Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2228207/?format=api
{ "id": 2228207, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2228207/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260425033742.1519298-8-b-padhi@ti.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.1/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260425033742.1519298-8-b-padhi@ti.com>", "date": "2026-04-25T03:37:38", "name": "[v4,07/11] binman: openssl: Add boot and load extensions to x509 cert", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "7be993dda9f72fe3aa423ee60c24f05029b4af6e", "submitter": { "id": 88460, "url": "http://patchwork.ozlabs.org/api/1.1/people/88460/?format=api", "name": "Padhi, Beleswar", "email": "b-padhi@ti.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260425033742.1519298-8-b-padhi@ti.com/mbox/", "series": [ { "id": 501450, "url": "http://patchwork.ozlabs.org/api/1.1/series/501450/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=501450", "date": "2026-04-25T03:37:39", "name": "Add support to boot TI K3 HSM M4 core", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/501450/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2228207/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2228207/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256\n header.s=selector1 header.b=isj48dzK;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.b=\"isj48dzK\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de; spf=pass smtp.mailfrom=b-padhi@ti.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2w963wqHz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Sun, 26 Apr 2026 02:22:50 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 6911884312;\n\tSat, 25 Apr 2026 18:22:48 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id CF612842EF; Sat, 25 Apr 2026 18:22:46 +0200 (CEST)", "from DM1PR04CU001.outbound.protection.outlook.com\n (mail-centralusazlp170100005.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c111::5])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 4E78984308\n for <u-boot@lists.denx.de>; Sat, 25 Apr 2026 18:22:43 +0200 (CEST)", "from SA2PR10MB4809.namprd10.prod.outlook.com (2603:10b6:806:113::7)\n by SA1PR10MB997631.namprd10.prod.outlook.com (2603:10b6:806:4b5::6)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Sat, 25 Apr\n 2026 15:52:44 +0000", "from CYXPR10MB7924.namprd10.prod.outlook.com (2603:10b6:930:e6::10)\n by SA2PR10MB4809.namprd10.prod.outlook.com (2603:10b6:806:113::7)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.21; Sat, 25 Apr\n 2026 04:51:27 +0000", "from SA9PR10CA0004.namprd10.prod.outlook.com (2603:10b6:806:a7::9)\n by CYXPR10MB7924.namprd10.prod.outlook.com (2603:10b6:930:e6::10) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Sat, 25 Apr\n 2026 03:38:18 +0000", "from SN1PEPF0002636B.namprd02.prod.outlook.com\n (2603:10b6:806:a7:cafe::c9) by SA9PR10CA0004.outlook.office365.com\n (2603:10b6:806:a7::9) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.23 via Frontend Transport; Sat,\n 25 Apr 2026 03:38:18 +0000", "from lewvzet201.ext.ti.com (198.47.23.195) by\n SN1PEPF0002636B.mail.protection.outlook.com (10.167.241.136) with Microsoft\n SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n 15.20.9791.48 via Frontend Transport; Sat, 25 Apr 2026 03:38:18 +0000", "from DLEE212.ent.ti.com (157.170.170.114) by lewvzet201.ext.ti.com\n (10.4.14.104) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 24 Apr\n 2026 22:38:18 -0500", "from DLEE201.ent.ti.com (157.170.170.76) by DLEE212.ent.ti.com\n (157.170.170.114) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 24 Apr\n 2026 22:38:17 -0500", "from lelvem-mr06.itg.ti.com (10.180.75.8) by DLEE201.ent.ti.com\n (157.170.170.76) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend\n Transport; Fri, 24 Apr 2026 22:38:17 -0500", "from uda0510294.dhcp.ti.com (uda0510294.dhcp.ti.com [10.24.50.162])\n by lelvem-mr06.itg.ti.com (8.18.1/8.18.1) with ESMTP id\n 63P3bk862903263; Fri, 24 Apr 2026 22:38:14 -0500" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,T_SPF_PERMERROR autolearn=no\n autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=IIa5NGv8ScZW2smNPL/JZwcWxOY+EnHVYbAkL9Qrh61/qwH4wnEwSLYgzcdS4ygsEV2pYPlagKdEXnqQYZIl2bi4WlVzor+V8+IajSnwmumbdRbPoE5h5OwxWI48mEL9JpyynOSVsj+txp6H1OweuG8CLOyt2hCPg68sZlFyTQ0LucBp8tKhEwqGzm0um8PoYmpQxXnIcWB7mgYGDZ8YQaY78i0ovX+De5I6rH3xkpnvwvAvpt5QBB39W6UKrEFQ6XSaywZ4VkABSbBqnOcnrjmp2eRZ4YG0QPMk/IDlNr0pZZLF6v8ia+xWl215Ok3rToRlYHtAvMGCV9HJ/K0j/w==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=b4WMNRQRw0rkO/maAMGlcy9nkGT8Ypn4kPJsMSNzHN0=;\n b=AUwKlH8s04SvgujVPp3cKgdBGBa7wqWkjh4Zt19161PG8i11yke4mBeOU5gFQGeEuJWgo160lreBKzwnhzPMCKYUaA9sZK+Guecd+MARWJ9sTjgIURi0LSyFHs6WbT8LjnDUSLf4geRg1IxhZJNCI2FUAglwPjNeYXCP4yfw8K+22uRu+kxt8hvEVfupcrma/8A/Bjhzi/uN1OOGtMP3nNkzffe49T/OLeTtuvrqqyCfneYIf/UUqd7pdsK3EZ892tOO31Aoti+SBILinqQ9Ne9M4lhxjWydUqDbrpshchk9Y77oiscYrE5Uw3rQhWUreCO5Bh8gz2SSv0ZQpcuJLA==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 198.47.23.195) smtp.rcpttodomain=chromium.org smtp.mailfrom=ti.com;\n dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=ti.com;\n dkim=none (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=b4WMNRQRw0rkO/maAMGlcy9nkGT8Ypn4kPJsMSNzHN0=;\n b=isj48dzKGJkUeRTLh7jg0yEVKNF711fcDAJzouaabAZ9CjYn/2nnfDmjwQwSQ/337XIUYMPXgE9FOOIZ7WPVtvsBsI9PxNbY3mVJAlQ0T/YwwitAtGO9n+ih4RI3ly1c0fNL3VDwPYErHgXtmzCwpePnapiISjjMIAO1u+fy/NM=", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 198.47.23.195)\n smtp.mailfrom=ti.com; dkim=none (message not signed) header.d=none;\n dmarc=pass\n action=none header.from=ti.com;", "Received-SPF": "Pass (protection.outlook.com: domain of ti.com designates\n 198.47.23.195 as permitted sender) receiver=protection.outlook.com;\n client-ip=198.47.23.195; helo=lewvzet201.ext.ti.com; pr=C", "From": "Beleswar Padhi <b-padhi@ti.com>", "To": "<trini@konsulko.com>", "CC": "<afd@ti.com>, <bb@ti.com>, <anshuld@ti.com>, <hnagalla@ti.com>,\n <jm@ti.com>, <nm@ti.com>, <n-francis@ti.com>, <u-kumar1@ti.com>,\n <b-padhi@ti.com>, <u-boot@lists.denx.de>, Simon Glass <sjg@chromium.org>", "Subject": "[PATCH v4 07/11] binman: openssl: Add boot and load extensions to\n x509 cert", "Date": "Sat, 25 Apr 2026 09:07:38 +0530", "Message-ID": "<20260425033742.1519298-8-b-padhi@ti.com>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20260425033742.1519298-1-b-padhi@ti.com>", "References": "<20260425033742.1519298-1-b-padhi@ti.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-C2ProcessedOrg": "333ef613-75bf-4e12-a4b1-8e3623f5dcea", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "\n SN1PEPF0002636B:EE_|CYXPR10MB7924:EE_|SA2PR10MB4809:EE_|SA1PR10MB997631:EE_", "X-MS-Office365-Filtering-Correlation-Id": "fa3e9a11-7b0f-4932-966b-08dea27c174a", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|1800799024|82310400026|376014|36860700016|56012099003|18002099003|17002099007|22082099003;", "X-Microsoft-Antispam-Message-Info": "\n zGM0BuKEWhEVHIH7ZXy7zOvjww1sIImdTqpCOzOcq6lIb+fmEw/PwIFiZp8w6ZLd9R0osuao2EBWb60frLbphaLXyATP/gU3dmRH63Qg+i2FORr7SScyOGX/x9v8BR4PBma1X638AN3nNRFoeU3189VNIIbKinzcYHlj/vY9EuGIaknt1UwQcg9+/w6YDgYO4tMowpAFdmsk5Mf1JYWsE+znuvpYfGgfhK4lbX/kVKmwjTVFmVUi+6xRJq6xGhgPGafI51EcrcnSkgKXDds94jbXs832czJgi7GQI/73eX5uXvHX3rojnbHvyeqO2rqUqYvSzQ5ysuB0lfbohvl/Xap66eYCLGxUA4VyIQLg7LiLSMVmKO1KPllU5DCf6COsX9Q05lN4a20MkC4wPUw5luVZIgj+KIPiPuwy45FxclvklASOJWPXjhjRDRP/pBdAAKWW4qo9p68sl7VnuqAyGSpNxZKf3FD9x8r0In2Uax4Zzn69ufGleFQhMo7EDpz+PD9pR35uCbqrw4WRfiZ+xX04n5e/n/prX3jUY/Dli+Nw5VCeAtbC6UOWVE6sljIPQThJbS050eLEVTChMi94+wTw9YQJQ1DO8I8zzl7vD2J/NnVHlSSQfLsmYGicrVsYgOutUpcYJpUUmkDXUxzcFUq1APl3OavzI5hzpGCVRWFUrtKg8PvKYHta8e2mUy7aQlOwxjQIKCELLCygRKFkiJMAytiMEBJOtbPietoPx/Y0+zzr4HHGoZNnXEES9TiGEOv2UHnbbixxJ0/JTe2y0A==", "X-Forefront-Antispam-Report": "CIP:198.47.23.195; CTRY:US; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:lewvzet201.ext.ti.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(1800799024)(82310400026)(376014)(36860700016)(56012099003)(18002099003)(17002099007)(22082099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n +Ms2dGmmWYeWYvkxeP/t/920fT2t+m4pj7WWNI7qTPNWCnKNev9crC+8SvoHOmKelv5ksM+uLyRVQu5gxNpSVlyH+TtL3jaARPXfQksa9lGfkaKlq/AWd2HGIUSKrE47si2LCzRW2yR7YRsqGPCw8ODODDsZaeS3yHYAV5lC8htWCpsOQCNVc2ZdUVtQ6XtPAnSH6z25t9uOdcnpxSiHjWXTM7IqQiwnJ1BAvsjkRXuycHJZIL2+FV7DCVYwxtiFdWtwWxIrNb0gRsTIZcdcuZuz9MC1JIrlAxyyTZHgggQExfo4znp9DSA1/dwsrbVjEiFbzPt/jxRT8MEp20bIEL++2pWgF/LwAWmHZxyT3JxdDf/lQjp5e5gIlzodND4xLIOE1vIcw/DaDjLjTlgKspkMPDbinU0i1S5b4XWlcePpzLjQg0jlKoos9WW6a/UH", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "25 Apr 2026 03:38:18.2873 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n fa3e9a11-7b0f-4932-966b-08dea27c174a", "X-MS-Exchange-CrossTenant-Id": "e5b49634-450b-4709-8abb-1e2b19b982b7", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=e5b49634-450b-4709-8abb-1e2b19b982b7; Ip=[198.47.23.195];\n Helo=[lewvzet201.ext.ti.com]", "X-MS-Exchange-CrossTenant-AuthSource": "\n SN1PEPF0002636B.namprd02.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "CYXPR10MB7924", "X-OriginatorOrg": "ti.com", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "The boot and load extensions in the x509 certificate are required for\nrequesting the secure entity (TIFS) to boot a core. These fields are\ndefined in the binman node for each core that must be booted by TIFS\nand must be included when generating the signed certificate.\n\nAdd support to parse the boot and load extension properties from the\nbinman node and populate them into the certificate. If any of the\nmandatory properties for an extension are missing, that respective\nextension section is NOT added to the certificate.\n\nSigned-off-by: Beleswar Padhi <b-padhi@ti.com>\n---\nCc: Simon Glass <sjg@chromium.org>\n\nv4: Changelog:\n1. None\n\nLink to v3:\nhttps://lore.kernel.org/all/20251231173621.1069988-8-b-padhi@ti.com/\n\nv3: Changelog:\n1. New patch. Add support to sign HSM firmware here in U-Boot.\n\n tools/binman/btool/openssl.py | 49 ++++++++++++++++++++++++++++++---\n tools/binman/etype/ti_secure.py | 18 ++++++++++++\n tools/binman/etype/x509_cert.py | 4 ++-\n 3 files changed, 66 insertions(+), 5 deletions(-)", "diff": "diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py\nindex b26f087c447..35898aa488b 100644\n--- a/tools/binman/btool/openssl.py\n+++ b/tools/binman/btool/openssl.py\n@@ -82,7 +82,8 @@ imageSize = INTEGER:{len(indata)}\n return self.run_cmd(*args)\n \n def x509_cert_sysfw(self, cert_fname, input_fname, key_fname, sw_rev,\n- config_fname, req_dist_name_dict, firewall_cert_data):\n+ config_fname, req_dist_name_dict, firewall_cert_data,\n+ boot_ext_data, load_ext_data):\n \"\"\"Create a certificate to be booted by system firmware\n \n Args:\n@@ -101,12 +102,52 @@ imageSize = INTEGER:{len(indata)}\n extended certificate\n - certificate (str): Extended firewall certificate with\n the information for the firewall configurations.\n+ boot_ext_data (dict):\n+ - proc_id (int): The processor ID of core being booted\n+ - flags_set (int): The config flags to set for core being booted\n+ - flags_clr (int): The config flags to clear for core being booted\n+ - reset_vector (int): The location of reset vector for core being\n+ booted\n+ load_ext_data (dict):\n+ - dest_addr (int): The address to which image has to be copied\n+ - auth_type (int): Contains the host ID for core being booted and\n+ how the image is to be copied\n \n Returns:\n str: Tool output\n \"\"\"\n indata = tools.read_file(input_fname)\n hashval = hashlib.sha512(indata).hexdigest()\n+\n+ if boot_ext_data is not None:\n+ boot_ext = f'''\n+[ sysfw_boot_seq ]\n+bootCore = INTEGER:{boot_ext_data['proc_id']}\n+bootCoreOpts_set = INTEGER:{boot_ext_data['flags_set']}\n+bootCoreOpts_clr = INTEGER:{boot_ext_data['flags_clr']}\n+resetVec = FORMAT:HEX,OCT:{boot_ext_data['reset_vector']:08x}\n+# Reserved for future use\n+flagsValid = FORMAT:HEX,OCT:00000000\n+rsvd1 = INTEGER:0x00\n+rsdv2 = INTEGER:0x00\n+rsdv3 = INTEGER:0x00\n+'''\n+ else:\n+ boot_ext = \"\"\n+\n+ if load_ext_data is not None:\n+ load_ext = f'''\n+[ sysfw_image_load ]\n+destAddr = FORMAT:HEX,OCT:{load_ext_data['dest_addr']:08x}\n+authInPlace = INTEGER:{load_ext_data['auth_type']}\n+'''\n+ else:\n+ load_ext = f'''\n+[ sysfw_image_load ]\n+destAddr = FORMAT:HEX,OCT:00000000\n+authInPlace = INTEGER:{hex(firewall_cert_data['auth_in_place'])}\n+'''\n+\n with open(config_fname, 'w', encoding='utf-8') as outf:\n print(f'''[ req ]\n distinguished_name = req_distinguished_name\n@@ -138,9 +179,9 @@ shaType = OID:2.16.840.1.101.3.4.2.3\n shaValue = FORMAT:HEX,OCT:{hashval}\n imageSize = INTEGER:{len(indata)}\n \n-[ sysfw_image_load ]\n-destAddr = FORMAT:HEX,OCT:00000000\n-authInPlace = INTEGER:{hex(firewall_cert_data['auth_in_place'])}\n+{boot_ext}\n+\n+{load_ext}\n \n [ firewall ]\n numFirewallRegions = INTEGER:{firewall_cert_data['num_firewalls']}\ndiff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py\nindex f6caa0286d9..bc44b684892 100644\n--- a/tools/binman/etype/ti_secure.py\n+++ b/tools/binman/etype/ti_secure.py\n@@ -116,6 +116,7 @@ class Entry_ti_secure(Entry_x509_cert):\n if auth_in_place:\n self.firewall_cert_data['auth_in_place'] = auth_in_place\n self.ReadFirewallNode()\n+ self.ReadLoadableCoreNode()\n self.sha = fdt_util.GetInt(self._node, 'sha', 512)\n self.req_dist_name = {'C': 'US',\n 'ST': 'TX',\n@@ -126,6 +127,23 @@ class Entry_ti_secure(Entry_x509_cert):\n 'emailAddress': 'support@ti.com'}\n self.debug = fdt_util.GetBool(self._node, 'debug', False)\n \n+ def ReadLoadableCoreNode(self):\n+ boot_ext_props = ['proc_id', 'flags_set', 'flags_clr', 'reset_vector']\n+ load_ext_props = ['dest_addr', 'auth_type']\n+\n+ self.boot_ext = self.ReadDictFromList(boot_ext_props)\n+ self.load_ext = self.ReadDictFromList(load_ext_props)\n+\n+ def ReadDictFromList(self, props):\n+ props_dict = dict.fromkeys(props)\n+ for prop in props:\n+ val = fdt_util.GetInt(self._node, prop)\n+ if val is None:\n+ return None\n+ else:\n+ props_dict[prop] = val\n+ return props_dict\n+\n def ReadFirewallNode(self):\n self.firewall_cert_data['certificate'] = \"\"\n self.firewall_cert_data['num_firewalls'] = 0\ndiff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py\nindex b6e8b0b4fb0..b6028f6be84 100644\n--- a/tools/binman/etype/x509_cert.py\n+++ b/tools/binman/etype/x509_cert.py\n@@ -102,7 +102,9 @@ class Entry_x509_cert(Entry_collection):\n config_fname=config_fname,\n sw_rev=self.sw_rev,\n req_dist_name_dict=self.req_dist_name,\n- firewall_cert_data=self.firewall_cert_data)\n+ firewall_cert_data=self.firewall_cert_data,\n+ boot_ext_data=self.boot_ext,\n+ load_ext_data=self.load_ext)\n elif type == 'rom':\n stdout = self.openssl.x509_cert_rom(\n cert_fname=output_fname,\n", "prefixes": [ "v4", "07/11" ] }