summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorArthur Heymans <arthur@aheymans.xyz>2021-03-31 16:54:37 +0200
committerArthur Heymans <arthur@aheymans.xyz>2021-05-11 08:30:55 +0000
commit0250a7888d91f816310fd5bd36c86d05167a7403 (patch)
tree5b480876c92c945b28bde796d70193e317c74d69 /src/security
parent8b91c9f286a87537fcf75a8c9bea96c943c14c51 (diff)
security/intel/cbnt: Allow to use an externally provided cbnt-prov bin
Building the cbnt-prov tool requires godeps which does not work if offline. Therefore, add an option to provide this binary via Kconfig. It's the responsibility of the user to use a compatible binary then. Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/intel/cbnt/Kconfig14
-rw-r--r--src/security/intel/cbnt/Makefile.inc5
2 files changed, 19 insertions, 0 deletions
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig
index a602cca1f6..9d4849049a 100644
--- a/src/security/intel/cbnt/Kconfig
+++ b/src/security/intel/cbnt/Kconfig
@@ -87,6 +87,20 @@ config INTEL_CBNT_CBNT_PROV_CFG_FILE
Or extract it from a working configuration:
$ bg-prov read-config
+config INTEL_CBNT_PROV_EXTERNAL_BIN
+ bool "Use an external cbnt-prov binary"
+ default n
+ depends on INTEL_CBNT_GENERATE_BPM || INTEL_CBNT_GENERATE_KM
+ help
+ Building cbnt-prov requires godeps which makes it impossible to build
+ it in an offline environment. A solution is to use an external binary.
+
+config INTEL_CBNT_PROV_EXTERNAL_BIN_PATH
+ string "cbnt-prov path"
+ depends on INTEL_CBNT_PROV_EXTERNAL_BIN
+ help
+ Path to the cbnt-prov binary.
+
config INTEL_CBNT_NEED_KM_PUB_KEY
bool
diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc
index b0ff9be329..9b00d7dfaf 100644
--- a/src/security/intel/cbnt/Makefile.inc
+++ b/src/security/intel/cbnt/Makefile.inc
@@ -29,12 +29,17 @@ endif
CBNT_PROV:=$(obj)/cbnt-prov
CBNT_CFG:=$(obj)/cbnt.json
+ifneq ($(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN),y)
$(CBNT_PROV):
printf " CBNT_PROV building tool\n"
cd 3rdparty/intel-sec-tools; \
GO111MODULE=on go mod download; \
GO111MODULE=on go mod verify; \
GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go
+else
+$(CBNT_PROV): $(call strip_quotes, $(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN_PATH))
+ cp $< $@
+endif
$(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@