Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence-cst: update to cst 3.4.1 

Now that the tool supports OpenSSL 3.2.3, the same version provided by Yocto
5.0 poky, we can simply use the regular Yocto version of the package and link
to it dynamically instead of building a separate version specific for the tool.
Reflect this change in the recipe and include the new binary "mac_dump" in the
package.

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit is contained in:
Gabriel Valcazar 2024-10-25 13:53:51 +02:00
parent f02d6f9f3c
commit 401e99d3f0
7 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb → meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.4.1.bb
View File

24
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1.inc
View File

@ -1,44 +1,38 @@
# Copyright (C) 2017-2023, Digi International Inc. # Copyright (C) 2017-2024, Digi International Inc.
SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
DESCRIPTION = "Provides software code signing support designed for use with \ DESCRIPTION = "Provides software code signing support designed for use with \
i.MX processors that integrate the HAB library in the internal boot ROM." i.MX processors that integrate the HAB library in the internal boot ROM."
HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
LICENSE = "BSD-3-Clause" LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530" LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=14aba05f9fa6c25527297c8aac95fcf6"
DEPENDS = "byacc-native flex-native" DEPENDS = "byacc-native flex-native openssl"
OPENSSL1_VERSION = "1.1.1t"
SRC_URI = " \ SRC_URI = " \
${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \ ${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \
https://www.openssl.org/source/openssl-${OPENSSL1_VERSION}.tar.gz;name=openssl \
file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \ file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \
file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \ file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \
file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \ file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \
" "
SRC_URI[cst.md5sum] = "4b9fccac381fa412cba8ba7028c154c7" SRC_URI[cst.md5sum] = "b23ed5983734d4812fcf1da33eac8f31"
SRC_URI[cst.sha256sum] = "517b11dca181e8c438a6249f56f0a13a0eb251b30e690760be3bf6191ee06c68" SRC_URI[cst.sha256sum] = "0715fffe43d82708696af3f5d721bf36edd1d9be1ec482f21b9f1c48bc699097"
SRC_URI[openssl.md5sum] = "1cfee919e0eac6be62c88c5ae8bcd91e"
SRC_URI[openssl.sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b"
S = "${WORKDIR}/cst-${PV}" S = "${WORKDIR}/cst-${PV}"
EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"' EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"'
do_compile() { do_compile() {
cd code/cst oe_runmake -C code/obj.linux64 OSTYPE=linux64 ENCRYPTION=yes COPTIONS="${CFLAGS} ${CPPFLAGS}" LDOPTIONS="${LDFLAGS}"
oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 openssl
oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 os_bin
} }
do_install() { do_install() {
install -d ${D}${bindir} install -d ${D}${bindir}
install -m 0755 code/cst/code/obj.linux64/cst ${D}${bindir} install -m 0755 code/obj.linux64/cst ${D}${bindir}
install -m 0755 code/cst/code/obj.linux64/srktool ${D}${bindir} install -m 0755 code/obj.linux64/mac_dump ${D}${bindir}
install -m 0755 code/obj.linux64/srktool ${D}${bindir}
if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then

12
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
View File

@ -14,14 +14,14 @@ https://jira.digi.com/browse/DUB-608
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com> Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
--- ---
code/cst/code/back_end-ssl/src/adapt_layer_openssl.c | 1 + code/back_end-ssl/src/adapt_layer_openssl.c | 1 +
1 file changed, 1 insertion(+) 1 file changed, 1 insertion(+)
diff --git a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c diff --git a/code/back_end-ssl/src/adapt_layer_openssl.c b/code/back_end-ssl/src/adapt_layer_openssl.c
index d8df54e..86e7e4f 100755 index 74a707f..da4df42 100644
--- a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c --- a/code/back_end-ssl/src/adapt_layer_openssl.c
+++ b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c +++ b/code/back_end-ssl/src/adapt_layer_openssl.c
@@ -1231,6 +1231,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, @@ -1211,6 +1211,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
printf("\n"); printf("\n");
#endif #endif
if (0 == key_init_done) { if (0 == key_init_done) {

12
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0002-openssl_helper-use-dev-urandom-as-seed-source.patch
View File

@ -8,14 +8,14 @@ Upstream-Status: Inappropriate [DEY specific]
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com> Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
--- ---
code/cst/code/common/src/openssl_helper.c | 2 +- code/common/src/openssl_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code/cst/code/common/src/openssl_helper.c b/code/cst/code/common/src/openssl_helper.c diff --git a/code/common/src/openssl_helper.c b/code/common/src/openssl_helper.c
index 1e1131b..918c82e 100755 index c6b5292..c2ff0ca 100644
--- a/code/cst/code/common/src/openssl_helper.c --- a/code/common/src/openssl_helper.c
+++ b/code/cst/code/common/src/openssl_helper.c +++ b/code/common/src/openssl_helper.c
@@ -404,7 +404,7 @@ void print_version(void) @@ -380,7 +380,7 @@ void print_version(void)
---------------------------*/ ---------------------------*/
uint32_t seed_prng(uint32_t bytes) uint32_t seed_prng(uint32_t bytes)
{ {

0
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch
View File

0
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch
View File

0
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.4.1.bb
View File