The way the kernel artifacts are generated has change as of Yocto 2.2.
Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed
their default values.
Thus the trustfence_sign function needed some tweaks to continue working
properly.
https://jira.digi.com/browse/DEL-3834
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
KERNEL_IMAGE_BASE_NAME and KERNEL_IMAGE_SYMLINK_NAME default values have
changed in Yocto 2.2, so now this appended command is failing because
it's translated to:
ln -sf -4.1-r0.2-ccimx6ulstarter-20170216122147.bin ccimx6ulstarter
which fails with:
ln: invalid option -- '4'
Just remove it, because we don't need that symlink anymore. New U-Boot's
'zimage' and 'uimage' environment variables have default values ending in
'.bin' which is what Yocto provides.
https://jira.digi.com/browse/DEL-3451
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The kernel recipe was modifying the device tree blobs in place within the
kernel build temporal directory. This can cause problems after several
compilations, only the deployed artifacts should be signed/encrypted.
The deployment of the DTBs is done by do_deploy_appends in other layers which
are appended after this recipe, so it is required to use a postfunc to do the
trustfence related process after the deployment of all the artifacts.
https://jira.digi.com/browse/DEL-3388
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
As the plan is to use the same git objects (SHA1) in the internal and
github repos, also remove that internal/external SRCREV infrastructure.
https://jira.digi.com/browse/DEL-2205
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Move kernel configuration fragments to 2.6.35 recipe (that's the only
kernel version using them)
* Move compile-time dependences to common include linux-dey.inc
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Also remove kernel configuration fragments for kernel 3.10. This is not
needed for 3.10 as all the configuration is done via device-trees.
https://jira.digi.com/browse/DEL-1695
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit b0031915f1c7f3eeba680161827e78bbac9eebb4)
The way the kernel is built in yocto 1.8 has changed. Now the
build is done under ${WORKDIR}/build while the source code is at
STAGING_KERNEL_DIR, so we need to modify the '.config' in the build
directory instead of in the source directory.
This fixes:
kernel-source is not clean, please run 'make mrproper'
make[2]: *** [prepare3] Error 1
make[1]: *** [sub-make] Error 2
https://jira.digi.com/browse/DEL-1558
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Needing to set the branch where a specific SHA1 revision is contained is
a unnecessary constraint that can be bypassed setting 'nobranch=1' in
the SRC_URI.
We do that for all the external repos (GitHub) plus the internal ones
for the im-xbootlets and the atheros kernel module (as those two repos
are stable enough and we are not developing actively on them).
For U-Boot and Linux we keep the SRCBRANCH framework for internal repos
as this is needed for the AUTOREV yocto feature.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Javier Viguera
Arturo Buzarra
Mike Engel
Tatiana Leon
Alex Gonzalez
Diaz de Grenu, Jose