Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

meta-digi-arm: sign/encrypt bootscript 

https://jira.digi.com/browse/DUB-679

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This commit is contained in:
Diaz de Grenu, Jose 2016-09-22 11:58:38 +02:00
parent 7a02e1b00a
commit 934c819fd9
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
View File

@ -150,6 +150,13 @@ do_deploy_append() {
TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)" TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)"
sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR} sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR}
mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr
if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${DEPLOYDIR}/boot-signed.scr"
mv ${DEPLOYDIR}/boot-signed.scr ${DEPLOYDIR}/boot.scr
fi
rm -f ${TMP_BOOTSCR} rm -f ${TMP_BOOTSCR}
} }

8
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
View File

@ -25,8 +25,9 @@
SCRIPT_NAME="$(basename ${0})" SCRIPT_NAME="$(basename ${0})"
SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)"
while getopts "dilp:" c; do while getopts "bdilp:" c; do
case "${c}" in case "${c}" in
b) ARTIFACT_BOOTSCRIPT="y";;
d) ARTIFACT_DTB="y";; d) ARTIFACT_DTB="y";;
i) ARTIFACT_INITRAMFS="y";; i) ARTIFACT_INITRAMFS="y";;
l) ARTIFACT_KERNEL="y";; l) ARTIFACT_KERNEL="y";;
@ -41,6 +42,7 @@ usage() {
Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image
-p <platform> select platform for the project -p <platform> select platform for the project
-b sign/encrypt bootscript
-d sign/encrypt initramfs -d sign/encrypt initramfs
-i sign/encrypt DTB -i sign/encrypt DTB
-l sign/encrypt Linux image -l sign/encrypt Linux image
@ -103,9 +105,11 @@ fi
[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}" [ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}"
[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}" [ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}"
[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" [ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
# bootscripts are loaded to $loadaddr, just like the kernel
[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
if [ -z "${CONFIG_RAM_START}" ]; then if [ -z "${CONFIG_RAM_START}" ]; then
echo "Specify the type of image to process (-i, -d, or -l)" echo "Specify the type of image to process (-b, -i, -d, or -l)"
exit 1 exit 1
fi fi