# Build option to provide openssl directory path
OPENSSL_DIR := /usr
+# Select the openssl binary provided in OPENSSL_DIR variable
+ifeq ("$(wildcard ${OPENSSL_DIR}/bin)", "")
+ OPENSSL_BIN_PATH = ${OPENSSL_DIR}/apps
+else
+ OPENSSL_BIN_PATH = ${OPENSSL_DIR}/bin
+endif
+
# Build option to use the SP804 timer instead of the generic one
USE_SP804_TIMER := 0
ifndef ROT_KEY
$(error Cannot generate hash: no ROT_KEY defined)
endif
- openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | openssl dgst \
- -sha256 -binary > $@
+ ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | \
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@
# Certificate NV-Counters. Use values corresponding to tied off values in
# ARM development platforms
certificates: $(ROT_KEY)
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
# Enable workarounds for selected Cortex-A53 errata.
certificates: $(ROT_KEY)
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
# Enable workarounds for selected Cortex-A53 errata.
#
-# Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
@if [ ! -f $(ROT_KEY) ]; then \
- openssl genrsa 2048 > $@ 2>/dev/null; \
+ ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
# Add the build options to pack BLx images and kernel device tree
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
@if [ ! -f $(ROT_KEY) ]; then \
- openssl genrsa 2048 > $@ 2>/dev/null; \
+ ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
USE_COHERENT_MEM := 1
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
@if [ ! -f $(ROT_KEY) ]; then \
- openssl genrsa 2048 > $@ 2>/dev/null; \
+ ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
USE_COHERENT_MEM := 1
@$(ECHO_BLANK_LINE)
$(Q)cp $(BUILD_PLAT)/wtmi.bin $(BUILD_PLAT)/wtmi-align.bin
$(Q)truncate -s %16 $(BUILD_PLAT)/wtmi-align.bin
- $(Q)openssl enc -aes-256-cbc -e -in $(BUILD_PLAT)/wtmi-align.bin \
+ $(Q)${OPENSSL_BIN_PATH}/openssl enc -aes-256-cbc -e -in $(BUILD_PLAT)/wtmi-align.bin \
-out $(BUILD_PLAT)/$(WTMI_ENC_IMG) \
-K `cat $(IMAGESPATH)/aes-256.txt` -nosalt \
-iv `cat $(IMAGESPATH)/iv.txt` -p
$(Q)truncate -s %16 $(BUILD_PLAT)/$(BOOT_IMAGE);
- $(Q)openssl enc -aes-256-cbc -e -in $(BUILD_PLAT)/$(BOOT_IMAGE) \
+ $(Q)${OPENSSL_BIN_PATH}/openssl enc -aes-256-cbc -e -in $(BUILD_PLAT)/$(BOOT_IMAGE) \
-out $(BUILD_PLAT)/$(BOOT_ENC_IMAGE) \
-K `cat $(IMAGESPATH)/aes-256.txt` -nosalt \
-iv `cat $(IMAGESPATH)/iv.txt` -p
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
@if [ ! -f $(ROT_KEY) ]; then \
- openssl genrsa 2048 > $@ 2>/dev/null; \
+ ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif #MBEDTLS_DIR
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
# Include Measured Boot makefile before any Crypto library makefile.
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
certificates: $(ROT_KEY)
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif # TRUSTED_BOARD_BOOT
endif
certificates: $(ROT_KEY)
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
- $(Q)openssl genrsa 2048 > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
- $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
- openssl dgst -sha256 -binary > $@ 2>/dev/null
+ $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+ ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif
projects / arm-tf.git / commitdiff