The path to the public key used to verify FIT images can be
specified with Kconfig variable. For a better build system
integration we also want to be able to specify the path in
environment variables.
Signed-off-by: Stefano Manni <stefano.manni@xxxxxxxxx>
---
common/Kconfig | 17 +++++++++++++++++
scripts/Makefile.lib | 8 +++++++-
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/common/Kconfig b/common/Kconfig
index 658437f..ceacf28 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -643,6 +643,21 @@ config BOOTM_FITIMAGE_SIGNATURE
Additionally the barebox device tree needs a /signature node with the
public key with which the image has been signed.
+config BOOTM_FITIMAGE_PUBKEY_ENV
+ bool "Specify path to public key in environment"
+ depends on BOOTM_FITIMAGE_SIGNATURE
+ help
+ If this option is enabled the path to the public key for verifying
+ FIT images signature is taken from environment which allows for
+ better integration with build systems.
+
+ The environment variable has the same name as the corresponding
+ Kconfig variable:
+
+ CONFIG_BOOTM_FITIMAGE_PUBKEY
+
+if BOOTM_FITIMAGE_SIGNATURE && !BOOTM_FITIMAGE_PUBKEY_ENV
+
config BOOTM_FITIMAGE_PUBKEY
string "Path to dtsi containing pubkey"
default "../fit/pubkey.dtsi"
@@ -652,6 +667,8 @@ config BOOTM_FITIMAGE_PUBKEY
snippet can then be included in a device tree with
"#include CONFIG_BOOTM_FITIMAGE_PUBKEY".
+endif
+
config BOOTM_FORCE_SIGNED_IMAGES
bool
prompt "Force booting of signed images"
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 3799e77..891b8dd 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -479,6 +479,11 @@ overwrite-hab-env = $(shell set -e; \
test -n "$$$(1)"; \
echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+overwrite-fit-env = $(shell set -e; \
+ test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
+ test -n "$$$(1)"; \
+ echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+
imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \
-I $(srctree)/include -I $(srctree)/arch/arm/mach-imx/include \
-include include/generated/autoconf.h \
@@ -487,7 +492,8 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \
$(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \
$(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \
$(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \
- $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM)
+ $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \
+ $(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \
dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)
--
2.7.4
