Skip to content

AM62x: Do not install firmware prerequisites in image for boot firmware generation

Affected images versions

All images built for am62x in v2024 and v2025pre.

Unaffected images versions

  • v2022 and v2023 as they do not currently support am62x.

Testcase

The link to the testcase on https://qa.apertis.org/ if the bug was found during a testing round

Steps to reproduce

  • Look at image-am62x.yaml see that the following packages are installed into the image:
    • arm-trusted-firmware
    • device-tree-compiler
    • firmware-ti-am62xx
    • k3-image-gen
    • k3-image-gen-am62x
    • optee-os
    • u-boot-sitara
    • u-boot-tools

Expected result

We don't install packages only required for the generation of boot firmware (which are then not directly used) into the image.

Actual result

When building the AM62x boot firmware blobs we install the packages containing the required firmware blobs, scripts and keys into the image. Once the boot firmware is built, these blobs and scripts aren't required and don't need to be present in the image.

We are currently using publicly available keys to sign the images, hence a lack of security around them is not a big deal. However, product teams are going to need to keep their keys secure and hence the process we have at the moment acts as a poor demonstrator of how to perform these steps.

Reproducibility

How often the issue is hit when repeating the test and changing nothing (same device, same image, etc.)?

Put the in the most appropriate entry:

  1. always
  2. often, but not always
  3. rarely

Impact of bug

  • Image bloated by unused files.
  • Keys used to sign firmware installed in image, leading to security risk (should product teams replicate this approach).

Attachments

Add further information about the environment in the form of attachments here. Attach plain text files from log output (from journalctl, systemctl, …) or long backtraces as attached files. If adding comments on the log is required create a new snippet and add the link to it here.

Screenshots and videos are usually useful for graphic issues.

Root cause

describe in one line what caused the issue to give a hint to product teams whether they may be impacted or not

Outcomes

TBD

Management data

This section is for management only, it should be the last one in the description.

/cc @andrunko @em @Balasubramanian @sudarshan @wlozano

Phabricator link: https://phabricator.apertis.org/T10218

Edited by Apertis CI robot
Apertis Website Terms of Use Privacy Policy