binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts

According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-23 13:31:02 +05:30 · 2023-10-23 13:31:02 +05:30 · a4ed4c8a51
commit a4ed4c8a51
parent ad8dbabc22
5 changed files with 17 additions and 5 deletions
--- a/tools/binman/btool/openssl.py
+++ b/tools/binman/btool/openssl.py
@ -155,6 +155,7 @@ authInPlace = INTEGER:2
            C, ST, L, O, OU, CN and emailAddress
            cert_type (int): Certification type
            bootcore (int): Booting core
+            bootcore_opts(int): Booting core option, lockstep (0) or split (2) mode
            load_addr (int): Load address of image
            sha (int): Hash function

@ -225,7 +226,7 @@ emailAddress           = {req_dist_name_dict['emailAddress']}
                  imagesize_sbl, hashval_sbl, load_addr_sysfw, imagesize_sysfw,
                  hashval_sysfw, load_addr_sysfw_data, imagesize_sysfw_data,
                  hashval_sysfw_data, sysfw_inner_cert_ext_boot_block,
-                  dm_data_ext_boot_block):
+                  dm_data_ext_boot_block, bootcore_opts):
        """Create a certificate

        Args:
@ -241,6 +242,7 @@ emailAddress           = {req_dist_name_dict['emailAddress']}
            bootcore (int): Booting core
            load_addr (int): Load address of image
            sha (int): Hash function
+            bootcore_opts (int): Booting core option, lockstep (0) or split (2) mode

        Returns:
            str: Tool output
@ -285,7 +287,7 @@ sysfw_data=SEQUENCE:sysfw_data
 [sbl]
 compType = INTEGER:1
 bootCore = INTEGER:16
-compOpts = INTEGER:0
+compOpts = INTEGER:{bootcore_opts}
 destAddr = FORMAT:HEX,OCT:{load_addr:08x}
 compSize = INTEGER:{imagesize_sbl}
 shaType  = OID:{sha_type}
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@ -1944,6 +1944,7 @@ Properties / Entry arguments:
    - core: core on which bootloader runs, valid cores are 'secure' and 'public'
    - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
      in case of combined bootflow
+    - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default

 The following properties are only for generating a combined bootflow binary:
    - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
--- a/tools/binman/etype/ti_secure_rom.py
+++ b/tools/binman/etype/ti_secure_rom.py
@ -32,6 +32,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
        - core: core on which bootloader runs, valid cores are 'secure' and 'public'
        - content: phandle of SPL in case of legacy bootflow or phandles of component binaries
          in case of combined bootflow
+        - core-opts (optional): lockstep (0) or split (2) mode set to 0 by default

    The following properties are only for generating a combined bootflow binary:
        - sysfw-inner-cert: boolean if binary contains sysfw inner certificate
@ -69,6 +70,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
        self.sw_rev = fdt_util.GetInt(self._node, 'sw-rev', 1)
        self.sha = fdt_util.GetInt(self._node, 'sha', 512)
        self.core = fdt_util.GetString(self._node, 'core', 'secure')
+        self.bootcore_opts = fdt_util.GetInt(self._node, 'core-opts')
        self.key_fname = self.GetEntryArgsOrProps([
            EntryArg('keyfile', str)], required=True)[0]
        if self.combined:
@ -97,17 +99,19 @@ class Entry_ti_secure_rom(Entry_x509_cert):
            bytes content of the entry, which is the certificate binary for the
                provided data
        """
+        if self.bootcore_opts is None:
+            self.bootcore_opts = 0
+
        if self.core == 'secure':
            if self.countersign:
                self.cert_type = 3
            else:
                self.cert_type = 2
            self.bootcore = 0
-            self.bootcore_opts = 32
        else:
            self.cert_type = 1
            self.bootcore = 16
-            self.bootcore_opts = 0
+
        return super().GetCertificate(required=required, type='rom')

    def CombinedGetCertificate(self, required):
@ -126,6 +130,9 @@ class Entry_ti_secure_rom(Entry_x509_cert):
        self.num_comps = 3
        self.sha_type = SHA_OIDS[self.sha]

+        if self.bootcore_opts is None:
+            self.bootcore_opts = 0
+
        # sbl
        self.content = fdt_util.GetPhandleList(self._node, 'content-sbl')
        input_data_sbl = self.GetContents(required)
--- a/tools/binman/etype/x509_cert.py
+++ b/tools/binman/etype/x509_cert.py
@ -136,7 +136,8 @@ class Entry_x509_cert(Entry_collection):
                imagesize_sysfw_data=self.imagesize_sysfw_data,
                hashval_sysfw_data=self.hashval_sysfw_data,
                sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
-                dm_data_ext_boot_block=self.dm_data_ext_boot_block
+                dm_data_ext_boot_block=self.dm_data_ext_boot_block,
+                bootcore_opts=self.bootcore_opts
            )
        if stdout is not None:
            data = tools.read_file(output_fname)
--- a/tools/binman/test/297_ti_secure_rom.dts
+++ b/tools/binman/test/297_ti_secure_rom.dts
@ -9,6 +9,7 @@
 	binman {
 		ti-secure-rom {
 			content = <&unsecure_binary>;
+			core-opts = <2>;
 		};
 		unsecure_binary: blob-ext {
 			filename = "ti_unsecure.bin";