From 7c1ab668353796dd377b73dbabbc85744ced55c8 Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Wed, 24 Nov 2021 10:37:33 +0100 Subject: [PATCH] trustfence: avoid encryption of read-only SQUASHFS SQUASHFS read-only rootfs cannot be unencrypted on-the-fly so skip encryption if read-only-rootfs is active. Signed-off-by: Hector Palacios --- meta-digi-dey/classes/trustfence.bbclass | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 62c36faf7..c244a0d5a 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -104,7 +104,10 @@ python () { d.setVar("TRUSTFENCE_ENCRYPT_PARTITIONS", "1"); # Enable the trustfence initramfs if and only if partition encryption is enabled - if (d.getVar("TRUSTFENCE_ENCRYPT_PARTITIONS", True) == "1" and d.getVar("STORAGE_MEDIA", True) == "mmc"): + # and not using a read-only rootfs + if (d.getVar("TRUSTFENCE_ENCRYPT_PARTITIONS", True) == "1" and \ + d.getVar("STORAGE_MEDIA", True) == "mmc" and \ + d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS", True) == "0"): d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", "dey-image-trustfence-initramfs"); else: d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", "");