trustfence: use signed images suffixes for ccmp1 boot artifacts

When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.

Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>

meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend

@@ -74,7 +74,7 @@ do_deploy:append() {
 		i="$(expr ${i} + 1)"
 		dt_config="$(echo ${FIP_DEVICETREE} | cut -d',' -f${i})"
 		for dt in ${dt_config}; do
-			FIP_FILENAME="${FIP_BASENAME}-${dt}-${config}.${FIP_SUFFIX}"
+			FIP_FILENAME="${FIP_BASENAME}-${dt}-${config}${FIP_SIGN_SUFFIX}.${FIP_SUFFIX}"
 			echo "${FIP_FILENAME}"
 			if [ -f "${DEPLOYDIR}/fip/${FIP_FILENAME}" ]; then
 				cd "${DEPLOYDIR}"
@@ -104,9 +104,11 @@ tfa_sign() {
 				bl2)
 					TF_A_FILENAME="${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}"
 					if [ -f "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" ]; then
-						trustfence-sign-artifact.sh -p "${DIGI_SOM}" -t "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}_signed"
+						trustfence-sign-artifact.sh -p "${DIGI_SOM}" -t "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}${TFA_SIGN_SUFFIX}"
 						# the generated artifact lacks 'w' permission which prevents deletion by the build system
-						chmod u+w "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}_signed"
+						chmod u+w "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}${TFA_SIGN_SUFFIX}"
+						# symlink TF-A
+						ln -s "arm-trusted-firmware/${TF_A_FILENAME}${TFA_SIGN_SUFFIX}" "${DEPLOYDIR}/"
 					fi
 				esac
 			done # for file_type in ${tfa_file_type}

meta-digi-dey/classes/dey-swupdate-common.bbclass

@@ -98,8 +98,9 @@ SWUPDATE_UBOOT_EXT ?= ".${UBOOT_SUFFIX}"
 SWUPDATE_UBOOT_EXT_TFA ?= ".stm32"
 
 SWUPDATE_UBOOT_NAME ?= "${SWUPDATE_UBOOT_PREFIX}-${MACHINE}${SWUPDATE_UBOOT_EXT}"
-SWUPDATE_UBOOT_NAME:ccmp1 ?= "${SWUPDATE_UBOOT_PREFIX}-${MACHINE}-optee${SWUPDATE_UBOOT_EXT}"
+SWUPDATE_UBOOT_NAME:ccmp1 ?= "${SWUPDATE_UBOOT_PREFIX}-${MACHINE}-optee${FIP_SIGN_SUFFIX}${SWUPDATE_UBOOT_EXT}"
-SWUPDATE_UBOOT_NAME_TFA ?= "${@oe.utils.conditional('DEY_SOC_VENDOR', 'STM', '${SWUPDATE_UBOOT_PREFIX_TFA}-${MACHINE}-nand${SWUPDATE_UBOOT_EXT_TFA}', '', d)}"
+SWUPDATE_UBOOT_NAME_TFA ?= ""
+SWUPDATE_UBOOT_NAME_TFA:ccmp1 ?= "${SWUPDATE_UBOOT_PREFIX_TFA}-${MACHINE}-nand${SWUPDATE_UBOOT_EXT_TFA}${TFA_SIGN_SUFFIX}"
 
 SWUPDATE_UBOOT_OFFSET ?= "0"
 SWUPDATE_UBOOT_OFFSET:ccimx6 ?= "1"

meta-digi-dey/classes/trustfence.bbclass

@@ -37,6 +37,9 @@ TRUSTFENCE_ENCRYPT_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-
 # Read-only rootfs
 TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "1", "0", d)}"
 
+FIP_SIGN_SUFFIX ?= "${@bb.utils.contains('TRUSTFENCE_SIGN', '1', '_Signed', '', d)}"
+TFA_SIGN_SUFFIX ?= "${@bb.utils.contains('TRUSTFENCE_SIGN', '1', '_signed', '', d)}"
+
 #
 # NOTHING TO CUSTOMIZE BELOW THIS LINE
 #