diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2016-08-26 17:40:17 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-07 00:16:56 -0700 |
commit | 834207c4854a9f15e4deb9f3a7a03677feed7e68 (patch) | |
tree | eaf9f6c14e2b32480e04d8dc546e939e51f53e33 /Makefile.rules | |
parent | 3392ad70d0d73788f1c24edbb08ddc30a93a0223 (diff) | |
download | chrome-ec-834207c4854a9f15e4deb9f3a7a03677feed7e68.tar.gz |
cr50: provide build mode for signing with fob
We don't really have the ability to build the latest signer yet, but
this should not stop us from being able to build a properly signed
image using the ec makefiles.
As a stopgap measure the suggestion is to keep the latest signer
binary in ~/bin/codesigner in chroot, then with this patch applied
invoking make with CR50_DEV=1 will cause the proper sighner used and
proper signing procedure followed.
The signed targets need to be built in series to avoid concurrent use
of the signer fob, an addition dependency is being added to enforce
that.
BRANCH=none
BUG=chrome-os-partner:55557
TEST=ran make as follows:
CR50_DEV=1 make BOARD=cr50
touched the fob when requested, uploaded the generated
build/cr50/ec.bin on a kevin-tpm2 using usb_updater, and observed
it boot properly with the new version.
Change-Id: Ia9494bdc60b4bd3b8e5e09cbcbd8b27409c739d2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/376885
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'Makefile.rules')
-rw-r--r-- | Makefile.rules | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Makefile.rules b/Makefile.rules index d2a151205b..565c95c34d 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -45,8 +45,8 @@ cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \ # Allow the .roshared section to overlap other sections (itself) cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \ -O binary $< $@ -cmd_elf_to_signed ?= sudo $(out)/util/signer --key=util/signer/$(3) \ - --input=$< --format=bin --output=$@.signed $(SIG_EXTRA) \ +cmd_elf_to_signed ?= sudo $(SIGNER) --key=util/signer/$(3) \ + --input=$< --format=bin --output=$@.signed $(SIGNER_EXTRAS) \ && sudo chown $(shell whoami) $@.signed && mv $@.signed $@ cmd_elf_to_dis = $(OBJDUMP) -D $< > $@ cmd_elf_to_hex = $(OBJCOPY) -O ihex $< $@ @@ -274,7 +274,7 @@ $(out)/RO/%.flat: $(out)/RO/%.elf $(out)/RO/%.smap $(call quiet,elf_to_signed,RO_SIGN,$(CR50_RO_KEY)) $(out)/RW/%.flat: $(out)/RW/%.elf $(out)/RW/%.smap - $(call quiet,elf_to_signed,RW_SIGN,loader-testkey-A.pem) + $(call quiet,elf_to_signed,RW_SIGN,$(CR50_RW_KEY)) $(out)/RO/%.hex: $(out)/RO/%.flat $(call quiet,bin_to_hex,OBJCOPY) |