The sign mode needed for each platform is invariable, and since the platform
is already a mandatory parameter for the script, we can store this information
implicitly. Reflect this change in every recipe where the script is used, but
keep the variable at the Yocto level since it's still needed in several places.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Digi Embedded Yocto 3.2-r2.2
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The AHAB decryption process takes the encrypted file from the address defined
in U-Boot and decrypts it into the address defined in this script. If both
addresses are the same, the decryption process ends up failing. This
happens even for signed-only images.
Maintain the original addresses in this script so they do not collide.
This reverts commit c970d87d5a.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
By default, all platforms except ccimx6qpsbc work at 400 kHz on the i2c bus
connected to the ATECC508A crypto chip.
https://onedigi.atlassian.net/browse/DEL-7727
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Re-use RAMDISK address for authenticating the rootfs instead
of allocating a new address (if authenticating a rootfs, we're
not using a ramdisk).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Enabling DIGI_INTERNAL_GIT defaults to LOG server. The build from local
MTK Digi server was broken.
Fix uboot and linux recipes declaring different repo paths depending on
whether the local remote is LOG or MTK.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Includes:
- add support for getting properties from the ROM bootloader.
- flash layout extra check by asking flash size to the MCA bootloader.
- flash layout extra check by asking flash size to the MCA.
Signed-off-by: Hector Bujanda <hector.bujanda@digi.com>
Attempting to boot encrypted artifacts on these platforms will result in HAB
events caused by CAAM errors. This is due to the CAAM being configured for
non-secure contexts (in regards to Trustzone) while the HAB expects it to be
configured for secure contexts.
For now, only sign artifacts for these platforms even if the project has the
encryption feature enabled.
https://jira.digi.com/browse/DUB-993
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In order to revoke SRKs in platforms with AHAB we need to set a mask
during the signing/encryption process.
Create new TRUSTFENCE_SRK_REVOKE_MASK variable to export the
SRK_REVOKE_MASK variable required by the imx-boot signing script.
The revoke mask is not necessary for signing/encryption of other artifacts,
so set it by default to 0x0.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add support to sign and encrypt OS artifacts for AHAB devices.
https://jira.digi.com/browse/DEL-7371
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Mike Engel
Gabriel Valcazar
Gonzalo Ruiz
Arturo Buzarra
Hector Palacios
Hector Bujanda
Francisco Gil