diff options
| author | e-liner <e-liner@users.noreply.github.com> | 2017-08-11 11:24:30 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-11 11:24:30 -0500 |
| commit | 4509473697b0cb6ad1b936544bd3c73970040e49 (patch) | |
| tree | ff7ad8c14cd7d64da1e6f16e406a3e937ccba9fc | |
| parent | 02c8819d46b66992af84d71244d6b41eefbef90a (diff) | |
| parent | 403e6002a0d7e1e87ca9c415d9e149545ce544f1 (diff) | |
| download | talos-op-build-4509473697b0cb6ad1b936544bd3c73970040e49.tar.gz talos-op-build-4509473697b0cb6ad1b936544bd3c73970040e49.zip | |
Merge branch 'master' into memd_final
| -rwxr-xr-x | openpower/configs/hostboot/witherspoon.config | 3 | ||||
| -rw-r--r-- | openpower/package/machine-xml/machine-xml.mk | 6 | ||||
| -rw-r--r-- | openpower/package/occ/occ.mk | 2 | ||||
| -rw-r--r-- | openpower/package/openpower-pnor/Config.in | 32 | ||||
| -rw-r--r-- | openpower/package/openpower-pnor/openpower-pnor.mk | 25 |
5 files changed, 60 insertions, 8 deletions
diff --git a/openpower/configs/hostboot/witherspoon.config b/openpower/configs/hostboot/witherspoon.config index b4516381..242cbcf8 100755 --- a/openpower/configs/hostboot/witherspoon.config +++ b/openpower/configs/hostboot/witherspoon.config @@ -69,6 +69,3 @@ unset HOST_HCDB_SUPPORT unset CONSOLE_OUTPUT_TRACE set CONSOLE_OUTPUT_FFDCDISPLAY -unset CONFIG_SECUREBOOT -unset CONFIG_TPMDD -unset CONFIG_TPM_NUVOTON diff --git a/openpower/package/machine-xml/machine-xml.mk b/openpower/package/machine-xml/machine-xml.mk index af68f47d..e335e8b1 100644 --- a/openpower/package/machine-xml/machine-xml.mk +++ b/openpower/package/machine-xml/machine-xml.mk @@ -116,6 +116,12 @@ endef define MACHINE_XML_INSTALL_IMAGES_CMDS mv $(MRW_HB_TOOLS)/targeting.bin $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME) + if [ -e $(MRW_HB_TOOLS)/targeting.bin.protected ]; then \ + mv -v $(MRW_HB_TOOLS)/targeting.bin.protected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).protected; \ + fi + if [ -e $(MRW_HB_TOOLS)/targeting.bin.unprotected ]; then \ + mv -v $(MRW_HB_TOOLS)/targeting.bin.unprotected $(MRW_HB_TOOLS)/$(BR2_OPENPOWER_TARGETING_BIN_FILENAME).unprotected; \ + fi endef define MACHINE_XML_INSTALL_TARGET_CMDS diff --git a/openpower/package/occ/occ.mk b/openpower/package/occ/occ.mk index a45b1e5e..7722263e 100644 --- a/openpower/package/occ/occ.mk +++ b/openpower/package/occ/occ.mk @@ -5,7 +5,7 @@ ################################################################################ OCC_VERSION_BRANCH_MASTER_P8 ?= 28f2cec690b7f19548ce860a8820f519e6c39a6a -OCC_VERSION_BRANCH_MASTER ?= 6d294258c81494021839f520a63974dd7a828205 +OCC_VERSION_BRANCH_MASTER ?= 71b5f68da8b725f9c5251261b41fd824e652e491 OCC_VERSION ?= $(if $(BR2_OPENPOWER_POWER9),$(OCC_VERSION_BRANCH_MASTER),$(OCC_VERSION_BRANCH_MASTER_P8)) OCC_SITE ?= $(call github,open-power,occ,$(OCC_VERSION)) diff --git a/openpower/package/openpower-pnor/Config.in b/openpower/package/openpower-pnor/Config.in index be742c46..93606280 100644 --- a/openpower/package/openpower-pnor/Config.in +++ b/openpower/package/openpower-pnor/Config.in @@ -12,6 +12,38 @@ config BR2_PACKAGE_OPENPOWER_PNOR help Utilites for building a targeting binary image +choice + prompt "Secure Boot key transition type" + default BR2_OPENPOWER_SECUREBOOT_NO_KEY_TRANSITION + +config BR2_OPENPOWER_SECUREBOOT_NO_KEY_TRANSITION + bool "None" + help + Builds a driver that does not transition Secure Boot keys + +config BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_DEV + bool "Transition existing keys to development keys" + help + Builds a driver that transitions Secure Boot keys to development keys and + powers off the system. Only usable when system security has been + disabled. + +config BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_PROD + bool "Transition development keys to production keys" + help + Builds a driver that transitions Secure Boot development keys to + vendor supplied production keys and powers off the system. + +endchoice + +config BR2_OPENPOWER_SECUREBOOT_SIGN_MODE + string "Secureboot signing mode" + help + Available options [development | production] + Indicates the signing mode when generating the PNOR image. Only + applicable when hostboot is compiled with SECUREBOOT compile flag. + Default mode is development. + config BR2_OPENPOWER_PNOR_XML_LAYOUT_FILENAME string "Name of Openpower pnor xml layout file" help diff --git a/openpower/package/openpower-pnor/openpower-pnor.mk b/openpower/package/openpower-pnor/openpower-pnor.mk index 94e0b6dd..dd08018f 100644 --- a/openpower/package/openpower-pnor/openpower-pnor.mk +++ b/openpower/package/openpower-pnor/openpower-pnor.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENPOWER_PNOR_VERSION ?= 1f584629255276586149a6cfe65e4680f99dd773 +OPENPOWER_PNOR_VERSION ?= d73af7e470ff65f7702e602a38f19c0c7a7d3c75 OPENPOWER_PNOR_SITE ?= $(call github,open-power,pnor,$(OPENPOWER_PNOR_VERSION)) OPENPOWER_PNOR_LICENSE = Apache-2.0 @@ -27,6 +27,19 @@ endif ifeq ($(BR2_OPENPOWER_PNOR_XZ_ENABLED),y) OPENPOWER_PNOR_DEPENDENCIES += host-xz +XZ_ARG=-xz_compression +endif + +OPENPOWER_PNOR_DEPENDENCIES += host-sb-signing-utils + +ifeq ($(BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_DEV),y) +KEY_TRANSITION_ARG=-key_transition imprint +else ifeq ($(BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_PROD),y) +KEY_TRANSITION_ARG=-key_transition production +endif + +ifneq ($(BR2_OPENPOWER_SECUREBOOT_SIGN_MODE),"") +SIGN_MODE_ARG=-sign_mode $(BR2_OPENPOWER_SECUREBOOT_SIGN_MODE) endif ifeq ($(BR2_OPENPOWER_POWER9),y) @@ -77,7 +90,11 @@ define OPENPOWER_PNOR_INSTALL_IMAGES_CMDS -wof_binary_filename $(OPENPOWER_MRW_SCRATCH_DIR)/$(BR2_WOFDATA_FILENAME) \ -memd_binary_filename $(OPENPOWER_MRW_SCRATCH_DIR)/$(BR2_MEMDDATA_FILENAME) \ -payload $(BINARIES_DIR)/$(BR2_SKIBOOT_LID_NAME) \ - $(if ($(BR2_OPENPOWER_PNOR_XZ_ENABLED),y),-xz_compression) + -payload_filename $(BR2_SKIBOOT_LID_XZ_NAME) \ + -binary_dir $(BINARIES_DIR) \ + -bootkernel_filename $(LINUX_IMAGE_NAME) \ + -pnor_layout $(@D)/"$(OPENPOWER_RELEASE)"Layouts/$(BR2_OPENPOWER_PNOR_XML_LAYOUT_FILENAME) \ + $(XZ_ARG) $(KEY_TRANSITION_ARG) $(SIGN_MODE_ARG) \ mkdir -p $(STAGING_DIR)/pnor/ $(TARGET_MAKE_ENV) $(@D)/create_pnor_image.pl \ @@ -87,8 +104,8 @@ define OPENPOWER_PNOR_INSTALL_IMAGES_CMDS -hb_image_dir $(HOSTBOOT_IMAGE_DIR) \ -scratch_dir $(OPENPOWER_PNOR_SCRATCH_DIR) \ -outdir $(STAGING_DIR)/pnor/ \ - -payload $(BINARIES_DIR)/$(BR2_SKIBOOT_LID_XZ_NAME) \ - -bootkernel $(BINARIES_DIR)/$(LINUX_IMAGE_NAME) \ + -payload $(OPENPOWER_PNOR_SCRATCH_DIR)/$(BR2_SKIBOOT_LID_XZ_NAME) \ + -bootkernel $(OPENPOWER_PNOR_SCRATCH_DIR)/$(LINUX_IMAGE_NAME) \ -sbe_binary_filename $(BR2_HOSTBOOT_BINARY_SBE_FILENAME) \ -sbec_binary_filename $(BR2_HOSTBOOT_BINARY_SBEC_FILENAME) \ -wink_binary_filename $(BR2_HOSTBOOT_BINARY_WINK_FILENAME) \ |
