1 #
2 # Utility to generate an image tree blob (ITB) comprising a signed System
3 # Firmware (SYSFW) binary image as released by TI as well as domain-specific
4 # SYSFW configuration fragments provided in the form of C sources.
5 #
6 # Copyright (C) 2018-2019 Texas Instruments Incorporated - http://www.ti.com/
7 # Andreas Dannenberg <dannenberg@ti.com>
8 #
9 # Redistribution and use in source and binary forms, with or without
10 # modification, are permitted provided that the following conditions
11 # are met:
12 #
13 # Redistributions of source code must retain the above copyright
14 # notice, this list of conditions and the following disclaimer.
15 #
16 # Redistributions in binary form must reproduce the above copyright
17 # notice, this list of conditions and the following disclaimer in the
18 # documentation and/or other materials provided with the
19 # distribution.
20 #
21 # Neither the name of Texas Instruments Incorporated nor the names of
22 # its contributors may be used to endorse or promote products derived
23 # from this software without specific prior written permission.
24 #
25 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #
38 SOC ?= am65x
39 CONFIG ?= evm
41 BUILD_SRC ?= .
42 O ?= out
43 BIN_DIR ?= .
45 srcroot = $(BUILD_SRC)
46 soc_srcroot = $(srcroot)/soc/${SOC}/${CONFIG}
47 objroot = $(O)
48 soc_objroot = $(objroot)/soc/${SOC}/${CONFIG}
50 binroot = $(BIN_DIR)
52 # The HS SYSFW will only work on HS hardware when signed with valid
53 # keys, warn HS users if the SECDEV environment variable is not set
54 ifdef HS
55 ifeq ($(TI_SECURE_DEV_PKG),)
56 $(warning TI_SECURE_DEV_PKG should be set for HS, defaults may not work)
57 endif
58 endif
60 # If using the default SYSFW make sure to manually copy/populate the unsigned
61 # image into the root folder of this repository.
62 SYSFW_PATH ?= ti-sci-firmware-${SOC}-gp.bin
63 SYSFW_HS_PATH ?= ti-sci-firmware-${SOC}-hs-enc.bin
64 SYSFW_HS_INNER_CERT_PATH ?= ti-sci-firmware-${SOC}-hs-cert.bin
65 SYSFW_HS_CERTS_PATH ?= ti-sci-firmware-${SOC}-hs-certs.bin
67 # Must use FULL Git hash below, as it is used as part of an URL for direct DL
68 SYSFW_GIT_HASH ?= 2b292f87e7257d4f9103d4e862a7b1769b13fed7
70 # URL to download SYSFW release binary from if not provided otherwise
71 SYSFW_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_PATH)
72 SYSFW_HS_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_PATH)
73 SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_INNER_CERT_PATH)
75 # Set HS SYSFW image signing key
76 ifdef HS
77 KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
78 else
79 KEY ?= ti-degenerate-key.pem
80 endif
82 CROSS_COMPILE ?= arm-linux-gnueabihf-
84 CFLAGS ?= \
85 -fno-builtin \
86 -Wall \
87 -Iinclude/soc/${SOC} \
88 -Isoc/${SOC}/${CONFIG} \
89 -Iinclude
91 ifdef ENABLE_TRACE
92 CFLAGS += -DENABLE_TRACE
93 endif
95 SOURCES ?= \
96 board-cfg.c \
97 pm-cfg.c \
98 rm-cfg.c \
99 sec-cfg.c
101 SOC_SOURCES=$(SOURCES:%.c=$(soc_srcroot)/%.c)
102 SOC_OBJS=$(SOURCES:%.c=$(soc_objroot)/%.o)
104 SOC_BINS=$(soc_objroot)/sysfw.bin
105 SOC_BIN_NAMES=sysfw.bin
107 SOC_BINS += $(SOURCES:%.c=$(soc_objroot)/%.bin)
108 SOC_BIN_NAMES += $(SOURCES:%.c=%.bin)
110 ITB ?= $(binroot)/sysfw-$(SOC)-$(CONFIG).itb
111 ITS ?= $(soc_objroot)/$(basename $(notdir $(ITB))).its
113 vpath %.itb $(soc_objroot)
114 vpath %.bin $(soc_objroot)
115 vpath %.o $(soc_objroot)
116 vpath %.c $(soc_srcroot)
118 MKIMAGE ?= mkimage
120 .PHONY: all _objtree_build
122 all: _objtree_build $(ITB)
124 _objtree_build:
125 @mkdir -p $(objroot) $(soc_objroot) $(binroot)
127 $(SYSFW_PATH):
128 @echo "Downloading SYSFW release image..."
129 wget $(SYSFW_DL_URL)
130 @echo "Download SUCCESS!"
132 $(SYSFW_HS_PATH):
133 @echo "Downloading HS SYSFW release image..."
134 wget $(SYSFW_HS_DL_URL)
135 @echo "Download SUCCESS!"
137 $(SYSFW_HS_INNER_CERT_PATH):
138 @echo "Downloading HS SYSFW release certificate..."
139 wget $(SYSFW_HS_INNER_CERT_DL_URL)
140 @echo "Download SUCCESS!"
142 ifdef HS
143 $(SYSFW_HS_CERTS_PATH): $(SYSFW_HS_INNER_CERT_PATH)
144 @echo "Signing the SYSFW inner certificate with $(KEY) key...";
145 ./gen_x509_cert.sh -d -c m3 -b $< -o $@ -l 0x40000 -k $(KEY);
147 $(soc_objroot)/sysfw.bin: $(SYSFW_HS_CERTS_PATH) $(SYSFW_HS_PATH)
148 cat $^ > $@
149 else
150 $(soc_objroot)/sysfw.bin: $(SYSFW_PATH)
151 @if [ -n "$(KEY)" ]; then \
152 echo "Signing the SYSFW release image with $(KEY) key..."; \
153 ./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000 -k $(KEY); \
154 else \
155 echo "Signing the SYSFW release image with random key..."; \
156 ./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000; \
157 fi
158 endif
160 $(ITS): soc_objs $(SOC_BINS)
161 ./gen_its.sh $(SOC) $(CONFIG) $(SOC_BIN_NAMES) > $@
163 $(ITB): $(ITS)
164 $(MKIMAGE) -f $< -r $@
166 soc_objs: $(SOC_OBJS)
169 $(soc_objroot)/%.o: %.c
170 $(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@ $<
172 # On HS board configuration binaries must be signed
173 ifdef HS
174 %.bin.unsigned: %.o
175 $(CROSS_COMPILE)objcopy -S -O binary $< $@
176 %.bin: %.bin.unsigned
177 $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh $< $@
178 else
179 %.bin: %.o
180 $(CROSS_COMPILE)objcopy -S -O binary $< $@
181 endif
183 .PHONY: sysfw_version
184 sysfw_version: $(SYSFW_PATH)
185 @echo "SYSFW Version:" `strings $(SYSFW_PATH) | grep -o 'v20[0-9][0-9]\.[0-9][0-9].*(.*'`
187 .PHONY: clean
188 clean:
189 -rm -f $(SOC_BINS) $(SOC_OBJS)
190 -rm -f $(ITB)
191 -rm -f $(ITS)
192 -rm -f $(SYSFW_HS_CERTS_PATH)
193 -rm -rf $(objroot)
195 .PHONY: mrproper
196 mrproper: clean
197 -rm -f $(SYSFW_PATH)
198 -rm -f $(SYSFW_HS_PATH)
199 -rm -f $(SYSFW_HS_INNER_CERT_PATH)