From: Denys Dmytriyenko <denis@denix.org>
To: reatmon@ti.com
Cc: Praneeth Bajjuri <praneeth@ti.com>,
Denys Dmytriyenko <denys@konsulko.com>,
meta-ti@lists.yoctoproject.org
Subject: Re: [meta-ti][master/kirkstone][PATCH 2/4] trusted-firmware-a: Only sign files for platforms that support it
Date: Thu, 30 Mar 2023 20:17:31 -0400 [thread overview]
Message-ID: <20230331001731.GD18050@denix.org> (raw)
In-Reply-To: <1751589DE6D33C0C.27612@lists.yoctoproject.org>
On Thu, Mar 30, 2023 at 08:12:10PM -0400, Denys Dmytriyenko wrote:
> On Thu, Mar 30, 2023 at 04:24:38PM -0500, Ryan Eatmon via lists.yoctoproject.org wrote:
> > We are seeing some testing issues where the new code that signs all of
> > the files at all times is causing issues. So rollback the logic and
> > only sign for platforms that support it.
>
> This is unfortunate that am65x GP has a bug/feature and fails to boot with
> signed images. Hopefully this can be resolved soon, otherwise it will block
> combining GP and HS-SE/HS-FS builds into one platform with multiconfig.
> Especially this one, ironically:
> https://patchwork.yoctoproject.org/project/ti/patch/20230321110742.26379-1-p-bhagat@ti.com/
>
> As we discussed offline, I'm fine with this as a temporary workaround for now.
And forgot to ack, d'oh :facepalm:
> > Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
> > ---
> > .../trusted-firmware-a_%.bbappend | 40 ++++++++++++++++++-
> > 1 file changed, 38 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> > index 9b8dd142..c65ecd9c 100644
> > --- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> > +++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
> > @@ -12,12 +12,48 @@ inherit ti-secdev
> > EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}"
> > EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}"
> >
> > -# Signing procedure for K3 devices
> > -do_compile:append:k3() {
> > +# Signing procedure for K3 HS devices
> > +tfa_sign_k3hs() {
> > mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned
> > ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin
> > }
> >
> > +do_compile:append:am65xx-hs-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:am64xx-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:am62xx-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:am62xx-lp-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:am62axx-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:j721e-hs-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:j7200-hs-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:j721s2-hs-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > +do_compile:append:j784s4-hs-evm() {
> > + tfa_sign_k3hs
> > +}
> > +
> > do_install:append:k3() {
> > if [ -f ${BUILD_DIR}/bl31.bin.unsigned ]; then
> > echo "Install bl31.bin.unsigned"
> > --
> > 2.17.1
next prev parent reply other threads:[~2023-03-31 0:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-30 21:24 [meta-ti][master/kirkstone][PATCH 0/4] Sync up from dunfell Ryan Eatmon
2023-03-30 21:24 ` [meta-ti][master/kirkstone][PATCH 1/4] u-boot-ti-staging: Fix u-boot configs to match oe-core fitImage Ryan Eatmon
2023-03-31 0:04 ` Denys Dmytriyenko
2023-03-31 14:15 ` Ryan Eatmon
2023-03-30 21:24 ` [meta-ti][master/kirkstone][PATCH 2/4] trusted-firmware-a: Only sign files for platforms that support it Ryan Eatmon
2023-03-31 0:12 ` Denys Dmytriyenko
[not found] ` <1751589DE6D33C0C.27612@lists.yoctoproject.org>
2023-03-31 0:17 ` Denys Dmytriyenko [this message]
2023-03-30 21:24 ` [meta-ti][master/kirkstone][PATCH 3/4] optee-os: " Ryan Eatmon
2023-03-30 21:24 ` [meta-ti][master/kirkstone][PATCH 4/4] kernel-fitimage: Add signing of fitImage entries for 5.10 kernel Ryan Eatmon
2023-03-31 0:01 ` Denys Dmytriyenko
[not found] ` <1751580B6CF411F3.12651@lists.yoctoproject.org>
2023-03-31 0:14 ` Denys Dmytriyenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230331001731.GD18050@denix.org \
--to=denis@denix.org \
--cc=denys@konsulko.com \
--cc=meta-ti@lists.yoctoproject.org \
--cc=praneeth@ti.com \
--cc=reatmon@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.