This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
As the plan is to use the same git objects (SHA1) in the internal and
github repos, also remove that internal/external SRCREV infrastructure.
https://jira.digi.com/browse/DEL-2205
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Move kernel configuration fragments to 2.6.35 recipe (that's the only
kernel version using them)
* Move compile-time dependences to common include linux-dey.inc
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Also remove kernel configuration fragments for kernel 3.10. This is not
needed for 3.10 as all the configuration is done via device-trees.
https://jira.digi.com/browse/DEL-1695
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit b0031915f1c7f3eeba680161827e78bbac9eebb4)
The way the kernel is built in yocto 1.8 has changed. Now the
build is done under ${WORKDIR}/build while the source code is at
STAGING_KERNEL_DIR, so we need to modify the '.config' in the build
directory instead of in the source directory.
This fixes:
kernel-source is not clean, please run 'make mrproper'
make[2]: *** [prepare3] Error 1
make[1]: *** [sub-make] Error 2
https://jira.digi.com/browse/DEL-1558
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Needing to set the branch where a specific SHA1 revision is contained is
a unnecessary constraint that can be bypassed setting 'nobranch=1' in
the SRC_URI.
We do that for all the external repos (GitHub) plus the internal ones
for the im-xbootlets and the atheros kernel module (as those two repos
are stable enough and we are not developing actively on them).
For U-Boot and Linux we keep the SRCBRANCH framework for internal repos
as this is needed for the AUTOREV yocto feature.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Starting with Yocto 1.6 there is a need to configure in which branch a
specific SHA1 revision is included. We need a framework to set such
branches both for internal git repos and for external ones (Github).
If the branch is not specified in the SRC_URI, the do_fetch task may
fail even though the SHA1 revision exists in the repository.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
linux-dey.inc is a copy of meta-fsl-arm's linux-imx recipe file, so
instead of copying the whole recipe just use that (including the file)
and code the differences.
While on it, add RDEPENDS_kernel-base="" to remove the dependence of the
rootfs image recipes on the linux image. We don't need/use the kernel
image in the rootfs as we load it from a different partition. This makes
rootfs images a bit smaller.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
change the directory (cd) and make the symbolic link in a subshell to
preserve the current working directory for any subsequent command.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Copy including folders. This was causing problems in kernel version 3.10
as the directory included folders that were omitted in the copy and caused
the do_install to fail.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
The final product will be called "Digi Embedded for Yocto" or DEY for
short.
This commit renames all relevant files.
https://jira.digi.com/browse/DEL-474
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Diaz de Grenu, Jose
Javier Viguera
Alex Gonzalez