This is not executable code. It should be put into .rodata instead
of .text section.
This produces more correct BL1 image when SEPARATE_CODE_AND_RODATA is
defined.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired. This is not nice.
This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment. UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.
Things work like this:
- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
Users can override ROT_KEY from the command line if they want to
use a specific ROT key.
- ROTPK_HASH is generated based on ROT_KEY.
- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.
- ROT_KEY is input to cert_create tool.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada