[2/2] arm: dts: k3: binman: am625: add support for signing TIFSSTUB Images

From: Kamlesh Gurudasani <kamlesh@ti.com>

Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
and include them in tispl.bin and tispl.bin_unsigned.

Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
---
 arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++-
 1 file changed, 139 insertions(+), 2 deletions(-)

Hi Dhruva

On 03/04/24 17:33, Dhruva Gole wrote:
> From: Kamlesh Gurudasani <kamlesh@ti.com>
> 
> Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> and include them in tispl.bin and tispl.bin_unsigned.
> 
> Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
> Signed-off-by: Dhruva Gole <d-gole@ti.com>
> ---
>   arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++-
>   1 file changed, 139 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi
> index 5b058bd03a07..dfd38d64f638 100644
> --- a/arch/arm/dts/k3-am625-sk-binman.dtsi
> +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
> @@ -151,11 +151,107 @@
>   			filename = "ti-dm/am62xx/ipc_echo_testb_mcu1_0_release_strip.xer5f";
>   		};
>   	};
> +
> +	tifsstub-hs {
> +		filename = "tifsstub.bin_hs";
> +		ti-secure-rom {
> +			content = <&tifsstub_hs_cert>;
> +			core = "secure";
> +			load = <0x40000>;
> +			sw-rev = <CONFIG_K3_X509_SWRV>;
> +			keyfile = "custMpk.pem";
> +			countersign;
> +			tifsstub;
> +		};
> +		tifsstub_hs_cert: tifsstub-hs-cert.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +		tifsstub_hs_enc: tifsstub-hs-enc.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +	};
> +
> +	tifsstub-fs {
> +		filename = "tifsstub.bin_fs";
> +		tifsstub_fs_cert: tifsstub-fs-cert.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-cert.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +		tifsstub_fs_enc: tifsstub-fs-enc.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-hs-enc.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +
> +	};
> +
> +	tifsstub-gp {
> +		filename = "tifsstub.bin_gp";
> +		ti-secure-rom {
> +			content = <&tifsstub_gp>;
> +			core = "secure";
> +			load = <0x60000>;
> +			sw-rev = <CONFIG_K3_X509_SWRV>;
> +			keyfile = "ti-degenerate-key.pem";
> +			tifsstub;
> +		};
> +		tifsstub_gp: tifsstub-gp.bin {
> +			filename = "ti-sysfw/ti-fs-stub-firmware-am62x-gp.bin";
> +			type = "blob-ext";
> +			optional;
> +		};
> +	};
> +
>   	ti-spl {
>   		insert-template = <&ti_spl_template>;
>   
>   		fit {
>   			images {
> +
> +				tifsstub-hs {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-hs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_hs";
> +					};
> +				};
> +
> +				tifsstub-fs {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-fs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_fs";
> +					};
> +				};
> +
> +				tifsstub-gp {
> +					description = "TIFSSTUB";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-gp";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_gp";
> +					};
> +				};
> +
>   				dm {
>   					ti-secure {
>   						content = <&dm>;
> @@ -189,7 +285,8 @@
>   				conf-0 {
>   					description = "k3-am625-sk";
>   					firmware = "atf";
> -					loadables = "tee", "dm", "spl";
> +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> +					"tifsstub-gp", "dm", "spl";
>   					fdt = "fdt-0";
>   				};
>   			};
> @@ -247,6 +344,45 @@
>   		fit {
>   			images {
>   
> +				tifsstub-hs {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-hs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_hs";
> +					};
> +				};
> +
> +				tifsstub-fs {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-fs";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_fs";
> +					};
> +				};
> +
> +				tifsstub-gp {
> +					description = "tifsstub";
> +					type = "firmware";
> +					arch = "arm32";
> +					compression = "none";
> +					os = "tifsstub-gp";
> +					load = <0x9dc00000>;
> +					entry = <0x9dc00000>;
> +					blob-ext {
> +						filename = "tifsstub.bin_gp";
> +					};
> +				};
> +
>   				dm {
>   					ti-dm {
>   						filename = "ti-dm.bin";
> @@ -270,7 +406,8 @@
>   				conf-0 {
>   					description = "k3-am625-sk";
>   					firmware = "atf";
> -					loadables = "tee", "dm", "spl";
> +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> +						  "tifsstub-gp", "dm", "spl";
>   					fdt = "fdt-0";
>   				};
>   			};


If there are multiple boards that will support TIFSSTUB in future, I would 
prefer templating these out and putting them in k3-binman.dtsi. However 
considering there's a lot of movement currently (cleanup and OF_STREAM) in that 
file, you can maybe take this up when adding support for the next board.

Reviewed-by: Neha Malcom Francis <n-francis@ti.com>

On Thu, Apr 04, 2024 at 10:20:21AM +0530, Neha Malcom Francis wrote:
> On 03/04/24 17:33, Dhruva Gole wrote:
> > From: Kamlesh Gurudasani <kamlesh@ti.com>
> > 
> > Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> > and include them in tispl.bin and tispl.bin_unsigned.
> > 
> > Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
> > Signed-off-by: Dhruva Gole <d-gole@ti.com>

[...]

> > @@ -270,7 +406,8 @@
> >   				conf-0 {
> >   					description = "k3-am625-sk";
> >   					firmware = "atf";
> > -					loadables = "tee", "dm", "spl";
> > +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> > +						  "tifsstub-gp", "dm", "spl";
> >   					fdt = "fdt-0";
> >   				};
> >   			};
> 
> 
> If there are multiple boards that will support TIFSSTUB in future, I would

I would assume that this will be the case. Verdin AM62 would need the
same, for example.

Francesco

Hi Neha!

On Apr 04, 2024 at 10:20:21 +0530, Neha Malcom Francis wrote:
> Hi Dhruva
> 
> On 03/04/24 17:33, Dhruva Gole wrote:
> > From: Kamlesh Gurudasani <kamlesh@ti.com>
> > 
> > Add support for signing of TIFSSTUB images for HSSE, HSFS and GP devices
> > and include them in tispl.bin and tispl.bin_unsigned.
> > 
> > Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
> > Signed-off-by: Dhruva Gole <d-gole@ti.com>
> > ---
> >   arch/arm/dts/k3-am625-sk-binman.dtsi | 141 ++++++++++++++++++++++++++-
> >   1 file changed, 139 insertions(+), 2 deletions(-)
> > 
[...]
> >   				dm {
> >   					ti-dm {
> >   						filename = "ti-dm.bin";
> > @@ -270,7 +406,8 @@
> >   				conf-0 {
> >   					description = "k3-am625-sk";
> >   					firmware = "atf";
> > -					loadables = "tee", "dm", "spl";
> > +					loadables = "tee", "tifsstub-hs", "tifsstub-fs",
> > +						  "tifsstub-gp", "dm", "spl";
> >   					fdt = "fdt-0";
> >   				};
> >   			};
> 
> 
> If there are multiple boards that will support TIFSSTUB in future, I would
> prefer templating these out and putting them in k3-binman.dtsi. However

That's a great idea. From the next set of boards for which also need
binman TIFS Stub support we will keep in mind as you said below.
Currently amidst all the movement and cleanup I don't want to push out
too many changes at once.

I also have cleanup and OF_UPSTREAM changes for am62x pending which I
plan on posting sometime soon..

> considering there's a lot of movement currently (cleanup and OF_STREAM) in
> that file, you can maybe take this up when adding support for the next
> board.
> 
> Reviewed-by: Neha Malcom Francis <n-francis@ti.com>

Thanks!