From 228fadb17e1e9ed82b8d0b9848757a106510a365 Mon Sep 17 00:00:00 2001 From: Klaus Heinrich Kiwi Date: Wed, 28 Apr 2021 10:54:07 -0300 Subject: meta-ibm: Sign p10bmc kernel/uboot with dev key Use the insecure key provided by commit '748d586bc1 meta-aspeed: Add development key for Kernel sign' to sign both the Kernel as well as U-Boot fitImages. This is used for U-Boot FIT Signature Verification using a known key, fit for development purposes. For production purposes, a secure private key must be used. Signed-off-by: Klaus Heinrich Kiwi Change-Id: If0c39f4aa17e6eaa5f6952a90283457f252a64d3 --- meta-ibm/conf/machine/p10bmc.conf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/meta-ibm/conf/machine/p10bmc.conf b/meta-ibm/conf/machine/p10bmc.conf index 5206c27c5..2db74eff2 100644 --- a/meta-ibm/conf/machine/p10bmc.conf +++ b/meta-ibm/conf/machine/p10bmc.conf @@ -35,3 +35,20 @@ PREFERRED_PROVIDER_virtual/phosphor-fan-presence-config_df-mrw = \ SKIP_BROKEN_MRW = "1" IMAGE_FEATURES_remove = "obmc-ikvm" + +UBOOT_SIGN_ENABLE = "1" +SPL_SIGN_ENABLE = "1" + +FIT_HASH_ALG = "sha512" +FIT_SIGN_ALG = "rsa4096" +FIT_SIGN_NUMBITS = "4096" +UBOOT_FITIMAGE_ENABLE = "1" +UBOOT_FIT_HASH_ALG = "sha512" +UBOOT_FIT_SIGN_ALG = "rsa4096" +UBOOT_FIT_SIGN_NUMBITS = "4096" + +UBOOT_SIGN_KEYNAME = "rsa_oem_fitimage_key" +SPL_SIGN_KEYNAME = "rsa_oem_fitimage_key" + +UBOOT_SIGN_KEYDIR = "${WORKDIR}" +SPL_SIGN_KEYDIR = "${WORKDIR}" -- cgit v1.2.3