trustfence: rename variables related to FIT image signing

Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.

Rename the variables so that it's easier to identify the platforms/vendors they
affect:

    * Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
    * Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP

Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>

meta-digi-arm/classes/image_types_digi.bbclass

@@ -221,7 +221,7 @@ trustence_sign_cpio() {
 	# Image generation code for image type 'cpio.gz.u-boot.tf'
 	# (signed/encrypted ramdisk)
 	#
-	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ] && [ "${TRUSTFENCE_SIGN_FIT_ARTIFACT}" = "0" ]; then
+	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ] && [ "${TRUSTFENCE_SIGN_FIT_NXP}" = "0" ]; then
 		# Set environment variables for trustfence configuration
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"

meta-digi-arm/conf/machine/ccmp13-dvk.conf

@@ -111,7 +111,7 @@ OPTEE_CONF = "${STM32MP_DEVICETREE}"
 # =========================================================================
 # Kernel
 # =========================================================================
-KERNEL_IMAGETYPE = "${@bb.utils.contains('TRUSTFENCE_FIT_IMG', '1', 'fitImage', 'zImage', d)}"
+KERNEL_IMAGETYPE = "${@bb.utils.contains('TRUSTFENCE_SIGN_FIT_STM', '1', 'fitImage', 'zImage', d)}"
 KERNEL_CLASSES = "kernel-fitimage"
 KERNEL_ALT_IMAGETYPE = "Image vmlinux"
 KERNEL_DEFCONFIG ?= "arch/arm/configs/ccmp1_defconfig"

meta-digi-arm/conf/machine/ccmp15-dvk.conf

@@ -122,7 +122,7 @@ OPTEE_CONF = "${STM32MP_DEVICETREE}"
 # =========================================================================
 # Kernel
 # =========================================================================
-KERNEL_IMAGETYPE = "${@bb.utils.contains('TRUSTFENCE_FIT_IMG', '1', 'fitImage', 'zImage', d)}"
+KERNEL_IMAGETYPE = "${@bb.utils.contains('TRUSTFENCE_SIGN_FIT_STM', '1', 'fitImage', 'zImage', d)}"
 KERNEL_CLASSES = "kernel-fitimage"
 KERNEL_ALT_IMAGETYPE = "Image vmlinux"
 KERNEL_DEFCONFIG ?= "arch/arm/configs/ccmp1_defconfig"

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc

@@ -118,7 +118,7 @@ build_uboot_scripts() {
 	rm -f ${TMP_BOOTSCR}
 
 	# Sign the boot script if not contained in a FIT image
-	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ] && [ "${TRUSTFENCE_SIGN_FIT_ARTIFACT}" = "0" ]; then
+	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ] && [ "${TRUSTFENCE_SIGN_FIT_NXP}" = "0" ]; then
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_SRK_REVOKE_MASK}" ] && export SRK_REVOKE_MASK="${TRUSTFENCE_SRK_REVOKE_MASK}"

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb

@@ -10,7 +10,7 @@ SRCBRANCH = "v2021.10/master"
 SRCREV = "${AUTOREV}"
 
 SRC_URI += " \
-    ${@oe.utils.conditional('TRUSTFENCE_FIT_IMG', '1', 'file://fit_signature.cfg', '', d)} \
+    ${@oe.utils.conditional('TRUSTFENCE_SIGN_FIT_STM', '1', 'file://fit_signature.cfg', '', d)} \
 "
 
 install_helper_files() {

meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc

@@ -32,7 +32,7 @@ trustfence_sign() {
 	done
 
 	# For FIT images there is no need to sign the rest of artifacts
-	[ "${TRUSTFENCE_SIGN_FIT_ARTIFACT}" = "1" ] && return 0
+	[ "${TRUSTFENCE_SIGN_FIT_NXP}" = "1" ] && return 0
 
 	# Sign/encrypt the device tree blobs
 	for DTB in ${KERNEL_DEVICETREE}; do

meta-digi-dey/classes/trustfence.bbclass

@@ -32,7 +32,7 @@ TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0"
 TRUSTFENCE_KEY_INDEX ?= "0"
 TRUSTFENCE_SIGN_ARTIFACTS = "1"
 TRUSTFENCE_SIGN_ARTIFACTS:ccmp1 = "0"
-TRUSTFENCE_FIT_IMG:ccmp1 ?= "1"
+TRUSTFENCE_SIGN_FIT_STM:ccmp1 ?= "1"
 
 # Partition encryption configuration
 TRUSTFENCE_ENCRYPT_PARTITIONS ?= "1"
@@ -48,8 +48,8 @@ TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-onl
 #
 
 # NXP-based sign a FIT-format boot artifact
-TRUSTFENCE_SIGN_FIT_ARTIFACT = "0"
-TRUSTFENCE_SIGN_FIT_ARTIFACT:ccimx93 = "${TRUSTFENCE_SIGN_ARTIFACTS}"
+TRUSTFENCE_SIGN_FIT_NXP = "0"
+TRUSTFENCE_SIGN_FIT_NXP:ccimx93 = "${TRUSTFENCE_SIGN_ARTIFACTS}"
 
 IMAGE_FEATURES += "dey-trustfence"
 
@@ -183,7 +183,7 @@ python () {
         d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y ")
         if (d.getVar("TRUSTFENCE_SIGN_ARTIFACTS") == "1"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTH_ARTIFACTS=y ")
-            if (d.getVar("TRUSTFENCE_SIGN_FIT_ARTIFACT") == "1"):
+            if (d.getVar("TRUSTFENCE_SIGN_FIT_NXP") == "1"):
                 d.appendVar("UBOOT_TF_CONF", '"# CONFIG_CMD_BOOTI is not set" ')
                 d.appendVar("UBOOT_TF_CONF", '"# CONFIG_LEGACY_IMAGE_FORMAT is not set" ')
         if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
@@ -201,7 +201,7 @@ python () {
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
 
 
-        if (d.getVar("TRUSTFENCE_FIT_IMG") == "1"):
+        if (d.getVar("TRUSTFENCE_SIGN_FIT_STM") == "1"):
             # FIT-related variables
             # Create keys if not defined
             d.setVar("FIT_GENERATE_KEYS", "1")