adding file to gitlab CI build directory?
Andre Przywara
andre.przywara at arm.com
Fri May 31 19:35:38 CEST 2024
Hi,
some Allwinner devices use some kind of "secure boot", which requires the
SPL image to be build wrapped in a TOC0 format instead of the normal EGON
format. mkimage supports that for a while, but for that to work it
requires some private key in the current directory. This key is easily
generated with "openssl genrsa -out root_key.pem", and mkimage prints that
command when no file is found, so it's easy for users to comply.
However this understandably upsets the gitlab CI, and breaks the build:
https://source.denx.de/u-boot/custodians/u-boot-sunxi/-/jobs/835423
+mkimage (TOC0): error: Failed to read private key from 'root_key.pem'
+mkimage (TOC0): info: Try 'openssl genrsa -out root_key.pem'
+make[2]: *** [scripts/Makefile.spl:446: spl/sunxi-spl.bin] Error 1
+make[2]: *** Deleting file 'spl/sunxi-spl.bin'
+make[1]: *** [Makefile:2089: spl/u-boot-spl] Error 2
+make[1]: *** Deleting file 'spl/u-boot-spl'
+make: *** [Makefile:177: sub-make] Error 2
This prevents me from merging the defconfig for a device requiring secure
boot, so I was wondering what the solution would be?
The actual key is irrelevant for the build, so we could either insert
*some* root_key.pem into the CI build directory, or generate this key on
the fly, using openssl.
I have no clue what would be best or easiest here, or how to pull this
off, so any suggestions are welcome.
Thanks,
Andre
More information about the U-Boot
mailing list