diff options
author | Soby Mathew <soby.mathew@arm.com> | 2017-08-31 11:49:32 +0100 |
---|---|---|
committer | Soby Mathew <soby.mathew@arm.com> | 2017-08-31 16:42:11 +0100 |
commit | 2091755c5e3b8d94333b9aad742e61db9d754cc5 (patch) | |
tree | 39cd6c5b43132df7574b75e077d6daa77dabeaed | |
parent | d818a02cb489eae1f99cabf949d47e56347e4537 (diff) |
Export KEY_ALG as a user build option
The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
-rw-r--r-- | docs/user-guide.rst | 5 | ||||
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_crypto.mk | 10 | ||||
-rw-r--r-- | make_helpers/defaults.mk | 3 | ||||
-rw-r--r-- | plat/arm/common/arm_common.mk | 5 |
4 files changed, 16 insertions, 7 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index 043af63e..1502c8c1 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -405,6 +405,11 @@ Common build options AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable images. +- ``KEY_ALG``: This build flag enables the user to select the algorithm to be + used for generating the PKCS keys and subsequent signing of the certificate. + It accepts 2 values viz ``rsa``, ``ecdsa``. The default value of this flag + is ``rsa``. + - ``LDFLAGS``: Extra user options appended to the linkers' command line in addition to the one set by the build system. diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk index cb81d4d6..38197164 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.mk +++ b/drivers/auth/mbedtls/mbedtls_crypto.mk @@ -7,9 +7,15 @@ include drivers/auth/mbedtls/mbedtls_common.mk # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key -# algorithm to use. Default algorithm is RSA. +# algorithm to use. If the variable is not defined, select it based on algorithm +# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is +# defined to `rsa`, then set the variable to `rsa`. ifeq (${TF_MBEDTLS_KEY_ALG},) - TF_MBEDTLS_KEY_ALG := rsa + ifeq (${KEY_ALG}, ecdsa) + TF_MBEDTLS_KEY_ALG := ecdsa + else + TF_MBEDTLS_KEY_ALG := rsa + endif endif # If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 302d937f..86010460 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -81,6 +81,9 @@ GENERATE_COT := 0 # operations. HW_ASSISTED_COHERENCY := 0 +# Set the default algorithm for the generation of Trusted Board Boot keys +KEY_ALG := rsa + # Flag to enable new version of image loading LOAD_IMAGE_V2 := 0 diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 20372c20..af94ac2a 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -174,9 +174,6 @@ endif ifneq (${TRUSTED_BOARD_BOOT},0) - # By default, ARM platforms use RSA keys - KEY_ALG := rsa - # Include common TBB sources AUTH_SOURCES := drivers/auth/auth_mod.c \ drivers/auth/crypto_mod.c \ @@ -195,8 +192,6 @@ ifneq (${TRUSTED_BOARD_BOOT},0) $(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu)) - TF_MBEDTLS_KEY_ALG := ${KEY_ALG} - # We expect to locate the *.mk files under the directories specified below ifeq (${ARM_CRYPTOCELL_INTEG},0) CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk |