Merge branch 'master' into memd_final
diff --git a/openpower/configs/hostboot/witherspoon.config b/openpower/configs/hostboot/witherspoon.config
index b451638..242cbcf 100755
--- a/openpower/configs/hostboot/witherspoon.config
+++ b/openpower/configs/hostboot/witherspoon.config
@@ -69,6 +69,3 @@
unset CONSOLE_OUTPUT_TRACE
set CONSOLE_OUTPUT_FFDCDISPLAY
-unset CONFIG_SECUREBOOT
-unset CONFIG_TPMDD
-unset CONFIG_TPM_NUVOTON
diff --git a/openpower/package/machine-xml/machine-xml.mk b/openpower/package/machine-xml/machine-xml.mk
index af68f47..e335e8b 100644
--- a/openpower/package/machine-xml/machine-xml.mk
+++ b/openpower/package/machine-xml/machine-xml.mk
@@ -116,6 +116,12 @@
define MACHINE_XML_INSTALL_IMAGES_CMDS
mv $(MRW_HB_TOOLS)/targeting.bin $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME)
+ if [ -e $(MRW_HB_TOOLS)/targeting.bin.protected ]; then \
+ mv -v $(MRW_HB_TOOLS)/targeting.bin.protected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).protected; \
+ fi
+ if [ -e $(MRW_HB_TOOLS)/targeting.bin.unprotected ]; then \
+ mv -v $(MRW_HB_TOOLS)/targeting.bin.unprotected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).unprotected; \
+ fi
endef
define MACHINE_XML_INSTALL_TARGET_CMDS
diff --git a/openpower/package/occ/occ.mk b/openpower/package/occ/occ.mk
index a45b1e5..7722263 100644
--- a/openpower/package/occ/occ.mk
+++ b/openpower/package/occ/occ.mk
@@ -5,7 +5,7 @@
################################################################################
OCC_VERSION_BRANCH_MASTER_P8 ?= 28f2cec690b7f19548ce860a8820f519e6c39a6a
-OCC_VERSION_BRANCH_MASTER ?= 6d294258c81494021839f520a63974dd7a828205
+OCC_VERSION_BRANCH_MASTER ?= 71b5f68da8b725f9c5251261b41fd824e652e491
OCC_VERSION ?= $(if $(BR2_OPENPOWER_POWER9),$(OCC_VERSION_BRANCH_MASTER),$(OCC_VERSION_BRANCH_MASTER_P8))
OCC_SITE ?= $(call github,open-power,occ,$(OCC_VERSION))
diff --git a/openpower/package/openpower-pnor/Config.in b/openpower/package/openpower-pnor/Config.in
index be742c4..9360628 100644
--- a/openpower/package/openpower-pnor/Config.in
+++ b/openpower/package/openpower-pnor/Config.in
@@ -12,6 +12,38 @@
help
Utilites for building a targeting binary image
+choice
+ prompt "Secure Boot key transition type"
+ default BR2_OPENPOWER_SECUREBOOT_NO_KEY_TRANSITION
+
+config BR2_OPENPOWER_SECUREBOOT_NO_KEY_TRANSITION
+ bool "None"
+ help
+ Builds a driver that does not transition Secure Boot keys
+
+config BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_DEV
+ bool "Transition existing keys to development keys"
+ help
+ Builds a driver that transitions Secure Boot keys to development keys and
+ powers off the system. Only usable when system security has been
+ disabled.
+
+config BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_PROD
+ bool "Transition development keys to production keys"
+ help
+ Builds a driver that transitions Secure Boot development keys to
+ vendor supplied production keys and powers off the system.
+
+endchoice
+
+config BR2_OPENPOWER_SECUREBOOT_SIGN_MODE
+ string "Secureboot signing mode"
+ help
+ Available options [development | production]
+ Indicates the signing mode when generating the PNOR image. Only
+ applicable when hostboot is compiled with SECUREBOOT compile flag.
+ Default mode is development.
+
config BR2_OPENPOWER_PNOR_XML_LAYOUT_FILENAME
string "Name of Openpower pnor xml layout file"
help
diff --git a/openpower/package/openpower-pnor/openpower-pnor.mk b/openpower/package/openpower-pnor/openpower-pnor.mk
index 94e0b6d..dd08018 100644
--- a/openpower/package/openpower-pnor/openpower-pnor.mk
+++ b/openpower/package/openpower-pnor/openpower-pnor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENPOWER_PNOR_VERSION ?= 1f584629255276586149a6cfe65e4680f99dd773
+OPENPOWER_PNOR_VERSION ?= d73af7e470ff65f7702e602a38f19c0c7a7d3c75
OPENPOWER_PNOR_SITE ?= $(call github,open-power,pnor,$(OPENPOWER_PNOR_VERSION))
OPENPOWER_PNOR_LICENSE = Apache-2.0
@@ -27,6 +27,19 @@
ifeq ($(BR2_OPENPOWER_PNOR_XZ_ENABLED),y)
OPENPOWER_PNOR_DEPENDENCIES += host-xz
+XZ_ARG=-xz_compression
+endif
+
+OPENPOWER_PNOR_DEPENDENCIES += host-sb-signing-utils
+
+ifeq ($(BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_DEV),y)
+KEY_TRANSITION_ARG=-key_transition imprint
+else ifeq ($(BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_PROD),y)
+KEY_TRANSITION_ARG=-key_transition production
+endif
+
+ifneq ($(BR2_OPENPOWER_SECUREBOOT_SIGN_MODE),"")
+SIGN_MODE_ARG=-sign_mode $(BR2_OPENPOWER_SECUREBOOT_SIGN_MODE)
endif
ifeq ($(BR2_OPENPOWER_POWER9),y)
@@ -77,7 +90,11 @@
-wof_binary_filename $(OPENPOWER_MRW_SCRATCH_DIR)/$(BR2_WOFDATA_FILENAME) \
-memd_binary_filename $(OPENPOWER_MRW_SCRATCH_DIR)/$(BR2_MEMDDATA_FILENAME) \
-payload $(BINARIES_DIR)/$(BR2_SKIBOOT_LID_NAME) \
- $(if ($(BR2_OPENPOWER_PNOR_XZ_ENABLED),y),-xz_compression)
+ -payload_filename $(BR2_SKIBOOT_LID_XZ_NAME) \
+ -binary_dir $(BINARIES_DIR) \
+ -bootkernel_filename $(LINUX_IMAGE_NAME) \
+ -pnor_layout $(@D)/"$(OPENPOWER_RELEASE)"Layouts/$(BR2_OPENPOWER_PNOR_XML_LAYOUT_FILENAME) \
+ $(XZ_ARG) $(KEY_TRANSITION_ARG) $(SIGN_MODE_ARG) \
mkdir -p $(STAGING_DIR)/pnor/
$(TARGET_MAKE_ENV) $(@D)/create_pnor_image.pl \
@@ -87,8 +104,8 @@
-hb_image_dir $(HOSTBOOT_IMAGE_DIR) \
-scratch_dir $(OPENPOWER_PNOR_SCRATCH_DIR) \
-outdir $(STAGING_DIR)/pnor/ \
- -payload $(BINARIES_DIR)/$(BR2_SKIBOOT_LID_XZ_NAME) \
- -bootkernel $(BINARIES_DIR)/$(LINUX_IMAGE_NAME) \
+ -payload $(OPENPOWER_PNOR_SCRATCH_DIR)/$(BR2_SKIBOOT_LID_XZ_NAME) \
+ -bootkernel $(OPENPOWER_PNOR_SCRATCH_DIR)/$(LINUX_IMAGE_NAME) \
-sbe_binary_filename $(BR2_HOSTBOOT_BINARY_SBE_FILENAME) \
-sbec_binary_filename $(BR2_HOSTBOOT_BINARY_SBEC_FILENAME) \
-wink_binary_filename $(BR2_HOSTBOOT_BINARY_WINK_FILENAME) \