[PATCH 1/4] board: phytec: common: k3: Introduce Configs to Sign Images

Thu, 06 Feb 2025 22:52:06 -0800 

Private keys to sign bootloader images shouldn't be commit or part
of this repository. Add config entries to use keys located outside
of U-Boot to sign images.

Signed-off-by: Maik Otto <m.o...@phytec.de>
Signed-off-by: Nathan Morrisson <nmorris...@phytec.com>
Signed-off-by: Daniel Schultz <d.schu...@phytec.de>
---
 board/phytec/common/k3/Kconfig | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/board/phytec/common/k3/Kconfig b/board/phytec/common/k3/Kconfig
index 282f4b79742..19fe927b22e 100644
--- a/board/phytec/common/k3/Kconfig
+++ b/board/phytec/common/k3/Kconfig
@@ -3,3 +3,37 @@ config PHYTEC_K3_DDR_PATCH
        help
           Allow to override default DDR timings prior to
           DDRSS driver probing.
+
+config PHYTEC_K3_KEY_BLOB_COPY
+       bool "Copy the MPK key and the degenerate TI key to the build path"
+       default y
+       help
+          Select how to manage the MPK and degenerate TI keys.
+          If PHYTEC_K3_KEY_BLOB_COPY is enabled, the keys will be copied into
+          the U-Boot directory for compatibility with the TI dummy keys
+          stored there.
+          If PHYTEC_K3_KEY_BLOB_COPY is disabled, the build will use the
+          original key directly. It is recommended to use the original key to
+          avoid unnecessary duplication.
+
+config PHYTEC_K3_MPK_KEY
+       string "Path to customer specific MPK key"
+       default "custMpk.pem" if PHYTEC_K3_KEY_BLOB_COPY
+       default "arch/arm/mach-k3/keys/custMpk.pem" if !PHYTEC_K3_KEY_BLOB_COPY
+       help
+          Specifies the path to the MPK signing key:
+          If PHYTEC_K3_KEY_BLOB_COPY is enabled, provide the path to the blob
+          copy of the original key.
+          If PHYTEC_K3_KEY_BLOB_COPY is disabled, provide the path to the
+          original key.
+
+config PHYTEC_K3_DEGENERATE_KEY
+       string "Path to the degenerate TI key"
+       default "ti-degenerate-key.pem" if PHYTEC_K3_KEY_BLOB_COPY
+       default "arch/arm/mach-k3/keys/ti-degenerate-key.pem" if 
!PHYTEC_K3_KEY_BLOB_COPY
+       help
+          Specifies the  path to the degenerate key:
+          If PHYTEC_K3_KEY_BLOB_COPY is enabled, provide the path to the blob
+          copy of the original key.
+          If PHYTEC_K3_KEY_BLOB_COPY is disabled, provide the path to the
+          original key.
-- 
2.25.1

Reply via email to