Hi again,
On Sat, 22 Jul 2023 at 21:48, Simon Glass <s...@chromium.org> wrote:
>
> Hi Michal,
>
> On Fri, 21 Jul 2023 at 08:41, Michal Simek <michal.si...@amd.com> wrote:
> >
> >
> >
> > On 7/18/23 13:53, lukas.funke-...@weidmueller.com wrote:
> > > From: Lukas Funke <lukas.fu...@weidmueller.com>
> > >
> > >
> > > This series adds two etypes to create a verified boot chain for
> > > Xilinx ZynqMP devices. The first etype 'xilinx-fsbl-auth' is used to
> > > create a bootable, signed image for ZynqMP boards using the Xilinx
> > > Bootgen tool. The second etype 'u-boot-spl-pubkey-dtb' is used to add
> > > a '/signature' node to the SPL. The public key in the signature is read
> > > from a certificate file and added using the 'fdt_add_pubkey' tool. The
> > > series also contains the corresponding btool for calling 'bootgen' and
> > > 'fdt_add_pubkey'.
> > >
> > > The following block shows an example on how to use this functionality:
> > >
> > > spl {
> > > filename = "boot.signed.bin";
> > >
> > > xilinx-fsbl-auth {
> > > psk-key-name-hint = "psk0";
> > > ssk-key-name-hint = "ssk0";
> > > auth-params = "ppk_select=0", "spk_id=0x00000000";
> > >
> > > u-boot-spl-nodtb {
> > > };
> > > u-boot-spl-pubkey-dtb {
> > > algo = "sha384,rsa4096";
> > > required = "conf";
> > > key-name-hint = "dev";
> > > };
> > > };
> > > };
> > >
> >
> > I was looking at binman couple of times in past but never had time to do any
> > development with it. Maybe it is good opportunity to look at it now with
> > this
> > series.
> > Is there a way to see more verbose output?
> >
>
> https://u-boot.readthedocs.io/en/latest/develop/package/binman.html#logging
>
> > I expect that keys should be generated as is described here.
> >
> > https://docs.xilinx.com/r/en-US/ug1283-bootgen-user-guide/Key-Generation?tocId=yf_PWbWVciRyrDMi2g1H1w
> >
> > Anyway I tried to use u-boot-spl-nodtb like this.
> >
> > &binman {
> > spl {
> > filename = "boot.signed.bin";
> >
> > xilinx-fsbl-auth {
> > psk-key-name-hint = "/tmp/ddd/psk0";
> > ssk-key-name-hint = "/tmp/ddd/ssk0";
> > auth-params = "ppk_select=0", "spk_id=0x00000000";
> > pmufw-filename =
> > "/mnt/disk/u-boot-bins/zynqmp/zynqmp-zcu102-revA/pmufw.elf";
> >
> > u-boot-spl-nodtb {
> > };
> > };
> > };
> > };
> >
> > but getting error
> > BINMAN .binman_stamp
> > Using input directories ['.', '.', './board/xilinx/zynqmp', 'arch/arm/dts']
> > Using output directory '.'
> > Processing entry args:
> > of-list = avnet-ultra96-rev1 zynqmp-a2197-revA
> > zynqmp-e-a2197-00-revA zynqmp-g-a2197-00-revA zynqmp-m-a2197-01-revA
> > zynqmp-m-a2197-02-revA zynqmp-m-a2197-03-revA zynqmp-p-a2197-00-revA
> > zynqmp-zc1232-revA zynqmp-zc1254-revA zynqmp-zc1751-xm015-dc1
> > zynqmp-zc1751-xm016-dc2 zynqmp-zc1751-xm017-dc3 zynqmp-zc1751-xm018-dc4
> > zynqmp-zc1751-xm019-dc5 zynqmp-zcu100-revC zynqmp-zcu102-rev1.1
> > zynqmp-zcu102-rev1.0 zynqmp-zcu102-revA zynqmp-zcu102-revB
> > zynqmp-zcu104-revA
> > zynqmp-zcu104-revC zynqmp-zcu106-revA zynqmp-zcu106-rev1.0
> > zynqmp-zcu111-revA
> > zynqmp-zcu1275-revA zynqmp-zcu1275-revB zynqmp-zcu1285-revA
> > zynqmp-zcu208-revA
> > zynqmp-zcu216-revA zynqmp-topic-miamimp-xilinx-xdp-v1r1 zynqmp-sm-k26-revA
> > zynqmp-smk-k26-revA zynqmp-dlc21-revA
> > atf-bl31-path = /tftpboot/bl31.bin
> > tee-os-path = /tftpboot/tee.bin
> > opensbi-path =
> > default-dt = zynqmp-zcu100-revC
> > scp-path =
> > rockchip-tpl-path =
> > spl-bss-pad =
> > tpl-bss-pad = 1
> > spl-dtb = y
> > tpl-dtb =
> > pre-load-key-path =
> > Processing entry args done
> > Node '/binman/spl/xilinx-fsbl-auth/u-boot-spl-nodtb': Packing: offset=None,
> > size=None, content_size=240d8
> > Node '/binman/spl/xilinx-fsbl-auth/u-boot-spl-nodtb': - packed:
> > offset=0x0,
> > size=0x240d8, content_size=0x240d8, next_offset=240d8
> > Node '/binman/spl/xilinx-fsbl-auth/u-boot-spl-nodtb': GetData: size 0x240d8
> > Node '/binman/spl/xilinx-fsbl-auth': GetPaddedDataForEntry: size None
> > Node '/binman/spl/xilinx-fsbl-auth': GetData: 1 entries, total size 0x240d8
> > bintool: bootgen -arch zynqmp -image ./bootgen-in.sign.bif -w -o
> > ./boot.spl.xilinx-fsbl-auth.bin
> >
> >
> > ****** Xilinx Bootgen v2022.2.0
> > **** Build date : Oct 13 2022-12:22:43
> > ** Copyright 1986-2022 Xilinx, Inc. All Rights Reserved.
> >
> > [WARNING]: Authentication padding scheme will be as per silicon 2.0(ES2) and
> > above. The image generated will NOT work for 1.0(ES1).
> > Use '-zynqmpes1' to generate image for 1.0(ES1)
> >
> > [INFO] : Bootimage generated successfully
>
> BTW tools are not allowed to generate output normally, so this will
> need to be suppressed somehow by the binman btool.
Actually this happens automatically. I think the above was due to
verbose being on.
I applied what patches I could from this series, so please rebase to
master (or dm/master if before the PR is applied), and resend.
Regards,
Simon
