From 8293eddb5721f527e5e96dd04bd0874a0a50efd5 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Mon, 11 May 2026 12:25:02 +0200 Subject: [PATCH] tf-a-stm32mp: force verbose hexdump for FIP encryption key When TrustFence encryption is enabled, the TF-A recipe converts the binary FIP encryption key to a hexadecimal string and passes it to the TF-A build as ENC_KEY. hexdump suppresses repeated output by default and emits '*' when it folds duplicate data. If that happens while converting the key, the generated ENC_KEY contains the '*' marker instead of the full hex string. The malformed value then breaks the make command line, and make can interpret the remaining key fragment as a target, failing for example with: make ... ENC_KEY=13eb911dfcc316b1b99bbbbf10a7000c3055e863* 166d3c8c9cd6f888b720a9 all make: *** No rule to make target '166d3c8c9cd6f888b720a9'. Stop. Use hexdump -v so every byte of the binary key is emitted and ENC_KEY is always a complete, contiguous hex string. https://onedigi.atlassian.net/browse/DEL-10115 Signed-off-by: Javier Viguera --- .../recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend index 539664690..2c0125e4e 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend @@ -212,7 +212,7 @@ do_compile() { # The encryption key is already available in hexadecimal format, so just extract it from file encrypt_key="$(cat ${encrypt_key})" else - encrypt_key="$(hexdump -e '/1 "%02x"' ${encrypt_key})" + encrypt_key="$(hexdump -ve '/1 "%02x"' "${encrypt_key}")" fi encrypt_extra_opt="ENC_KEY=${encrypt_key}" fi