On Thu, Nov 06, 2025 at 09:02:07AM +0100, Ahmad Fatoum wrote: > Hi, > > On 06.11.25 08:30, Sascha Hauer wrote: > > This adds a new Kconfig option CONFIG_ARCH_K3_SIGNING_KEY_ENV. With > > this option enabled the content of CONFIG_ARCH_K3_SIGNING_KEY is treated > > as the name of an environment variable from which the private key > > file/uri is taken. This allows for better integration with build > > systems. > > > > Signed-off-by: Sascha Hauer <[email protected]> > > --- > > arch/arm/mach-k3/Kconfig | 8 ++++++++ > > images/Makefile.k3 | 12 +++++++++++- > > 2 files changed, 19 insertions(+), 1 deletion(-) > > > > diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig > > index ecd77d8d9a..58f6ba827d 100644 > > --- a/arch/arm/mach-k3/Kconfig > > +++ b/arch/arm/mach-k3/Kconfig > > @@ -81,6 +81,14 @@ config ARCH_K3_SIGNING_KEY_CUSTOM > > > > endchoice > > > > +config ARCH_K3_SIGNING_KEY_ENV > > + bool "Specify signing key in environment" > > + depends on ARCH_K3_SIGNING_KEY_CUSTOM > > + help > > + If this option is enabled the content of CONFIG_ARCH_K3_SIGNING_KEY > > + is treated as name of an environment variable rather than a > > filename/uri > > + directly which allows for better integration with build systems. > > Why an extra option instead of just interpreting any number of __ENV_something > as environment variable ${something} as we already do for > CONFIG_CRYPTO_PUBLIC_KEYS?
I tried but despaired at the quoting hell I got into. __ENV__something right now is interpreted in scripts/keytoc.c which is easy. FWIW with HAB_CERTS_ENV we have something similar to the way I have chosen as well. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
