-
Masahiro Yamada authored
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info(). It is up to users how to retrieve ROTPK if the ROT verification is desired. This is not nice. This commit improves plat_get_rotpk_info() implementation and automates the ROTPK deployment. UniPhier platform has no ROTPK storage, so it should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case. This makes sense because UniPhier platform implements its internal ROM i.e. BL1 is used as updatable pseudo ROM. Things work like this: - ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing. Users can override ROT_KEY from the command line if they want to use a specific ROT key. - ROTPK_HASH is generated based on ROT_KEY. - ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2. - ROT_KEY is input to cert_create tool. Signed-off-by:Masahiro Yamada <yamada.masahiro@socionext.com>
63634800
