mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
29d32063ac
In case both UBOOT_SIGN_ENABLE and UBOOT_ENV are enabled and
kernel-fitimage.bbclass is in use to generate signed kernel
fitImage, there is a circular dependency between uboot-sign
and kernel-fitimage bbclasses . The loop looks like this:
kernel-fitimage.bbclass:
- do_populate_sysroot depends on do_assemble_fitimage
- do_assemble_fitimage depends on virtual/bootloader:do_populate_sysroot
- virtual/bootloader:do_populate_sysroot depends on virtual/bootloader:do_install
=> The virtual/bootloader:do_install installs and the
virtual/bootloader:do_populate_sysroot places into
sysroot an U-Boot environment script embedded into
kernel fitImage during do_assemble_fitimage run .
uboot-sign.bbclass:
- DEPENDS on KERNEL_PN, which is really virtual/kernel. More accurately
- do_deploy depends on do_uboot_assemble_fitimage
- do_install depends on do_uboot_assemble_fitimage
- do_uboot_assemble_fitimage depends on virtual/kernel:do_populate_sysroot
=> do_install depends on virtual/kernel:do_populate_sysroot
=> virtual/bootloader:do_install depends on virtual/kernel:do_populate_sysroot
virtual/kernel:do_populate_sysroot depends on virtual/bootloader:do_install
Attempt to resolve the loop. Pull fitimage configuration options into separate
new configuration file image-fitimage.conf so these configuration options can
be shared by both uboot-sign.bbclass and kernel-fitimage.bbclass, and make use
of mkimage -f auto-conf / mkimage -f auto option to insert /signature node key-*
subnode into U-Boot control DT without depending on the layout of kernel fitImage
itself. This is perfectly valid to do, because the U-Boot /signature node key-*
subnodes 'required' property can contain either of two values, 'conf' or 'image'
to authenticate either selected configuration or all of images when booting the
fitImage.
For details of the U-Boot fitImage signing process, see:
https://docs.u-boot.org/en/latest/usage/fit/signature.html
For details of mkimage -f auto-conf and -f auto, see:
https://manpages.debian.org/experimental/u-boot-tools/mkimage.1.en.html#EXAMPLES
(From OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e)
Fixes: 5e12dc911d0c ("u-boot: Rework signing to remove interdependencies")
Reviewed-by: Adrian Freihofer <adrian.freihofer@siemens.com>
(From OE-Core rev: d7bd9c6276611c8c8de0c2a24947783eae5d932a)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
831 lines
24 KiB
Plaintext
831 lines
24 KiB
Plaintext
#
|
|
# Copyright OpenEmbedded Contributors
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
#
|
|
|
|
inherit kernel-uboot kernel-artifact-names uboot-config
|
|
require conf/image-fitimage.conf
|
|
|
|
def get_fit_replacement_type(d):
|
|
kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
|
|
replacementtype = ""
|
|
if 'fitImage' in kerneltypes.split():
|
|
uarch = d.getVar("UBOOT_ARCH")
|
|
if uarch == "arm64":
|
|
replacementtype = "Image"
|
|
elif uarch == "riscv":
|
|
replacementtype = "Image"
|
|
elif uarch == "mips":
|
|
replacementtype = "vmlinuz.bin"
|
|
elif uarch == "x86":
|
|
replacementtype = "bzImage"
|
|
elif uarch == "microblaze":
|
|
replacementtype = "linux.bin"
|
|
else:
|
|
replacementtype = "zImage"
|
|
return replacementtype
|
|
|
|
KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
|
|
DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
|
|
|
|
python __anonymous () {
|
|
# Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
|
|
# to kernel.bbclass . We have to override it, since we pack zImage
|
|
# (at least for now) into the fitImage .
|
|
typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
|
|
if 'fitImage' in typeformake.split():
|
|
d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
|
|
|
|
image = d.getVar('INITRAMFS_IMAGE')
|
|
if image:
|
|
d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
|
|
|
|
ubootenv = d.getVar('UBOOT_ENV')
|
|
if ubootenv:
|
|
d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
|
|
|
|
#check if there are any dtb providers
|
|
providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
|
|
if providerdtb:
|
|
d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
|
|
d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
|
|
d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS header
|
|
#
|
|
# $1 ... .its filename
|
|
fitimage_emit_fit_header() {
|
|
cat << EOF >> $1
|
|
/dts-v1/;
|
|
|
|
/ {
|
|
description = "${FIT_DESC}";
|
|
#address-cells = <${FIT_ADDRESS_CELLS}>;
|
|
EOF
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage section bits
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Section bit type: imagestart - image section start
|
|
# confstart - configuration section start
|
|
# sectend - section end
|
|
# fitend - fitimage end
|
|
#
|
|
fitimage_emit_section_maint() {
|
|
case $2 in
|
|
imagestart)
|
|
cat << EOF >> $1
|
|
|
|
images {
|
|
EOF
|
|
;;
|
|
confstart)
|
|
cat << EOF >> $1
|
|
|
|
configurations {
|
|
EOF
|
|
;;
|
|
sectend)
|
|
cat << EOF >> $1
|
|
};
|
|
EOF
|
|
;;
|
|
fitend)
|
|
cat << EOF >> $1
|
|
};
|
|
EOF
|
|
;;
|
|
esac
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS kernel section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Image counter
|
|
# $3 ... Path to kernel image
|
|
# $4 ... Compression type
|
|
fitimage_emit_section_kernel() {
|
|
|
|
kernel_csum="${FIT_HASH_ALG}"
|
|
kernel_sign_algo="${FIT_SIGN_ALG}"
|
|
kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
|
|
|
|
ENTRYPOINT="${UBOOT_ENTRYPOINT}"
|
|
if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
|
|
ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
|
|
awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
|
|
fi
|
|
|
|
cat << EOF >> $1
|
|
kernel-$2 {
|
|
description = "Linux kernel";
|
|
data = /incbin/("$3");
|
|
type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
|
|
arch = "${UBOOT_ARCH}";
|
|
os = "linux";
|
|
compression = "$4";
|
|
load = <${UBOOT_LOADADDRESS}>;
|
|
entry = <$ENTRYPOINT>;
|
|
hash-1 {
|
|
algo = "$kernel_csum";
|
|
};
|
|
};
|
|
EOF
|
|
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
|
|
sed -i '$ d' $1
|
|
cat << EOF >> $1
|
|
signature-1 {
|
|
algo = "$kernel_csum,$kernel_sign_algo";
|
|
key-name-hint = "$kernel_sign_keyname";
|
|
};
|
|
};
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS DTB section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Image counter
|
|
# $3 ... Path to DTB image
|
|
fitimage_emit_section_dtb() {
|
|
|
|
dtb_csum="${FIT_HASH_ALG}"
|
|
dtb_sign_algo="${FIT_SIGN_ALG}"
|
|
dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
|
|
|
|
dtb_loadline=""
|
|
dtb_ext=${DTB##*.}
|
|
if [ "${dtb_ext}" = "dtbo" ]; then
|
|
if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
|
|
dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
|
|
fi
|
|
elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
|
|
dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
|
|
fi
|
|
cat << EOF >> $1
|
|
fdt-$2 {
|
|
description = "Flattened Device Tree blob";
|
|
data = /incbin/("$3");
|
|
type = "flat_dt";
|
|
arch = "${UBOOT_ARCH}";
|
|
compression = "none";
|
|
$dtb_loadline
|
|
hash-1 {
|
|
algo = "$dtb_csum";
|
|
};
|
|
};
|
|
EOF
|
|
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
|
|
sed -i '$ d' $1
|
|
cat << EOF >> $1
|
|
signature-1 {
|
|
algo = "$dtb_csum,$dtb_sign_algo";
|
|
key-name-hint = "$dtb_sign_keyname";
|
|
};
|
|
};
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS u-boot script section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Image counter
|
|
# $3 ... Path to boot script image
|
|
fitimage_emit_section_boot_script() {
|
|
|
|
bootscr_csum="${FIT_HASH_ALG}"
|
|
bootscr_sign_algo="${FIT_SIGN_ALG}"
|
|
bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
|
|
|
|
cat << EOF >> $1
|
|
bootscr-$2 {
|
|
description = "U-boot script";
|
|
data = /incbin/("$3");
|
|
type = "script";
|
|
arch = "${UBOOT_ARCH}";
|
|
compression = "none";
|
|
hash-1 {
|
|
algo = "$bootscr_csum";
|
|
};
|
|
};
|
|
EOF
|
|
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
|
|
sed -i '$ d' $1
|
|
cat << EOF >> $1
|
|
signature-1 {
|
|
algo = "$bootscr_csum,$bootscr_sign_algo";
|
|
key-name-hint = "$bootscr_sign_keyname";
|
|
};
|
|
};
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS setup section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Image counter
|
|
# $3 ... Path to setup image
|
|
fitimage_emit_section_setup() {
|
|
|
|
setup_csum="${FIT_HASH_ALG}"
|
|
|
|
cat << EOF >> $1
|
|
setup-$2 {
|
|
description = "Linux setup.bin";
|
|
data = /incbin/("$3");
|
|
type = "x86_setup";
|
|
arch = "${UBOOT_ARCH}";
|
|
os = "linux";
|
|
compression = "none";
|
|
load = <0x00090000>;
|
|
entry = <0x00090000>;
|
|
hash-1 {
|
|
algo = "$setup_csum";
|
|
};
|
|
};
|
|
EOF
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS ramdisk section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Image counter
|
|
# $3 ... Path to ramdisk image
|
|
fitimage_emit_section_ramdisk() {
|
|
|
|
ramdisk_csum="${FIT_HASH_ALG}"
|
|
ramdisk_sign_algo="${FIT_SIGN_ALG}"
|
|
ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
|
|
ramdisk_loadline=""
|
|
ramdisk_entryline=""
|
|
|
|
if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
|
|
ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
|
|
fi
|
|
if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
|
|
ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
|
|
fi
|
|
|
|
cat << EOF >> $1
|
|
ramdisk-$2 {
|
|
description = "${INITRAMFS_IMAGE}";
|
|
data = /incbin/("$3");
|
|
type = "ramdisk";
|
|
arch = "${UBOOT_ARCH}";
|
|
os = "linux";
|
|
compression = "none";
|
|
$ramdisk_loadline
|
|
$ramdisk_entryline
|
|
hash-1 {
|
|
algo = "$ramdisk_csum";
|
|
};
|
|
};
|
|
EOF
|
|
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
|
|
sed -i '$ d' $1
|
|
cat << EOF >> $1
|
|
signature-1 {
|
|
algo = "$ramdisk_csum,$ramdisk_sign_algo";
|
|
key-name-hint = "$ramdisk_sign_keyname";
|
|
};
|
|
};
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
#
|
|
# echoes symlink destination if it points below directory
|
|
#
|
|
# $1 ... file that's a potential symlink
|
|
# $2 ... expected parent directory
|
|
symlink_points_below() {
|
|
file="$2/$1"
|
|
dir=$2
|
|
|
|
if ! [ -L "$file" ]; then
|
|
return
|
|
fi
|
|
|
|
realpath="$(realpath --relative-to=$dir $file)"
|
|
if [ -z "${realpath%%../*}" ]; then
|
|
return
|
|
fi
|
|
|
|
echo "$realpath"
|
|
}
|
|
|
|
#
|
|
# Emit the fitImage ITS configuration section
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... Linux kernel ID
|
|
# $3 ... DTB image name
|
|
# $4 ... ramdisk ID
|
|
# $5 ... u-boot script ID
|
|
# $6 ... config ID
|
|
# $7 ... default flag
|
|
# $8 ... default DTB image name
|
|
fitimage_emit_section_config() {
|
|
|
|
conf_csum="${FIT_HASH_ALG}"
|
|
conf_sign_algo="${FIT_SIGN_ALG}"
|
|
conf_padding_algo="${FIT_PAD_ALG}"
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
|
|
conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
|
|
fi
|
|
|
|
its_file="$1"
|
|
kernel_id="$2"
|
|
dtb_image="$3"
|
|
ramdisk_id="$4"
|
|
bootscr_id="$5"
|
|
config_id="$6"
|
|
default_flag="$7"
|
|
default_dtb_image="$8"
|
|
|
|
# Test if we have any DTBs at all
|
|
sep=""
|
|
conf_desc=""
|
|
conf_node="${FIT_CONF_PREFIX}"
|
|
kernel_line=""
|
|
fdt_line=""
|
|
ramdisk_line=""
|
|
bootscr_line=""
|
|
setup_line=""
|
|
default_line=""
|
|
compatible_line=""
|
|
|
|
dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}")
|
|
if [ -z "$dtb_image_sect" ]; then
|
|
dtb_image_sect=$dtb_image
|
|
fi
|
|
|
|
dtb_path="${EXTERNAL_KERNEL_DEVICETREE}/${dtb_image_sect}"
|
|
if [ -f "$dtb_path" ] || [ -L "$dtb_path" ]; then
|
|
compat=$(fdtget -t s "$dtb_path" / compatible | sed 's/ /", "/g')
|
|
if [ -n "$compat" ]; then
|
|
compatible_line="compatible = \"$compat\";"
|
|
fi
|
|
fi
|
|
|
|
dtb_image=$(echo $dtb_image | tr '/' '_')
|
|
dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_')
|
|
|
|
# conf node name is selected based on dtb ID if it is present,
|
|
# otherwise its selected based on kernel ID
|
|
if [ -n "$dtb_image" ]; then
|
|
conf_node=$conf_node$dtb_image
|
|
else
|
|
conf_node=$conf_node$kernel_id
|
|
fi
|
|
|
|
if [ -n "$kernel_id" ]; then
|
|
conf_desc="Linux kernel"
|
|
sep=", "
|
|
kernel_line="kernel = \"kernel-$kernel_id\";"
|
|
fi
|
|
|
|
if [ -n "$dtb_image" ]; then
|
|
conf_desc="$conf_desc${sep}FDT blob"
|
|
sep=", "
|
|
fdt_line="fdt = \"fdt-$dtb_image_sect\";"
|
|
fi
|
|
|
|
if [ -n "$ramdisk_id" ]; then
|
|
conf_desc="$conf_desc${sep}ramdisk"
|
|
sep=", "
|
|
ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
|
|
fi
|
|
|
|
if [ -n "$bootscr_id" ]; then
|
|
conf_desc="$conf_desc${sep}u-boot script"
|
|
sep=", "
|
|
bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
|
|
fi
|
|
|
|
if [ -n "$config_id" ]; then
|
|
conf_desc="$conf_desc${sep}setup"
|
|
setup_line="setup = \"setup-$config_id\";"
|
|
fi
|
|
|
|
if [ "$default_flag" = "1" ]; then
|
|
# default node is selected based on dtb ID if it is present,
|
|
# otherwise its selected based on kernel ID
|
|
if [ -n "$dtb_image" ]; then
|
|
# Select default node as user specified dtb when
|
|
# multiple dtb exists.
|
|
if [ -n "$default_dtb_image" ]; then
|
|
default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
|
|
else
|
|
default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
|
|
fi
|
|
else
|
|
default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
|
|
fi
|
|
fi
|
|
|
|
cat << EOF >> $its_file
|
|
$default_line
|
|
$conf_node {
|
|
description = "$default_flag $conf_desc";
|
|
$compatible_line
|
|
$kernel_line
|
|
$fdt_line
|
|
$ramdisk_line
|
|
$bootscr_line
|
|
$setup_line
|
|
hash-1 {
|
|
algo = "$conf_csum";
|
|
};
|
|
EOF
|
|
|
|
if [ -n "$conf_sign_keyname" ] ; then
|
|
|
|
sign_line="sign-images = "
|
|
sep=""
|
|
|
|
if [ -n "$kernel_id" ]; then
|
|
sign_line="$sign_line${sep}\"kernel\""
|
|
sep=", "
|
|
fi
|
|
|
|
if [ -n "$dtb_image" ]; then
|
|
sign_line="$sign_line${sep}\"fdt\""
|
|
sep=", "
|
|
fi
|
|
|
|
if [ -n "$ramdisk_id" ]; then
|
|
sign_line="$sign_line${sep}\"ramdisk\""
|
|
sep=", "
|
|
fi
|
|
|
|
if [ -n "$bootscr_id" ]; then
|
|
sign_line="$sign_line${sep}\"bootscr\""
|
|
sep=", "
|
|
fi
|
|
|
|
if [ -n "$config_id" ]; then
|
|
sign_line="$sign_line${sep}\"setup\""
|
|
fi
|
|
|
|
sign_line="$sign_line;"
|
|
|
|
cat << EOF >> $its_file
|
|
signature-1 {
|
|
algo = "$conf_csum,$conf_sign_algo";
|
|
key-name-hint = "$conf_sign_keyname";
|
|
padding = "$conf_padding_algo";
|
|
$sign_line
|
|
};
|
|
EOF
|
|
fi
|
|
|
|
cat << EOF >> $its_file
|
|
};
|
|
EOF
|
|
}
|
|
|
|
#
|
|
# Assemble fitImage
|
|
#
|
|
# $1 ... .its filename
|
|
# $2 ... fitImage name
|
|
# $3 ... include ramdisk
|
|
fitimage_assemble() {
|
|
kernelcount=1
|
|
dtbcount=""
|
|
DTBS=""
|
|
ramdiskcount=$3
|
|
setupcount=""
|
|
bootscr_id=""
|
|
default_dtb_image=""
|
|
rm -f $1 arch/${ARCH}/boot/$2
|
|
|
|
if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
|
|
bbfatal "Keys used to sign images and configuration nodes must be different."
|
|
fi
|
|
|
|
fitimage_emit_fit_header $1
|
|
|
|
#
|
|
# Step 1: Prepare a kernel image section.
|
|
#
|
|
fitimage_emit_section_maint $1 imagestart
|
|
|
|
uboot_prep_kimage
|
|
fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
|
|
|
|
#
|
|
# Step 2: Prepare a DTB image section
|
|
#
|
|
|
|
if [ -n "${KERNEL_DEVICETREE}" ]; then
|
|
dtbcount=1
|
|
for DTB in ${KERNEL_DEVICETREE}; do
|
|
if echo $DTB | grep -q '/dts/'; then
|
|
bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
|
|
DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
|
|
fi
|
|
|
|
# Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
|
|
if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
|
|
continue
|
|
fi
|
|
|
|
DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
|
|
if [ ! -e "$DTB_PATH" ]; then
|
|
DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
|
|
fi
|
|
|
|
# Strip off the path component from the filename
|
|
if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
|
|
DTB=`basename $DTB`
|
|
fi
|
|
|
|
# Set the default dtb image if it exists in the devicetree.
|
|
if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then
|
|
default_dtb_image=$(echo "$DTB" | tr '/' '_')
|
|
fi
|
|
|
|
DTB=$(echo "$DTB" | tr '/' '_')
|
|
|
|
# Skip DTB if we've picked it up previously
|
|
echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
|
|
|
|
DTBS="$DTBS $DTB"
|
|
DTB=$(echo $DTB | tr '/' '_')
|
|
fitimage_emit_section_dtb $1 $DTB $DTB_PATH
|
|
done
|
|
fi
|
|
|
|
if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
|
|
dtbcount=1
|
|
for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
|
|
$(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
|
|
# Set the default dtb image if it exists in the devicetree.
|
|
if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then
|
|
default_dtb_image=$(echo "$DTB" | tr '/' '_')
|
|
fi
|
|
|
|
DTB=$(echo "$DTB" | tr '/' '_')
|
|
|
|
# Skip DTB/DTBO if we've picked it up previously
|
|
echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
|
|
|
|
DTBS="$DTBS $DTB"
|
|
|
|
# Also skip if a symlink. We'll later have each config section point at it
|
|
[ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue
|
|
|
|
DTB=$(echo $DTB | tr '/' '_')
|
|
fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
|
|
done
|
|
fi
|
|
|
|
if [ -n "${FIT_CONF_DEFAULT_DTB}" ] && [ -z $default_dtb_image ]; then
|
|
bbwarn "${FIT_CONF_DEFAULT_DTB} is not available in the list of device trees."
|
|
fi
|
|
|
|
#
|
|
# Step 3: Prepare a u-boot script section
|
|
#
|
|
|
|
if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
|
|
if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
|
|
cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
|
|
bootscr_id="${UBOOT_ENV_BINARY}"
|
|
fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
|
|
else
|
|
bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
|
|
fi
|
|
fi
|
|
|
|
#
|
|
# Step 4: Prepare a setup section. (For x86)
|
|
#
|
|
if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
|
|
setupcount=1
|
|
fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
|
|
fi
|
|
|
|
#
|
|
# Step 5: Prepare a ramdisk section.
|
|
#
|
|
if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
|
|
# Find and use the first initramfs image archive type we find
|
|
found=
|
|
for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
|
|
initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
|
|
if [ -e "$initramfs_path" ]; then
|
|
bbnote "Found initramfs image: $initramfs_path"
|
|
found=true
|
|
fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
|
|
break
|
|
else
|
|
bbnote "Did not find initramfs image: $initramfs_path"
|
|
fi
|
|
done
|
|
|
|
if [ -z "$found" ]; then
|
|
bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
|
|
fi
|
|
fi
|
|
|
|
fitimage_emit_section_maint $1 sectend
|
|
|
|
# Force the first Kernel and DTB in the default config
|
|
kernelcount=1
|
|
if [ -n "$dtbcount" ]; then
|
|
dtbcount=1
|
|
fi
|
|
|
|
#
|
|
# Step 6: Prepare a configurations section
|
|
#
|
|
fitimage_emit_section_maint $1 confstart
|
|
|
|
# kernel-fitimage.bbclass currently only supports a single kernel (no less or
|
|
# more) to be added to the FIT image along with 0 or more device trees and
|
|
# 0 or 1 ramdisk.
|
|
# It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
|
|
# When the initramfs bundle is used ramdisk is disabled.
|
|
# If a device tree is to be part of the FIT image, then select
|
|
# the default configuration to be used is based on the dtbcount. If there is
|
|
# no dtb present than select the default configuation to be based on
|
|
# the kernelcount.
|
|
if [ -n "$DTBS" ]; then
|
|
i=1
|
|
for DTB in ${DTBS}; do
|
|
dtb_ext=${DTB##*.}
|
|
if [ "$dtb_ext" = "dtbo" ]; then
|
|
fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" "$default_dtb_image"
|
|
else
|
|
fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" "$default_dtb_image"
|
|
fi
|
|
i=`expr $i + 1`
|
|
done
|
|
else
|
|
defaultconfigcount=1
|
|
fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount "$default_dtb_image"
|
|
fi
|
|
|
|
fitimage_emit_section_maint $1 sectend
|
|
|
|
fitimage_emit_section_maint $1 fitend
|
|
|
|
#
|
|
# Step 7: Assemble the image
|
|
#
|
|
${UBOOT_MKIMAGE} \
|
|
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
|
|
-f $1 \
|
|
${KERNEL_OUTPUT_DIR}/$2
|
|
|
|
#
|
|
# Step 8: Sign the image
|
|
#
|
|
if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
|
|
${UBOOT_MKIMAGE_SIGN} \
|
|
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
|
|
-F -k "${UBOOT_SIGN_KEYDIR}" \
|
|
-r ${KERNEL_OUTPUT_DIR}/$2 \
|
|
${UBOOT_MKIMAGE_SIGN_ARGS}
|
|
fi
|
|
}
|
|
|
|
do_assemble_fitimage() {
|
|
if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
|
|
cd ${B}
|
|
fitimage_assemble fit-image.its fitImage-none ""
|
|
if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
|
|
ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage
|
|
fi
|
|
fi
|
|
}
|
|
|
|
addtask assemble_fitimage before do_install after do_compile
|
|
|
|
SYSROOT_DIRS:append = " /sysroot-only"
|
|
do_install:append() {
|
|
if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
|
|
[ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
|
|
install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage
|
|
fi
|
|
}
|
|
|
|
do_assemble_fitimage_initramfs() {
|
|
if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
|
|
test -n "${INITRAMFS_IMAGE}" ; then
|
|
cd ${B}
|
|
if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
|
|
fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle ""
|
|
ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage
|
|
else
|
|
fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
|
|
|
|
do_kernel_generate_rsa_keys() {
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
|
|
bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
|
|
fi
|
|
|
|
if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
|
|
|
|
# Generate keys to sign configuration nodes, only if they don't already exist
|
|
if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
|
|
[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
|
|
|
|
# make directory if it does not already exist
|
|
mkdir -p "${UBOOT_SIGN_KEYDIR}"
|
|
|
|
bbnote "Generating RSA private key for signing fitImage"
|
|
openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
|
|
"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
|
|
"${FIT_SIGN_NUMBITS}"
|
|
|
|
bbnote "Generating certificate for signing fitImage"
|
|
openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
|
|
-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
|
|
-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
|
|
fi
|
|
|
|
# Generate keys to sign image nodes, only if they don't already exist
|
|
if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
|
|
[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
|
|
|
|
# make directory if it does not already exist
|
|
mkdir -p "${UBOOT_SIGN_KEYDIR}"
|
|
|
|
bbnote "Generating RSA private key for signing fitImage"
|
|
openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
|
|
"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
|
|
"${FIT_SIGN_NUMBITS}"
|
|
|
|
bbnote "Generating certificate for signing fitImage"
|
|
openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
|
|
-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
|
|
-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
|
|
fi
|
|
fi
|
|
}
|
|
|
|
addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
|
|
|
|
kernel_do_deploy[vardepsexclude] = "DATETIME"
|
|
kernel_do_deploy:append() {
|
|
# Update deploy directory
|
|
if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
|
|
|
|
if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
|
|
bbnote "Copying fit-image.its source file..."
|
|
install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
|
|
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
|
|
ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
|
|
fi
|
|
|
|
bbnote "Copying linux.bin file..."
|
|
install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
|
|
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
|
|
ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${INITRAMFS_IMAGE}" ]; then
|
|
bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
|
|
install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
|
|
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
|
|
ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
|
|
fi
|
|
|
|
if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
|
|
bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
|
|
install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
|
|
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
|
|
ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
}
|