* [meta-ti][master/kirkstone][PATCH 1/3] trusted-firmware-a: Do not sign TF-A image for K3
@ 2023-05-26 20:14 Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 2/3] optee-os: Do not sign OPTEE OS " Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 3/3] ti-dm-fw: Do not make signed DM image the default " Andrew Davis
0 siblings, 2 replies; 3+ messages in thread
From: Andrew Davis @ 2023-05-26 20:14 UTC (permalink / raw)
To: Denys Dmytriyenko, Ryan Eatmon, meta-ti; +Cc: Andrew Davis
U-Boot with binman will do the signing as these images are packaged.
Remove signing steps here.
Signed-off-by: Andrew Davis <afd@ti.com>
---
.../trusted-firmware-a-ti.inc | 57 -------------------
1 file changed, 57 deletions(-)
diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc
index c65ecd9c..cc99f50c 100644
--- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc
+++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc
@@ -6,62 +6,5 @@ TFA_BUILD_TARGET:k3 = "all"
TFA_INSTALL_TARGET:k3 = "bl31"
TFA_SPD:k3 = "opteed"
-# Use TI SECDEV for signing
-inherit ti-secdev
-
EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}"
EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}"
-
-# Signing procedure for K3 HS devices
-tfa_sign_k3hs() {
- mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned
- ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin
-}
-
-do_compile:append:am65xx-hs-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:am64xx-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:am62xx-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:am62xx-lp-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:am62axx-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:j721e-hs-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:j7200-hs-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:j721s2-hs-evm() {
- tfa_sign_k3hs
-}
-
-do_compile:append:j784s4-hs-evm() {
- tfa_sign_k3hs
-}
-
-do_install:append:k3() {
- if [ -f ${BUILD_DIR}/bl31.bin.unsigned ]; then
- echo "Install bl31.bin.unsigned"
- install -m 0644 ${BUILD_DIR}/bl31.bin.unsigned \
- ${D}/firmware/bl31.bin.unsigned
- else
- echo "Install bl31.bin.unsigned"
- install -m 0644 ${BUILD_DIR}/bl31.bin \
- ${D}/firmware/bl31.bin.unsigned
- fi
-}
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* [meta-ti][master/kirkstone][PATCH 2/3] optee-os: Do not sign OPTEE OS image for K3
2023-05-26 20:14 [meta-ti][master/kirkstone][PATCH 1/3] trusted-firmware-a: Do not sign TF-A image for K3 Andrew Davis
@ 2023-05-26 20:14 ` Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 3/3] ti-dm-fw: Do not make signed DM image the default " Andrew Davis
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Davis @ 2023-05-26 20:14 UTC (permalink / raw)
To: Denys Dmytriyenko, Ryan Eatmon, meta-ti; +Cc: Andrew Davis
U-Boot with binman will do the signing as these images are packaged.
Remove signing steps here.
Signed-off-by: Andrew Davis <afd@ti.com>
---
.../recipes-security/optee/optee-os-ti.inc | 46 -------------------
1 file changed, 46 deletions(-)
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
index e57ce4c7..ff87f37a 100644
--- a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
+++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
@@ -11,7 +11,6 @@ EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
do_compile:append:k3() {
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
- cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
cp ${B}/core/tee.elf ${B}/bl32.elf
}
@@ -42,53 +41,9 @@ do_compile:append:dra7xx() {
optee_sign_legacyhs
}
-# Signing procedure for K3 devices
-optee_sign_k3hs() {
- ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
- cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
- cp ${B}/core/tee.elf ${B}/bl32.elf
-}
-
-do_compile:append:am65xx-hs-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:am64xx-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:am62xx-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:am62xx-lp-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:am62axx-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:j721e-hs-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:j7200-hs-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:j721s2-hs-evm() {
- optee_sign_k3hs
-}
-
-do_compile:append:j784s4-hs-evm() {
- optee_sign_k3hs
-}
-
do_install:append() {
install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
- install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
}
@@ -109,7 +64,6 @@ do_deploy:append:dra7xx() {
do_deploy:append:k3() {
ln -sf optee/bl32.bin ${DEPLOYDIR}/
- ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
ln -sf optee/bl32.elf ${DEPLOYDIR}/
}
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* [meta-ti][master/kirkstone][PATCH 3/3] ti-dm-fw: Do not make signed DM image the default for K3
2023-05-26 20:14 [meta-ti][master/kirkstone][PATCH 1/3] trusted-firmware-a: Do not sign TF-A image for K3 Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 2/3] optee-os: Do not sign OPTEE OS " Andrew Davis
@ 2023-05-26 20:14 ` Andrew Davis
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Davis @ 2023-05-26 20:14 UTC (permalink / raw)
To: Denys Dmytriyenko, Ryan Eatmon, meta-ti; +Cc: Andrew Davis
U-Boot with binman will do the signing as these images are packaged.
Do not rename the DM image as the signed image.
Signed-off-by: Andrew Davis <afd@ti.com>
---
meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb b/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb
index 8fb40d12..f635565d 100644
--- a/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb
+++ b/meta-ti-bsp/recipes-bsp/ti-dm-fw/ti-dm-fw.bb
@@ -60,8 +60,8 @@ do_install() {
install -d ${D}${INSTALL_DM_FW_DIR}
for FW_NAME in ${DM_FW_LIST}
do
- install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${D}${INSTALL_DM_FW_DIR}/${FW_NAME}.unsigned
- install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${D}${INSTALL_DM_FW_DIR}/${FW_NAME}
+ install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${D}${INSTALL_DM_FW_DIR}/
+ install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${D}${INSTALL_DM_FW_DIR}/
done
}
@@ -70,8 +70,8 @@ do_deploy() {
install -d ${DEPLOYDIR}
for FW_NAME in ${DM_FW_LIST}
do
- install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${DEPLOYDIR}/${FW_NAME}.unsigned
- install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${DEPLOYDIR}/${FW_NAME}
+ install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME} ${DEPLOYDIR}/
+ install -m 0644 ${S}/${DM_FW_DIR}/${FW_NAME}.signed ${DEPLOYDIR}/
done
}
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-26 20:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-26 20:14 [meta-ti][master/kirkstone][PATCH 1/3] trusted-firmware-a: Do not sign TF-A image for K3 Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 2/3] optee-os: Do not sign OPTEE OS " Andrew Davis
2023-05-26 20:14 ` [meta-ti][master/kirkstone][PATCH 3/3] ti-dm-fw: Do not make signed DM image the default " Andrew Davis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.