binman: ti-secure: Enable debug extension for combined boot

Message ID	20240326-b4-upstream-jtag-debug-unlock-v1-1-720d8635a4f4@ti.com
State	Accepted
Commit	fbfd2baf975f4a0d6345e4d0ed6094c549fe1d03
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Manorit Chawdhry <m-chawdhry@ti.com> Date: Tue, 26 Mar 2024 13:37:06 +0530 Subject: [PATCH] binman: ti-secure: Enable debug extension for combined boot MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <20240326-b4-upstream-jtag-debug-unlock-v1-1-720d8635a4f4@ti.com> To: Simon Glass <sjg@chromium.org>, Alper Nebi Yasak <alpernebiyasak@gmail.com>, Tom Rini <trini@konsulko.com> CC: <u-boot@lists.denx.de>, Vignesh Raghavendra <vigneshr@ti.com>, Andrew Davis <afd@ti.com>, Kamlesh Gurudasani <kamlesh@ti.com>, Udit Kumar <u-kumar1@ti.com>, Neha Malcom Francis <n-francis@ti.com>, Manorit Chawdhry <m-chawdhry@ti.com> Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	binman: ti-secure: Enable debug extension for combined boot \| expand binman: ti-secure: Enable debug extension for combined boot

Message ID

20240326-b4-upstream-jtag-debug-unlock-v1-1-720d8635a4f4@ti.com

State

Accepted

Commit

fbfd2baf975f4a0d6345e4d0ed6094c549fe1d03

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256
 header.s=ti-com-17Q1 header.b=TQPX5AeM;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4V3j8H2Mg1z1yWy
	for <incoming@patchwork.ozlabs.org>; Tue, 26 Mar 2024 19:07:27 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id D3BEA87F65;
	Tue, 26 Mar 2024 09:07:21 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.b="TQPX5AeM";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 7AA2887F65; Tue, 26 Mar 2024 09:07:21 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 8AF7A87FAC
 for <u-boot@lists.denx.de>; Tue, 26 Mar 2024 09:07:18 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=m-chawdhry@ti.com
Received: from lelv0265.itg.ti.com ([10.180.67.224])
 by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id 42Q87EjY008061;
 Tue, 26 Mar 2024 03:07:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;
 s=ti-com-17Q1; t=1711440434;
 bh=kCH3al5dwe1a9EbL6arsV2+t0/G+I9UiOAJ1d5L9rt0=;
 h=From:Date:Subject:To:CC;
 b=TQPX5AeMHAPSM94ZIwIF39Vqtviv/x//2RZGN7BCyMN8McSW0OyAMrGSFBUrtVXwh
 s6fsXNgYKxIddsCr9vOmd/m9RTjhJkn+xnPhyoLjT86TL1xHBDC/yQwiNg2rqFF4Dr
 3JVTUvsESL3b/oqHETnxTr0UeQjWI0O/OB2oyj98=
Received: from DFLE107.ent.ti.com (dfle107.ent.ti.com [10.64.6.28])
 by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 42Q87EnH001398
 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL);
 Tue, 26 Mar 2024 03:07:14 -0500
Received: from DFLE101.ent.ti.com (10.64.6.22) by DFLE107.ent.ti.com
 (10.64.6.28) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Tue, 26
 Mar 2024 03:07:13 -0500
Received: from lelvsmtp5.itg.ti.com (10.180.75.250) by DFLE101.ent.ti.com
 (10.64.6.22) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via
 Frontend Transport; Tue, 26 Mar 2024 03:07:13 -0500
Received: from [127.0.1.1] (uda0497581.dhcp.ti.com [10.24.68.185])
 by lelvsmtp5.itg.ti.com (8.15.2/8.15.2) with ESMTP id 42Q87AOk119764;
 Tue, 26 Mar 2024 03:07:11 -0500
From: Manorit Chawdhry <m-chawdhry@ti.com>
Date: Tue, 26 Mar 2024 13:37:06 +0530
Subject: [PATCH] binman: ti-secure: Enable debug extension for combined
 boot
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <20240326-b4-upstream-jtag-debug-unlock-v1-1-720d8635a4f4@ti.com>
X-B4-Tracking: v=1; b=H4sIACqCAmYC/x3MSwqAIBAA0KvErBsokxZdJVqojTZ9LDQjiO6et
 Hyb90CkwBShKx4IdHHk3WfUZQFmUt4R8pgNohKyakSLWmI64hlIbTifyuFIOjlMft3Ngq01oqZ
 GSmM15OMIZPn+/3543w8J+eEsbwAAAA==
To: Simon Glass <sjg@chromium.org>, Alper Nebi Yasak
 <alpernebiyasak@gmail.com>, Tom Rini <trini@konsulko.com>
CC: <u-boot@lists.denx.de>, Vignesh Raghavendra <vigneshr@ti.com>, Andrew
 Davis <afd@ti.com>, Kamlesh Gurudasani <kamlesh@ti.com>, Udit Kumar
 <u-kumar1@ti.com>, Neha Malcom Francis <n-francis@ti.com>, Manorit Chawdhry
 <m-chawdhry@ti.com>
X-Mailer: b4 0.13-dev
X-Developer-Signature: v=1; a=ed25519-sha256; t=1711440430; l=1592;
 i=m-chawdhry@ti.com; s=20231127; h=from:subject:message-id;
 bh=AbARQ3DR+qCIJZ1sd0Q5YhQLPyZQE2eu+IRir0gwl08=;
 b=1PV8+nkHLqjOn15eDeQZgJrxTK5VbgPAvfLnVpqijqxCN6JAJdHETwkWfRf26ydGwTzffrSvK
 WXISLN6su8/CDmCfNc0giwIKJbP3H25pYYnvbYEwFam91FU0Zo2LP0l
X-Developer-Key: i=m-chawdhry@ti.com; a=ed25519;
 pk=fsr6Tm39TvsTgfyfFQLk+nnqIz2sBA1PthfqqfiiYSs=
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Series

binman: ti-secure: Enable debug extension for combined boot | expand

Commit Message

Manorit Chawdhry March 26, 2024, 8:07 a.m. UTC

To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.

Add the debug extension and enable it by default.

Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
---
Keeping this enabled by default as this is enabled for non-combined boot
as well by default.
---
 tools/binman/btool/openssl.py | 7 +++++++
 1 file changed, 7 insertions(+)


---
base-commit: fb49d6c289d942ff7de309a5c5eaa37a7f4235db
change-id: 20240326-b4-upstream-jtag-debug-unlock-6fc21e344cfb

Best regards,

Comments

Neha Malcom Francis March 26, 2024, 9:48 a.m. UTC | #1

Hi Manorit

On 26/03/24 13:37, Manorit Chawdhry wrote:
> To debug using jtag, ROM needs to unlock jtag debugging on HS devices
> and it does that looking at this debug extension.
> 
> Add the debug extension and enable it by default.
> 
> Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
> ---
> Keeping this enabled by default as this is enabled for non-combined boot
> as well by default.
> ---
>   tools/binman/btool/openssl.py | 7 +++++++
>   1 file changed, 7 insertions(+)
> 
> diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
> index fe81a1f51b1e..c6df64c5316d 100644
> --- a/tools/binman/btool/openssl.py
> +++ b/tools/binman/btool/openssl.py
> @@ -283,6 +283,7 @@ emailAddress           = {req_dist_name_dict['emailAddress']}
>   basicConstraints = CA:true
>   1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
>   1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
> +1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
>   
>   [swrv]
>   swrv=INTEGER:{sw_rev}
> @@ -323,6 +324,12 @@ compSize = INTEGER:{imagesize_sysfw_data}
>   shaType  = OID:{sha_type}
>   shaValue = FORMAT:HEX,OCT:{hashval_sysfw_data}
>   
> +[ debug ]
> +debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
> +debugType = INTEGER:4
> +coreDbgEn = INTEGER:0
> +coreDbgSecEn = INTEGER:0
> +
>   {sysfw_inner_cert_ext_boot_block}
>   
>   {dm_data_ext_boot_block}
> 
> ---
> base-commit: fb49d6c289d942ff7de309a5c5eaa37a7f4235db
> change-id: 20240326-b4-upstream-jtag-debug-unlock-6fc21e344cfb
> 
> Best regards,

Reviewed-by: Neha Malcom Francis <n-francis@ti.com>

Tom Rini April 12, 2024, 2:12 a.m. UTC | #2

On Tue, 26 Mar 2024 13:37:06 +0530, Manorit Chawdhry wrote:

> To debug using jtag, ROM needs to unlock jtag debugging on HS devices
> and it does that looking at this debug extension.
> 
> Add the debug extension and enable it by default.
> 
> 

Applied to u-boot/master, thanks!

diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
index fe81a1f51b1e..c6df64c5316d 100644
--- a/tools/binman/btool/openssl.py
+++ b/tools/binman/btool/openssl.py
@@ -283,6 +283,7 @@  emailAddress           = {req_dist_name_dict['emailAddress']}
 basicConstraints = CA:true
 1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
 1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
+1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
 
 [swrv]
 swrv=INTEGER:{sw_rev}
@@ -323,6 +324,12 @@  compSize = INTEGER:{imagesize_sysfw_data}
 shaType  = OID:{sha_type}
 shaValue = FORMAT:HEX,OCT:{hashval_sysfw_data}
 
+[ debug ]
+debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
+debugType = INTEGER:4
+coreDbgEn = INTEGER:0
+coreDbgSecEn = INTEGER:0
+
 {sysfw_inner_cert_ext_boot_block}
 
 {dm_data_ext_boot_block}

binman: ti-secure: Enable debug extension for combined boot

Commit Message

Comments

Patch