From 9c34c0e1eb269d7325ce61bcd56f385c0c1037e3 Mon Sep 17 00:00:00 2001
From: Hector Palacios <hector.palacios@digi.com>
Date: Thu, 13 Apr 2023 09:17:10 +0200
Subject: [PATCH] trustfence: set STM-specific variables for signing

These variables build TF-A with authentication support and build
a signed FIP image.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
---
 meta-digi-dey/classes/trustfence.bbclass | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index df8f0d68b..7d3f14c92 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -59,6 +59,17 @@ python () {
             d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin");
 
     if (d.getVar("TRUSTFENCE_SIGN") == "1"):
+        # Set STM-specific variables for signing images
+        if (d.getVar("DEY_SOC_VENDOR") == "STM"):
+            d.setVar("TF_A_SIGN_ENABLE", "1")
+            d.setVar("FIP_SIGN_ENABLE", "1")
+            d.setVar("FIP_SIGN_KEY_EXTERNAL", "1")
+            if (d.getVar("DIGI_SOM") == "ccmp15" ):
+                d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey00.pem");
+            elif (d.getVar("DIGI_SOM") == "ccmp13" ):
+                d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey0%s.pem" % d.getVar("TRUSTFENCE_KEY_INDEX"));
+            d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt")
+
         d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
         if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")