Yocto 4.0 only supports OpenSSL 3.0.x while NXP's CST (code signing
tool) is still using OpenSSL 1.1.x. So the build fails when using the
Yocto-build OpenSSL. Instead, build OpenSSL 1.1.1 as part of the build of
the CST and link statically against libcrypto, so the resulting binaries
(cst, srktool) do not depend on any specific OpenSSL version installed
on the development computer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In order to perform the standalone signature process, it was required
to rebuild the Toolchain with Trustfence support enabled.
CST source code is now available for downloading in the Digi FTP, so add
Trustfence sign scripts and cst/srktool to the default toolchain for it
to be used for standalone signature without rebuilding.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
(cherry picked from commit 2c9b721fb9ce38dcd0034e22d95db6e0ee068955)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes the following warning:
WARNING: meta-digi/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb:
Recipe trustfence-cst sets S variable with trailing slash '/tmp/work/aarch64-dey-linux/trustfence-cst/3.3.1-r0/cst-3.3.1/',
remove it
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since there is only 1 supported version of cst, the include file is
only used once.
Move all the recipe implementation to the *.bb recipe and remove the
*.inc file.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This version supports encryption for devices with Advanced High Assurance Boot
(AHAB) capabilities. This commit also updates and simplifies Digi custom
patches.
https://jira.digi.com/browse/DEL-7175
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Javier Viguera
Gonzalo Ruiz
Arturo Buzarra