From 379ab894c388aefa9028f78ae5514a74fcea6a2f Mon Sep 17 00:00:00 2001 From: Gonzalo Ruiz Date: Mon, 21 Dec 2020 17:36:40 +0100 Subject: [PATCH] trustfence-cst: remove *.inc file Since there is only 1 supported version of cst, the include file is only used once. Move all the recipe implementation to the *.bb recipe and remove the *.inc file. Signed-off-by: Gonzalo Ruiz --- .../trustfence-cst/trustfence-cst.inc | 73 ------------------ .../trustfence-cst/trustfence-cst_3.3.1.bb | 74 ++++++++++++++++++- 2 files changed, 72 insertions(+), 75 deletions(-) delete mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc deleted file mode 100644 index 88b3ca832..000000000 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright (C) 2017-2019 Digi International -SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" -DESCRIPTION = "Provides software code signing support designed for use with \ -i.MX processors that integrate the HAB library in the internal boot ROM." -HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530" - -DEPENDS = "openssl byacc flex" - -# Explicitly add byacc-native as a dependency when building the package for the -# SDK, otherwise, it won't get installed in the sysroot, causing a compilation -# error. -# Explicitly add openssl-native for the SDK build to correctly link to the -# openssl libraries in the native dependencies folder. -DEPENDS_append_class-nativesdk = " byacc-native openssl-native" - -SRC_URI = " \ - ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', '${DIGI_PKG_SRC}/cst-${PV}.tgz', '', d)} \ - file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ - file://0002-hab4_pki_tree.sh-automate-script.patch \ - file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \ - file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \ - file://0005-ahab_pki_tree.sh-automate-script.patch \ - file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \ - file://0007-Makefile-statically-link-libcrypto.patch \ -" - -SRC_URI[md5sum] = "27ba9c8bc0b8a7f14d23185775c53794" -SRC_URI[sha256sum] = "8b7e44e3e126f814f5caf8a634646fe64021405302ca59ff02f5c8f3b9a5abb9" - -# Usually local files (with file:// protocol) are not checked for -# premirrors. But in this case we want to be able to download the 'cst' -# package from a premirror in case it's not already in the DL_DIR, so prepend -# a premirror for the 'file://' protocol. -python() { - source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True) - if source_mirror_url: - premirrors = d.getVar('PREMIRRORS', True) - d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors)) -} - -S = "${WORKDIR}/cst-${PV}/" - -do_compile() { - export LDLIBPATH=-L${WORKDIR}/recipe-sysroot-native/usr/lib - export COPTIONS=-I${WORKDIR}/recipe-sysroot-native/usr/include - cd ${S}/code/cst - oe_runmake OSTYPE=linux64 clean - oe_runmake OSTYPE=linux64 rel_bin -} - -do_install() { - install -d ${D}${bindir} - install -m 0755 $(find ${S}/code/cst/release/linux64 -type f -name cst) ${D}${bindir}/cst - install -m 0755 $(find ${S}/code/cst/release/linux64 -type f -name srktool) ${D}${bindir}/srktool - if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then - install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh - elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then - install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh - else - bberror "Unkown TRUSTFENCE_SIGN_MODE value" - exit 1 - fi - install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf - install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf - install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf -} - -INSANE_SKIP_${PN} += "already-stripped" - -FILES_${PN} = "${bindir}" -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb index 04796598f..531514254 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb @@ -1,3 +1,73 @@ -# Copyright (C) 2019 Digi International +# Copyright (C) 2017-2020 Digi International +SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" +DESCRIPTION = "Provides software code signing support designed for use with \ +i.MX processors that integrate the HAB library in the internal boot ROM." +HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530" -require trustfence-cst.inc +DEPENDS = "openssl byacc flex" + +# Explicitly add byacc-native as a dependency when building the package for the +# SDK, otherwise, it won't get installed in the sysroot, causing a compilation +# error. +# Explicitly add openssl-native for the SDK build to correctly link to the +# openssl libraries in the native dependencies folder. +DEPENDS_append_class-nativesdk = " byacc-native openssl-native" + +SRC_URI = " \ + ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', '${DIGI_PKG_SRC}/cst-${PV}.tgz', '', d)} \ + file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ + file://0002-hab4_pki_tree.sh-automate-script.patch \ + file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \ + file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \ + file://0005-ahab_pki_tree.sh-automate-script.patch \ + file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \ + file://0007-Makefile-statically-link-libcrypto.patch \ +" + +SRC_URI[md5sum] = "27ba9c8bc0b8a7f14d23185775c53794" +SRC_URI[sha256sum] = "8b7e44e3e126f814f5caf8a634646fe64021405302ca59ff02f5c8f3b9a5abb9" + +# Usually local files (with file:// protocol) are not checked for +# premirrors. But in this case we want to be able to download the 'cst' +# package from a premirror in case it's not already in the DL_DIR, so prepend +# a premirror for the 'file://' protocol. +python() { + source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True) + if source_mirror_url: + premirrors = d.getVar('PREMIRRORS', True) + d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors)) +} + +S = "${WORKDIR}/cst-${PV}/" + +do_compile() { + export LDLIBPATH=-L${WORKDIR}/recipe-sysroot-native/usr/lib + export COPTIONS=-I${WORKDIR}/recipe-sysroot-native/usr/include + cd ${S}/code/cst + oe_runmake OSTYPE=linux64 clean + oe_runmake OSTYPE=linux64 rel_bin +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 $(find ${S}/code/cst/release/linux64 -type f -name cst) ${D}${bindir}/cst + install -m 0755 $(find ${S}/code/cst/release/linux64 -type f -name srktool) ${D}${bindir}/srktool + if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then + install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh + elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then + install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh + else + bberror "Unkown TRUSTFENCE_SIGN_MODE value" + exit 1 + fi + install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf + install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf + install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf +} + +INSANE_SKIP_${PN} += "already-stripped" + +FILES_${PN} = "${bindir}" +BBCLASSEXTEND = "native nativesdk"