On 23.03.2017 10:45, Mario Six wrote:
On Thu, Mar 23, 2017 at 10:31 AM, Stefan Roese <s...@denx.de> wrote:
Hi Mario,
On 22.02.2017 16:07, Mario Six wrote:
Make secure booting available for the controlcenterdc
board.
Signed-off-by: Reinhard Pfau <reinhard.p...@gdsys.cc>
Signed-off-by: Mario Six <mario....@gdsys.cc>
---
Changes in v3:
* Added secure boot options to config to enable secure boot by default
Changes in v2:
* Moved definition and interpretation of SECURED_MODE_IMAGE and
SECURED_MODE_CSK_INDEX to previous patch
When trying to compile with these patches applied, I get this
error:
[stefan@stefan-work u-boot-marvell (master)]$ make -s -j10
Couldn't open RSA private key: './kwb_csk.key': No such file or directory
Failed to load CSK
Could not create image
Makefile:982: recipe for target 'u-boot-spl.kwb' failed
We need to find a way, to compile for this board without such errors.
Perhaps by providing a "default key"? Any ideas?
Thanks,
Stefan
Hi Stefan,
Hm, yes, for automatic building, the need to put the KAK and CSK keys somewhere
is problematic; didn't consider that, sorry.
The easiest way would probably be to have some Makefile check for the existence
of kwb_kak.key and kwb_csk.key in the root directory, and create them if they
don't exists, using
openssl genrsa -out kwb_kak.key 2048 openssl genrsa -out kwb_csk.key 2048
Sounds like a doable solution.
But I am not quite sure where to put those checks/instructions in a
non-disruptive manner.
Perhaps its better, to place those files into the board directory,
for cases, where multiple targets with different keys are being
built?
I'm currently busy with collecting most pending mvebu patches for
a pull request now. To get this going, I'll probably drop this
last patch from you (patch 3/3) for now, to get the remaining
stuff into mainline.
This way, you will have a bit more time to figure this out in an
acceptable way.
Thanks,
Stefan
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot