aboutsummaryrefslogblamecommitdiffstats
blob: 61e52e4bdb17d2214811b39f3db0709402188ed6 (plain) (tree)
1
2
3
4
5
6




                                                                            
                                                                             






























                                                                        
            

             

                           









                                             
 







                                                                        

                                                                             



                                                              

                                                                             
                                                          


                                                                                                                          





                                                                                                                                                      

                            
     
 
                                          


                      
               

                                
                 
 


                        
 
















                                                      
                                                  




                          


                  



                                                             
                      

                                                      





                                                  














                                                                       
                                                                 

                   
                                       






                                                                            
     
 
                            
                                                           
 
              

                              


                 

                     

                                                                                                                                                                                      
 


                                                                                                                                                                          
                       

                                                                                                      
 






                                                                 

                                                  
     
 





                                                                                                 
                                      
                               

                                     
                          


                


                                          
#
# Utility to generate an image tree blob (ITB) comprising a signed System
# Firmware (SYSFW) binary image as released by TI as well as domain-specific
# SYSFW configuration fragments provided in the form of C sources.
#
# Copyright (C) 2018-2019 Texas Instruments Incorporated - http://www.ti.com/
#	Andreas Dannenberg <dannenberg@ti.com>
#
#  Redistribution and use in source and binary forms, with or without
#  modification, are permitted provided that the following conditions
#  are met:
#
#    Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#    Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the
#    distribution.
#
#    Neither the name of Texas Instruments Incorporated nor the names of
#    its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

SOC ?= am65x
CONFIG ?= evm

include soc/$(SOC)/Makefile

BUILD_SRC ?= .
O ?= out
BIN_DIR ?= .

srcroot = $(BUILD_SRC)
soc_srcroot = $(srcroot)/soc/${SOC}/${CONFIG}
objroot = $(O)
soc_objroot = $(objroot)/soc/${SOC}/${CONFIG}

binroot = $(BIN_DIR)

# The HS SYSFW will only work on HS hardware when signed with valid
# keys, warn HS users if the SECDEV environment variable is not set
ifdef HS
ifeq ($(TI_SECURE_DEV_PKG),)
$(warning TI_SECURE_DEV_PKG should be set for HS, defaults may not work)
endif
endif

# If using the default SYSFW make sure to manually copy/populate the unsigned
# image into the root folder of this repository.
SYSFW_PATH ?= ti-sci-firmware-${SOC}-gp.bin
SYSFW_HS_PATH ?= ti-sci-firmware-${SOC}-hs-enc.bin
SYSFW_HS_INNER_CERT_PATH ?= ti-sci-firmware-${SOC}-hs-cert.bin
SYSFW_HS_CERTS_PATH ?= ti-sci-firmware-${SOC}-hs-certs.bin

# Must use FULL Git hash below, as it is used as part of an URL for direct DL
SYSFW_GIT_HASH ?= f5438e998a7a8d23722fa4dcd1cdb62dec7a41d2

# URL to download SYSFW release binary from if not provided otherwise
SYSFW_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_PATH)
SYSFW_HS_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_PATH)
SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_INNER_CERT_PATH)

# Set HS SYSFW image signing key
ifdef HS
KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
else
KEY ?= ti-degenerate-key.pem
endif

CROSS_COMPILE ?= arm-none-linux-gnueabihf-

CFLAGS ?= \
	-fno-builtin \
	-Wall \
	-Iinclude/soc/${SOC} \
	-Isoc/${SOC}/${CONFIG} \
	-Iinclude

ifdef ENABLE_TRACE
CFLAGS += -DENABLE_TRACE
endif

SOURCES ?= \
	board-cfg.c \
	pm-cfg.c \
	rm-cfg.c \
	sec-cfg.c

SOC_SOURCES=$(SOURCES:%.c=$(soc_srcroot)/%.c)
SOC_OBJS=$(SOURCES:%.c=$(soc_objroot)/%.o)

SOC_BINS=$(soc_objroot)/sysfw.bin
SOC_BIN_NAMES=sysfw.bin

SOC_BINS += $(SOURCES:%.c=$(soc_objroot)/%.bin)
SOC_BIN_NAMES += $(SOURCES:%.c=%.bin)

ITB ?= $(binroot)/sysfw-$(SOC)-$(CONFIG).itb
ITS ?= $(soc_objroot)/$(basename $(notdir $(ITB))).its
COMBINED_BRDCFG ?= $(soc_objroot)/combined-cfg.bin

vpath %.itb $(soc_objroot)
vpath %.bin $(soc_objroot)
vpath %.o $(soc_objroot)
vpath %.c $(soc_srcroot)

MKIMAGE ?= mkimage

ifeq ($(shell which python3),)
$(error "No python3 in $(PATH), consider installing python3")
endif

.PHONY: _objtree_build
_objtree_build:
	@mkdir -p $(objroot) $(soc_objroot) $(binroot)

$(SYSFW_PATH):
	@echo "Downloading SYSFW release image..."
	wget $(SYSFW_DL_URL)
	@echo "Download SUCCESS!"

$(SYSFW_HS_PATH):
	@echo "Downloading HS SYSFW release image..."
	wget $(SYSFW_HS_DL_URL)
	@echo "Download SUCCESS!"

$(SYSFW_HS_INNER_CERT_PATH):
	@echo "Downloading HS SYSFW release certificate..."
	wget $(SYSFW_HS_INNER_CERT_DL_URL)
	@echo "Download SUCCESS!"

ifdef HS
$(SYSFW_HS_CERTS_PATH): $(SYSFW_HS_INNER_CERT_PATH)
	@echo "Signing the SYSFW inner certificate with $(KEY) key...";
	./gen_x509_cert.sh -d -c m3 -b $< -o $@ -l 0x40000 -k $(KEY);

$(soc_objroot)/sysfw.bin: $(SYSFW_HS_CERTS_PATH) $(SYSFW_HS_PATH)
	cat $^ > $@
else
$(soc_objroot)/sysfw.bin: $(SYSFW_PATH)
	@if [ -n "$(KEY)" ]; then \
		echo "Signing the SYSFW release image with $(KEY) key..."; \
		./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000 -k $(KEY); \
	else \
		echo "Signing the SYSFW release image with random key..."; \
		./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000; \
	fi
endif

$(ITS): soc_objs $(SOC_BINS)
	./gen_its.sh $(SOC) $(CONFIG) $(SOC_BIN_NAMES) > $@

$(ITB): $(ITS)
	$(MKIMAGE) -f $< -r $@

sysfw.itb: $(ITB)
	@cp $< $@

soc_objs: $(SOC_OBJS)

$(COMBINED_BRDCFG): $(SOC_BINS)
	python3 ./scripts/sysfw_boardcfg_blob_creator.py -b $(soc_objroot)/board-cfg.bin -s $(soc_objroot)/sec-cfg.bin -p $(soc_objroot)/pm-cfg.bin -r $(soc_objroot)/rm-cfg.bin -o $@

tiboot3.bin: $(SBL) $(SYSFW_PATH) $(COMBINED_BRDCFG)
	./scripts/gen_x509_combined_cert.sh -b $(SBL) -l $(SBL_LOADADDDR) -s $(SYSFW_PATH) -m 0x40000 -d $(COMBINED_BRDCFG) -n $(COMBINED_BRDCFG_LOADADDR) -k $(KEY) -o $@

$(soc_objroot)/%.o: %.c
	$(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@-pre-validated $<
	python3 ./scripts/sysfw_boardcfg_validator.py -b $@-pre-validated -i -o $@ -s $(SOC) -l $@.log

# On HS board configuration binaries must be signed
ifdef HS
%.bin.unsigned: %.o
	$(CROSS_COMPILE)objcopy -S -O binary $< $@
%.bin: %.bin.unsigned
	$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh $< $@
else
%.bin: %.o
	$(CROSS_COMPILE)objcopy -S -O binary $< $@
endif

.PHONY: sysfw_version
sysfw_version: $(SYSFW_PATH)
	@echo "SYSFW Version:" `strings $(SYSFW_PATH) | grep -o 'v20[0-9][0-9]\.[0-9][0-9].*(.*'`

.PHONY: clean
clean:
	-rm -f $(SOC_BINS) $(SOC_OBJS)
	-rm -f $(ITB) sysfw.itb
	-rm -f $(ITS)
	-rm -f $(SYSFW_HS_CERTS_PATH)
	-rm -rf $(objroot)

.PHONY: mrproper
mrproper: clean
	-rm -f $(SYSFW_PATH)
	-rm -f $(SYSFW_HS_PATH)
	-rm -f $(SYSFW_HS_INNER_CERT_PATH)