diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.4.1.bb similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb rename to meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.4.1.bb diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1.inc similarity index 59% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1.inc index 015ea103c..5a460989a 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1.inc @@ -1,44 +1,38 @@ -# Copyright (C) 2017-2023, Digi International Inc. +# Copyright (C) 2017-2024, Digi International Inc. SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" DESCRIPTION = "Provides software code signing support designed for use with \ i.MX processors that integrate the HAB library in the internal boot ROM." HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530" +LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=14aba05f9fa6c25527297c8aac95fcf6" -DEPENDS = "byacc-native flex-native" - -OPENSSL1_VERSION = "1.1.1t" +DEPENDS = "byacc-native flex-native openssl" SRC_URI = " \ ${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \ - https://www.openssl.org/source/openssl-${OPENSSL1_VERSION}.tar.gz;name=openssl \ file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \ file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \ file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \ " -SRC_URI[cst.md5sum] = "4b9fccac381fa412cba8ba7028c154c7" -SRC_URI[cst.sha256sum] = "517b11dca181e8c438a6249f56f0a13a0eb251b30e690760be3bf6191ee06c68" -SRC_URI[openssl.md5sum] = "1cfee919e0eac6be62c88c5ae8bcd91e" -SRC_URI[openssl.sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b" +SRC_URI[cst.md5sum] = "b23ed5983734d4812fcf1da33eac8f31" +SRC_URI[cst.sha256sum] = "0715fffe43d82708696af3f5d721bf36edd1d9be1ec482f21b9f1c48bc699097" S = "${WORKDIR}/cst-${PV}" EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"' do_compile() { - cd code/cst - oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 openssl - oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 os_bin + oe_runmake -C code/obj.linux64 OSTYPE=linux64 ENCRYPTION=yes COPTIONS="${CFLAGS} ${CPPFLAGS}" LDOPTIONS="${LDFLAGS}" } do_install() { install -d ${D}${bindir} - install -m 0755 code/cst/code/obj.linux64/cst ${D}${bindir} - install -m 0755 code/cst/code/obj.linux64/srktool ${D}${bindir} + install -m 0755 code/obj.linux64/cst ${D}${bindir} + install -m 0755 code/obj.linux64/mac_dump ${D}${bindir} + install -m 0755 code/obj.linux64/srktool ${D}${bindir} if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch similarity index 68% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch index d6a0b0327..c422bf853 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch @@ -14,14 +14,14 @@ https://jira.digi.com/browse/DUB-608 Signed-off-by: Diaz de Grenu, Jose --- - code/cst/code/back_end-ssl/src/adapt_layer_openssl.c | 1 + + code/back_end-ssl/src/adapt_layer_openssl.c | 1 + 1 file changed, 1 insertion(+) -diff --git a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c -index d8df54e..86e7e4f 100755 ---- a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c -+++ b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c -@@ -1231,6 +1231,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, +diff --git a/code/back_end-ssl/src/adapt_layer_openssl.c b/code/back_end-ssl/src/adapt_layer_openssl.c +index 74a707f..da4df42 100644 +--- a/code/back_end-ssl/src/adapt_layer_openssl.c ++++ b/code/back_end-ssl/src/adapt_layer_openssl.c +@@ -1211,6 +1211,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, printf("\n"); #endif if (0 == key_init_done) { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0002-openssl_helper-use-dev-urandom-as-seed-source.patch similarity index 63% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0002-openssl_helper-use-dev-urandom-as-seed-source.patch index 489631960..ac0ba8359 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0002-openssl_helper-use-dev-urandom-as-seed-source.patch @@ -8,14 +8,14 @@ Upstream-Status: Inappropriate [DEY specific] Signed-off-by: Diaz de Grenu, Jose --- - code/cst/code/common/src/openssl_helper.c | 2 +- + code/common/src/openssl_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/code/cst/code/common/src/openssl_helper.c b/code/cst/code/common/src/openssl_helper.c -index 1e1131b..918c82e 100755 ---- a/code/cst/code/common/src/openssl_helper.c -+++ b/code/cst/code/common/src/openssl_helper.c -@@ -404,7 +404,7 @@ void print_version(void) +diff --git a/code/common/src/openssl_helper.c b/code/common/src/openssl_helper.c +index c6b5292..c2ff0ca 100644 +--- a/code/common/src/openssl_helper.c ++++ b/code/common/src/openssl_helper.c +@@ -380,7 +380,7 @@ void print_version(void) ---------------------------*/ uint32_t seed_prng(uint32_t bytes) { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.4.1.bb similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.4.1.bb