diff --git a/Makefile b/Makefile
index 4976893c84ad36dcb1fbcfe87252dde2f18bf9ad..95ee273183305153d10c0e3ba14b8e4227d7f14d 100644 (file)
--- a/Makefile
+++ b/Makefile
# Firmware (SYSFW) binary image as released by TI as well as domain-specific
# SYSFW configuration fragments provided in the form of C sources.
#
-# Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
+# Copyright (C) 2018-2019 Texas Instruments Incorporated - http://www.ti.com/
# Andreas Dannenberg <dannenberg@ti.com>
#
# Redistribution and use in source and binary forms, with or without
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+# The HS SYSFW will only work on HS hardware when signed with valid
+# keys, warn HS users if the SECDEV environment variable is not set
+ifdef HS
+ifeq ($(TI_SECURE_DEV_PKG),)
+$(warning TI_SECURE_DEV_PKG should be set for HS, defaults may not work)
+endif
+endif
+
# If using the default SYSFW make sure to manually copy/populate the unsigned
# image into the root folder of this repository.
SYSFW_PATH ?= ti-sci-firmware-am65x-gp.bin
+SYSFW_HS_PATH ?= ti-sci-firmware-am65x-hs-enc.bin
+SYSFW_HS_INNER_CERT_PATH ?= ti-sci-firmware-am65x-hs-cert.bin
+SYSFW_HS_CERTS_PATH ?= ti-sci-firmware-am65x-hs-certs.bin
# Must use FULL Git hash below, as it is used as part of an URL for direct DL
-SYSFW_GIT_HASH ?= 463b1b4a50e8e361fa333f87caf74d2e05bc0a82
+SYSFW_GIT_HASH ?= b41c4f097ab6f341462645f76059f48f78bbd17e
# URL to download SYSFW release binary from if not provided otherwise
SYSFW_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_PATH)
+SYSFW_HS_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_PATH)
+SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_INNER_CERT_PATH)
+
+# Set HS SYSFW image signing key
+ifdef HS
+KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem
+endif
CROSS_COMPILE ?= arm-linux-gnueabihf-
wget $(SYSFW_DL_URL)
@echo "Download SUCCESS!"
+$(SYSFW_HS_PATH):
+ @echo "Downloading HS SYSFW release image..."
+ wget $(SYSFW_HS_DL_URL)
+ @echo "Download SUCCESS!"
+
+$(SYSFW_HS_INNER_CERT_PATH):
+ @echo "Downloading HS SYSFW release certificate..."
+ wget $(SYSFW_HS_INNER_CERT_DL_URL)
+ @echo "Download SUCCESS!"
+
+ifdef HS
+$(SYSFW_HS_CERTS_PATH): $(SYSFW_HS_INNER_CERT_PATH)
+ @echo "Signing the SYSFW inner certificate with $(KEY) key...";
+ ./gen_x509_cert.sh -d -c m3 -b $< -o $@ -l 0x40000 -k $(KEY);
+
+sysfw.bin: $(SYSFW_HS_CERTS_PATH) $(SYSFW_HS_PATH)
+ cat $^ > $@
+else
sysfw.bin: $(SYSFW_PATH) sysfw_version
@echo "Signing the SYSFW release image with random key..."
./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000
+endif
$(ITS): $(BINS)
./gen_its.sh $(BINS) > $@
-rm $(BINS)
-rm $(ITB)
-rm $(ITS)
+ -rm $(SYSFW_HS_CERTS_PATH)
.PHONY: mrproper
mrproper: clean
-rm $(SYSFW_PATH)
+ -rm $(SYSFW_HS_PATH)
+ -rm $(SYSFW_HS_INNER_CERT_PATH)