security/intel/cbnt: Allow to use an externally provided cbnt-prov bin
Building the cbnt-prov tool requires godeps which does not work if offline. Therefore, add an option to provide this binary via Kconfig. It's the responsibility of the user to use a compatible binary then. Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
parent
8b91c9f286
commit
0250a7888d
|
@ -87,6 +87,20 @@ config INTEL_CBNT_CBNT_PROV_CFG_FILE
|
||||||
Or extract it from a working configuration:
|
Or extract it from a working configuration:
|
||||||
$ bg-prov read-config
|
$ bg-prov read-config
|
||||||
|
|
||||||
|
config INTEL_CBNT_PROV_EXTERNAL_BIN
|
||||||
|
bool "Use an external cbnt-prov binary"
|
||||||
|
default n
|
||||||
|
depends on INTEL_CBNT_GENERATE_BPM || INTEL_CBNT_GENERATE_KM
|
||||||
|
help
|
||||||
|
Building cbnt-prov requires godeps which makes it impossible to build
|
||||||
|
it in an offline environment. A solution is to use an external binary.
|
||||||
|
|
||||||
|
config INTEL_CBNT_PROV_EXTERNAL_BIN_PATH
|
||||||
|
string "cbnt-prov path"
|
||||||
|
depends on INTEL_CBNT_PROV_EXTERNAL_BIN
|
||||||
|
help
|
||||||
|
Path to the cbnt-prov binary.
|
||||||
|
|
||||||
config INTEL_CBNT_NEED_KM_PUB_KEY
|
config INTEL_CBNT_NEED_KM_PUB_KEY
|
||||||
bool
|
bool
|
||||||
|
|
||||||
|
|
|
@ -29,12 +29,17 @@ endif
|
||||||
CBNT_PROV:=$(obj)/cbnt-prov
|
CBNT_PROV:=$(obj)/cbnt-prov
|
||||||
CBNT_CFG:=$(obj)/cbnt.json
|
CBNT_CFG:=$(obj)/cbnt.json
|
||||||
|
|
||||||
|
ifneq ($(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN),y)
|
||||||
$(CBNT_PROV):
|
$(CBNT_PROV):
|
||||||
printf " CBNT_PROV building tool\n"
|
printf " CBNT_PROV building tool\n"
|
||||||
cd 3rdparty/intel-sec-tools; \
|
cd 3rdparty/intel-sec-tools; \
|
||||||
GO111MODULE=on go mod download; \
|
GO111MODULE=on go mod download; \
|
||||||
GO111MODULE=on go mod verify; \
|
GO111MODULE=on go mod verify; \
|
||||||
GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go
|
GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go
|
||||||
|
else
|
||||||
|
$(CBNT_PROV): $(call strip_quotes, $(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN_PATH))
|
||||||
|
cp $< $@
|
||||||
|
endif
|
||||||
|
|
||||||
$(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
|
$(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
|
||||||
cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@
|
cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@
|
||||||
|
|
Loading…
Reference in New Issue