From 87579c932e19d9802ce05c692b1d56a56d7762fe Mon Sep 17 00:00:00 2001 From: Fabio Estevam Date: Sun, 8 Sep 2024 21:29:29 -0300 Subject: [PATCH] imx-cst: Add recipe Add a recipe for the i.MX CST (Code Signing Tool) version 3.4.0. The Code Signing Tool is used for secure boot implementation on i.MX devices. Example on how to use the CST tool to sign U-Boot on i.MX5/i.MX6/i.MX7: https://source.denx.de/u-boot/u-boot/-/blob/master/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt Example on how to use the CST tool to sign U-Boot on i.MX8M: https://source.denx.de/u-boot/u-boot/-/blob/master/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt Multiple layers include the imx-cst package and offer their version of the recipes: - meta-freescale - meta-secure-imx - meta-phytec and probably more. The idea of having imx-cst in meta-oe is to centralize and maintain the efforts in a single location. Move the existing imx-cst recipe from meta-freescale recipe to meta-oe. Signed-off-by: Fabio Estevam Signed-off-by: Khem Raj --- .../recipes-support/imx-cst/imx-cst_3.4.0.bb | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb diff --git a/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb b/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb new file mode 100644 index 0000000000..c4b7ce032d --- /dev/null +++ b/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb @@ -0,0 +1,39 @@ +SUMMARY = "i.MX code signing tool" +DESCRIPTION = "Code signing support that integrates the HABv4 and AHAB library for i.MX processors" +LICENSE = "BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "\ + file://LICENSE.bsd3;md5=14aba05f9fa6c25527297c8aac95fcf6 \ + file://LICENSE.hidapi;md5=e0ea014f523f64f0adb13409055ee59e \ + file://LICENSE.openssl;md5=3441526b1df5cc01d812c7dfc218cea6 \ +" + +DEPENDS = "byacc-native flex-native openssl" + +# debian: 3.4.0+dfsg-2 +DEBIAN_PGK_NAME = "imx-code-signing-tool" +DEBIAN_PGK_VERSION = "${PV}+dfsg" + +SRC_URI = "\ + ${DEBIAN_MIRROR}/main/i/${DEBIAN_PGK_NAME}/${DEBIAN_PGK_NAME}_${DEBIAN_PGK_VERSION}.orig.tar.xz \ +" + +SRC_URI[sha256sum] = "52ee3cee3bc500a42095f73c4584e223b4b9d2dfc1cd3e5df965c5952eba8c8d" + +S = "${WORKDIR}/${DEBIAN_PGK_NAME}-${DEBIAN_PGK_VERSION}" + +EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"' + +do_compile() { + oe_runmake -C code/obj.linux64 OSTYPE=linux64 ENCRYPTION=yes COPTIONS="${CFLAGS} ${CPPFLAGS}" LDOPTIONS="${LDFLAGS}" + oe_runmake -C add-ons/hab_csf_parser COPTS="${CFLAGS} ${CPPFLAGS} ${LDFLAGS}" +} + +do_install () { + install -d ${D}${bindir} + install -m 755 ${S}/code/obj.linux64/cst ${D}${bindir}/ + install -m 755 ${S}/code/obj.linux64/srktool ${D}${bindir} + install -m 755 ${S}/add-ons/hab_csf_parser/csf_parser ${D}${bindir} +} + +BBCLASSEXTEND = "native nativesdk"