Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: fix trustfence support in NXP platforms 

In commit df9b1cf329, the UBOOT_SIGN_ENABLE is set for all
platforms, and should be only added for FIT images.

This is making the process failing in cc8mn/cc8mm platforms
due to the UBOOT_SIGN_ENABLE is also used there to use a dtb
patched with the signature node.

https://onedigi.atlassian.net/browse/DEL-8764

Signed-off-by: Francisco Gil francisco.gilmartinez@digi.com
This commit is contained in:
fgilmar 2023-11-30 09:58:36 +01:00
parent 0ae6422742
commit b9b883d47c
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
meta-digi-dey/classes/trustfence.bbclass
View File

@ -192,19 +192,21 @@ python () {
if d.getVar("TRUSTFENCE_SIGN_MODE"): if d.getVar("TRUSTFENCE_SIGN_MODE"):
d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE")) d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
# FIT-related variables
# Create keys if not defined if (d.getVar("TRUSTFENCE_FIT_IMG") == "1"):
d.setVar("FIT_GENERATE_KEYS", "1") # FIT-related variables
# Sign individual images (prevents running unsigned images in FIT) # Create keys if not defined
d.setVar("FIT_SIGN_INDIVIDUAL", "1") d.setVar("FIT_GENERATE_KEYS", "1")
# Set variables required by poky to sign FIT image # Sign individual images (prevents running unsigned images in FIT)
d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME")) d.setVar("FIT_SIGN_INDIVIDUAL", "1")
d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME")) # Set variables required by poky to sign FIT image
d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000") d.setVar("UBOOT_SIGN_KEYNAME", d.getVar("TRUSTFENCE_FIT_CFG_SIGN_KEYNAME"))
# Enable FIT signing support d.setVar("UBOOT_SIGN_IMG_KEYNAME", d.getVar("TRUSTFENCE_FIT_IMG_SIGN_KEYNAME"))
d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN")) d.setVar("UBOOT_MKIMAGE_DTCOPTS", "-I dts -O dtb -p 2000")
# Set path to FIT signing keys # Enable FIT signing support
d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH")) d.setVar("UBOOT_SIGN_ENABLE", d.getVar("TRUSTFENCE_SIGN"))
# Set path to FIT signing keys
d.setVar("UBOOT_SIGN_KEYDIR", "%s/fit" % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"))
else: else:
# Disable signing artifacts if TRUSTFENCE_SIGN != 1 # Disable signing artifacts if TRUSTFENCE_SIGN != 1