From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
"open list:BAREBOX" <barebox@lists.infradead.org>
Subject: Re: [PATCH v2 17/22] ARM: k3: Add k3img tool
Date: Mon, 6 Jan 2025 15:34:03 +0100 [thread overview]
Message-ID: <5c28eb7f-252a-4b7f-97f7-033b5224df44@pengutronix.de> (raw)
In-Reply-To: <20250106-k3-r5-v2-17-9de6270089ef@pengutronix.de>
On 06.01.25 14:47, Sascha Hauer wrote:
> The image format for the TI K3 SoCs is basically a x509 certificate
> file. In U-Boot this image is generated with binman. This patch adds
> a simple shell script using openssl directly. This is by far not so
> sophisticated as the U-Boot variant, but is enough for now to get a
> beagleplay up and running.
Can you add some information where the key material comes from?
Thanks,
Ahmad
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> arch/arm/mach-k3/custMpk.pem | 51 +++++++++
> arch/arm/mach-k3/ti-degenerate-key.pem | 10 ++
> images/Makefile.k3 | 10 ++
> scripts/k3img | 187 +++++++++++++++++++++++++++++++++
> 4 files changed, 258 insertions(+)
>
> diff --git a/arch/arm/mach-k3/custMpk.pem b/arch/arm/mach-k3/custMpk.pem
> new file mode 100644
> index 0000000000..adba378c80
> --- /dev/null
> +++ b/arch/arm/mach-k3/custMpk.pem
> @@ -0,0 +1,51 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIIJKQIBAAKCAgEAvxSuSdh/ctNrI83rSA5l3CJN8g5PgvbttfLd23yR+m5Z/9X3
> +tt4EHYrM0pXZ0eDEwfhQv/9IDJEiUJpMe4vzlgooJrOk2eCpVUEa+z5bJ2y/ysBx
> +ry9yIu5GASVirT7HBPaxGLYswBJuD+KbPuWmoKgGRQNBF04WH6l01oRO1nmnELgR
> +qQ6SHyXdf7Hy0bnyaNgzWUuCfXfM0Zz6I7T7WIjyzerVFvIsdS36YsPBCW7gBnDg
> +tQcJmWLZ1uTnbG3IggdQk/fi2O3RX+PQns+TVNlf3V3ON2DxqxSKBHtlp7p/30VF
> +fEuhW65OxpQ9jE6H0pQ8pPOf2vzyNnznDa1aQjfxKoHQbqGnZwMeh+0Au3NKaCgx
> +ooKaowTB6If/RX6qwZ/UOwXHg/0hcf69fzjJFhlSDuYDM40dHsk2HM1OnYIpiM2b
> +Kr5sX3uysjp5AGp99a0anR7NWCrPXvROgKs7T9341N40osQg2VkZLYUCXh9osUyN
> +uREG6S12tViMUKg3bmZ4b4MwRk00n7QYSrm7+nvFrtYyEISEbD+agDM1/E281W5g
> +VFDPfm2AlwT6jwsg/b2YK6E3vVn9SuxFoQmLF8lyFDO3BV4SXeJaHc4hVPbh6tVV
> +qifrTQnfGUCCLmaJF2XZbrPWOE6NYRbWdNTeFl9RGdVCuIPSyN5LqWmXto0CAwEA
> +AQKCAgAzkAwcJ0z1GnId/lJQZno8NhGckRoJuEKbR8dwlCP8VUz6Ca5H7Y9kvXDa
> +Hs/hn+rYgP6hYOz7XyrIX2rmJ/T6dxEwqGeC1+o59FConcIRWHpE5zuGT6JYJL5F
> +TuZa48bm4v8VMQvQZOjIZpkIFwao8c6HTwKAnHTB5IN/48I2hCt+Cn3RhfoOZ7Rm
> +4gkpaSkt+7GXlhXHb82YfujNO+hbktEamhUYlQ9EK70Wa8aqmf3gHxO0JgsEFjW8
> +lJaSnultlTW8SDcx3LMUUjCYumECk4oX/VlJfmKYjPlVjkr3QQ+Cm3nNucb4K4hc
> +c+JL+2ERhSj8RjXL7VgbNgdPnIjvQDJuTNqecTU8xWPYrkOLQpNibbLjnutLkhJz
> +fMyRtmDtrsey8WiCDuCHkPJ8/f8RjL2zWI9fzTDDIzdlEKouUFGOovaHVnbua6pn
> +hymcu9d9FV3p2rcbj0ivCs7e8j+vhSxFJEJoAbcQdXCTi/n2uR7pLtoMNiUzsejy
> +d46Uz+KEU920NTwE2z6JJq8I2vegnxjc7PDDrV3/5rK04B93aXiqvwWseCpxelrI
> +xaMkRHbXrIXRO6MXQ3N+zNq8Dg3hjGTTvaBKuwgvqLwlXY8+Aa3ooFzEOInIOSsI
> +XcWqXxt/tgZgsj9RwpC42t8kbA+BkbNk9EIUa+P5kEr2P/fO7QKCAQEA4EtArnOX
> +D6tQF8uTw8USOZC2P9s/ez1z4jRq3oKP0Kv4tJiuIObJ/dUvGVD7aM5v2xaCfhm8
> +xpk09VPUgghfG5jR5qVvQr75kCNToJQudWi4ngk1HwKJzzTO11giFEdybvTUA+Pj
> +fmxCM0dYYqRWZoj0hLqXlUCwxE74BFIhJVjeYbf+nTQrqpllTLoW7MTZHzGx5SXx
> +4dNzyVAUH49Yt2D8mgXXCkf5sGLh762wj34b/rR10Kr4O5utGMZrfTRIbuQ1pNjU
> +m66baPzq+mC0BzqZEW70TgEb7lOr8rcVXLOi3r36omfd9/MHx7iZD6o3K1axSO15
> +grD4ZrN7Ac3QJwKCAQEA2heCoBdpvy6YUk8AO2k8qDygTdmPQRuwjjT+Z2fMslBt
> +D7DkpKwZ6Bl9OclcpiiLHmH+hv65KqYg+tR0RRb7PcogB9El9x7yKkGTPZEYWGky
> +n8P84rJpKwjnwWQvPQktI1cs3YGvZA9DQTFBavRrwuzgd1oSJq5aPQ2tme0kMvWp
> +l1/B/cPK+PKCi/Wfisaze1TjijP9qIeUwkdNN6WLrLU3QgsGppcg2I7RQtAIikT6
> +GkuiOQAvWMsrJVV6PNrVKz4fJDJ59Rz6jbDHZNi1MEYNxQoB/Pl7QIakbfjWpHLv
> +8Ey7cB2JKxjQy8tmyl8WNQVbXbE6daPXcMTUmaRAKwKCAQBv1lYMJmq+T2eCVen6
> +BbvOpE+bi5EdvEiaFBTtmiBnpjg+pJq+oRU60h/H+c9CNR0lGxY6Fk9An4f+g6xE
> +ojP6KLsQzJCrsVny+wpp2TlJJcxYULMCIVvhy60PR0zG29E9biqBPhJjKUvhEcQK
> +e3LxcXyq6fdHXphFajLUxLbuTl+kTgBRFoBnclFGbsubh5PTsA3J+p+fQLZNPPar
> +veg4l82cZykQYU8pGkUaI3sUMYd3+zd7sqRP5JHs9pMGPRmY4YW2CsAIWIn5UZNB
> +ARMDP76vKKn8cyUgMuxb+9pU/OVLN2NPs4bEaZQJjAwV+YPEwldny7F47xEM9JVz
> +EtKlAoIBAQDUt62u3GdGE/p5/ZgqWoDRTyDEDfmN9aYFbmbdEP80xQE7FrxMaZhz
> +K7laja6SWmUm40nQ/c45bQQp4uLtKHcxU15egX7YRBTLZl5o5IasZR79ebnEm2O8
> +l9kEZeU1USf3mmWmP4GExOZCRfqaiYA6BbUCdJXTqKdXeWnkAssV8UrS3JFoJHpq
> +yo7OWGqefyQ8nRW6jO9SW7uaqtUD+7H6aF5XSk3YWvusfdBZrHNH+fM/hpnZovaL
> +Us7ogTDS/laA8PyK37jYfMVdQhmZoU1Iomt3zkUWK3gt/aWPpfAlQf4Jka4YspZB
> +tNiijefaZ1hPqsPs5Joyd/YAhdsfaHc1AoIBAQCn/9j6RRjRaw0ip756oad4AXHz
> +XBwVB2CrY96qT6Hj9Sq7tGgdskqGkOQkAivBLBizUdcWv0t1yenOsSgasQeMlvlh
> +B8md9cLvpKXPB3HM3rTDH/xNXe0TpVKLf7SXC8HfDyIweHwMW3QgO2DWrvI4BV/T
> +ckBatRNQ90HxkqGFhC/Mp529lQlyg3ifxPxJsvZOyPMUnrflAvsKQk5c2ZiQg3nZ
> +h7I2pjSYgCl+Ib52l8p9bf1kcrVGgPM+auzm496i0RPobFeDBoBvSoznJktHJ7+3
> +NnZH+jLiZCODiQPGtQUi+T6eIZUIJF0YASpsCCtUzXCxwW3lYIDNy7UlMivF
> +-----END RSA PRIVATE KEY-----
> diff --git a/arch/arm/mach-k3/ti-degenerate-key.pem b/arch/arm/mach-k3/ti-degenerate-key.pem
> new file mode 100644
> index 0000000000..bd7d3745ad
> --- /dev/null
> +++ b/arch/arm/mach-k3/ti-degenerate-key.pem
> @@ -0,0 +1,10 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog
> +8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e
> +QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB
> +AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho
> +k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey
> +bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0
> +RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR
> +iCrL55cxEM146zMw3AnF
> +-----END RSA PRIVATE KEY-----
> diff --git a/images/Makefile.k3 b/images/Makefile.k3
> index f7acd78014..315ec47bb2 100644
> --- a/images/Makefile.k3
> +++ b/images/Makefile.k3
> @@ -11,3 +11,13 @@ $(obj)/k3-am625-beagleplay.fit: $(obj)/barebox-beagleplay.img
> FILE_barebox-beagleplay-fit.img = k3-am625-beagleplay.fit
> image-$(CONFIG_MACH_BEAGLEPLAY) += barebox-beagleplay-fit.img
>
> +quiet_cmd_k3_image = K3IMG $@
> + cmd_k3_image = if [ -n "$(INNERDATA_$(@F))" ]; then \
> + inner="--innerdata $(INNERDATA_$(@F))"; \
> + fi; \
> + $(srctree)/scripts/k3img --sysfw $(SYSFW_$(@F)) \
> + --sysfwdata $(SYSFWDATA_$(@F)) --dmdata $(DMDATA_$(@F)) \
> + --key $(KEY_$(@F)) $$inner --sbl $< --out $@
> +
> +$(obj)/%.k3img: $(obj)/% scripts/k3img FORCE
> + $(call if_changed,k3_image)
> diff --git a/scripts/k3img b/scripts/k3img
> new file mode 100755
> index 0000000000..048da82b92
> --- /dev/null
> +++ b/scripts/k3img
> @@ -0,0 +1,187 @@
> +#!/bin/bash
> +
> +TEMP=$(getopt -o '' --long 'sysfw:,sysfwdata:,dmdata:,out:,sbl:,key:,innerdata:' -n 'k3img' -- "$@")
> +
> +if [ $? -ne 0 ]; then
> + echo 'Terminating...' >&2
> + exit 1
> +fi
> +
> +# Note the quotes around "$TEMP": they are essential!
> +eval set -- "$TEMP"
> +unset TEMP
> +
> +while true; do
> + case "$1" in
> + '--sysfw')
> + sysfw="$2"
> + shift 2
> + continue
> + ;;
> + '--sysfwdata')
> + sysfwdata="$2"
> + shift 2
> + continue
> + ;;
> + '--sysfw')
> + sysfw="$2"
> + shift 2
> + continue
> + ;;
> + '--dmdata')
> + dmdata="$2"
> + shift 2
> + continue
> + ;;
> + '--out')
> + out="$2"
> + shift 2
> + continue
> + ;;
> + '--sbl')
> + sbl="$2"
> + shift 2
> + continue
> + ;;
> + '--key')
> + key="$2"
> + shift 2
> + continue
> + ;;
> + '--innerdata')
> + innerdata="$2"
> + shift 2
> + continue
> + ;;
> + '--')
> + shift
> + break
> + ;;
> + *)
> + echo 'Internal error!' >&2
> + exit 1
> + ;;
> + esac
> +done
> +
> +shasbl=$(sha512sum $sbl | sed 's/ .*//')
> +shasysfw=$(sha512sum $sysfw | sed 's/ .*//')
> +shasysfwdata=$(sha512sum $sysfwdata | sed 's/ .*//')
> +shadmdata=$(sha512sum $dmdata | sed 's/ .*//')
> +
> +sblsize=$(stat -c%s $sbl)
> +sysfwsize=$(stat -c%s $sysfw)
> +sysfwdatasize=$(stat -c%s $sysfwdata)
> +dmdatasize=$(stat -c%s $dmdata)
> +
> +total=$(($sblsize + $sysfwsize + $sysfwdatasize + $dmdatasize))
> +
> +certcfg=$(mktemp k3img.XXXXXXX)
> +cert=$(mktemp k3img.XXXXXXX)
> +
> +num_comp=4
> +
> +if [ -n "${innerdata}" ]; then
> + shainnerdata=$(sha512sum $innerdata | sed 's/ .*//')
> + innerdatasize=$(stat -c%s $innerdata)
> +
> + innercert=$(cat <<EOF
> +[sysfw_inner_cert]
> +compType = INTEGER:3
> +bootCore = INTEGER:0
> +compOpts = INTEGER:0
> +destAddr = FORMAT:HEX,OCT:00000000
> +compSize = INTEGER:$innerdatasize
> +shaType = OID:2.16.840.1.101.3.4.2.3
> +shaValue = FORMAT:HEX,OCT:$shainnerdata
> +EOF
> +)
> +
> + num_comp=$((num_comp + 1))
> + total=$((total + innerdatasize))
> + sysfw_inner_cert="sysfw_inner_cert=SEQUENCE:sysfw_inner_cert"
> +fi
> +
> +cat > $certcfg <<EndOfHereDocument
> +[ req ]
> +distinguished_name = req_distinguished_name
> +x509_extensions = v3_ca
> +prompt = no
> +dirstring_type = nobmp
> +
> +[ req_distinguished_name ]
> +C = US
> +ST = TX
> +L = Dallas
> +O = Texas Instruments Incorporated
> +OU = Processors
> +CN = TI Support
> +emailAddress = support@ti.com
> +
> +[ v3_ca ]
> +basicConstraints = CA:true
> +1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
> +1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
> +1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
> +
> +[swrv]
> +swrv=INTEGER:1
> +
> +[ext_boot_info]
> +extImgSize=INTEGER:$total
> +numComp=INTEGER:$num_comp
> +sbl=SEQUENCE:sbl
> +sysfw=SEQUENCE:sysfw
> +sysfw_data=SEQUENCE:sysfw_data
> +$sysfw_inner_cert
> +dm_data=SEQUENCE:dm_data
> +
> +[sbl]
> +compType = INTEGER:1
> +bootCore = INTEGER:16
> +compOpts = INTEGER:0
> +destAddr = FORMAT:HEX,OCT:43c00000
> +compSize = INTEGER:$sblsize
> +shaType = OID:2.16.840.1.101.3.4.2.3
> +shaValue = FORMAT:HEX,OCT:$shasbl
> +
> +[sysfw]
> +compType = INTEGER:2
> +bootCore = INTEGER:0
> +compOpts = INTEGER:0
> +destAddr = FORMAT:HEX,OCT:00040000
> +compSize = INTEGER:$sysfwsize
> +shaType = OID:2.16.840.1.101.3.4.2.3
> +shaValue = FORMAT:HEX,OCT:$shasysfw
> +
> +[sysfw_data]
> +compType = INTEGER:18
> +bootCore = INTEGER:0
> +compOpts = INTEGER:0
> +destAddr = FORMAT:HEX,OCT:00067000
> +compSize = INTEGER:$sysfwdatasize
> +shaType = OID:2.16.840.1.101.3.4.2.3
> +shaValue = FORMAT:HEX,OCT:$shasysfwdata
> +
> +[ debug ]
> +debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
> +debugType = INTEGER:4
> +coreDbgEn = INTEGER:0
> +coreDbgSecEn = INTEGER:0
> +
> +$innercert
> +
> +[dm_data]
> +compType = INTEGER:17
> +bootCore = INTEGER:16
> +compOpts = INTEGER:0
> +destAddr = FORMAT:HEX,OCT:43c3a800
> +compSize = INTEGER:$dmdatasize
> +shaType = OID:2.16.840.1.101.3.4.2.3
> +shaValue = FORMAT:HEX,OCT:$shadmdata
> +
> +EndOfHereDocument
> +
> +openssl req -new -x509 -key $key -nodes -outform DER -out $cert -config $certcfg -sha512
> +
> +cat $cert $sbl $sysfw $sysfwdata $innerdata $dmdata > $out
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-01-06 14:49 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-06 13:46 [PATCH v2 00/22] ARM: K3: Add R5 boot support Sascha Hauer
2025-01-06 13:46 ` [PATCH v2 01/22] ARM: add ARMv7R MPU support Sascha Hauer
2025-01-06 13:46 ` [PATCH v2 02/22] lib/rationale: compile for pbl Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 03/22] DDR: Add k3 DDR driver Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 04/22] ARM: move ARM_CPU_PART_* defines to header Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 05/22] nommu_v7_vectors_init: disable for r5 Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 06/22] clocksource: timer-ti-dm: add support for K3 SoCs Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 07/22] ARM: K3: mount /boot even with env handling disabled Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 08/22] clk: add K3 clk driver Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 09/22] pmdomain: add K3 driver Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 10/22] rproc: add K3 arm64 rproc driver Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 11/22] ARM: k3: add k3_debug_ll_init() Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 12/22] ARM: K3: use debug_ll code for regular PBL console Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 13/22] elf: use iomem regions as fallback when loading to non-sdram memory Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 14/22] rproc: add K3 system_controller Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 15/22] firmware: ti_sci: add function to get global handle Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 16/22] ARM: k3: Add initial r5 support Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 17/22] ARM: k3: Add k3img tool Sascha Hauer
2025-01-06 14:34 ` Ahmad Fatoum [this message]
2025-01-06 13:47 ` [PATCH v2 18/22] ARM: beagleplay: add binary files Sascha Hauer
2025-01-06 14:33 ` Ahmad Fatoum
2025-01-07 7:44 ` Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 19/22] ARM: beagleplay: add Cortex-R5 boot support Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 20/22] Documentation: add build documentation for TI K3 SoCs Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 21/22] ARM: am625: disable secondary watchdogs Sascha Hauer
2025-01-06 13:47 ` [PATCH v2 22/22] mci: am654-sdhci: Use PIO for small transfers Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c28eb7f-252a-4b7f-97f7-033b5224df44@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox