meta-digi: Add TrustFence configuration class.

This commit adds a trustfence class to encapsulate all trustfence configurations. https://jira.digi.com/browse/DEL-2257 Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
2016-05-10 18:16:28 +02:00 · 2016-05-10 18:16:28 +02:00 · 2e95ff7519
parent 1fa78eb3de
commit 2e95ff7519
1 changed files with 36 additions and 0 deletions
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -0,0 +1,36 @@
+# Adds TrustFence configuration
+#
+# To use it add the following line to conf/local.conf:
+#
+# INHERIT += "trustfence"
+#
+# Inheriting this class enables the following default TrustFence configuration:
+#
+# * Disabled console
+#
+
+# Default secure console configuration
+TRUSTFENCE_CONSOLE_DISABLE ?= "1"
+
+# Uncomment to enable the console with the specified passphrase
+#TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "my_secure_passphrase"
+
+# Alternatively, uncommment to enable the console with the specified GPIO
+#TRUSTFENCE_CONSOLE_GPIO_ENABLE = "4"
+
+IMAGE_FEATURES += "dey-trustfence"
+
+UBOOT_EXTRA_CONF = ""
+
+python () {
+    import hashlib
+
+    # Secure console configuration
+    if d.getVar("TRUSTFENCE_CONSOLE_DISABLE", True):
+        d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_CONSOLE_DISABLE=y ")
+        if d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE", True):
+            passphrase_hash = hashlib.sha256(d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE")).hexdigest()
+            d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_CONSOLE_ENABLE_PASSPHRASE=y CONFIG_CONSOLE_ENABLE_PASSPHRASE_KEY=\\"%s\\" ' % passphrase_hash)
+        elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE", True):
+            d.appendVar("UBOOT_EXTRA_CONF", " CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CCIMX6SBC_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"))
+}