meta-ibm: Sign p10bmc kernel/uboot with dev key
Use the insecure key provided by commit '748d586bc1 meta-aspeed: Add
development key for Kernel sign' to sign both the Kernel as well as
U-Boot fitImages. This is used for U-Boot FIT Signature Verification
using a known key, fit for development purposes. For production
purposes, a secure private key must be used.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: If0c39f4aa17e6eaa5f6952a90283457f252a64d3
diff --git a/meta-ibm/conf/machine/p10bmc.conf b/meta-ibm/conf/machine/p10bmc.conf
index 5206c27..2db74ef 100644
--- a/meta-ibm/conf/machine/p10bmc.conf
+++ b/meta-ibm/conf/machine/p10bmc.conf
@@ -35,3 +35,20 @@
SKIP_BROKEN_MRW = "1"
IMAGE_FEATURES_remove = "obmc-ikvm"
+
+UBOOT_SIGN_ENABLE = "1"
+SPL_SIGN_ENABLE = "1"
+
+FIT_HASH_ALG = "sha512"
+FIT_SIGN_ALG = "rsa4096"
+FIT_SIGN_NUMBITS = "4096"
+UBOOT_FITIMAGE_ENABLE = "1"
+UBOOT_FIT_HASH_ALG = "sha512"
+UBOOT_FIT_SIGN_ALG = "rsa4096"
+UBOOT_FIT_SIGN_NUMBITS = "4096"
+
+UBOOT_SIGN_KEYNAME = "rsa_oem_fitimage_key"
+SPL_SIGN_KEYNAME = "rsa_oem_fitimage_key"
+
+UBOOT_SIGN_KEYDIR = "${WORKDIR}"
+SPL_SIGN_KEYDIR = "${WORKDIR}"