From bf97bbd459bde95346a00ca85e3f7995feb2d098 Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@aj.id.au>
Date: Thu, 26 Aug 2021 10:26:03 +0930
Subject: meta-aspeed: socsec-sign: Make invalid key configuration fatal

Building the SPL and "silently" leaving it unsigned gives us a build
that cannot be booted on systems that have secure-boot enabled.

Change-Id: Ie788a04ef35c7031897a2bfa7d348caa4292305d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
---
 meta-aspeed/classes/socsec-sign.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta-aspeed')

diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass
index b5866e29e..0af88d9f5 100644
--- a/meta-aspeed/classes/socsec-sign.bbclass
+++ b/meta-aspeed/classes/socsec-sign.bbclass
@@ -23,7 +23,8 @@ sign_spl_helper() {
     if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then
         echo "Warning: SPL signing is only supported on AST2600 boards"
     elif [ ! -e "${SOCSEC_SIGN_KEY}" ] ; then
-        echo "Warning: Invalid socsec signing key - SPL verified boot won't be available"
+        echo "Error: Invalid socsec signing key: ${SOCSEC_SIGN_KEY}"
+        exit 1
     else
         rm -f ${SPL_BINARY}.staged
 
-- 
cgit v1.2.3