@@ -40,7 +40,6 @@ export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
TFM_IMAGE_SIGN_ARGS ?= "\
-v ${RE_LAYOUT_WRAPPER_VERSION} \
--layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
- -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
--public-key-format full \
--align 1 \
--pad \
@@ -63,12 +62,15 @@ TFM_IMAGE_SIGN_ARGS ?= "\
# $1 ... path of binary to sign
# $2 ... load address of the given binary
# $3 ... signed binary size
+# $4 ... signing private key's path
#
# Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR}
#
sign_host_image() {
host_binary_filename="$(basename -s .bin "${1}")"
host_binary_layout="${host_binary_filename}_ns"
+ # If no key was passed then use the ${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}
+ signing_key_path="${4:-${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}}"
cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}
enum image_attributes {
@@ -81,6 +83,7 @@ EOF
${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
${TFM_IMAGE_SIGN_ARGS} \
+ -k "${signing_key_path}" \
"${1}" \
"${host_binary_signed}"
}