diff options
| author | Bryan Brattlof <[email protected]> | 2025-06-02 16:56:52 -0500 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2025-06-25 13:43:34 -0600 |
| commit | e18472f1dee609b2ee8a492985bf77a5012e4d01 (patch) | |
| tree | 20a1251986df325c133f50999416971ba17f4758 /tools/binman/etype | |
| parent | f35f053755f98e077389517f80ad7da81b031787 (diff) | |
binman: openssl: disable JTAG access by default
Typically boards operating in production environments will not be
monitored and so will not need JTAG access unlocked. Disable the debug
extension by default (set debugType = 0) unless we add the 'debug'
property in the binman configs.
Acked-by: Andrew Davis <[email protected]>
Signed-off-by: Bryan Brattlof <[email protected]>
Diffstat (limited to 'tools/binman/etype')
| -rw-r--r-- | tools/binman/etype/ti_secure.py | 1 | ||||
| -rw-r--r-- | tools/binman/etype/ti_secure_rom.py | 1 | ||||
| -rw-r--r-- | tools/binman/etype/x509_cert.py | 7 |
3 files changed, 7 insertions, 2 deletions
diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py index 420ee263e4f..f6caa0286d9 100644 --- a/tools/binman/etype/ti_secure.py +++ b/tools/binman/etype/ti_secure.py @@ -124,6 +124,7 @@ class Entry_ti_secure(Entry_x509_cert): 'OU': 'Processors', 'CN': 'TI Support', 'emailAddress': '[email protected]'} + self.debug = fdt_util.GetBool(self._node, 'debug', False) def ReadFirewallNode(self): self.firewall_cert_data['certificate'] = "" diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py index f6fc3f90f84..7e90c655940 100644 --- a/tools/binman/etype/ti_secure_rom.py +++ b/tools/binman/etype/ti_secure_rom.py @@ -87,6 +87,7 @@ class Entry_ti_secure_rom(Entry_x509_cert): 'OU': 'Processors', 'CN': 'TI Support', 'emailAddress': '[email protected]'} + self.debug = fdt_util.GetBool(self._node, 'debug', False) def NonCombinedGetCertificate(self, required): """Generate certificate for legacy boot flow diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py index 25e6808b7f9..b6e8b0b4fb0 100644 --- a/tools/binman/etype/x509_cert.py +++ b/tools/binman/etype/x509_cert.py @@ -52,6 +52,7 @@ class Entry_x509_cert(Entry_collection): self.sysfw_inner_cert_ext_boot_block = None self.dm_data_ext_boot_block = None self.firewall_cert_data = None + self.debug = False def ReadNode(self): super().ReadNode() @@ -114,7 +115,8 @@ class Entry_x509_cert(Entry_collection): bootcore=self.bootcore, bootcore_opts=self.bootcore_opts, load_addr=self.load_addr, - sha=self.sha + sha=self.sha, + debug=self.debug ) elif type == 'rom-combined': stdout = self.openssl.x509_cert_rom_combined( @@ -140,7 +142,8 @@ class Entry_x509_cert(Entry_collection): hashval_sysfw_data=self.hashval_sysfw_data, sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block, dm_data_ext_boot_block=self.dm_data_ext_boot_block, - bootcore_opts=self.bootcore_opts + bootcore_opts=self.bootcore_opts, + debug=self.debug ) if stdout is not None: data = tools.read_file(output_fname) |
