trustfence: image_types: do not sign artifacts for STM platforms

For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.

In the specific case of the ramdisk, simply copy it over with the
expected filename extension.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

meta-digi-arm/classes/image_types_digi.bbclass

@@ -207,7 +207,14 @@ trustence_sign_cpio() {
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 
 		# Sign/encrypt the ramdisk
+		if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
 			trustfence-sign-artifact.sh -p "${DIGI_SOM}" -i "${1}" "${1}.tf"
+		elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
+			# TODO: sign the ramdisk for ST platforms
+
+			# (fall-back) Copy the image with no changes
+			cp "${1}" "${1}.tf"
+		fi
 	else
 		# Copy the image with no changes
 		cp "${1}" "${1}.tf"

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc

@@ -99,8 +99,8 @@ build_uboot_scripts() {
 	# Alternate boot script for dualboot
 	mkimage -T script -n "Alternate bootscript" -C none -d ${WORKDIR}/altboot.txt ${DEPLOYDIR}/altboot.scr
 
-	# Sign the scripts
-	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+	# Sign the scripts (TODO signing of artifacts for STM-based platforms)
+	if [ [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${DEY_SOC_VENDOR}" != "STM" ] ]; then
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"

meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc

@@ -5,6 +5,9 @@ DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-too
 do_deploy[postfuncs] += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence_sign', '', d)}"
 
 trustfence_sign() {
+	# TODO: signing of artifacts for STM-based platforms
+	[ "${DEY_SOC_VENDOR}" = "STM" ] && return
+
 	# Set environment variables for trustfence configuration
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"

meta-digi-dey/classes/trustfence.bbclass

@@ -70,7 +70,7 @@ python () {
                 d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey0%s.pem" % d.getVar("TRUSTFENCE_KEY_INDEX"));
             d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt")
 
-        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
+        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y ")
         if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")
         if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"):
@@ -80,6 +80,7 @@ python () {
         if d.getVar("TRUSTFENCE_KEY_INDEX"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX"))
         if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTH_ARTIFACTS=y ")
             if (d.getVar("TRUSTFENCE_DEK_PATH") not in [None, "0"]):
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH"))
             if d.getVar("TRUSTFENCE_SIGN_MODE"):