diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2015-02-09 18:15:17 -0800 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2015-04-22 08:59:18 +0200 |
| commit | e1741c512c66c468f3c3399aff451ae428cd6824 (patch) | |
| tree | 07e1d8aff86068e2f2f86b753713bec4ad8b2549 /src | |
| parent | cb6bb3bc47bf55e47bdc60c53c5f40617c6a8d9b (diff) | |
broadcom/cygnus: add secimage and sign bootblock
secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.
BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board
Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/soc/broadcom/cygnus/Makefile.inc | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/soc/broadcom/cygnus/Makefile.inc b/src/soc/broadcom/cygnus/Makefile.inc index a1459c0790..dce4e3d0b1 100644 --- a/src/soc/broadcom/cygnus/Makefile.inc +++ b/src/soc/broadcom/cygnus/Makefile.inc @@ -57,6 +57,45 @@ ramstage-$(CONFIG_DRIVERS_UART) += ns16550.c CPPFLAGS_common += -Isrc/soc/broadcom/cygnus/include/ -$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.elf +$(objcbfs)/bootblock.tmp: $(objcbfs)/bootblock.elf @printf " OBJCOPY $(subst $(obj)/,,$(@))\n" $(OBJCOPY_bootblock) -O binary $< $@ + +ifneq ($(V),1) +redirect := > /dev/null +endif + +# Options used in the command line: +# -out: path of the output file +# -config: path to the file containing unauth header +# -hmac: path to the file containing hmac for sha256 +# -bl: boot image file, ie. input file +# +# Authenticated header parameters: +# +# SBIConfiguration /* Indicates SBI config */ +# SYMMETRIC 0x0040 +# +# CustomerID; /* Customer ID */ +# TYPE bits [31-28] +# PRODUCTION 0x6 +# DEVELOPMENT 0x9 +# CUSTOMER_ID bits [27-0] +# +# ProductID; /* Product ID */ +# +# CustomerRevisionID; /* Customer Revision ID */ +# +# SBIUsage /* Boot Image Usage */ +# NONE 0 /* All purposes */ +# SLEEP 1 +# DEEP_SLEEP 2 +# EXCEPTION 4 +$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.tmp \ + $(objutil)/broadcom/secimage/secimage \ + util/broadcom/unauth.cfg \ + util/broadcom/khmacsha256 + @printf " SIGN $(subst $(obj)/,,$(@))\n" + $(objutil)/broadcom/secimage/secimage -out $@ \ + -config util/broadcom/unauth.cfg \ + -hmac util/broadcom/khmacsha256 -bl $< |