| Message ID | 20161208224807.8299-1-afd@ti.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Tom Rini |
| Headers | show |
On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis <afd@ti.com> > Reviewed-by: Tom Rini <trini@konsulko.com> > --- > arch/arm/mach-omap2/config_secure.mk | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk > index 1122439..33c7059 100644 > --- a/arch/arm/mach-omap2/config_secure.mk > +++ b/arch/arm/mach-omap2/config_secure.mk > @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > else > cmd_omapsecureimg = echo "WARNING:" \ > "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > - "$@ was NOT created!"; cp $< $@ > + "$@ was NOT created!"; > endif > else > cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > "variable must be defined for TI secure devices." \ > - "$@ was NOT created!"; cp $< $@ > + "$@ was NOT created!"; > endif > endif OK, but now that I build test this (without the tools present) this is a NAK. The root problem is that if we don't make that dummy file we then: arm: + am57xx_hs_evm +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 +(am57xx_hs_evm) make: *** [sub-make] Error 2 So perhaps we need to make use of some other logic to rebuild on TI_SECURE_DEV_PKG changing?
On 12/09/2016 01:59 PM, Tom Rini wrote: > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >> is exported and the user re-builds, make will detect this file as >> unchangedand and so assume it does not need to be re-generated. This >> causes it to pack unsigned files. Fix this by not generating these >> fake unsigned *_HS files. >> >> Signed-off-by: Andrew F. Davis <afd@ti.com> >> Reviewed-by: Tom Rini <trini@konsulko.com> >> --- >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk >> index 1122439..33c7059 100644 >> --- a/arch/arm/mach-omap2/config_secure.mk >> +++ b/arch/arm/mach-omap2/config_secure.mk >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >> else >> cmd_omapsecureimg = echo "WARNING:" \ >> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ >> - "$@ was NOT created!"; cp $< $@ >> + "$@ was NOT created!"; >> endif >> else >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >> "variable must be defined for TI secure devices." \ >> - "$@ was NOT created!"; cp $< $@ >> + "$@ was NOT created!"; >> endif >> endif > > OK, but now that I build test this (without the tools present) this is a > NAK. The root problem is that if we don't make that dummy file we then: > arm: + am57xx_hs_evm > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > +(am57xx_hs_evm) make: *** [sub-make] Error 2 > Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not defined. You cannot sign images that *need* to be signed to work on this platform, making a fake un-bootable image instead of failing is a hack and it confuses the make system when you do put the signing tool in-place. > So perhaps we need to make use of some other logic to rebuild on > TI_SECURE_DEV_PKG changing? >
On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > On 12/09/2016 01:59 PM, Tom Rini wrote: > > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > > > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > >> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > >> is exported and the user re-builds, make will detect this file as > >> unchangedand and so assume it does not need to be re-generated. This > >> causes it to pack unsigned files. Fix this by not generating these > >> fake unsigned *_HS files. > >> > >> Signed-off-by: Andrew F. Davis <afd@ti.com> > >> Reviewed-by: Tom Rini <trini@konsulko.com> > >> --- > >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk > >> index 1122439..33c7059 100644 > >> --- a/arch/arm/mach-omap2/config_secure.mk > >> +++ b/arch/arm/mach-omap2/config_secure.mk > >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > >> else > >> cmd_omapsecureimg = echo "WARNING:" \ > >> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> else > >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > >> "variable must be defined for TI secure devices." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> endif > > > > OK, but now that I build test this (without the tools present) this is a > > NAK. The root problem is that if we don't make that dummy file we then: > > arm: + am57xx_hs_evm > > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory > > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > > +(am57xx_hs_evm) make: *** [sub-make] Error 2 > > Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > defined. You cannot sign images that *need* to be signed to work on this > platform, making a fake un-bootable image instead of failing is a hack > and it confuses the make system when you do put the signing tool in-place. Well, I suppose this is a valid question. I run into it failing as I (and travis-ci) build all ARM targets. Maybe we can have the build not happen (and echo a Warning) and then not invoke mkimage later on if the env isn't right?
On 12/09/2016 02:10 PM, Tom Rini wrote: > On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: >> On 12/09/2016 01:59 PM, Tom Rini wrote: >>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: >>> >>>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >>>> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >>>> is exported and the user re-builds, make will detect this file as >>>> unchangedand and so assume it does not need to be re-generated. This >>>> causes it to pack unsigned files. Fix this by not generating these >>>> fake unsigned *_HS files. >>>> >>>> Signed-off-by: Andrew F. Davis <afd@ti.com> >>>> Reviewed-by: Tom Rini <trini@konsulko.com> >>>> --- >>>> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk >>>> index 1122439..33c7059 100644 >>>> --- a/arch/arm/mach-omap2/config_secure.mk >>>> +++ b/arch/arm/mach-omap2/config_secure.mk >>>> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >>>> else >>>> cmd_omapsecureimg = echo "WARNING:" \ >>>> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ >>>> - "$@ was NOT created!"; cp $< $@ >>>> + "$@ was NOT created!"; >>>> endif >>>> else >>>> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >>>> "variable must be defined for TI secure devices." \ >>>> - "$@ was NOT created!"; cp $< $@ >>>> + "$@ was NOT created!"; >>>> endif >>>> endif >>> >>> OK, but now that I build test this (without the tools present) this is a >>> NAK. The root problem is that if we don't make that dummy file we then: >>> arm: + am57xx_hs_evm >>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory >>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT >>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 >>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 >> >> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not >> defined. You cannot sign images that *need* to be signed to work on this >> platform, making a fake un-bootable image instead of failing is a hack >> and it confuses the make system when you do put the signing tool in-place. > > Well, I suppose this is a valid question. I run into it failing as I > (and travis-ci) build all ARM targets. Maybe we can have the build not > happen (and echo a Warning) and then not invoke mkimage later on if the > env isn't right? > For test building you can export TI_SECURE_DEV_PKG to point to a dummy signing tool which just runs cp $1 $2. For real world building this tool is needed just as much as the compiler, if you don't have it you will not build working images, build needs to fail here.
On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: > On 12/09/2016 02:10 PM, Tom Rini wrote: > > On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > >> On 12/09/2016 01:59 PM, Tom Rini wrote: > >>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >>> > >>>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > >>>> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > >>>> is exported and the user re-builds, make will detect this file as > >>>> unchangedand and so assume it does not need to be re-generated. This > >>>> causes it to pack unsigned files. Fix this by not generating these > >>>> fake unsigned *_HS files. > >>>> > >>>> Signed-off-by: Andrew F. Davis <afd@ti.com> > >>>> Reviewed-by: Tom Rini <trini@konsulko.com> > >>>> --- > >>>> arch/arm/mach-omap2/config_secure.mk | 4 ++-- > >>>> 1 file changed, 2 insertions(+), 2 deletions(-) > >>>> > >>>> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk > >>>> index 1122439..33c7059 100644 > >>>> --- a/arch/arm/mach-omap2/config_secure.mk > >>>> +++ b/arch/arm/mach-omap2/config_secure.mk > >>>> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > >>>> else > >>>> cmd_omapsecureimg = echo "WARNING:" \ > >>>> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > >>>> - "$@ was NOT created!"; cp $< $@ > >>>> + "$@ was NOT created!"; > >>>> endif > >>>> else > >>>> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > >>>> "variable must be defined for TI secure devices." \ > >>>> - "$@ was NOT created!"; cp $< $@ > >>>> + "$@ was NOT created!"; > >>>> endif > >>>> endif > >>> > >>> OK, but now that I build test this (without the tools present) this is a > >>> NAK. The root problem is that if we don't make that dummy file we then: > >>> arm: + am57xx_hs_evm > >>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory > >>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > >>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > >>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 > >> > >> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > >> defined. You cannot sign images that *need* to be signed to work on this > >> platform, making a fake un-bootable image instead of failing is a hack > >> and it confuses the make system when you do put the signing tool in-place. > > > > Well, I suppose this is a valid question. I run into it failing as I > > (and travis-ci) build all ARM targets. Maybe we can have the build not > > happen (and echo a Warning) and then not invoke mkimage later on if the > > env isn't right? > > For test building you can export TI_SECURE_DEV_PKG to point to a dummy > signing tool which just runs cp $1 $2. For real world building this tool > is needed just as much as the compiler, if you don't have it you will > not build working images, build needs to fail here. Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being unset?
On 12/09/2016 03:30 PM, Tom Rini wrote: > On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: >> On 12/09/2016 02:10 PM, Tom Rini wrote: >>> On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: >>>> On 12/09/2016 01:59 PM, Tom Rini wrote: >>>>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: >>>>> >>>>>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >>>>>> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >>>>>> is exported and the user re-builds, make will detect this file as >>>>>> unchangedand and so assume it does not need to be re-generated. This >>>>>> causes it to pack unsigned files. Fix this by not generating these >>>>>> fake unsigned *_HS files. >>>>>> >>>>>> Signed-off-by: Andrew F. Davis <afd@ti.com> >>>>>> Reviewed-by: Tom Rini <trini@konsulko.com> >>>>>> --- >>>>>> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >>>>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>>>> >>>>>> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk >>>>>> index 1122439..33c7059 100644 >>>>>> --- a/arch/arm/mach-omap2/config_secure.mk >>>>>> +++ b/arch/arm/mach-omap2/config_secure.mk >>>>>> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >>>>>> else >>>>>> cmd_omapsecureimg = echo "WARNING:" \ >>>>>> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ >>>>>> - "$@ was NOT created!"; cp $< $@ >>>>>> + "$@ was NOT created!"; >>>>>> endif >>>>>> else >>>>>> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >>>>>> "variable must be defined for TI secure devices." \ >>>>>> - "$@ was NOT created!"; cp $< $@ >>>>>> + "$@ was NOT created!"; >>>>>> endif >>>>>> endif >>>>> >>>>> OK, but now that I build test this (without the tools present) this is a >>>>> NAK. The root problem is that if we don't make that dummy file we then: >>>>> arm: + am57xx_hs_evm >>>>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory >>>>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT >>>>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 >>>>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 >>>> >>>> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not >>>> defined. You cannot sign images that *need* to be signed to work on this >>>> platform, making a fake un-bootable image instead of failing is a hack >>>> and it confuses the make system when you do put the signing tool in-place. >>> >>> Well, I suppose this is a valid question. I run into it failing as I >>> (and travis-ci) build all ARM targets. Maybe we can have the build not >>> happen (and echo a Warning) and then not invoke mkimage later on if the >>> env isn't right? >> >> For test building you can export TI_SECURE_DEV_PKG to point to a dummy >> signing tool which just runs cp $1 $2. For real world building this tool >> is needed just as much as the compiler, if you don't have it you will >> not build working images, build needs to fail here. > > Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being > unset? > That is what we already do, if TI_SECURE_DEV_PKG is unset, build should fail, but right now it fakes a successful build, most likely to keep the auto-validation happy as it does not have the signing tool. The only other thing I can think of is to always try to sign the images, even when they have not changed on disk since the last build. Would this be acceptable?
On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis <afd@ti.com> > Reviewed-by: Tom Rini <trini@konsulko.com> Applied to u-boot/master, thanks!
On Fri, Dec 09, 2016 at 03:39:34PM -0600, Andrew F. Davis wrote: > On 12/09/2016 03:30 PM, Tom Rini wrote: > > On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: > >> On 12/09/2016 02:10 PM, Tom Rini wrote: > >>> On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > >>>> On 12/09/2016 01:59 PM, Tom Rini wrote: > >>>>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >>>>> > >>>>>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > >>>>>> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > >>>>>> is exported and the user re-builds, make will detect this file as > >>>>>> unchangedand and so assume it does not need to be re-generated. This > >>>>>> causes it to pack unsigned files. Fix this by not generating these > >>>>>> fake unsigned *_HS files. > >>>>>> > >>>>>> Signed-off-by: Andrew F. Davis <afd@ti.com> > >>>>>> Reviewed-by: Tom Rini <trini@konsulko.com> > >>>>>> --- > >>>>>> arch/arm/mach-omap2/config_secure.mk | 4 ++-- > >>>>>> 1 file changed, 2 insertions(+), 2 deletions(-) > >>>>>> > >>>>>> diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk > >>>>>> index 1122439..33c7059 100644 > >>>>>> --- a/arch/arm/mach-omap2/config_secure.mk > >>>>>> +++ b/arch/arm/mach-omap2/config_secure.mk > >>>>>> @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > >>>>>> else > >>>>>> cmd_omapsecureimg = echo "WARNING:" \ > >>>>>> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > >>>>>> - "$@ was NOT created!"; cp $< $@ > >>>>>> + "$@ was NOT created!"; > >>>>>> endif > >>>>>> else > >>>>>> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > >>>>>> "variable must be defined for TI secure devices." \ > >>>>>> - "$@ was NOT created!"; cp $< $@ > >>>>>> + "$@ was NOT created!"; > >>>>>> endif > >>>>>> endif > >>>>> > >>>>> OK, but now that I build test this (without the tools present) this is a > >>>>> NAK. The root problem is that if we don't make that dummy file we then: > >>>>> arm: + am57xx_hs_evm > >>>>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory > >>>>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > >>>>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > >>>>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 > >>>> > >>>> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > >>>> defined. You cannot sign images that *need* to be signed to work on this > >>>> platform, making a fake un-bootable image instead of failing is a hack > >>>> and it confuses the make system when you do put the signing tool in-place. > >>> > >>> Well, I suppose this is a valid question. I run into it failing as I > >>> (and travis-ci) build all ARM targets. Maybe we can have the build not > >>> happen (and echo a Warning) and then not invoke mkimage later on if the > >>> env isn't right? > >> > >> For test building you can export TI_SECURE_DEV_PKG to point to a dummy > >> signing tool which just runs cp $1 $2. For real world building this tool > >> is needed just as much as the compiler, if you don't have it you will > >> not build working images, build needs to fail here. > > > > Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being > > unset? > > > > That is what we already do, if TI_SECURE_DEV_PKG is unset, build should > fail, but right now it fakes a successful build, most likely to keep the > auto-validation happy as it does not have the signing tool. > > The only other thing I can think of is to always try to sign the images, > even when they have not changed on disk since the last build. Would this > be acceptable? Along with a comment above it about why we always re-sign, yes, lets go that route. Thanks!
diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk index 1122439..33c7059 100644 --- a/arch/arm/mach-omap2/config_secure.mk +++ b/arch/arm/mach-omap2/config_secure.mk @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ else cmd_omapsecureimg = echo "WARNING:" \ "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ - "$@ was NOT created!"; cp $< $@ + "$@ was NOT created!"; endif else cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ "variable must be defined for TI secure devices." \ - "$@ was NOT created!"; cp $< $@ + "$@ was NOT created!"; endif endif
When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG is exported and the user re-builds, make will detect this file as unchangedand and so assume it does not need to be re-generated. This causes it to pack unsigned files. Fix this by not generating these fake unsigned *_HS files. Signed-off-by: Andrew F. Davis <afd@ti.com> --- arch/arm/mach-omap2/config_secure.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)