u-boot-iot2050: Add an explicit env to mark secure boot building

The existence of keys folder implying the secure boot building only applies to scenarios that private key is locally accessible. In cases when a clear private key is not available, an explicit environment to mark the secure boot building is required. Signed-off-by: Baocheng Su <[email protected]>
siemens · Jun 19, 2024 · 29f46b5 · 29f46b5
1 parent 4db48c1
commit 29f46b5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/recipes-bsp/u-boot/files/rules.tmpl b/recipes-bsp/u-boot/files/rules.tmpl
@@ -10,7 +10,7 @@ SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
 endif
 
 override_dh_auto_build:
-	if [ -e keys ]; then \
+	if [ "${SB_SIGN}" = "1" ]; then \
 		tools/key2dtsi.py -c -s keys/custMpk.pem arch/arm/dts/custMpk.dtsi; \
 	fi
 	$(MAKE) $(PARALLEL_MAKE) ${U_BOOT_CONFIG}
@@ -22,7 +22,7 @@ override_dh_auto_build:
 	else \
 		./scripts/get_default_envs.sh >u-boot-initial-env; \
 	fi
-	if [ -e keys ]; then \
+	if [ "${SB_SIGN}" = "1" ]; then \
 		tools/iot2050-sign-fw.sh keys/custMpk.pem ${FIRMWARE_SECURE_VER}; \
 	fi
 	$(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools

diff --git a/recipes-bsp/u-boot/u-boot-iot2050.inc b/recipes-bsp/u-boot/u-boot-iot2050.inc
@@ -41,8 +41,11 @@ DEBIAN_BUILD_DEPENDS:append:secureboot = ", python3-pycryptodome:native, \
 DEPENDS:append:otpcmd = " secure-boot-otp-provisioning"
 DEBIAN_BUILD_DEPENDS:append:otpcmd = ", secure-boot-otp-provisioning"
 
+SB_SIGN = "0"
+SB_SIGN:secureboot = "1"
+
 TEMPLATE_FILES += "rules.tmpl"
-TEMPLATE_VARS += "FIRMWARE_SECURE_VER"
+TEMPLATE_VARS += "FIRMWARE_SECURE_VER SB_SIGN"
 
 U_BOOT_CONFIG_PACKAGE = "1"