From 9b4a03c14c991a82c974a0bc7573515c10ec2fa3 Mon Sep 17 00:00:00 2001 From: Gonzalo Ruiz Date: Thu, 28 May 2020 16:26:40 +0200 Subject: [PATCH] trustfence: [cosmetic] rename script to trustfence-sign-artifact The signing script is used for signing multiple artifacts, not just the kernel, so rename it for a broader use. https://jira.digi.com/browse/DEL-7047 Signed-off-by: Gonzalo Ruiz --- meta-digi-arm/classes/image_types_digi.bbclass | 2 +- meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc | 2 +- ...ence-sign-kernel.sh => trustfence-sign-artifact.sh} | 5 +++-- .../trustfence/trustfence-sign-tools_git.bb | 10 +++++----- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 4 ++-- 5 files changed, 12 insertions(+), 11 deletions(-) rename meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/{trustfence-sign-kernel.sh => trustfence-sign-artifact.sh} (98%) diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 60bd5d6b7..c0c205986 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -212,7 +212,7 @@ trustence_sign_cpio() { mv "${1}-mkimg" "${1}" fi # Sign/encrypt the ramdisk - trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -i "${1}" "${1}.tf" + trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -i "${1}" "${1}.tf" else # Copy the image with no changes cp "${1}" "${1}.tf" diff --git a/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc b/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc index a0d5f28fc..ab5f70ee9 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc +++ b/meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc @@ -177,7 +177,7 @@ do_deploy_append() { fi TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)" - trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${TMP_SIGNED_BOOTSCR}" + trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${TMP_SIGNED_BOOTSCR}" mv "${TMP_SIGNED_BOOTSCR}" "${DEPLOYDIR}/boot.scr" fi rm -f ${TMP_BOOTSCR} diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh similarity index 98% rename from meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh index bdba4933a..98b8db448 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# trustfence-sign-kernel.sh +# trustfence-sign-artifact.sh # # Copyright (C) 2016-2020 by Digi International Inc. # All rights reserved. @@ -12,10 +12,11 @@ # # # Description: -# Script for building signed and encrypted kernel uImages using NXP CST. +# Script for building signed and encrypted artifacts using NXP CST. # # The following environment variables define the script behaviour: # CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated. +# CONFIG_SIGN_MODE: (mandatory) Signing method: HAB/AHAB # CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0. # CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate # encrypted images diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_git.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_git.bb index 7be37ae3e..af708ccae 100644 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_git.bb +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_git.bb @@ -16,10 +16,10 @@ UBOOT_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT SRC_URI = " \ ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ - file://trustfence-sign-kernel.sh;name=kernel-script \ - file://sign_hab;name=kernel-sign \ - file://encrypt_hab;name=kernel-encrypt \ - file://sign_ahab;name=kernel-sign \ + file://trustfence-sign-artifact.sh;name=artifact-sign-script \ + file://sign_hab;name=artifact-hab-sign \ + file://encrypt_hab;name=artifact-hab-encrypt \ + file://sign_ahab;name=artifact-ahab-sign \ " do_configure[noexec] = "1" @@ -36,7 +36,7 @@ do_install() { bberror "Unkown TRUSTFENCE_SIGN_MODE value" exit 1 fi - install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/ + install -m 0755 trustfence-sign-artifact.sh ${D}${bindir}/ install -m 0755 git/scripts/csf_templates/* ${D}${bindir}/csf_templates # Select U-Boot sign script depending on U-Boot including an SPL image diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index fd44dbe5d..8805527d6 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -38,7 +38,7 @@ trustfence_sign() { fi TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)" - trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}" + trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}" if [ "${type}" = "Image.gz" ]; then # Compress the signed Image and restore the original filename @@ -63,7 +63,7 @@ trustfence_sign() { fi TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)" - trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}" + trustfence-sign-artifact.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}" mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}" done }