diff options
author | Andrew Jeffery <andrew@aj.id.au> | 2021-08-26 03:56:03 +0300 |
---|---|---|
committer | Andrew Jeffery <andrew@aj.id.au> | 2021-08-30 09:52:26 +0300 |
commit | bf97bbd459bde95346a00ca85e3f7995feb2d098 (patch) | |
tree | 12f05ab0508db0b8413ffeeffa988b058ddad9f0 /meta-aspeed/classes/socsec-sign.bbclass | |
parent | 50e2234e380c6deca02bd98a1643a95cd8d0dfa7 (diff) | |
download | openbmc-bf97bbd459bde95346a00ca85e3f7995feb2d098.tar.xz |
meta-aspeed: socsec-sign: Make invalid key configuration fatal
Building the SPL and "silently" leaving it unsigned gives us a build
that cannot be booted on systems that have secure-boot enabled.
Change-Id: Ie788a04ef35c7031897a2bfa7d348caa4292305d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Diffstat (limited to 'meta-aspeed/classes/socsec-sign.bbclass')
-rw-r--r-- | meta-aspeed/classes/socsec-sign.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass index b5866e29e..0af88d9f5 100644 --- a/meta-aspeed/classes/socsec-sign.bbclass +++ b/meta-aspeed/classes/socsec-sign.bbclass @@ -23,7 +23,8 @@ sign_spl_helper() { if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then echo "Warning: SPL signing is only supported on AST2600 boards" elif [ ! -e "${SOCSEC_SIGN_KEY}" ] ; then - echo "Warning: Invalid socsec signing key - SPL verified boot won't be available" + echo "Error: Invalid socsec signing key: ${SOCSEC_SIGN_KEY}" + exit 1 else rm -f ${SPL_BINARY}.staged |