The HABV4_CSF_UNLOCK_UID is not dependendend on HAB_CERTS_ENV, but just the HABV4_CSF_UNLOCK_FIELD_RETURN.
The CST tool can't handle quoted UID strings so we need to define it on the cmdline by using the -D switch. This removes the quotes within the CSF file and the CST is happy. Signed-off-by: Fabian Pflug <[email protected]> --- arch/arm/mach-imx/Kconfig | 33 +++++++++++++++++---------------- include/mach/imx/habv4-imx8-gencsf.h | 2 +- scripts/Makefile.lib | 2 +- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 5f50d1a823..819a753240 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -863,6 +863,23 @@ config HABV4_CSF_UNLOCK_FIELD_RETURN that the CONFIG_HABV4_CSF_UNLOCK_UID is set correct as well. +config HABV4_CSF_UNLOCK_UID + depends on HABV4 && HABV4_CSF_UNLOCK_FIELD_RETURN + string "CSF Unlock UID" + help + Device specific 64-bit UID required to unlock the field-return + feature. This value must match the per device UNIQUE_ID fuses. + + The below example shows the expected format. The UNIQUE_ID is + printed during boot by barebox: + i.MX___ unique ID: 7766554433221100 + or it can be queried by Linux via: + - cat /sys/devices/soc0/serial_number + 7766554433221100 + + So this value have to be set: + - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + config HAB_CERTS_ENV depends on HAB bool "Specify certificates in environment" @@ -883,7 +900,6 @@ config HAB_CERTS_ENV CONFIG_HABV4_TABLE_BIN CONFIG_HABV4_CSF_CRT_PEM - CONFIG_HABV4_CSF_UNLOCK_UID CONFIG_HABV4_IMG_CRT_PEM config HABV4_SRK_INDEX @@ -918,21 +934,6 @@ config HABV4_CSF_CRT_PEM This file will be inserted into the Command Sequence File (CSF) when using the CSF template that comes with barebox. -config HABV4_CSF_UNLOCK_UID - depends on HABV4 && HABV4_CSF_UNLOCK_FIELD_RETURN - string "CSF Unlock UID" - help - Device specific 64-bit UID Required to unlock the field-return - feature. This value must match the per device UNIQUE_ID fuses. - - The below example shows the expected format. The UNIQUE_ID is - queried by Linux via: - - cat /sys/devices/soc0/serial_number - 7766554433221100 - - So this value have to be set: - - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - config HABV4_IMG_CRT_PEM string "Path to IMG certificate" default "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem" diff --git a/include/mach/imx/habv4-imx8-gencsf.h b/include/mach/imx/habv4-imx8-gencsf.h index 480f88fa95..d3fe3e34c6 100644 --- a/include/mach/imx/habv4-imx8-gencsf.h +++ b/include/mach/imx/habv4-imx8-gencsf.h @@ -46,7 +46,7 @@ hab Features = SRK REVOKE hab [Unlock] hab Engine = OCOTP hab Features = FIELD RETURN -hab UID = HABV4_CSF_UNLOCK_UID +hab UID = CONFIG_HABV4_CSF_UNLOCK_UID #endif hab [Install Key] diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index e05fef843c..66e690fbfd 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -592,7 +592,7 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x assembler-with-cpp \ $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \ $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \ $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \ - $(call overwrite-hab-env,CONFIG_HABV4_CSF_UNLOCK_UID) \ + -DCONFIG_HABV4_CSF_UNLOCK_UID=$(CONFIG_HABV4_CSF_UNLOCK_UID) \ $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \ dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp) -- 2.47.3
