trustfence: set STM-specific variables for signing

These variables build TF-A with authentication support and build a signed FIP image. Signed-off-by: Hector Palacios <hector.palacios@digi.com>
2023-04-13 09:17:10 +02:00 · 2023-04-13 09:17:10 +02:00 · 9c34c0e1eb
parent 74ed606339
commit 9c34c0e1eb
1 changed files with 11 additions and 0 deletions
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -59,6 +59,17 @@ python () {
            d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin");

    if (d.getVar("TRUSTFENCE_SIGN") == "1"):
+        # Set STM-specific variables for signing images
+        if (d.getVar("DEY_SOC_VENDOR") == "STM"):
+            d.setVar("TF_A_SIGN_ENABLE", "1")
+            d.setVar("FIP_SIGN_ENABLE", "1")
+            d.setVar("FIP_SIGN_KEY_EXTERNAL", "1")
+            if (d.getVar("DIGI_SOM") == "ccmp15" ):
+                d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey00.pem");
+            elif (d.getVar("DIGI_SOM") == "ccmp13" ):
+                d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey0%s.pem" % d.getVar("TRUSTFENCE_KEY_INDEX"));
+            d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt")
+
        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
        if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")