diff options
author | Sean Anderson <sean.anderson@seco.com> | 2022-10-21 19:37:21 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-09 17:42:14 +0000 |
commit | 6bded7cb1285070c8d427df157c3c5f279f08f51 (patch) | |
tree | 32fae6e25b0f132166deccae759af97376634316 /meta | |
parent | d18ec217b3c38e0a206f6d6e3749c1cd9f0df8ab (diff) | |
download | poky-6bded7cb1285070c8d427df157c3c5f279f08f51.tar.gz |
uboot-sign: Fix using wrong KEY_REQ_ARGS
When generating our SPL-verifying certificate, we use FIT_KEY_REQ_ARGS,
which is intended for the U-Boot-verifying certificate. Instead, use
UBOOT_FIT_KEY_REQ_ARGS.
Fixes: 0e6b0fefa0 ("u-boot: Use a different Key for SPL signing")
(From OE-Core rev: f01b15fcffd1a628a17caf1e94753c8cd09ea48f)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a2d939ccb182a1ad29280d236b9f9e1d09527af1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes-recipe/uboot-sign.bbclass | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass index debbf23ec6..4b5912a01d 100644 --- a/meta/classes-recipe/uboot-sign.bbclass +++ b/meta/classes-recipe/uboot-sign.bbclass | |||
@@ -298,7 +298,7 @@ do_uboot_generate_rsa_keys() { | |||
298 | "${UBOOT_FIT_SIGN_NUMBITS}" | 298 | "${UBOOT_FIT_SIGN_NUMBITS}" |
299 | 299 | ||
300 | echo "Generating certificate for signing U-Boot fitImage" | 300 | echo "Generating certificate for signing U-Boot fitImage" |
301 | openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ | 301 | openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \ |
302 | -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \ | 302 | -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \ |
303 | -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt | 303 | -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt |
304 | fi | 304 | fi |