Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

meta-digi-arm: trustfence-sign-tools: add sign tools recipe 

Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.

This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.

https://jira.digi.com/browse/DEL-2688

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This commit is contained in:
Diaz de Grenu, Jose 2016-09-06 17:24:10 +02:00
parent 8e69db8ac5
commit c8ec33129d
6 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend Normal file
View File

@ -0,0 +1,5 @@
# Copyright (C) 2016 Digi International.
RDEPENDS_${PN} += " \
nativesdk-trustfence-sign-tools \
"

0
meta-digi-arm/scripts/templates/encrypt_uimage → meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage
View File

0
meta-digi-arm/scripts/templates/sign_uimage → meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage
View File

6
meta-digi-arm/scripts/trustfence-sign-uimage.sh → meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
#=============================================================================== #===============================================================================
# #
# trustfence_sign_uimage.sh # trustfence_sign_uimage.sh
@ -144,7 +144,7 @@ if [ "${ENCRYPT}" = "true" ]; then
-e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \ -e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \
-e "s,%r2_ram_start%,${r2_ram_start},g" \ -e "s,%r2_ram_start%,${r2_ram_start},g" \
-e "s,%r2_size%,${r2_size},g" \ -e "s,%r2_size%,${r2_size},g" \
"${SCRIPT_BASEDIR}/templates/encrypt_uimage" > csf_descriptor "${SCRIPT_BASEDIR}/csf_templates/encrypt_uimage" > csf_descriptor
else else
sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \
-e "s,%srk_table%,${SRK_TABLE},g" \ -e "s,%srk_table%,${SRK_TABLE},g" \
@ -154,7 +154,7 @@ else
-e "s,%cert_img%,${CERT_IMG},g" \ -e "s,%cert_img%,${CERT_IMG},g" \
-e "s,%uimage_path%,${TARGET},g" \ -e "s,%uimage_path%,${TARGET},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \ -e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
"${SCRIPT_BASEDIR}/templates/sign_uimage" > csf_descriptor "${SCRIPT_BASEDIR}/csf_templates/sign_uimage" > csf_descriptor
fi fi
# Generate SRK tables # Generate SRK tables

35
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb Normal file
View File

@ -0,0 +1,35 @@
SUMMARY = "TrustFence signing and encryption scripts"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
SRCBRANCH = "v2015.04/master"
SRCBRANCH_ccimx6ul = "v2015.04/master"
SRCREV = "${AUTOREV}"
S = "${WORKDIR}"
# Select internal or Github U-Boot repo
UBOOT_GIT_URI = "${@base_conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT}u-boot-denx.git', '${DIGI_GITHUB_GIT}/u-boot.git', d)}"
SRC_URI = " \
${UBOOT_GIT_URI};branch=${SRCBRANCH} \
file://trustfence-sign-kernel.sh;name=kernel-script \
file://sign_uimage;name=kernel-sign \
file://encrypt_uimage;name=kernel-encrypt \
"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install() {
install -d ${D}${bindir}/csf_templates
install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/
install -m 0755 sign_uimage ${D}${bindir}/csf_templates/
install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/
install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates
install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates
}
FILES_${PN} = "${bindir}"
BBCLASSEXTEND = "native nativesdk"

3
meta-digi-arm/recipes-kernel/linux/linux-dey.inc
View File

@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
DEPENDS += "lzop-native bc-native" DEPENDS += "lzop-native bc-native"
DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}" DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}"
DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
inherit kernel fsl-kernel-localversion inherit kernel fsl-kernel-localversion
@ -38,7 +39,7 @@ do_deploy_append() {
export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}" export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}"
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
"${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin"
fi fi
(cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME})