On 5/8/2025 5:29 PM, Anshul Dalal wrote:
On Wed May 7, 2025 at 8:53 PM IST, Andrew Davis wrote:
On 5/7/25 9:56 AM, Beleswar Prasad Padhi wrote:
On 5/7/2025 3:09 PM, Anshul Dalal wrote:
On Tue May 6, 2025 at 4:11 PM IST, Beleswar Padhi wrote:
Pack the HSM firmware in tispl.bin fit image so that it can be unloaded
and used by R5 SPL to boot the HSM core. By default, point to the
firmware for HS-SE device type. This needs to be changed to point to
appropriate firmware when using a different device type.
Signed-off-by: Beleswar Padhi <b-pa...@ti.com>
---
v2: Changelog:
None to this patch.
Link to v1:
https://lore.kernel.org/all/20250422095430.363792-4-b-pa...@ti.com/
arch/arm/dts/k3-j721s2-binman.dtsi | 12 ++++++++++++
arch/arm/dts/k3-j784s4-binman.dtsi | 14 ++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/arch/arm/dts/k3-j721s2-binman.dtsi
b/arch/arm/dts/k3-j721s2-binman.dtsi
index 73af184d27e..9c8b29f53bb 100644
--- a/arch/arm/dts/k3-j721s2-binman.dtsi
+++ b/arch/arm/dts/k3-j721s2-binman.dtsi
@@ -273,6 +273,14 @@
};
};
+#ifdef CONFIG_K3_HSM_FW
+ hsm {
+ hsm: blob-ext {
+ filename = "ti-hsm/hsm-demo-firmware-j721s2-hs.bin";
+ };
+ };
+#endif
+
Why do we have the hsm binaries pre-signed? Having a common binary like
the DM with signing using ti-secure might be a better option.
Andrew can correct me if I am wrong,
HSM is meant to run secure software stack and services like Authentication etc.
It is a +1 to TIFS. To establish ROT, we need the HSM binary to be encrypted,
and authenticated by TIFS first before it can do stuff by itself. DM is not a
secure entity, so signing the image doesn't make sense for me.
I think Anshul is not suggesting that the HSM binary be
unencrypted/unauthenticated.
Rather that the encrypting/signing be done here in binman like we do with
TF-A/OP-TEE.
(which both are part trusted images to be loaded by TIFS).
To that suggestion I agree, the customer will be doing the signing of this
binary, right?
If so then since all other customer signing is done as part of binman, it makes
sense
to also sign HSM firmware here too.
Andrew
Yeah, that is what I was going for. With that change it could be
possible to also have a single binary for all platforms (gp, hs, hs-fs)
in ti-linux-firmware?
Also, why are we not adding an unsigned variant of the hsm binary in
tispl.bin_unsigned?
What's the use case for that? I think we established that HSM won't be
used unsigned. So it will just bloat the FIT and never be used.
