From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Mon, 9 Jan 2017 08:27:57 -0500 Subject: [U-Boot] [PATCH 1/1] arm: mach-omap2: Fix secure file generation In-Reply-To: <20170106222002.27626-1-afd@ti.com> References: <20170106222002.27626-1-afd@ti.com> Message-ID: <20170109132757.GC7532@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Fri, Jan 06, 2017 at 04:20:02PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway, first fix this > warning to say that it was generated but not secured. > > When the user then exports TI_SECURE_DEV_PKG after getting this warning, > and tries to re-build, 'make' will detect the build artifacts as > unchanged and so assume they do not need to be re-generated. This causes > it to fail to sign the files and it will pack unsigned files into the > final image, even though TI_SECURE_DEV_PKG is now correctly defined and > working. > > Fix this by using FORCE on the targets causes them to be re-run even if > the dependent files have not changed. > > This then causes another issue. We currently rename the signed dtb files > to overwrite the non-signed ones. We do this so the 'mkimage' tool gives > the packaged dtb sections the correct name. If we do not rename the files > then SPL will not find them during boot. > > Fix this by renaming the dtb files by appending _HS to the end of the > filename, after the ".dtb", this causes them to still be named correctly > in the FIT blob. > > Signed-off-by: Andrew F. Davis Applied to u-boot/master, thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: