kbuild: make FIT public key overwritable

The path to the public key used to verify FIT images can be
specified with Kconfig variable. For a better build system
integration we also want to be able to specify the path in
environment variables.

Signed-off-by: Stefano Manni <stefano.manni@gmail.com>
Link: https://lore.barebox.org/02bcbd486b7f41e5dc86bf9d228dcbf6e1fe9957.camel@gmail.com
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

1 files changed, 17 insertions, 0 deletions

diff --git a/common/Kconfig b/common/Kconfig
index 2292e7bcea..c74723a6d4 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -645,6 +645,21 @@ config BOOTM_FITIMAGE_SIGNATURE
 	  Additionally the barebox device tree needs a /signature node with the
 	  public key with which the image has been signed.
 
+config BOOTM_FITIMAGE_PUBKEY_ENV
+	bool "Specify path to public key in environment"
+	depends on BOOTM_FITIMAGE_SIGNATURE
+	help
+	  If this option is enabled the path to the public key for verifying
+	  FIT images signature is taken from environment which allows for
+	  better integration with build systems.
+
+	  The environment variable has the same name as the corresponding
+	  Kconfig variable:
+
+	  CONFIG_BOOTM_FITIMAGE_PUBKEY
+
+if BOOTM_FITIMAGE_SIGNATURE && !BOOTM_FITIMAGE_PUBKEY_ENV
+
 config BOOTM_FITIMAGE_PUBKEY
 	string "Path to dtsi containing pubkey"
 	default "../fit/pubkey.dtsi"
@@ -654,6 +669,8 @@ config BOOTM_FITIMAGE_PUBKEY
 	  snippet can then be included in a device tree with
 	  "#include CONFIG_BOOTM_FITIMAGE_PUBKEY".
 
+endif
+
 config BOOTM_FORCE_SIGNED_IMAGES
 	bool
 	prompt "Force booting of signed images"