On 12/09/2016 02:10 PM, Tom Rini wrote: > On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: >> On 12/09/2016 01:59 PM, Tom Rini wrote: >>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: >>> >>>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >>>> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >>>> is exported and the user re-builds, make will detect this file as >>>> unchangedand and so assume it does not need to be re-generated. This >>>> causes it to pack unsigned files. Fix this by not generating these >>>> fake unsigned *_HS files. >>>> >>>> Signed-off-by: Andrew F. Davis <a...@ti.com> >>>> Reviewed-by: Tom Rini <tr...@konsulko.com> >>>> --- >>>> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/arch/arm/mach-omap2/config_secure.mk >>>> b/arch/arm/mach-omap2/config_secure.mk >>>> index 1122439..33c7059 100644 >>>> --- a/arch/arm/mach-omap2/config_secure.mk >>>> +++ b/arch/arm/mach-omap2/config_secure.mk >>>> @@ -35,12 +35,12 @@ cmd_omapsecureimg = >>>> $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >>>> else >>>> cmd_omapsecureimg = echo "WARNING:" \ >>>> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ >>>> - "$@ was NOT created!"; cp $< $@ >>>> + "$@ was NOT created!"; >>>> endif >>>> else >>>> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >>>> "variable must be defined for TI secure devices." \ >>>> - "$@ was NOT created!"; cp $< $@ >>>> + "$@ was NOT created!"; >>>> endif >>>> endif >>> >>> OK, but now that I build test this (without the tools present) this is a >>> NAK. The root problem is that if we don't make that dummy file we then: >>> arm: + am57xx_hs_evm >>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such >>> file or directory >>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT >>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 >>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 >> >> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not >> defined. You cannot sign images that *need* to be signed to work on this >> platform, making a fake un-bootable image instead of failing is a hack >> and it confuses the make system when you do put the signing tool in-place. > > Well, I suppose this is a valid question. I run into it failing as I > (and travis-ci) build all ARM targets. Maybe we can have the build not > happen (and echo a Warning) and then not invoke mkimage later on if the > env isn't right? >
For test building you can export TI_SECURE_DEV_PKG to point to a dummy signing tool which just runs cp $1 $2. For real world building this tool is needed just as much as the compiler, if you don't have it you will not build working images, build needs to fail here. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot