trustfence: define new type of image for signed/encrypted ramdisks

Also change the image type of dey-image-trustfence-initramfs. https://jira.digi.com/browse/DUB-615 Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
2016-09-19 16:34:38 +02:00 · 2016-09-19 16:34:38 +02:00 · 7a02e1b00a
parent c1d2ee02f5
commit 7a02e1b00a
3 changed files with 22 additions and 4 deletions
--- a/meta-digi-arm/classes/image_types_digi.bbclass
+++ b/meta-digi-arm/classes/image_types_digi.bbclass
@ -29,8 +29,8 @@ IMAGE_CMD_boot.vfat() {

 	# Add Trustfence initramfs if enabled
 	if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then
-		BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot)"
-		BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot"
+		BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf)"
+		BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf"
 	fi

 	# Size of kernel and device tree + 10% extra space (in bytes)
@ -130,6 +130,24 @@ IMAGE_CMD_rootfs.initramfs() {
 }
 IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz"

+IMAGE_CMD_cpio.gz.u-boot.tf() {
+	#
+	# Image generation code for image type 'cpio.gz.u-boot.tf'
+	# (signed/encrypted ramdisk)
+	#
+	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		# Set environment variables for trustfence configuration
+		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
+		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
+		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
+
+		# Sign/encrypt the ramdisk
+		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf"
+	fi
+}
+
+IMAGE_TYPEDEP_cpio.gz.u-boot.tf = "cpio.gz.u-boot"
+
 # Set alignment to 4MB [in KiB]
 IMAGE_ROOTFS_ALIGNMENT = "4096"

--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
@ -101,7 +101,7 @@ TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}"

 def tf_bootscript_sedfilter(d):
    tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or ""
-    return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot" % tf_initramfs if tf_initramfs else ""
+    return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf" % tf_initramfs if tf_initramfs else ""

 do_deploy_append() {
 	# Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form:
--- a/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb
+++ b/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb
@ -11,7 +11,7 @@ PACKAGE_INSTALL = " \
 IMAGE_FEATURES = ""
 IMAGE_LINGUAS = ""

-IMAGE_FSTYPES = "cpio.gz.u-boot"
+IMAGE_FSTYPES = "cpio.gz.u-boot.tf"
 inherit core-image image_types_uboot

 IMAGE_ROOTFS_SIZE = "8192"