From b9b883d47cecc799794bedb50adb9848ca452585 Mon Sep 17 00:00:00 2001
From: fgilmar <francisco.gilmartinez@digi.com>
Date: Thu, 30 Nov 2023 09:58:36 +0100
Subject: [PATCH] trustfence: fix trustfence support in NXP platforms

In commit df9b1cf329c, the UBOOT_SIGN_ENABLE is set for all
platforms, and should be only added for FIT images.

This is making the process failing in cc8mn/cc8mm platforms
due to the UBOOT_SIGN_ENABLE is also used there to use a dtb
patched with the signature node.

https://onedigi.atlassian.net/browse/DEL-8764

Signed-off-by: Francisco Gil francisco.gilmartinez@digi.com
---
 meta-digi-dey/classes/trustfence.bbclass | 28 +++++++++++++-----------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index 1dac97cbb..5ed0eb8f4 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -192,19 +192,21 @@ python () {
             if d.getVar("TRUSTFENCE_SIGN_MODE"):
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
 
-        # FIT-related variables
-        # Create keys if not defined
-        d.setVar("FIT_GENERATE_KEYS", "1")
-        # Sign individual images (prevents running unsigned images in FIT)
-        d.setVar("FIT_SIGN_INDIVIDUAL", "1")
-        # Set variables required by poky to sign FIT image
-        d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME"))
-        d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME"))
-        d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000")
-        # Enable FIT signing support
-        d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN"))
-        # Set path to FIT signing keys
-        d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"))
+
+        if (d.getVar("TRUSTFENCE_FIT_IMG") == "1"):
+            # FIT-related variables
+            # Create keys if not defined
+            d.setVar("FIT_GENERATE_KEYS", "1")
+            # Sign individual images (prevents running unsigned images in FIT)
+            d.setVar("FIT_SIGN_INDIVIDUAL", "1")
+            # Set variables required by poky to sign FIT image
+            d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME"))
+            d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME"))
+            d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000")
+            # Enable FIT signing support
+            d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN"))
+            # Set path to FIT signing keys
+            d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"))
 
     else:
         # Disable signing artifacts if TRUSTFENCE_SIGN != 1