X-Git-Url: https://git.ti.com/gitweb?p=processor-firmware%2Fsystem-firmware-image-gen.git;a=blobdiff_plain;f=Makefile;h=95ee273183305153d10c0e3ba14b8e4227d7f14d;hp=716ba8b0e9a9ee743f178a18f387b0aee928cd78;hb=f68fe913c16f13a7e04f6f340de1c4f6cc561c10;hpb=14b1c6caf105c24b96bbaa1d520b5ad6816f6b4f;ds=sidebyside diff --git a/Makefile b/Makefile index 716ba8b..95ee273 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # Firmware (SYSFW) binary image as released by TI as well as domain-specific # SYSFW configuration fragments provided in the form of C sources. # -# Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/ +# Copyright (C) 2018-2019 Texas Instruments Incorporated - http://www.ti.com/ # Andreas Dannenberg # # Redistribution and use in source and binary forms, with or without @@ -35,15 +35,33 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# The HS SYSFW will only work on HS hardware when signed with valid +# keys, warn HS users if the SECDEV environment variable is not set +ifdef HS +ifeq ($(TI_SECURE_DEV_PKG),) +$(warning TI_SECURE_DEV_PKG should be set for HS, defaults may not work) +endif +endif + # If using the default SYSFW make sure to manually copy/populate the unsigned # image into the root folder of this repository. SYSFW_PATH ?= ti-sci-firmware-am65x-gp.bin +SYSFW_HS_PATH ?= ti-sci-firmware-am65x-hs-enc.bin +SYSFW_HS_INNER_CERT_PATH ?= ti-sci-firmware-am65x-hs-cert.bin +SYSFW_HS_CERTS_PATH ?= ti-sci-firmware-am65x-hs-certs.bin # Must use FULL Git hash below, as it is used as part of an URL for direct DL -SYSFW_GIT_HASH ?= cbb37f282017cb5b6bf42c26c0b5a5a8b818ec9e +SYSFW_GIT_HASH ?= b41c4f097ab6f341462645f76059f48f78bbd17e # URL to download SYSFW release binary from if not provided otherwise SYSFW_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_PATH) +SYSFW_HS_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_PATH) +SYSFW_HS_INNER_CERT_DL_URL ?= https://git.ti.com/processor-firmware/ti-linux-firmware/blobs/raw/$(SYSFW_GIT_HASH)/ti-sysfw/$(SYSFW_HS_INNER_CERT_PATH) + +# Set HS SYSFW image signing key +ifdef HS +KEY ?= $(TI_SECURE_DEV_PKG)/keys/custMpk.pem +endif CROSS_COMPILE ?= arm-linux-gnueabihf- @@ -80,9 +98,28 @@ $(SYSFW_PATH): wget $(SYSFW_DL_URL) @echo "Download SUCCESS!" +$(SYSFW_HS_PATH): + @echo "Downloading HS SYSFW release image..." + wget $(SYSFW_HS_DL_URL) + @echo "Download SUCCESS!" + +$(SYSFW_HS_INNER_CERT_PATH): + @echo "Downloading HS SYSFW release certificate..." + wget $(SYSFW_HS_INNER_CERT_DL_URL) + @echo "Download SUCCESS!" + +ifdef HS +$(SYSFW_HS_CERTS_PATH): $(SYSFW_HS_INNER_CERT_PATH) + @echo "Signing the SYSFW inner certificate with $(KEY) key..."; + ./gen_x509_cert.sh -d -c m3 -b $< -o $@ -l 0x40000 -k $(KEY); + +sysfw.bin: $(SYSFW_HS_CERTS_PATH) $(SYSFW_HS_PATH) + cat $^ > $@ +else sysfw.bin: $(SYSFW_PATH) sysfw_version @echo "Signing the SYSFW release image with random key..." ./gen_x509_cert.sh -c m3 -b $< -o $@ -l 0x40000 +endif $(ITS): $(BINS) ./gen_its.sh $(BINS) > $@ @@ -99,7 +136,10 @@ clean: -rm $(BINS) -rm $(ITB) -rm $(ITS) + -rm $(SYSFW_HS_CERTS_PATH) .PHONY: mrproper mrproper: clean -rm $(SYSFW_PATH) + -rm $(SYSFW_HS_PATH) + -rm $(SYSFW_HS_INNER_CERT_PATH)