security/intel/cbnt: Allow to use an externally provided cbnt-prov bin

Building the cbnt-prov tool requires godeps which does not work if
offline. Therefore, add an option to provide this binary via Kconfig.
It's the responsibility of the user to use a compatible binary then.

Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
Arthur Heymans 2021-03-31 16:54:37 +02:00
parent 8b91c9f286
commit 0250a7888d
2 changed files with 19 additions and 0 deletions

View File

@ -87,6 +87,20 @@ config INTEL_CBNT_CBNT_PROV_CFG_FILE
Or extract it from a working configuration:
$ bg-prov read-config
config INTEL_CBNT_PROV_EXTERNAL_BIN
bool "Use an external cbnt-prov binary"
default n
depends on INTEL_CBNT_GENERATE_BPM || INTEL_CBNT_GENERATE_KM
help
Building cbnt-prov requires godeps which makes it impossible to build
it in an offline environment. A solution is to use an external binary.
config INTEL_CBNT_PROV_EXTERNAL_BIN_PATH
string "cbnt-prov path"
depends on INTEL_CBNT_PROV_EXTERNAL_BIN
help
Path to the cbnt-prov binary.
config INTEL_CBNT_NEED_KM_PUB_KEY
bool

View File

@ -29,12 +29,17 @@ endif
CBNT_PROV:=$(obj)/cbnt-prov
CBNT_CFG:=$(obj)/cbnt.json
ifneq ($(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN),y)
$(CBNT_PROV):
printf " CBNT_PROV building tool\n"
cd 3rdparty/intel-sec-tools; \
GO111MODULE=on go mod download; \
GO111MODULE=on go mod verify; \
GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go
else
$(CBNT_PROV): $(call strip_quotes, $(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN_PATH))
cp $< $@
endif
$(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@