On Thu, Mar 23, 2017 at 11:04 AM, Stefan Roese sr@denx.de wrote:
On 23.03.2017 10:45, Mario Six wrote:
On Thu, Mar 23, 2017 at 10:31 AM, Stefan Roese sr@denx.de wrote:
Hi Mario,
On 22.02.2017 16:07, Mario Six wrote:
Make secure booting available for the controlcenterdc board.
Signed-off-by: Reinhard Pfau reinhard.pfau@gdsys.cc Signed-off-by: Mario Six mario.six@gdsys.cc
Changes in v3:
- Added secure boot options to config to enable secure boot by default
Changes in v2:
- Moved definition and interpretation of SECURED_MODE_IMAGE and SECURED_MODE_CSK_INDEX to previous patch
When trying to compile with these patches applied, I get this error:
[stefan@stefan-work u-boot-marvell (master)]$ make -s -j10 Couldn't open RSA private key: './kwb_csk.key': No such file or directory Failed to load CSK Could not create image Makefile:982: recipe for target 'u-boot-spl.kwb' failed
We need to find a way, to compile for this board without such errors. Perhaps by providing a "default key"? Any ideas?
Thanks, Stefan
Hi Stefan,
Hm, yes, for automatic building, the need to put the KAK and CSK keys somewhere is problematic; didn't consider that, sorry.
The easiest way would probably be to have some Makefile check for the existence of kwb_kak.key and kwb_csk.key in the root directory, and create them if they don't exists, using
openssl genrsa -out kwb_kak.key 2048 openssl genrsa -out kwb_csk.key 2048
Sounds like a doable solution.
But I am not quite sure where to put those checks/instructions in a non-disruptive manner.
Perhaps its better, to place those files into the board directory, for cases, where multiple targets with different keys are being built?
I'm currently busy with collecting most pending mvebu patches for a pull request now. To get this going, I'll probably drop this last patch from you (patch 3/3) for now, to get the remaining stuff into mainline.
This way, you will have a bit more time to figure this out in an acceptable way.
Thanks, Stefan
OK, that's fine with me. Thanks for testing!
Best regards,
Mario