On Wed, Jul 20, 2022 at 12:15:22PM +0200, Stefano Manni wrote: > The path to the public key used to verify FIT images can be > specified with Kconfig variable. For a better build system > integration we also want to be able to specify the path in > environment variables. > > Signed-off-by: Stefano Manni <stefano.manni@xxxxxxxxx> > --- > common/Kconfig | 17 +++++++++++++++++ > scripts/Makefile.lib | 8 +++++++- > 2 files changed, 24 insertions(+), 1 deletion(-) Nice. This makes it more consistent to the way the HABv4 files can be specified as well. Applied, thanks Sascha > > diff --git a/common/Kconfig b/common/Kconfig > index 658437f..ceacf28 100644 > --- a/common/Kconfig > +++ b/common/Kconfig > @@ -643,6 +643,21 @@ config BOOTM_FITIMAGE_SIGNATURE > Additionally the barebox device tree needs a /signature node with the > public key with which the image has been signed. > > +config BOOTM_FITIMAGE_PUBKEY_ENV > + bool "Specify path to public key in environment" > + depends on BOOTM_FITIMAGE_SIGNATURE > + help > + If this option is enabled the path to the public key for verifying > + FIT images signature is taken from environment which allows for > + better integration with build systems. > + > + The environment variable has the same name as the corresponding > + Kconfig variable: > + > + CONFIG_BOOTM_FITIMAGE_PUBKEY > + > +if BOOTM_FITIMAGE_SIGNATURE && !BOOTM_FITIMAGE_PUBKEY_ENV > + > config BOOTM_FITIMAGE_PUBKEY > string "Path to dtsi containing pubkey" > default "../fit/pubkey.dtsi" > @@ -652,6 +667,8 @@ config BOOTM_FITIMAGE_PUBKEY > snippet can then be included in a device tree with > "#include CONFIG_BOOTM_FITIMAGE_PUBKEY". > > +endif > + > config BOOTM_FORCE_SIGNED_IMAGES > bool > prompt "Force booting of signed images" > diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib > index 3799e77..891b8dd 100644 > --- a/scripts/Makefile.lib > +++ b/scripts/Makefile.lib > @@ -479,6 +479,11 @@ overwrite-hab-env = $(shell set -e; \ > test -n "$$$(1)"; \ > echo -D$(1)=\\\"$(shell echo $$$(1))\\\") > > +overwrite-fit-env = $(shell set -e; \ > + test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ > + test -n "$$$(1)"; \ > + echo -D$(1)=\\\"$(shell echo $$$(1))\\\") > + > imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \ > -I $(srctree)/include -I $(srctree)/arch/arm/mach-imx/include \ > -include include/generated/autoconf.h \ > @@ -487,7 +492,8 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \ > $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \ > $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \ > $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \ > - $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) > + $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \ > + $(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \ > > dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp) > > -- > 2.7.4 > > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
