[2/3] bbb: Enable secured boot

Commit Message

tho1.nguyendat@toshiba.co.jp Aug. 28, 2023, 10:43 a.m. UTC

From: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>

Signed-off-by: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>
---
 Kconfig                                |  2 +-
 wic/bbb-efibootguard-secureboot.wks.in | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 wic/bbb-efibootguard-secureboot.wks.in

Patch

diff --git a/Kconfig b/Kconfig
index ec49631..3bbb5e3 100644
--- a/Kconfig
+++ b/Kconfig
@@ -190,7 +190,7 @@  config IMAGE_SWUPDATE
 
 config IMAGE_SECURE_BOOT
 	bool "Secure boot support"
-	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM
+	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM || TARGET_BBB
 	select IMAGE_SWUPDATE
 
 config KAS_INCLUDE_SWUPDATE_SECBOOT
diff --git a/wic/bbb-efibootguard-secureboot.wks.in b/wic/bbb-efibootguard-secureboot.wks.in
new file mode 100644
index 0000000..504e2d8
--- /dev/null
+++ b/wic/bbb-efibootguard-secureboot.wks.in
@@ -0,0 +1,13 @@ 
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384
+
+include ebg-signed-sysparts.inc
+
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}"
+part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}"
+
+# home and var are extra partitions
+part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
+part /var  --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var  --fstype=ext4 --label var  --align 1024 --size 2G
+
+bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0"