diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-09-28 22:55:54 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-10-10 13:31:54 -0400 |
| commit | bc5682af46e7bb2db079ce72ed51c18231d22bb8 (patch) | |
| tree | 2b36689cdcecc21d0200a0a88e1a4f03e77d62a7 /src/build/buildpnor/genPnorImages.pl | |
| parent | 866719ea430f19542cd448d099eaa6b7efd5a5ea (diff) | |
| download | talos-hostboot-bc5682af46e7bb2db079ce72ed51c18231d22bb8.tar.gz talos-hostboot-bc5682af46e7bb2db079ce72ed51c18231d22bb8.zip | |
Secure Boot: Remove requirement to specify production config file
RTC: 177220
Change-Id: I6dde362df4d8a441d950071333b64f014e819267
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46916
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/build/buildpnor/genPnorImages.pl')
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 7681023a4..beaa81e03 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -120,7 +120,6 @@ my $key_transition = ""; my $help = 0; my %partitionsToCorrupt = (); my $sign_mode = $DEVELOPMENT; -my $sb_signing_config_file = ""; my $hwKeyHashFile = ""; my $hb_standalone=""; @@ -140,7 +139,6 @@ GetOptions("binDir:s" => \$bin_dir, "key-transition:s" => \$key_transition, "corrupt:s" => \%partitionsToCorrupt, "sign-mode:s" => \$sign_mode, - "sb-signing-config-file:s" => \$sb_signing_config_file, "hwKeyHashFile:s" => \$hwKeyHashFile, "hb-standalone" => \$hb_standalone, "lab-security-override!" => \$labSecurityOverride, @@ -172,12 +170,6 @@ else die "Invalid signing mode = $sign_mode"; } -# Secure boot signing config file only required in production mode. -if ($signMode{$PRODUCTION}) -{ - die "SB signing config file path not provided" if ($sb_signing_config_file eq ""); -} - # Put key transition input into a hash and ensure a valid key transition mode my %keyTransition = ( enabled => 0, $IMPRINT => 0, @@ -280,13 +272,12 @@ if ($keyTransition{enabled}) ### Open POWER signing my $OPEN_SIGN_REQUEST= - "$SIGNING_DIR/crtSignedContainer.sh --scratchDir $bin_dir"; + "$SIGNING_DIR/crtSignedContainer.sh --scratchDir $bin_dir "; # By default key transition container is unused my $OPEN_SIGN_KEY_TRANS_REQUEST = $OPEN_SIGN_REQUEST; # Production signing parameters -my $OPEN_PRD_SIGN_PARAMS = "--mode production " - . " --sign-project-config $sb_signing_config_file"; +my $OPEN_PRD_SIGN_PARAMS = "--mode production "; # Imprint key signing parameters. In a non-secure compile, omit the keys to # generate a secure header without signatures @@ -1292,7 +1283,6 @@ print <<"ENDUSAGE"; --key-transition <imprint|production> Indicates a key transition is needed and creates a secureboot key transition container. Note: "--sign-mode production" is not allowed with "--key-transition imprint" With [--test] will transition to test dev keys, which are a fixed permutation of imprint keys. - --sb-signing-config-file Path to ini-formatted config file for production signing --lab-security-override If signing SBE image, set bit in signing header which turns on security override checking in the SBE the next time it is |
