linux-dey: adapt trustfence_sign function after migration

The way the kernel artifacts are generated has change as of Yocto 2.2. Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed their default values. Thus the trustfence_sign function needed some tweaks to continue working properly. https://jira.digi.com/browse/DEL-3834 Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2017-03-02 16:25:09 +01:00 · 2017-03-02 16:25:09 +01:00 · 372a063ac4
parent 55ba548d61
commit 372a063ac4
1 changed files with 18 additions and 12 deletions
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
@ -34,22 +34,28 @@ trustfence_sign() {
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 	[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"

-	# Sign/encrypt the kernel image
-	KERNEL_IMAGE="$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME})"
-	TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME}-signed.XXXXXX)"
-	trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
-	mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
+	# Sign/encrypt the kernel images
+	for type in ${KERNEL_IMAGETYPES}; do
+		KERNEL_IMAGE="${type}-${KERNEL_IMAGE_BASE_NAME}.bin"
+		TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)"
+		trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
+		mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
+	done

 	# Sign/encrypt the device tree blobs
-	if [ -n "${KERNEL_DEVICETREE}" ]; then
-		for DTB_NAME in ${KERNEL_DEVICETREE}; do
-			DTB=$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME})
-			TMP_DTB_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME}-signed.XXXXXX)"
-			trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB}" "${TMP_DTB_SIGNED}"
-			mv "${TMP_DTB_SIGNED}" "${DTB}"
+	for DTB in ${KERNEL_DEVICETREE}; do
+		DTB=`normalize_dtb "${DTB}"`
+		DTB_EXT=${DTB##*.}
+		DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
+		for type in ${KERNEL_IMAGETYPES}; do
+			DTB_IMAGE="$(echo ${type}-${KERNEL_IMAGE_BASE_NAME} | sed "s/${MACHINE}/${DTB_BASE_NAME}/g").${DTB_EXT}"
+			TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
+			trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
+			mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
 		done
-	fi
+	done
 }
+trustfence_sign[dirs] = "${DEPLOYDIR}"

 do_deploy[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX TRUSTFENCE_DEK_PATH"