linux-fitimage: sign setup sections

If FIT_SIGN_INDIVIDUAL is set to “1”, a signature section is added
to all screen sections, but not to the setup section. To match the setup
section with all other sections, the signature is also added. This also
helps to implement the associated tests generically.

This change is intended to make the code more consistent. However, it is
not intended to make the FIT_SIGN_INDIVIDUAL function more popular.
Technically, it would be better to remove the signature from all other
image sections and discard the FIT_SIGN_INDIVIDUAL function, the use of
which is no longer recommended anyway.

(From OE-Core rev: 8bf6a9c07cdde8fc8bbd4bb61a4886ccc02a570f)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes-recipe/kernel-fitimage.bbclass

@@ -243,6 +243,8 @@ EOF
 fitimage_emit_section_setup() {
 
 	setup_csum="${FIT_HASH_ALG}"
+	setup_sign_algo="${FIT_SIGN_ALG}"
+	setup_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
 
 	cat << EOF >> $1
                 setup-$2 {
@@ -259,6 +261,17 @@ fitimage_emit_section_setup() {
                         };
                 };
 EOF
+
+	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$setup_sign_keyname" ] ; then
+		sed -i '$ d' $1
+		cat << EOF >> $1
+                        signature-1 {
+                                algo = "$setup_csum,$setup_sign_algo";
+                                key-name-hint = "$setup_sign_keyname";
+                        };
+                };
+EOF
+	fi
 }
 
 #