Gitiles
Code Review Sign In
gerrit.openbmc.org / premsjha / op-build / 54decebd1937dd609777edd3575a93307d8050bc^! / . / openpower / package / machine-xml / machine-xml.mk
commit54decebd1937dd609777edd3575a93307d8050bc[log] [tgz]
authorNick Bofferding <bofferdn@us.ibm.com>Wed Jun 28 23:07:35 2017 -0500
committerNick Bofferding <bofferdn@us.ibm.com>Fri Aug 11 01:16:57 2017 -0500
treebf67c3973b252031fbfb49825e18e7b038f86dad
parent5c8aa950e251eedcc283db809b7e8561a6c200fb [diff] [blame]
Secure Boot: Add machine-xml and PNOR support for signing

- For Secure Boot compile, export protected/unprotected targeting binaries
- Add Secure Boot policies to PNOR package
- Pass Secure Boot policies to PNOR packaging tools
- Opportunistically move targeting protected/unprotected sections
- Remove bad secureboot config options from WS hostboot config
- Point to PNOR commit that supports secureboot signing
- Support key transitioning to development keys

Signed-off-by: Nick Bofferding <bofferdn@us.ibm.com>

diff --git a/openpower/package/machine-xml/machine-xml.mk b/openpower/package/machine-xml/machine-xml.mk
index 91febce..8035a18 100644
--- a/openpower/package/machine-xml/machine-xml.mk
+++ b/openpower/package/machine-xml/machine-xml.mk

@@ -103,12 +103,16 @@
 			$(MRW_HB_TOOLS)/wof-tables-img --create $(MRW_SCRATCH)/wof_output $(MRW_SCRATCH)/wofdata; \
         fi
 
-
-
 endef
 
 define MACHINE_XML_INSTALL_IMAGES_CMDS
         mv $(MRW_HB_TOOLS)/targeting.bin $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME)
+        if [ -e $(MRW_HB_TOOLS)/targeting.bin.protected ]; then \
+            mv -v $(MRW_HB_TOOLS)/targeting.bin.protected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).protected; \
+        fi
+        if [ -e $(MRW_HB_TOOLS)/targeting.bin.unprotected ]; then \
+            mv -v $(MRW_HB_TOOLS)/targeting.bin.unprotected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).unprotected; \
+        fi
 endef
 
 define MACHINE_XML_INSTALL_TARGET_CMDS