From ddec434bc894dab9773e51fad0a79645405a3786 Mon Sep 17 00:00:00 2001
From: Mike Engel <Mike.Engel@digi.com>
Date: Mon, 29 Nov 2021 10:55:25 +0100
Subject: [PATCH] trustfence: move CC8X read-only signature to the end of the
 image

This commit moves the read-only container signature to the end of
rootfs image for the CC8X platform.

Signed-off-by: Mike Engel <Mike.Engel@digi.com>
---
 .../trustfence-sign-tools/trustfence-sign-artifact.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
index a680336bd..28adac4c6 100755
--- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
+++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-artifact.sh
@@ -366,6 +366,17 @@ elif [ "${CONFIG_SIGN_MODE}" = "AHAB" ]; then
 		echo "[ERROR] Could not generate CSF $?"
 		exit 1
 	fi
+	if [ "${ARTIFACT_ROOTFS}" = "y" ]; then
+		echo "Get the AHAB container from the signed Squashfs"
+		dd if=${TARGET} of=ahab_signature_container bs=1 count=8192
+		# Create a copy of SquashFS without the AHAB container
+		dd if=${TARGET} of=${TARGET}-temp bs=8192 skip=1
+		echo "Append the AHAB container at the end of the Squashfs file"
+		cat ahab_signature_container >> ${TARGET}-temp
+		# overwrite the previously signed Squashfs
+		mv ${TARGET}-temp ${TARGET}
+		rm -f ahab_signature_container
+	fi
 fi
 
 [ "${ENCRYPT}" = "true" ] && ENCRYPTED_MSG="and encrypted "