Hi,
some Allwinner devices use some kind of "secure boot", which requires the SPL image to be build wrapped in a TOC0 format instead of the normal EGON format. mkimage supports that for a while, but for that to work it requires some private key in the current directory. This key is easily generated with "openssl genrsa -out root_key.pem", and mkimage prints that command when no file is found, so it's easy for users to comply.
However this understandably upsets the gitlab CI, and breaks the build: https://source.denx.de/u-boot/custodians/u-boot-sunxi/-/jobs/835423 +mkimage (TOC0): error: Failed to read private key from 'root_key.pem' +mkimage (TOC0): info: Try 'openssl genrsa -out root_key.pem' +make[2]: *** [scripts/Makefile.spl:446: spl/sunxi-spl.bin] Error 1 +make[2]: *** Deleting file 'spl/sunxi-spl.bin' +make[1]: *** [Makefile:2089: spl/u-boot-spl] Error 2 +make[1]: *** Deleting file 'spl/u-boot-spl' +make: *** [Makefile:177: sub-make] Error 2
This prevents me from merging the defconfig for a device requiring secure boot, so I was wondering what the solution would be? The actual key is irrelevant for the build, so we could either insert *some* root_key.pem into the CI build directory, or generate this key on the fly, using openssl.
I have no clue what would be best or easiest here, or how to pull this off, so any suggestions are welcome.
Thanks, Andre