Re: [PATCH] kbuild: make FIT public key overwritable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 20, 2022 at 12:15:22PM +0200, Stefano Manni wrote:
> The path to the public key used to verify FIT images can be
> specified with Kconfig variable. For a better build system
> integration we also want to be able to specify the path in
> environment variables.
> 
> Signed-off-by: Stefano Manni <stefano.manni@xxxxxxxxx>
> ---
>  common/Kconfig       | 17 +++++++++++++++++
>  scripts/Makefile.lib |  8 +++++++-
>  2 files changed, 24 insertions(+), 1 deletion(-)

Nice. This makes it more consistent to the way the HABv4 files can be
specified as well.

Applied, thanks

Sascha


> 
> diff --git a/common/Kconfig b/common/Kconfig
> index 658437f..ceacf28 100644
> --- a/common/Kconfig
> +++ b/common/Kconfig
> @@ -643,6 +643,21 @@ config BOOTM_FITIMAGE_SIGNATURE
>  	  Additionally the barebox device tree needs a /signature node with the
>  	  public key with which the image has been signed.
>  
> +config BOOTM_FITIMAGE_PUBKEY_ENV
> +	bool "Specify path to public key in environment"
> +	depends on BOOTM_FITIMAGE_SIGNATURE
> +	help
> +	  If this option is enabled the path to the public key for verifying
> +	  FIT images signature is taken from environment which allows for
> +	  better integration with build systems.
> +
> +	  The environment variable has the same name as the corresponding
> +	  Kconfig variable:
> +
> +	  CONFIG_BOOTM_FITIMAGE_PUBKEY
> +
> +if BOOTM_FITIMAGE_SIGNATURE && !BOOTM_FITIMAGE_PUBKEY_ENV
> +
>  config BOOTM_FITIMAGE_PUBKEY
>  	string "Path to dtsi containing pubkey"
>  	default "../fit/pubkey.dtsi"
> @@ -652,6 +667,8 @@ config BOOTM_FITIMAGE_PUBKEY
>  	  snippet can then be included in a device tree with
>  	  "#include CONFIG_BOOTM_FITIMAGE_PUBKEY".
>  
> +endif
> +
>  config BOOTM_FORCE_SIGNED_IMAGES
>  	bool
>  	prompt "Force booting of signed images"
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index 3799e77..891b8dd 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -479,6 +479,11 @@ overwrite-hab-env = $(shell set -e; \
>        test -n "$$$(1)"; \
>        echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
>  
> +overwrite-fit-env = $(shell set -e; \
> +      test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
> +      test -n "$$$(1)"; \
> +      echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
> +
>  imxcfg_cpp_flags  = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \
>        -I $(srctree)/include -I $(srctree)/arch/arm/mach-imx/include \
>        -include include/generated/autoconf.h \
> @@ -487,7 +492,8 @@ imxcfg_cpp_flags  = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \
>        $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \
>        $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \
>        $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \
> -      $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM)
> +      $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \
> +      $(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \
>  
>  dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)
>  
> -- 
> 2.7.4
> 
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |




[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux