u-boot-iot2050: Add an explicit env to mark secure boot building

The existence of keys folder implying the secure boot building only applies to scenarios that private key is locally accessible. In cases when a clear private key is not available, an explicit environment to mark the secure boot building is required. Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
siemens · Jun 21, 2024 · a0730b2 · a0730b2
1 parent e8f97aa
commit a0730b2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/recipes-bsp/u-boot/files/rules.tmpl b/recipes-bsp/u-boot/files/rules.tmpl
@@ -10,7 +10,7 @@ SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
 endif
 
 override_dh_auto_build:
-	if [ -e keys ]; then \
+	if [ "${SB_SIGN}" = "1" ]; then \
 		tools/key2dtsi.py -c -s keys/custMpk.pem arch/arm/dts/custMpk.dtsi; \
 	fi
 	$(MAKE) $(PARALLEL_MAKE) ${U_BOOT_CONFIG}
@@ -22,7 +22,7 @@ override_dh_auto_build:
 	else \
 		./scripts/get_default_envs.sh >u-boot-initial-env; \
 	fi
-	if [ -e keys ]; then \
+	if [ "${SB_SIGN}" = "1" ]; then \
 		tools/iot2050-sign-fw.sh keys/custMpk.pem ${FIRMWARE_SECURE_VER}; \
 	fi
 	$(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools

diff --git a/recipes-bsp/u-boot/u-boot-iot2050.inc b/recipes-bsp/u-boot/u-boot-iot2050.inc
@@ -41,8 +41,11 @@ DEBIAN_BUILD_DEPENDS:append:secureboot = ", python3-pycryptodome:native, \
 DEPENDS:append:otpcmd = " secure-boot-otp-provisioning"
 DEBIAN_BUILD_DEPENDS:append:otpcmd = ", secure-boot-otp-provisioning"
 
+SB_SIGN = "0"
+SB_SIGN:secureboot = "1"
+
 TEMPLATE_FILES += "rules.tmpl"
-TEMPLATE_VARS += "FIRMWARE_SECURE_VER"
+TEMPLATE_VARS += "FIRMWARE_SECURE_VER SB_SIGN"
 
 U_BOOT_CONFIG_PACKAGE = "1"