From 280594fce60ca91451e30d0c00d87691a435dd45 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Thu, 26 Feb 2026 12:26:45 +0100 Subject: [PATCH] trustfence: add warnings for deprecated TF variables Warn when the deprecated TRUSTFENCE_DEK_PATH variable is detected, and fail the build if it is used to disable artifact encryption. This prevents accidental wrong compilations and guides users to replacement variables. https://onedigi.atlassian.net/browse/DEL-9929 Signed-off-by: Arturo Buzarra --- meta-digi-dey/classes/trustfence.bbclass | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 27ae1da79..fe18354d1 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -172,6 +172,11 @@ python () { DEK_PATH = os.path.dirname(d.getVar("TRUSTFENCE_DEK_PATH")) if (d.getVar("TRUSTFENCE_KEYS_PATH") != DEK_PATH): bb.fatal('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; Set new variable TRUSTFENCE_KEYS_PATH to the directory containing both your sign and encryption keys.') + if d.getVar("TRUSTFENCE_DEK_PATH"): + if (d.getVar("TRUSTFENCE_DEK_PATH") != "0"): + bb.warnonce('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; Set new variable TRUSTFENCE_KEYS_PATH to the directory containing both your sign and encryption keys.') + else: + bb.fatal('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; To disable encryption set new variable TRUSTFENCE_ENCRYPT.') # Secure console configuration if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE") == "1"):