u-boot.git/tools/binman/btool/openssl.py, branch next Unnamed repository; edit this file 'description' to name the repository. binman: openssl: disable JTAG access by default 2025-06-25T19:43:34+00:00 Bryan Brattlof bb@ti.com 2025-06-02T21:56:52+00:00 e18472f1dee609b2ee8a492985bf77a5012e4d01 Typically boards operating in production environments will not be monitored and so will not need JTAG access unlocked. Disable the debug extension by default (set debugType = 0) unless we add the 'debug' property in the binman configs. Acked-by: Andrew Davis <afd@ti.com> Signed-off-by: Bryan Brattlof <bb@ti.com> 
Typically boards operating in production environments will not be
monitored and so will not need JTAG access unlocked. Disable the debug
extension by default (set debugType = 0) unless we add the 'debug'
property in the binman configs.

Acked-by: Andrew Davis <afd@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
binman: ti-secure: Enable debug extension for combined boot 2024-04-11T21:51:11+00:00 Manorit Chawdhry m-chawdhry@ti.com 2024-03-26T08:07:06+00:00 fbfd2baf975f4a0d6345e4d0ed6094c549fe1d03 To debug using jtag, ROM needs to unlock jtag debugging on HS devices and it does that looking at this debug extension. Add the debug extension and enable it by default. Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Reviewed-by: Neha Malcom Francis <n-francis@ti.com> 
To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.

Add the debug extension and enable it by default.

Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
binman: ti-secure: Add support for firewalling entities 2024-01-04T21:48:00+00:00 Manorit Chawdhry m-chawdhry@ti.com 2023-12-29T10:46:26+00:00 a3e407bef759081d9844722ee8e9b72d6881bfaf We can now firewall entities while loading them through our secure entity TIFS, the required information should be present in the certificate that is being parsed by TIFS. The following commit adds the support to enable the certificates to be generated if the firewall configurations are present in the binman dtsi nodes. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> 
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.

The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
binman: openssl: x509: ti_secure_rom: Add support for bootcore_opts 2023-11-03T02:38:01+00:00 Neha Malcom Francis n-francis@ti.com 2023-10-23T08:01:02+00:00 a4ed4c8a51435a63ca79e6d7bca317eff30e9ed3 According to the TRMs of K3 platform of devices, the ROM boot image format specifies a "Core Options Field" that provides the capability to set the boot core in lockstep when set to 0 or to split mode when set to 2. Add support for providing the same from the binman DTS. Also modify existing test case for ensuring future coverage. Signed-off-by: Neha Malcom Francis <n-francis@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
According to the TRMs of K3 platform of devices, the ROM boot image
format specifies a "Core Options Field" that provides the capability to
set the boot core in lockstep when set to 0 or to split mode when set
to 2. Add support for providing the same from the binman DTS. Also
modify existing test case for ensuring future coverage.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
binman: ti-secure: Add support for TI signing 2023-07-21T23:36:58+00:00 Neha Malcom Francis n-francis@ti.com 2023-07-21T18:44:25+00:00 78144826bb8209df0a703a4a0dd88f7b57ad12cb The ti-secure entry contains certificate for binaries that will be loaded or booted by system firmware whereas the ti-secure-rom entry contains certificate for binaries that will be booted by ROM. Support for both these types of certificates is necessary for booting of K3 devices. Reviewed-by: Simon Glass <sjg@chromium.org> [vigneshr@ti.com: fixed inconsist cert generation by multiple packing] Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Neha Malcom Francis <n-francis@ti.com> 
The ti-secure entry contains certificate for binaries that will be
loaded or booted by system firmware whereas the ti-secure-rom entry
contains certificate for binaries that will be booted by ROM. Support
for both these types of certificates is necessary for booting of K3
devices.

Reviewed-by: Simon Glass <sjg@chromium.org>
[vigneshr@ti.com: fixed inconsist cert generation by multiple packing]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
binman: Support generation of x509 certificates 2023-03-08T21:15:15+00:00 Simon Glass sjg@chromium.org 2023-03-03T00:02:45+00:00 953d4177afa0bee0ba0db4b81036d3197595b997 And a new entry type which supports generation of x509 certificates. This uses a new 'openssl' btool with just one operation so far. Signed-off-by: Simon Glass <sjg@chromium.org> 
And a new entry type which supports generation of x509 certificates.
This uses a new 'openssl' btool with just one operation so far.

Signed-off-by: Simon Glass <sjg@chromium.org>