diff options
Diffstat (limited to 'meta-aspeed')
12 files changed, 257 insertions, 52 deletions
diff --git a/meta-aspeed/MAINTAINERS b/meta-aspeed/MAINTAINERS index 453d5e497..f1f736f31 100644 --- a/meta-aspeed/MAINTAINERS +++ b/meta-aspeed/MAINTAINERS @@ -14,7 +14,7 @@ Description of section entries: Section entries are structured according to the following scheme: - X: NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!> + X: NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!> X: ... . . @@ -24,10 +24,10 @@ Description of section entries: organization; FILE_PATH is a file path within the repository, possibly with wildcards; X is a tag of one of the following types: - M: Denotes maintainer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>; + M: Denotes maintainer; has fields NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!>; if omitted from an entry, assume one of the maintainers from the MAINTAINERS entry. - R: Denotes reviewer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>; + R: Denotes reviewer; has fields NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!>; these people are to be added as reviewers for a change matching the repo path. F: Denotes forked from an external repository; has fields URL. @@ -46,4 +46,4 @@ START OF MAINTAINERS LIST # @openbmc and is synced by the maintainer using git-subtree. Please submit # changes against @openbmc. M: Brad Bishop <bradleyb@fuzziesquirrel.com> <radsquirrel!> -M: Joel Stanley <joel@jms.id.au> <shenki!> +M: Joel Stanley <joel@jms.id.au> diff --git a/meta-aspeed/README.md b/meta-aspeed/README.md index b97bbc78d..c0fab4e9d 100644 --- a/meta-aspeed/README.md +++ b/meta-aspeed/README.md @@ -32,5 +32,5 @@ Patch checklist. Please ensure patches adhere to the following guidelines: message](https://chris.beams.io/posts/git-commit/#seven-rules) For questions or help please come join us on the [mailing -list](https://lists.ozlabs.org/listinfo/openbmc) or in -[IRC](irc://freenode.net/openbmc). +list](https://lists.ozlabs.org/listinfo/openbmc) or on +[Discord](https://discord.gg/69Km47zH98). diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass new file mode 100644 index 000000000..1b1576592 --- /dev/null +++ b/meta-aspeed/classes/socsec-sign.bbclass @@ -0,0 +1,66 @@ +# ASPEED AST2600 devices can use Aspeed's utility 'socsec' +# to sign the SPL (pubkey written to OTP region) +# The variables below carry default values to the spl_sign() +# function below. +SOCSEC_SIGN_ENABLE ?= "0" +SOCSEC_SIGN_KEY ?= "" +SOCSEC_SIGN_SOC ?= "2600" +SOCSEC_SIGN_ALGO ?= "RSA4096_SHA512" +SOCSEC_SIGN_HELPER ?= "" +# u-boot-aspeed-sdk commit '2c3b53489c ast2600: Modify SPL SRAM layout' +# changes the SDRAM layout so that the verification region does NOT +# intersects the stack. The parameter below can be used to instruct +# socsec to work in either mode (ommitting it throws a warning), but +# newer (post v00.03.03) u-boot-aspeed-sdk need this set to false +SOCSEC_SIGN_EXTRA_OPTS ?= "--stack_intersects_verification_region=false" +DEPENDS += '${@oe.utils.conditional("SOCSEC_SIGN_ENABLE", "1", " socsec-native", "", d)}' + + +# Signs the SPL binary with a pre-established key +sign_spl_helper() { + signing_helper_args="" + + if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then + echo "Warning: SPL signing is only supported on AST2600 boards" + elif [ ! -e "${SOCSEC_SIGN_KEY}" ] ; then + echo "Warning: Invalid socsec signing key - SPL verified boot won't be available" + else + rm -f ${SPL_BINARY}.staged + + if [ -n "${SOCSEC_SIGN_HELPER}" ] ; then + signing_helper_args="--signing_helper ${SOCSEC_SIGN_HELPER}" + fi + socsec make_secure_bl1_image \ + --soc ${SOCSEC_SIGN_SOC} \ + --algorithm ${SOCSEC_SIGN_ALGO} \ + --rsa_sign_key ${SOCSEC_SIGN_KEY} \ + --bl1_image ${DEPLOYDIR}/${SPL_IMAGE} \ + ${signing_helper_args} \ + ${SOCSEC_SIGN_EXTRA_OPTS} \ + --output ${SPL_BINARY}.staged + cp -f ${SPL_BINARY}.staged ${B}/${CONFIG_B_PATH}/${SPL_BINARY} + mv -f ${SPL_BINARY}.staged ${DEPLOYDIR}/${SPL_IMAGE} + fi +} + +sign_spl() { + mkdir -p ${DEPLOYDIR} + if [ -n "${UBOOT_CONFIG}" ]; then + for config in ${UBOOT_MACHINE}; do + CONFIG_B_PATH="${config}" + cd ${B}/${config} + sign_spl_helper + done + else + CONFIG_B_PATH="" + cd ${B} + sign_spl_helper + fi +} + + +do_deploy_append() { + if [ "${SOCSEC_SIGN_ENABLE}" = "1" -a -n "${SPL_BINARY}" ] ; then + sign_spl + fi +} diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem new file mode 100644 index 000000000..a3474c437 --- /dev/null +++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem @@ -0,0 +1,59 @@ +# U-Boot SPL 'Insecure' key (also known as 'development' or +# 'imprint' key), used to sign development images of the ASPEED +# AST2600 boards' U-boot SPL. This key SHOULD NOT be used to +# sign production images. +# This key is 4096 bits in size and any key overriding it must +# also change the SOCSEC_SIGN_ALGO variable. +# See meta-aspeed/classes/socsec-sign.bbclass for more info. + +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA6hC1IHlB4SqRbesC8BtC00icAYUuYmAiO6CHCyph2Pv2CQT5 +Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS9058hgZdMgoDC57Jw5Tw5foN6CBBF72 +oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViLDOdk++olpVgsSlAvW23DmblVxVhz +67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQchhz76fpL9EBZJ1tm9k+m7aRhhRqf +BJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh3gQlQVwomsdImH/VuWQc9xAozacB +s6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4su5EGRNKAAH9dS356pqhzpmZvgFvU +J7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/+ubxzwUm0PrYGIhowuPItT7/ASqz +xCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao98BCUeGE4t065Di81GZ2F9amf5B/ +/jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKxIUTq3cvblNpo80gfYzYwWQakjhE6 +aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS53k3DgrcjK7l7nWjmOxXr6p9f9fF +HXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29ZyrzEctuzky80lHcVFYnE/3cCAwEA +AQKCAgAqf0wTkFCIzEzJU0EeTSTN7cH9eKvaSrAMeXHrcg9/8QdTzeZlfieem2gm +gxAMavHGCKc+ChIKELbaVtcaGRmbPgrpLCoxRAMyLSTCP4N3Dho+q+tFblWe67eR +vv3ESFoIyG0+dNTT0hB2FuQYDy538k9gebvKEH9CItrmU8CO2ZqcERpC8iTzbKC5 +8EwGXFhhgeLEwMDhcJ/PdnchP0jKhNqsObiuqTxGrA6+q+mX/h+Cpjm3AEV6DIW3 +NSKcvDTmPbo0YK1+vPGPnC21v5Db2Y7WFiB9Ma+ZmKQ6W9Xyeame5TKm5jTAOxh5 +SFer1XwJ+J1NjONTv6/iCxXKz8ypDJ9wiFQ7Hb3u84+jQiTWhjpFbnvT3lkN+Z8i +Q7z7QSYcIGHdH1q9x/LkuG5zzGB0yRMAnayzUiyTyQbNRZZHbB4mNB1zWFocUwv5 +bpnACt5NtsxwCJHVZRpffBcekM0AjKXWQ4oxJPcAmhqh2MIu4vmEG6cfMYGP+dpP +R2unAbs3kSAEwvZaydPZmgi9TYLViYWrxXuloGBow1naisQCY3R9XVzLYmCVEvng +20C7odj8or+Qrx6qa1m06RLUsHexKyniIYLbwfPcHIf9afdKv7N/ruGH4u+Nv/2B +I62a9IfOUobBBnSbeA5nHk9bC2G2MBUCwW9jP1Vd4TcXwJwmsQKCAQEA98gY0ZGC +rlj/SOxTYo/6GSfmjHeXJzxWXmH6UDFUMphkaO0RWa/cq2szShdaQa2JKrU4G5xR +K+hYKSotlWb5EjQPQX5uaieI61UWsPbAqs6MSqZyYvgDKeBV40urXrR5ImivsUAO +DKwoNMa4z8JIaKdHB0kT1vK9G/QiLPtJ6Wh8q0+hp+1T/IodXOR3zFHkURJVwVob +Wbas0ZXXMhi1ywO7ZmZRXpnNOQv/m09hBUYGwITAp/KBxaeseGxhR3r6l9rmNtJI +i40/90QHMCXtEwHRvUGTOP8he2n4AhhXQrlr3WOqFrku3y1e+BfLFEOo92j+WjA3 +skFsQsFy8motrwKCAQEA8dQlQMqeC69+ldd/64xaaqa5LuxLhPY5aYu5d3OCuoTF +l6cviKut3h18QLyuy28ZFaI1b/pPS8lvZntw6ryXGNutH6sz0Wtf0Joe/2JT1ZLs +Ra2Np0VZcJmlaFk0XC/CX344gGv5CqSwPqtNn2/Ej76ReRLh0q/hdJdTqKtTHYMe +t3VDZIJwrd5iqFH8Yygd/FFqIfgPSRo1V7ylXj9UEke2zy82dki2kBeeMo+wDLGV +rULejvN9h8IVBK0bBymBSjLXcSN5q4T092lGAV6aMBRcD5n2g6RMeFGE9oimfIWy +WmThXgV6O1OQYA7t6SxCDAcfQZc41Zj2y3dOhPDEuQKCAQBN9MNyM9Ckn9V5kPjP +GrM59ObBLOL+cipOOY8yacKuxGla5bM+v2iy+eBCIETCQyHTsP49GZokMU6DbQS4 +a5RTWNOv7GI6vcODHtsrxAZr9t4GooV8g8EjDLSY9XauLiOqYrtcDeYdsJBZwmfk +3aBAZNig/ynhx68du1qBQnJHoBsRHtWiarWwz5dbYXoba2xk4VrfoUTXnfSTYAw7 +c7DGdZ8hIXHaTJNXrmG18Gx650Q6j8m5TT/s+sr1fEvC3Hs5CaLCfrhaR49ncRy9 +1kDXaQwe+iGingpftMBVkGjr0kCQf8nEqnCHwNOPRJUdBAiGBp93qpHrYE/6VLig +ci17AoIBAQC3+F0y0jGz0Blr4tqFFmw+kIF2qfq1tx9sJQi+T9jXDmTHfz+RKJIH +1MSO9zu+tdEOfS1L98/VZvPhsezwFvKXzZ8B5ZtxKM9mgaktPd9rLe+i/moyI3bs +S2bjYGGN9CNZxEs1n26BY1JVCrrtnPibJi3DPtMfFgBdUzYordV4MSTwCjxvvS/9 +hZ3mUSDBSmataj5kgzMVuON10KS5c1IA6h+vtEopaB3CtsT50AftUDf+7E0l0STh +X4vf19Uk+LVL/iuZ/ZP1IRu/EI5aQl7oTsTOdaFs+lPWgKW3a7PELW3GiNJOVbps +YaEHArSJW8sPHWfw3Rs2m7y8gxHv3r65AoIBAQCmrMwqEnN3J4S0rx62/Kohkfqo +QQNnG/r4d07z0UbBheO2PRWFqBbyv32j3stoQeNmbA1Fzn6Wsx434o5n/VyA+g9D +dRc4X0l46UAPkuZrB20vxgso06QkPtSy7IFVGgqKYy+JG94me5nfIRUhqqF57N+x +gR73fSnykARPFqvG8XG78Aki43U9gQUlq0094eenZu4ikZq1bHslR4/zPMGzwHzb +6gMk5/nAdCrI9F1mKmSt3AnfpkWIYiGZUIoOnv12+dUZc7E5sT+cUI2JZr1CegJ1 +c4XKN2hkZb4MP95cE4rh7DGodZDW5KjiViXHVExUrdv3jBoZlX+Af6atm0K0 +-----END RSA PRIVATE KEY----- diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem new file mode 100644 index 000000000..e3800179c --- /dev/null +++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem @@ -0,0 +1,18 @@ +# Public portion of the U-Boot SPL 'Insecure' key kept here +# as a convenience. +# Please refer to 'rsa_oem_dss_key.pem' for more info + +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6hC1IHlB4SqRbesC8BtC +00icAYUuYmAiO6CHCyph2Pv2CQT5Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS905 +8hgZdMgoDC57Jw5Tw5foN6CBBF72oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViL +DOdk++olpVgsSlAvW23DmblVxVhz67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQc +hhz76fpL9EBZJ1tm9k+m7aRhhRqfBJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh +3gQlQVwomsdImH/VuWQc9xAozacBs6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4s +u5EGRNKAAH9dS356pqhzpmZvgFvUJ7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/ ++ubxzwUm0PrYGIhowuPItT7/ASqzxCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao +98BCUeGE4t065Di81GZ2F9amf5B//jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKx +IUTq3cvblNpo80gfYzYwWQakjhE6aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS +53k3DgrcjK7l7nWjmOxXr6p9f9fFHXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29Z +yrzEctuzky80lHcVFYnE/3cCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb index 99bcafc09..727c62d27 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb @@ -3,11 +3,16 @@ require u-boot-common-aspeed-sdk_${PV}.inc UBOOT_MAKE_TARGET ?= "DEVICE_TREE=${UBOOT_DEVICETREE}" require u-boot-aspeed.inc +inherit socsec-sign PROVIDES += "u-boot" DEPENDS += "bc-native dtc-native" SRC_URI_append_df-phosphor-mmc = " file://u-boot-env-ast2600.txt" +SRC_URI += " \ + file://rsa_oem_dss_key.pem;sha256sum=64a379979200d39949d3e5b0038e3fdd5548600b2f7077a17e35422336075ad4 \ + file://rsa_pub_oem_dss_key.pem;sha256sum=40132a694a10af2d1b094b1cb5adab4d6b4db2a35e02d848b2b6a85e60738264 \ + " UBOOT_ENV_SIZE_df-phosphor-mmc = "0x10000" UBOOT_ENV_df-phosphor-mmc = "u-boot-env" diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc index 55d8b4787..0b9bc20d2 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc @@ -26,48 +26,6 @@ PACKAGECONFIG[openssl] = ",,openssl-native" # file already exists it will not be overwritten. UBOOT_LOCALVERSION ?= "" -# Some versions of u-boot use .bin and others use .img. By default use .bin -# but enable individual recipes to change this value. -UBOOT_SUFFIX ??= "bin" -UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" -UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}" -UBOOT_MAKE_TARGET ?= "all" - -# Output the ELF generated. Some platforms can use the ELF file and directly -# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging -# purposes. -UBOOT_ELF ?= "" -UBOOT_ELF_SUFFIX ?= "elf" -UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}" -UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}" -UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}" - -# Some versions of u-boot build an SPL (Second Program Loader) image that -# should be packaged along with the u-boot binary as well as placed in the -# deploy directory. For those versions they can set the following variables -# to allow packaging the SPL. -SPL_BINARY ?= "" -SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}" -SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}" -SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}" - -# Additional environment variables or a script can be installed alongside -# u-boot to be used automatically on boot. This file, typically 'uEnv.txt' -# or 'boot.scr', should be packaged along with u-boot as well as placed in the -# deploy directory. Machine configurations needing one of these files should -# include it in the SRC_URI and set the UBOOT_ENV parameter. -UBOOT_ENV_SUFFIX ?= "txt" -UBOOT_ENV ?= "" -UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}" -UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}" -UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}" - -# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf -# to find EXTLINUX conf file. -UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux" -UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf" -UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}" - # returns all the elements from the src uri that are .cfg files def find_cfgs(d): sources=src_patches(d, True) diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc index 4e7a92c2e..b662bf442 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc @@ -8,7 +8,7 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "869b79f73711d5a7b6c0bfa3c8888dc2583d1526" +SRCREV = "44a8c618c1215e0faac0f335f0afd56ed4240e76" SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https" diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc b/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc index 6a1471f26..aa060295f 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc @@ -8,7 +8,11 @@ KCONFIG_MODE="--alldefconfig" KSRC ?= "git://github.com/openbmc/linux;protocol=git;branch=${KBRANCH}" SRC_URI = "${KSRC}" -SRC_URI += " file://defconfig" +SRC_URI += " \ + file://defconfig \ + file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \ + file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \ + " LINUX_VERSION_EXTENSION ?= "-${SRCREV}" diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt new file mode 100644 index 000000000..0e8f25704 --- /dev/null +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt @@ -0,0 +1,35 @@ +# Certificate for the 'Insecure' Kernel fitimage key, required +# by the signing process for U-Boot FIT Signature Validation. +# Please refer to 'rsa_oem_fitimage_key.key' for more info + +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIUMP4fGTalbDhpTcr7sr+VKnUunRUwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA0MjgxMzAzMDhaFw0yMTA1 +MjgxMzAzMDhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDMZ5gF78Jx+yzI4bh0imCi0kgRdljANokDu1DZpa2S +tPybosJk1453fWy8ZEsJupS1l6IPhEvWkehxL4pviADKle1S4yx5vmKV7b+ppKqV +LBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy9yyV6UhIBgutK5bJvQZThzU5ZBtG +g4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2grcTHQquPvyuyT5Xr2utmT2tdNr6D +9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttRhK18vyg0LTPQ4vtVSHnCt2JpVCrV +Vg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e2JmIUtJoONRGUaZCHdJ6R7v8fpgu +uEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJRoBTooxM6RHsJp4s/LTsb+Pdl2sDM +Hno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx+P7tDilH5K6cNTgivbvepfcbNDNl +8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2cYMzF83BchXoljpoyQmXhoi14uDS7 +LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zBiTjMZmz4aANQxlUGZ9sKAlHzQwPv +J+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY3qE3wAIerkGgCgMuVp5XDJAlkO4M +HQIDAQABo1MwUTAdBgNVHQ4EFgQU5Du6F0E1sZpyDCGQswhvPuFlKUQwHwYDVR0j +BBgwFoAU5Du6F0E1sZpyDCGQswhvPuFlKUQwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAYnBJi9l9zvJldrVuVIa7IZQhKlLXuVU2yL3Az3Hr8ejg +FNwF9XdxXDxvBiQatIdZ/fv8ukqo+OBCyw1sE8u668S9ca1rr5+vq2PaxNn//ZLV +zmJ12yZa7SOkJgsWsjNlSwM+VWIbLKC+25nRYuA3S03XcLLmXzxEbxIYFuynds8W +pQqYMn1CZ9y6Yz7MtDo9p+JU1kFqgxocBLKpgcRgqbQ1vWHjE91r10iS6E1N8YAi +EPsO7Nh6DzfhFY4Wo+S9tTZwBL/dKqO4Ft4XPFKA1nEH8ZyGTI3jfRUYn5IaRc7g +5Hy8Mla/n7UvKrZIEitD5fqOvxm2g7Bck28cpr2gH+Cy5q6ivfJkycGRfy6BDfDl +fv41PJSnrrvxNuXB9ylBXat8K0nBPjY8vOr0uFXPzVHC3Rj2e8zD6GsOzFvkyvfQ +qYrUYKVs1U74PMTdu9wc9z+sS1CBvdq2KZPaZImqvctS3VP3mfmqxCHQLYx3WX23 +J0KGpbfmBOtHwcgBHna0ZAY7ImbF47+FL1eHzITVoMagFteEYC4LI4uqsznI2dNi +gjrTmQLnm8DkwvBFwXOa2QyaM2I4Dk+q7+FHwCxiTJdmTnd6LFH5nufmq5oIAy2d +/G0EqPom0AZz1i+Ee90xCjiFLd2vzdv5U+EWKkOjUiM/XdvglrsVCUdQ41gorRo= +-----END CERTIFICATE----- diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key new file mode 100644 index 000000000..d9bc4a748 --- /dev/null +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key @@ -0,0 +1,60 @@ +# Kernel fitImage 'Insecure' key (also known as 'development' or +# 'imprint' key), used to sign development images of the OpenBMC +# Kernel fitImage. This key SHOULD NOT be used to sign +# production images. +# This key is 4096 bits in size and can be used by adjusting +# the UBOOT_SIGN_KEYNAME, UBOOT_SIGN_KEYDIR and FIT_SIGN_ALG +# variables (see uboot-sign.bbclass for more info) + +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDMZ5gF78Jx+yzI +4bh0imCi0kgRdljANokDu1DZpa2StPybosJk1453fWy8ZEsJupS1l6IPhEvWkehx +L4pviADKle1S4yx5vmKV7b+ppKqVLBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy +9yyV6UhIBgutK5bJvQZThzU5ZBtGg4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2g +rcTHQquPvyuyT5Xr2utmT2tdNr6D9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttR +hK18vyg0LTPQ4vtVSHnCt2JpVCrVVg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e +2JmIUtJoONRGUaZCHdJ6R7v8fpguuEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJR +oBTooxM6RHsJp4s/LTsb+Pdl2sDMHno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx ++P7tDilH5K6cNTgivbvepfcbNDNl8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2c +YMzF83BchXoljpoyQmXhoi14uDS7LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zB +iTjMZmz4aANQxlUGZ9sKAlHzQwPvJ+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY +3qE3wAIerkGgCgMuVp5XDJAlkO4MHQIDAQABAoICAQCQ0IgdFJtfI4O8ImcLcgo6 +8N4MORtxunFiCnCickXB3aXmIe61gR43O84wvqGHGABJk09GzQTp1N+oaPUcRW/C +F2xXQAl/i0nPTOxwJPCR1PUGj/RO5LkUJMs/dpBjntE9nPGSZG9cZP1LvaCB6Q/D +rzzQiERBU0FLJkyoB2tnjsXV4pKUeDwBCOv9sqnjpnCFFUyDz0qr67WR0+rI/UwN +AHTV1JqzyZrjFjtLhAB///7h1iIPPNBP5fDCFbuH0avL1Mspi4QYm15Yp7Y93jR+ +mtPOFzHXXwyczk3Tr8TU9i4d1a46iTDpWpsriK78nHeHaFNRzy/z2zai9vP3aC4W +UV0F/57y7KS++lQKG+fZZVz7DcV1CysehL/xxZo+B1RmBXfmWD0hGhnKeIL6jShh +FfILWQ63EgTAMRzvEmOpnW6VemF5IHAA0yYHbfs8uebZrXRf7v3WdyWwK57/d9Gy +YHCNMH3cP1J+/1BCzvNhXBRu/YDLgcPMJFklMm6gOdcsy3lA5GpNIRmOiiGaoYQs +KozLyPlmt7s6dP3VrAnnRXCzm140wMzKAq8L1o1gNOsXV06ig609DUMHUbfxT04W +4anjyiJTvBWrNr2FxOjuZPqleIApZR+GPFm17IFapmlPN7cOrYlXs786a5qyYoED +jdjNh6RWNdDM0iiPVt9VBQKCAQEA+fBvRiphuSnqiSVvosb3gB1bY2phHzLJjTPB +2sx2L9TdBQdv5JMh9ugbJO06CQgT1JLghtB4/CKDAjgAvSayXeNws1KVgpIUQdq4 +Nat6G+UNRtRuCQwrEkiKEmHbMQHdkzirzDPdzgp/tnl/HXDgji9UZEItnSi8OCdM +Ofocp1SHBpdbxDm3OEGH/v46MhT0S+nfL6Y1V8pYBd52tTv+CWh5yDDHtrsDmJfq +tVv6Gs1EOq4L8DcdDQltqf31KXC2YR6ANA4/XvuK+nsObjkj2jHIFrUMzaOWwxxd +mLlLdqy98M3+kiLTzCyhxLY5/WPB1+stgDi9QSYm7cxfnNK3MwKCAQEA0Vx9v84a +TH/2NUGciLTDmrwXZ5Au18JZJk6JYYRsxekT+C8HgGxKz3UY411Bxj2ZDRprrnMh +XCQz0BjOrSpaDnB7mlLUWoo7ykLoDWWarSD4sJjlK6fJm0D3ke4Na8RJNWLUxqoH +wyqx5ikJXc/g8aRFlHWu5g2gkjIp+Tl572xMx/XaT+IJ/ZCZU6Fzq+IBf258Z7Dn +/HowxPgxd63wsZPTo4H+H0xUkjad9ggfurBgGfGUkxCOc2pw/vm4URuQGEHb6aNe +DHoHT/8vI/wsAaLB0aCSq4aWRe/2GVYV1xueWpd8EWM0KE1N7PAMGCjE6AuWd7fU +Ksu+D7onpVjvbwKCAQEAyBE6QUQzrXBsGRQqZHY4MAlP2iiRTdPtmmXPy0DXajpO +IXRukN1l1qq877YlOo2IsiRQLho6fjlx/RivHroXFSi2UhTNMROVu5FE21FEEYgs +NIJfAkcHQz9lpolGV9hScUJv4qmx5vhoeryOkBaG6cnhF9ARizfMUnbCgbY/sYHs +A86s2koI67MpFWiTVPuJAitXSGEXWgrSowAMrc4z73v9382MUC0rF76jVkEl1sZw +0zf2vnaffowJiIWM9XsPwnYT0ZeGCpX4DcDrMDf1BvfKXsLWWNWWHOBb26CXU4u7 +D0MVgAz41Pr1Eu17ReXQiPHsHjNM6xWLG9b4wiO6GQKCAQBibJMJiwE+GaJL4y6N +7j1PD0IJg/UhpdJ3edCIMdNZL3wd3y4tp7t70FcE/KCha+/6AwPAnYt/X92j5SW0 +rwZrZ2IUaQBAGGCHc/DX635OCgQgMaD7ZwQWovJAfqN8mGi6Wl4hj2nazMWZqI0o +t0PPFiVH6BNzP9DPKholemnirw1hrCkYCPIdbM9IS8yvb664k96UeMx3G5K15uCK +nRFcylxisAgh+qZ/noGgWq1f/O8RA0uP3+a4R8AbfpayOr0BSmTyb8UVJIEvkI4+ +4pxloHhx7oVFch5PfsI5owjdebR2bmT7X6HzmHQcAbYN3YzEcj4oxhlOjT4q8p8U +0rytAoIBAC0+u5KwNUYHzgi7nnQeCNwoYnJpo3+8Sm2GKxzntj7omyMJQd9MsvjI +tWdvuwGv04B9WxEz+oY1RDP+5GETd0PrYaDJwIuqbsCHU4g0R5gy0gF5msb07NIw +/+wTTTcYpgUc166KBCTXZk68W86KL2F2i3q4pHx4HB2xYdNnqFjn3Ih7c4sYTuX1 ++iWxOQtgZVwAC6kc/FW1kV0Jhmq5FCsiIExfTRmObmjO/R1lZS5PuzYPmwpbJ/9m +4dlne1W/MIiVLcQgXHnNzFLcOHrLCTR/TLV6l4vVe9BHFnc6OX4Vf/hAwA93sEm0 +xaPMnGMcWU4pg8ytNSMuYDfobC5hPxo= +-----END PRIVATE KEY----- diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb index 9df959114..084606b61 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb @@ -1,6 +1,6 @@ KBRANCH ?= "dev-5.10" -LINUX_VERSION ?= "5.10.30" +LINUX_VERSION ?= "5.10.39" -SRCREV="d538d632fb2046278ff3457994d64d43ee2901c7" +SRCREV="45c6dc0de963bfdd8b468dceeea24f56a8e51424" require linux-aspeed.inc |