Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linux-dey: adapt trustfence_sign function after migration 

The way the kernel artifacts are generated has change as of Yocto 2.2.
Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed
their default values.

Thus the trustfence_sign function needed some tweaks to continue working
properly.

https://jira.digi.com/browse/DEL-3834

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera 2017-03-02 16:25:09 +01:00
parent 55ba548d61
commit 372a063ac4
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
meta-digi-arm/recipes-kernel/linux/linux-dey.inc
View File

@ -34,22 +34,28 @@ trustfence_sign() {
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
# Sign/encrypt the kernel image # Sign/encrypt the kernel images
KERNEL_IMAGE="$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME})" for type in ${KERNEL_IMAGETYPES}; do
TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGE_SYMLINK_NAME}-signed.XXXXXX)" KERNEL_IMAGE="${type}-${KERNEL_IMAGE_BASE_NAME}.bin"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}" TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)"
mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}" trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
done
# Sign/encrypt the device tree blobs # Sign/encrypt the device tree blobs
if [ -n "${KERNEL_DEVICETREE}" ]; then for DTB in ${KERNEL_DEVICETREE}; do
for DTB_NAME in ${KERNEL_DEVICETREE}; do DTB=`normalize_dtb "${DTB}"`
DTB=$(readlink -e ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME}) DTB_EXT=${DTB##*.}
TMP_DTB_SIGNED="$(mktemp ${DEPLOYDIR}/${KERNEL_IMAGETYPE}-${DTB_NAME}-signed.XXXXXX)" DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB}" "${TMP_DTB_SIGNED}" for type in ${KERNEL_IMAGETYPES}; do
mv "${TMP_DTB_SIGNED}" "${DTB}" DTB_IMAGE="$(echo ${type}-${KERNEL_IMAGE_BASE_NAME} | sed "s/${MACHINE}/${DTB_BASE_NAME}/g").${DTB_EXT}"
TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
done done
fi done
} }
trustfence_sign[dirs] = "${DEPLOYDIR}"
do_deploy[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX TRUSTFENCE_DEK_PATH" do_deploy[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX TRUSTFENCE_DEK_PATH"