From: Denys Dmytriyenko <denis@denix.org>
To: Andrew Davis <afd@ti.com>
Cc: Denys Dmytriyenko <denys@konsulko.com>,
Ryan Eatmon <reatmon@ti.com>,
meta-ti@lists.yoctoproject.org
Subject: Re: [meta-ti][master/kirkstone][PATCH 1/4] trusted-firmware-a: Use ti-k3-secdev if TI_SECURE_DEV_PKG_K3 is not defined
Date: Fri, 10 Feb 2023 16:58:16 -0500 [thread overview]
Message-ID: <20230210215816.GG22689@denix.org> (raw)
In-Reply-To: <b359a2d1-99ea-06e5-ef8e-3523c75b9a14@ti.com>
On Fri, Feb 10, 2023 at 01:55:24PM -0600, Andrew Davis wrote:
> On 2/10/23 1:05 PM, Denys Dmytriyenko wrote:
> >On Fri, Feb 10, 2023 at 12:56:20PM -0600, Andrew Davis wrote:
> >>On 2/10/23 12:51 PM, Denys Dmytriyenko wrote:
> >>>On Wed, Feb 08, 2023 at 05:10:28PM -0600, Andrew Davis via lists.yoctoproject.org wrote:
> >>>>Use the new ti-k3-secdev package to pull in the signing tools if they are
> >>>>not provided by the environment. This allows us to use these tools
> >>>>unconditionally. Remove the checks for the script and do the signing
> >>>>for all K3 machines. The signature is automatically stripped from
> >>>>the binaries on non-HS devices at boot time as needed so this change
> >>>>is harmless for GP devices.
> >>>>
> >>>>Signed-off-by: Andrew Davis <afd@ti.com>
> >>>>---
> >>>> .../trusted-firmware-a_%.bbappend | 43 ++++++-------------
> >>>> 1 file changed, 12 insertions(+), 31 deletions(-)
> >>>>
> >>>>diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> >>>>index 5acc5c2e..95f1d2d9 100644
> >>>>--- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> >>>>+++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> >>>>@@ -6,39 +6,20 @@ TFA_BUILD_TARGET:k3 = "all"
> >>>> TFA_INSTALL_TARGET:k3 = "bl31"
> >>>> TFA_SPD:k3 = "opteed"
> >>>>+# Use default package TI SECDEV is one is not provided
> >>>
> >>>typo - *if* one is not provided
> >>>
> >>
> >>Good catch
> >>
> >>>
> >>>>+DEPENDS:append:k3 = "${@ '' if d.getVar('TI_SECURE_DEV_PKG_K3') else ' ti-k3-secdev-native' }"
> >>>>+
> >>>>+# Set a default value for TI_K3_SECDEV_INSTALL_DIR
> >>>>+export TI_K3_SECDEV_INSTALL_DIR = "${STAGING_DIR_NATIVE}${datadir}/ti/ti-k3-secdev"
> >>>>+include recipes-ti/includes/ti-paths.inc
> >>>
> >>>If you set TI_K3_SECDEV_INSTALL_DIR explicitly, why do you need to include
> >>>ti-paths.inc here?
> >>>
> >>
> >>ti-paths.inc is part of meta-ti-extras which might not be included in one's layer stack.
> >>If not, this is a sane default, but ti-paths.inc can still override that path if available.
> >
> >No, we shouldn't be using ti-paths.inc here at all. The file was mostly used
> >by RTOS components back when they were built from sources. That is now only
> >used on some legacy platforms. Eventually it will be removed, no reason to
> >start using the file for K3 SECDEV. Just come up with the proper default
> >(something other than ${datadir}...) and be done with it, right?
> >
>
> I'm thinking ${datadir} is the right spot, do you have another spot in mind?
Hmm, I don't oppose that heavily against ${datadir}... I guess if we were
introducing SECDEV for the first time, I'd argue we should install scripts
into ${bindir} and everything else into ${datadir} or something more FHS
complieant? But I guess in order to keep the legacy setup of TI_SECURE_DEV_PKG
passed through environment working as is, changing directory structure is out
of the question now.
--
Denys
prev parent reply other threads:[~2023-02-10 21:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-08 23:10 [meta-ti][master/kirkstone][PATCH 1/4] trusted-firmware-a: Use ti-k3-secdev if TI_SECURE_DEV_PKG_K3 is not defined Andrew Davis
2023-02-08 23:10 ` [meta-ti][master/kirkstone][PATCH 2/4] optee-os: " Andrew Davis
2023-02-09 0:29 ` Ryan Eatmon
2023-02-10 18:53 ` Denys Dmytriyenko
2023-02-08 23:10 ` [meta-ti][master/kirkstone][PATCH 3/4] u-boot-ti: " Andrew Davis
2023-02-10 18:55 ` Denys Dmytriyenko
2023-02-08 23:10 ` [meta-ti][master/kirkstone][PATCH 4/4] conf: machine: k3: Remove unneeded TI_SECURE_DEV_PKG_K3 assignments Andrew Davis
2023-02-10 18:51 ` [meta-ti][master/kirkstone][PATCH 1/4] trusted-firmware-a: Use ti-k3-secdev if TI_SECURE_DEV_PKG_K3 is not defined Denys Dmytriyenko
2023-02-10 18:56 ` Andrew Davis
2023-02-10 19:05 ` Denys Dmytriyenko
2023-02-10 19:55 ` Andrew Davis
2023-02-10 21:58 ` Denys Dmytriyenko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230210215816.GG22689@denix.org \
--to=denis@denix.org \
--cc=afd@ti.com \
--cc=denys@konsulko.com \
--cc=meta-ti@lists.yoctoproject.org \
--cc=reatmon@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.