Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: define new type of image for signed/encrypted ramdisks 

Also change the image type of dey-image-trustfence-initramfs.

https://jira.digi.com/browse/DUB-615

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This commit is contained in:
Diaz de Grenu, Jose 2016-09-19 16:34:38 +02:00
parent c1d2ee02f5
commit 7a02e1b00a
3 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
meta-digi-arm/classes/image_types_digi.bbclass
View File

@ -29,8 +29,8 @@ IMAGE_CMD_boot.vfat() {
# Add Trustfence initramfs if enabled # Add Trustfence initramfs if enabled
if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then
BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot)" BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf)"
BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot" BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf"
fi fi
# Size of kernel and device tree + 10% extra space (in bytes) # Size of kernel and device tree + 10% extra space (in bytes)
@ -130,6 +130,24 @@ IMAGE_CMD_rootfs.initramfs() {
} }
IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz" IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz"
IMAGE_CMD_cpio.gz.u-boot.tf() {
#
# Image generation code for image type 'cpio.gz.u-boot.tf'
# (signed/encrypted ramdisk)
#
if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
# Set environment variables for trustfence configuration
export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
# Sign/encrypt the ramdisk
"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf"
fi
}
IMAGE_TYPEDEP_cpio.gz.u-boot.tf = "cpio.gz.u-boot"
# Set alignment to 4MB [in KiB] # Set alignment to 4MB [in KiB]
IMAGE_ROOTFS_ALIGNMENT = "4096" IMAGE_ROOTFS_ALIGNMENT = "4096"

2
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
View File

@ -101,7 +101,7 @@ TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}"
def tf_bootscript_sedfilter(d): def tf_bootscript_sedfilter(d):
tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or "" tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or ""
return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot" % tf_initramfs if tf_initramfs else "" return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf" % tf_initramfs if tf_initramfs else ""
do_deploy_append() { do_deploy_append() {
# Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form: # Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form:

2
meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb
View File

@ -11,7 +11,7 @@ PACKAGE_INSTALL = " \
IMAGE_FEATURES = "" IMAGE_FEATURES = ""
IMAGE_LINGUAS = "" IMAGE_LINGUAS = ""
IMAGE_FSTYPES = "cpio.gz.u-boot" IMAGE_FSTYPES = "cpio.gz.u-boot.tf"
inherit core-image image_types_uboot inherit core-image image_types_uboot
IMAGE_ROOTFS_SIZE = "8192" IMAGE_ROOTFS_SIZE = "8192"