From 6c9341bd8a8db874480d03c8598edfbcd3bf4a18 Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Mon, 10 Feb 2020 13:22:56 +0100 Subject: [PATCH] trustfence: disable environment encryption for CC8X Environment encryption is not yet supported in U-Boot. Unset TRUSTFENCE_ENCRYPT_ENVIRONMENT on the machine configuration and remove the platform conditional on the class. Signed-off-by: Hector Palacios --- meta-digi-arm/conf/machine/include/ccimx8x.inc | 2 ++ meta-digi-dey/classes/trustfence.bbclass | 6 +----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/meta-digi-arm/conf/machine/include/ccimx8x.inc b/meta-digi-arm/conf/machine/include/ccimx8x.inc index 0ad9dfb4c..77d8d7a5d 100644 --- a/meta-digi-arm/conf/machine/include/ccimx8x.inc +++ b/meta-digi-arm/conf/machine/include/ccimx8x.inc @@ -78,6 +78,8 @@ MX8_SOC_VAR ?= "QX" # TrustFence TRUSTFENCE_SIGN_MODE = "AHAB" +# TODO: not yet supported +TRUSTFENCE_ENCRYPT_ENVIRONMENT = "0" # For Trustfence container header RAM locations RAM_CONTAINER_LOC_BOOT = "0x80280000" RAM_CONTAINER_LOC_DTB = "0x82000000" diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 229b31d98..0ef382baa 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -63,11 +63,7 @@ python () { if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in [None, "0"]): d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_DEK_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_DEK_PATH", True)) if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"): - if ("ccimx8x" in d.getVar("MACHINE", True)): - bb.fatal("Environment encryption is not currently supported on the ccimx8x SOM") - return - else: - d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y') + d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y') # Provide sane default values for SWUPDATE class in case Trustfence is enabled if (d.getVar("TRUSTFENCE_SIGN", True) == "1"):