uboot-sign: Fix using wrong KEY_REQ_ARGS

When generating our SPL-verifying certificate, we use FIT_KEY_REQ_ARGS,
which is intended for the U-Boot-verifying certificate. Instead, use
UBOOT_FIT_KEY_REQ_ARGS.

Fixes: 0e6b0fefa0 ("u-boot: Use a different Key for SPL signing")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>

diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index debbf23ec603f75dd10c225efb2449b23c2e197c..4b5912a01dc3a86bff27060e7a6435d80ef0ecf7 100644 (file)
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -298,7 +298,7 @@ do_uboot_generate_rsa_keys() {
                                "${UBOOT_FIT_SIGN_NUMBITS}"
 
                        echo "Generating certificate for signing U-Boot fitImage"
-                       openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
+                       openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
                                -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
                                -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
                fi