meta-digi: enable boot artifacts encryption support on ccimx93

Add a check on the existence of the "temp-fitimg-loaded" environment variable before setting it. It is needed, as with encrypted FIT images, we need to decrypt them before accessing the boot script. In such cases, u-boot sets that variable to "no" so the boot script does not override it, and the FIT image is loaded again before the final boot to the OS. https://onedigi.atlassian.net/browse/DEL-8945 Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2024-04-11 18:18:13 +02:00 · 2024-04-11 18:18:13 +02:00 · 3c26ef78e0
parent cc72882584
commit 3c26ef78e0
2 changed files with 1 additions and 2 deletions
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx93-dvk/boot.txt
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx93-dvk/boot.txt
@ -84,7 +84,7 @@ if test "${module_has_npu}" = "1" && test -z "${disable_npu}"; then
 	setenv overlays _ov_som_npu_ccimx93.dtbo,${overlays}
 fi

-if test "${dboot_kernel_var}" = "fitimage"; then
+if test "${dboot_kernel_var}" = "fitimage" && test -z "${temp-fitimg-loaded}"; then
 	# Set temp var to avoid re-loading fitimage
 	setenv temp-fitimg-loaded yes
 fi
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -24,7 +24,6 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0"
 TRUSTFENCE_SIGN ?= "1"
 TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
 TRUSTFENCE_DEK_PATH ?= "default"
-TRUSTFENCE_DEK_PATH:ccimx93 ?= "0"
 TRUSTFENCE_DEK_PATH:ccmp1 ?= "0"
 TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1"
 TRUSTFENCE_ENCRYPT_ENVIRONMENT:ccimx93 ?= "0"