arm: mach-k3: Add secure device build support
K3 HS devices require signed binaries for boot, use the SECDEV tools
to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
index 430b5ca..4e9f69c 100755
--- a/tools/k3_fit_atf.sh
+++ b/tools/k3_fit_atf.sh
@@ -21,6 +21,10 @@
TEE=/dev/null
fi
+if [ ! -z "$IS_HS" ]; then
+ HS_APPEND=_HS
+fi
+
cat << __HEADER_EOF
/dts-v1/;
@@ -51,7 +55,7 @@
};
spl {
description = "SPL (64-bit)";
- data = /incbin/("spl/u-boot-spl-nodtb.bin");
+ data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND");
type = "standalone";
os = "U-Boot";
arch = "arm64";
@@ -66,7 +70,7 @@
cat << __FDT_IMAGE_EOF
$(basename $dtname) {
description = "$(basename $dtname .dtb)";
- data = /incbin/("$dtname");
+ data = /incbin/("$dtname$HS_APPEND");
type = "flat_dt";
arch = "arm";
compression = "none";