[Buildroot] [PATCH v3 01/11] boot/ti-k3-core-secdev: new package

Romain Naour romain.naour at smile.fr
Wed Feb 7 09:52:31 UTC 2024 

Hello Dario, All,

Le 18/12/2023 à 09:19, Dario Binacchi a écrit :
> This is a security development package containing tools for
> High-Security(HS) TI K3 platform devices.
> 
> Signed-off-by: Dario Binacchi <dario.binacchi at amarulasolutions.com>
> ---
>  DEVELOPERS                                    |  1 +
>  boot/Config.in                                |  1 +
>  boot/ti-k3-core-secdev/Config.in              |  9 +++++++++
>  boot/ti-k3-core-secdev/ti-k3-core-secdev.hash |  3 +++
>  boot/ti-k3-core-secdev/ti-k3-core-secdev.mk   | 19 +++++++++++++++++++
>  5 files changed, 33 insertions(+)
>  create mode 100644 boot/ti-k3-core-secdev/Config.in
>  create mode 100644 boot/ti-k3-core-secdev/ti-k3-core-secdev.hash
>  create mode 100644 boot/ti-k3-core-secdev/ti-k3-core-secdev.mk
> 
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 311dcd950481..60a95434c70f 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -754,6 +754,7 @@ F:	package/xinetd/
>  N:	Dario Binacchi <dario.binacchi at amarulasolutions.com>
>  F:	board/bsh/
>  F:	board/stmicroelectronics/stm32f769-disco/
> +F:	boot/ti-k3-core-secdev/
>  F:	configs/imx8mn_bsh_smm_s2_defconfig
>  F:	configs/imx8mn_bsh_smm_s2_pro_defconfig
>  F:	configs/stm32f769_disco_sd_defconfig
> diff --git a/boot/Config.in b/boot/Config.in
> index e5fdf7ad439e..18a7d268f95a 100644
> --- a/boot/Config.in
> +++ b/boot/Config.in
> @@ -20,6 +20,7 @@ source "boot/s500-bootloader/Config.in"
>  source "boot/shim/Config.in"
>  source "boot/syslinux/Config.in"
>  source "boot/ti-k3-boot-firmware/Config.in"
> +source "boot/ti-k3-core-secdev/Config.in"
>  source "boot/ti-k3-image-gen/Config.in"
>  source "boot/ti-k3-r5-loader/Config.in"
>  source "boot/uboot/Config.in"
> diff --git a/boot/ti-k3-core-secdev/Config.in b/boot/ti-k3-core-secdev/Config.in
> new file mode 100644
> index 000000000000..1749b7ab5fd9
> --- /dev/null
> +++ b/boot/ti-k3-core-secdev/Config.in
> @@ -0,0 +1,9 @@
> +config BR2_TARGET_TI_K3_CORE_SECDEV
> +	bool "ti-k3-core-secdev"
> +	depends on BR2_aarch64
> +	help
> +	  This package downloads and installs development tools for
> +	  High-Security(HS) TI K3 platforms (which include AM62x,
> +	  AM64x, AM65x and more).
> +
> +	  https://git.ti.com/cgit/security-development-tools/core-secdev-k3/

Remove the trailing '/' at the end of the url.

> diff --git a/boot/ti-k3-core-secdev/ti-k3-core-secdev.hash b/boot/ti-k3-core-secdev/ti-k3-core-secdev.hash
> new file mode 100644
> index 000000000000..0460cff6c59f
> --- /dev/null
> +++ b/boot/ti-k3-core-secdev/ti-k3-core-secdev.hash
> @@ -0,0 +1,3 @@
> +# Locally calculated
> +sha256  b6d3bca0d561d055c6869c5564b06f2fb1b9f67e4ef180c2baf8a14a6a6afa06  core-secdev-k3-08.06.00.007.tar.xz
> +sha256  3e5cf4f5ab9f0333f46cd68fabede3f21e55de1a9e3c6ad673f241f4514d8369  k3-secdev-0.2-manifest.html
> diff --git a/boot/ti-k3-core-secdev/ti-k3-core-secdev.mk b/boot/ti-k3-core-secdev/ti-k3-core-secdev.mk
> new file mode 100644
> index 000000000000..0127e6503d4d
> --- /dev/null
> +++ b/boot/ti-k3-core-secdev/ti-k3-core-secdev.mk
> @@ -0,0 +1,19 @@
> +################################################################################
> +#
> +# ti-k3-core-secdev
> +#
> +################################################################################
> +
> +TI_K3_CORE_SECDEV_VERSION = 08.06.00.007
> +TI_K3_CORE_SECDEV_SITE = https://git.ti.com/cgit/security-development-tools/core-secdev-k3/snapshot
> +TI_K3_CORE_SECDEV_SOURCE = core-secdev-k3-$(TI_K3_CORE_SECDEV_VERSION).tar.xz
> +TI_K3_CORE_SECDEV_INSTALL_IMAGES = YES
> +TI_K3_CORE_SECDEV_LICENSE = TI Text File, Apache-2.0

What's the meaning of "TI Text File"?

meta-ti's ti-k3-secdev package use BSD-3-Clause as license:

https://git.yoctoproject.org/meta-ti/tree/meta-ti-bsp/recipes-ti/secdev/ti-k3-secdev_git.bb?h=kirkstone#n4

Can you verify the license?

> +TI_K3_CORE_SECDEV_LICENSE_FILES = k3-secdev-0.2-manifest.html

legal-info doesn't work since this file is under "manifest" directory.

> +
> +define TI_K3_CORE_SECDEV_INSTALL_IMAGES_CMDS
> +	cp -dpfr $(@D)/keys $(BINARIES_DIR)/
> +	cp -dpfr $(@D)/scripts $(BINARIES_DIR)/
> +endef

I would suggest to create a sub-directory under $(BINARIES_DIR) to avoid any
file conflict.

Best regards,
Romain


> +
> +$(eval $(generic-package))

More information about the buildroot mailing list