182f29fd5SLokesh Vutla# SPDX-License-Identifier: GPL-2.0+ 282f29fd5SLokesh Vutla# 382f29fd5SLokesh Vutla# Copyright (C) 2017-2018 Texas Instruments Incorporated - http://www.ti.com/ 482f29fd5SLokesh Vutla# Lokesh Vutla <lokeshvutla@ti.com> 582f29fd5SLokesh Vutla 682f29fd5SLokesh Vutlaifdef CONFIG_SPL_BUILD 782f29fd5SLokesh Vutla 8890b2e75SLokesh Vutla# Openssl is required to generate x509 certificate. 9890b2e75SLokesh Vutla# Error out if openssl is not available. 10890b2e75SLokesh Vutlaifeq ($(shell which openssl),) 11890b2e75SLokesh Vutla$(error "No openssl in $(PATH), consider installing openssl") 12890b2e75SLokesh Vutlaendif 13890b2e75SLokesh Vutla 14890b2e75SLokesh VutlaSHA_VALUE= $(shell openssl dgst -sha512 -hex $(obj)/u-boot-spl.bin | sed -e "s/^.*= //g") 15890b2e75SLokesh VutlaIMAGE_SIZE= $(shell cat $(obj)/u-boot-spl.bin | wc -c) 16890b2e75SLokesh VutlaLOADADDR= $(shell echo $(CONFIG_SPL_TEXT_BASE) | sed -e "s/^0x//g") 17890b2e75SLokesh VutlaMAX_SIZE= $(shell printf "%d" $(CONFIG_SYS_K3_MAX_DOWNLODABLE_IMAGE_SIZE)) 18890b2e75SLokesh Vutla 19890b2e75SLokesh Vutla# Parameters to get populated into the x509 template 20890b2e75SLokesh VutlaSED_OPTS= -e s/TEST_IMAGE_LENGTH/$(IMAGE_SIZE)/ 21890b2e75SLokesh VutlaSED_OPTS+= -e s/TEST_IMAGE_SHA_VAL/$(SHA_VALUE)/ 22890b2e75SLokesh VutlaSED_OPTS+= -e s/TEST_CERT_TYPE/1/ # CERT_TYPE_PRIMARY_IMAGE_BIN 23890b2e75SLokesh VutlaSED_OPTS+= -e s/TEST_BOOT_CORE/$(CONFIG_SYS_K3_BOOT_CORE_ID)/ 24890b2e75SLokesh VutlaSED_OPTS+= -e s/TEST_BOOT_ARCH_WIDTH/32/ 25890b2e75SLokesh VutlaSED_OPTS+= -e s/TEST_BOOT_ADDR/$(LOADADDR)/ 26890b2e75SLokesh Vutla 27890b2e75SLokesh Vutla# Command to generate ecparam key 28890b2e75SLokesh Vutlaquiet_cmd_genkey = OPENSSL $@ 29890b2e75SLokesh Vutlacmd_genkey = openssl ecparam -out $@ -name prime256v1 -genkey 30890b2e75SLokesh Vutla 31890b2e75SLokesh Vutla# Command to generate x509 certificate 32890b2e75SLokesh Vutlaquiet_cmd_gencert = OPENSSL $@ 33890b2e75SLokesh Vutlacmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boot-spl-x509.txt; \ 34890b2e75SLokesh Vutla openssl req -new -x509 -key $(KEY) -nodes -outform DER -out $@ -config u-boot-spl-x509.txt -sha512 35890b2e75SLokesh Vutla 36890b2e75SLokesh Vutla# If external key is not provided, generate key using openssl. 37890b2e75SLokesh Vutlaifeq ($(CONFIG_SYS_K3_KEY), "") 38890b2e75SLokesh VutlaKEY=u-boot-spl-eckey.pem 39890b2e75SLokesh Vutlaelse 40*adc702e2SLokesh VutlaKEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) 41890b2e75SLokesh Vutlaendif 42890b2e75SLokesh Vutla 43890b2e75SLokesh Vutlau-boot-spl-eckey.pem: FORCE 44890b2e75SLokesh Vutla $(call if_changed,genkey) 45890b2e75SLokesh Vutla 46890b2e75SLokesh Vutla# tiboot3.bin is mandated by ROM and ROM only supports R5 boot. 47890b2e75SLokesh Vutla# So restrict tiboot3.bin creation for CPU_V7R. 48890b2e75SLokesh Vutlaifdef CONFIG_CPU_V7R 49890b2e75SLokesh Vutlau-boot-spl-cert.bin: $(KEY) $(obj)/u-boot-spl.bin image_check FORCE 50890b2e75SLokesh Vutla $(call if_changed,gencert) 51890b2e75SLokesh Vutla 52890b2e75SLokesh Vutlaimage_check: $(obj)/u-boot-spl.bin FORCE 53890b2e75SLokesh Vutla @if [ $(IMAGE_SIZE) -gt $(MAX_SIZE) ]; then \ 54890b2e75SLokesh Vutla echo "===============================================" >&2; \ 55890b2e75SLokesh Vutla echo "ERROR: Final Image too big. " >&2; \ 56890b2e75SLokesh Vutla echo "$< size = $(IMAGE_SIZE), max size = $(MAX_SIZE)" >&2; \ 57890b2e75SLokesh Vutla echo "===============================================" >&2; \ 58890b2e75SLokesh Vutla exit 1; \ 59890b2e75SLokesh Vutla fi 60890b2e75SLokesh Vutla 61890b2e75SLokesh Vutlatiboot3.bin: u-boot-spl-cert.bin $(obj)/u-boot-spl.bin FORCE 62890b2e75SLokesh Vutla $(call if_changed,cat) 63890b2e75SLokesh Vutla 64890b2e75SLokesh VutlaALL-y += tiboot3.bin 65890b2e75SLokesh Vutlaendif 66890b2e75SLokesh Vutla 6782f29fd5SLokesh Vutlaifdef CONFIG_ARM64 6882f29fd5SLokesh VutlaSPL_ITS := u-boot-spl-k3.its 6982f29fd5SLokesh Vutla$(SPL_ITS): FORCE 7082f29fd5SLokesh Vutla $(srctree)/tools/k3_fit_atf.sh \ 7182f29fd5SLokesh Vutla $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ 7282f29fd5SLokesh Vutla 7382f29fd5SLokesh VutlaALL-y += tispl.bin 7482f29fd5SLokesh Vutlaendif 7582f29fd5SLokesh Vutla 7682f29fd5SLokesh Vutlaelse 7782f29fd5SLokesh VutlaALL-y += u-boot.img 7882f29fd5SLokesh Vutlaendif 79