diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 737cded..52a825b 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -753,7 +753,29 @@ help High Assurance Boot, as found on i.MX28/i.MX6. -if HABV4 +config HAB_CERTS_ENV + depends on HAB + bool "Specify certificates in environment" + help + If this option is enabled the pathes to the HAB certificates are + taken from environment variables which allows for better integration + with build systems. With this option disabled the pathes can be + specified below. + + The environment variables have the same name as the corresponding + Kconfig variables. For HABv3 these are: + + CONFIG_HABV3_SRK_PEM + CONFIG_HABV3_CSF_CRT_DER + CONFIG_HABV3_IMG_CRT_DER + + For HABv4: + + CONFIG_HABV4_TABLE_BIN + CONFIG_HABV4_CSF_CRT_PEM + CONFIG_HABV4_IMG_CRT_PEM + +if HABV4 && !HAB_CERTS_ENV config HABV4_TABLE_BIN string "Path to SRK table" @@ -796,7 +818,7 @@ help High Assurance Boot, as found on i.MX25. -if HABV3 +if HABV3 && !HAB_CERTS_ENV config HABV3_SRK_PEM string "Path to SRK Certificate (PEM)" diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 3b13086..3b4277e 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -431,15 +431,20 @@ echo '.balign STRUCT_ALIGNMENT'; \ ) > $@ +overwrite-hab-env = $(shell set -e; \ + test -n "$(CONFIG_HAB_CERTS_ENV)"; \ + test -n "$$$(1)"; \ + echo -D$(1)=\"$(shell echo $$$(1))\") + imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \ -I $(srctree)/include -I $(srctree)/arch/arm/mach-imx/include \ -include include/generated/autoconf.h \ - -DCONFIG_HABV3_SRK_PEM=\"$(CONFIG_HABV3_SRK_PEM)\" \ - -DCONFIG_HABV3_CSF_CRT_DER=\"$(CONFIG_HABV3_CSF_CRT_DER)\" \ - -DCONFIG_HABV3_IMG_CRT_DER=\"$(CONFIG_HABV3_IMG_CRT_DER)\" \ - -DCONFIG_HABV4_TABLE_BIN=\"$(CONFIG_HABV4_TABLE_BIN)\" \ - -DCONFIG_HABV4_CSF_CRT_PEM=\"$(CONFIG_HABV4_CSF_CRT_PEM)\" \ - -DCONFIG_HABV4_IMG_CRT_PEM=\"$(CONFIG_HABV4_IMG_CRT_PEM)\" + $(call overwrite-hab-env,CONFIG_HABV3_SRK_PEM) \ + $(call overwrite-hab-env,CONFIG_HABV3_CSF_CRT_DER) \ + $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \ + $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \ + $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \ + $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)