From 07618c2d9984576e495ce7d0247bdc5e5093c0a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Iwanicki?= <michal.iwanicki@3mdeb.com>
Date: Tue, 9 Apr 2024 14:36:21 +0200
Subject: [PATCH] odroid-m1: add public key in rockchip-u-boot.dtsi

---
 Makefile                              |  2 +-
 arch/arm/dts/rockchip-u-boot.dtsi     | 15 +++++++++++++++
 arch/arm/mach-rockchip/Kconfig        | 10 ++--------
 configs/odroid-m1-sb-rk3568_defconfig |  1 -
 dts/Makefile                          |  3 ---
 scripts/Makefile.lib                  | 11 -----------
 6 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/Makefile b/Makefile
index 687c7fe6142c..89a85faefc27 100644
--- a/Makefile
+++ b/Makefile
@@ -1124,7 +1124,7 @@ endef
 ifeq ($(CONFIG_BINMAN),y)
 	$(call if_changed,binman)
 ifeq ($(CONFIG_SIGN_UBOOT),y)
-	$(objtree)/tools/mkimage -F -k $(CONFIG_KEY_DIRECTORY) u-boot.itb
+	$(objtree)/tools/mkimage -F -k $(objtree) u-boot.itb
 endif
 endif
 	@touch $@
diff --git a/arch/arm/dts/rockchip-u-boot.dtsi b/arch/arm/dts/rockchip-u-boot.dtsi
index 0ba5552caaf8..cba0978a3c4e 100644
--- a/arch/arm/dts/rockchip-u-boot.dtsi
+++ b/arch/arm/dts/rockchip-u-boot.dtsi
@@ -30,6 +30,21 @@
 			};
 #endif
 			u-boot-spl {
+#ifdef CONFIG_SPL_ADD_PUBLIC_KEY
+			    type = "section";
+
+			    u-boot-spl-nodtb {
+			    };
+			    u-boot-spl-pubkey-dtb {
+			        algo = CONFIG_SIGN_SIGNING_ALGORITHM;
+					key-name-hint = CONFIG_KEY_HINT_NAME;
+#ifdef CONFIG_SIGN_UBOOT_IMAGES
+					required = "image";
+#else
+					required = "conf";
+#endif
+			    };
+#endif
 			};
 		};
 
diff --git a/arch/arm/mach-rockchip/Kconfig b/arch/arm/mach-rockchip/Kconfig
index 66f1aff6a676..1a639a1de753 100644
--- a/arch/arm/mach-rockchip/Kconfig
+++ b/arch/arm/mach-rockchip/Kconfig
@@ -534,18 +534,12 @@ menuconfig SIGN_UBOOT
 
 if SIGN_UBOOT
 
-config KEY_DIRECTORY
-	string	"Key directory"
-	default "."
-	help
-	  Directory in which to look for keys
-
 config KEY_HINT_NAME
 	string	"Key hint name"
 	default "dev"
 	help
-	  Private key: CONFIG_KEY_NAME.key
-	  Certificate: CONFIG_KEY_NAME.crt
+	  Private key: CONFIG_KEY_HINT_NAME.key
+	  Certificate: CONFIG_KEY_HINT_NAME.crt
 
 choice
 	prompt "Which part of U-Boot to sign"
diff --git a/configs/odroid-m1-sb-rk3568_defconfig b/configs/odroid-m1-sb-rk3568_defconfig
index e13631e2510a..cc83fae84043 100644
--- a/configs/odroid-m1-sb-rk3568_defconfig
+++ b/configs/odroid-m1-sb-rk3568_defconfig
@@ -15,7 +15,6 @@ CONFIG_ROCKCHIP_RK3568=y
 CONFIG_SPL_ROCKCHIP_COMMON_BOARD=y
 CONFIG_ROCKCHIP_SPI_IMAGE=y
 CONFIG_SIGN_UBOOT=y
-CONFIG_KEY_DIRECTORY="keys"
 CONFIG_SPL_ADD_PUBLIC_KEY=y
 CONFIG_SPL_SERIAL=y
 CONFIG_SPL_STACK_R_ADDR=0x600000
diff --git a/dts/Makefile b/dts/Makefile
index 3fc7f14cfa2e..3437e54033db 100644
--- a/dts/Makefile
+++ b/dts/Makefile
@@ -19,9 +19,6 @@ endif
 $(obj)/dt-$(SPL_NAME).dtb: dts/dt.dtb $(objtree)/tools/fdtgrep FORCE
 	mkdir -p $(dir $@)
 	$(call if_changed,fdtgrep)
-ifeq ($(CONFIG_SPL_ADD_PUBLIC_KEY),y)
-	$(call if_changed,fdt_add_pubkey)
-endif
 
 ifeq ($(CONFIG_OF_DTB_PROPS_REMOVE),y)
 $(obj)/dt.dtb: $(DTB) $(objtree)/tools/fdtgrep FORCE
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index e98fc2b3ec32..1ca84195c997 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -691,14 +691,3 @@ define filechk_offsets
 	 echo ""; \
 	 echo "#endif" )
 endef
-
-ifeq ($(CONFIG_SIGN_UBOOT_IMAGES),y)
-spl_require_value=image
-else
-spl_require_value=conf
-endif
-
-quiet_cmd_fdt_add_pubkey = FDT_ADD_PUBKEY $@
-      cmd_fdt_add_pubkey = $(objtree)/tools/fdt_add_pubkey \
-	    -a $(CONFIG_SIGN_SIGNING_ALGORITHM) -k $(CONFIG_KEY_DIRECTORY) \
-		-r $(spl_require_value) -n $(CONFIG_KEY_HINT_NAME) $@