swupdate: enable sign/verify support in swupdate when using trustfence

- The 'sign/verify' feature of swupdate can only be enabled/disabled at
  compile time, it cannot be configured at run time.
- The 'sign/verify' defconfig file is only used  when the images to
  build are configured with 'TRUSTFENCE_SIGN=1'
- This change implies that all swupdate packages generated will have a
  hash for the images to install and will be verified. Sign support is
  only enabled for trustfence images.

https://jira.digi.com/browse/DEL-3773

Signed-off-by: David Escalona <david.escalona@digi.com>

meta-digi-dey/recipes-support/swupdate/swupdate/defconfig

@@ -35,7 +35,7 @@ CONFIG_EXTRA_LDLIBS=""
 # CONFIG_WERROR is not set
 # CONFIG_NOCLEANUP is not set
 # CONFIG_DOWNLOAD is not set
-# CONFIG_HASH_VERIFY is not set
+CONFIG_HASH_VERIFY=y
 # CONFIG_SIGNED_IMAGES is not set
 # CONFIG_ENCRYPTED_IMAGES is not set
 # CONFIG_SURICATTA is not set

meta-digi-dey/recipes-support/swupdate/swupdate_2017.01.bbappend

@@ -2,6 +2,15 @@
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 
+do_configure_append() {
+	# If Trustfence is enabled, enable the signing support in the
+	# '.config' file.
+	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		echo "CONFIG_SIGNED_IMAGES=y" >> ${S}/.config
+		cml1_do_configure
+	fi
+}
+
 do_install_append() {
 	# Copy the 'progress' binary.
 	install -d ${D}${bindir}/