From 7ecd9d9f44d59a0e75573912a3055d887b3e0607 Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@aj.id.au>
Date: Tue, 24 May 2022 10:08:30 +0930
Subject: meta-ibm: p10bmc: Drop no-TPM key from OTP configuration

Some cards were built without TPMs populated. However, we signed builds
for these cards. Remove the key corresponding to the signatures on these
builds and sign builds for cards with TPMs populated with a subsequent
key to prevent non-TPM builds from being used on TPM-enabled systems.

Change-Id: I511a310750319b0e3dc2e028285a77d8cf07d7c7
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
---
 .../recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/a3.json    | 11 ++---------
 .../p10bmc/keys/P10BMCAspeedSBPubKey_1.pem                 | 14 --------------
 2 files changed, 2 insertions(+), 23 deletions(-)
 delete mode 100644 meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/keys/P10BMCAspeedSBPubKey_1.pem

(limited to 'meta-ibm/recipes-bsp')

diff --git a/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/a3.json b/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/a3.json
index fdcfd5d81e..cada446379 100644
--- a/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/a3.json
+++ b/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/a3.json
@@ -13,24 +13,17 @@
             },
             {
                 "types": "rsa_pub_oem",
-                "key_pem": "P10BMCAspeedSBPubKey_1.pem",
+                "key_pem": "P10BMCAspeedSBPubKey_2.pem",
                 "offset": "0x240",
                 "number_id": 1,
                 "sha_mode": "SHA512"
             },
             {
                 "types": "rsa_pub_oem",
-                "key_pem": "P10BMCAspeedSBPubKey_2.pem",
+                "key_pem": "P10BMCAspeedSBPubKey_3.pem",
                 "offset": "0x440",
                 "number_id": 2,
                 "sha_mode": "SHA512"
-            },
-            {
-                "types": "rsa_pub_oem",
-                "key_pem": "P10BMCAspeedSBPubKey_3.pem",
-                "offset": "0x640",
-                "number_id": 3,
-                "sha_mode": "SHA512"
             }
         ]
     },
diff --git a/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/keys/P10BMCAspeedSBPubKey_1.pem b/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/keys/P10BMCAspeedSBPubKey_1.pem
deleted file mode 100644
index eeba16b640..0000000000
--- a/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/keys/P10BMCAspeedSBPubKey_1.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtgJW7ar+qtAM3YSYRZBu
-5CNlrZeK//2p45Uwme9bjaFT1T95yvHiK2hwostp0g0Gwa40H2NlRw9V7fEcH+2z
-zpRvyPorgP6rN6gcdvpdkhlrM7ntYoZpqKqstAmsT9xlOL9aYlWZ1mqb31j9WlIz
-wphuWNYKvrS2OvPNFSSWhIXJhekMQCl/b22poydHVslScQDCmUNl4TQXBLpaeVd5
-LqN80JaQEBDZABwBwAfVLbpfgPI5BG0JEiNd77r3AnAp1N7A2oKUBjQK+4ClkqR0
-3zPZ572nEBaXfVRZQsGV0mxwP021I/lncYrlWZrwBxK0fP+VDuIKYcAEmOJ6kEdg
-FfuAgEFJQvlgH45dfHJ6KcN1K4wEU1RHZxho0XnIwrI5GtctTdLl33AfajG0dYKf
-mHUmeli4AS//bjRfR7O2K4mdCMsj06mzXNoTv2wgb/QSkjMUqGLniiaRueuDSiZ0
-/mJfZLCFpZtiVF+wE1meympZqFk+T6j8C5kwCuxB4OqKC7Ec0N6G/NNwQ8m96cFS
-A4SUNAIQGjoSpziqF7N9UNl4rI+kEV/FstXLs7I0eYNpXEts2PDuY+PN+p7wKVrB
-Fet8LI13EAVrJJaKKvF41YXvNlwBxBZ2WBZhhiA/6F0dYcI16mRmnRs+hL7A6adO
-M1JIVupxDJzhQ4+S06VQbSsCAwEAAQ==
------END PUBLIC KEY-----
-- 
cgit v1.2.3