1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 2022-2023 Texas Instruments Incorporated - https://www.ti.com/
4 */
5
6#include "k3-security.h"
7
8/ {
9	binman: binman {
10		multiple-images;
11	};
12};
13
14&binman {
15	custMpk {
16		filename = "custMpk.pem";
17		custmpk_pem: blob-ext {
18			filename = "arch/arm/mach-k3/keys/custMpk.pem";
19		};
20	};
21
22	ti-degenerate-key {
23		filename = "ti-degenerate-key.pem";
24		dkey_pem: blob-ext {
25			filename = "arch/arm/mach-k3/keys/ti-degenerate-key.pem";
26		};
27	};
28};
29
30#ifndef CONFIG_ARM64
31
32&binman {
33	board-cfg {
34		filename = "board-cfg.bin";
35		bcfg_yaml: ti-board-config {
36			config = "board-cfg.yaml";
37			schema = "arch/arm/mach-k3/schema.yaml";
38		};
39	};
40	pm-cfg {
41		filename = "pm-cfg.bin";
42		pcfg_yaml: ti-board-config {
43			config = "pm-cfg.yaml";
44			schema = "arch/arm/mach-k3/schema.yaml";
45		};
46	};
47	rm-cfg {
48		filename = "rm-cfg.bin";
49		rcfg_yaml: ti-board-config {
50			config = "rm-cfg.yaml";
51			schema = "arch/arm/mach-k3/schema.yaml";
52		};
53	};
54	sec-cfg {
55		filename = "sec-cfg.bin";
56		scfg_yaml: ti-board-config {
57			config = "sec-cfg.yaml";
58			schema = "arch/arm/mach-k3/schema.yaml";
59		};
60	};
61	combined-tifs-cfg {
62		filename = "combined-tifs-cfg.bin";
63		ti-board-config {
64			bcfg_yaml_tifs: board-cfg {
65				config = "board-cfg.yaml";
66				schema = "arch/arm/mach-k3/schema.yaml";
67			};
68			scfg_yaml_tifs: sec-cfg {
69				config = "sec-cfg.yaml";
70				schema = "arch/arm/mach-k3/schema.yaml";
71			};
72			pcfg_yaml_tifs: pm-cfg {
73				config = "pm-cfg.yaml";
74				schema = "arch/arm/mach-k3/schema.yaml";
75			};
76			rcfg_yaml_tifs: rm-cfg {
77				config = "rm-cfg.yaml";
78				schema = "arch/arm/mach-k3/schema.yaml";
79			};
80		};
81	};
82	combined-dm-cfg {
83		filename = "combined-dm-cfg.bin";
84		ti-board-config {
85			pcfg_yaml_dm: pm-cfg {
86				config = "pm-cfg.yaml";
87				schema = "arch/arm/mach-k3/schema.yaml";
88			};
89			rcfg_yaml_dm: rm-cfg {
90				config = "rm-cfg.yaml";
91				schema = "arch/arm/mach-k3/schema.yaml";
92			};
93		};
94	};
95	combined-sysfw-cfg {
96		filename = "combined-sysfw-cfg.bin";
97		ti-board-config {
98			bcfg_yaml_sysfw: board-cfg {
99				config = "board-cfg.yaml";
100				schema = "arch/arm/mach-k3/schema.yaml";
101			};
102			scfg_yaml_sysfw: sec-cfg {
103				config = "sec-cfg.yaml";
104				schema = "arch/arm/mach-k3/schema.yaml";
105			};
106			pcfg_yaml_sysfw: pm-cfg {
107				config = "pm-cfg.yaml";
108				schema = "arch/arm/mach-k3/schema.yaml";
109			};
110			rcfg_yaml_sysfw: rm-cfg {
111				config = "rm-cfg.yaml";
112				schema = "arch/arm/mach-k3/schema.yaml";
113			};
114		};
115	};
116};
117
118&binman {
119	itb_template: template-5 {
120		fit {
121			description = "SYSFW and Config fragments";
122			#address-cells = <1>;
123			images {
124				sysfw.bin {
125					description = "sysfw";
126					type = "firmware";
127					arch = "arm";
128					compression = "none";
129					blob-ext {
130					    filename = "sysfw.bin";
131					};
132				};
133				board-cfg.bin {
134					description = "board-cfg";
135					type = "firmware";
136					arch = "arm";
137					compression = "none";
138					ti-secure {
139						content = <&board_cfg>;
140						keyfile = "custMpk.pem";
141					};
142					board_cfg: board-cfg {
143						filename = "board-cfg.bin";
144						type = "blob-ext";
145					};
146
147				};
148				pm-cfg.bin {
149					description = "pm-cfg";
150					type = "firmware";
151					arch = "arm";
152					compression = "none";
153					ti-secure {
154						content = <&pm_cfg>;
155						keyfile = "custMpk.pem";
156					};
157					pm_cfg: pm-cfg {
158						filename = "pm-cfg.bin";
159						type = "blob-ext";
160					};
161				};
162				rm-cfg.bin {
163					description = "rm-cfg";
164					type = "firmware";
165					arch = "arm";
166					compression = "none";
167					ti-secure {
168						content = <&rm_cfg>;
169						keyfile = "custMpk.pem";
170					};
171					rm_cfg: rm-cfg {
172						filename = "rm-cfg.bin";
173						type = "blob-ext";
174					};
175				};
176				sec-cfg.bin {
177					description = "sec-cfg";
178					type = "firmware";
179					arch = "arm";
180					compression = "none";
181					ti-secure {
182						content = <&sec_cfg>;
183						keyfile = "custMpk.pem";
184					};
185					sec_cfg: sec-cfg {
186						filename = "sec-cfg.bin";
187						type = "blob-ext";
188					};
189				};
190			};
191		};
192	};
193
194	itb_unsigned_template: template-6 {
195		fit {
196			description = "SYSFW and Config fragments";
197			#address-cells = <1>;
198			images {
199				sysfw.bin {
200					description = "sysfw";
201					type = "firmware";
202					arch = "arm";
203					compression = "none";
204					blob-ext {
205					    filename = "sysfw.bin_fs";
206					};
207				};
208				board-cfg.bin {
209					description = "board-cfg";
210					type = "firmware";
211					arch = "arm";
212					compression = "none";
213					board-cfg {
214						filename = "board-cfg.bin";
215						type = "blob-ext";
216					};
217
218				};
219				pm-cfg.bin {
220					description = "pm-cfg";
221					type = "firmware";
222					arch = "arm";
223					compression = "none";
224					pm-cfg {
225						filename = "pm-cfg.bin";
226						type = "blob-ext";
227					};
228				};
229				rm-cfg.bin {
230					description = "rm-cfg";
231					type = "firmware";
232					arch = "arm";
233					compression = "none";
234					rm-cfg {
235						filename = "rm-cfg.bin";
236						type = "blob-ext";
237					};
238				};
239				sec-cfg.bin {
240					description = "sec-cfg";
241					type = "firmware";
242					arch = "arm";
243					compression = "none";
244					sec-cfg {
245						filename = "sec-cfg.bin";
246						type = "blob-ext";
247					};
248				};
249			};
250		};
251	};
252};
253
254#else
255
256&binman {
257	ti_spl_template: template-1 {
258		filename = "tispl.bin";
259		pad-byte = <0xff>;
260
261		fit {
262			description = "Configuration to load ATF and SPL";
263			#address-cells = <1>;
264
265			images {
266
267				atf {
268					description = "ARM Trusted Firmware";
269					type = "firmware";
270					arch = "arm64";
271					compression = "none";
272					os = "arm-trusted-firmware";
273					load = <CONFIG_K3_ATF_LOAD_ADDR>;
274					entry = <CONFIG_K3_ATF_LOAD_ADDR>;
275					ti-secure {
276						content = <&atf>;
277						keyfile = "custMpk.pem";
278					};
279					atf: atf-bl31 {
280					};
281				};
282
283				tee {
284					description = "OP-TEE";
285					type = "tee";
286					arch = "arm64";
287					compression = "none";
288					os = "tee";
289					load = <CONFIG_K3_OPTEE_LOAD_ADDR>;
290					entry = <CONFIG_K3_OPTEE_LOAD_ADDR>;
291					ti-secure {
292						content = <&tee>;
293						keyfile = "custMpk.pem";
294					};
295					tee: tee-os {
296						optional;
297					};
298				};
299
300				dm {
301					description = "DM binary";
302					type = "firmware";
303					arch = "arm32";
304					compression = "none";
305					os = "DM";
306					load = <0x89000000>;
307					entry = <0x89000000>;
308				};
309
310				spl {
311					description = "SPL (64-bit)";
312					type = "standalone";
313					os = "U-Boot";
314					arch = "arm64";
315					compression = "none";
316					load = <CONFIG_SPL_TEXT_BASE>;
317					entry = <CONFIG_SPL_TEXT_BASE>;
318					ti-secure {
319						content = <&u_boot_spl_nodtb>;
320						keyfile = "custMpk.pem";
321
322					};
323					u_boot_spl_nodtb: blob-ext {
324						filename = "spl/u-boot-spl-nodtb.bin";
325					};
326				};
327
328			};
329		};
330	};
331	ti_spl_unsigned_template: template-2 {
332		filename = "tispl.bin_unsigned";
333		pad-byte = <0xff>;
334
335		fit {
336			description = "Configuration to load ATF and SPL";
337			#address-cells = <1>;
338
339			images {
340
341				atf {
342					description = "ARM Trusted Firmware";
343					type = "firmware";
344					arch = "arm64";
345					compression = "none";
346					os = "arm-trusted-firmware";
347					load = <CONFIG_K3_ATF_LOAD_ADDR>;
348					entry = <CONFIG_K3_ATF_LOAD_ADDR>;
349					atf-bl31 {
350						filename = "bl31.bin";
351					};
352				};
353
354				tee {
355					description = "OP-TEE";
356					type = "tee";
357					arch = "arm64";
358					compression = "none";
359					os = "tee";
360					load = <CONFIG_K3_OPTEE_LOAD_ADDR>;
361					entry = <CONFIG_K3_OPTEE_LOAD_ADDR>;
362					tee-os {
363						filename = "tee-raw.bin";
364						optional;
365					};
366				};
367
368				dm {
369					description = "DM binary";
370					type = "firmware";
371					arch = "arm32";
372					compression = "none";
373					os = "DM";
374					load = <0x89000000>;
375					entry = <0x89000000>;
376				};
377
378				spl {
379					description = "SPL (64-bit)";
380					type = "standalone";
381					os = "U-Boot";
382					arch = "arm64";
383					compression = "none";
384					load = <CONFIG_SPL_TEXT_BASE>;
385					entry = <CONFIG_SPL_TEXT_BASE>;
386					blob-ext {
387						filename = "spl/u-boot-spl-nodtb.bin";
388					};
389				};
390			};
391		};
392	};
393	u_boot_template: template-3 {
394		filename = "u-boot.img";
395		pad-byte = <0xff>;
396
397		fit {
398			description = "FIT image with multiple configurations";
399
400			images {
401				uboot {
402					type = "firmware";
403					os = "u-boot";
404					arch = "arm";
405					compression = "none";
406					load = <CONFIG_TEXT_BASE>;
407					ti-secure {
408						content = <&u_boot_nodtb>;
409						keyfile = "custMpk.pem";
410					};
411					u_boot_nodtb: u-boot-nodtb {
412					};
413					hash {
414						algo = "crc32";
415					};
416				};
417			};
418		};
419	};
420	u_boot_unsigned_template: template-4 {
421		filename = "u-boot.img_unsigned";
422		pad-byte = <0xff>;
423
424		fit {
425			description = "FIT image with multiple configurations";
426
427			images {
428				uboot {
429					type = "firmware";
430					os = "u-boot";
431					arch = "arm";
432					compression = "none";
433					load = <CONFIG_TEXT_BASE>;
434					blob {
435						filename = "u-boot-nodtb.bin";
436					};
437					hash {
438						algo = "crc32";
439					};
440				};
441			};
442		};
443	};
444	firewall_bg_1: template-5 {
445		control = <(FWCTRL_EN | FWCTRL_LOCK |
446					FWCTRL_BG | FWCTRL_CACHE)>;
447		permissions = <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
448						FWPERM_SECURE_PRIV_RWCD |
449						FWPERM_SECURE_USER_RWCD |
450						FWPERM_NON_SECURE_PRIV_RWCD |
451						FWPERM_NON_SECURE_USER_RWCD)>;
452		start_address = <0x0 0x0>;
453		end_address = <0xff 0xffffffff>;
454	};
455	firewall_bg_3: template-6 {
456		insert-template = <&firewall_bg_1>;
457		permissions = <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
458						FWPERM_SECURE_PRIV_RWCD |
459						FWPERM_SECURE_USER_RWCD |
460						FWPERM_NON_SECURE_PRIV_RWCD |
461						FWPERM_NON_SECURE_USER_RWCD)>,
462					  <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
463						FWPERM_SECURE_PRIV_RWCD |
464						FWPERM_SECURE_USER_RWCD |
465						FWPERM_NON_SECURE_PRIV_RWCD |
466						FWPERM_NON_SECURE_USER_RWCD)>,
467					  <((FWPRIVID_ALL << FWPRIVID_SHIFT) |
468						FWPERM_SECURE_PRIV_RWCD |
469						FWPERM_SECURE_USER_RWCD |
470						FWPERM_NON_SECURE_PRIV_RWCD |
471						FWPERM_NON_SECURE_USER_RWCD)>;
472	};
473	firewall_armv8_atf_fg: template-7 {
474		control = <(FWCTRL_EN | FWCTRL_LOCK |
475					FWCTRL_CACHE)>;
476		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
477						FWPERM_SECURE_PRIV_RWCD |
478						FWPERM_SECURE_USER_RWCD)>;
479		start_address = <0x0 0x70000000>;
480		end_address = <0x0 0x7001ffff>;
481	};
482	firewall_armv8_optee_fg: template-8 {
483		control = <(FWCTRL_EN | FWCTRL_LOCK |
484					FWCTRL_CACHE)>;
485		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
486						FWPERM_SECURE_PRIV_RWCD |
487						FWPERM_SECURE_USER_RWCD)>;
488		start_address = <0x0 0x9e800000>;
489		end_address = <0x0 0x9fffffff>;
490	};
491
492};
493
494#endif
495