Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: add warnings for deprecated TF variables 

Warn when the deprecated TRUSTFENCE_DEK_PATH variable is detected, and fail the
build if it is used to disable artifact encryption. This prevents accidental
wrong compilations and guides users to replacement variables.

https://onedigi.atlassian.net/browse/DEL-9929

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2026-02-26 12:26:45 +01:00
parent 1d705c8665
commit 280594fce6
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
meta-digi-dey/classes/trustfence.bbclass
View File

@ -172,6 +172,11 @@ python () {
DEK_PATH = os.path.dirname(d.getVar("TRUSTFENCE_DEK_PATH")) DEK_PATH = os.path.dirname(d.getVar("TRUSTFENCE_DEK_PATH"))
if (d.getVar("TRUSTFENCE_KEYS_PATH") != DEK_PATH): if (d.getVar("TRUSTFENCE_KEYS_PATH") != DEK_PATH):
bb.fatal('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; Set new variable TRUSTFENCE_KEYS_PATH to the directory containing both your sign and encryption keys.') bb.fatal('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; Set new variable TRUSTFENCE_KEYS_PATH to the directory containing both your sign and encryption keys.')
if d.getVar("TRUSTFENCE_DEK_PATH"):
if (d.getVar("TRUSTFENCE_DEK_PATH") != "0"):
bb.warnonce('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; Set new variable TRUSTFENCE_KEYS_PATH to the directory containing both your sign and encryption keys.')
else:
bb.fatal('[trustfence] TRUSTFENCE_DEK_PATH is deprecated; To disable encryption set new variable TRUSTFENCE_ENCRYPT.')
# Secure console configuration # Secure console configuration
if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE") == "1"): if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE") == "1"):