arm/classes/tfm_sign_image: Update script so different keys can be used

The tfm_sign_image.bbclass was updated so now the used signing key is
passed by the caller. This is needed because there can be cases where
different images have to be signed with different keys.

If no key is passed to the script, then use a default one to keep the
backward compatibility.

Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm/classes/tfm_sign_image.bbclass

@@ -40,7 +40,6 @@ export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
 TFM_IMAGE_SIGN_ARGS ?= "\
     -v ${RE_LAYOUT_WRAPPER_VERSION} \
     --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
-    -k  "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
     --public-key-format full \
     --align 1 \
     --pad \
@@ -63,12 +62,15 @@ TFM_IMAGE_SIGN_ARGS ?= "\
 # $1 ... path of binary to sign
 # $2 ... load address of the given binary
 # $3 ... signed binary size
+# $4 ... signing private key's path
 #
 # Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR}
 #
 sign_host_image() {
     host_binary_filename="$(basename -s .bin "${1}")"
     host_binary_layout="${host_binary_filename}_ns"
+    # If no key was passed then use the ${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}
+    signing_key_path="${4:-${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}}"
 
     cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}
 enum image_attributes {
@@ -81,6 +83,7 @@ EOF
 
     ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
             ${TFM_IMAGE_SIGN_ARGS} \
+            -k  "${signing_key_path}" \
             "${1}" \
             "${host_binary_signed}"
 }