From 0250a7888d91f816310fd5bd36c86d05167a7403 Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Wed, 31 Mar 2021 16:54:37 +0200 Subject: [PATCH] security/intel/cbnt: Allow to use an externally provided cbnt-prov bin Building the cbnt-prov tool requires godeps which does not work if offline. Therefore, add an option to provide this binary via Kconfig. It's the responsibility of the user to use a compatible binary then. Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a Signed-off-by: Arthur Heymans Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons --- src/security/intel/cbnt/Kconfig | 14 ++++++++++++++ src/security/intel/cbnt/Makefile.inc | 5 +++++ 2 files changed, 19 insertions(+) diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig index a602cca1f6..9d4849049a 100644 --- a/src/security/intel/cbnt/Kconfig +++ b/src/security/intel/cbnt/Kconfig @@ -87,6 +87,20 @@ config INTEL_CBNT_CBNT_PROV_CFG_FILE Or extract it from a working configuration: $ bg-prov read-config +config INTEL_CBNT_PROV_EXTERNAL_BIN + bool "Use an external cbnt-prov binary" + default n + depends on INTEL_CBNT_GENERATE_BPM || INTEL_CBNT_GENERATE_KM + help + Building cbnt-prov requires godeps which makes it impossible to build + it in an offline environment. A solution is to use an external binary. + +config INTEL_CBNT_PROV_EXTERNAL_BIN_PATH + string "cbnt-prov path" + depends on INTEL_CBNT_PROV_EXTERNAL_BIN + help + Path to the cbnt-prov binary. + config INTEL_CBNT_NEED_KM_PUB_KEY bool diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc index b0ff9be329..9b00d7dfaf 100644 --- a/src/security/intel/cbnt/Makefile.inc +++ b/src/security/intel/cbnt/Makefile.inc @@ -29,12 +29,17 @@ endif CBNT_PROV:=$(obj)/cbnt-prov CBNT_CFG:=$(obj)/cbnt.json +ifneq ($(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN),y) $(CBNT_PROV): printf " CBNT_PROV building tool\n" cd 3rdparty/intel-sec-tools; \ GO111MODULE=on go mod download; \ GO111MODULE=on go mod verify; \ GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go +else +$(CBNT_PROV): $(call strip_quotes, $(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN_PATH)) + cp $< $@ +endif $(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE)) cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@