meta-digi-arm: add recipe for the Code Signing Tools

NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).

As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.

https://jira.digi.com/browse/DUB-618

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch

@@ -0,0 +1,29 @@
+From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
+Date: Thu, 30 Jun 2016 16:42:42 +0200
+Subject: [PATCH] gen_auth_encrypted_data: reuse existing DEK file
+
+In order to be able to encrypt several artifacts with the same DEK, it is
+needed to allow the CST to reuse an existing DEK file.
+
+Previous to this patch, the DEK is generated on the fly and placed on the
+specified path. After this patch, the DEK is taken from the specified path.
+
+https://jira.digi.com/browse/DUB-608
+
+Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
+---
+ code/back_end/src/adapt_layer_openssl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/code/back_end/src/adapt_layer_openssl.c b/code/back_end/src/adapt_layer_openssl.c
+index 8513046269ea..ce6e370f2c6a 100644
+--- a/code/back_end/src/adapt_layer_openssl.c
++++ b/code/back_end/src/adapt_layer_openssl.c
+@@ -945,6 +945,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
+         }
+         printf("\n");
+ #endif
++        reuse_dek = 1;
+         if (reuse_dek) {
+             fh = fopen(key_file, "rb");
+             if (fh == NULL) {

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile

@@ -0,0 +1,24 @@
+TARGET = linux64/cst
+LIBS = -lfrontend -lcrypto
+CC = gcc
+CFLAGS = -g -Wall
+
+.PHONY: default all clean
+
+default: $(TARGET)
+all: default
+
+OBJECTS = code/back_end/src/*.c
+HEADERS = code/back_end/hdr
+LIBS_PATH = linux64/lib
+
+%.o: %.c 
+	$(CC) $(CFLAGS) -c $< -o $@
+
+.PRECIOUS: $(TARGET) $(OBJECTS)
+
+$(TARGET): $(OBJECTS)
+	$(CC) $(OBJECTS) $(CFLAGS) -L $(LIBS_PATH) $(LIBS) -I $(HEADERS) -o $@
+
+clean:
+	-rm -f *.o $(TARGET)

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb

@@ -0,0 +1,33 @@
+SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
+DESCRIPTION = "Provides software code signing support designed for use with i.MX processors that integrate the HAB library in the internal boot ROM."
+HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
+LICENSE = "CLOSED"
+
+DEPENDS = "openssl"
+
+S= "${WORKDIR}/cst-${PV}"
+
+SRC_URI = " \
+	${@base_conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \
+	file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
+	file://Makefile \
+"
+
+do_configure() {
+	cp -f ${WORKDIR}/Makefile .
+}
+
+do_compile () {
+	oe_runmake clean && oe_runmake
+}
+
+do_install () {
+	install -d ${D}${bindir}
+	install -m 0755 linux64/cst ${D}${bindir}/cst
+	install -m 0755 linux64/srktool ${D}${bindir}/srktool
+	install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
+	install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
+	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
+}
+
+BBCLASSEXTEND = "native"

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb

@@ -7,6 +7,7 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://Licenses/README;md5=c7383a594871c03da76b3707929d2919"
 
 DEPENDS += "dtc-native u-boot-mkimage-native"
+DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}"
 
 PROVIDES += "u-boot"
 

meta-digi-arm/recipes-kernel/linux/linux-dey.inc

@@ -5,6 +5,7 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
 
 DEPENDS += "lzop-native bc-native"
+DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}"
 
 inherit kernel fsl-kernel-localversion