trustfence: fix trustfence support in NXP platforms

In commit df9b1cf329, the UBOOT_SIGN_ENABLE is set for all platforms, and should be only added for FIT images. This is making the process failing in cc8mn/cc8mm platforms due to the UBOOT_SIGN_ENABLE is also used there to use a dtb patched with the signature node. https://onedigi.atlassian.net/browse/DEL-8764 Signed-off-by: Francisco Gil francisco.gilmartinez@digi.com
2023-11-30 09:58:36 +01:00 · 2023-11-30 09:58:36 +01:00 · b9b883d47c
parent 0ae6422742
commit b9b883d47c
1 changed files with 15 additions and 13 deletions
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -192,19 +192,21 @@ python () {
            if d.getVar("TRUSTFENCE_SIGN_MODE"):
                d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))

-        # FIT-related variables
-        # Create keys if not defined
-        d.setVar("FIT_GENERATE_KEYS", "1")
-        # Sign individual images (prevents running unsigned images in FIT)
-        d.setVar("FIT_SIGN_INDIVIDUAL", "1")
-        # Set variables required by poky to sign FIT image
-        d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME"))
-        d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME"))
-        d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000")
-        # Enable FIT signing support
-        d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN"))
-        # Set path to FIT signing keys
-        d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"))
+
+        if (d.getVar("TRUSTFENCE_FIT_IMG") == "1"):
+            # FIT-related variables
+            # Create keys if not defined
+            d.setVar("FIT_GENERATE_KEYS", "1")
+            # Sign individual images (prevents running unsigned images in FIT)
+            d.setVar("FIT_SIGN_INDIVIDUAL", "1")
+            # Set variables required by poky to sign FIT image
+            d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME"))
+            d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME"))
+            d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000")
+            # Enable FIT signing support
+            d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN"))
+            # Set path to FIT signing keys
+            d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"))

    else:
        # Disable signing artifacts if TRUSTFENCE_SIGN != 1