linux-fit.inc: set Signed Configurations.

Unset FIT_SIGN_INDIVIDUAL to avoid signing images.
Repalce hash crc32 to sha1, due to "At present only one class of algorithms
is supported: SHA1 hashing with RSA."
Delete hash for configuration.
Add "ramdisk" to 'sign-images', due to "The default is "kernel,fdt" which
means that these two images will be looked up in the config and signed if
present."

diff --git a/meta-baikal/recipes-kernel/linux/linux-fit.inc b/meta-baikal/recipes-kernel/linux/linux-fit.inc
index 9e053c1a75b587a53dbf8b11038a4f6a81db42d7..0de8d4f5d6a09d2816cce43b8df2090b644ffa07 100644 (file)
--- a/meta-baikal/recipes-kernel/linux/linux-fit.inc
+++ b/meta-baikal/recipes-kernel/linux/linux-fit.inc
@@ -4,6 +4,7 @@ DEPENDS:append = " u-boot-tools-native dtc-native"
 
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_ENABLE = "1"
+FIT_SIGN_INDIVIDUAL = "0"
 
 FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
 FIT_CONF_PREFIX ?= "conf-"
@@ -54,7 +55,7 @@ EOF
 
 fitimage_emit_section_kernel() {
 
-       kernel_csum="crc32"
+       kernel_csum="${FIT_HASH_ALG}"
        kernel_sign_algo="${FIT_SIGN_ALG}"
        kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
 
@@ -85,7 +86,7 @@ EOF
                sed -i '$ d' $1
                cat << EOF >> $1
                         signature-1 {
-                                algo = "$kernel_csum,$kernel_sign_algo";
+                               algo = "$kernel_csum,$kernel_sign_algo";
                                 key-name-hint = "$kernel_sign_keyname";
                         };
                 };
@@ -95,7 +96,7 @@ EOF
 
 fitimage_emit_section_dtb() {
 
-       dtb_csum="crc32"
+       dtb_csum="${FIT_HASH_ALG}"
        dtb_sign_algo="${FIT_SIGN_ALG}"
        dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
 
@@ -125,7 +126,7 @@ EOF
                sed -i '$ d' $1
                cat << EOF >> $1
                         signature-1 {
-                                algo = "$dtb_csum,$dtb_sign_algo";
+                               algo = "$dtb_csum,$dtb_sign_algo";
                                 key-name-hint = "$dtb_sign_keyname";
                         };
                 };
@@ -135,7 +136,7 @@ EOF
 
 fitimage_emit_section_ramdisk() {
 
-       ramdisk_csum="crc32"
+       ramdisk_csum="${FIT_HASH_ALG}"
        ramdisk_sign_algo="${FIT_SIGN_ALG}"
        ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
 
@@ -228,9 +229,6 @@ fitimage_emit_section_config() {
                         $kernel_line
                         $fdt_line
                         $ramdisk_line
-                        hash-1 {
-                                algo = "$conf_csum";
-                        };
 EOF
 
        if [ -n "$conf_sign_keyname" ] ; then
@@ -238,6 +236,7 @@ EOF
                         signature-1 {
                                 algo = "$conf_csum,$conf_sign_algo";
                                 key-name-hint = "$conf_sign_keyname";
+                               sign-images = "fdt", "kernel", "ramdisk";
                         };
 EOF
        fi