Am 08.02.23 um 21:58 schrieb Ryan Eatmon:
>
>
> On 2/7/2023 17:44, Andrew Davis via lists.yoctoproject.org wrote:
>> On 2/1/23 8:31 AM, Wadim Egorov wrote:
>>> Check if ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh is set
>>> before signing firmware for am62xx based machines. Otherwise do not
>>> sign, instead copy the binary and warn about it.
>>>
>>> Fixes
>>> run.do_install: 111: /scripts/secure-binary-image.sh: not found
>>>
>>> Signed-off-by: Wadim Egorov <[email protected]>
>>> ---
>>
>> This patch only fixes this for AM62x, a better way might be to use
>> the ti-k3-secdev-native package to get the signing tool when it is
>> not defined. I do that in the series for Kirkstone that includes
>> several fixes to this recipe[0].
>>
>> Andrew
>>
>> [0]
>> https://lists.yoctoproject.org/g/meta-ti/topic/master_kirkstone_patch_1_8/96819771
>
> I had similar comments. This patch is too narrowly focused to just a single
> platform, I know it was the platform you were caring about but the patch as
> is
> is too narrow. And, the requirement we have is to generate the signed
> images,
> so bypassing the signing is not going to fly.
>
> All that said, I have back ported the above patch that is pending for
> kirkstone to dunfell. So this patch should not be needed because it will use
> in the internal recipe to fetch the signing tool if you are not using the
> external toolset.
Thank you for backporting it to dunfell :)
>
>
>>> recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb | 17 ++++++++++++++---
>>> 1 file changed, 14 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
>>> b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
>>> index 72d85a6b..66c6a4e4 100644
>>> --- a/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
>>> +++ b/recipes-ti/ti-rtos-bin/ti-rtos-firmware.bb
>>> @@ -179,12 +179,23 @@ do_install_prepend_am62xx() {
>>> export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
>>> ( cd ${RTOS_DM_FW_DIR}; \
>>> mv ${DM_FIRMWARE} ${DM_FIRMWARE}.unsigned; \
>>> - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
>>> + if [ -f
>>> ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ]; then \
>>> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
>>> + else \
>>> + echo "Warning: TI_SECURE_DEV_PKG not set,
>>> ${DM_FIRMWARE} not signed."; \
>>> + cp ${DM_FIRMWARE}.unsigned ${DM_FIRMWARE}; \
>>> + fi; \
>>> )
>>> ( cd ${RTOS_IPC_FW_DIR}; \
>>> mv am62-mcu-m4f0_0-fw
>>> ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f; \
>>> - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f \
>>> - ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f.signed; \
>>> +
>>> + if [ -f
>>> ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ]; then \
>>> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
>>> ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f \
>>> + ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f.signed; \
>>> + else \
>>> + echo "Warning: TI_SECURE_DEV_PKG not set,
>>> ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f not signed"; \
>>> + cp ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f
>>> ipc_echo_baremetal_test_mcu2_0_release_strip.xer5f.signed; \
>>> + fi; \
>>> )
>>> }
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#15770):
https://lists.yoctoproject.org/g/meta-ti/message/15770
Mute This Topic: https://lists.yoctoproject.org/mt/96677334/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
