diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 6ec8d054e..f4fa2b2cc 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -25,8 +25,9 @@ TRUSTFENCE_DEK_PATH ?= "default" TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1" TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0" -# Trustfence initramfs image recipe -TRUSTFENCE_INITRAMFS_IMAGE ?= "dey-image-trustfence-initramfs" +# Partition encryption configuration +TRUSTFENCE_ENCRYPT_PARTITIONS ?= "1" +TRUSTFENCE_ENCRYPT_ROOTFS ?= "1" IMAGE_FEATURES += "dey-trustfence" @@ -92,4 +93,14 @@ python () { # Set the key password. d.setVar("SWUPDATE_PASSWORD_FILE", keys_path + "/keys/key_pass.txt") + + # Enable partition encryption if rootfs encryption is enabled + if (d.getVar("TRUSTFENCE_ENCRYPT_ROOTFS", True) == "1"): + d.setVar("TRUSTFENCE_ENCRYPT_PARTITIONS", "1"); + + # Enable the trustfence initramfs if and only if partition encryption is enabled + if (d.getVar("TRUSTFENCE_ENCRYPT_PARTITIONS", True) == "1"): + d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", "dey-image-trustfence-initramfs"); + else: + d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", ""); } diff --git a/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend b/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend index 31e072038..4adb075d2 100644 --- a/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend +++ b/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend @@ -1,4 +1,4 @@ -# Copyright (C) 2013-2019 Digi International. +# Copyright (C) 2013-2021 Digi International. FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" @@ -38,7 +38,7 @@ pkg_postinst_ontarget_${PN}() { fi # Disable file system check when rootfs is encrypted - if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then + if [ "${TRUSTFENCE_ENCRYPT_ROOTFS}" = "1" ]; then for arg in $(cat /proc/cmdline); do case "${arg}" in root=*) eval ${arg};; diff --git a/meta-digi-dey/recipes-digi/swu-images/swu.inc b/meta-digi-dey/recipes-digi/swu-images/swu.inc index d744e160b..e16529718 100644 --- a/meta-digi-dey/recipes-digi/swu-images/swu.inc +++ b/meta-digi-dey/recipes-digi/swu-images/swu.inc @@ -1,14 +1,14 @@ -# Copyright (C) 2016-2020 Digi International Inc. +# Copyright (C) 2016-2021 Digi International Inc. SUMMARY = "Generate update package for SWUpdate" SECTION = "base" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" SRC_URI = "file://sw-description" -SRC_URI_append_ccimx6 = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), 'file://preinstall_swu.sh', '')}" -SRC_URI_append_ccimx6ul = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '', 'file://preinstall_swu.sh')}" -SRC_URI_append_ccimx8x = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), 'file://preinstall_swu.sh', '')}" -SRC_URI_append_ccimx8m = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), 'file://preinstall_swu.sh', '')}" +SRC_URI_append_ccimx6 = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', 'file://preinstall_swu.sh', '')}" +SRC_URI_append_ccimx6ul = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '', 'file://preinstall_swu.sh')}" +SRC_URI_append_ccimx8x = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', 'file://preinstall_swu.sh', '')}" +SRC_URI_append_ccimx8m = " ${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', 'file://preinstall_swu.sh', '')}" inherit swupdate @@ -31,13 +31,13 @@ ROOTFS_DEV_NAME ?= "/dev/mmcblk0p3" ROOTFS_DEV_NAME_ccimx6ul ?= "rootfs" ROOTFS_ENC_DEV = "/dev/mapper/cryptrootfs" ROOTFS_ENC_DEV_ccimx6ul = "${ROOTFS_DEV_NAME}" -ROOTFS_DEV_NAME_FINAL = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '${ROOTFS_ENC_DEV}', '${ROOTFS_DEV_NAME}')}" +ROOTFS_DEV_NAME_FINAL = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '${ROOTFS_ENC_DEV}', '${ROOTFS_DEV_NAME}')}" PREINST_SCRIPT_TEMPLATE = "scripts: ( { filename = \\"preinstall_swu.sh\\"; type = \\"preinstall\\"; sha256 = \\"@preinstall_swu.sh\\"; \\x7D );" PREINST_SCRIPT_DESC = "" -PREINST_SCRIPT_DESC_ccimx6 = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '${PREINST_SCRIPT_TEMPLATE}', '')}" -PREINST_SCRIPT_DESC_ccimx6ul = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '', '${PREINST_SCRIPT_TEMPLATE}')}" -PREINST_SCRIPT_DESC_ccimx8x = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '${PREINST_SCRIPT_TEMPLATE}', '')}" -PREINST_SCRIPT_DESC_ccimx8m = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_INITRAMFS_IMAGE', True), '${PREINST_SCRIPT_TEMPLATE}', '')}" +PREINST_SCRIPT_DESC_ccimx6 = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '${PREINST_SCRIPT_TEMPLATE}', '')}" +PREINST_SCRIPT_DESC_ccimx6ul = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '', '${PREINST_SCRIPT_TEMPLATE}')}" +PREINST_SCRIPT_DESC_ccimx8x = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '${PREINST_SCRIPT_TEMPLATE}', '')}" +PREINST_SCRIPT_DESC_ccimx8m = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '${PREINST_SCRIPT_TEMPLATE}', '')}" python () { img_fstypes = d.getVar('BOOTFS_EXT', True) + " " + d.getVar('ROOTFS_EXT', True)