From 7222c1d5bb3bd58134e2352374ea7abff7346704 Mon Sep 17 00:00:00 2001
From: David Escalona <david.escalona@digi.com>
Date: Wed, 1 Mar 2017 12:09:26 +0100
Subject: [PATCH] swupdate: enable sign/verify support in swupdate when using
 trustfence

- The 'sign/verify' feature of swupdate can only be enabled/disabled at
  compile time, it cannot be configured at run time.
- The 'sign/verify' defconfig file is only used  when the images to
  build are configured with 'TRUSTFENCE_SIGN=1'
- This change implies that all swupdate packages generated will have a
  hash for the images to install and will be verified. Sign support is
  only enabled for trustfence images.

https://jira.digi.com/browse/DEL-3773

Signed-off-by: David Escalona <david.escalona@digi.com>
---
 .../recipes-support/swupdate/swupdate/defconfig          | 2 +-
 .../recipes-support/swupdate/swupdate_2017.01.bbappend   | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta-digi-dey/recipes-support/swupdate/swupdate/defconfig b/meta-digi-dey/recipes-support/swupdate/swupdate/defconfig
index 009cfaf4c..9a5ab2f92 100644
--- a/meta-digi-dey/recipes-support/swupdate/swupdate/defconfig
+++ b/meta-digi-dey/recipes-support/swupdate/swupdate/defconfig
@@ -35,7 +35,7 @@ CONFIG_EXTRA_LDLIBS=""
 # CONFIG_WERROR is not set
 # CONFIG_NOCLEANUP is not set
 # CONFIG_DOWNLOAD is not set
-# CONFIG_HASH_VERIFY is not set
+CONFIG_HASH_VERIFY=y
 # CONFIG_SIGNED_IMAGES is not set
 # CONFIG_ENCRYPTED_IMAGES is not set
 # CONFIG_SURICATTA is not set
diff --git a/meta-digi-dey/recipes-support/swupdate/swupdate_2017.01.bbappend b/meta-digi-dey/recipes-support/swupdate/swupdate_2017.01.bbappend
index e5fae592d..b3af46683 100644
--- a/meta-digi-dey/recipes-support/swupdate/swupdate_2017.01.bbappend
+++ b/meta-digi-dey/recipes-support/swupdate/swupdate_2017.01.bbappend
@@ -2,6 +2,15 @@
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 
+do_configure_append() {
+	# If Trustfence is enabled, enable the signing support in the
+	# '.config' file.
+	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		echo "CONFIG_SIGNED_IMAGES=y" >> ${S}/.config
+		cml1_do_configure
+	fi
+}
+
 do_install_append() {
 	# Copy the 'progress' binary.
 	install -d ${D}${bindir}/