[U-Boot] [PATCH 3/3 v3] controlcenterdc: Make secure boot available
Mario Six
mario.six at gdsys.cc
Thu Mar 23 09:45:36 UTC 2017
On Thu, Mar 23, 2017 at 10:31 AM, Stefan Roese <sr at denx.de> wrote:
> Hi Mario,
>
> On 22.02.2017 16:07, Mario Six wrote:
>> Make secure booting available for the controlcenterdc
>> board.
>>
>> Signed-off-by: Reinhard Pfau <reinhard.pfau at gdsys.cc>
>> Signed-off-by: Mario Six <mario.six at gdsys.cc>
>> ---
>> Changes in v3:
>>
>> * Added secure boot options to config to enable secure boot by default
>>
>> Changes in v2:
>>
>> * Moved definition and interpretation of SECURED_MODE_IMAGE and
>> SECURED_MODE_CSK_INDEX to previous patch
>
> When trying to compile with these patches applied, I get this
> error:
>
> [stefan at stefan-work u-boot-marvell (master)]$ make -s -j10
> Couldn't open RSA private key: './kwb_csk.key': No such file or directory
> Failed to load CSK
> Could not create image
> Makefile:982: recipe for target 'u-boot-spl.kwb' failed
>
> We need to find a way, to compile for this board without such errors.
> Perhaps by providing a "default key"? Any ideas?
>
> Thanks,
> Stefan
>
Hi Stefan,
Hm, yes, for automatic building, the need to put the KAK and CSK keys somewhere
is problematic; didn't consider that, sorry.
The easiest way would probably be to have some Makefile check for the existence
of kwb_kak.key and kwb_csk.key in the root directory, and create them if they
don't exists, using
openssl genrsa -out kwb_kak.key 2048 openssl genrsa -out kwb_csk.key 2048
But I am not quite sure where to put those checks/instructions in a
non-disruptive manner.
Best regards,
Mario
More information about the U-Boot
mailing list