The image format for the TI K3 SoCs is basically a x509 certificate file. In U-Boot this image is generated with binman. This patch adds a simple shell script using openssl directly. This is by far not so sophisticated as the U-Boot variant, but is enough for now to get a beagleplay up and running. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- arch/arm/mach-k3/ti-degenerate-key.pem | 10 +++ images/Makefile.k3 | 7 ++ scripts/k3img | 160 +++++++++++++++++++++++++++++++++ 3 files changed, 177 insertions(+) diff --git a/arch/arm/mach-k3/ti-degenerate-key.pem b/arch/arm/mach-k3/ti-degenerate-key.pem new file mode 100644 index 0000000000..bd7d3745ad --- /dev/null +++ b/arch/arm/mach-k3/ti-degenerate-key.pem @@ -0,0 +1,10 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog +8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e +QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB +AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho +k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey +bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0 +RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR +iCrL55cxEM146zMw3AnF +-----END RSA PRIVATE KEY----- diff --git a/images/Makefile.k3 b/images/Makefile.k3 index f7acd78014..f2857791c8 100644 --- a/images/Makefile.k3 +++ b/images/Makefile.k3 @@ -11,3 +11,10 @@ $(obj)/k3-am625-beagleplay.fit: $(obj)/barebox-beagleplay.img FILE_barebox-beagleplay-fit.img = k3-am625-beagleplay.fit image-$(CONFIG_MACH_BEAGLEPLAY) += barebox-beagleplay-fit.img +quiet_cmd_k3_image = K3IMG $@ + cmd_k3_image = $(srctree)/scripts/k3img --sysfw $(SYSFW_$(@F)) \ + --sysfwdata $(SYSFWDATA_$(@F)) --dmdata $(DMDATA_$(@F)) \ + --key $(KEY_$(@F)) --sbl $< --out $@ + +$(obj)/%.k3img: $(obj)/% scripts/k3img FORCE + $(call if_changed,k3_image) diff --git a/scripts/k3img b/scripts/k3img new file mode 100755 index 0000000000..5a94576275 --- /dev/null +++ b/scripts/k3img @@ -0,0 +1,160 @@ +#!/bin/bash + +TEMP=$(getopt -o '' --long 'sysfw:,sysfwdata:,dmdata:,out:,sbl:,key:' -n 'k3img' -- "$@") + +if [ $? -ne 0 ]; then + echo 'Terminating...' >&2 + exit 1 +fi + +# Note the quotes around "$TEMP": they are essential! +eval set -- "$TEMP" +unset TEMP + +while true; do + case "$1" in + '--sysfw') + sysfw="$2" + shift 2 + continue + ;; + '--sysfwdata') + sysfwdata="$2" + shift 2 + continue + ;; + '--sysfw') + sysfw="$2" + shift 2 + continue + ;; + '--dmdata') + dmdata="$2" + shift 2 + continue + ;; + '--out') + out="$2" + shift 2 + continue + ;; + '--sbl') + sbl="$2" + shift 2 + continue + ;; + '--key') + key="$2" + shift 2 + continue + ;; + '--') + shift + break + ;; + *) + echo 'Internal error!' >&2 + echo $1 ficken + exit 1 + ;; + esac +done + +shasbl=$(sha512sum $sbl | sed 's/ .*//') +shasysfw=$(sha512sum $sysfw | sed 's/ .*//') +shasysfwdata=$(sha512sum $sysfwdata | sed 's/ .*//') +shadmdata=$(sha512sum $dmdata | sed 's/ .*//') + +sblsize=$(stat -c%s $sbl) +sysfwsize=$(stat -c%s $sysfw) +sysfwdatasize=$(stat -c%s $sysfwdata) +dmdatasize=$(stat -c%s $dmdata) + +total=$(($sblsize + sysfwsize + $sysfwdatasize + dmdatasize)) + +certcfg=$(mktemp k3img.XXXXXXX) +cert=$(mktemp k3img.XXXXXXX) + +cat > $certcfg <<EndOfHereDocument +[ req ] +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +prompt = no +dirstring_type = nobmp + +[ req_distinguished_name ] +C = US +ST = TX +L = Dallas +O = Texas Instruments Incorporated +OU = Processors +CN = TI Support +emailAddress = support@xxxxxx + +[ v3_ca ] +basicConstraints = CA:true +1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv +1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info +1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug + +[swrv] +swrv=INTEGER:1 + +[ext_boot_info] +extImgSize=INTEGER:$total +numComp=INTEGER:4 +sbl=SEQUENCE:sbl +sysfw=SEQUENCE:sysfw +sysfw_data=SEQUENCE:sysfw_data + +dm_data=SEQUENCE:dm_data + +[sbl] +compType = INTEGER:1 +bootCore = INTEGER:16 +compOpts = INTEGER:0 +destAddr = FORMAT:HEX,OCT:43c00000 +compSize = INTEGER:$sblsize +shaType = OID:2.16.840.1.101.3.4.2.3 +shaValue = FORMAT:HEX,OCT:$shasbl + +[sysfw] +compType = INTEGER:2 +bootCore = INTEGER:0 +compOpts = INTEGER:0 +destAddr = FORMAT:HEX,OCT:00040000 +compSize = INTEGER:$sysfwsize +shaType = OID:2.16.840.1.101.3.4.2.3 +shaValue = FORMAT:HEX,OCT:$shasysfw + +[sysfw_data] +compType = INTEGER:18 +bootCore = INTEGER:0 +compOpts = INTEGER:0 +destAddr = FORMAT:HEX,OCT:00067000 +compSize = INTEGER:$sysfwdatasize +shaType = OID:2.16.840.1.101.3.4.2.3 +shaValue = FORMAT:HEX,OCT:$shasysfwdata + +[ debug ] +debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000 +debugType = INTEGER:4 +coreDbgEn = INTEGER:0 +coreDbgSecEn = INTEGER:0 + + + +[dm_data] +compType = INTEGER:17 +bootCore = INTEGER:16 +compOpts = INTEGER:0 +destAddr = FORMAT:HEX,OCT:43c3a800 +compSize = INTEGER:$dmdatasize +shaType = OID:2.16.840.1.101.3.4.2.3 +shaValue = FORMAT:HEX,OCT:$shadmdata + +EndOfHereDocument + +openssl req -new -x509 -key $key -nodes -outform DER -out $cert -config $certcfg -sha512 + +cat $cert $sbl $sysfw $sysfwdata $dmdata > $out -- 2.39.5
