diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 841bb663d..91ce923e0 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -205,7 +205,6 @@ trustence_sign_cpio() { export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - [ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}" # Sign/encrypt the ramdisk trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -i "${1}" "${1}.tf" @@ -228,7 +227,6 @@ rootfs_sign() { # Set environment variables for trustfence configuration export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" [ -n "${CONFIG_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" - [ -n "${CONFIG_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}" ROOTFS_IMAGE="${IMGDEPLOYDIR}/${IMAGE_NAME}.rootfs.squashfs" TMP_ROOTFS_IMAGE_SIGNED="$(mktemp ${ROOTFS_IMAGE}-signed.XXXXXX)" diff --git a/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc b/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc index 51cbeb728..3d2c7cc8f 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc +++ b/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc @@ -1,4 +1,4 @@ -# Copyright (C) 2018 Digi International +# Copyright (C) 2018-2022 Digi International require recipes-bsp/u-boot/u-boot.inc @@ -196,7 +196,6 @@ do_deploy_append() { export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - [ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}" # Sign boot script TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)" diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh index 28adac4c6..d8f0a1d0c 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh @@ -3,7 +3,7 @@ # # trustfence-sign-artifact.sh # -# Copyright (C) 2016-2021 by Digi International Inc. +# Copyright (C) 2016-2022 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -16,7 +16,6 @@ # # The following environment variables define the script behaviour: # CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated. -# CONFIG_SIGN_MODE: (mandatory) Signing method: HAB/AHAB # CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0. # CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate # encrypted images @@ -80,10 +79,6 @@ if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then exit 1 fi [ -d "${CONFIG_SIGN_KEYS_PATH}" ] || mkdir "${CONFIG_SIGN_KEYS_PATH}" -if [ -z "${CONFIG_SIGN_MODE}" ]; then - echo "Undefined CONFIG_SIGN_MODE"; - exit 1 -fi # Get RAM_START address if [ "${PLATFORM}" = "ccimx6" ]; then @@ -91,20 +86,24 @@ if [ "${PLATFORM}" = "ccimx6" ]; then CONFIG_RAMDISK_LOADADDR="0x19000000" CONFIG_KERNEL_LOADADDR="0x12000000" CONFIG_CSF_SIZE="0x4000" + CONFIG_SIGN_MODE="HAB" elif [ "${PLATFORM}" = "ccimx6ul" ]; then CONFIG_FDT_LOADADDR="0x83000000" CONFIG_RAMDISK_LOADADDR="0x83800000" CONFIG_KERNEL_LOADADDR="0x80800000" CONFIG_CSF_SIZE="0x4000" + CONFIG_SIGN_MODE="HAB" elif [ "${PLATFORM}" = "ccimx8x" ]; then CONFIG_FDT_LOADADDR="0x82000000" CONFIG_RAMDISK_LOADADDR="0x82100000" CONFIG_KERNEL_LOADADDR="0x80280000" + CONFIG_SIGN_MODE="AHAB" elif [ "${PLATFORM}" = "ccimx8mn" ] || [ "${PLATFORM}" = "ccimx8mm" ]; then CONFIG_FDT_LOADADDR="0x43000000" CONFIG_RAMDISK_LOADADDR="0x43800000" CONFIG_KERNEL_LOADADDR="0x40480000" CONFIG_CSF_SIZE="0x2000" + CONFIG_SIGN_MODE="HAB" else echo "Invalid platform: ${PLATFORM}" echo "Supported platforms: ccimx6, ccimx6ul, ccimx8x, ccimx8mn, ccimx8mm" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb index 2c12b929a..4a46988ad 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb @@ -23,7 +23,6 @@ trustfence_sign() { export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - [ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}" # Sign/encrypt the kernel images for type in ${KERNEL_IMAGETYPES}; do diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb index f9a5b1f3a..9c0f03d76 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb @@ -1,4 +1,4 @@ -# Copyright (C) 2013-2020 Digi International +# Copyright (C) 2013-2022 Digi International SUMMARY = "Linux kernel for Digi boards" LICENSE = "GPLv2" @@ -23,7 +23,6 @@ trustfence_sign() { export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - [ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}" # Sign/encrypt the kernel images for type in ${KERNEL_IMAGETYPES}; do