Secure Boot: Fix parallel and multiple pass image signing issues

Change-Id: Id88717a7647cf916a4aaad652d70807d5027cb33
RTC: 180781
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49655
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
index 5d5d207d2..f610f38a0 100755
--- a/src/build/buildpnor/genPnorImages.pl
+++ b/src/build/buildpnor/genPnorImages.pl
@@ -597,6 +597,19 @@ sub manipulateImages
         my $componentId = convertEyecatchToCompId($eyeCatch);
         $CUR_OPEN_SIGN_REQUEST .= " --sign-project-FW-token $componentId ";
 
+        # @TODO RTC 182358
+        # This is a tactical workaround for the signing tooling not being
+        # able to handle muliple different platform binary contents for the same
+        # component ID.  The signing tooling should be modified to tolerate this
+        # scenario, at which point the workaround can be removed.
+        if ($buildType eq "fspbuild")
+        {
+            my @signatureFiles=
+                glob("$bin_dir/SIGNTOOL_*/$componentId/*sig_p.raw");
+            print "Deleting @signatureFiles\n";
+            unlink @signatureFiles;
+        }
+
         # Used for corrupting partitions. By default all protected offsets start
         # immediately after the container header which is size = PAGE_SIZE.
         # *Note: this is before ECC.