Andrew Davis <a...@ti.com> writes:
> On 4/8/24 5:17 PM, Jonathan Humphreys wrote:
>> Signed-off-by: Jonathan Humphreys <j-humphr...@ti.com>
>> ---
>> arch/arm/dts/k3-j721e-binman.dtsi | 32 +++++++++++++++++++++++++++++++
>> 1 file changed, 32 insertions(+)
>>
>> diff --git a/arch/arm/dts/k3-j721e-binman.dtsi
>> b/arch/arm/dts/k3-j721e-binman.dtsi
>> index 75a6e9599b9..9169551c422 100644
>> --- a/arch/arm/dts/k3-j721e-binman.dtsi
>> +++ b/arch/arm/dts/k3-j721e-binman.dtsi
>> @@ -207,6 +207,29 @@
>> };
>> };
>> };
>> +
>> +#include "k3-binman-capsule-r5.dtsi"
>> +
>> +// Capsue update GUIDs. See ti_armv7_common.h.
>> +#define K3_SYSFW_IMAGE_UUID_STR "6fd10680-361b-431f-80aa-899455819e11"
>> +
>> +&binman {
>> + capsule-sysfw {
>> + filename = "sysfw-capsule.bin";
>> + efi-capsule {
>> + image-index = <0x4>;
>> + image-guid = K3_SYSFW_IMAGE_UUID_STR;
>> + private-key = "arch/arm/mach-k3/keys/custMpk.pem";
>> + public-key-cert = "arch/arm/mach-k3/keys/custMpk.crt";
>> + monotonic-count = <0x1>;
>> +
>> + blob {
>> + filename = "sysfw.itb";
>> + };
>> + };
>> + };
>> +};
>> +
>> #endif
>>
>> #ifdef CONFIG_TARGET_J721E_A72_EVM
>> @@ -585,4 +608,13 @@
>> };
>> };
>> };
>> +
>> +#include "k3-binman-capsule.dtsi"
>> +&tispl_name {
>> + filename = "tispl.bin_unsigned";
>
> Why use the _unsigned images here? HS devices cannot boot unsigned GP images,
> but both GP and HS devices *can* boot the normal signed images (GP just strips
> the signatures off). So no need to use the _unsigned images anymore (I'm
> planning to just remove them at some point to prevent this confusion).
>
I can do that.
Note that you will then see warnings on GP devices during boot:
Warning: Detected image signing certificate on GP device. Skipping
certificate to prevent boot failure. This will fail if the image was also
encrypted
Jon
> Andrew
>
>> +};
>> +&uboot_name {
>> + filename = "u-boot.img_unsigned";
>> +};
>> +
>> #endif
