diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.1.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.1.bb rename to meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.1.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc similarity index 78% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.1.inc rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc index 593a5f127..5406f6215 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.1.inc +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc @@ -1,4 +1,4 @@ -# Copyright (C) 2017-2022 Digi International +# Copyright (C) 2017-2023 Digi International SUMMARY = "NXP Code signing Tool for the High Assurance Boot library" DESCRIPTION = "Provides software code signing support designed for use with \ @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530" DEPENDS = "byacc-native flex-native" -OPENSSL1_VERSION = "1.1.1s" +OPENSSL1_VERSION = "1.1.1t" SRC_URI = " \ ${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \ @@ -18,20 +18,19 @@ SRC_URI = " \ file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \ file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \ file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \ - file://0005-rules.mk-weaken-specific-function-err_msg.patch \ " -SRC_URI[cst.md5sum] = "27ba9c8bc0b8a7f14d23185775c53794" -SRC_URI[cst.sha256sum] = "8b7e44e3e126f814f5caf8a634646fe64021405302ca59ff02f5c8f3b9a5abb9" -SRC_URI[openssl.md5sum] = "077f69d357758c7d6ef686f813e16f30" -SRC_URI[openssl.sha256sum] = "c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa" +SRC_URI[cst.md5sum] = "4b9fccac381fa412cba8ba7028c154c7" +SRC_URI[cst.sha256sum] = "517b11dca181e8c438a6249f56f0a13a0eb251b30e690760be3bf6191ee06c68" +SRC_URI[openssl.md5sum] = "1cfee919e0eac6be62c88c5ae8bcd91e" +SRC_URI[openssl.sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b" S = "${WORKDIR}/cst-${PV}" do_compile() { cd code/cst oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 openssl - oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 rel_bin + oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 os_bin } do_install() { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch similarity index 66% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch index 709cae579..887f79e83 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch @@ -12,14 +12,14 @@ https://jira.digi.com/browse/DUB-608 Signed-off-by: Diaz de Grenu, Jose --- - code/cst/code/back_end/src/adapt_layer_openssl.c | 1 + + code/cst/code/back_end-ssl/src/adapt_layer_openssl.c | 1 + 1 file changed, 1 insertion(+) -diff --git a/code/cst/code/back_end/src/adapt_layer_openssl.c b/code/cst/code/back_end/src/adapt_layer_openssl.c -index 38b8bf5..f389e23 100755 ---- a/code/cst/code/back_end/src/adapt_layer_openssl.c -+++ b/code/cst/code/back_end/src/adapt_layer_openssl.c -@@ -1146,6 +1146,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, +diff --git a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c +index d8df54e..86e7e4f 100755 +--- a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c ++++ b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c +@@ -1231,6 +1231,7 @@ int32_t gen_auth_encrypted_data(const char* in_file, printf("\n"); #endif if (0 == key_init_done) { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-openssl_helper-use-dev-urandom-as-seed-source.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch similarity index 90% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-openssl_helper-use-dev-urandom-as-seed-source.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch index 4aa674105..9035f62cb 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-openssl_helper-use-dev-urandom-as-seed-source.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch @@ -10,10 +10,10 @@ Signed-off-by: Diaz de Grenu, Jose 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/cst/code/common/src/openssl_helper.c b/code/cst/code/common/src/openssl_helper.c -index 871cf55..b62c8a8 100755 +index 1e1131b..918c82e 100755 --- a/code/cst/code/common/src/openssl_helper.c +++ b/code/cst/code/common/src/openssl_helper.c -@@ -414,7 +414,7 @@ void print_version(void) +@@ -404,7 +404,7 @@ void print_version(void) ---------------------------*/ uint32_t seed_prng(uint32_t bytes) { diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch similarity index 79% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch index 408bc1cd7..78bde2d42 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch @@ -11,15 +11,16 @@ Subject: [PATCH] hab4_pki_tree.sh: adapt script for DEY * extract public keys from certificates: the public key needs to be available on the rootfs so that signed SWU packages can be authenticated. +Co-Authored-By: Javier Viguera Co-Authored-By: Hector Palacios Co-Authored-By: Diaz de Grenu, Jose Signed-off-by: Arturo Buzarra --- - keys/hab4_pki_tree.sh | 88 ++++++++++++++++++++++++++++--------------- - 1 file changed, 58 insertions(+), 30 deletions(-) + keys/hab4_pki_tree.sh | 80 +++++++++++++++++++++++++++++-------------- + 1 file changed, 54 insertions(+), 26 deletions(-) diff --git a/keys/hab4_pki_tree.sh b/keys/hab4_pki_tree.sh -index 944cc66..e76f22f 100755 +index 49834f0..de0c969 100755 --- a/keys/hab4_pki_tree.sh +++ b/keys/hab4_pki_tree.sh @@ -66,6 +66,8 @@ printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n" @@ -35,12 +36,12 @@ index 944cc66..e76f22f 100755 echo "$0" echo echo "Command Line Mode:" -- echo "$0 -existing-ca [-ca-key -ca-cert ] -use-ecc -kl -duration -num-srk <1-4> -srk-ca " -+ echo "$0 [-csf-path] -existing-ca [-ca-key -ca-cert ] -use-ecc -kl -duration -num-srk <1-4> -srk-ca " - echo "Options:" - echo " -kl: -use-ecc = y then Supported key lengths: p256, p384, p521" - echo " : -use-ecc = n then Supported key lengths: 1024, 2048, 3072, 4096" -@@ -89,10 +91,18 @@ usage() +- echo "$0 -existing-ca [-ca-key -ca-cert ] -kt < rsa/rsa-pss/ecc> -kl -duration -num-srk <1-4> -srk-ca " ++ echo "$0 [-csf-path] -existing-ca [-ca-key -ca-cert ] -kt < rsa/rsa-pss/ecc> -kl -duration -num-srk <1-4> -srk-ca " + echo " Key Type Options:" + echo " -kl ecc : then Supported key lengths: p256, p384, p521" + echo " -kl rsa : then Supported key lengths: 1024, 2048, 3072, 4096" +@@ -90,10 +92,18 @@ usage() echo } @@ -52,7 +53,7 @@ index 944cc66..e76f22f 100755 +# Default values +existing_ca="n" -+use_ecc="n" ++kt="rsa" +kl=4096 +duration=10 +num_srk=4 @@ -61,7 +62,7 @@ index 944cc66..e76f22f 100755 if [ $interactive = "n" ] then # Validate command line parameters -@@ -111,6 +121,11 @@ then +@@ -112,6 +122,11 @@ then while [ $num_param -le $max_param ] && [ "$1" != "" ] do case $1 in @@ -73,7 +74,7 @@ index 944cc66..e76f22f 100755 -existing-ca) shift existing_ca=$1 -@@ -164,9 +179,8 @@ then +@@ -165,9 +180,8 @@ then shift ;; *) @@ -85,7 +86,7 @@ index 944cc66..e76f22f 100755 ;; esac num_param=$(( num_param + 2 )) -@@ -242,6 +256,16 @@ then +@@ -261,6 +275,16 @@ then read duration fi @@ -102,7 +103,7 @@ index 944cc66..e76f22f 100755 # Compute validity period val_period=$((duration*365)) -@@ -275,9 +299,9 @@ then +@@ -294,9 +318,9 @@ then script_name=$0 fi script_path=$(cd $(dirname "${script_name}") && pwd -P) @@ -115,7 +116,7 @@ index 944cc66..e76f22f 100755 if [ ! -d "${keys_dir}" ] then -@@ -291,11 +315,11 @@ then +@@ -310,11 +334,11 @@ then exit 1 fi @@ -132,7 +133,7 @@ index 944cc66..e76f22f 100755 # Switch current working directory to keys directory, if needed. if [ "${crt_dir}" != "${keys_dir}" ] -@@ -318,9 +342,10 @@ fi +@@ -337,9 +361,10 @@ fi # Check that the file "key_pass.txt" is present, if not create it with default user/pwd: if [ ! -f key_pass.txt ] then @@ -146,7 +147,7 @@ index 944cc66..e76f22f 100755 fi # The following is required otherwise OpenSSL complains -@@ -365,7 +390,7 @@ then +@@ -384,7 +409,7 @@ then -x509 -extensions v3_ca \ -keyout temp_ca.pem \ -out ${ca_cert}.pem \ @@ -155,16 +156,7 @@ index 944cc66..e76f22f 100755 # Generate CA key in PKCS #8 format - both PEM and DER openssl pkcs8 -passin file:./key_pass.txt -passout file:./key_pass.txt \ -@@ -382,7 +407,7 @@ then - openssl x509 -inform PEM -outform DER -in ${ca_cert}.pem -out ${ca_cert}.der - - # Cleanup -- \rm temp_ca.pem -+ rm temp_ca.pem - fi - - -@@ -432,10 +457,10 @@ then +@@ -452,10 +477,10 @@ then -in ./temp_srk_req.pem \ -cert ${ca_cert}.pem \ -keyfile ${ca_key}.pem \ @@ -177,16 +169,7 @@ index 944cc66..e76f22f 100755 # Convert SRK Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -456,7 +481,7 @@ then - -out ${srk_key}.pem - - # Cleanup -- \rm ./temp_srk.pem ./temp_srk_req.pem -+ rm ./temp_srk.pem ./temp_srk_req.pem - i=$((i+1)) - done - else -@@ -505,10 +530,10 @@ do +@@ -526,10 +551,10 @@ do -in ./temp_srk_req.pem \ -cert ${ca_cert}.pem \ -keyfile ${ca_key}.pem \ @@ -199,7 +182,7 @@ index 944cc66..e76f22f 100755 # Convert SRK Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -574,10 +599,10 @@ do +@@ -596,10 +621,10 @@ do -in ./temp_csf_req.pem \ -cert ${srk_crt_i} \ -keyfile ${srk_key_i} \ @@ -212,16 +195,7 @@ index 944cc66..e76f22f 100755 # Convert CSF Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -596,7 +621,7 @@ do - -out ${csf_key}.pem - - # Cleanup -- \rm ./temp_csf.pem ./temp_csf_req.pem -+ rm ./temp_csf.pem ./temp_csf_req.pem - - echo - echo ++++++++++++++++++++++++++++++++++++++++ -@@ -636,10 +661,10 @@ do +@@ -659,10 +684,10 @@ do -in ./temp_img_req.pem \ -cert ${srk_crt_i} \ -keyfile ${srk_key_i} \ @@ -234,7 +208,7 @@ index 944cc66..e76f22f 100755 # Convert IMG Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -657,8 +682,11 @@ do +@@ -680,6 +705,9 @@ do -in temp_img.pem \ -out ${img_key}.pem @@ -242,8 +216,5 @@ index 944cc66..e76f22f 100755 + openssl x509 -pubkey -noout -in "${img_crt}.pem" > ../crts/key${i}.pub + # Cleanup -- \rm ./temp_img.pem ./temp_img_req.pem -+ rm ./temp_img.pem ./temp_img_req.pem + \rm ./temp_img.pem ./temp_img_req.pem - i=$((i+1)) - done diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch similarity index 74% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch index 55bcd3d77..11387df9d 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch @@ -11,15 +11,16 @@ Subject: [PATCH] ahab_pki_tree.sh: adapt script for DEY * extract public keys from certificates: the public key needs to be available on the rootfs so that signed SWU packages can be authenticated. +Co-Authored-By: Javier Viguera Co-Authored-By: Hector Palacios Co-Authored-By: Mike Engel Signed-off-by: Arturo Buzarra --- - keys/ahab_pki_tree.sh | 80 +++++++++++++++++++++++++++++-------------- - 1 file changed, 54 insertions(+), 26 deletions(-) + keys/ahab_pki_tree.sh | 79 ++++++++++++++++++++++++++++++------------- + 1 file changed, 55 insertions(+), 24 deletions(-) diff --git a/keys/ahab_pki_tree.sh b/keys/ahab_pki_tree.sh -index f5ab36c..13843f9 100755 +index 0327f83..5c986b2 100755 --- a/keys/ahab_pki_tree.sh +++ b/keys/ahab_pki_tree.sh @@ -64,6 +64,8 @@ printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n" @@ -35,12 +36,12 @@ index f5ab36c..13843f9 100755 echo "$0" echo echo "Command Line Mode:" -- echo "$0 -existing-ca [-ca-key -ca-cert ] -use-ecc -kl -da -duration -srk-ca " -+ echo "$0 [-csf-path] -existing-ca [-ca-key -ca-cert ] -use-ecc -kl -da -duration -srk-ca " +- echo "$0 -existing-ca [-ca-key -ca-cert ] -kt -kl -da -duration -srk-ca " ++ echo "$0 [-csf-path] -existing-ca [-ca-key -ca-cert ] -kt -kl -da -duration -srk-ca " echo "Options:" - echo " -kl: -use-ecc = y then Supported key lengths: p256, p384, p521" - echo " : -use-ecc = n then Supported key lengths: 2048, 3072, 4096" -@@ -88,10 +90,18 @@ usage() + echo " -kt ecc : then Supported key lengths: p256, p384, p521" + echo " -kt rsa : then Supported key lengths: 2048, 3072, 4096" +@@ -89,10 +91,18 @@ usage() echo } @@ -52,16 +53,16 @@ index f5ab36c..13843f9 100755 +# Default values +existing_ca="n" -+use_ecc="y" ++kt="ecc" +kl=p521 +da=sha512 +duration=10 -+srk_ca="y" ++srk_ca="n" + if [ $interactive = "n" ] then # Validate command line parameters -@@ -110,6 +120,11 @@ then +@@ -111,6 +121,11 @@ then while [ $num_param -le $max_param ] && [ "$1" != "" ] do case $1 in @@ -73,7 +74,7 @@ index f5ab36c..13843f9 100755 -existing-ca) shift existing_ca=$1 -@@ -163,9 +178,8 @@ then +@@ -164,9 +179,8 @@ then shift ;; *) @@ -85,7 +86,7 @@ index f5ab36c..13843f9 100755 ;; esac num_param=$(( num_param + 2 )) -@@ -255,6 +269,16 @@ then +@@ -274,6 +288,16 @@ then read duration fi @@ -102,7 +103,7 @@ index f5ab36c..13843f9 100755 # Compute validity period val_period=$((duration*365)) -@@ -286,9 +310,9 @@ then +@@ -305,9 +329,9 @@ then script_name=$0 fi script_path=$(cd $(dirname "${script_name}") && pwd -P) @@ -115,14 +116,14 @@ index f5ab36c..13843f9 100755 if [ ! -d "${keys_dir}" ] then -@@ -302,11 +326,11 @@ then - exit 1 +@@ -321,11 +345,11 @@ then + exit 1 fi -if [ ! -d "${ca_dir}" ] -then - echo ERROR: "Openssl configuration directory ${ca_dir} is missing. Expecting /ca directory to hold openssl configuration files." -- exit 1 +- exit 1 -fi +# if [ ! -d "${ca_dir}" ] +# then @@ -132,7 +133,7 @@ index f5ab36c..13843f9 100755 # Switch current working directory to keys directory, if needed. if [ "${crt_dir}" != "${keys_dir}" ] -@@ -329,9 +353,10 @@ fi +@@ -348,9 +372,10 @@ fi # Check that the file "key_pass.txt" is present, if not create it with default user/pwd: if [ ! -f key_pass.txt ] then @@ -146,7 +147,7 @@ index f5ab36c..13843f9 100755 fi # The following is required otherwise OpenSSL complains -@@ -377,7 +402,7 @@ then +@@ -396,7 +421,7 @@ then -x509 -extensions v3_ca \ -keyout temp_ca.pem \ -out ${ca_cert}.pem \ @@ -155,25 +156,30 @@ index f5ab36c..13843f9 100755 # Generate CA key in PKCS #8 format - both PEM and DER openssl pkcs8 -passin file:./key_pass.txt -passout file:./key_pass.txt \ -@@ -394,7 +419,7 @@ then - openssl x509 -inform PEM -outform DER -in ${ca_cert}.pem -out ${ca_cert}.der +@@ -464,10 +489,10 @@ then + -in ./temp_srk_req.pem \ + -cert ${ca_cert}.pem \ + -keyfile ${ca_key}.pem \ +- -extfile ../ca/v3_usr.cnf \ ++ -extfile "${SCRIPT_BASEDIR}/v3_usr.cnf" \ + -out ${srk_crt}.pem \ + -days ${val_period} \ +- -config ../ca/openssl.cnf ++ -config "${SCRIPT_BASEDIR}/openssl.cnf" - # Cleanup -- \rm temp_ca.pem -+ rm temp_ca.pem - fi - - -@@ -468,7 +493,7 @@ then + # Convert SRK Certificate to DER format + openssl x509 -inform PEM -outform DER \ +@@ -487,6 +512,9 @@ then + -in temp_srk.pem \ -out ${srk_key}.pem ++ # Extract public key from the certificate ++ openssl x509 -pubkey -noout -in "${srk_crt}.pem" > ../crts/key${i}.pub ++ # Cleanup -- \rm ./temp_srk.pem ./temp_srk_req.pem -+ rm ./temp_srk.pem ./temp_srk_req.pem + \rm ./temp_srk.pem ./temp_srk_req.pem i=$((i+1)) - done - else -@@ -517,10 +542,10 @@ do +@@ -539,10 +567,10 @@ do -in ./temp_srk_req.pem \ -cert ${ca_cert}.pem \ -keyfile ${ca_key}.pem \ @@ -186,16 +192,7 @@ index f5ab36c..13843f9 100755 # Convert SRK Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -541,7 +566,7 @@ do - -out ${srk_key}.pem - - # Cleanup -- \rm ./temp_srk.pem ./temp_srk_req.pem -+ rm ./temp_srk.pem ./temp_srk_req.pem - - echo - echo ++++++++++++++++++++++++++++++++++++++++ -@@ -586,10 +611,10 @@ do +@@ -609,10 +637,10 @@ do -in ./temp_sgk_req.pem \ -cert ${srk_crt_i} \ -keyfile ${srk_key_i} \ @@ -208,7 +205,7 @@ index f5ab36c..13843f9 100755 # Convert SGK Certificate to DER format openssl x509 -inform PEM -outform DER \ -@@ -607,8 +632,11 @@ do +@@ -630,6 +658,9 @@ do -in temp_sgk.pem \ -out ${sgk_key}.pem @@ -216,8 +213,5 @@ index f5ab36c..13843f9 100755 + openssl x509 -pubkey -noout -in "${srk_crt_i}" > ../crts/key${i}.pub + # Cleanup -- \rm ./temp_sgk.pem ./temp_sgk_req.pem -+ rm ./temp_sgk.pem ./temp_sgk_req.pem + \rm ./temp_sgk.pem ./temp_sgk_req.pem - i=$((i+1)) - done diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.1.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb similarity index 100% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.1.bb rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0005-rules.mk-weaken-specific-function-err_msg.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0005-rules.mk-weaken-specific-function-err_msg.patch deleted file mode 100644 index 1ba99780d..000000000 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0005-rules.mk-weaken-specific-function-err_msg.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Hector Palacios -Date: Mon, 30 Jan 2023 10:38:22 +0100 -Subject: [PATCH] rules.mk: weaken specific function err_msg() - -A bug in binutils 2.38 objcopy '--weaken' produces malformed -binaries. -For the cst, it looks like it's enough to weaken function err_msg() -which is otherwise redefined. -Change the global '--weaken' flag with '--weaken-symbol err_msg' -to have the build process generate a valid 'cst' binary. - -Signed-off-by: Hector Palacios - -https://onedigi.atlassian.net/browse/DEL-8332 -https://onedigi.atlassian.net/browse/DEL-8033 ---- - code/cst/code/build/make/rules.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/code/cst/code/build/make/rules.mk b/code/cst/code/build/make/rules.mk -index 1c0842b..032e18b 100755 ---- a/code/cst/code/build/make/rules.mk -+++ b/code/cst/code/build/make/rules.mk -@@ -27,7 +27,7 @@ LFLAGS := -t - $(AR) $(ARFLAGS) $@ $^ - ifneq ($(OSTYPE),mingw32) - ifneq ($(OSTYPE),osx) -- $(OBJCOPY) --weaken $@ -+ $(OBJCOPY) --weaken-symbol err_msg $@ - endif - endif -