[3/3] arm-bsp/corstone1000: Refactor image signing to use new bbclass

diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 5d22b464..d0265364 100644
--- a/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -18,7 +18,7 @@  TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
 TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
 TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
 RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
-TFM_SIGN_PRIVATE_KEY = "${S}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
+TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
 RE_IMAGE_OFFSET = "0x1000"
 
 # u-boot
diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index ad5ec958..76a7126b 100644
--- a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -6,8 +6,27 @@  LICENSE = "MIT"
 COMPATIBLE_MACHINE = "corstone1000"
 
 inherit image
-inherit wic_nopt
+inherit wic_nopt tfm_sign_image
 
 PACKAGE_INSTALL = ""
 
 IMAGE_FSTYPES += "wic wic.nopt"
+
+do_sign_images() {
+    # Sign TF-A BL2
+    sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
+        ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
+
+    # Update BL2 in the FIP image
+    cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
+    fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \
+        ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
+
+    # Sign the FIP image
+    sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
+        ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
+}
+do_sign_images[depends] = "\
+    trusted-firmware-a:do_populate_sysroot \
+    fiptool-native:do_populate_sysroot \
+    "
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 341c8a27..3034680d 100644
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -37,6 +37,3 @@  EXTRA_OEMAKE:append = " \
                         BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
                         LOG_LEVEL=50 \
                         "
-
-# trigger TF-M build so TF-A binaries get signed
-do_deploy[depends]+= "virtual/trusted-firmware-m:do_prepare_recipe_sysroot"
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index eb400e52..95c49d06 100644
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -25,25 +25,8 @@  SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam
 SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
 EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${WORKDIR}/git/openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
 
-DEPENDS += "trusted-firmware-a"
-
-# adding host images signing support
-require trusted-firmware-m-sign-host-images.inc
-
 do_install() {
   install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
   install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin
   install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin
-
-  #
-  # Signing TF-A BL2 and the FIP image
-  #
-
-  sign_host_image ${TFA_BL2_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
-
-  fiptool update \
-      --tb-fw ${D}/firmware/signed_${TFA_BL2_BINARY} \
-      ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY}
-
-  sign_host_image ${TFA_FIP_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
 }