diff options
author | Andrew Jeffery <andrew@aj.id.au> | 2022-01-27 02:49:17 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2022-02-16 04:46:50 +0300 |
commit | 8c8fb8b83a78870c2555acc33ec4ed91183bcacd (patch) | |
tree | f59e14d48500c2b3c97d49f20206a45ab073844b /meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend | |
parent | db5648e6d91ef3c76ca00a85a65532c3163d4752 (diff) | |
download | openbmc-8c8fb8b83a78870c2555acc33ec4ed91183bcacd.tar.xz |
meta-ibm: p10bmc: Add otptool configuration
Some addition development details must be managed in this bbappend due
to co-development of the AST2600 and IBM p10bmc designs. IBM did bringup
of secure-boot on pre-production AST2600 silicon and this shaped how the
platform's OTP was configured.
The PEM files represent the public portion of the IBM signing key-pairs
for p10bmc systems. These are included to provide a canonical location
for the production OTP image artifact.
Change-Id: I7caa6cfd5848b1d671ef95f8031b76088673900a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Diffstat (limited to 'meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend')
-rw-r--r-- | meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend b/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend new file mode 100644 index 0000000000..2a99328e38 --- /dev/null +++ b/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bbappend @@ -0,0 +1,20 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI:append:p10bmc = " file://a3.json file://keys/" + +OTPTOOL_CONFIG:p10bmc = "${WORKDIR}/a3.json" +OTPTOOL_KEY_DIR:p10bmc = "${WORKDIR}/keys/" + +# !!! Do not copy p10bmc's use of little-endian key ordering !!! +# +# The prefered order for production silicon is big-endian. Little-endian is necessary for p10bmc +# platforms due to development history involving pre-production AST2600 silicon. More discussion +# here: +# +# https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/50716 +SOCSEC_SIGN_EXTRA_OPTS = "--rsa_key_order=little" + +do_deploy:prepend:p10bmc() { + # otptool needs access to the public and private socsec signing keys in the keys/ directory + openssl rsa -in ${SOCSEC_SIGN_KEY} -pubout > ${WORKDIR}/keys/rsa_pub_oem_dss_key.pem +} |