[v2] imx-cst: Add recipe

Message ID	20240909002929.269148-1-festevam@gmail.com
State	Accepted
Headers	show Return-Path: <festevam@gmail.com> ip: 209.85.214.175, mailfrom: festevam@gmail.com) From: Fabio Estevam <festevam@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: raj.khem@gmail.com, otavio@ossystems.com.br, Fabio Estevam <festevam@denx.de> Subject: [PATCH v2] imx-cst: Add recipe Date: Sun, 8 Sep 2024 21:29:29 -0300 Message-Id: <20240909002929.269148-1-festevam@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[v2] imx-cst: Add recipe \| expand [v2] imx-cst: Add recipe

Message ID

20240909002929.269148-1-festevam@gmail.com

State

Accepted

Headers

From: Fabio Estevam <festevam@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: raj.khem@gmail.com,
	otavio@ossystems.com.br,
	Fabio Estevam <festevam@denx.de>
Subject: [PATCH v2] imx-cst: Add recipe
Date: Sun,  8 Sep 2024 21:29:29 -0300
Message-Id: <20240909002929.269148-1-festevam@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[v2] imx-cst: Add recipe | expand

Commit Message

Fabio Estevam Sept. 9, 2024, 12:29 a.m. UTC

From: Fabio Estevam <festevam@denx.de>

Add a recipe for the i.MX CST (Code Signing Tool) version 3.4.0.

The Code Signing Tool is used for secure boot implementation on
i.MX devices.

Example on how to use the CST tool to sign U-Boot on i.MX5/i.MX6/i.MX7:

https://source.denx.de/u-boot/u-boot/-/blob/master/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt

Example on how to use the CST tool to sign U-Boot on i.MX8M:

https://source.denx.de/u-boot/u-boot/-/blob/master/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt

Multiple layers include the imx-cst package and offer their version of
the recipes:

- meta-freescale
- meta-secure-imx
- meta-phytec

and probably more.

The idea of having imx-cst in meta-oe is to centralize and maintain
the efforts in a single location.

Move the existing imx-cst recipe from meta-freescale recipe to meta-oe.

Signed-off-by: Fabio Estevam <festevam@denx.de>
---
Changes since v1:
- Improve the commit log. (Khem)

 .../recipes-support/imx-cst/imx-cst_3.4.0.bb  | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb

diff --git a/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb b/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb
new file mode 100644
index 000000000..b558ce619
--- /dev/null
+++ b/meta-oe/recipes-support/imx-cst/imx-cst_3.4.0.bb
@@ -0,0 +1,39 @@ 
+SUMMARY = "i.MX code signing tool"
+DESCRIPTION = "Code signing support that integrates the HABv4 and AHAB library for i.MX processors"
+LICENSE = "BSD-3-Clause & Apache-2.0"
+
+LIC_FILES_CHKSUM = "\
+    file://LICENSE.bsd3;md5=14aba05f9fa6c25527297c8aac95fcf6 \
+    file://LICENSE.hidapi;md5=e0ea014f523f64f0adb13409055ee59e \
+    file://LICENSE.openssl;md5=3441526b1df5cc01d812c7dfc218cea6 \
+"
+
+DEPENDS = "byacc-native flex-native openssl"
+
+# debian: 3.4.0+dfsg-2
+DEBIAN_PGK_NAME = "imx-code-signing-tool"
+DEBIAN_PGK_VERSION = "${PV}+dfsg"
+
+SRC_URI = "\
+    ${DEBIAN_MIRROR}/main/i/${DEBIAN_PGK_NAME}/${DEBIAN_PGK_NAME}_${DEBIAN_PGK_VERSION}.orig.tar.xz \
+"
+
+SRC_URI[sha256sum] = "52ee3cee3bc500a42095f73c4584e223b4b9d2dfc1cd3e5df965c5952eba8c8d"
+
+S = "${WORKDIR}/${DEBIAN_PGK_NAME}-${DEBIAN_PGK_VERSION}"
+
+EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"'
+
+do_compile() {
+    oe_runmake -C code/obj.linux64 OSTYPE=linux64 ENCRYPTION=yes COPTIONS="${CFLAGS} ${CPPFLAGS}" LDOPTIONS="${LDFLAGS}"
+    oe_runmake -C add-ons/hab_csf_parser COPTS="${CFLAGS} ${CPPFLAGS} ${LDFLAGS}"
+}
+
+do_install () {
+    install -d ${D}${bindir}
+    install -m 755 ${S}/code/obj.linux64/cst ${D}${bindir}/
+    install -m 755 ${S}/code/obj.linux64/srktool ${D}${bindir}
+    install -m 755 ${S}/add-ons/hab_csf_parser/csf_parser ${D}${bindir}
+}
+
+BBCLASSEXTEND = "native nativesdk"

[v2] imx-cst: Add recipe

Commit Message

Patch