diff options
author | Stefano Manni <stefano.manni@gmail.com> | 2022-07-20 12:15:22 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2022-08-09 09:04:17 +0200 |
commit | f64e6124b4666f347524841d2bb2036d5897c299 (patch) | |
tree | a50f17afe83c881282649a88229768dfe4eb3011 /common | |
parent | 6fff3e73bb62ef18e90ff60ea5d982727252b5f7 (diff) | |
download | barebox-f64e6124b4666f347524841d2bb2036d5897c299.tar.gz barebox-f64e6124b4666f347524841d2bb2036d5897c299.tar.xz |
kbuild: make FIT public key overwritable
The path to the public key used to verify FIT images can be
specified with Kconfig variable. For a better build system
integration we also want to be able to specify the path in
environment variables.
Signed-off-by: Stefano Manni <stefano.manni@gmail.com>
Link: https://lore.barebox.org/02bcbd486b7f41e5dc86bf9d228dcbf6e1fe9957.camel@gmail.com
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common')
-rw-r--r-- | common/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/common/Kconfig b/common/Kconfig index 2292e7bcea..c74723a6d4 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -645,6 +645,21 @@ config BOOTM_FITIMAGE_SIGNATURE Additionally the barebox device tree needs a /signature node with the public key with which the image has been signed. +config BOOTM_FITIMAGE_PUBKEY_ENV + bool "Specify path to public key in environment" + depends on BOOTM_FITIMAGE_SIGNATURE + help + If this option is enabled the path to the public key for verifying + FIT images signature is taken from environment which allows for + better integration with build systems. + + The environment variable has the same name as the corresponding + Kconfig variable: + + CONFIG_BOOTM_FITIMAGE_PUBKEY + +if BOOTM_FITIMAGE_SIGNATURE && !BOOTM_FITIMAGE_PUBKEY_ENV + config BOOTM_FITIMAGE_PUBKEY string "Path to dtsi containing pubkey" default "../fit/pubkey.dtsi" @@ -654,6 +669,8 @@ config BOOTM_FITIMAGE_PUBKEY snippet can then be included in a device tree with "#include CONFIG_BOOTM_FITIMAGE_PUBKEY". +endif + config BOOTM_FORCE_SIGNED_IMAGES bool prompt "Force booting of signed images" |