meta-aspeed: socsec-sign: Make invalid key configuration fatal

Building the SPL and "silently" leaving it unsigned gives us a build that cannot be booted on systems that have secure-boot enabled. Change-Id: Ie788a04ef35c7031897a2bfa7d348caa4292305d Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
author: Andrew Jeffery <andrew@aj.id.au> 2021-08-26 03:56:03 +0300
committer: Andrew Jeffery <andrew@aj.id.au> 2021-08-30 09:52:26 +0300
commit: bf97bbd459bde95346a00ca85e3f7995feb2d098 (patch)
tree: 12f05ab0508db0b8413ffeeffa988b058ddad9f0 /meta-aspeed
parent: 50e2234e380c6deca02bd98a1643a95cd8d0dfa7 (diff)
download: openbmc-bf97bbd459bde95346a00ca85e3f7995feb2d098.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass
index b5866e29e..0af88d9f5 100644
--- a/meta-aspeed/classes/socsec-sign.bbclass
+++ b/meta-aspeed/classes/socsec-sign.bbclass
@@ -23,7 +23,8 @@ sign_spl_helper() {
     if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then
         echo "Warning: SPL signing is only supported on AST2600 boards"
     elif [ ! -e "${SOCSEC_SIGN_KEY}" ] ; then
-        echo "Warning: Invalid socsec signing key - SPL verified boot won't be available"
+        echo "Error: Invalid socsec signing key: ${SOCSEC_SIGN_KEY}"
+        exit 1
     else
         rm -f ${SPL_BINARY}.staged
author	Andrew Jeffery <andrew@aj.id.au>	2021-08-26 03:56:03 +0300
committer	Andrew Jeffery <andrew@aj.id.au>	2021-08-30 09:52:26 +0300
commit	bf97bbd459bde95346a00ca85e3f7995feb2d098 (patch)
tree	12f05ab0508db0b8413ffeeffa988b058ddad9f0 /meta-aspeed
parent	50e2234e380c6deca02bd98a1643a95cd8d0dfa7 (diff)
download	openbmc-bf97bbd459bde95346a00ca85e3f7995feb2d098.tar.xz