1 #
2 # Utility to generate an image tree blob (ITB) comprising a signed System
3 # Firmware (SYSFW) binary image as released by TI as well as domain-specific
4 # SYSFW configuration fragments provided in the form of C sources.
5 #
6 # Copyright (C) 2018-2019 Texas Instruments Incorporated - http://www.ti.com/
7 # Andreas Dannenberg <dannenberg@ti.com>
8 #
9 # Redistribution and use in source and binary forms, with or without
10 # modification, are permitted provided that the following conditions
11 # are met:
12 #
13 # Redistributions of source code must retain the above copyright
14 # notice, this list of conditions and the following disclaimer.
15 #
16 # Redistributions in binary form must reproduce the above copyright
17 # notice, this list of conditions and the following disclaimer in the
18 # documentation and/or other materials provided with the
19 # distribution.
20 #
21 # Neither the name of Texas Instruments Incorporated nor the names of
22 # its contributors may be used to endorse or promote products derived
23 # from this software without specific prior written permission.
24 #
25 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #
38 # The HS SYSFW will only work on HS hardware when signed with valid
39 # keys, warn HS users if the SECDEV environment variable is not set
40 ifdef HS
41 ifeq ($(TI_SECURE_DEV_PKG),)
42 $(warning TI_SECURE_DEV_PKG should be set for HS, defaults may not work)
43 endif
44 endif
46 # If using the default SYSFW make sure to manually copy/populate the unsigned
47 # image into the root folder of this repository.
48 SYSFW_PATH ?= ti-sci-firmware-am65x-gp.bin
49 SYSFW_HS_PATH ?= ti-sci-firmware-am65x-hs-enc.bin
50 SYSFW_HS_INNER_CERT_PATH ?= ti-sci-firmware-am65x-hs-cert.bin
51 SYSFW_HS_CERTS_PATH ?= ti-sci-firmware-am65x-hs-certs.bin
53 # Must use FULL Git hash below, as it is used as part of an URL for direct DL
54 SYSFW_GIT_HASH ?= b41c4f097ab6f341462645f76059f48f78bbd17e
56 # URL to download SYSFW release binary from if not provided otherwise
57 SYSFW_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_PATH)
58 SYSFW_HS_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_PATH)
59 SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_INNER_CERT_PATH)
61 # Set HS SYSFW image signing key
62 ifdef HS
63 KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
64 endif
66 CROSS_COMPILE ?= arm-linux-gnueabihf-
68 CFLAGS ?= \
69 -fno-builtin \
70 -Wall
72 BINS ?= \
73 sysfw.bin \
74 board-cfg.bin \
75 pm-cfg.bin \
76 rm-cfg.bin \
77 sec-cfg.bin
79 ITB ?= sysfw.itb
80 ITS ?= $(basename $(ITB)).its
82 MKIMAGE ?= mkimage
84 .PHONY: all
85 all: $(ITB)
87 %.o: %.S
88 $(CROSS_COMPILE)as -o $@ $<
90 %.o: %.c
91 $(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@ $<
93 %.bin: %.o
94 $(CROSS_COMPILE)objcopy -S -O binary $< $@
96 $(SYSFW_PATH):
97 @echo "Downloading SYSFW release image..."
98 wget $(SYSFW_DL_URL)
99 @echo "Download SUCCESS!"
101 $(SYSFW_HS_PATH):
102 @echo "Downloading HS SYSFW release image..."
103 wget $(SYSFW_HS_DL_URL)
104 @echo "Download SUCCESS!"
106 $(SYSFW_HS_INNER_CERT_PATH):
107 @echo "Downloading HS SYSFW release certificate..."
108 wget $(SYSFW_HS_INNER_CERT_DL_URL)
109 @echo "Download SUCCESS!"
111 ifdef HS
112 $(SYSFW_HS_CERTS_PATH): $(SYSFW_HS_INNER_CERT_PATH)
113 @echo "Signing the SYSFW inner certificate with $(KEY) key...";
114 ./gen_x509_cert.sh -d -c m3 -b $< -o $@ -l 0x40000 -k $(KEY);
116 sysfw.bin: $(SYSFW_HS_CERTS_PATH) $(SYSFW_HS_PATH)
117 cat $^ > $@
118 else
119 sysfw.bin: $(SYSFW_PATH) sysfw_version
120 @echo "Signing the SYSFW release image with random key..."
121 ./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000
122 endif
124 $(ITS): $(BINS)
125 ./gen_its.sh $(BINS) > $@
127 $(ITB): $(ITS) $(BINS)
128 $(MKIMAGE) -f $< -r $@
130 .PHONY: sysfw_version
131 sysfw_version: $(SYSFW_PATH)
132 @echo "SYSFW Version:" `strings $(SYSFW_PATH) | grep -o 'v20[0-9][0-9]\.[0-9][0-9].*(.*'`
134 .PHONY: clean
135 clean:
136 -rm $(BINS)
137 -rm $(ITB)
138 -rm $(ITS)
139 -rm $(SYSFW_HS_CERTS_PATH)
141 .PHONY: mrproper
142 mrproper: clean
143 -rm $(SYSFW_PATH)
144 -rm $(SYSFW_HS_PATH)
145 -rm $(SYSFW_HS_INNER_CERT_PATH)