Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
meta-digi/meta-digi-arm
History
Hector Palacios 6a8bf7afff trustfence: add function to generate a PKI tree if it doesn't exist 
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.

Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.

Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.

The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.

The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.

It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

https://onedigi.atlassian.net/browse/DEL-8430
 		2023-03-21 09:41:36 +01:00
..
classes meta-digi: remove True option to getVar 2023-02-24 16:24:47 +01:00
conf ccmp15/ccmp13: remove rs232 device tree overlays 2023-03-07 18:14:20 +01:00
custom-licenses kirkstone migration: cosmetic, clean build warnings 2022-06-21 16:49:56 +02:00
dynamic-layers meta-digi: revert revisions to AUTOREV 2023-03-10 15:48:01 +01:00
recipes-bsp meta-digi: revert revisions to AUTOREV 2023-03-10 15:48:01 +01:00
recipes-core udev: mount.sh: force to find files in /tmp 2023-03-03 12:06:33 +01:00
recipes-digi trustfence: add function to generate a PKI tree if it doesn't exist 2023-03-21 09:41:36 +01:00
recipes-kernel meta-digi: revert revisions to AUTOREV 2023-03-10 15:48:01 +01:00
DIGI_EULA DIGI_EULA: Update Digi EULA file. 2017-08-29 12:23:22 +02:00
DIGI_OPEN_EULA meta-digi-arm: Add end user license agreements. 2012-10-26 16:20:14 +02:00
README meta-digi: update support email address 2017-10-30 17:02:33 +01:00

README 

OpenEmbedded/Yocto BSP layer for Digi's ConnectCore platforms
=============================================================

This layer provides support for Digi's ConnnecCore platforms for use
with OpenEmbedded and/or Yocto.

This layer depends on:

git://git.yoctoproject.org/poky.git
git://git.openembedded.org/meta-openembedded.git
git://git.yoctoproject.org/meta-freescale.git

Digi's license agreements
-------------------------

All software is covered by Digi's general EULA and Digi's Open Source
EULA. To have the right to use the software in your images you need to
read and accept both EULAs at the DIGI_EULA and DIGI_OPEN_EULA files.

NXP Semiconductors' software license agreement
----------------------------------------------

Some platforms depends on libraries and packages that are covered by
NXP Semiconductors' EULA. To have the right to use those binaries in
your images you need to read and accept the EULA file in meta-freescale
Yocto layer.

Support
-------

This layer is provided 'as is' with no guarantee. However, some support
may be available from tech.support@digi.com