binman: ti-secure: Add support for TI signing
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.
Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
diff --git a/tools/binman/test/279_ti_secure.dts b/tools/binman/test/279_ti_secure.dts
new file mode 100644
index 0000000..941d0ab
--- /dev/null
+++ b/tools/binman/test/279_ti_secure.dts
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure {
+ content = <&unsecure_binary>;
+ };
+ unsecure_binary: blob-ext {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/280_ti_secure_rom.dts b/tools/binman/test/280_ti_secure_rom.dts
new file mode 100644
index 0000000..d131376
--- /dev/null
+++ b/tools/binman/test/280_ti_secure_rom.dts
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure-rom {
+ content = <&unsecure_binary>;
+ };
+ unsecure_binary: blob-ext {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/281_ti_secure_rom_combined.dts b/tools/binman/test/281_ti_secure_rom_combined.dts
new file mode 100644
index 0000000..bf87273
--- /dev/null
+++ b/tools/binman/test/281_ti_secure_rom_combined.dts
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure-rom {
+ content = <&unsecure_binary>;
+ content-sbl = <&unsecure_binary>;
+ content-sysfw = <&unsecure_binary>;
+ content-sysfw-data = <&unsecure_binary>;
+ content-sysfw-inner-cert = <&unsecure_binary>;
+ content-dm-data = <&unsecure_binary>;
+ combined;
+ sysfw-inner-cert;
+ dm-data;
+ };
+ unsecure_binary: blob-ext {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/288_ti_secure_rom_a.dts b/tools/binman/test/288_ti_secure_rom_a.dts
new file mode 100644
index 0000000..887138f
--- /dev/null
+++ b/tools/binman/test/288_ti_secure_rom_a.dts
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure-rom {
+ content = <&unsecure_binary>;
+ core = "secure";
+ countersign;
+ };
+ unsecure_binary: blob-ext {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/289_ti_secure_rom_b.dts b/tools/binman/test/289_ti_secure_rom_b.dts
new file mode 100644
index 0000000..c6d6182
--- /dev/null
+++ b/tools/binman/test/289_ti_secure_rom_b.dts
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ ti-secure-rom {
+ content = <&unsecure_binary>;
+ core = "public";
+ };
+ unsecure_binary: blob-ext {
+ filename = "ti_unsecure.bin";
+ };
+ };
+};