63634800fc
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info(). It is up to users how to retrieve ROTPK if the ROT verification is desired. This is not nice. This commit improves plat_get_rotpk_info() implementation and automates the ROTPK deployment. UniPhier platform has no ROTPK storage, so it should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case. This makes sense because UniPhier platform implements its internal ROM i.e. BL1 is used as updatable pseudo ROM. Things work like this: - ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing. Users can override ROT_KEY from the command line if they want to use a specific ROT key. - ROTPK_HASH is generated based on ROT_KEY. - ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2. - ROT_KEY is input to cert_create tool. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
||
|---|---|---|
| .. | ||
| arm | ||
| common | ||
| compat | ||
| hisilicon | ||
| mediatek | ||
| nvidia/tegra | ||
| qemu | ||
| rockchip | ||
| socionext/uniphier | ||
| xilinx/zynqmp | ||