diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-06-28 13:58:39 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-07-11 16:14:07 -0400 |
| commit | 758d829b631b0d956661ba6d6af6ed1eea83bffe (patch) | |
| tree | de06c29089fe2f19518f4f1a640d27c5dca8d8b2 /src/build/buildpnor/genPnorImages.pl | |
| parent | 39649c7d1556a93bd82625cc42aca470939dbbdb (diff) | |
| download | talos-hostboot-758d829b631b0d956661ba6d6af6ed1eea83bffe.tar.gz talos-hostboot-758d829b631b0d956661ba6d6af6ed1eea83bffe.zip | |
Support open signing tool argument changes
- Added extra dash to open signing tool command line arguments
Change-Id: I2aad97868455da7ae8daa6d8effa6ad385fee057
RTC: 174017
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42562
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/build/buildpnor/genPnorImages.pl')
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index e3aa776f8..b2cf01d1e 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -71,11 +71,10 @@ use constant VFS_MODULE_TABLE_ENTRY_SIZE => 112; # VFS Module table max size use constant VFS_MODULE_TABLE_MAX_SIZE => VFS_EXTENDED_MODULE_MAX * VFS_MODULE_TABLE_ENTRY_SIZE; - # Flag parameter string passed into signing tools # Note spaces before/after are critical. use constant LOCAL_SIGNING_FLAG => " -flag "; -use constant OP_SIGNING_FLAG => " -flags "; +use constant OP_SIGNING_FLAG => " --flags "; # Security bits HW flag strings use constant OP_BUILD_FLAG => 0x80000000; use constant FIPS_BUILD_FLAG => 0x40000000; @@ -278,7 +277,7 @@ if ($keyTransition{enabled}) } ### Open POWER signing -my $OPEN_SIGN_REQUEST="$SIGNING_DIR/crtSignedContainer.pl "; +my $OPEN_SIGN_REQUEST="$SIGNING_DIR/crtSignedContainer.sh "; # By default key transition container is unused my $OPEN_SIGN_KEY_TRANS_REQUEST = $OPEN_SIGN_REQUEST; @@ -286,10 +285,10 @@ my $OPEN_SIGN_KEY_TRANS_REQUEST = $OPEN_SIGN_REQUEST; my $OPEN_PRD_SIGN_PARAMS = "--mode production " . " --sign-project-config $sb_signing_config_file"; # Imprint key signing parameters -my $OPEN_DEV_SIGN_PARAMS = " -hwPrivKeyA $DEV_KEY_DIR/hw_key_a.key " - . "-hwPrivKeyB $DEV_KEY_DIR/hw_key_b.key " - . "-hwPrivKeyC $DEV_KEY_DIR/hw_key_c.key " - . "-swPrivKeyP $DEV_KEY_DIR/sw_key_a.key"; +my $OPEN_DEV_SIGN_PARAMS = " --hwPrivKeyA $DEV_KEY_DIR/hw_key_a.key " + . "--hwPrivKeyB $DEV_KEY_DIR/hw_key_b.key " + . "--hwPrivKeyC $DEV_KEY_DIR/hw_key_c.key " + . "--swPrivKeyP $DEV_KEY_DIR/sw_key_a.key"; # Handle key transition and production signing logic # If in production mode, key transition is not supported yet @@ -505,7 +504,7 @@ sub manipulateImages HBB_SW_SIG_FILE => "$bin_dir/$parallelPrefix.hbb_sw_sig.bin" ); - foreach my $key (sort partitionDepSort keys %{$i_binFilesRef}) + foreach my $key (sort partitionDepSort keys %{$i_binFilesRef}) { my %callerHwHdrFields = ( configure => 0, @@ -668,8 +667,8 @@ sub manipulateImages if($openSigningTool) { run_command("$CUR_OPEN_SIGN_REQUEST " - . "-protectedPayload $tempImages{PAYLOAD_TEXT} " - . "-out $tempImages{PROTECTED_PAYLOAD}"); + . "--protectedPayload $tempImages{PAYLOAD_TEXT} " + . "--out $tempImages{PROTECTED_PAYLOAD}"); } else { @@ -686,8 +685,8 @@ sub manipulateImages if($openSigningTool) { run_command("$CUR_OPEN_SIGN_REQUEST " - . "-protectedPayload $bin_file.protected " - . "-out $tempImages{PROTECTED_PAYLOAD}"); + . "--protectedPayload $bin_file.protected " + . "--out $tempImages{PROTECTED_PAYLOAD}"); } else { @@ -703,11 +702,11 @@ sub manipulateImages if($openSigningTool) { my $codeStartOffset = ($eyeCatch eq "HBB") ? - "-code-start-offset 0x00000180" : ""; + "--code-start-offset 0x00000180" : ""; run_command("$CUR_OPEN_SIGN_REQUEST " . "$codeStartOffset " - . "-protectedPayload $bin_file " - . "-out $tempImages{HDR_PHASE}"); + . "--protectedPayload $bin_file " + . "--out $tempImages{HDR_PHASE}"); } else { @@ -745,8 +744,8 @@ sub manipulateImages if($openSigningTool) { run_command("$CUR_OPEN_SIGN_REQUEST " - . "-protectedPayload $bin_file " - . "-out $tempImages{HDR_PHASE}"); + . "--protectedPayload $bin_file " + . "--out $tempImages{HDR_PHASE}"); } else { @@ -1135,12 +1134,12 @@ sub create_sb_key_transition_container # Create a signed container with new production keys run_command("$OPEN_SIGN_KEY_TRANS_REQUEST".OP_SIGNING_FLAG - . "$sb_hdrs{SBKT}{inner}{flags} -protectedPayload $tempImages{RAND_BLOB} " - . "-out $tempImages{PRD_KEY_FILE}"); + . "$sb_hdrs{SBKT}{inner}{flags} --protectedPayload $tempImages{RAND_BLOB} " + . "--out $tempImages{PRD_KEY_FILE}"); # Sign new production key container with imprint keys run_command("$OPEN_SIGN_REQUEST ".OP_SIGNING_FLAG - . "$sb_hdrs{SBKT}{outer}{flags} -protectedPayload $tempImages{PRD_KEY_FILE} " - . "-out $o_file"); + . "$sb_hdrs{SBKT}{outer}{flags} --protectedPayload $tempImages{PRD_KEY_FILE} " + . "--out $o_file"); } else { |
