f58..000000000 --- a/recipes-bsp/u-boot/files/keys/x509-sysfw-template.txt +++ /dev/null @@ -1,32 +0,0 @@ -[ req ] -distinguished_name = req_distinguished_name -x509_extensions = v3_ca -prompt = no -dirstring_type = nobmp - -[ req_distinguished_name ] -C = US -ST = TX -L = Dallas -O = Texas Instruments Incorporated -OU = Processors -CN = TI Support -emailAddress = support@ti.com - -[ v3_ca ] -basicConstraints = CA:true -1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv -1.3.6.1.4.1.294.1.34 = ASN1:SEQUENCE:sysfw_image_integrity -1.3.6.1.4.1.294.1.35 = ASN1:SEQUENCE:sysfw_image_load - -[ swrv ] -swrv = INTEGER:0 - -[ sysfw_image_integrity ] -shaType = OID:2.16.840.1.101.3.4.2.3 -shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL -imageSize = INTEGER:TEST_IMAGE_LENGTH - -[ sysfw_image_load ] -destAddr = FORMAT:HEX,OCT:TEST_BOOT_ADDR -authInPlace = INTEGER:2 diff --git a/recipes-bsp/u-boot/files/rules.tmpl b/recipes-bsp/u-boot/files/rules.tmpl index 78e14139c..8a488847c 100755 --- a/recipes-bsp/u-boot/files/rules.tmpl +++ b/recipes-bsp/u-boot/files/rules.tmpl @@ -10,15 +10,8 @@ SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y endif override_dh_auto_build: - if [ -e keys ]; then \ + if [ "${SB_SIGN}" = "1" ]; then \ tools/key2dtsi.py -c -s keys/custMpk.pem arch/arm/dts/custMpk.dtsi; \ - openssl x509 -in keys/custMpk.crt -out custMpk.crt.pem -outform der; \ - rm -f custMpk.esl; \ - efisiglist -a -c custMpk.crt.pem -o custMpk.esl; \ - rm -f ubootefi.var; \ - tools/efivar.py set -i ubootefi.var -n PK -d custMpk.esl -t file; \ - tools/efivar.py set -i ubootefi.var -n KEK -d custMpk.esl -t file; \ - tools/efivar.py set -i ubootefi.var -n db -d custMpk.esl -t file; \ fi $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_CONFIG} $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_BIN} \ @@ -29,10 +22,10 @@ override_dh_auto_build: else \ ./scripts/get_default_envs.sh >u-boot-initial-env; \ fi - $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools - if [ -e keys ]; then \ + if [ "${SB_SIGN}" = "1" ]; then \ tools/iot2050-sign-fw.sh keys/custMpk.pem ${FIRMWARE_SECURE_VER}; \ fi + $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools override_dh_auto_install: mv tools/env/lib.a tools/env/libubootenv.a diff --git a/recipes-bsp/u-boot/u-boot-iot2050.inc b/recipes-bsp/u-boot/u-boot-iot2050.inc index b09ea62ef..9521ca28b 100644 --- a/recipes-bsp/u-boot/u-boot-iot2050.inc +++ b/recipes-bsp/u-boot/u-boot-iot2050.inc @@ -19,7 +19,6 @@ SRC_URI:append:secureboot = " \ file://keys/custMpk.crt \ file://keys/custMpk.key \ file://keys/custMpk.pem \ - file://keys/x509-sysfw-template.txt \ file://secure-boot.cfg" SRC_URI:append:otpcmd = " \ file://otpcmd.cfg" @@ -42,8 +41,11 @@ DEBIAN_BUILD_DEPENDS:append:secureboot = ", python3-pycryptodome:native, \ DEPENDS:append:otpcmd = " secure-boot-otp-provisioning" DEBIAN_BUILD_DEPENDS:append:otpcmd = ", secure-boot-otp-provisioning" +SB_SIGN = "0" +SB_SIGN:secureboot = "1" + TEMPLATE_FILES += "rules.tmpl" -TEMPLATE_VARS += "FIRMWARE_SECURE_VER" +TEMPLATE_VARS += "FIRMWARE_SECURE_VER SB_SIGN" U_BOOT_CONFIG_PACKAGE = "1"