On Thu, Mar 23, 2017 at 10:31 AM, Stefan Roese sr@denx.de wrote:
Hi Mario,
On 22.02.2017 16:07, Mario Six wrote:
Make secure booting available for the controlcenterdc board.
Signed-off-by: Reinhard Pfau reinhard.pfau@gdsys.cc Signed-off-by: Mario Six mario.six@gdsys.cc
Changes in v3:
- Added secure boot options to config to enable secure boot by default
Changes in v2:
- Moved definition and interpretation of SECURED_MODE_IMAGE and SECURED_MODE_CSK_INDEX to previous patch
When trying to compile with these patches applied, I get this error:
[stefan@stefan-work u-boot-marvell (master)]$ make -s -j10 Couldn't open RSA private key: './kwb_csk.key': No such file or directory Failed to load CSK Could not create image Makefile:982: recipe for target 'u-boot-spl.kwb' failed
We need to find a way, to compile for this board without such errors. Perhaps by providing a "default key"? Any ideas?
Thanks, Stefan
Hi Stefan,
Hm, yes, for automatic building, the need to put the KAK and CSK keys somewhere is problematic; didn't consider that, sorry.
The easiest way would probably be to have some Makefile check for the existence of kwb_kak.key and kwb_csk.key in the root directory, and create them if they don't exists, using
openssl genrsa -out kwb_kak.key 2048 openssl genrsa -out kwb_csk.key 2048
But I am not quite sure where to put those checks/instructions in a non-disruptive manner.
Best regards,
Mario