[Buildroot] [PATCH v8 07/10] board/ti/am62x_sk|am64x_sk: switch to HS-FS device variants

Andreas Dannenberg dannenberg at ti.com
Wed Jun 21 15:32:05 UTC 2023 

Hi Julien,

On Mon, Jun 19, 2023 at 07:39:58PM +0200, Julien Olivain wrote:
> Hi Andreas,
> 
> Thanks for the update!
> 
> I successfully booted this am64x_sk_defconfig on SK-AM64B board, with
> this patch series on top of branch master at commit b91524f.

Thanks for spending the time doing this. Added your Tested-by: tag to my
PATCH v9 currently work-in-progress. Will re-post soon with a few
additional improvements discussed here in this series. Especially the
integration of the secure signing/key package will make things really
"Buildroot-easy".

--
Andreas Dannenberg
Texas Instruments Inc


> 
> 
> On 16/06/2023 02:23, Andreas Dannenberg via buildroot wrote:
> > Current starter kits for AM62x (called SK-AM62B, see [1]) and AM64x
> > (called SK-AM64B, see [2]) both contain High Security - Field Securable
> > (HS-FS) device variants, and those are really the recommended production
> > device variants and boards TI will provide moving forward. Hence, switch
> > the defconfigs for those boards over to accommodate those now-shipping
> > device variants and boards.
> > 
> > [1] https://www.ti.com/tool/SK-AM62B
> > [2] https://www.ti.com/tool/SK-AM64B
> > 
> 
> Tested-by: Julien Olivain <ju.o at free.fr>
> 
> > Signed-off-by: Andreas Dannenberg <dannenberg at ti.com>
> > ---
> >  board/ti/am62x_sk/readme.txt | 16 ++++++++++++++++
> >  board/ti/am64x_sk/readme.txt | 16 ++++++++++++++++
> >  configs/am62x_sk_defconfig   |  2 +-
> >  configs/am64x_sk_defconfig   |  4 ++--
> >  4 files changed, 35 insertions(+), 3 deletions(-)
> > 
> > diff --git a/board/ti/am62x_sk/readme.txt b/board/ti/am62x_sk/readme.txt
> > index ccbb24896b..9c7c8818af 100644
> > --- a/board/ti/am62x_sk/readme.txt
> > +++ b/board/ti/am62x_sk/readme.txt
> > @@ -12,6 +12,22 @@ $ make am62x_sk_defconfig
> >  Optional: modify the configuration:
> >  $ make menuconfig
> > 
> > +Required setup step for High Security HS-FS and HS-SE SoC variants:
> > +
> > +To allow the image signing process for various firmware artifacts to
> > +work the build process for HS-FS and HS-SE device variants is using
> > +an external 'core-secdev-k3' package which can be obtained from
> > +https://git.ti.com/cgit/security-development-tools/core-secdev-k3.
> > +To prepare building for those device variants create a local copy of
> > +the 'core-secdev-k3' and export its location through the
> > +TI_SECURE_DEV_PKG environmental variable. Use the package as-is for
> > +HS-FS device variants such as populated on the SK-AM64B board, or
> > +customize this package with your private signing keys when using a
> > +HS-SE device variant.
> > +
> > +$ git clone
> > https://git.ti.com/git/security-development-tools/core-secdev-k3.git
> > +$ export TI_SECURE_DEV_PKG=$PWD/core-secdev-k3
> > +
> >  Build:
> >  $ make
> > 
> > diff --git a/board/ti/am64x_sk/readme.txt b/board/ti/am64x_sk/readme.txt
> > index fe83c675f5..51d0312726 100644
> > --- a/board/ti/am64x_sk/readme.txt
> > +++ b/board/ti/am64x_sk/readme.txt
> > @@ -12,6 +12,22 @@ $ make am64x_sk_defconfig
> >  Optional: modify the configuration:
> >  $ make menuconfig
> > 
> > +Required setup step for High Security HS-FS and HS-SE SoC variants:
> > +
> > +To allow the image signing process for various firmware artifacts to
> > +work the build process for HS-FS and HS-SE device variants is using
> > +an external 'core-secdev-k3' package which can be obtained from
> > +https://git.ti.com/cgit/security-development-tools/core-secdev-k3.
> > +To prepare building for those device variants create a local copy of
> > +the 'core-secdev-k3' and export its location through the
> > +TI_SECURE_DEV_PKG environmental variable. Use the package as-is for
> > +HS-FS device variants such as populated on the SK-AM64B board, or
> > +customize this package with your private signing keys when using a
> > +HS-SE device variant.
> > +
> > +$ git clone
> > https://git.ti.com/git/security-development-tools/core-secdev-k3.git
> > +$ export TI_SECURE_DEV_PKG=$PWD/core-secdev-k3
> > +
> >  Build:
> >  $ make
> > 
> > diff --git a/configs/am62x_sk_defconfig b/configs/am62x_sk_defconfig
> > index 2d05ddd96b..033101b735 100644
> > --- a/configs/am62x_sk_defconfig
> > +++ b/configs/am62x_sk_defconfig
> > @@ -28,7 +28,7 @@ BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY=y
> >  BR2_TARGET_OPTEE_OS_PLATFORM="k3"
> >  BR2_TARGET_TI_K3_IMAGE_GEN=y
> >  BR2_TARGET_TI_K3_IMAGE_GEN_SOC="am62x"
> > -BR2_TARGET_TI_K3_IMAGE_GEN_SOC_TYPE="gp"
> > +BR2_TARGET_TI_K3_IMAGE_GEN_SOC_TYPE="hs-fs"
> >  BR2_TARGET_TI_K3_IMAGE_GEN_CONFIG="evm"
> >  BR2_TARGET_TI_K3_R5_LOADER=y
> >  BR2_TARGET_TI_K3_R5_LOADER_CUSTOM_TARBALL=y
> > diff --git a/configs/am64x_sk_defconfig b/configs/am64x_sk_defconfig
> > index a26e38a043..096dd77f6a 100644
> > --- a/configs/am64x_sk_defconfig
> > +++ b/configs/am64x_sk_defconfig
> > @@ -28,8 +28,8 @@ BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY=y
> >  BR2_TARGET_OPTEE_OS_PLATFORM="k3"
> >  BR2_TARGET_TI_K3_IMAGE_GEN=y
> >  BR2_TARGET_TI_K3_IMAGE_GEN_FW_TYPE_TISCI=y
> > -BR2_TARGET_TI_K3_IMAGE_GEN_SOC="am64x"
> > -BR2_TARGET_TI_K3_IMAGE_GEN_SOC_TYPE="gp"
> > +BR2_TARGET_TI_K3_IMAGE_GEN_SOC="am64x_sr2"
> > +BR2_TARGET_TI_K3_IMAGE_GEN_SOC_TYPE="hs-fs"
> >  BR2_TARGET_TI_K3_IMAGE_GEN_CONFIG="evm"
> >  BR2_TARGET_TI_K3_R5_LOADER=y
> >  BR2_TARGET_TI_K3_R5_LOADER_CUSTOM_TARBALL=y
> 
> Please note that this patch series introduce 18 check-package warnings.
> I understand from the current review comments that a v9 series will
> be needed. Please run a "utils/docker-run make check-package" and
> include the appropriate changes.
> 
> See:
> https://nightly.buildroot.org/manual.html#_preparing_a_patch_series
> 
> Best regards,
> 
> Julien.

More information about the buildroot mailing list