trustfence: ccimx93: disable boot artifacts encryption by default
Encrypting boot artifacts impacts the device's boot time, so disable them by default. It is still possible to enable it in the project's config file by setting the TRUSTFENCE_DEK_PATH option. Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera
parent
7e493b74ae
commit
11ee0251d0
|
|
@ -23,8 +23,7 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0"
|
||||||
# Default secure boot configuration
|
# Default secure boot configuration
|
||||||
TRUSTFENCE_SIGN ?= "1"
|
TRUSTFENCE_SIGN ?= "1"
|
||||||
TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
|
TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
|
||||||
TRUSTFENCE_DEK_PATH ?= "default"
|
TRUSTFENCE_DEK_PATH ?= "${TF_DEK_PATH}"
|
||||||
TRUSTFENCE_DEK_PATH:ccmp1 ?= "0"
|
|
||||||
TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1"
|
TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1"
|
||||||
TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0"
|
TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0"
|
||||||
TRUSTFENCE_KEY_INDEX ?= "0"
|
TRUSTFENCE_KEY_INDEX ?= "0"
|
||||||
|
|
@ -45,6 +44,11 @@ TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-onl
|
||||||
# NOTHING TO CUSTOMIZE BELOW THIS LINE
|
# NOTHING TO CUSTOMIZE BELOW THIS LINE
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Platform specific defaults
|
||||||
|
TF_DEK_PATH = "default"
|
||||||
|
TF_DEK_PATH:ccimx93 = "0"
|
||||||
|
TF_DEK_PATH:ccmp1 = "0"
|
||||||
|
|
||||||
# NXP-based sign a FIT-format boot artifact
|
# NXP-based sign a FIT-format boot artifact
|
||||||
TRUSTFENCE_SIGN_FIT_NXP = "0"
|
TRUSTFENCE_SIGN_FIT_NXP = "0"
|
||||||
TRUSTFENCE_SIGN_FIT_NXP:ccimx93 = "${TRUSTFENCE_SIGN_ARTIFACTS}"
|
TRUSTFENCE_SIGN_FIT_NXP:ccimx93 = "${TRUSTFENCE_SIGN_ARTIFACTS}"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue