summaryrefslogtreecommitdiff
path: root/tools/binman/etype
diff options
context:
space:
mode:
authorBryan Brattlof <[email protected]>2025-06-02 16:56:52 -0500
committerTom Rini <[email protected]>2025-06-25 13:43:34 -0600
commite18472f1dee609b2ee8a492985bf77a5012e4d01 (patch)
tree20a1251986df325c133f50999416971ba17f4758 /tools/binman/etype
parentf35f053755f98e077389517f80ad7da81b031787 (diff)
binman: openssl: disable JTAG access by default
Typically boards operating in production environments will not be monitored and so will not need JTAG access unlocked. Disable the debug extension by default (set debugType = 0) unless we add the 'debug' property in the binman configs. Acked-by: Andrew Davis <[email protected]> Signed-off-by: Bryan Brattlof <[email protected]>
Diffstat (limited to 'tools/binman/etype')
-rw-r--r--tools/binman/etype/ti_secure.py1
-rw-r--r--tools/binman/etype/ti_secure_rom.py1
-rw-r--r--tools/binman/etype/x509_cert.py7
3 files changed, 7 insertions, 2 deletions
diff --git a/tools/binman/etype/ti_secure.py b/tools/binman/etype/ti_secure.py
index 420ee263e4f..f6caa0286d9 100644
--- a/tools/binman/etype/ti_secure.py
+++ b/tools/binman/etype/ti_secure.py
@@ -124,6 +124,7 @@ class Entry_ti_secure(Entry_x509_cert):
'OU': 'Processors',
'CN': 'TI Support',
'emailAddress': '[email protected]'}
+ self.debug = fdt_util.GetBool(self._node, 'debug', False)
def ReadFirewallNode(self):
self.firewall_cert_data['certificate'] = ""
diff --git a/tools/binman/etype/ti_secure_rom.py b/tools/binman/etype/ti_secure_rom.py
index f6fc3f90f84..7e90c655940 100644
--- a/tools/binman/etype/ti_secure_rom.py
+++ b/tools/binman/etype/ti_secure_rom.py
@@ -87,6 +87,7 @@ class Entry_ti_secure_rom(Entry_x509_cert):
'OU': 'Processors',
'CN': 'TI Support',
'emailAddress': '[email protected]'}
+ self.debug = fdt_util.GetBool(self._node, 'debug', False)
def NonCombinedGetCertificate(self, required):
"""Generate certificate for legacy boot flow
diff --git a/tools/binman/etype/x509_cert.py b/tools/binman/etype/x509_cert.py
index 25e6808b7f9..b6e8b0b4fb0 100644
--- a/tools/binman/etype/x509_cert.py
+++ b/tools/binman/etype/x509_cert.py
@@ -52,6 +52,7 @@ class Entry_x509_cert(Entry_collection):
self.sysfw_inner_cert_ext_boot_block = None
self.dm_data_ext_boot_block = None
self.firewall_cert_data = None
+ self.debug = False
def ReadNode(self):
super().ReadNode()
@@ -114,7 +115,8 @@ class Entry_x509_cert(Entry_collection):
bootcore=self.bootcore,
bootcore_opts=self.bootcore_opts,
load_addr=self.load_addr,
- sha=self.sha
+ sha=self.sha,
+ debug=self.debug
)
elif type == 'rom-combined':
stdout = self.openssl.x509_cert_rom_combined(
@@ -140,7 +142,8 @@ class Entry_x509_cert(Entry_collection):
hashval_sysfw_data=self.hashval_sysfw_data,
sysfw_inner_cert_ext_boot_block=self.sysfw_inner_cert_ext_boot_block,
dm_data_ext_boot_block=self.dm_data_ext_boot_block,
- bootcore_opts=self.bootcore_opts
+ bootcore_opts=self.bootcore_opts,
+ debug=self.debug
)
if stdout is not None:
data = tools.read_file(output_fname)