From 6991461283887ae62af4107a19b95edeca7abf9c Mon Sep 17 00:00:00 2001 From: Andrew Jeffery Date: Wed, 4 Aug 2021 12:52:47 +0930 Subject: meta-ibm: p10bmc: Assert that we want the SPL signed by socsec Configure the SOCSEC_SIGN_* variables to sign the SPL and exploit the AST2600 hardware root-of-trust. Note that this doesn't require that secure-boot is enabled on the system, the SoC will bootstrap just fine with the signature in place while secure-boot is disabled. Signing the SPL allows us to switch the systems over to secure-boot at our leisure. Change-Id: I07b5c4afb7bacc040cbdce6c82a0fb3a57d0f7f8 Signed-off-by: Andrew Jeffery --- meta-ibm/conf/machine/p10bmc.conf | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-ibm') diff --git a/meta-ibm/conf/machine/p10bmc.conf b/meta-ibm/conf/machine/p10bmc.conf index 2b7463e28..19de5eec8 100644 --- a/meta-ibm/conf/machine/p10bmc.conf +++ b/meta-ibm/conf/machine/p10bmc.conf @@ -55,5 +55,7 @@ SPL_SIGN_KEYNAME = "rsa_oem_fitimage_key" UBOOT_SIGN_KEYDIR = "${WORKDIR}" SPL_SIGN_KEYDIR = "${WORKDIR}" +SOCSEC_SIGN_ENABLE = "1" + DEBUG_TRIGGERS = "kcs2" PACKAGECONFIG:append:pn-debug-trigger = " triggers" -- cgit v1.2.3