Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: add support to sign/encrypt DTB overlays 

https://jira.digi.com/browse/DEL-7024

Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit is contained in:
Gonzalo Ruiz 2020-05-28 15:25:10 +02:00
parent 283e6b0638
commit 38d95cf361
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
View File

@ -33,12 +33,13 @@ done
SCRIPT_NAME="$(basename ${0})"
SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)"
while getopts "bdilp:" c; do
while getopts "bdilop:" c; do
case "${c}" in
b) ARTIFACT_BOOTSCRIPT="y";;
d) ARTIFACT_DTB="y";;
i) ARTIFACT_INITRAMFS="y";;
l) ARTIFACT_KERNEL="y";;
o) ARTIFACT_DTB_OVERLAY="y";;
p) PLATFORM="${OPTARG}";;
esac
done
@ -54,6 +55,7 @@ Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image
-d sign/encrypt DTB
-i sign/encrypt initramfs
-l sign/encrypt Linux image
-o sign/encrypt DTB overlay
Supported platforms: ccimx6, ccimx6ul, ccimx8x, ccimx8mn
@ -112,9 +114,11 @@ fi
[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
# bootscripts are loaded to $loadaddr, just like the kernel
[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
# DTB overlays are loaded to $initrd_addr, just like the ramdisk
[ "${ARTIFACT_DTB_OVERLAY}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}"
if [ -z "${CONFIG_RAM_START}" ]; then
echo "Specify the type of image to process (-b, -i, -d, or -l)"
echo "Specify the type of image to process (-b, -i, -d, -l, or -o)"
exit 1
fi

6
meta-digi-arm/recipes-kernel/linux/linux-dey.inc
View File

@ -53,7 +53,11 @@ trustfence_sign() {
DTB_IMAGE="${DTB_BASE_NAME}-${KERNEL_IMAGE_NAME}.${DTB_EXT}"
TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
if [ "${DTB_EXT}" = "dtbo" ]; then
trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -o "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
else
trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
fi
mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
done
}