Arthur Heymans has submitted this change. ( https://review.coreboot.org/c/coreboot/+/51982 )
Change subject: security/intel/cbnt: Allow to use an externally provided cbnt-prov bin ......................................................................
security/intel/cbnt: Allow to use an externally provided cbnt-prov bin
Building the cbnt-prov tool requires godeps which does not work if offline. Therefore, add an option to provide this binary via Kconfig. It's the responsibility of the user to use a compatible binary then.
Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a Signed-off-by: Arthur Heymans arthur@aheymans.xyz Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Angel Pons th3fanbus@gmail.com --- M src/security/intel/cbnt/Kconfig M src/security/intel/cbnt/Makefile.inc 2 files changed, 19 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig index a602cca..9d48490 100644 --- a/src/security/intel/cbnt/Kconfig +++ b/src/security/intel/cbnt/Kconfig @@ -87,6 +87,20 @@ Or extract it from a working configuration: $ bg-prov read-config
+config INTEL_CBNT_PROV_EXTERNAL_BIN + bool "Use an external cbnt-prov binary" + default n + depends on INTEL_CBNT_GENERATE_BPM || INTEL_CBNT_GENERATE_KM + help + Building cbnt-prov requires godeps which makes it impossible to build + it in an offline environment. A solution is to use an external binary. + +config INTEL_CBNT_PROV_EXTERNAL_BIN_PATH + string "cbnt-prov path" + depends on INTEL_CBNT_PROV_EXTERNAL_BIN + help + Path to the cbnt-prov binary. + config INTEL_CBNT_NEED_KM_PUB_KEY bool
diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc index b0ff9be..9b00d7d 100644 --- a/src/security/intel/cbnt/Makefile.inc +++ b/src/security/intel/cbnt/Makefile.inc @@ -29,12 +29,17 @@ CBNT_PROV:=$(obj)/cbnt-prov CBNT_CFG:=$(obj)/cbnt.json
+ifneq ($(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN),y) $(CBNT_PROV): printf " CBNT_PROV building tool\n" cd 3rdparty/intel-sec-tools; \ GO111MODULE=on go mod download; \ GO111MODULE=on go mod verify; \ GO111MODULE=on go build -o $(top)/$@ cmd/cbnt-prov/*.go +else +$(CBNT_PROV): $(call strip_quotes, $(CONFIG_INTEL_CBNT_PROV_EXTERNAL_BIN_PATH)) + cp $< $@ +endif
$(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE)) cp $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE) $@