summaryrefslogtreecommitdiff
path: root/tools/binman/btool/openssl.py
AgeCommit message (Collapse)Author
2025-06-25binman: openssl: disable JTAG access by defaultBryan Brattlof
Typically boards operating in production environments will not be monitored and so will not need JTAG access unlocked. Disable the debug extension by default (set debugType = 0) unless we add the 'debug' property in the binman configs. Acked-by: Andrew Davis <afd@ti.com> Signed-off-by: Bryan Brattlof <bb@ti.com>
2024-04-11binman: ti-secure: Enable debug extension for combined bootManorit Chawdhry
To debug using jtag, ROM needs to unlock jtag debugging on HS devices and it does that looking at this debug extension. Add the debug extension and enable it by default. Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
2024-01-04binman: ti-secure: Add support for firewalling entitiesManorit Chawdhry
We can now firewall entities while loading them through our secure entity TIFS, the required information should be present in the certificate that is being parsed by TIFS. The following commit adds the support to enable the certificates to be generated if the firewall configurations are present in the binman dtsi nodes. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-11-02binman: openssl: x509: ti_secure_rom: Add support for bootcore_optsNeha Malcom Francis
According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-21binman: ti-secure: Add support for TI signingNeha Malcom Francis
The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
2023-03-08binman: Support generation of x509 certificatesSimon Glass
And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org>
generated by cgit v1.2.3 (git 2.0.4) at 2025-08-08 04:07:41 +0000