meta-ibm: p10bmc: Assert that we want the SPL signed by socsec Configure the SOCSEC_SIGN_* variables to sign the SPL and exploit the AST2600 hardware root-of-trust. Note that this doesn't require that secure-boot is enabled on the system, the SoC will bootstrap just fine with the signature in place while secure-boot is disabled. Signing the SPL allows us to switch the systems over to secure-boot at our leisure. Change-Id: I07b5c4afb7bacc040cbdce6c82a0fb3a57d0f7f8 Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

commit: 6991461283887ae62af4107a19b95edeca7abf9c [log] [tgz]
author: Andrew Jeffery <andrew@aj.id.au> Wed Aug 04 12:52:47 2021 +0930
committer: Andrew Jeffery <andrew@aj.id.au> Tue Aug 17 06:28:27 2021 +0000
tree: fe0c0e91082be8edff9bd9f5417eb495bd55dbb9
parent: f77919abfe6505a3b29db1efab49b077c10afe4d [diff]
diff --git a/meta-ibm/conf/machine/p10bmc.conf b/meta-ibm/conf/machine/p10bmc.conf
index 2b7463e..19de5ee 100644
--- a/meta-ibm/conf/machine/p10bmc.conf
+++ b/meta-ibm/conf/machine/p10bmc.conf

@@ -55,5 +55,7 @@
 UBOOT_SIGN_KEYDIR = "${WORKDIR}"
 SPL_SIGN_KEYDIR = "${WORKDIR}"
 
+SOCSEC_SIGN_ENABLE = "1"
+
 DEBUG_TRIGGERS = "kcs2"
 PACKAGECONFIG:append:pn-debug-trigger = " triggers"
commit	6991461283887ae62af4107a19b95edeca7abf9c	[log] [tgz]
author	Andrew Jeffery <andrew@aj.id.au>	Wed Aug 04 12:52:47 2021 +0930
committer	Andrew Jeffery <andrew@aj.id.au>	Tue Aug 17 06:28:27 2021 +0000
tree	fe0c0e91082be8edff9bd9f5417eb495bd55dbb9
parent	f77919abfe6505a3b29db1efab49b077c10afe4d [diff]