This version supports OpenSSL v1.1.0 by default, which is used in DEY 2.6.
Trying to build older versions of the package will result in failures, so
remove support for said versions entirely.
Our patches apply cleanly except for the hab4_pki_tree.sh automation patch,
which needs a small tweak so it can get applied over the latest version of the
script.
https://jira.digi.com/browse/DEL-6476
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Generate and include the host tools in the SDK when Trustfence is enabled.
This makes it easier to use the standalone signing and encrypting scripts.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
When parsing the recipe, a warning is shown because the tarball is only found
in the downloads folder. However this is expected as it cannot be distributed.
As a workaround, add the tarball to the SRC_URI variable only when Trustfence
is active. That way the warning is not shown in all other cases.
This was incorrectly removed in commit 14fc51147f.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This will allow to get the package from a premirror in case it is not
already downloaded in the DL_DIR.
https://jira.digi.com/browse/DEL-3051
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Refresh the patches with GIT so they apply cleanly using "git am".
Otherwise they fail with:
Applying: openssl_helper: use /dev/urandom as seed source
error: corrupt patch at line 16
Patch failed at 0003 openssl_helper: use /dev/urandom as seed source
Applying: hab4_pki_tree.sh: usa a random password for the default PKI generation
warning: keys/hab4_pki_tree.sh has type 100755, expected 100644
Notice that they were not failing in Yocto, as it does not use "git am"
to apply patches, but it's better to have the patches correctly done.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This package is native only, this patch ensures it can only be built
natively and fix the following problems:
* Add openssl-native rather than openssl to the dependencies.
* Use the $(CC) $(LDFLAGS) and $(CFLAGS) that Yocto provides to avoid a
compilation error.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This allows to automatically create a secure PKI tree without user
interaction.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Gabriel Valcazar
Arturo Buzarra
Jose Diaz de Grenu
Javier Viguera