summaryrefslogtreecommitdiff
path: root/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc
diff options
context:
space:
mode:
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc')
-rw-r--r--meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc50
1 files changed, 50 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc
new file mode 100644
index 0000000000..49af35683d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc
@@ -0,0 +1,50 @@
+# Signing host images using TF-M tools
+
+DEPENDS += "python3-imgtool-native fiptool-native"
+
+#
+# sign_host_image
+#
+# Description:
+#
+# A generic function that signs a host image
+# using MCUBOOT format
+#
+# Arguments:
+#
+# $1 ... host binary to sign
+# $2 ... host binary path
+# $3 ... load address of the given binary
+# $4 ... signed binary size
+#
+# Note: The signed binary is copied to ${D}/firmware
+#
+sign_host_image() {
+
+ host_binary_filename="`basename -s .bin ${1}`"
+ host_binary_layout="${host_binary_filename}_ns"
+
+ cat << EOF > ${B}/${host_binary_layout}
+enum image_attributes {
+ RE_IMAGE_LOAD_ADDRESS = ${3},
+ RE_SIGN_BIN_SIZE = ${4},
+};
+EOF
+
+ host_binary="${2}/`basename ${1}`"
+ host_binary_signed="${D}/firmware/signed_`basename ${1}`"
+
+ ${PYTHON} ${S}/bl2/ext/mcuboot/scripts/wrapper/wrapper.py \
+ -v ${RE_LAYOUT_WRAPPER_VERSION} \
+ --layout ${B}/${host_binary_layout} \
+ -k ${TFM_SIGN_PRIVATE_KEY} \
+ --public-key-format full \
+ --align 1 \
+ --pad \
+ --pad-header \
+ -H ${RE_IMAGE_OFFSET} \
+ -s auto \
+ ${host_binary} \
+ ${host_binary_signed}
+
+}
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-21 18:08:33 +0300