Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence-cst: upgrade to version 3.3.2 

This version supports i.MX8ULP and i.MX9x devices.

NOTICE: changed the "srk_ca" parameter in ahab_pki_tree.sh from "yes" to
"no". This script is shared between cc8x and ccimx93. The imx93 does not
support that option at the moment (generation of subordinate SGK certs)
and for the cc8x we were generating them but never used them to sign
the artifacts.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera 2023-09-12 18:00:28 +02:00
parent d7692af7a4
commit b4df142805
8 changed files with 81 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.1.bb → meta-digi-arm/recipes-bsp/trustfence-cst/nativesdk-trustfence-cst_3.3.2.bb
View File

15
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.1.inc → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2.inc
View File

@ -1,4 +1,4 @@
# Copyright (C) 2017-2022 Digi International
# Copyright (C) 2017-2023 Digi International
SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
DESCRIPTION = "Provides software code signing support designed for use with \
@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530"
DEPENDS = "byacc-native flex-native"
OPENSSL1_VERSION = "1.1.1s"
OPENSSL1_VERSION = "1.1.1t"
SRC_URI = " \
${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \
@ -18,20 +18,19 @@ SRC_URI = " \
file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \
file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \
file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \
file://0005-rules.mk-weaken-specific-function-err_msg.patch \
"
SRC_URI[cst.md5sum] = "27ba9c8bc0b8a7f14d23185775c53794"
SRC_URI[cst.sha256sum] = "8b7e44e3e126f814f5caf8a634646fe64021405302ca59ff02f5c8f3b9a5abb9"
SRC_URI[openssl.md5sum] = "077f69d357758c7d6ef686f813e16f30"
SRC_URI[openssl.sha256sum] = "c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa"
SRC_URI[cst.md5sum] = "4b9fccac381fa412cba8ba7028c154c7"
SRC_URI[cst.sha256sum] = "517b11dca181e8c438a6249f56f0a13a0eb251b30e690760be3bf6191ee06c68"
SRC_URI[openssl.md5sum] = "1cfee919e0eac6be62c88c5ae8bcd91e"
SRC_URI[openssl.sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b"
S = "${WORKDIR}/cst-${PV}"
do_compile() {
cd code/cst
oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 openssl
oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 rel_bin
oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 os_bin
}
do_install() {

12
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
View File

@ -12,14 +12,14 @@ https://jira.digi.com/browse/DUB-608
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
---
code/cst/code/back_end/src/adapt_layer_openssl.c | 1 +
code/cst/code/back_end-ssl/src/adapt_layer_openssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/code/cst/code/back_end/src/adapt_layer_openssl.c b/code/cst/code/back_end/src/adapt_layer_openssl.c
index 38b8bf5..f389e23 100755
--- a/code/cst/code/back_end/src/adapt_layer_openssl.c
+++ b/code/cst/code/back_end/src/adapt_layer_openssl.c
@@ -1146,6 +1146,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
diff --git a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
index d8df54e..86e7e4f 100755
--- a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
+++ b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
@@ -1231,6 +1231,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
printf("\n");
#endif
if (0 == key_init_done) {

4
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-openssl_helper-use-dev-urandom-as-seed-source.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0002-openssl_helper-use-dev-urandom-as-seed-source.patch
View File

@ -10,10 +10,10 @@ Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code/cst/code/common/src/openssl_helper.c b/code/cst/code/common/src/openssl_helper.c
index 871cf55..b62c8a8 100755
index 1e1131b..918c82e 100755
--- a/code/cst/code/common/src/openssl_helper.c
+++ b/code/cst/code/common/src/openssl_helper.c
@@ -414,7 +414,7 @@ void print_version(void)
@@ -404,7 +404,7 @@ void print_version(void)
---------------------------*/
uint32_t seed_prng(uint32_t bytes)
{

77
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch
View File

@ -11,15 +11,16 @@ Subject: [PATCH] hab4_pki_tree.sh: adapt script for DEY
* extract public keys from certificates: the public key needs to be
available on the rootfs so that signed SWU packages can be authenticated.
Co-Authored-By: Javier Viguera <javier.viguera@digi.com>
Co-Authored-By: Hector Palacios <hector.palacios@digi.com>
Co-Authored-By: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
keys/hab4_pki_tree.sh | 88 ++++++++++++++++++++++++++++---------------
1 file changed, 58 insertions(+), 30 deletions(-)
keys/hab4_pki_tree.sh | 80 +++++++++++++++++++++++++++++--------------
1 file changed, 54 insertions(+), 26 deletions(-)
diff --git a/keys/hab4_pki_tree.sh b/keys/hab4_pki_tree.sh
index 944cc66..e76f22f 100755
index 49834f0..de0c969 100755
--- a/keys/hab4_pki_tree.sh
+++ b/keys/hab4_pki_tree.sh
@@ -66,6 +66,8 @@ printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
@ -35,12 +36,12 @@ index 944cc66..e76f22f 100755
echo "$0"
echo
echo "Command Line Mode:"
- echo "$0 -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -use-ecc <y/n> -kl <ECC/RSA Key Length> -duration <years> -num-srk <1-4> -srk-ca <y/n>"
+ echo "$0 [-csf-path] <CSF Path> -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -use-ecc <y/n> -kl <ECC/RSA Key Length> -duration <years> -num-srk <1-4> -srk-ca <y/n>"
echo "Options:"
echo " -kl: -use-ecc = y then Supported key lengths: p256, p384, p521"
echo " : -use-ecc = n then Supported key lengths: 1024, 2048, 3072, 4096"
@@ -89,10 +91,18 @@ usage()
- echo "$0 -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -kt < rsa/rsa-pss/ecc> -kl <ECC Curve/RSA Key Length> -duration <years> -num-srk <1-4> -srk-ca <y/n>"
+ echo "$0 [-csf-path] <CSF Path> -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -kt < rsa/rsa-pss/ecc> -kl <ECC Curve/RSA Key Length> -duration <years> -num-srk <1-4> -srk-ca <y/n>"
echo " Key Type Options:"
echo " -kl ecc : then Supported key lengths: p256, p384, p521"
echo " -kl rsa : then Supported key lengths: 1024, 2048, 3072, 4096"
@@ -90,10 +92,18 @@ usage()
echo
}
@ -52,7 +53,7 @@ index 944cc66..e76f22f 100755
+# Default values
+existing_ca="n"
+use_ecc="n"
+kt="rsa"
+kl=4096
+duration=10
+num_srk=4
@ -61,7 +62,7 @@ index 944cc66..e76f22f 100755
if [ $interactive = "n" ]
then
# Validate command line parameters
@@ -111,6 +121,11 @@ then
@@ -112,6 +122,11 @@ then
while [ $num_param -le $max_param ] && [ "$1" != "" ]
do
case $1 in
@ -73,7 +74,7 @@ index 944cc66..e76f22f 100755
-existing-ca)
shift
existing_ca=$1
@@ -164,9 +179,8 @@ then
@@ -165,9 +180,8 @@ then
shift
;;
*)
@ -85,7 +86,7 @@ index 944cc66..e76f22f 100755
;;
esac
num_param=$(( num_param + 2 ))
@@ -242,6 +256,16 @@ then
@@ -261,6 +275,16 @@ then
read duration
fi
@ -102,7 +103,7 @@ index 944cc66..e76f22f 100755
# Compute validity period
val_period=$((duration*365))
@@ -275,9 +299,9 @@ then
@@ -294,9 +318,9 @@ then
script_name=$0
fi
script_path=$(cd $(dirname "${script_name}") && pwd -P)
@ -115,7 +116,7 @@ index 944cc66..e76f22f 100755
if [ ! -d "${keys_dir}" ]
then
@@ -291,11 +315,11 @@ then
@@ -310,11 +334,11 @@ then
exit 1
fi
@ -132,7 +133,7 @@ index 944cc66..e76f22f 100755
# Switch current working directory to keys directory, if needed.
if [ "${crt_dir}" != "${keys_dir}" ]
@@ -318,9 +342,10 @@ fi
@@ -337,9 +361,10 @@ fi
# Check that the file "key_pass.txt" is present, if not create it with default user/pwd:
if [ ! -f key_pass.txt ]
then
@ -146,7 +147,7 @@ index 944cc66..e76f22f 100755
fi
# The following is required otherwise OpenSSL complains
@@ -365,7 +390,7 @@ then
@@ -384,7 +409,7 @@ then
-x509 -extensions v3_ca \
-keyout temp_ca.pem \
-out ${ca_cert}.pem \
@ -155,16 +156,7 @@ index 944cc66..e76f22f 100755
# Generate CA key in PKCS #8 format - both PEM and DER
openssl pkcs8 -passin file:./key_pass.txt -passout file:./key_pass.txt \
@@ -382,7 +407,7 @@ then
openssl x509 -inform PEM -outform DER -in ${ca_cert}.pem -out ${ca_cert}.der
# Cleanup
- \rm temp_ca.pem
+ rm temp_ca.pem
fi
@@ -432,10 +457,10 @@ then
@@ -452,10 +477,10 @@ then
-in ./temp_srk_req.pem \
-cert ${ca_cert}.pem \
-keyfile ${ca_key}.pem \
@ -177,16 +169,7 @@ index 944cc66..e76f22f 100755
# Convert SRK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -456,7 +481,7 @@ then
-out ${srk_key}.pem
# Cleanup
- \rm ./temp_srk.pem ./temp_srk_req.pem
+ rm ./temp_srk.pem ./temp_srk_req.pem
i=$((i+1))
done
else
@@ -505,10 +530,10 @@ do
@@ -526,10 +551,10 @@ do
-in ./temp_srk_req.pem \
-cert ${ca_cert}.pem \
-keyfile ${ca_key}.pem \
@ -199,7 +182,7 @@ index 944cc66..e76f22f 100755
# Convert SRK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -574,10 +599,10 @@ do
@@ -596,10 +621,10 @@ do
-in ./temp_csf_req.pem \
-cert ${srk_crt_i} \
-keyfile ${srk_key_i} \
@ -212,16 +195,7 @@ index 944cc66..e76f22f 100755
# Convert CSF Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -596,7 +621,7 @@ do
-out ${csf_key}.pem
# Cleanup
- \rm ./temp_csf.pem ./temp_csf_req.pem
+ rm ./temp_csf.pem ./temp_csf_req.pem
echo
echo ++++++++++++++++++++++++++++++++++++++++
@@ -636,10 +661,10 @@ do
@@ -659,10 +684,10 @@ do
-in ./temp_img_req.pem \
-cert ${srk_crt_i} \
-keyfile ${srk_key_i} \
@ -234,7 +208,7 @@ index 944cc66..e76f22f 100755
# Convert IMG Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -657,8 +682,11 @@ do
@@ -680,6 +705,9 @@ do
-in temp_img.pem \
-out ${img_key}.pem
@ -242,8 +216,5 @@ index 944cc66..e76f22f 100755
+ openssl x509 -pubkey -noout -in "${img_crt}.pem" > ../crts/key${i}.pub
+
# Cleanup
- \rm ./temp_img.pem ./temp_img_req.pem
+ rm ./temp_img.pem ./temp_img_req.pem
\rm ./temp_img.pem ./temp_img_req.pem
i=$((i+1))
done

86
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.3.2/0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch
View File

@ -11,15 +11,16 @@ Subject: [PATCH] ahab_pki_tree.sh: adapt script for DEY
* extract public keys from certificates: the public key needs to be
available on the rootfs so that signed SWU packages can be authenticated.
Co-Authored-By: Javier Viguera <javier.viguera@digi.com>
Co-Authored-By: Hector Palacios <hector.palacios@digi.com>
Co-Authored-By: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
keys/ahab_pki_tree.sh | 80 +++++++++++++++++++++++++++++--------------
1 file changed, 54 insertions(+), 26 deletions(-)
keys/ahab_pki_tree.sh | 79 ++++++++++++++++++++++++++++++-------------
1 file changed, 55 insertions(+), 24 deletions(-)
diff --git a/keys/ahab_pki_tree.sh b/keys/ahab_pki_tree.sh
index f5ab36c..13843f9 100755
index 0327f83..5c986b2 100755
--- a/keys/ahab_pki_tree.sh
+++ b/keys/ahab_pki_tree.sh
@@ -64,6 +64,8 @@ printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
@ -35,12 +36,12 @@ index f5ab36c..13843f9 100755
echo "$0"
echo
echo "Command Line Mode:"
- echo "$0 -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -use-ecc <y/n> -kl <ECC/RSA Key Length> -da <digest algorithm> -duration <years> -srk-ca <y/n>"
+ echo "$0 [-csf-path] <CSF Path> -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -use-ecc <y/n> -kl <ECC/RSA Key Length> -da <digest algorithm> -duration <years> -srk-ca <y/n>"
- echo "$0 -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -kt <y/n> -kl <ECC/RSA Key Length> -da <digest algorithm> -duration <years> -srk-ca <y/n>"
+ echo "$0 [-csf-path] <CSF Path> -existing-ca <y/n> [-ca-key <CA key name> -ca-cert <CA cert name>] -kt <y/n> -kl <ECC/RSA Key Length> -da <digest algorithm> -duration <years> -srk-ca <y/n>"
echo "Options:"
echo " -kl: -use-ecc = y then Supported key lengths: p256, p384, p521"
echo " : -use-ecc = n then Supported key lengths: 2048, 3072, 4096"
@@ -88,10 +90,18 @@ usage()
echo " -kt ecc : then Supported key lengths: p256, p384, p521"
echo " -kt rsa : then Supported key lengths: 2048, 3072, 4096"
@@ -89,10 +91,18 @@ usage()
echo
}
@ -52,16 +53,16 @@ index f5ab36c..13843f9 100755
+# Default values
+existing_ca="n"
+use_ecc="y"
+kt="ecc"
+kl=p521
+da=sha512
+duration=10
+srk_ca="y"
+srk_ca="n"
+
if [ $interactive = "n" ]
then
# Validate command line parameters
@@ -110,6 +120,11 @@ then
@@ -111,6 +121,11 @@ then
while [ $num_param -le $max_param ] && [ "$1" != "" ]
do
case $1 in
@ -73,7 +74,7 @@ index f5ab36c..13843f9 100755
-existing-ca)
shift
existing_ca=$1
@@ -163,9 +178,8 @@ then
@@ -164,9 +179,8 @@ then
shift
;;
*)
@ -85,7 +86,7 @@ index f5ab36c..13843f9 100755
;;
esac
num_param=$(( num_param + 2 ))
@@ -255,6 +269,16 @@ then
@@ -274,6 +288,16 @@ then
read duration
fi
@ -102,7 +103,7 @@ index f5ab36c..13843f9 100755
# Compute validity period
val_period=$((duration*365))
@@ -286,9 +310,9 @@ then
@@ -305,9 +329,9 @@ then
script_name=$0
fi
script_path=$(cd $(dirname "${script_name}") && pwd -P)
@ -115,7 +116,7 @@ index f5ab36c..13843f9 100755
if [ ! -d "${keys_dir}" ]
then
@@ -302,11 +326,11 @@ then
@@ -321,11 +345,11 @@ then
exit 1
fi
@ -132,7 +133,7 @@ index f5ab36c..13843f9 100755
# Switch current working directory to keys directory, if needed.
if [ "${crt_dir}" != "${keys_dir}" ]
@@ -329,9 +353,10 @@ fi
@@ -348,9 +372,10 @@ fi
# Check that the file "key_pass.txt" is present, if not create it with default user/pwd:
if [ ! -f key_pass.txt ]
then
@ -146,7 +147,7 @@ index f5ab36c..13843f9 100755
fi
# The following is required otherwise OpenSSL complains
@@ -377,7 +402,7 @@ then
@@ -396,7 +421,7 @@ then
-x509 -extensions v3_ca \
-keyout temp_ca.pem \
-out ${ca_cert}.pem \
@ -155,25 +156,30 @@ index f5ab36c..13843f9 100755
# Generate CA key in PKCS #8 format - both PEM and DER
openssl pkcs8 -passin file:./key_pass.txt -passout file:./key_pass.txt \
@@ -394,7 +419,7 @@ then
openssl x509 -inform PEM -outform DER -in ${ca_cert}.pem -out ${ca_cert}.der
@@ -464,10 +489,10 @@ then
-in ./temp_srk_req.pem \
-cert ${ca_cert}.pem \
-keyfile ${ca_key}.pem \
- -extfile ../ca/v3_usr.cnf \
+ -extfile "${SCRIPT_BASEDIR}/v3_usr.cnf" \
-out ${srk_crt}.pem \
-days ${val_period} \
- -config ../ca/openssl.cnf
+ -config "${SCRIPT_BASEDIR}/openssl.cnf"
# Cleanup
- \rm temp_ca.pem
+ rm temp_ca.pem
fi
@@ -468,7 +493,7 @@ then
# Convert SRK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -487,6 +512,9 @@ then
-in temp_srk.pem \
-out ${srk_key}.pem
+ # Extract public key from the certificate
+ openssl x509 -pubkey -noout -in "${srk_crt}.pem" > ../crts/key${i}.pub
+
# Cleanup
- \rm ./temp_srk.pem ./temp_srk_req.pem
+ rm ./temp_srk.pem ./temp_srk_req.pem
\rm ./temp_srk.pem ./temp_srk_req.pem
i=$((i+1))
done
else
@@ -517,10 +542,10 @@ do
@@ -539,10 +567,10 @@ do
-in ./temp_srk_req.pem \
-cert ${ca_cert}.pem \
-keyfile ${ca_key}.pem \
@ -186,16 +192,7 @@ index f5ab36c..13843f9 100755
# Convert SRK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -541,7 +566,7 @@ do
-out ${srk_key}.pem
# Cleanup
- \rm ./temp_srk.pem ./temp_srk_req.pem
+ rm ./temp_srk.pem ./temp_srk_req.pem
echo
echo ++++++++++++++++++++++++++++++++++++++++
@@ -586,10 +611,10 @@ do
@@ -609,10 +637,10 @@ do
-in ./temp_sgk_req.pem \
-cert ${srk_crt_i} \
-keyfile ${srk_key_i} \
@ -208,7 +205,7 @@ index f5ab36c..13843f9 100755
# Convert SGK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -607,8 +632,11 @@ do
@@ -630,6 +658,9 @@ do
-in temp_sgk.pem \
-out ${sgk_key}.pem
@ -216,8 +213,5 @@ index f5ab36c..13843f9 100755
+ openssl x509 -pubkey -noout -in "${srk_crt_i}" > ../crts/key${i}.pub
+
# Cleanup
- \rm ./temp_sgk.pem ./temp_sgk_req.pem
+ rm ./temp_sgk.pem ./temp_sgk_req.pem
\rm ./temp_sgk.pem ./temp_sgk_req.pem
i=$((i+1))
done

0
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.1.bb → meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_3.3.2.bb
View File

32
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0005-rules.mk-weaken-specific-function-err_msg.patch
View File

@ -1,32 +0,0 @@
From: Hector Palacios <hector.palacios@digi.com>
Date: Mon, 30 Jan 2023 10:38:22 +0100
Subject: [PATCH] rules.mk: weaken specific function err_msg()
A bug in binutils 2.38 objcopy '--weaken' produces malformed
binaries.
For the cst, it looks like it's enough to weaken function err_msg()
which is otherwise redefined.
Change the global '--weaken' flag with '--weaken-symbol err_msg'
to have the build process generate a valid 'cst' binary.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8332
https://onedigi.atlassian.net/browse/DEL-8033
---
code/cst/code/build/make/rules.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code/cst/code/build/make/rules.mk b/code/cst/code/build/make/rules.mk
index 1c0842b..032e18b 100755
--- a/code/cst/code/build/make/rules.mk
+++ b/code/cst/code/build/make/rules.mk
@@ -27,7 +27,7 @@ LFLAGS := -t
$(AR) $(ARFLAGS) $@ $^
ifneq ($(OSTYPE),mingw32)
ifneq ($(OSTYPE),osx)
- $(OBJCOPY) --weaken $@
+ $(OBJCOPY) --weaken-symbol err_msg $@
endif
endif