From 8dc46fcaf8269d6194860760f31f9c7ddcd30e2d Mon Sep 17 00:00:00 2001
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Mon, 8 Mar 2021 10:35:46 +0100
Subject: [PATCH] imx-boot: export SRK revocation config when signing i.MX8M
 imx-boot images

There's a Yocto configuration option that enables this feature in U-Boot, but
since imx-boot images are signed using the scripts in trustfence-sign-tools,
said configuration is lost and the scripts don't take it into account if it's
enabled. Make sure that the configuation carries over to the script.

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
 meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend
index a0408703f..893a5b4cd 100644
--- a/meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend
+++ b/meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend
@@ -214,6 +214,7 @@ do_deploy_append () {
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 		[ -n "${TRUSTFENCE_SIGN_MODE}" ] && export CONFIG_SIGN_MODE="${TRUSTFENCE_SIGN_MODE}"
 		[ -n "${TRUSTFENCE_SRK_REVOKE_MASK}" ] && export SRK_REVOKE_MASK="${TRUSTFENCE_SRK_REVOKE_MASK}"
+		[ -n "${TRUSTFENCE_UNLOCK_KEY_REVOCATION}" ] && export CONFIG_UNLOCK_SRK_REVOKE="${TRUSTFENCE_UNLOCK_KEY_REVOCATION}"
 
 		# Sign U-boot image
 		if [ "${UBOOT_RAM_COMBINATIONS}" = "" ]; then