From 16525cca539b975f1011211390cbfd2536de6a6c Mon Sep 17 00:00:00 2001 From: Mike Engel Date: Mon, 29 Jul 2024 13:02:42 +0200 Subject: [PATCH] swupdate: enable SWU authentication when Trustfence is enabled This commit enables SWU image authentication when TrustFence is enabled instead of when signing of images is enabled. This allows the system to authenticate SWU images on images that have been externally signed. https://onedigi.atlassian.net/browse/DEL-8891 Signed-off-by: Mike Engel --- meta-digi-dey/classes/dey-swupdate-common.bbclass | 2 +- meta-digi-dey/recipes-digi/swu-images/swu.inc | 2 +- meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-digi-dey/classes/dey-swupdate-common.bbclass b/meta-digi-dey/classes/dey-swupdate-common.bbclass index bad51a542..3a463c8fd 100644 --- a/meta-digi-dey/classes/dey-swupdate-common.bbclass +++ b/meta-digi-dey/classes/dey-swupdate-common.bbclass @@ -93,7 +93,7 @@ SWUPDATE_UBOOT_SCRIPT_NAME = "${@os.path.basename(d.getVar('SWUPDATE_UBOOT_SCRIP # Retrieve the correct U-Boot prefix. def get_uboot_prefix(d): prefix = d.getVar('UBOOT_PREFIX') - if d.getVar('DEY_SOC_VENDOR') == "NXP" and d.getVar('TRUSTFENCE_SIGN') == "1": + if d.getVar('DEY_SOC_VENDOR') == "NXP" and d.getVar('TRUSTFENCE_ENABLED') == "1": if "ccimx6" in d.getVar('MACHINE'): prefix = f"{prefix}-dtb" if d.getVar('TRUSTFENCE_DEK_PATH') and d.getVar('TRUSTFENCE_DEK_PATH') != "0": diff --git a/meta-digi-dey/recipes-digi/swu-images/swu.inc b/meta-digi-dey/recipes-digi/swu-images/swu.inc index 9aff6d212..fd79434a4 100644 --- a/meta-digi-dey/recipes-digi/swu-images/swu.inc +++ b/meta-digi-dey/recipes-digi/swu-images/swu.inc @@ -57,7 +57,7 @@ python do_swuimage:prepend() { import shutil # Set signing key for trustfence enabled updates. - if (d.getVar('TRUSTFENCE_SIGN') == "1"): + if (d.getVar('TRUSTFENCE_ENABLED') == "1"): d.setVar('SWUPDATE_PRIVATE_KEY', glob.glob(d.getVar('SWUPDATE_PRIVATE_KEY_TEMPLATE'))[0]) # Copy script file. diff --git a/meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend b/meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend index d0b368f08..c51a215ec 100644 --- a/meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend +++ b/meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend @@ -11,7 +11,7 @@ SRC_URI += " \ file://0003-handlers-rdiff-handler-for-applying-librsync-s-rdiff.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://systemd.cfg', '', d)} \ ${@bb.utils.contains('STORAGE_MEDIA', 'mtd', 'file://mtd.cfg', '', d)} \ - ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://signed_images.cfg', '', d)} \ + ${@oe.utils.conditional('TRUSTFENCE_ENABLED', '1', 'file://signed_images.cfg', '', d)} \ file://swupdate.config \ "