summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKlaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>2021-03-26 17:14:07 -0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-04-06 11:36:51 +0100
commit068d114385adc679770dc5e8909ad7c432bf8ec1 (patch)
treeaa8bd100c1d2ed9e5bd5dceda121b93c74026a25
parente8e10f27b20f331622b7fdb3eb4e60f0850ea876 (diff)
downloadpoky-068d114385adc679770dc5e8909ad7c432bf8ec1.tar.gz
u-boot: Move definitions to common locations
Move some definitions from u-boot.inc into uboot-config.bbclass and similarly from kernel-fitimage.bbclass into uboot-sign.bbclass, so that they can be useful when signing the U-boot proper fitimage, for a verified-boot SPL. (From OE-Core rev: cc6c3e31526d3b6ef3a87ba5e548fcad7483bd51) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/classes/kernel-fitimage.bbclass58
-rw-r--r--meta/classes/uboot-config.bbclass56
-rw-r--r--meta/classes/uboot-sign.bbclass35
-rw-r--r--meta/recipes-bsp/u-boot/u-boot.inc46
4 files changed, 91 insertions, 104 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index b9d8270027..6b7c1c3a7d 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -53,30 +53,6 @@ python __anonymous () {
53 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) 53 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
54} 54}
55 55
56# Options for the device tree compiler passed to mkimage '-D' feature:
57UBOOT_MKIMAGE_DTCOPTS ??= ""
58
59# fitImage Hash Algo
60FIT_HASH_ALG ?= "sha256"
61
62# fitImage Signature Algo
63FIT_SIGN_ALG ?= "rsa2048"
64
65# Generate keys for signing fitImage
66FIT_GENERATE_KEYS ?= "0"
67
68# Size of private key in number of bits
69FIT_SIGN_NUMBITS ?= "2048"
70
71# args to openssl genrsa (Default is just the public exponent)
72FIT_KEY_GENRSA_ARGS ?= "-F4"
73
74# args to openssl req (Default is -batch for non interactive mode and
75# -new for new certificate)
76FIT_KEY_REQ_ARGS ?= "-batch -new"
77
78# Standard format for public key certificate
79FIT_KEY_SIGN_PKCS ?= "-x509"
80 56
81# Description string 57# Description string
82FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" 58FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
@@ -84,13 +60,6 @@ FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
84# Sign individual images as well 60# Sign individual images as well
85FIT_SIGN_INDIVIDUAL ?= "0" 61FIT_SIGN_INDIVIDUAL ?= "0"
86 62
87# mkimage command
88UBOOT_MKIMAGE ?= "uboot-mkimage"
89UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}"
90
91# Arguments passed to mkimage for signing
92UBOOT_MKIMAGE_SIGN_ARGS ?= ""
93
94# 63#
95# Emit the fitImage ITS header 64# Emit the fitImage ITS header
96# 65#
@@ -698,33 +667,6 @@ do_assemble_fitimage_initramfs() {
698 667
699addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs 668addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
700 669
701do_generate_rsa_keys() {
702 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
703 bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
704 fi
705
706 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
707
708 # Generate keys only if they don't already exist
709 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
710 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt]; then
711
712 # make directory if it does not already exist
713 mkdir -p "${UBOOT_SIGN_KEYDIR}"
714
715 echo "Generating RSA private key for signing fitImage"
716 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
717 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
718 "${FIT_SIGN_NUMBITS}"
719
720 echo "Generating certificate for signing fitImage"
721 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
722 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
723 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
724 fi
725 fi
726}
727
728addtask generate_rsa_keys before do_assemble_fitimage after do_compile 670addtask generate_rsa_keys before do_assemble_fitimage after do_compile
729 671
730kernel_do_deploy[vardepsexclude] = "DATETIME" 672kernel_do_deploy[vardepsexclude] = "DATETIME"
diff --git a/meta/classes/uboot-config.bbclass b/meta/classes/uboot-config.bbclass
index 89ff970fcc..31487c1418 100644
--- a/meta/classes/uboot-config.bbclass
+++ b/meta/classes/uboot-config.bbclass
@@ -11,7 +11,63 @@
11# 11#
12# Copyright 2013, 2014 (C) O.S. Systems Software LTDA. 12# Copyright 2013, 2014 (C) O.S. Systems Software LTDA.
13 13
14# Some versions of u-boot use .bin and others use .img. By default use .bin
15# but enable individual recipes to change this value.
16UBOOT_SUFFIX ??= "bin"
14UBOOT_BINARY ?= "u-boot.${UBOOT_SUFFIX}" 17UBOOT_BINARY ?= "u-boot.${UBOOT_SUFFIX}"
18UBOOT_BINARYNAME ?= "${@os.path.splitext(d.getVar("UBOOT_BINARY"))[0]}"
19UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}"
20UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}"
21UBOOT_MAKE_TARGET ?= "all"
22
23# Output the ELF generated. Some platforms can use the ELF file and directly
24# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging
25# purposes.
26UBOOT_ELF ?= ""
27UBOOT_ELF_SUFFIX ?= "elf"
28UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}"
29UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}"
30UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}"
31
32# Some versions of u-boot build an SPL (Second Program Loader) image that
33# should be packaged along with the u-boot binary as well as placed in the
34# deploy directory. For those versions they can set the following variables
35# to allow packaging the SPL.
36SPL_BINARY ?= ""
37SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}"
38SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}"
39SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}"
40
41# Additional environment variables or a script can be installed alongside
42# u-boot to be used automatically on boot. This file, typically 'uEnv.txt'
43# or 'boot.scr', should be packaged along with u-boot as well as placed in the
44# deploy directory. Machine configurations needing one of these files should
45# include it in the SRC_URI and set the UBOOT_ENV parameter.
46UBOOT_ENV_SUFFIX ?= "txt"
47UBOOT_ENV ?= ""
48UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}"
49UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}"
50UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}"
51
52# Default name of u-boot initial env, but enable individual recipes to change
53# this value.
54UBOOT_INITIAL_ENV ?= "${PN}-initial-env"
55
56# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf
57# to find EXTLINUX conf file.
58UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
59UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
60UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
61
62# Options for the device tree compiler passed to mkimage '-D' feature:
63UBOOT_MKIMAGE_DTCOPTS ??= ""
64
65# mkimage command
66UBOOT_MKIMAGE ?= "uboot-mkimage"
67UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}"
68
69# Arguments passed to mkimage for signing
70UBOOT_MKIMAGE_SIGN_ARGS ?= ""
15 71
16python () { 72python () {
17 ubootmachine = d.getVar("UBOOT_MACHINE") 73 ubootmachine = d.getVar("UBOOT_MACHINE")
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index d590971a27..4e4941e733 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -31,6 +31,9 @@
31# 31#
32# For more details on signature process, please refer to U-Boot documentation. 32# For more details on signature process, please refer to U-Boot documentation.
33 33
34# We need some variables from u-boot-config
35inherit uboot-config
36
34# Signature activation. 37# Signature activation.
35UBOOT_SIGN_ENABLE ?= "0" 38UBOOT_SIGN_ENABLE ?= "0"
36 39
@@ -41,6 +44,38 @@ UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
41UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" 44UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}"
42UBOOT_NODTB_BINARY ?= "u-boot-nodtb.${UBOOT_SUFFIX}" 45UBOOT_NODTB_BINARY ?= "u-boot-nodtb.${UBOOT_SUFFIX}"
43UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.${UBOOT_SUFFIX}" 46UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.${UBOOT_SUFFIX}"
47UBOOT_ITS_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.its"
48UBOOT_ITS ?= "u-boot.its"
49UBOOT_ITS_SYMLINK ?= "u-boot-${MACHINE}.its"
50SPL_DIR ?= "${@os.path.dirname(d.getVar("SPL_BINARY")) or '.'}"
51SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
52SPL_DTB_BINARY ?= "u-boot-spl.dtb"
53SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
54SPL_NODTB_IMAGE ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb-${MACHINE}-${PV}-${PR}${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}"
55SPL_NODTB_BINARY ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}"
56SPL_NODTB_SYMLINK ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb-${MACHINE}${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}"
57
58# fitImage Hash Algo
59FIT_HASH_ALG ?= "sha256"
60
61# fitImage Signature Algo
62FIT_SIGN_ALG ?= "rsa2048"
63
64# Generate keys for signing fitImage
65FIT_GENERATE_KEYS ?= "0"
66
67# Size of private key in number of bits
68FIT_SIGN_NUMBITS ?= "2048"
69
70# args to openssl genrsa (Default is just the public exponent)
71FIT_KEY_GENRSA_ARGS ?= "-F4"
72
73# args to openssl req (Default is -batch for non interactive mode and
74# -new for new certificate)
75FIT_KEY_REQ_ARGS ?= "-batch -new"
76
77# Standard format for public key certificate
78FIT_KEY_SIGN_PKCS ?= "-x509"
44 79
45# Functions in this bbclass is for u-boot only 80# Functions in this bbclass is for u-boot only
46UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}" 81UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 251178db33..5398c2e621 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -24,52 +24,6 @@ PACKAGECONFIG[openssl] = ",,openssl-native"
24# file already exists it will not be overwritten. 24# file already exists it will not be overwritten.
25UBOOT_LOCALVERSION ?= "" 25UBOOT_LOCALVERSION ?= ""
26 26
27# Some versions of u-boot use .bin and others use .img. By default use .bin
28# but enable individual recipes to change this value.
29UBOOT_SUFFIX ??= "bin"
30UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}"
31UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}"
32UBOOT_MAKE_TARGET ?= "all"
33
34# Output the ELF generated. Some platforms can use the ELF file and directly
35# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging
36# purposes.
37UBOOT_ELF ?= ""
38UBOOT_ELF_SUFFIX ?= "elf"
39UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}"
40UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}"
41UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}"
42
43# Some versions of u-boot build an SPL (Second Program Loader) image that
44# should be packaged along with the u-boot binary as well as placed in the
45# deploy directory. For those versions they can set the following variables
46# to allow packaging the SPL.
47SPL_BINARY ?= ""
48SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}"
49SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}"
50SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}"
51
52# Additional environment variables or a script can be installed alongside
53# u-boot to be used automatically on boot. This file, typically 'uEnv.txt'
54# or 'boot.scr', should be packaged along with u-boot as well as placed in the
55# deploy directory. Machine configurations needing one of these files should
56# include it in the SRC_URI and set the UBOOT_ENV parameter.
57UBOOT_ENV_SUFFIX ?= "txt"
58UBOOT_ENV ?= ""
59UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}"
60UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}"
61UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}"
62
63# Default name of u-boot initial env, but enable individual recipes to change
64# this value.
65UBOOT_INITIAL_ENV ?= "${PN}-initial-env"
66
67# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf
68# to find EXTLINUX conf file.
69UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
70UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
71UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
72
73do_configure () { 27do_configure () {
74 if [ -n "${UBOOT_CONFIG}" ]; then 28 if [ -n "${UBOOT_CONFIG}" ]; then
75 unset i j 29 unset i j
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-26 18:50:38 +0000