Lokesh Vutla | 82f29fd | 2018-08-27 15:57:15 +0530 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0+ |
| 2 | # |
| 3 | # Copyright (C) 2017-2018 Texas Instruments Incorporated - http://www.ti.com/ |
| 4 | # Lokesh Vutla <lokeshvutla@ti.com> |
| 5 | |
| 6 | ifdef CONFIG_SPL_BUILD |
| 7 | |
Lokesh Vutla | 890b2e7 | 2018-11-02 19:51:04 +0530 | [diff] [blame] | 8 | # Openssl is required to generate x509 certificate. |
| 9 | # Error out if openssl is not available. |
| 10 | ifeq ($(shell which openssl),) |
| 11 | $(error "No openssl in $(PATH), consider installing openssl") |
| 12 | endif |
| 13 | |
| 14 | SHA_VALUE= $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g") |
| 15 | IMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c) |
| 16 | LOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g") |
| 17 | MAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE)) |
| 18 | |
| 19 | # Parameters to get populated into the x509 template |
| 20 | SED_OPTS= -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/ |
| 21 | SED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/ |
| 22 | SED_OPTS+= -e s/TEST_CERT_TYPE/1/ # CERT_TYPE_PRIMARY_IMAGE_BIN |
| 23 | SED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/ |
| 24 | SED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/ |
| 25 | SED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/ |
| 26 | |
| 27 | # Command to generate ecparam key |
| 28 | quiet_cmd_genkey = OPENSSL $@ |
| 29 | cmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey |
| 30 | |
| 31 | # Command to generate x509 certificate |
| 32 | quiet_cmd_gencert = OPENSSL $@ |
| 33 | cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \ |
| 34 | openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512 |
| 35 | |
| 36 | # If external key is not provided, generate key using openssl. |
| 37 | ifeq ($(CONFIG_SYS_K3_KEY), "") |
| 38 | KEY=u-boot-spl-eckey.pem |
Andrew F. Davis | 5083696 | 2019-04-12 12:54:46 -0400 | [diff] [blame] | 39 | # On HS use real key or warn if not available |
| 40 | ifeq ($(CONFIG_TI_SECURE_DEVICE),y) |
| 41 | ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) |
| 42 | KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem |
| 43 | else |
| 44 | $(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") |
| 45 | endif |
| 46 | endif |
Lokesh Vutla | 890b2e7 | 2018-11-02 19:51:04 +0530 | [diff] [blame] | 47 | else |
Lokesh Vutla | adc702e | 2018-12-19 12:53:31 +0530 | [diff] [blame] | 48 | KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) |
Lokesh Vutla | 890b2e7 | 2018-11-02 19:51:04 +0530 | [diff] [blame] | 49 | endif |
| 50 | |
| 51 | u-boot-spl-eckey.pem: FORCE |
| 52 | $(call if_changed,genkey) |
| 53 | |
| 54 | # tiboot3.bin is mandated by ROM and ROM only supports R5 boot. |
| 55 | # So restrict tiboot3.bin creation for CPU_V7R. |
| 56 | ifdef CONFIG_CPU_V7R |
| 57 | u-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE |
| 58 | $(call if_changed,gencert) |
| 59 | |
| 60 | image_check: $(obj)/u-boot-spl.bin FORCE |
| 61 | @if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \ |
| 62 | echo "===============================================" >&2; \ |
| 63 | echo "ERROR: Final Image too big. " >&2; \ |
| 64 | echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \ |
| 65 | echo "===============================================" >&2; \ |
| 66 | exit 1; \ |
| 67 | fi |
| 68 | |
| 69 | tiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE |
| 70 | $(call if_changed,cat) |
| 71 | |
| 72 | ALL-y += tiboot3.bin |
| 73 | endif |
| 74 | |
Lokesh Vutla | 82f29fd | 2018-08-27 15:57:15 +0530 | [diff] [blame] | 75 | ifdef CONFIG_ARM64 |
Andrew F. Davis | 5083696 | 2019-04-12 12:54:46 -0400 | [diff] [blame] | 76 | ifeq ($(CONFIG_TI_SECURE_DEVICE),y) |
| 77 | SPL_ITS := u-boot-spl-k3_HS.its |
| 78 | $(SPL_ITS): FORCE |
| 79 | IS_HS=1 \ |
| 80 | $(srctree)/tools/k3_fit_atf.sh \ |
| 81 | $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ |
| 82 | |
| 83 | ALL-y += tispl.bin_HS |
| 84 | else |
Lokesh Vutla | 82f29fd | 2018-08-27 15:57:15 +0530 | [diff] [blame] | 85 | SPL_ITS := u-boot-spl-k3.its |
| 86 | $(SPL_ITS): FORCE |
| 87 | $(srctree)/tools/k3_fit_atf.sh \ |
| 88 | $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ |
| 89 | |
| 90 | ALL-y += tispl.bin |
| 91 | endif |
Andrew F. Davis | 5083696 | 2019-04-12 12:54:46 -0400 | [diff] [blame] | 92 | endif |
Lokesh Vutla | 82f29fd | 2018-08-27 15:57:15 +0530 | [diff] [blame] | 93 | |
| 94 | else |
Andrew F. Davis | 5083696 | 2019-04-12 12:54:46 -0400 | [diff] [blame] | 95 | |
| 96 | ifeq ($(CONFIG_TI_SECURE_DEVICE),y) |
| 97 | ALL-y += u-boot.img_HS |
| 98 | else |
Lokesh Vutla | 82f29fd | 2018-08-27 15:57:15 +0530 | [diff] [blame] | 99 | ALL-y += u-boot.img |
| 100 | endif |
Andrew F. Davis | 5083696 | 2019-04-12 12:54:46 -0400 | [diff] [blame] | 101 | endif |
| 102 | |
| 103 | include $(srctree)/arch/arm/mach-k3/config_secure.mk |