From 826e361e7a0c0d41cdf200ce16a62d734370b49e Mon Sep 17 00:00:00 2001
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Date: Tue, 9 Apr 2019 14:51:37 -0500
Subject: [PATCH] CMake/rimage: add option to use out-of-tree private key

On specific Intel platforms, we have to use a private key which is not
shared with the rest of the world.

Extend xtensa-build-all.sh with an option, and pass the key path
explicitly to cmake if needed.

Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
---
 scripts/xtensa-build-all.sh    | 16 ++++++++++++++++
 src/arch/xtensa/CMakeLists.txt |  9 ++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/scripts/xtensa-build-all.sh b/scripts/xtensa-build-all.sh
index a1528e1c1..28a1f5b26 100755
--- a/scripts/xtensa-build-all.sh
+++ b/scripts/xtensa-build-all.sh
@@ -19,6 +19,7 @@ then
 	echo "       [-u] Force UP ARCH"
 	echo "       [-d] Enable debug build"
 	echo "       [-c] Configure defconfig"
+	echo "       [-k] Use private key"
 	echo "       [-j [n]] Set number of make build jobs." \
 		"Jobs=#cores when no flag. Inifinte when no arg."
 	echo "       Supported platforms ${SUPPORTED_PLATFORMS[@]}"
@@ -47,6 +48,10 @@ else
 			then
 			MAKE_MENUCONFIG=yes
 
+		elif [[ "$args" == "-k" ]]
+			then
+			USE_PRIVATE_KEY=yes
+
 		# Build all platforms
 		elif [[ "$args" == "-a" ]]
 			then
@@ -79,6 +84,16 @@ then
 	exit 1
 fi
 
+if [ "x$USE_PRIVATE_KEY" == "xyes" ]
+then
+	if [ -z ${RIMAGE_PRIVATE_KEY+x} ]
+	then
+		echo "Error: No variable specified for RIMAGE_PRIVATE_KEY"
+		exit 1
+	fi
+	PRIVATE_KEY_OPTION="-DRIMAGE_PRIVATE_KEY=${RIMAGE_PRIVATE_KEY}"
+fi
+
 # fail on any errors
 set -e
 
@@ -252,6 +267,7 @@ do
 	cmake -DTOOLCHAIN=$TOOLCHAIN \
 		-DROOT_DIR=$ROOT \
 		-DCMAKE_VERBOSE_MAKEFILE=ON \
+		${PRIVATE_KEY_OPTION} \
 		..
 
 	make ${PLATFORM}_defconfig
diff --git a/src/arch/xtensa/CMakeLists.txt b/src/arch/xtensa/CMakeLists.txt
index 6459f74b0..6cbb6b366 100644
--- a/src/arch/xtensa/CMakeLists.txt
+++ b/src/arch/xtensa/CMakeLists.txt
@@ -285,6 +285,10 @@ add_custom_target(
 	USES_TERMINAL
 )
 
+if(NOT DEFINED RIMAGE_PRIVATE_KEY)
+	set(RIMAGE_PRIVATE_KEY ${PROJECT_SOURCE_DIR}/rimage/keys/otc_private_key.pem)
+endif()
+
 if(MEU_PATH)
 	execute_process(
 		COMMAND ${MEU_PATH}/meu -ver
@@ -301,8 +305,6 @@ if(MEU_PATH)
 		set(MEU_OFFSET 1088)
 	endif()
 
-	set(otc_private_key ${PROJECT_SOURCE_DIR}/rimage/keys/otc_private_key.pem)
-
 	add_custom_target(
 		run_rimage
 		COMMAND ${PROJECT_BINARY_DIR}/rimage_ep/build/rimage
@@ -310,7 +312,7 @@ if(MEU_PATH)
 			-p sof-${fw_name}.ldc
 			-m ${fw_name}
 			-s ${MEU_OFFSET}
-			-k ${otc_private_key}
+			-k ${RIMAGE_PRIVATE_KEY}
 			${bootloader_binary_path}
 			sof-${fw_name}
 		DEPENDS sof_dump
@@ -340,6 +342,7 @@ else()
 			-o sof-${fw_name}.ri
 			-p sof-${fw_name}.ldc
 			-m ${fw_name}
+			-k ${RIMAGE_PRIVATE_KEY}
 			${bootloader_binary_path}
 			sof-${fw_name}
 		DEPENDS sof_dump