trustfence: repurpose TRUSTFENCE_GPIO_ENABLE to contain the GPIO name
Now all platforms support setting the GPIO name instead of an index as the configuration for the GPIO-enabled secure console. Repurpose the TRUSTFENCE_GPIO_ENABLE macro to directly set the GPIO name. Also take the opportunity to remove TRUSTFENCE_GPIO_ENABLE and TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE commented definitions from bbclass and conf files, and remove a duplicated TRUSTFENCE_CONSOLE_DISABLE definition from ccmp1.inc. Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit is contained in:
Gonzalo Ruiz
parent
7355aeaa96
commit
654df8bd50
|
|
@ -166,10 +166,6 @@ BOOTABLE_ARTIFACTS = " \
|
||||||
fip/fip-ccmp13-dvk-256MB-optee.bin \
|
fip/fip-ccmp13-dvk-256MB-optee.bin \
|
||||||
"
|
"
|
||||||
|
|
||||||
# TRUSTFENCE basic support
|
|
||||||
# Alternatively, uncommment to enable the console with the specified GPIO
|
|
||||||
# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOA5"
|
|
||||||
|
|
||||||
# Default overlayfs_etc mount point and type
|
# Default overlayfs_etc mount point and type
|
||||||
OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data"
|
OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data"
|
||||||
OVERLAYFS_ETC_DEVICE ?= "ubi1:data"
|
OVERLAYFS_ETC_DEVICE ?= "ubi1:data"
|
||||||
|
|
|
||||||
|
|
@ -179,10 +179,6 @@ BOOTABLE_ARTIFACTS = " \
|
||||||
fip/fip-ccmp15-dvk-1GB-optee.bin \
|
fip/fip-ccmp15-dvk-1GB-optee.bin \
|
||||||
"
|
"
|
||||||
|
|
||||||
# TRUSTFENCE basic support
|
|
||||||
# Alternatively, uncommment to enable the console with the specified GPIO
|
|
||||||
# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOB6"
|
|
||||||
|
|
||||||
# Default overlayfs_etc mount point and type
|
# Default overlayfs_etc mount point and type
|
||||||
OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data"
|
OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data"
|
||||||
OVERLAYFS_ETC_DEVICE ?= "ubi1:data"
|
OVERLAYFS_ETC_DEVICE ?= "ubi1:data"
|
||||||
|
|
|
||||||
|
|
@ -74,12 +74,6 @@ WKS_FILE_DEPENDS ?= " \
|
||||||
${@bb.utils.contains('BOOTSCHEME_LABELS', 'optee', 'virtual/optee-os', '', d)} \
|
${@bb.utils.contains('BOOTSCHEME_LABELS', 'optee', 'virtual/optee-os', '', d)} \
|
||||||
"
|
"
|
||||||
|
|
||||||
# Default secure console configuration
|
|
||||||
TRUSTFENCE_CONSOLE_DISABLE ?= "0"
|
|
||||||
|
|
||||||
# Alternatively, uncommment to enable the console autoboot stop passphrase
|
|
||||||
# TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = ""
|
|
||||||
|
|
||||||
# Disable the generation of flashlayout files
|
# Disable the generation of flashlayout files
|
||||||
ENABLE_FLASHLAYOUT_CONFIG = "0"
|
ENABLE_FLASHLAYOUT_CONFIG = "0"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,12 +14,6 @@ TRUSTFENCE_ENABLED = "1"
|
||||||
# Default secure console configuration
|
# Default secure console configuration
|
||||||
TRUSTFENCE_CONSOLE_DISABLE ?= "0"
|
TRUSTFENCE_CONSOLE_DISABLE ?= "0"
|
||||||
|
|
||||||
# Uncomment to enable the console with the specified passphrase
|
|
||||||
#TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "my_secure_passphrase"
|
|
||||||
|
|
||||||
# Alternatively, uncommment to enable the console with the specified GPIO
|
|
||||||
#TRUSTFENCE_CONSOLE_GPIO_ENABLE = "4"
|
|
||||||
|
|
||||||
# Default secure boot configuration
|
# Default secure boot configuration
|
||||||
TRUSTFENCE_SIGN ?= "1"
|
TRUSTFENCE_SIGN ?= "1"
|
||||||
TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
|
TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
|
||||||
|
|
@ -161,16 +155,12 @@ python () {
|
||||||
elif (d.getVar("DEY_SOC_VENDOR") == "STM"):
|
elif (d.getVar("DEY_SOC_VENDOR") == "STM"):
|
||||||
d.appendVar("UBOOT_TF_CONF", 'CONFIG_AUTOBOOT_KEYED=y CONFIG_AUTOBOOT_ENCRYPTION=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_SHA256="%s" ' % passphrase_hash)
|
d.appendVar("UBOOT_TF_CONF", 'CONFIG_AUTOBOOT_KEYED=y CONFIG_AUTOBOOT_ENCRYPTION=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_SHA256="%s" ' % passphrase_hash)
|
||||||
elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"):
|
elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"):
|
||||||
|
d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"))
|
||||||
if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
|
if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
|
||||||
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"))
|
if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_ACTIVE_LOW"):
|
||||||
if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME"):
|
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW=y ")
|
||||||
d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME"))
|
else:
|
||||||
if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_ACTIVE_LOW"):
|
d.appendVar("UBOOT_TF_CONF", '"# CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW is not set" ')
|
||||||
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW=y ")
|
|
||||||
else:
|
|
||||||
d.appendVar("UBOOT_TF_CONF", '"# CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW is not set" ')
|
|
||||||
elif (d.getVar("DEY_SOC_VENDOR") == "STM"):
|
|
||||||
d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME"))
|
|
||||||
|
|
||||||
# Secure boot configuration
|
# Secure boot configuration
|
||||||
if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):
|
if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue