From 372a063ac4c8796cb4af8ea7f950a97421ca2e66 Mon Sep 17 00:00:00 2001
From: Javier Viguera <javier.viguera@digi.com>
Date: Thu, 2 Mar 2017 16:25:09 +0100
Subject: [PATCH] linux-dey: adapt trustfence_sign function after migration

The way the kernel artifacts are generated has change as of Yocto 2.2.
Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed
their default values.

Thus the trustfence_sign function needed some tweaks to continue working
properly.

https://jira.digi.com/browse/DEL-3834

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
 .../recipes-kernel/linux/linux-dey.inc        | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
index f897fb1ba..1f7eb809e 100644
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
@@ -34,22 +34,28 @@ trustfence_sign() {
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 	[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 
-	# Sign/encrypt the kernel image
-	KERNEL_IMAGE="$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME})"
-	TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME}-signed.XXXXXX)"
-	trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
-	mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
+	# Sign/encrypt the kernel images
+	for type in ${KERNEL_IMAGETYPES}; do
+		KERNEL_IMAGE="${type}-${KERNEL_IMAGE_BASE_NAME}.bin"
+		TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)"
+		trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
+		mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
+	done
 
 	# Sign/encrypt the device tree blobs
-	if [ -n "${KERNEL_DEVICETREE}" ]; then
-		for DTB_NAME in ${KERNEL_DEVICETREE}; do
-			DTB=$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME})
-			TMP_DTB_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME}-signed.XXXXXX)"
-			trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB}" "${TMP_DTB_SIGNED}"
-			mv "${TMP_DTB_SIGNED}" "${DTB}"
+	for DTB in ${KERNEL_DEVICETREE}; do
+		DTB=`normalize_dtb "${DTB}"`
+		DTB_EXT=${DTB##*.}
+		DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
+		for type in ${KERNEL_IMAGETYPES}; do
+			DTB_IMAGE="$(echo ${type}-${KERNEL_IMAGE_BASE_NAME} | sed "s/${MACHINE}/${DTB_BASE_NAME}/g").${DTB_EXT}"
+			TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
+			trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
+			mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
 		done
-	fi
+	done
 }
+trustfence_sign[dirs] = "${DEPLOYDIR}"
 
 do_deploy[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX TRUSTFENCE_DEK_PATH"