AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable
images.
+- ``KEY_ALG``: This build flag enables the user to select the algorithm to be
+ used for generating the PKCS keys and subsequent signing of the certificate.
+ It accepts 2 values viz ``rsa``, ``ecdsa``. The default value of this flag
+ is ``rsa``.
+
- ``LDFLAGS``: Extra user options appended to the linkers' command line in
addition to the one set by the build system.
include drivers/auth/mbedtls/mbedtls_common.mk
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
-# algorithm to use. Default algorithm is RSA.
+# algorithm to use. If the variable is not defined, select it based on algorithm
+# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
+# defined to `rsa`, then set the variable to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},)
- TF_MBEDTLS_KEY_ALG := rsa
+ ifeq (${KEY_ALG}, ecdsa)
+ TF_MBEDTLS_KEY_ALG := ecdsa
+ else
+ TF_MBEDTLS_KEY_ALG := rsa
+ endif
endif
# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
# operations.
HW_ASSISTED_COHERENCY := 0
+# Set the default algorithm for the generation of Trusted Board Boot keys
+KEY_ALG := rsa
+
# Flag to enable new version of image loading
LOAD_IMAGE_V2 := 0
ifneq (${TRUSTED_BOARD_BOOT},0)
- # By default, ARM platforms use RSA keys
- KEY_ALG := rsa
-
# Include common TBB sources
AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
$(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu))
- TF_MBEDTLS_KEY_ALG := ${KEY_ALG}
-
# We expect to locate the *.mk files under the directories specified below
ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
projects / project / bcm63xx / atf.git / commitdiff