Commit 2091755c authored by Soby Mathew's avatar Soby Mathew
Browse files

Export KEY_ALG as a user build option



The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
parent d818a02c
...@@ -405,6 +405,11 @@ Common build options ...@@ -405,6 +405,11 @@ Common build options
AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable
images. images.
- ``KEY_ALG``: This build flag enables the user to select the algorithm to be
used for generating the PKCS keys and subsequent signing of the certificate.
It accepts 2 values viz ``rsa``, ``ecdsa``. The default value of this flag
is ``rsa``.
- ``LDFLAGS``: Extra user options appended to the linkers' command line in - ``LDFLAGS``: Extra user options appended to the linkers' command line in
addition to the one set by the build system. addition to the one set by the build system.
......
...@@ -7,9 +7,15 @@ ...@@ -7,9 +7,15 @@
include drivers/auth/mbedtls/mbedtls_common.mk include drivers/auth/mbedtls/mbedtls_common.mk
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
# algorithm to use. Default algorithm is RSA. # algorithm to use. If the variable is not defined, select it based on algorithm
# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
# defined to `rsa`, then set the variable to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},) ifeq (${TF_MBEDTLS_KEY_ALG},)
TF_MBEDTLS_KEY_ALG := rsa ifeq (${KEY_ALG}, ecdsa)
TF_MBEDTLS_KEY_ALG := ecdsa
else
TF_MBEDTLS_KEY_ALG := rsa
endif
endif endif
# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for # If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
......
...@@ -81,6 +81,9 @@ GENERATE_COT := 0 ...@@ -81,6 +81,9 @@ GENERATE_COT := 0
# operations. # operations.
HW_ASSISTED_COHERENCY := 0 HW_ASSISTED_COHERENCY := 0
# Set the default algorithm for the generation of Trusted Board Boot keys
KEY_ALG := rsa
# Flag to enable new version of image loading # Flag to enable new version of image loading
LOAD_IMAGE_V2 := 0 LOAD_IMAGE_V2 := 0
......
...@@ -174,9 +174,6 @@ endif ...@@ -174,9 +174,6 @@ endif
ifneq (${TRUSTED_BOARD_BOOT},0) ifneq (${TRUSTED_BOARD_BOOT},0)
# By default, ARM platforms use RSA keys
KEY_ALG := rsa
# Include common TBB sources # Include common TBB sources
AUTH_SOURCES := drivers/auth/auth_mod.c \ AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \ drivers/auth/crypto_mod.c \
...@@ -195,8 +192,6 @@ ifneq (${TRUSTED_BOARD_BOOT},0) ...@@ -195,8 +192,6 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
$(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu)) $(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu))
TF_MBEDTLS_KEY_ALG := ${KEY_ALG}
# We expect to locate the *.mk files under the directories specified below # We expect to locate the *.mk files under the directories specified below
ifeq (${ARM_CRYPTOCELL_INTEG},0) ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment