On Thu, Mar 23, 2017 at 11:04 AM, Stefan Roese <s...@denx.de> wrote: > On 23.03.2017 10:45, Mario Six wrote: >> >> On Thu, Mar 23, 2017 at 10:31 AM, Stefan Roese <s...@denx.de> wrote: >>> >>> Hi Mario, >>> >>> On 22.02.2017 16:07, Mario Six wrote: >>>> >>>> Make secure booting available for the controlcenterdc >>>> board. >>>> >>>> Signed-off-by: Reinhard Pfau <reinhard.p...@gdsys.cc> >>>> Signed-off-by: Mario Six <mario....@gdsys.cc> >>>> --- >>>> Changes in v3: >>>> >>>> * Added secure boot options to config to enable secure boot by default >>>> >>>> Changes in v2: >>>> >>>> * Moved definition and interpretation of SECURED_MODE_IMAGE and >>>> SECURED_MODE_CSK_INDEX to previous patch >>> >>> >>> When trying to compile with these patches applied, I get this >>> error: >>> >>> [stefan@stefan-work u-boot-marvell (master)]$ make -s -j10 >>> Couldn't open RSA private key: './kwb_csk.key': No such file or directory >>> Failed to load CSK >>> Could not create image >>> Makefile:982: recipe for target 'u-boot-spl.kwb' failed >>> >>> We need to find a way, to compile for this board without such errors. >>> Perhaps by providing a "default key"? Any ideas? >>> >>> Thanks, >>> Stefan >>> >> >> Hi Stefan, >> >> Hm, yes, for automatic building, the need to put the KAK and CSK keys >> somewhere >> is problematic; didn't consider that, sorry. >> >> The easiest way would probably be to have some Makefile check for the >> existence >> of kwb_kak.key and kwb_csk.key in the root directory, and create them if >> they >> don't exists, using >> >> openssl genrsa -out kwb_kak.key 2048 openssl genrsa -out kwb_csk.key 2048 > > > Sounds like a doable solution. > >> But I am not quite sure where to put those checks/instructions in a >> non-disruptive manner. > > > Perhaps its better, to place those files into the board directory, > for cases, where multiple targets with different keys are being > built? > > I'm currently busy with collecting most pending mvebu patches for > a pull request now. To get this going, I'll probably drop this > last patch from you (patch 3/3) for now, to get the remaining > stuff into mainline. > > This way, you will have a bit more time to figure this out in an > acceptable way. > > > Thanks, > Stefan >
OK, that's fine with me. Thanks for testing! Best regards, Mario _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
