summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSean Anderson <sean.anderson@seco.com>2022-10-21 19:37:26 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-10-26 12:28:40 +0100
commitd6858c9f45d25cfec6defec17f62139593ae87f3 (patch)
treeac07edf4808e2d172481e13e861f148e8ccb6cb3
parent930dc57fc8dcbf9ca8a3a431a8c4c02901f63182 (diff)
downloadpoky-d6858c9f45d25cfec6defec17f62139593ae87f3.tar.gz
u-boot: Rework signing to remove interdependencies
The U-Boot signing code is a bit of a mess. The problem is that mkimage determines the public keys to embed into a device tree based on an image that it is signing. This results in all sorts of contortions: U-Boot has to be available to the kernel recipe so that it can have the correct public keys embedded. Then, the signed U-Boot has to be made available to U-Boot's do_deploy. This same dance is then repeated for SPL. To complicate matters, signing for U-Boot and U-Boot SPL is optional, so the whole process must be seamlessly integrated with a non-signed build. The complexity and interdependency of this process makes it difficult to extend. For example, it is not possible to install a signed U-Boot binary into the root filesystem. This is first because u-boot:do_install must run before linux:do_assemble_fitimage, which must run before u-boot:do_deploy. But aside from infrastructure issues, installing a signed U-Boot also can't happen, because the kernel image might have an embedded initramfs (containing the signed U-Boot). However, all of this complexity is accidental. It is not necessary to embed the public keys into U-Boot and sign the kernel in one fell swoop. Instead, we can sign the kernel, stage it, and sign the staged kernel again to embed the public keys into U-Boot [1]. This twice-signed kernel serves only to provide the correct parameters to mkimage, and does not have to be installed or deployed. By cutting the dependency of linux:do_assemble_fitimage on u-boot:do_install, we can drastically simplify the build process, making it much more extensible. The process of doing this conversion is a bit involved, since the U-Boot and Linux recipes are so intertwined at the moment. The most major change is that uboot-sign is no longer inherited by kernel-fitimage. Similarly, all U-Boot-related tasks have been removed from kernel-fitimage. We add a new step to the install task to stage the kernel in /sysroot-only. The logic to disable assemble_fitimage has been removed. We always assemble it, even if the final fitImage will use a bundled initramfs, because U-Boot will need it. On the U-Boot side, much of the churn stems from multiple config support. Previously, we took a fairly ad-hoc approach to UBOOT_CONFIG and UBOOT_MACHINE, introducing for loops wherever we needed to deal with them. However, I have chosen to use a much more structured approach. Each task which needs to use the build directory uses the following pseudocode: do_mytask() { if ${UBOOT_CONFIG}; then for config, type in zip(${UBOOT_CONFIG}, ${UBOOT_MACHINE}); do cd ${config} mytask_helper ${type} done else cd ${B} mytask_helper "" fi } By explicitly placing the work in mytask_helper, we make it easier to ensure that everything is covered, and we also allow bbappends files to more easily extend the task (as otherwise they would need to reimplement the loop themselves). [1] It doesn't particularly matter what we sign. Any FIT will do, but I chose the kernel's because we already went to the trouble of setting it up with the correct hashes and signatures. In the future, we could create a "dummy" image and sign that instead, but it would probably have to happen in the kernel recipe anyway (so we have access to the appropriate variables). (From OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e) Signed-off-by: Sean Anderson <sean.anderson@seco.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/classes-recipe/kernel-fitimage.bbclass68
-rw-r--r--meta/classes-recipe/uboot-config.bbclass3
-rw-r--r--meta/classes-recipe/uboot-sign.bbclass417
-rw-r--r--meta/lib/oeqa/selftest/cases/fitimage.py29
-rw-r--r--meta/recipes-bsp/u-boot/u-boot.inc3
5 files changed, 224 insertions, 296 deletions
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass
index e4a130a0f2..befdf2568c 100644
--- a/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -4,7 +4,7 @@
4# SPDX-License-Identifier: MIT 4# SPDX-License-Identifier: MIT
5# 5#
6 6
7inherit kernel-uboot kernel-artifact-names uboot-sign 7inherit kernel-uboot kernel-artifact-names uboot-config
8 8
9def get_fit_replacement_type(d): 9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" 10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
@@ -50,15 +50,6 @@ python __anonymous () {
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') 50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') 51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") 52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
53
54 # Verified boot will sign the fitImage and append the public key to
55 # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling
56 # the fitImage:
57 if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'):
58 uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
59 d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
60 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
61 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
62} 53}
63 54
64 55
@@ -678,20 +669,12 @@ fitimage_assemble() {
678 ${KERNEL_OUTPUT_DIR}/$2 669 ${KERNEL_OUTPUT_DIR}/$2
679 670
680 # 671 #
681 # Step 8: Sign the image and add public key to U-Boot dtb 672 # Step 8: Sign the image
682 # 673 #
683 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then 674 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
684 add_key_to_u_boot=""
685 if [ -n "${UBOOT_DTB_BINARY}" ]; then
686 # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy
687 # both of them, and don't dereference the symlink.
688 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
689 add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}"
690 fi
691 ${UBOOT_MKIMAGE_SIGN} \ 675 ${UBOOT_MKIMAGE_SIGN} \
692 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ 676 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
693 -F -k "${UBOOT_SIGN_KEYDIR}" \ 677 -F -k "${UBOOT_SIGN_KEYDIR}" \
694 $add_key_to_u_boot \
695 -r ${KERNEL_OUTPUT_DIR}/$2 \ 678 -r ${KERNEL_OUTPUT_DIR}/$2 \
696 ${UBOOT_MKIMAGE_SIGN_ARGS} 679 ${UBOOT_MKIMAGE_SIGN_ARGS}
697 fi 680 fi
@@ -700,18 +683,30 @@ fitimage_assemble() {
700do_assemble_fitimage() { 683do_assemble_fitimage() {
701 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then 684 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
702 cd ${B} 685 cd ${B}
703 fitimage_assemble fit-image.its fitImage "" 686 fitimage_assemble fit-image.its fitImage-none ""
687 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
688 ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage
689 fi
704 fi 690 fi
705} 691}
706 692
707addtask assemble_fitimage before do_install after do_compile 693addtask assemble_fitimage before do_install after do_compile
708 694
695SYSROOT_DIRS:append = " /sysroot-only"
696do_install:append() {
697 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
698 [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
699 install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage
700 fi
701}
702
709do_assemble_fitimage_initramfs() { 703do_assemble_fitimage_initramfs() {
710 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ 704 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
711 test -n "${INITRAMFS_IMAGE}" ; then 705 test -n "${INITRAMFS_IMAGE}" ; then
712 cd ${B} 706 cd ${B}
713 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then 707 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
714 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage "" 708 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle ""
709 ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage
715 else 710 else
716 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 711 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
717 fi 712 fi
@@ -802,35 +797,4 @@ kernel_do_deploy:append() {
802 fi 797 fi
803 fi 798 fi
804 fi 799 fi
805 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
806 [ -n "${UBOOT_DTB_BINARY}" ] ; then
807 # UBOOT_DTB_IMAGE is a realfile, but we can't use
808 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
809 # for u-boot, but we are in kernel env now.
810 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
811 fi
812 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
813 # If we're also creating and/or signing the uboot fit, now we need to
814 # deploy it, it's its file, as well as u-boot-spl.dtb
815 install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
816 bbnote "Copying u-boot-fitImage file..."
817 install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
818 bbnote "Copying u-boot-its file..."
819 install -m 0644 ${B}/u-boot-its-* "$deployDir/"
820 fi
821}
822
823# The function below performs the following in case of initramfs bundles:
824# - Removes do_assemble_fitimage. FIT generation is done through
825# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
826# and should not be part of the tasks to be executed.
827# - Since do_kernel_generate_rsa_keys is inserted by default
828# between do_compile and do_assemble_fitimage, this is
829# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys
830# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
831python () {
832 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
833 bb.build.deltask('do_assemble_fitimage', d)
834 bb.build.deltask('kernel_generate_rsa_keys', d)
835 bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
836} 800}
diff --git a/meta/classes-recipe/uboot-config.bbclass b/meta/classes-recipe/uboot-config.bbclass
index 73dc464444..fb7a4bc498 100644
--- a/meta/classes-recipe/uboot-config.bbclass
+++ b/meta/classes-recipe/uboot-config.bbclass
@@ -19,6 +19,9 @@ def removesuffix(s, suffix):
19 return s[:-len(suffix)] 19 return s[:-len(suffix)]
20 return s 20 return s
21 21
22UBOOT_ENTRYPOINT ?= "20008000"
23UBOOT_LOADADDRESS ?= "${UBOOT_ENTRYPOINT}"
24
22# Some versions of u-boot use .bin and others use .img. By default use .bin 25# Some versions of u-boot use .bin and others use .img. By default use .bin
23# but enable individual recipes to change this value. 26# but enable individual recipes to change this value.
24UBOOT_SUFFIX ??= "bin" 27UBOOT_SUFFIX ??= "bin"
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index 569907fa68..3dc029c429 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -5,7 +5,7 @@
5# 5#
6 6
7# This file is part of U-Boot verified boot support and is intended to be 7# This file is part of U-Boot verified boot support and is intended to be
8# inherited from u-boot recipe and from kernel-fitimage.bbclass. 8# inherited from the u-boot recipe.
9# 9#
10# The signature procedure requires the user to generate an RSA key and 10# The signature procedure requires the user to generate an RSA key and
11# certificate in a directory and to define the following variable: 11# certificate in a directory and to define the following variable:
@@ -22,19 +22,6 @@
22# 22#
23# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot. 23# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
24# 24#
25# The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to
26# treat the device tree blob:
27#
28# * u-boot:do_install:append
29# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
30# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
31#
32# * virtual/kernel:do_assemble_fitimage
33# Sign the image
34#
35# * u-boot:do_deploy[postfuncs]
36# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others.
37#
38# For more details on signature process, please refer to U-Boot documentation. 25# For more details on signature process, please refer to U-Boot documentation.
39 26
40# We need some variables from u-boot-config 27# We need some variables from u-boot-config
@@ -49,6 +36,7 @@ SPL_SIGN_ENABLE ?= "0"
49# Default value for deployment filenames. 36# Default value for deployment filenames.
50UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb" 37UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
51UBOOT_DTB_BINARY ?= "u-boot.dtb" 38UBOOT_DTB_BINARY ?= "u-boot.dtb"
39UBOOT_DTB_SIGNED ?= "${UBOOT_DTB_BINARY}-signed"
52UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb" 40UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
53UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin" 41UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
54UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin" 42UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
@@ -62,6 +50,7 @@ UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
62SPL_DIR ?= "spl" 50SPL_DIR ?= "spl"
63SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb" 51SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
64SPL_DTB_BINARY ?= "u-boot-spl.dtb" 52SPL_DTB_BINARY ?= "u-boot-spl.dtb"
53SPL_DTB_SIGNED ?= "${SPL_DTB_BINARY}-signed"
65SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb" 54SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
66SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin" 55SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
67SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin" 56SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
@@ -92,58 +81,48 @@ UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
92# Standard format for public key certificate 81# Standard format for public key certificate
93UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509" 82UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
94 83
95# Functions on this bbclass can apply to either U-boot or Kernel, 84# This is only necessary for determining the signing configuration
96# depending on the scenario 85KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}"
97UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
98KERNEL_PN = "${@d.getVar('PREFERRED_PROVIDER_virtual/kernel')}"
99 86
100# We need u-boot-tools-native if we're creating a U-Boot fitImage
101python() { 87python() {
102 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1': 88 # We need u-boot-tools-native if we're creating a U-Boot fitImage
103 depends = d.getVar("DEPENDS") 89 sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
104 depends = "%s u-boot-tools-native dtc-native" % depends 90 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
105 d.setVar("DEPENDS", depends) 91 d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
92 if sign:
93 d.appendVar('DEPENDS', " " + d.getVar('KERNEL_PN'))
106} 94}
107 95
108concat_dtb_helper() { 96concat_dtb() {
109 if [ -e "${UBOOT_DTB_BINARY}" ]; then 97 type="$1"
110 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY} 98 binary="$2"
111 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
112 fi
113 99
114 if [ -f "${UBOOT_NODTB_BINARY}" ]; then 100 if [ -e "${UBOOT_DTB_BINARY}" ]; then
115 install ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} 101 # Re-sign the kernel in order to add the keys to our dtb
116 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK} 102 ${UBOOT_MKIMAGE_SIGN} \
117 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY} 103 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
104 -F -k "${UBOOT_SIGN_KEYDIR}" \
105 -K "${UBOOT_DTB_BINARY}" \
106 -r ${B}/fitImage-linux \
107 ${UBOOT_MKIMAGE_SIGN_ARGS}
108 cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
118 fi 109 fi
119 110
120 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB 111 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
121 # with public key (otherwise it will be deployed by the equivalent 112 # with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble)
122 # concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
123 if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then 113 if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
124 deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}'
125 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ 114 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
126 [ -e "$deployed_uboot_dtb_binary" ]; then 115 [ -e "${UBOOT_DTB_BINARY}" ]; then
127 oe_runmake EXT_DTB=$deployed_uboot_dtb_binary 116 oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET}
128 install ${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} 117 if [ -n "${binary}" ]; then
129 elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then 118 cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
130 cd ${DEPLOYDIR} 119 fi
131 cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE} 120 elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then
132 121 if [ -n "${binary}" ]; then
133 if [ -n "${UBOOT_CONFIG}" ] 122 cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \
134 then 123 ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
135 i=0 124 else
136 j=0 125 cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} > ${UBOOT_BINARY}
137 for config in ${UBOOT_MACHINE}; do
138 i=$(expr $i + 1);
139 for type in ${UBOOT_CONFIG}; do
140 j=$(expr $j + 1);
141 if [ $j -eq $i ]
142 then
143 cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
144 fi
145 done
146 done
147 fi 126 fi
148 else 127 else
149 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available." 128 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
@@ -151,120 +130,67 @@ concat_dtb_helper() {
151 fi 130 fi
152} 131}
153 132
154concat_spl_dtb_helper() { 133deploy_dtb() {
134 type="$1"
155 135
156 # We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will 136 if [ -n "${type}" ]; then
157 # be responsible for deploying the real file 137 uboot_dtb_binary="u-boot-${type}-${PV}-${PR}.dtb"
158 if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then 138 uboot_nodtb_binary="u-boot-nodtb-${type}-${PV}-${PR}.bin"
159 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
160 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
161 fi
162
163 # Concatenate the SPL nodtb binary and u-boot.dtb
164 deployed_spl_dtb_binary='${DEPLOY_DIR_IMAGE}/${SPL_DTB_IMAGE}'
165 if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
166 cd ${DEPLOYDIR}
167 cat ${SPL_NODTB_IMAGE} $deployed_spl_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${SPL_BINARY} > ${SPL_IMAGE}
168 else 139 else
169 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available." 140 uboot_dtb_binary="${UBOOT_DTB_IMAGE}"
141 uboot_nodtb_binary="${UBOOT_NODTB_IMAGE}"
170 fi 142 fi
171}
172 143
173 144 if [ -e "${UBOOT_DTB_SIGNED}" ]; then
174concat_dtb() { 145 install -Dm644 ${UBOOT_DTB_SIGNED} ${DEPLOYDIR}/${uboot_dtb_binary}
175 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then 146 if [ -n "${type}" ]; then
176 mkdir -p ${DEPLOYDIR} 147 ln -sf ${uboot_dtb_binary} ${DEPLOYDIR}/${UBOOT_DTB_IMAGE}
177 if [ -n "${UBOOT_CONFIG}" ]; then
178 for config in ${UBOOT_MACHINE}; do
179 CONFIG_B_PATH="$config"
180 cd ${B}/$config
181 concat_dtb_helper
182 done
183 else
184 CONFIG_B_PATH=""
185 cd ${B}
186 concat_dtb_helper
187 fi 148 fi
188 fi 149 fi
189}
190 150
191concat_spl_dtb() { 151 if [ -f "${UBOOT_NODTB_BINARY}" ]; then
192 if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then 152 install -Dm644 ${UBOOT_DTB_BINARY} ${DEPLOYDIR}/${uboot_nodtb_binary}
193 mkdir -p ${DEPLOYDIR} 153 if [ -n "${type}" ]; then
194 if [ -n "${UBOOT_CONFIG}" ]; then 154 ln -sf ${uboot_nodtb_binary} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
195 for config in ${UBOOT_MACHINE}; do
196 CONFIG_B_PATH="$config"
197 cd ${B}/$config
198 concat_spl_dtb_helper
199 done
200 else
201 CONFIG_B_PATH=""
202 cd ${B}
203 concat_spl_dtb_helper
204 fi 155 fi
205 fi 156 fi
206} 157}
207 158
208 159concat_spl_dtb() {
209# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for 160 if [ -e "${SPL_DIR}/${SPL_NODTB_BINARY}" -a -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
210# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. 161 cat ${SPL_DIR}/${SPL_NODTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED} > "${SPL_BINARY}"
211install_helper() {
212 if [ -f "${UBOOT_DTB_BINARY}" ]; then
213 # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we
214 # need both of them.
215 install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
216 ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
217 else 162 else
218 bbwarn "${UBOOT_DTB_BINARY} not found" 163 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
219 fi 164 fi
220} 165}
221 166
222# Install SPL dtb and u-boot nodtb to datadir, 167deploy_spl_dtb() {
223install_spl_helper() { 168 type="$1"
224 if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then 169
225 install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE} 170 if [ -n "${type}" ]; then
226 ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY} 171 spl_dtb_binary="u-boot-spl-${type}-${PV}-${PR}.dtb"
227 else 172 spl_nodtb_binary="u-boot-spl-nodtb-${type}-${PV}-${PR}.bin"
228 bbwarn "${SPL_DTB_BINARY} not found"
229 fi
230 if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
231 install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
232 ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
233 else 173 else
234 bbwarn "${UBOOT_NODTB_BINARY} not found" 174 spl_dtb_binary="${SPL_DTB_IMAGE}"
175 spl_nodtb_binary="${SPL_NODTB_IMAGE}"
235 fi 176 fi
236 177
237 # We need to install a 'stub' u-boot-fitimage + its to datadir, 178 if [ -e "${SPL_DIR}/${SPL_DTB_SIGNED}" ] ; then
238 # so that the KERNEL_PN can use the correct filename when 179 install -Dm644 ${SPL_DIR}/${SPL_DTB_SIGNED} ${DEPLOYDIR}/${spl_dtb_binary}
239 # assembling and deploying them 180 if [ -n "${type}" ]; then
240 touch ${D}/${datadir}/${UBOOT_FITIMAGE_IMAGE} 181 ln -sf ${spl_dtb_binary} ${DEPLOYDIR}/${SPL_DTB_IMAGE}
241 touch ${D}/${datadir}/${UBOOT_ITS_IMAGE} 182 fi
242} 183 fi
243 184
244do_install:append() { 185 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
245 if [ "${PN}" = "${UBOOT_PN}" ]; then 186 install -Dm644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${spl_nodtb_binary}
246 if [ -n "${UBOOT_CONFIG}" ]; then 187 if [ -n "${type}" ]; then
247 for config in ${UBOOT_MACHINE}; do 188 ln -sf ${spl_nodtb_binary} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
248 cd ${B}/$config
249 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
250 [ -n "${UBOOT_DTB_BINARY}" ]; then
251 install_helper
252 fi
253 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
254 install_spl_helper
255 fi
256 done
257 else
258 cd ${B}
259 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
260 [ -n "${UBOOT_DTB_BINARY}" ]; then
261 install_helper
262 fi
263 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
264 install_spl_helper
265 fi
266 fi 189 fi
267 fi 190 fi
191
192 # For backwards compatibility...
193 install -Dm644 ${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
268} 194}
269 195
270do_uboot_generate_rsa_keys() { 196do_uboot_generate_rsa_keys() {
@@ -300,13 +226,10 @@ addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compi
300# Create a ITS file for the U-boot FIT, for use when 226# Create a ITS file for the U-boot FIT, for use when
301# we want to sign it so that the SPL can verify it 227# we want to sign it so that the SPL can verify it
302uboot_fitimage_assemble() { 228uboot_fitimage_assemble() {
303 uboot_its="$(basename ${STAGING_DATADIR}/u-boot-its-*)" 229 rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY}
304 uboot_bin="$(basename ${STAGING_DATADIR}/u-boot-fitImage-*)"
305
306 rm -f $uboot_its $uboot_bin
307 230
308 # First we create the ITS script 231 # First we create the ITS script
309 cat << EOF >> $uboot_its 232 cat << EOF >> ${UBOOT_ITS}
310/dts-v1/; 233/dts-v1/;
311 234
312/ { 235/ {
@@ -326,7 +249,7 @@ uboot_fitimage_assemble() {
326EOF 249EOF
327 250
328 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 251 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
329 cat << EOF >> $uboot_its 252 cat << EOF >> ${UBOOT_ITS}
330 signature { 253 signature {
331 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; 254 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
332 key-name-hint = "${SPL_SIGN_KEYNAME}"; 255 key-name-hint = "${SPL_SIGN_KEYNAME}";
@@ -334,7 +257,7 @@ EOF
334EOF 257EOF
335 fi 258 fi
336 259
337 cat << EOF >> $uboot_its 260 cat << EOF >> ${UBOOT_ITS}
338 }; 261 };
339 fdt { 262 fdt {
340 description = "U-Boot FDT"; 263 description = "U-Boot FDT";
@@ -345,7 +268,7 @@ EOF
345EOF 268EOF
346 269
347 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 270 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
348 cat << EOF >> $uboot_its 271 cat << EOF >> ${UBOOT_ITS}
349 signature { 272 signature {
350 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; 273 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
351 key-name-hint = "${SPL_SIGN_KEYNAME}"; 274 key-name-hint = "${SPL_SIGN_KEYNAME}";
@@ -353,7 +276,7 @@ EOF
353EOF 276EOF
354 fi 277 fi
355 278
356 cat << EOF >> $uboot_its 279 cat << EOF >> ${UBOOT_ITS}
357 }; 280 };
358 }; 281 };
359 282
@@ -373,8 +296,8 @@ EOF
373 # 296 #
374 ${UBOOT_MKIMAGE} \ 297 ${UBOOT_MKIMAGE} \
375 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \ 298 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
376 -f $uboot_its \ 299 -f ${UBOOT_ITS} \
377 $uboot_bin 300 ${UBOOT_FITIMAGE_BINARY}
378 301
379 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 302 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
380 # 303 #
@@ -383,74 +306,136 @@ EOF
383 ${UBOOT_MKIMAGE_SIGN} \ 306 ${UBOOT_MKIMAGE_SIGN} \
384 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \ 307 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
385 -F -k "${SPL_SIGN_KEYDIR}" \ 308 -F -k "${SPL_SIGN_KEYDIR}" \
386 -K "${SPL_DTB_BINARY}" \ 309 -K "${SPL_DIR}/${SPL_DTB_BINARY}" \
387 -r $uboot_bin \ 310 -r ${UBOOT_FITIMAGE_BINARY} \
388 ${SPL_MKIMAGE_SIGN_ARGS} 311 ${SPL_MKIMAGE_SIGN_ARGS}
389 fi 312 fi
390 313
314 cp ${SPL_DIR}/${SPL_DTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED}
315}
316
317uboot_assemble_fitimage_helper() {
318 type="$1"
319 binary="$2"
320
321 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
322 concat_dtb $type $binary
323 fi
324
325 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
326 uboot_fitimage_assemble
327 fi
328
329 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
330 concat_spl_dtb
331 fi
391} 332}
392 333
393do_uboot_assemble_fitimage() { 334do_uboot_assemble_fitimage() {
394 # This function runs in KERNEL_PN context. The reason for that is that we need to 335 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
395 # support the scenario where UBOOT_SIGN_ENABLE is placing the Kernel fitImage's 336 cp "${STAGING_DIR_HOST}/sysroot-only/fitImage" "${B}/fitImage-linux"
396 # pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot 337 fi
397 # fitImage itself. 338
398 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ 339 if [ -n "${UBOOT_CONFIG}" ]; then
399 [ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then 340 unset i j k
400 if [ "${UBOOT_SIGN_ENABLE}" != "1" ]; then 341 for config in ${UBOOT_MACHINE}; do
401 # If we're not signing the Kernel fitImage, that means 342 i=$(expr $i + 1);
402 # we need to copy the u-boot.dtb from staging ourselves 343 for type in ${UBOOT_CONFIG}; do
403 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} 344 j=$(expr $j + 1);
404 fi 345 if [ $j -eq $i ]; then
405 # As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first. 346 break;
406 # Unfortunately, need to glob on top of ${SPL_DTB_BINARY} since _IMAGE and _SYMLINK 347 fi
407 # will contain U-boot's PV 348 done
408 # Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in 349
409 # staging so that we can use it for creating the image with the correct filename 350 for binary in ${UBOOT_BINARIES}; do
410 # in the KERNEL_PN context. 351 k=$(expr $j + 1);
411 # As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent 352 if [ $k -eq $i ]; then
412 # do_assemble_fitimage task 353 break;
413 cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B} 354 fi
414 cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B} 355 done
415 rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-* 356
357 cd ${B}/${config}
358 uboot_assemble_fitimage_helper ${type} ${binary}
359 done
360 else
416 cd ${B} 361 cd ${B}
417 uboot_fitimage_assemble 362 uboot_assemble_fitimage_helper "" ${UBOOT_BINARY}
418 fi 363 fi
419} 364}
420 365
421addtask uboot_assemble_fitimage before do_deploy after do_compile 366addtask uboot_assemble_fitimage before do_install do_deploy after do_compile
422 367
423do_deploy:prepend:pn-${UBOOT_PN}() { 368deploy_helper() {
424 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then 369 type="$1"
425 concat_dtb 370
371 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_SIGNED}" ] ; then
372 deploy_dtb $type
426 fi 373 fi
427 374
428 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then 375 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
429 # Deploy the u-boot-nodtb binary and symlinks... 376 if [ -n "${type}" ]; then
430 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then 377 uboot_its_image="u-boot-its-${type}-${PV}-${PR}"
431 echo "Copying u-boot-nodtb binary..." 378 uboot_fitimage_image="u-boot-fitImage-${type}-${PV}-${PR}"
432 install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE} 379 else
433 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK} 380 uboot_its_image="${UBOOT_ITS_IMAGE}"
434 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY} 381 uboot_fitimage_image="${UBOOT_FITIMAGE_IMAGE}"
435 fi 382 fi
436 383
384 install -Dm644 ${UBOOT_FITIMAGE_BINARY} ${DEPLOYDIR}/$uboot_fitimage_image
385 install -Dm644 ${UBOOT_ITS} ${DEPLOYDIR}/$uboot_its_image
437 386
438 # We only deploy the symlinks to the uboot-fitImage and uboot-its 387 if [ -n "${type}" ]; then
439 # images, as the KERNEL_PN will take care of deploying the real file 388 ln -sf $uboot_its_image ${DEPLOYDIR}/${UBOOT_ITS_IMAGE}
440 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY} 389 ln -sf $uboot_fitimage_image ${DEPLOYDIR}/${UBOOT_FITIMAGE_IMAGE}
441 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK} 390 fi
391 fi
392
393 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_SIGNED}" ] ; then
394 deploy_spl_dtb $type
395 fi
396}
397
398do_deploy:prepend() {
399 if [ -n "${UBOOT_CONFIG}" ]; then
400 unset i j k
401 for config in ${UBOOT_MACHINE}; do
402 i=$(expr $i + 1);
403 for type in ${UBOOT_CONFIG}; do
404 j=$(expr $j + 1);
405 if [ $j -eq $i ]; then
406 cd ${B}/${config}
407 deploy_helper ${type}
408 fi
409 done
410 done
411 else
412 cd ${B}
413 deploy_helper ""
414 fi
415
416 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
417 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
418 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
419 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
420 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
421 fi
422
423 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
442 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS} 424 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
443 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK} 425 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
426 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
427 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
444 fi 428 fi
445 429
446 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then 430 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
447 concat_spl_dtb 431 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
432 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
433 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
434 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
448 fi 435 fi
449
450
451} 436}
452 437
453do_deploy:append:pn-${UBOOT_PN}() { 438do_deploy:append() {
454 # If we're creating a u-boot fitImage, point u-boot.bin 439 # If we're creating a u-boot fitImage, point u-boot.bin
455 # symlink since it might get used by image recipes 440 # symlink since it might get used by image recipes
456 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then 441 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
@@ -458,27 +443,3 @@ do_deploy:append:pn-${UBOOT_PN}() {
458 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK} 443 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
459 fi 444 fi
460} 445}
461
462python () {
463 if ( (d.getVar('UBOOT_SIGN_ENABLE') == '1'
464 or d.getVar('UBOOT_FITIMAGE_ENABLE') == '1')
465 and d.getVar('PN') == d.getVar('UBOOT_PN')
466 and d.getVar('UBOOT_DTB_BINARY')):
467
468 # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
469 # and/or the U-Boot fitImage
470 d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % d.getVar('KERNEL_PN'))
471
472 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' and d.getVar('PN') == d.getVar('KERNEL_PN'):
473 # As the U-Boot fitImage is created by the KERNEL_PN, we need
474 # to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
475 # files are in the staging dir for it's use
476 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % d.getVar('UBOOT_PN'))
477
478 # If the Kernel fitImage is being signed, we need to
479 # create the U-Boot fitImage after it
480 if d.getVar('UBOOT_SIGN_ENABLE') == '1':
481 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage' % d.getVar('KERNEL_PN'))
482 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage_initramfs' % d.getVar('KERNEL_PN'))
483
484}
diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py
index 14267dbaaa..1570d54dfb 100644
--- a/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -277,8 +277,8 @@ FIT_SIGN_INDIVIDUAL = "1"
277""" 277"""
278 self.write_config(config) 278 self.write_config(config)
279 279
280 # The U-Boot fitImage is created as part of linux recipe 280 # The U-Boot fitImage is created as part of the U-Boot recipe
281 bitbake("virtual/kernel") 281 bitbake("virtual/bootloader")
282 282
283 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') 283 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
284 machine = get_bb_var('MACHINE') 284 machine = get_bb_var('MACHINE')
@@ -350,7 +350,8 @@ UBOOT_LOADADDRESS = "0x80080000"
350UBOOT_ENTRYPOINT = "0x80080000" 350UBOOT_ENTRYPOINT = "0x80080000"
351UBOOT_FIT_DESC = "A model description" 351UBOOT_FIT_DESC = "A model description"
352KERNEL_IMAGETYPES += " fitImage " 352KERNEL_IMAGETYPES += " fitImage "
353KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper " 353KERNEL_CLASSES = " kernel-fitimage "
354INHERIT += "test-mkimage-wrapper"
354UBOOT_SIGN_ENABLE = "1" 355UBOOT_SIGN_ENABLE = "1"
355FIT_GENERATE_KEYS = "1" 356FIT_GENERATE_KEYS = "1"
356UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" 357UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -361,8 +362,8 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
361""" 362"""
362 self.write_config(config) 363 self.write_config(config)
363 364
364 # The U-Boot fitImage is created as part of linux recipe 365 # The U-Boot fitImage is created as part of the U-Boot recipe
365 bitbake("virtual/kernel") 366 bitbake("virtual/bootloader")
366 367
367 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') 368 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
368 machine = get_bb_var('MACHINE') 369 machine = get_bb_var('MACHINE')
@@ -432,7 +433,8 @@ UBOOT_MACHINE = "am57xx_evm_defconfig"
432SPL_BINARY = "MLO" 433SPL_BINARY = "MLO"
433# The kernel-fitimage class is a dependency even if we're only 434# The kernel-fitimage class is a dependency even if we're only
434# creating/signing the U-Boot fitImage 435# creating/signing the U-Boot fitImage
435KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper " 436KERNEL_CLASSES = " kernel-fitimage"
437INHERIT += "test-mkimage-wrapper"
436# Enable creation and signing of the U-Boot fitImage 438# Enable creation and signing of the U-Boot fitImage
437UBOOT_FITIMAGE_ENABLE = "1" 439UBOOT_FITIMAGE_ENABLE = "1"
438SPL_SIGN_ENABLE = "1" 440SPL_SIGN_ENABLE = "1"
@@ -451,8 +453,8 @@ UBOOT_FIT_HASH_ALG = "sha256"
451""" 453"""
452 self.write_config(config) 454 self.write_config(config)
453 455
454 # The U-Boot fitImage is created as part of linux recipe 456 # The U-Boot fitImage is created as part of the U-Boot recipe
455 bitbake("virtual/kernel") 457 bitbake("virtual/bootloader")
456 458
457 image_type = "core-image-minimal" 459 image_type = "core-image-minimal"
458 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') 460 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
@@ -540,7 +542,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
540 self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) 542 self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
541 543
542 # Check for SPL_MKIMAGE_SIGN_ARGS 544 # Check for SPL_MKIMAGE_SIGN_ARGS
543 result = runCmd('bitbake -e virtual/kernel | grep ^T=') 545 result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
544 tempdir = result.output.split('=', 1)[1].strip().strip('') 546 tempdir = result.output.split('=', 1)[1].strip().strip('')
545 result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) 547 result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
546 self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used') 548 self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
@@ -595,7 +597,8 @@ UBOOT_EXTLINUX = "0"
595UBOOT_FIT_GENERATE_KEYS = "1" 597UBOOT_FIT_GENERATE_KEYS = "1"
596UBOOT_FIT_HASH_ALG = "sha256" 598UBOOT_FIT_HASH_ALG = "sha256"
597KERNEL_IMAGETYPES += " fitImage " 599KERNEL_IMAGETYPES += " fitImage "
598KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper " 600KERNEL_CLASSES = " kernel-fitimage "
601INHERIT += "test-mkimage-wrapper"
599UBOOT_SIGN_ENABLE = "1" 602UBOOT_SIGN_ENABLE = "1"
600FIT_GENERATE_KEYS = "1" 603FIT_GENERATE_KEYS = "1"
601UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" 604UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -605,8 +608,8 @@ FIT_SIGN_INDIVIDUAL = "1"
605""" 608"""
606 self.write_config(config) 609 self.write_config(config)
607 610
608 # The U-Boot fitImage is created as part of linux recipe 611 # The U-Boot fitImage is created as part of the U-Boot recipe
609 bitbake("virtual/kernel") 612 bitbake("virtual/bootloader")
610 613
611 image_type = "core-image-minimal" 614 image_type = "core-image-minimal"
612 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') 615 deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
@@ -694,7 +697,7 @@ FIT_SIGN_INDIVIDUAL = "1"
694 self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) 697 self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
695 698
696 # Check for SPL_MKIMAGE_SIGN_ARGS 699 # Check for SPL_MKIMAGE_SIGN_ARGS
697 result = runCmd('bitbake -e virtual/kernel | grep ^T=') 700 result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
698 tempdir = result.output.split('=', 1)[1].strip().strip('') 701 tempdir = result.output.split('=', 1)[1].strip().strip('')
699 result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) 702 result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
700 self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used') 703 self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 5705e5835b..15e949b8b4 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -312,17 +312,14 @@ do_deploy () {
312 unset i 312 unset i
313 else 313 else
314 install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE} 314 install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
315 rm -f ${DEPLOYDIR}/${SPL_BINARYNAME} ${DEPLOYDIR}/${SPL_SYMLINK}
316 ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME} 315 ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME}
317 ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK} 316 ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK}
318 fi 317 fi
319 fi 318 fi
320 319
321
322 if [ -n "${UBOOT_ENV}" ] 320 if [ -n "${UBOOT_ENV}" ]
323 then 321 then
324 install -m 644 ${WORKDIR}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_IMAGE} 322 install -m 644 ${WORKDIR}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_IMAGE}
325 rm -f ${DEPLOYDIR}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_SYMLINK}
326 ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_BINARY} 323 ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_BINARY}
327 ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_SYMLINK} 324 ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_SYMLINK}
328 fi 325 fi
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-21 10:52:56 +0000