From 29f46b5d1038cecd48dd1449e8ddfbcbbc039351 Mon Sep 17 00:00:00 2001 From: Baocheng Su Date: Wed, 19 Jun 2024 18:53:39 +0800 Subject: [PATCH] u-boot-iot2050: Add an explicit env to mark secure boot building The existence of keys folder implying the secure boot building only applies to scenarios that private key is locally accessible. In cases when a clear private key is not available, an explicit environment to mark the secure boot building is required. Signed-off-by: Baocheng Su --- recipes-bsp/u-boot/files/rules.tmpl | 4 ++-- recipes-bsp/u-boot/u-boot-iot2050.inc | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/recipes-bsp/u-boot/files/rules.tmpl b/recipes-bsp/u-boot/files/rules.tmpl index 6342c45d6..8a488847c 100755 --- a/recipes-bsp/u-boot/files/rules.tmpl +++ b/recipes-bsp/u-boot/files/rules.tmpl @@ -10,7 +10,7 @@ SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y endif override_dh_auto_build: - if [ -e keys ]; then \ + if [ "${SB_SIGN}" = "1" ]; then \ tools/key2dtsi.py -c -s keys/custMpk.pem arch/arm/dts/custMpk.dtsi; \ fi $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_CONFIG} @@ -22,7 +22,7 @@ override_dh_auto_build: else \ ./scripts/get_default_envs.sh >u-boot-initial-env; \ fi - if [ -e keys ]; then \ + if [ "${SB_SIGN}" = "1" ]; then \ tools/iot2050-sign-fw.sh keys/custMpk.pem ${FIRMWARE_SECURE_VER}; \ fi $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools diff --git a/recipes-bsp/u-boot/u-boot-iot2050.inc b/recipes-bsp/u-boot/u-boot-iot2050.inc index 9c0d3085b..9521ca28b 100644 --- a/recipes-bsp/u-boot/u-boot-iot2050.inc +++ b/recipes-bsp/u-boot/u-boot-iot2050.inc @@ -41,8 +41,11 @@ DEBIAN_BUILD_DEPENDS:append:secureboot = ", python3-pycryptodome:native, \ DEPENDS:append:otpcmd = " secure-boot-otp-provisioning" DEBIAN_BUILD_DEPENDS:append:otpcmd = ", secure-boot-otp-provisioning" +SB_SIGN = "0" +SB_SIGN:secureboot = "1" + TEMPLATE_FILES += "rules.tmpl" -TEMPLATE_VARS += "FIRMWARE_SECURE_VER" +TEMPLATE_VARS += "FIRMWARE_SECURE_VER SB_SIGN" U_BOOT_CONFIG_PACKAGE = "1"