k3_gen_x509_cert: Make SWRV configurable for anti-rollback protection
The x509 certificate SWRV is currently hard-coded to 0. This need to be
updated to 1 for j721e 1.1, j7200 and am64x. It is don't care for other
k3 devices.
Added new config K3_X509_SWRV to k3. Default is set to 1.
Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
Reviewed-by: Dave Gerlach <d-gerlach@ti.com>
diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
index 0d21f26..171a7f2 100644
--- a/arch/arm/mach-k3/Kconfig
+++ b/arch/arm/mach-k3/Kconfig
@@ -176,6 +176,12 @@
bootloader, it makes RM and PM services not being available
during R5 SPL execution time.
+config K3_X509_SWRV
+ int "SWRV for X509 certificate used for boot images"
+ default 1
+ help
+ SWRV for X509 certificate used for boot images
+
source "board/ti/am65x/Kconfig"
source "board/ti/am64x/Kconfig"
source "board/ti/am62x/Kconfig"
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index da458bc..4feb579 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -28,6 +28,9 @@
KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
endif
+# X509 SWRV default
+SWRV = $(CONFIG_K3_X509_SWRV)
+
# tiboot3.bin is mandated by ROM and ROM only supports R5 boot.
# So restrict tiboot3.bin creation for CPU_V7R.
ifdef CONFIG_CPU_V7R
@@ -42,7 +45,7 @@
tiboot3.bin: image_check FORCE
$(srctree)/tools/k3_gen_x509_cert.sh -c 16 -b $(obj)/u-boot-spl.bin \
- -o $@ -l $(CONFIG_SPL_TEXT_BASE) -k $(KEY)
+ -o $@ -l $(CONFIG_SPL_TEXT_BASE) -r $(SWRV) -k $(KEY)
INPUTS-y += tiboot3.bin
endif