Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit 7410f1464e3fc2e35761160176c8ce14c5122bc9

Authored by Andrew F. Davis
Committed by Tom Rini
1 parent 0ed06c7ee4
Exists in v2017.01-smarct4x and in 26 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, emb_lf_v2023.04, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-n7.1.2_2.0.0-ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, v2017.01-smarct3x, v2017.01-smarct3x-emmc

arm: mach-omap2: Fix secure file generation 

When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was
not generated but generate an unsigned one anyway, first fix this
warning to say that it was generated but not secured.

When the user then exports TI_SECURE_DEV_PKG after getting this warning,
and tries to re-build, 'make' will detect the build artifacts as
unchanged and so assume they do not need to be re-generated. This causes
it to fail to sign the files and it will pack unsigned files into the
final image, even though TI_SECURE_DEV_PKG is now correctly defined and
working.

Fix this by using FORCE on the targets causes them to be re-run even if
the dependent files have not changed.

This then causes another issue. We currently rename the signed dtb files
to overwrite the non-signed ones. We do this so the 'mkimage' tool gives
the packaged dtb sections the correct name. If we do not rename the files
then SPL will not find them during boot.

Fix this by renaming the dtb files by appending _HS to the end of the
filename, after the ".dtb", this causes them to still be named correctly
in the FIT blob.

Signed-off-by: Andrew F. Davis <afd@ti.com>

Showing 1 changed file with 17 additions and 19 deletions Side-by-side Diff

arch/arm/mach-omap2/config_secure.mk
Diff comments   View file @ 7410f14
... ... @@ -3,7 +3,7 @@
3 3 #
4 4 # SPDX-License-Identifier: GPL-2.0+
5 5 #
6   -quiet_cmd_mkomapsecimg = MKIMAGE $@
  6 +quiet_cmd_mkomapsecimg = SECURE $@
7 7 ifneq ($(TI_SECURE_DEV_PKG),)
8 8 ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/create-boot-image.sh),)
9 9 ifneq ($(CONFIG_SPL_BUILD),)
10 10  
... ... @@ -18,11 +18,12 @@
18 18 else
19 19 cmd_mkomapsecimg = echo "WARNING:" \
20 20 "$(TI_SECURE_DEV_PKG)/scripts/create-boot-image.sh not found." \
21   - "$@ was NOT created!"
  21 + "$@ was NOT secured!"; cp $< $@
22 22 endif
23 23 else
24 24 cmd_mkomapsecimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
25   - "variable must be defined for TI secure devices. $@ was NOT created!"
  25 + "variable must be defined for TI secure devices. \
  26 + $@ was NOT secured!"; cp $< $@
26 27 endif
27 28  
28 29 ifdef CONFIG_SPL_LOAD_FIT
29 30  
30 31  
31 32  
32 33  
33 34  
34 35  
35 36  
36 37  
... ... @@ -35,51 +36,51 @@
35 36 else
36 37 cmd_omapsecureimg = echo "WARNING:" \
37 38 "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
38   - "$@ was NOT created!"; cp $< $@
  39 + "$@ was NOT secured!"; cp $< $@
39 40 endif
40 41 else
41 42 cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
42 43 "variable must be defined for TI secure devices." \
43   - "$@ was NOT created!"; cp $< $@
  44 + "$@ was NOT secured!"; cp $< $@
44 45 endif
45 46 endif
46 47  
47 48  
48 49 # Standard X-LOADER target (QPSI, NOR flash)
49   -u-boot-spl_HS_X-LOADER: $(obj)/u-boot-spl.bin
  50 +u-boot-spl_HS_X-LOADER: $(obj)/u-boot-spl.bin FORCE
50 51 $(call if_changed,mkomapsecimg)
51 52  
52 53 # For MLO targets (SD card boot) the final file name that is copied to the SD
53 54 # card FAT partition must be MLO, so we make a copy of the output file to a new
54 55 # file with that name
55   -u-boot-spl_HS_MLO: $(obj)/u-boot-spl.bin
  56 +u-boot-spl_HS_MLO: $(obj)/u-boot-spl.bin FORCE
56 57 $(call if_changed,mkomapsecimg)
57 58 @if [ -f $@ ]; then \
58 59 cp -f $@ MLO; \
59 60 fi
60 61  
61 62 # Standard 2ND target (certain peripheral boot modes)
62   -u-boot-spl_HS_2ND: $(obj)/u-boot-spl.bin
  63 +u-boot-spl_HS_2ND: $(obj)/u-boot-spl.bin FORCE
63 64 $(call if_changed,mkomapsecimg)
64 65  
65 66 # Standard ULO target (certain peripheral boot modes)
66   -u-boot-spl_HS_ULO: $(obj)/u-boot-spl.bin
  67 +u-boot-spl_HS_ULO: $(obj)/u-boot-spl.bin FORCE
67 68 $(call if_changed,mkomapsecimg)
68 69  
69 70 # Standard ISSW target (certain devices, various boot modes)
70   -u-boot-spl_HS_ISSW: $(obj)/u-boot-spl.bin
  71 +u-boot-spl_HS_ISSW: $(obj)/u-boot-spl.bin FORCE
71 72 $(call if_changed,mkomapsecimg)
72 73  
73 74 # For SPI flash on AM335x and AM43xx, these require special byte swap handling
74 75 # so we use the SPI_X-LOADER target instead of X-LOADER and let the
75 76 # create-boot-image.sh script handle that
76   -u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin
  77 +u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin FORCE
77 78 $(call if_changed,mkomapsecimg)
78 79  
79 80 # For supporting single stage XiP QSPI on AM43xx, the image is a full u-boot
80 81 # file, not an SPL. In this case the mkomapsecimg command looks for a
81 82 # u-boot-HS_* prefix
82   -u-boot_HS_XIP_X-LOADER: $(obj)/u-boot.bin
  83 +u-boot_HS_XIP_X-LOADER: $(obj)/u-boot.bin FORCE
83 84 $(call if_changed,mkomapsecimg)
84 85  
85 86 # For supporting the SPL loading and interpreting of FIT images whose
86 87  
87 88  
88 89  
89 90  
... ... @@ -90,21 +91,18 @@
90 91 MKIMAGEFLAGS_u-boot_HS.img = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
91 92 -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
92 93 -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
93   - $(patsubst %,-b arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
  94 + $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
94 95  
95 96 OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
96 97 $(OF_LIST_TARGETS): dtbs
97 98  
98   -%_HS.dtb: %.dtb
  99 +%.dtb_HS: %.dtb FORCE
99 100 $(call if_changed,omapsecureimg)
100   - $(Q)if [ -f $@ ]; then \
101   - cp -f $@ $<; \
102   - fi
103 101  
104   -u-boot-nodtb_HS.bin: u-boot-nodtb.bin
  102 +u-boot-nodtb_HS.bin: u-boot-nodtb.bin FORCE
105 103 $(call if_changed,omapsecureimg)
106 104  
107   -u-boot_HS.img: u-boot-nodtb_HS.bin u-boot.img $(patsubst %.dtb,%_HS.dtb,$(OF_LIST_TARGETS))
  105 +u-boot_HS.img: u-boot-nodtb_HS.bin u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
108 106 $(call if_changed,mkimage)
109 107 $(Q)if [ -f $@ ]; then \
110 108 cp -f $@ u-boot.img; \