trustfence-cst: add support for cst v3.1.0

This version supports OpenSSL v1.1.0 by default, which is used in DEY 2.6. Trying to build older versions of the package will result in failures, so remove support for said versions entirely. Our patches apply cleanly except for the hab4_pki_tree.sh automation patch, which needs a small tweak so it can get applied over the latest version of the script. https://jira.digi.com/browse/DEL-6476 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2019-03-04 13:19:39 +01:00 · 2019-03-04 13:19:39 +01:00 · ec7511ee8f
parent 61dd975687
commit ec7511ee8f
5 changed files with 12 additions and 15 deletions
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
@ -1,4 +1,4 @@
-# Copyright (C) 2017, 2018 Digi International
+# Copyright (C) 2017-2019 Digi International
 SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
 DESCRIPTION = "Provides software code signing support designed for use with \
 i.MX processors that integrate the HAB library in the internal boot ROM."
@ -8,7 +8,7 @@ LICENSE = "CLOSED"
 DEPENDS = "openssl"

 SRC_URI = " \
-    ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \
+    ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tgz', '', d)} \
    file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
    file://0002-hab4_pki_tree.sh-automate-script.patch \
    file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
@ -27,7 +27,7 @@ python() {
        d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
 }

-S = "${WORKDIR}/cst-${PV}"
+S = "${WORKDIR}/release"

 do_configure() {
 	cp -f ${WORKDIR}/Makefile .
@ -47,5 +47,7 @@ do_install() {
 	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
 }

+INSANE_SKIP_${PN} += "already-stripped"
+
 FILES_${PN} = "${bindir}"
 BBCLASSEXTEND = "native nativesdk"
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
@ -57,19 +57,19 @@ index 7dd67f68c8df..b2c6b71b604e 100755
 -if [ $use_ecc = "y" ]
 -then
 -    printf "Enter length for elliptic curve to be used for PKI tree:\n"
-    printf "Possible values p192, p256, p521:   \b"
+-    printf "Possible values p256, p384, p521:   \b"
 -    read kl
 -
 -    # Confirm that a valid key length has been entered
 -    case $kl in
-        p192)
-            cn="secp112r1" ;;
 -        p256)
 -            cn="prime256v1" ;;
+-        p384)
+-            cn="secp384r1" ;;
 -        p521)
 -            cn="secp521r1" ;;
 -        *)
-            echo Invalid key length. Supported key lengths: 192, 256, 521
+-            echo Invalid key length. Supported key lengths: 256, 384, 521
 -        exit 1 ;;
 -    esac
 -else
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb
@ -1,3 +0,0 @@
-# Copyright (C) 2017, 2018 Digi International
-
-require trustfence-cst.inc
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb
@ -1,5 +0,0 @@
-# Copyright (C) 2017, 2018 Digi International
-
-require trustfence-cst.inc
-
-INSANE_SKIP_${PN} += "already-stripped"
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb
@ -0,0 +1,3 @@
+# Copyright (C) 2019 Digi International
+
+require trustfence-cst.inc