[PATCH 1/4] board: phytec: common: k3: Introduce Configs to Sign Images

Daniel Schultz d.schultz at phytec.de
Fri Feb 7 07:51:19 CET 2025 

Private keys to sign bootloader images shouldn't be commit or part
of this repository. Add config entries to use keys located outside
of U-Boot to sign images.

Signed-off-by: Maik Otto <m.otto at phytec.de>
Signed-off-by: Nathan Morrisson <nmorrisson at phytec.com>
Signed-off-by: Daniel Schultz <d.schultz at phytec.de>
---
 board/phytec/common/k3/Kconfig | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/board/phytec/common/k3/Kconfig b/board/phytec/common/k3/Kconfig
index 282f4b79742..19fe927b22e 100644
--- a/board/phytec/common/k3/Kconfig
+++ b/board/phytec/common/k3/Kconfig
@@ -3,3 +3,37 @@ config PHYTEC_K3_DDR_PATCH
 	help
 	   Allow to override default DDR timings prior to
 	   DDRSS driver probing.
+
+config PHYTEC_K3_KEY_BLOB_COPY
+	bool "Copy the MPK key and the degenerate TI key to the build path"
+	default y
+	help
+	   Select how to manage the MPK and degenerate TI keys.
+	   If PHYTEC_K3_KEY_BLOB_COPY is enabled, the keys will be copied into
+	   the U-Boot directory for compatibility with the TI dummy keys
+	   stored there.
+	   If PHYTEC_K3_KEY_BLOB_COPY is disabled, the build will use the
+	   original key directly. It is recommended to use the original key to
+	   avoid unnecessary duplication.
+
+config PHYTEC_K3_MPK_KEY
+	string "Path to customer specific MPK key"
+	default "custMpk.pem" if PHYTEC_K3_KEY_BLOB_COPY
+	default "arch/arm/mach-k3/keys/custMpk.pem" if !PHYTEC_K3_KEY_BLOB_COPY
+	help
+	   Specifies the path to the MPK signing key:
+	   If PHYTEC_K3_KEY_BLOB_COPY is enabled, provide the path to the blob
+	   copy of the original key.
+	   If PHYTEC_K3_KEY_BLOB_COPY is disabled, provide the path to the
+	   original key.
+
+config PHYTEC_K3_DEGENERATE_KEY
+	string "Path to the degenerate TI key"
+	default "ti-degenerate-key.pem" if PHYTEC_K3_KEY_BLOB_COPY
+	default "arch/arm/mach-k3/keys/ti-degenerate-key.pem" if !PHYTEC_K3_KEY_BLOB_COPY
+	help
+	   Specifies the  path to the degenerate key:
+	   If PHYTEC_K3_KEY_BLOB_COPY is enabled, provide the path to the blob
+	   copy of the original key.
+	   If PHYTEC_K3_KEY_BLOB_COPY is disabled, provide the path to the
+	   original key.
-- 
2.25.1

More information about the U-Boot mailing list