From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH] scripts/k3img: Add workaround for erratum i2474
Date: Fri, 9 Jan 2026 14:29:03 +0100 [thread overview]
Message-ID: <20260109132903.769111-1-s.hauer@pengutronix.de> (raw)
The AM62Lx 1.0 is affected by erratum i2474:
| Boot: Certain second stage binaries fail for block based boot modes
|
| ROM fails to boot on SD, eMMC, USB-DFU, Serial NAND, GPMC NAND, and UART
| if certificate size is aligned to 128 Bytes.
| Certificate size must not be aligned to 128 bytes, however, individual
| components must be aligned to 128 bytes.
This adds a partial workaround for this issue. We align the components
to 128 bytes, but we do not make sure the certificate is not aligned to
128 bytes. We currently do not seem to hit this issue in barebox.
However, we add a alignment check just to make sure.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
scripts/k3img | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
diff --git a/scripts/k3img b/scripts/k3img
index bd86a43789..b00aa54e50 100755
--- a/scripts/k3img
+++ b/scripts/k3img
@@ -68,6 +68,11 @@ TMPDIR="$(mktemp -d)"
components=${TMPDIR}/components
ext_boot_info=${TMPDIR}/ext_boot_info
data=${TMPDIR}/data
+component=${TMPDIR}/component
+
+align128() {
+ echo $(( ($1 + 0x7f) & ~0x7f ))
+}
for i in $*; do
filename=$(echo "$i" | cut -d ":" -f 1)
@@ -76,8 +81,13 @@ for i in $*; do
compOpts=$(echo "$i" | cut -d ":" -f 4)
destAddr=$(echo "$i" | cut -d ":" -f 5)
- sha=$(sha512sum $filename | sed 's/ .*//')
- size=$(stat -L -c%s $filename)
+ cp $filename $component
+
+ size=$(stat -L -c%s $component)
+ size=$(align128 $size)
+ truncate --size=$size $component
+
+ sha=$(sha512sum $component | sed 's/ .*//')
total=$((total + size))
num_comp=$((num_comp + 1))
@@ -95,7 +105,8 @@ shaValue = FORMAT:HEX,OCT:$sha
EndOfHereDocument
echo "comp$num_comp = SEQUENCE:comp$num_comp" >> $ext_boot_info
- cat $filename >> $data
+
+ cat $component >> $data
done
echo >> $ext_boot_info
@@ -149,4 +160,24 @@ esac
openssl req ${PKCS11OPTS} -new -x509 -key "${key}" -nodes -outform DER -out "${cert}" -config "${certcfg}" -sha512
+certsize=$(stat -L -c%s ${cert})
+
+#
+# AM62l erratum i2474:
+#
+# Boot: Certain second stage binaries fail for block based boot modes
+# ROM fails to boot on SD, eMMC, USB-DFU, Serial NAND, GPMC NAND, and
+# UART if certificate size is aligned to 128 Bytes.
+#
+# Certificate size must not be aligned to 128 bytes, however, individual
+# components must be aligned to 128 bytes.
+#
+# The 128 byte alignment of the components is assured by this script. If you
+# hit the check below you have to add/remove a few bytes to/from $certcfg above.
+#
+if [ $certsize = $(align128 $certsize) ]; then
+ echo "$0: Certificate is 128 byte aligned, this is not allowed"
+ exit 1
+fi
+
cat $cert $data > $out
--
2.47.3
reply other threads:[~2026-01-09 13:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260109132903.769111-1-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox