trustfence-sign-artifact.sh: remove CONFIG_SIGN_MODE as a mandatory parameter

The sign mode needed for each platform is invariable, and since the platform is already a mandatory parameter for the script, we can store this information implicitly. Reflect this change in every recipe where the script is used, but keep the variable at the Yocto level since it's still needed in several places. https://onedigi.atlassian.net/browse/DEL-7862 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2022-03-22 12:41:32 +01:00 · 2022-03-22 12:41:32 +01:00 · 54ddb775c4
parent 712907b1c3
commit 54ddb775c4
5 changed files with 7 additions and 13 deletions
--- a/meta-digi-arm/classes/image_types_digi.bbclass
+++ b/meta-digi-arm/classes/image_types_digi.bbclass
@ -205,7 +205,6 @@ trustence_sign_cpio() {
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 		[ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
 		# Sign/encrypt the ramdisk
 		trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -i "${1}" "${1}.tf"
@ -228,7 +227,6 @@ rootfs_sign() {
        # Set environment variables for trustfence configuration
        export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
        [ -n "${CONFIG_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
        [ -n "${CONFIG_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
        ROOTFS_IMAGE="${IMGDEPLOYDIR}/${IMAGE_NAME}.rootfs.squashfs"
        TMP_ROOTFS_IMAGE_SIGNED="$(mktemp ${ROOTFS_IMAGE}-signed.XXXXXX)"
--- a/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc
+++ b/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc
@ -1,4 +1,4 @@
-# Copyright (C) 2018 Digi International
+# Copyright (C) 2018-2022 Digi International
 require recipes-bsp/u-boot/u-boot.inc
@ -196,7 +196,6 @@ do_deploy_append() {
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 		[ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
 		# Sign boot script
 		TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)"
--- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
+++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
@ -3,7 +3,7 @@
 #
 #  trustfence-sign-artifact.sh
 #
-#  Copyright (C) 2016-2021 by Digi International Inc.
+#  Copyright (C) 2016-2022 by Digi International Inc.
 #  All rights reserved.
 #
 #  This program is free software; you can redistribute it and/or modify it
@ -16,7 +16,6 @@
 #
 #    The following environment variables define the script behaviour:
 #      CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated.
 #      CONFIG_SIGN_MODE: (mandatory) Signing method: HAB/AHAB
 #      CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0.
 #      CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate
 #			encrypted images
@ -80,10 +79,6 @@ if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then
 	exit 1
 fi
 [ -d "${CONFIG_SIGN_KEYS_PATH}" ] || mkdir "${CONFIG_SIGN_KEYS_PATH}"
 if [ -z "${CONFIG_SIGN_MODE}" ]; then
 	echo "Undefined CONFIG_SIGN_MODE";
 	exit 1
 fi
 # Get RAM_START address
 if [ "${PLATFORM}" = "ccimx6" ]; then
@ -91,20 +86,24 @@ if [ "${PLATFORM}" = "ccimx6" ]; then
 	CONFIG_RAMDISK_LOADADDR="0x19000000"
 	CONFIG_KERNEL_LOADADDR="0x12000000"
 	CONFIG_CSF_SIZE="0x4000"
 	CONFIG_SIGN_MODE="HAB"
 elif [ "${PLATFORM}" = "ccimx6ul" ]; then
 	CONFIG_FDT_LOADADDR="0x83000000"
 	CONFIG_RAMDISK_LOADADDR="0x83800000"
 	CONFIG_KERNEL_LOADADDR="0x80800000"
 	CONFIG_CSF_SIZE="0x4000"
 	CONFIG_SIGN_MODE="HAB"
 elif [ "${PLATFORM}" = "ccimx8x" ]; then
 	CONFIG_FDT_LOADADDR="0x82000000"
 	CONFIG_RAMDISK_LOADADDR="0x82100000"
 	CONFIG_KERNEL_LOADADDR="0x80280000"
 	CONFIG_SIGN_MODE="AHAB"
 elif [ "${PLATFORM}" = "ccimx8mn" ] || [ "${PLATFORM}" = "ccimx8mm" ]; then
 	CONFIG_FDT_LOADADDR="0x43000000"
 	CONFIG_RAMDISK_LOADADDR="0x43800000"
 	CONFIG_KERNEL_LOADADDR="0x40480000"
 	CONFIG_CSF_SIZE="0x2000"
 	CONFIG_SIGN_MODE="HAB"
 else
 	echo "Invalid platform: ${PLATFORM}"
 	echo "Supported platforms: ccimx6, ccimx6ul, ccimx8x, ccimx8mn, ccimx8mm"
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.10.bb
@ -23,7 +23,6 @@ trustfence_sign() {
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 	[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 	[ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
 	# Sign/encrypt the kernel images
 	for type in ${KERNEL_IMAGETYPES}; do
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.4.bb
@ -1,4 +1,4 @@
-# Copyright (C) 2013-2020 Digi International
+# Copyright (C) 2013-2022 Digi International
 SUMMARY = "Linux kernel for Digi boards"
 LICENSE = "GPLv2"
@ -23,7 +23,6 @@ trustfence_sign() {
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 	[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 	[ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
 	# Sign/encrypt the kernel images
 	for type in ${KERNEL_IMAGETYPES}; do