diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch new file mode 100644 index 000000000..881a77761 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch @@ -0,0 +1,29 @@ +From: "Diaz de Grenu, Jose" +Date: Thu, 30 Jun 2016 16:42:42 +0200 +Subject: [PATCH] gen_auth_encrypted_data: reuse existing DEK file + +In order to be able to encrypt several artifacts with the same DEK, it is +needed to allow the CST to reuse an existing DEK file. + +Previous to this patch, the DEK is generated on the fly and placed on the +specified path. After this patch, the DEK is taken from the specified path. + +https://jira.digi.com/browse/DUB-608 + +Signed-off-by: Diaz de Grenu, Jose +--- + code/back_end/src/adapt_layer_openssl.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/code/back_end/src/adapt_layer_openssl.c b/code/back_end/src/adapt_layer_openssl.c +index 8513046269ea..ce6e370f2c6a 100644 +--- a/code/back_end/src/adapt_layer_openssl.c ++++ b/code/back_end/src/adapt_layer_openssl.c +@@ -945,6 +945,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, + } + printf("\n"); + #endif ++ reuse_dek = 1; + if (reuse_dek) { + fh = fopen(key_file, "rb"); + if (fh == NULL) { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile new file mode 100644 index 000000000..f443ef3d1 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile @@ -0,0 +1,24 @@ +TARGET = linux64/cst +LIBS = -lfrontend -lcrypto +CC = gcc +CFLAGS = -g -Wall + +.PHONY: default all clean + +default: $(TARGET) +all: default + +OBJECTS = code/back_end/src/*.c +HEADERS = code/back_end/hdr +LIBS_PATH = linux64/lib + +%.o: %.c + $(CC) $(CFLAGS) -c $< -o $@ + +.PRECIOUS: $(TARGET) $(OBJECTS) + +$(TARGET): $(OBJECTS) + $(CC) $(OBJECTS) $(CFLAGS) -L $(LIBS_PATH) $(LIBS) -I $(HEADERS) -o $@ + +clean: + -rm -f *.o $(TARGET) diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb new file mode 100644 index 000000000..f1fd9ab58 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb @@ -0,0 +1,33 @@ +SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" +DESCRIPTION = "Provides software code signing support designed for use with i.MX processors that integrate the HAB library in the internal boot ROM." +HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" +LICENSE = "CLOSED" + +DEPENDS = "openssl" + +S= "${WORKDIR}/cst-${PV}" + +SRC_URI = " \ + ${@base_conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \ + file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ + file://Makefile \ +" + +do_configure() { + cp -f ${WORKDIR}/Makefile . +} + +do_compile () { + oe_runmake clean && oe_runmake +} + +do_install () { + install -d ${D}${bindir} + install -m 0755 linux64/cst ${D}${bindir}/cst + install -m 0755 linux64/srktool ${D}${bindir}/srktool + install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf + install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf + install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf +} + +BBCLASSEXTEND = "native" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index 5c88ffd79..68738aade 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -7,6 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://Licenses/README;md5=c7383a594871c03da76b3707929d2919" DEPENDS += "dtc-native u-boot-mkimage-native" +DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}" PROVIDES += "u-boot" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index f663f0d8e..563fc664e 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -5,6 +5,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" DEPENDS += "lzop-native bc-native" +DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}" inherit kernel fsl-kernel-localversion