diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/binman/etype/nxp_imx8mcst.py | 54 | ||||
| -rwxr-xr-x | tools/qconfig.py | 32 |
2 files changed, 57 insertions, 29 deletions
diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py index 8221517b0c4..a7d8db4eec4 100644 --- a/tools/binman/etype/nxp_imx8mcst.py +++ b/tools/binman/etype/nxp_imx8mcst.py @@ -23,7 +23,9 @@ from u_boot_pylib import tools MAGIC_NXP_IMX_IVT = 0x412000d1 MAGIC_FITIMAGE = 0xedfe0dd0 -csf_config_template = """ +KEY_NAME = 'sha256_4096_65537_v3_usr_crt' + +CSF_CONFIG_TEMPLATE = f''' [Header] Version = 4.3 Hash Algorithm = sha256 @@ -36,8 +38,11 @@ csf_config_template = """ File = "SRK_1_2_3_4_table.bin" Source index = 0 +[Install NOCAK] + File = "SRK1_{KEY_NAME}.pem" + [Install CSFK] - File = "CSF1_1_sha256_4096_65537_v3_usr_crt.pem" + File = "CSF1_1_{KEY_NAME}.pem" [Authenticate CSF] @@ -48,12 +53,12 @@ csf_config_template = """ [Install Key] Verification index = 0 Target Index = 2 - File = "IMG1_1_sha256_4096_65537_v3_usr_crt.pem" + File = "IMG1_1_{KEY_NAME}.pem" [Authenticate Data] Verification index = 2 Blocks = 0x1234 0x78 0xabcd "data.bin" -""" +''' class Entry_nxp_imx8mcst(Entry_mkimage): """NXP i.MX8M CST .cfg file generator and cst invoker @@ -69,9 +74,22 @@ class Entry_nxp_imx8mcst(Entry_mkimage): def ReadNode(self): super().ReadNode() self.loader_address = fdt_util.GetInt(self._node, 'nxp,loader-address') - self.srk_table = os.getenv('SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table', 'SRK_1_2_3_4_table.bin')) - self.csf_crt = os.getenv('CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt', 'CSF1_1_sha256_4096_65537_v3_usr_crt.pem')) - self.img_crt = os.getenv('IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt', 'IMG1_1_sha256_4096_65537_v3_usr_crt.pem')) + self.srk_table = os.getenv( + 'SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table', + 'SRK_1_2_3_4_table.bin')) + self.fast_auth = fdt_util.GetBool(self._node, 'nxp,fast-auth') + if not self.fast_auth: + self.csf_crt = os.getenv( + 'CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt', + f'CSF1_1_{KEY_NAME}.pem')) + self.img_crt = os.getenv( + 'IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt', + f'IMG1_1_{KEY_NAME}.pem')) + else: + self.srk_crt = os.getenv( + 'SRK_KEY', fdt_util.GetString(self._node, 'nxp,srk-crt', + f'SRK1_{KEY_NAME}.pem')) + self.unlock = fdt_util.GetBool(self._node, 'nxp,unlock') self.ReadEntries() @@ -118,16 +136,26 @@ class Entry_nxp_imx8mcst(Entry_mkimage): tools.write_file(output_dname, data) # Generate CST configuration file used to sign payload - cfg_fname = tools.get_output_filename('nxp.csf-config-txt.%s' % uniq) + cfg_fname = tools.get_output_filename(f'nxp.csf-config-txt.{uniq}') config = configparser.ConfigParser() # Do not make key names lowercase config.optionxform = str # Load configuration template and modify keys of interest - config.read_string(csf_config_template) - config['Install SRK']['File'] = '"' + self.srk_table + '"' - config['Install CSFK']['File'] = '"' + self.csf_crt + '"' - config['Install Key']['File'] = '"' + self.img_crt + '"' - config['Authenticate Data']['Blocks'] = hex(signbase) + ' 0 ' + hex(len(data)) + ' "' + str(output_dname) + '"' + config.read_string(CSF_CONFIG_TEMPLATE) + config['Install SRK']['File'] = f'"{self.srk_table}"' + if not self.fast_auth: + config.remove_section('Install NOCAK') + config['Install CSFK']['File'] = f'"{self.csf_crt}"' + config['Install Key']['File'] = f'"{self.img_crt}"' + else: + config.remove_section('Install CSFK') + config.remove_section('Install Key') + config['Install NOCAK']['File'] = f'"{self.srk_crt}"' + config['Authenticate Data']['Verification index'] = '0' + + config['Authenticate Data']['Blocks'] = \ + f'{signbase:#x} 0 {len(data):#x} "{output_dname}"' + if not self.unlock: config.remove_section('Unlock') with open(cfg_fname, 'w') as cfgf: diff --git a/tools/qconfig.py b/tools/qconfig.py index 8c2fc9efc5f..058d72cf4bc 100755 --- a/tools/qconfig.py +++ b/tools/qconfig.py @@ -77,7 +77,7 @@ IGNORE_SYMS = ['DEBUG_SECTION_MISMATCH', 'FTRACE_MCOUNT_RECORD', 'GCOV_KERNEL', 'IS_ENABLED_', 'IS_ENABLED_1', 'IS_ENABLED_2', 'IS_ENABLED_3', 'SPL_', 'TPL_', 'SPL_FOO', 'TPL_FOO', 'TOOLS_FOO', 'ACME', 'SPL_ACME', 'TPL_ACME', 'TRACE_BRANCH_PROFILING', - 'VAL', '_UNDEFINED', 'SPL_BUILD', ] + 'VAL', '_UNDEFINED', 'SPL_BUILD', 'XPL_BUILD', ] SPL_PREFIXES = ['SPL_', 'TPL_', 'VPL_', 'TOOLS_'] @@ -1175,7 +1175,7 @@ def prefix_config(cfg): return oper + cfg -RE_MK_CONFIGS = re.compile(r'CONFIG_(\$\(SPL_(?:TPL_)?\))?([A-Za-z0-9_]*)') +RE_MK_CONFIGS = re.compile(r'CONFIG_(\$\(XPL_\)|\$\(PHASE_\))?([A-Za-z0-9_]*)') RE_IFDEF = re.compile(r'(ifdef|ifndef)') RE_C_CONFIGS = re.compile(r'CONFIG_([A-Za-z0-9_]*)') RE_CONFIG_IS = re.compile(r'CONFIG_IS_ENABLED\(([A-Za-z0-9_]*)\)') @@ -1186,7 +1186,7 @@ class ConfigUse: """Set up a new ConfigUse Args: - cfg (str): CONFIG option, without any CONFIG_ or SPL_ prefix + cfg (str): CONFIG option, without any CONFIG_ or xPL_ prefix is_spl (bool): True if this option relates to SPL fname (str): Makefile filename where the CONFIG option was found rest (str): Line of the Makefile @@ -1220,10 +1220,10 @@ def scan_makefiles(fnames): >>> RE_MK_CONFIGS.search('CONFIG_FRED').groups() (None, 'FRED') - >>> RE_MK_CONFIGS.search('CONFIG_$(SPL_)MARY').groups() - ('$(SPL_)', 'MARY') - >>> RE_MK_CONFIGS.search('CONFIG_$(SPL_TPL_)MARY').groups() - ('$(SPL_TPL_)', 'MARY') + >>> RE_MK_CONFIGS.search('CONFIG_$(XPL_)MARY').groups() + ('$(XPL_)', 'MARY') + >>> RE_MK_CONFIGS.search('CONFIG_$(PHASE_)MARY').groups() + ('$(PHASE_)', 'MARY') """ all_uses = collections.defaultdict(list) fname_uses = {} @@ -1319,10 +1319,10 @@ def do_scan_source(path, do_update): key (ConfigUse): object value (list of str): matching lines spl_mode (int): If MODE_SPL, look at source code which implies - an SPL_ option, but for which there is none; + an xPL_ option, but for which there is none; for MOD_PROPER, look at source code which implies a Proper - option (i.e. use of CONFIG_IS_ENABLED() or $(SPL_) or - $(SPL_TPL_) but for which there none; + option (i.e. use of CONFIG_IS_ENABLED() or $(XPL_) or + $(PHASE_) but for which there none; if MODE_NORMAL, ignore SPL Returns: @@ -1341,7 +1341,7 @@ def do_scan_source(path, do_update): if spl_mode == MODE_SPL: check = use.is_spl - # If it is an SPL symbol, try prepending all SPL_ prefixes to + # If it is an SPL symbol, try prepending all xPL_ prefixes to # find at least one SPL symbol if use.is_spl: for prefix in SPL_PREFIXES: @@ -1354,7 +1354,7 @@ def do_scan_source(path, do_update): continue elif spl_mode == MODE_PROPER: # Try to find the Proper version of this symbol, i.e. without - # the SPL_ prefix + # the xPL_ prefix proper_name = is_not_proper(name) if proper_name: name = proper_name @@ -1450,7 +1450,7 @@ def do_scan_source(path, do_update): show_uses(not_found) spl_not_found |= {is_not_proper(key) or key for key in not_found.keys()} - print('\nCONFIG options used as Proper in Makefiles but without a non-SPL_ variant:') + print('\nCONFIG options used as Proper in Makefiles but without a non-xPL_ variant:') not_found = check_not_found(all_uses, MODE_PROPER) show_uses(not_found) proper_not_found |= {not_found.keys()} @@ -1468,16 +1468,16 @@ def do_scan_source(path, do_update): show_uses(not_found) spl_not_found |= {is_not_proper(key) or key for key in not_found.keys()} - print('\nCONFIG options used as Proper in source but without a non-SPL_ variant:') + print('\nCONFIG options used as Proper in source but without a non-xPL_ variant:') not_found = check_not_found(all_uses, MODE_PROPER) show_uses(not_found) proper_not_found |= {not_found.keys()} - print('\nCONFIG options used as SPL but without an SPL_ variant:') + print('\nCONFIG options used as SPL but without an xPL_ variant:') for item in sorted(spl_not_found): print(f' {item}') - print('\nCONFIG options used as Proper but without a non-SPL_ variant:') + print('\nCONFIG options used as Proper but without a non-xPL_ variant:') for item in sorted(proper_not_found): print(f' {item}') |