Message ID | 20230714135110.109928-1-n-francis@ti.com |
---|---|
Headers | show |
Series | Migration to using binman for bootloader | expand |
On 7/14/23 15:50, Neha Malcom Francis wrote: > This series aims to eliminate the use of additional custom repositories > such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3 > Security Development Tools) that was plumbed into the U-Boot build flow > to generate boot images for TI K3 platform devices. And instead, we move > towards using binman that aligns better with the community standard build > flow. > > This series uses binman for all K3 platforms supported on U-Boot currently; > both HS (High Security, both SE and FS) and GP (General Purpose) devices. > > Background on using k3-image-gen: > * TI K3 devices require a SYSFW (System Firmware) image consisting > of a signed system firmware image and board configuration binaries, > this is needed to bring up system firmware during U-Boot R5 SPL > startup. > * Board configuration data contain board-specific information > such as resource management, power management and security. > > Background on using core-secdev-k3: > * Contains resources to sign x509 certificates for HS devices > > Series intends to use binman to take over the packaging and signing for > the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined > boot flow) instead of k3-image-gen. > > Series also packages the A72/A53 bootloader images (tispl.bin and > u-boot.img) using ATF, OPTEE and DM (Device Manager) > > Changes in v7: > - corrected Texas Instruments copyright year > - k3-am65-iot2050 image fit@0x180000 filename retained as > tispl.bin > > Changes in v6: > - addressed whitespace warnings > - added testcase for overwriting symlink functionality > - %s/Arm Trusted Firmware/Trusted Firmware-A > - %s/tee-pager_v2.bin/tee-raw.bin I can still find quite a few occurrences of tee-pager_v2.bin in the patch set (and in v7 too). Did you forget to change? Another note applicable to several patches in v7: 'description = "OPTEE"' should be 'description = "OP-TEE"' (the official spelling has a hyphen).
Hi Jerome On 14/07/23 19:37, Jerome Forissier wrote: > > > On 7/14/23 15:50, Neha Malcom Francis wrote: >> This series aims to eliminate the use of additional custom repositories >> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3 >> Security Development Tools) that was plumbed into the U-Boot build flow >> to generate boot images for TI K3 platform devices. And instead, we move >> towards using binman that aligns better with the community standard build >> flow. >> >> This series uses binman for all K3 platforms supported on U-Boot currently; >> both HS (High Security, both SE and FS) and GP (General Purpose) devices. >> >> Background on using k3-image-gen: >> * TI K3 devices require a SYSFW (System Firmware) image consisting >> of a signed system firmware image and board configuration binaries, >> this is needed to bring up system firmware during U-Boot R5 SPL >> startup. >> * Board configuration data contain board-specific information >> such as resource management, power management and security. >> >> Background on using core-secdev-k3: >> * Contains resources to sign x509 certificates for HS devices >> >> Series intends to use binman to take over the packaging and signing for >> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined >> boot flow) instead of k3-image-gen. >> >> Series also packages the A72/A53 bootloader images (tispl.bin and >> u-boot.img) using ATF, OPTEE and DM (Device Manager) >> >> Changes in v7: >> - corrected Texas Instruments copyright year >> - k3-am65-iot2050 image fit@0x180000 filename retained as >> tispl.bin >> >> Changes in v6: >> - addressed whitespace warnings >> - added testcase for overwriting symlink functionality >> - %s/Arm Trusted Firmware/Trusted Firmware-A >> - %s/tee-pager_v2.bin/tee-raw.bin > > I can still find quite a few occurrences of tee-pager_v2.bin in the patch > set (and in v7 too). Did you forget to change? > > Another note applicable to several patches in v7: > 'description = "OPTEE"' should be > 'description = "OP-TEE"' (the official spelling has a hyphen). > Thanks for catching these, it was an oversight. Will change it.
Hi, On Fri, Jul 14, 2023 at 07:20:47PM +0530, Neha Malcom Francis wrote: > This series aims to eliminate the use of additional custom repositories > such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3 > Security Development Tools) that was plumbed into the U-Boot build flow > to generate boot images for TI K3 platform devices. And instead, we move > towards using binman that aligns better with the community standard build > flow. > > This series uses binman for all K3 platforms supported on U-Boot currently; > both HS (High Security, both SE and FS) and GP (General Purpose) devices. > > Background on using k3-image-gen: > * TI K3 devices require a SYSFW (System Firmware) image consisting > of a signed system firmware image and board configuration binaries, > this is needed to bring up system firmware during U-Boot R5 SPL > startup. > * Board configuration data contain board-specific information > such as resource management, power management and security. > > Background on using core-secdev-k3: > * Contains resources to sign x509 certificates for HS devices > > Series intends to use binman to take over the packaging and signing for > the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined > boot flow) instead of k3-image-gen. > > Series also packages the A72/A53 bootloader images (tispl.bin and > u-boot.img) using ATF, OPTEE and DM (Device Manager) Tested-by: Maxime Ripard <mripard@kernel.org> It took a while to figure out that the tiboot3.bin file was for the HS-FS variant now, while I was using a GP board. Maybe we should clarify that in the doc? Maxime
Hi Maxime On 17/07/23 18:19, Maxime Ripard wrote: > Hi, > > On Fri, Jul 14, 2023 at 07:20:47PM +0530, Neha Malcom Francis wrote: >> This series aims to eliminate the use of additional custom repositories >> such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3 >> Security Development Tools) that was plumbed into the U-Boot build flow >> to generate boot images for TI K3 platform devices. And instead, we move >> towards using binman that aligns better with the community standard build >> flow. >> >> This series uses binman for all K3 platforms supported on U-Boot currently; >> both HS (High Security, both SE and FS) and GP (General Purpose) devices. >> >> Background on using k3-image-gen: >> * TI K3 devices require a SYSFW (System Firmware) image consisting >> of a signed system firmware image and board configuration binaries, >> this is needed to bring up system firmware during U-Boot R5 SPL >> startup. >> * Board configuration data contain board-specific information >> such as resource management, power management and security. >> >> Background on using core-secdev-k3: >> * Contains resources to sign x509 certificates for HS devices >> >> Series intends to use binman to take over the packaging and signing for >> the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined >> boot flow) instead of k3-image-gen. >> >> Series also packages the A72/A53 bootloader images (tispl.bin and >> u-boot.img) using ATF, OPTEE and DM (Device Manager) > > Tested-by: Maxime Ripard <mripard@kernel.org> > Thanks for testing! > It took a while to figure out that the tiboot3.bin file was for the > HS-FS variant now, while I was using a GP board. > Depends on the board, based on the commonly available boards tiboot3.bin is symlinked to either GP or HS-FS. > Maybe we should clarify that in the doc? But yes, I will factor this into the docs. > > Maxime
On Mon, Jul 17, 2023 at 06:38:22PM +0530, Neha Malcom Francis wrote: > Hi Maxime > > On 17/07/23 18:19, Maxime Ripard wrote: > > Hi, > > > > On Fri, Jul 14, 2023 at 07:20:47PM +0530, Neha Malcom Francis wrote: > > > This series aims to eliminate the use of additional custom repositories > > > such as k3-image-gen (K3 Image Generation) repo and core-secdev-k3 (K3 > > > Security Development Tools) that was plumbed into the U-Boot build flow > > > to generate boot images for TI K3 platform devices. And instead, we move > > > towards using binman that aligns better with the community standard build > > > flow. > > > > > > This series uses binman for all K3 platforms supported on U-Boot currently; > > > both HS (High Security, both SE and FS) and GP (General Purpose) devices. > > > > > > Background on using k3-image-gen: > > > * TI K3 devices require a SYSFW (System Firmware) image consisting > > > of a signed system firmware image and board configuration binaries, > > > this is needed to bring up system firmware during U-Boot R5 SPL > > > startup. > > > * Board configuration data contain board-specific information > > > such as resource management, power management and security. > > > > > > Background on using core-secdev-k3: > > > * Contains resources to sign x509 certificates for HS devices > > > > > > Series intends to use binman to take over the packaging and signing for > > > the R5 bootloader images tiboot3.bin (and sysfw.itb, for non-combined > > > boot flow) instead of k3-image-gen. > > > > > > Series also packages the A72/A53 bootloader images (tispl.bin and > > > u-boot.img) using ATF, OPTEE and DM (Device Manager) > > > > Tested-by: Maxime Ripard <mripard@kernel.org> > > > > Thanks for testing! > > > It took a while to figure out that the tiboot3.bin file was for the > > HS-FS variant now, while I was using a GP board. > > Depends on the board, based on the commonly available boards tiboot3.bin is > symlinked to either GP or HS-FS. Sure, I guess that my point was that prior to your patches we would specify the firmware that match our board and thus tiboot3.bin was always the right one. Now, it can be the wrong one and we have, most likely, to use the proper image instead of following the symlink. But the doc still says we should pick the symlink. > > Maybe we should clarify that in the doc? > > But yes, I will factor this into the docs. Thanks :) Maxime