uboot-sign: Fix using wrong KEY_REQ_ARGS

When generating our SPL-verifying certificate, we use FIT_KEY_REQ_ARGS, which is intended for the U-Boot-verifying certificate. Instead, use UBOOT_FIT_KEY_REQ_ARGS. Fixes: 0e6b0fefa0 ("u-boot: Use a different Key for SPL signing") (From OE-Core rev: a2d939ccb182a1ad29280d236b9f9e1d09527af1) Signed-off-by: Sean Anderson <sean.anderson@seco.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-03-17 20:59:42 +01:00 · 2022-10-21 19:37:21 -04:00
parent 6100383cc4
commit c755c37efb
1 changed files with 1 additions and 1 deletions
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -298,7 +298,7 @@ do_uboot_generate_rsa_keys() {
 				"${UBOOT_FIT_SIGN_NUMBITS}"

 			echo "Generating certificate for signing U-Boot fitImage"
-			openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
+			openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
 				-key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
 				-out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
 		fi