From 437dd8a331630bdc02a840592109800c41e8bf04 Mon Sep 17 00:00:00 2001
From: Hector Palacios <hector.palacios@digi.com>
Date: Mon, 15 May 2023 13:04:48 +0200
Subject: [PATCH] tf-a-stm32mp: add 'w' permission to signed TF-A

By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
---
 .../recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend
index a61ec3710..fab4ddbb6 100644
--- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend
+++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend
@@ -63,6 +63,8 @@ tfa_sign() {
 					TF_A_FILENAME="${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}"
 					if [ -f "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" ]; then
 						trustfence-sign-artifact.sh -p "${DIGI_SOM}" -t "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}_signed"
+						# the generated artifact lacks 'w' permission which prevents deletion by the build system
+						chmod u+w "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}_signed"
 					fi
 				esac
 			done # for file_type in ${tfa_file_type}