From c1d2ee02f5e3298a053de53674a9128a59df6904 Mon Sep 17 00:00:00 2001
From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
Date: Mon, 19 Sep 2016 18:34:24 +0200
Subject: [PATCH] trustfence: sign device tree blobs

https://jira.digi.com/browse/DUB-614

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
---
 meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
index 02b2c4ae8..fc77b74c0 100644
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
@@ -36,6 +36,15 @@ do_deploy_append() {
 		# Sign/encrypt the kernel image
 		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -l "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
 		mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin"
+
+		# Sign/encrypt the device tree blobs
+		if [ -n "${KERNEL_DEVICETREE}" ]; then
+			for DTB_NAME in ${KERNEL_DEVICETREE}; do
+				DTB="${B}/arch/${ARCH}/boot/dts/${DTB_NAME}"
+				"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -d "${DTB}" "${DTB}-signed"
+				mv "${DTB}-signed" "${DTB}"
+			done
+		fi
 	fi
 	(cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME})
 }