* [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure firmware images
2022-09-09 5:50 [meta-ti][dunfell][PATCH 0/3] Authentication of firmware images Manorit Chawdhry
@ 2022-09-09 5:50 ` Manorit Chawdhry
2022-09-10 23:22 ` Denys Dmytriyenko
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: " Manorit Chawdhry
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 3/3] ti-rtos-firmware: j721s2-hs-evm: " Manorit Chawdhry
2 siblings, 1 reply; 7+ messages in thread
From: Manorit Chawdhry @ 2022-09-09 5:50 UTC (permalink / raw)
To: meta-ti; +Cc: Andrew Davis, Nishanth Menon, Manorit Chawdhry
Adds support for secure firmware images in J721E HS EVM.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
---
recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 80 +++++++++++++++++++++-
1 file changed, 79 insertions(+), 1 deletion(-)
diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
index 19ea93f1..78faeae3 100644
--- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
+++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
@@ -14,6 +14,7 @@ inherit update-alternatives
PLAT_SFX = ""
PLAT_SFX_j7 = "j721e"
+PLAT_SFX_j7-hs-evm = "j721e"
PLAT_SFX_j7200-evm = "j7200"
PLAT_SFX_j7200-hs-evm = "j7200"
PLAT_SFX_j721s2-evm = "j721s2"
@@ -31,7 +32,7 @@ PV = "${CORESDK_RTOS_VERSION}"
CLEANBROKEN = "1"
PR = "${INC_PR}.0"
-# Secure Build
+# Secure Build
DEPENDS += "openssl-native"
FILES_${PN} += "${base_libdir}"
@@ -57,6 +58,28 @@ do_install_prepend_j7-hs-evm() {
mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
)
+ (
+ cd ${RTOS_IPC_FW_DIR}; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
+ ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
+ ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \
+ ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \
+ ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_1_release_strip.xe66 \
+ ipc_echo_test_c66xdsp_1_release_strip.xe66.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_2_release_strip.xe66 \
+ ipc_echo_test_c66xdsp_2_release_strip.xe66.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \
+ ipc_echo_test_c7x_1_release_strip.xe71.signed; \
+ )
+ (
+ cd ${RTOS_ETH_FW_DIR}; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \
+ app_remoteswitchcfg_server_strip.xer5f.signed;
+ )
}
# J7 HS support
@@ -117,6 +140,18 @@ do_install_j7() {
install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR}
}
+do_install_append_j7-hs-evm() {
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR}
+ # ETH firmware
+ install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR}
+}
+
do_install_j7200-evm() {
install -d ${LEGACY_IPC_FW_DIR}
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
@@ -223,6 +258,25 @@ ALTERNATIVE_${PN}_am62xx = "\
am62-main-r5f0_0-fw \
"
+ALTERNATIVE_${PN}_j7-hs-evm = "\
+ j7-mcu-r5f0_0-fw \
+ j7-mcu-r5f0_1-fw \
+ j7-main-r5f0_0-fw \
+ j7-main-r5f0_1-fw \
+ j7-main-r5f1_0-fw \
+ j7-main-r5f1_1-fw \
+ j7-c66_0-fw \
+ j7-c66_1-fw \
+ j7-c71_0-fw\
+ j7-main-r5f0_0-fw-sec \
+ j7-main-r5f0_1-fw-sec \
+ j7-main-r5f1_0-fw-sec \
+ j7-main-r5f1_1-fw-sec \
+ j7-c66_0-fw-sec \
+ j7-c66_1-fw-sec \
+ j7-c71_0-fw-sec \
+ "
+
ALTERNATIVE_${PN}_j7 = "\
j7-mcu-r5f0_0-fw \
j7-mcu-r5f0_1-fw \
@@ -295,6 +349,14 @@ TARGET_C66_0_j7 = "j7-c66_0-fw"
TARGET_C66_1_j7 = "j7-c66_1-fw"
TARGET_C7X_0_j7 = "j7-c71_0-fw"
+TARGET_MAIN_R5FSS0_0_SIGNED_j7-hs-evm = "j7-main-r5f0_0-fw-sec"
+TARGET_MAIN_R5FSS0_1_SIGNED_j7-hs-evm = "j7-main-r5f0_1-fw-sec"
+TARGET_MAIN_R5FSS1_0_SIGNED_j7-hs-evm = "j7-main-r5f1_0-fw-sec"
+TARGET_MAIN_R5FSS1_1_SIGNED_j7-hs-evm = "j7-main-r5f1_1-fw-sec"
+TARGET_C66_0_SIGNED_j7-hs-evm = "j7-c66_0-fw-sec"
+TARGET_C66_1_SIGNED_j7-hs-evm = "j7-c66_1-fw-sec"
+TARGET_C7X_0_SIGNED_j7-hs-evm = "j7-c71_0-fw-sec"
+
TARGET_MCU_R5FSS0_0_j7200-evm = "j7200-mcu-r5f0_0-fw"
TARGET_MCU_R5FSS0_1_j7200-evm = "j7200-mcu-r5f0_1-fw"
TARGET_MAIN_R5FSS0_0_j7200-evm = "j7200-main-r5f0_0-fw"
@@ -345,6 +407,14 @@ ALTERNATIVE_LINK_NAME[j7-c66_0-fw] = "${base_libdir}/firmware/${TARGET_C66_0}"
ALTERNATIVE_LINK_NAME[j7-c66_1-fw] = "${base_libdir}/firmware/${TARGET_C66_1}"
ALTERNATIVE_LINK_NAME[j7-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}"
+ALTERNATIVE_LINK_NAME[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-c66_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-c66_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_1_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}"
+
ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
@@ -383,6 +453,14 @@ ALTERNATIVE_TARGET[j7-c66_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test
ALTERNATIVE_TARGET[j7-c66_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66"
ALTERNATIVE_TARGET[j7-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71"
+ALTERNATIVE_TARGET[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j7-c66_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed"
+ALTERNATIVE_TARGET[j7-c66_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed"
+ALTERNATIVE_TARGET[j7-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed"
+
ALTERNATIVE_TARGET[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f"
ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f"
ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure firmware images
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure " Manorit Chawdhry
@ 2022-09-10 23:22 ` Denys Dmytriyenko
2022-09-12 8:50 ` Manorit Chawdhry
0 siblings, 1 reply; 7+ messages in thread
From: Denys Dmytriyenko @ 2022-09-10 23:22 UTC (permalink / raw)
To: m-chawdhry; +Cc: meta-ti, Andrew Davis, Nishanth Menon
On Fri, Sep 09, 2022 at 11:20:53AM +0530, Manorit Chawdhry via lists.yoctoproject.org wrote:
> Adds support for secure firmware images in J721E HS EVM.
>
> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
> ---
> recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 80 +++++++++++++++++++++-
> 1 file changed, 79 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> index 19ea93f1..78faeae3 100644
> --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> @@ -14,6 +14,7 @@ inherit update-alternatives
>
> PLAT_SFX = ""
> PLAT_SFX_j7 = "j721e"
> +PLAT_SFX_j7-hs-evm = "j721e"
In dunfell j7 above already covers j7-hs-evm
> PLAT_SFX_j7200-evm = "j7200"
> PLAT_SFX_j7200-hs-evm = "j7200"
> PLAT_SFX_j721s2-evm = "j721s2"
> @@ -31,7 +32,7 @@ PV = "${CORESDK_RTOS_VERSION}"
> CLEANBROKEN = "1"
> PR = "${INC_PR}.0"
>
> -# Secure Build
> +# Secure Build
> DEPENDS += "openssl-native"
>
> FILES_${PN} += "${base_libdir}"
> @@ -57,6 +58,28 @@ do_install_prepend_j7-hs-evm() {
> mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
> ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
> )
> + (
> + cd ${RTOS_IPC_FW_DIR}; \
Same comment about keeping the formatting intact.
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
> + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
> + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \
> + ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \
> + ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_1_release_strip.xe66 \
> + ipc_echo_test_c66xdsp_1_release_strip.xe66.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_2_release_strip.xe66 \
> + ipc_echo_test_c66xdsp_2_release_strip.xe66.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \
> + ipc_echo_test_c7x_1_release_strip.xe71.signed; \
> + )
> + (
> + cd ${RTOS_ETH_FW_DIR}; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \
> + app_remoteswitchcfg_server_strip.xer5f.signed;
> + )
> }
>
> # J7 HS support
> @@ -117,6 +140,18 @@ do_install_j7() {
> install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR}
> }
>
> +do_install_append_j7-hs-evm() {
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR}
> + # ETH firmware
> + install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR}
> +}
> +
> do_install_j7200-evm() {
> install -d ${LEGACY_IPC_FW_DIR}
> install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
> @@ -223,6 +258,25 @@ ALTERNATIVE_${PN}_am62xx = "\
> am62-main-r5f0_0-fw \
> "
>
> +ALTERNATIVE_${PN}_j7-hs-evm = "\
> + j7-mcu-r5f0_0-fw \
> + j7-mcu-r5f0_1-fw \
> + j7-main-r5f0_0-fw \
> + j7-main-r5f0_1-fw \
> + j7-main-r5f1_0-fw \
> + j7-main-r5f1_1-fw \
> + j7-c66_0-fw \
> + j7-c66_1-fw \
> + j7-c71_0-fw\
> + j7-main-r5f0_0-fw-sec \
> + j7-main-r5f0_1-fw-sec \
> + j7-main-r5f1_0-fw-sec \
> + j7-main-r5f1_1-fw-sec \
> + j7-c66_0-fw-sec \
> + j7-c66_1-fw-sec \
> + j7-c71_0-fw-sec \
> + "
> +
> ALTERNATIVE_${PN}_j7 = "\
> j7-mcu-r5f0_0-fw \
> j7-mcu-r5f0_1-fw \
> @@ -295,6 +349,14 @@ TARGET_C66_0_j7 = "j7-c66_0-fw"
> TARGET_C66_1_j7 = "j7-c66_1-fw"
> TARGET_C7X_0_j7 = "j7-c71_0-fw"
>
> +TARGET_MAIN_R5FSS0_0_SIGNED_j7-hs-evm = "j7-main-r5f0_0-fw-sec"
> +TARGET_MAIN_R5FSS0_1_SIGNED_j7-hs-evm = "j7-main-r5f0_1-fw-sec"
> +TARGET_MAIN_R5FSS1_0_SIGNED_j7-hs-evm = "j7-main-r5f1_0-fw-sec"
> +TARGET_MAIN_R5FSS1_1_SIGNED_j7-hs-evm = "j7-main-r5f1_1-fw-sec"
> +TARGET_C66_0_SIGNED_j7-hs-evm = "j7-c66_0-fw-sec"
> +TARGET_C66_1_SIGNED_j7-hs-evm = "j7-c66_1-fw-sec"
> +TARGET_C7X_0_SIGNED_j7-hs-evm = "j7-c71_0-fw-sec"
> +
> TARGET_MCU_R5FSS0_0_j7200-evm = "j7200-mcu-r5f0_0-fw"
> TARGET_MCU_R5FSS0_1_j7200-evm = "j7200-mcu-r5f0_1-fw"
> TARGET_MAIN_R5FSS0_0_j7200-evm = "j7200-main-r5f0_0-fw"
> @@ -345,6 +407,14 @@ ALTERNATIVE_LINK_NAME[j7-c66_0-fw] = "${base_libdir}/firmware/${TARGET_C66_0}"
> ALTERNATIVE_LINK_NAME[j7-c66_1-fw] = "${base_libdir}/firmware/${TARGET_C66_1}"
> ALTERNATIVE_LINK_NAME[j7-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}"
>
> +ALTERNATIVE_LINK_NAME[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-c66_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_0_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-c66_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_1_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}"
> +
> ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
> ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
> ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
> @@ -383,6 +453,14 @@ ALTERNATIVE_TARGET[j7-c66_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test
> ALTERNATIVE_TARGET[j7-c66_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66"
> ALTERNATIVE_TARGET[j7-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71"
>
> +ALTERNATIVE_TARGET[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed"
> +ALTERNATIVE_TARGET[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
> +ALTERNATIVE_TARGET[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed"
> +ALTERNATIVE_TARGET[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed"
> +ALTERNATIVE_TARGET[j7-c66_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed"
> +ALTERNATIVE_TARGET[j7-c66_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed"
> +ALTERNATIVE_TARGET[j7-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed"
> +
> ALTERNATIVE_TARGET[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f"
> ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f"
> ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f"
> --
> 2.34.1
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure firmware images
2022-09-10 23:22 ` Denys Dmytriyenko
@ 2022-09-12 8:50 ` Manorit Chawdhry
0 siblings, 0 replies; 7+ messages in thread
From: Manorit Chawdhry @ 2022-09-12 8:50 UTC (permalink / raw)
To: Denys Dmytriyenko; +Cc: meta-ti, Andrew Davis, Nishanth Menon
On 19:22-20220910, Denys Dmytriyenko wrote:
> On Fri, Sep 09, 2022 at 11:20:53AM +0530, Manorit Chawdhry via lists.yoctoproject.org wrote:
> > Adds support for secure firmware images in J721E HS EVM.
> >
> > Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
> > ---
> > recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 80 +++++++++++++++++++++-
> > 1 file changed, 79 insertions(+), 1 deletion(-)
> >
> > diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> > index 19ea93f1..78faeae3 100644
> > --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> > +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> > @@ -14,6 +14,7 @@ inherit update-alternatives
> >
> > PLAT_SFX = ""
> > PLAT_SFX_j7 = "j721e"
> > +PLAT_SFX_j7-hs-evm = "j721e"
>
> In dunfell j7 above already covers j7-hs-evm
>
>
Okay, will remove this.
> > PLAT_SFX_j7200-evm = "j7200"
> > PLAT_SFX_j7200-hs-evm = "j7200"
> > PLAT_SFX_j721s2-evm = "j721s2"
> > @@ -31,7 +32,7 @@ PV = "${CORESDK_RTOS_VERSION}"
> > CLEANBROKEN = "1"
> > PR = "${INC_PR}.0"
> >
> > -# Secure Build
> > +# Secure Build
> > DEPENDS += "openssl-native"
> >
> > FILES_${PN} += "${base_libdir}"
> > @@ -57,6 +58,28 @@ do_install_prepend_j7-hs-evm() {
> > mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
> > ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
> > )
> > + (
> > + cd ${RTOS_IPC_FW_DIR}; \
>
> Same comment about keeping the formatting intact.
Sure, sending v2 with the fixes.
Regards,
Manorit
>
>
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
> > + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
> > + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \
> > + ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \
> > + ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_1_release_strip.xe66 \
> > + ipc_echo_test_c66xdsp_1_release_strip.xe66.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c66xdsp_2_release_strip.xe66 \
> > + ipc_echo_test_c66xdsp_2_release_strip.xe66.signed; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \
> > + ipc_echo_test_c7x_1_release_strip.xe71.signed; \
> > + )
> > + (
> > + cd ${RTOS_ETH_FW_DIR}; \
> > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \
> > + app_remoteswitchcfg_server_strip.xer5f.signed;
> > + )
> > }
> >
> > # J7 HS support
> > @@ -117,6 +140,18 @@ do_install_j7() {
> > install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR}
> > }
> >
> > +do_install_append_j7-hs-evm() {
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed ${LEGACY_IPC_FW_DIR}
> > + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR}
> > + # ETH firmware
> > + install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR}
> > +}
> > +
> > do_install_j7200-evm() {
> > install -d ${LEGACY_IPC_FW_DIR}
> > install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
> > @@ -223,6 +258,25 @@ ALTERNATIVE_${PN}_am62xx = "\
> > am62-main-r5f0_0-fw \
> > "
> >
> > +ALTERNATIVE_${PN}_j7-hs-evm = "\
> > + j7-mcu-r5f0_0-fw \
> > + j7-mcu-r5f0_1-fw \
> > + j7-main-r5f0_0-fw \
> > + j7-main-r5f0_1-fw \
> > + j7-main-r5f1_0-fw \
> > + j7-main-r5f1_1-fw \
> > + j7-c66_0-fw \
> > + j7-c66_1-fw \
> > + j7-c71_0-fw\
> > + j7-main-r5f0_0-fw-sec \
> > + j7-main-r5f0_1-fw-sec \
> > + j7-main-r5f1_0-fw-sec \
> > + j7-main-r5f1_1-fw-sec \
> > + j7-c66_0-fw-sec \
> > + j7-c66_1-fw-sec \
> > + j7-c71_0-fw-sec \
> > + "
> > +
> > ALTERNATIVE_${PN}_j7 = "\
> > j7-mcu-r5f0_0-fw \
> > j7-mcu-r5f0_1-fw \
> > @@ -295,6 +349,14 @@ TARGET_C66_0_j7 = "j7-c66_0-fw"
> > TARGET_C66_1_j7 = "j7-c66_1-fw"
> > TARGET_C7X_0_j7 = "j7-c71_0-fw"
> >
> > +TARGET_MAIN_R5FSS0_0_SIGNED_j7-hs-evm = "j7-main-r5f0_0-fw-sec"
> > +TARGET_MAIN_R5FSS0_1_SIGNED_j7-hs-evm = "j7-main-r5f0_1-fw-sec"
> > +TARGET_MAIN_R5FSS1_0_SIGNED_j7-hs-evm = "j7-main-r5f1_0-fw-sec"
> > +TARGET_MAIN_R5FSS1_1_SIGNED_j7-hs-evm = "j7-main-r5f1_1-fw-sec"
> > +TARGET_C66_0_SIGNED_j7-hs-evm = "j7-c66_0-fw-sec"
> > +TARGET_C66_1_SIGNED_j7-hs-evm = "j7-c66_1-fw-sec"
> > +TARGET_C7X_0_SIGNED_j7-hs-evm = "j7-c71_0-fw-sec"
> > +
> > TARGET_MCU_R5FSS0_0_j7200-evm = "j7200-mcu-r5f0_0-fw"
> > TARGET_MCU_R5FSS0_1_j7200-evm = "j7200-mcu-r5f0_1-fw"
> > TARGET_MAIN_R5FSS0_0_j7200-evm = "j7200-main-r5f0_0-fw"
> > @@ -345,6 +407,14 @@ ALTERNATIVE_LINK_NAME[j7-c66_0-fw] = "${base_libdir}/firmware/${TARGET_C66_0}"
> > ALTERNATIVE_LINK_NAME[j7-c66_1-fw] = "${base_libdir}/firmware/${TARGET_C66_1}"
> > ALTERNATIVE_LINK_NAME[j7-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}"
> >
> > +ALTERNATIVE_LINK_NAME[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-c66_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_0_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-c66_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C66_1_SIGNED}"
> > +ALTERNATIVE_LINK_NAME[j7-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}"
> > +
> > ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
> > ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
> > ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
> > @@ -383,6 +453,14 @@ ALTERNATIVE_TARGET[j7-c66_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test
> > ALTERNATIVE_TARGET[j7-c66_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66"
> > ALTERNATIVE_TARGET[j7-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71"
> >
> > +ALTERNATIVE_TARGET[j7-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed"
> > +ALTERNATIVE_TARGET[j7-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
> > +ALTERNATIVE_TARGET[j7-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed"
> > +ALTERNATIVE_TARGET[j7-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed"
> > +ALTERNATIVE_TARGET[j7-c66_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_1_release_strip.xe66.signed"
> > +ALTERNATIVE_TARGET[j7-c66_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c66xdsp_2_release_strip.xe66.signed"
> > +ALTERNATIVE_TARGET[j7-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed"
> > +
> > ALTERNATIVE_TARGET[j7200-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f"
> > ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f"
> > ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f"
> > --
> > 2.34.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: add secure firmware images
2022-09-09 5:50 [meta-ti][dunfell][PATCH 0/3] Authentication of firmware images Manorit Chawdhry
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure " Manorit Chawdhry
@ 2022-09-09 5:50 ` Manorit Chawdhry
2022-09-10 23:21 ` Denys Dmytriyenko
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 3/3] ti-rtos-firmware: j721s2-hs-evm: " Manorit Chawdhry
2 siblings, 1 reply; 7+ messages in thread
From: Manorit Chawdhry @ 2022-09-09 5:50 UTC (permalink / raw)
To: meta-ti; +Cc: Andrew Davis, Nishanth Menon, Manorit Chawdhry
Adds support for secure firmware images in J7200 HS EVM.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
---
recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 28 ++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
index 78faeae3..f7a28218 100644
--- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
+++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
@@ -89,6 +89,18 @@ do_install_prepend_j7200-hs-evm() {
mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
)
+ (
+ cd ${RTOS_IPC_FW_DIR}; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
+ ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
+ ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
+ )
+ (
+ cd ${RTOS_ETH_FW_DIR}; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \
+ app_remoteswitchcfg_server_strip.xer5f.signed;
+ )
}
# J7 HS support
@@ -169,11 +181,16 @@ do_install_j7200-hs-evm() {
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
+ # Signed Firmwares
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
# DM Firmware
install -m 0644 ${RTOS_DM_FW_DIR}/ipc_echo_testb_mcu1_0_release_strip.xer5f ${LEGACY_DM_FW_DIR}
# ETH firmware
install -d ${LEGACY_ETH_FW_DIR}
install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR}
+ # ETH Signed firmware
+ install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR}
}
do_install_j721s2-evm() {
@@ -301,6 +318,8 @@ ALTERNATIVE_${PN}_j7200-hs-evm = "\
j7200-mcu-r5f0_1-fw \
j7200-main-r5f0_0-fw \
j7200-main-r5f0_1-fw \
+ j7200-main-r5f0_0-fw-sec \
+ j7200-main-r5f0_1-fw-sec \
"
ALTERNATIVE_${PN}_j721s2-evm = "\
@@ -367,6 +386,9 @@ TARGET_MCU_R5FSS0_1_j7200-hs-evm = "j7200-mcu-r5f0_1-fw"
TARGET_MAIN_R5FSS0_0_j7200-hs-evm = "j7200-main-r5f0_0-fw"
TARGET_MAIN_R5FSS0_1_j7200-hs-evm = "j7200-main-r5f0_1-fw"
+TARGET_MAIN_R5FSS0_0_SIGNED_j7200-hs-evm = "j7200-main-r5f0_0-fw-sec"
+TARGET_MAIN_R5FSS0_1_SIGNED_j7200-hs-evm = "j7200-main-r5f0_1-fw-sec"
+
TARGET_MCU_R5FSS0_0_j721s2-evm = "j721s2-mcu-r5f0_0-fw"
TARGET_MCU_R5FSS0_1_j721s2-evm = "j721s2-mcu-r5f0_1-fw"
TARGET_MAIN_R5FSS0_0_j721s2-evm = "j721s2-main-r5f0_0-fw"
@@ -420,6 +442,9 @@ ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_M
ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1}"
+ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
+
ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
@@ -466,6 +491,9 @@ ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_e
ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f"
ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f"
+ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
+
ALTERNATIVE_TARGET[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f"
ALTERNATIVE_TARGET[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f"
ALTERNATIVE_TARGET[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_0_release_strip.xer5f"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: add secure firmware images
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: " Manorit Chawdhry
@ 2022-09-10 23:21 ` Denys Dmytriyenko
0 siblings, 0 replies; 7+ messages in thread
From: Denys Dmytriyenko @ 2022-09-10 23:21 UTC (permalink / raw)
To: m-chawdhry; +Cc: meta-ti, Andrew Davis, Nishanth Menon
On Fri, Sep 09, 2022 at 11:20:54AM +0530, Manorit Chawdhry via lists.yoctoproject.org wrote:
> Adds support for secure firmware images in J7200 HS EVM.
>
> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
> ---
> recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 28 ++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> index 78faeae3..f7a28218 100644
> --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
> @@ -89,6 +89,18 @@ do_install_prepend_j7200-hs-evm() {
> mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
> ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
> )
> + (
> + cd ${RTOS_IPC_FW_DIR}; \
Please keep formatting and indentation similar to existing code.
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
> + ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
> + ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
> + )
> + (
> + cd ${RTOS_ETH_FW_DIR}; \
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh app_remoteswitchcfg_server_strip.xer5f \
> + app_remoteswitchcfg_server_strip.xer5f.signed;
> + )
> }
>
> # J7 HS support
> @@ -169,11 +181,16 @@ do_install_j7200-hs-evm() {
> install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu1_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
> install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
> install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
> + # Signed Firmwares
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> + install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
> # DM Firmware
> install -m 0644 ${RTOS_DM_FW_DIR}/ipc_echo_testb_mcu1_0_release_strip.xer5f ${LEGACY_DM_FW_DIR}
> # ETH firmware
> install -d ${LEGACY_ETH_FW_DIR}
> install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f ${LEGACY_ETH_FW_DIR}
> + # ETH Signed firmware
> + install -m 0644 ${RTOS_ETH_FW_DIR}/app_remoteswitchcfg_server_strip.xer5f.signed ${LEGACY_ETH_FW_DIR}
> }
>
> do_install_j721s2-evm() {
> @@ -301,6 +318,8 @@ ALTERNATIVE_${PN}_j7200-hs-evm = "\
> j7200-mcu-r5f0_1-fw \
> j7200-main-r5f0_0-fw \
> j7200-main-r5f0_1-fw \
> + j7200-main-r5f0_0-fw-sec \
> + j7200-main-r5f0_1-fw-sec \
> "
>
> ALTERNATIVE_${PN}_j721s2-evm = "\
> @@ -367,6 +386,9 @@ TARGET_MCU_R5FSS0_1_j7200-hs-evm = "j7200-mcu-r5f0_1-fw"
> TARGET_MAIN_R5FSS0_0_j7200-hs-evm = "j7200-main-r5f0_0-fw"
> TARGET_MAIN_R5FSS0_1_j7200-hs-evm = "j7200-main-r5f0_1-fw"
>
> +TARGET_MAIN_R5FSS0_0_SIGNED_j7200-hs-evm = "j7200-main-r5f0_0-fw-sec"
> +TARGET_MAIN_R5FSS0_1_SIGNED_j7200-hs-evm = "j7200-main-r5f0_1-fw-sec"
> +
> TARGET_MCU_R5FSS0_0_j721s2-evm = "j721s2-mcu-r5f0_0-fw"
> TARGET_MCU_R5FSS0_1_j721s2-evm = "j721s2-mcu-r5f0_1-fw"
> TARGET_MAIN_R5FSS0_0_j721s2-evm = "j721s2-main-r5f0_0-fw"
> @@ -420,6 +442,9 @@ ALTERNATIVE_LINK_NAME[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_M
> ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
> ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1}"
>
> +ALTERNATIVE_LINK_NAME[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
> +ALTERNATIVE_LINK_NAME[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
> +
> ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
> ALTERNATIVE_LINK_NAME[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
> ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0}"
> @@ -466,6 +491,9 @@ ALTERNATIVE_TARGET[j7200-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_e
> ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f"
> ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f"
>
> +ALTERNATIVE_TARGET[j7200-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/ethfw/app_remoteswitchcfg_server_strip.xer5f.signed"
> +ALTERNATIVE_TARGET[j7200-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
> +
> ALTERNATIVE_TARGET[j721s2-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_testb_mcu1_0_release_strip.xer5f"
> ALTERNATIVE_TARGET[j721s2-mcu-r5f0_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_1_release_strip.xer5f"
> ALTERNATIVE_TARGET[j721s2-main-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_0_release_strip.xer5f"
> --
> 2.34.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [meta-ti][dunfell][PATCH 3/3] ti-rtos-firmware: j721s2-hs-evm: add secure firmware images
2022-09-09 5:50 [meta-ti][dunfell][PATCH 0/3] Authentication of firmware images Manorit Chawdhry
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 1/3] ti-rtos-firmware: j721e-hs-evm: add secure " Manorit Chawdhry
2022-09-09 5:50 ` [meta-ti][dunfell][PATCH 2/3] ti-rtos-firmware: j7200-hs-evm: " Manorit Chawdhry
@ 2022-09-09 5:50 ` Manorit Chawdhry
2 siblings, 0 replies; 7+ messages in thread
From: Manorit Chawdhry @ 2022-09-09 5:50 UTC (permalink / raw)
To: meta-ti; +Cc: Andrew Davis, Nishanth Menon, Manorit Chawdhry
Adds support for secure firmware images in J721S2 HS EVM.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
---
recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 49 ++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
index f7a28218..afff8d15 100644
--- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
+++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
@@ -110,6 +110,21 @@ do_install_prepend_j721s2-hs-evm() {
mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
)
+ (
+ cd ${RTOS_IPC_FW_DIR}; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_0_release_strip.xer5f \
+ ipc_echo_test_mcu2_0_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu2_1_release_strip.xer5f \
+ ipc_echo_test_mcu2_1_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_0_release_strip.xer5f \
+ ipc_echo_test_mcu3_0_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_mcu3_1_release_strip.xer5f \
+ ipc_echo_test_mcu3_1_release_strip.xer5f.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_1_release_strip.xe71 \
+ ipc_echo_test_c7x_1_release_strip.xe71.signed; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ipc_echo_test_c7x_2_release_strip.xe71 \
+ ipc_echo_test_c7x_2_release_strip.xe71.signed; \
+ )
}
# Update the am64xx ipc binaries to be consistent with other platforms
@@ -218,6 +233,13 @@ do_install_j721s2-hs-evm() {
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f ${LEGACY_IPC_FW_DIR}
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71 ${LEGACY_IPC_FW_DIR}
install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_2_release_strip.xe71 ${LEGACY_IPC_FW_DIR}
+ # Signed firmware
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu2_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_0_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_mcu3_1_release_strip.xer5f.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_1_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR}
+ install -m 0644 ${RTOS_IPC_FW_DIR}/ipc_echo_test_c7x_2_release_strip.xe71.signed ${LEGACY_IPC_FW_DIR}
# DM Firmware
install -m 0644 ${RTOS_DM_FW_DIR}/ipc_echo_testb_mcu1_0_release_strip.xer5f ${LEGACY_DM_FW_DIR}
# ETH firmware
@@ -342,6 +364,12 @@ ALTERNATIVE_${PN}_j721s2-hs-evm = "\
j721s2-main-r5f1_1-fw \
j721s2-c71_0-fw \
j721s2-c71_1-fw \
+ j721s2-main-r5f0_0-fw-sec \
+ j721s2-main-r5f0_1-fw-sec \
+ j721s2-main-r5f1_0-fw-sec \
+ j721s2-main-r5f1_1-fw-sec \
+ j721s2-c71_0-fw-sec \
+ j721s2-c71_1-fw-sec \
"
# Set up link names for the firmwares
@@ -407,6 +435,13 @@ TARGET_MAIN_R5FSS1_1_j721s2-hs-evm = "j721s2-main-r5f1_1-fw"
TARGET_C7X_0_j721s2-hs-evm = "j721s2-c71_0-fw"
TARGET_C7X_1_j721s2-hs-evm = "j721s2-c71_1-fw"
+TARGET_MAIN_R5FSS0_0_SIGNED_j721s2-hs-evm = "j721s2-main-r5f0_0-fw-sec"
+TARGET_MAIN_R5FSS0_1_SIGNED_j721s2-hs-evm = "j721s2-main-r5f0_1-fw-sec"
+TARGET_MAIN_R5FSS1_0_SIGNED_j721s2-hs-evm = "j721s2-main-r5f1_0-fw-sec"
+TARGET_MAIN_R5FSS1_1_SIGNED_j721s2-hs-evm = "j721s2-main-r5f1_1-fw-sec"
+TARGET_C7X_0_SIGNED_j721s2-hs-evm = "j721s2-c71_0-fw-sec"
+TARGET_C7X_1_SIGNED_j721s2-hs-evm = "j721s2-c71_1-fw-sec"
+
ALTERNATIVE_LINK_NAME[am65x-mcu-r5f0_0-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_0}"
ALTERNATIVE_LINK_NAME[am65x-mcu-r5f0_1-fw] = "${base_libdir}/firmware/${TARGET_MCU_R5FSS0_1}"
@@ -454,6 +489,13 @@ ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_1-fw] = "${base_libdir}/firmware/${TARGET
ALTERNATIVE_LINK_NAME[j721s2-c71_0-fw] = "${base_libdir}/firmware/${TARGET_C7X_0}"
ALTERNATIVE_LINK_NAME[j721s2-c71_1-fw] = "${base_libdir}/firmware/${TARGET_C7X_1}"
+ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j721s2-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS0_1_SIGNED}"
+ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j721s2-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/${TARGET_MAIN_R5FSS1_1_SIGNED}"
+ALTERNATIVE_LINK_NAME[j721s2-c71_0-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_0_SIGNED}"
+ALTERNATIVE_LINK_NAME[j721s2-c71_1-fw-sec] = "${base_libdir}/firmware/${TARGET_C7X_1_SIGNED}"
+
# Create the firmware alternatives
ALTERNATIVE_TARGET[am65x-mcu-r5f0_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu1_0_release_strip.xer5f"
@@ -503,6 +545,13 @@ ALTERNATIVE_TARGET[j721s2-main-r5f1_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc
ALTERNATIVE_TARGET[j721s2-c71_0-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71"
ALTERNATIVE_TARGET[j721s2-c71_1-fw] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_2_release_strip.xe71"
+ALTERNATIVE_TARGET[j721s2-main-r5f0_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_0_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j721s2-main-r5f0_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu2_1_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j721s2-main-r5f1_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_0_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j721s2-main-r5f1_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_mcu3_1_release_strip.xer5f.signed"
+ALTERNATIVE_TARGET[j721s2-c71_0-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_1_release_strip.xe71.signed"
+ALTERNATIVE_TARGET[j721s2-c71_1-fw-sec] = "${base_libdir}/firmware/pdk-ipc/ipc_echo_test_c7x_2_release_strip.xe71.signed"
+
ALTERNATIVE_PRIORITY = "10"
# make sure that lib/firmware, and all its contents are part of the package
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread