diff options
author | Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> | 2021-03-26 17:14:08 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-04-06 11:36:51 +0100 |
commit | 49d274b61b01dc3b48c58526c932e701deae3b62 (patch) | |
tree | a315d5283e72098687fa07b4ad31cc50dc6d7ab2 /meta/classes/kernel-fitimage.bbclass | |
parent | 068d114385adc679770dc5e8909ad7c432bf8ec1 (diff) | |
download | poky-49d274b61b01dc3b48c58526c932e701deae3b62.tar.gz |
u-boot: Add infrastructure to SPL verified boot
Add the necessary infrastructure to create a U-boot proper fitimage,
sign it (using the same keys as the kernel-fitimage), and put the public
key in the SPL binary so that verified SPL boot can be accomplished.
(From OE-Core rev: 5af4dfe83c2f6509015916262be32fc09bc9714d)
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/kernel-fitimage.bbclass')
-rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 6b7c1c3a7d..5cfd8af99d 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass | |||
@@ -55,7 +55,7 @@ python __anonymous () { | |||
55 | 55 | ||
56 | 56 | ||
57 | # Description string | 57 | # Description string |
58 | FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" | 58 | FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
59 | 59 | ||
60 | # Sign individual images as well | 60 | # Sign individual images as well |
61 | FIT_SIGN_INDIVIDUAL ?= "0" | 61 | FIT_SIGN_INDIVIDUAL ?= "0" |
@@ -695,12 +695,22 @@ kernel_do_deploy_append() { | |||
695 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" | 695 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
696 | fi | 696 | fi |
697 | fi | 697 | fi |
698 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then | 698 | fi |
699 | # UBOOT_DTB_IMAGE is a realfile, but we can't use | 699 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ |
700 | # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed | 700 | [ -n "${UBOOT_DTB_BINARY}" ] ; then |
701 | # for u-boot, but we are in kernel env now. | 701 | # UBOOT_DTB_IMAGE is a realfile, but we can't use |
702 | install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" | 702 | # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed |
703 | fi | 703 | # for u-boot, but we are in kernel env now. |
704 | install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" | ||
705 | fi | ||
706 | if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then | ||
707 | # If we're also creating and/or signing the uboot fit, now we need to | ||
708 | # deploy it, it's its file, as well as u-boot-spl.dtb | ||
709 | install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" | ||
710 | echo "Copying u-boot-fitImage file..." | ||
711 | install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" | ||
712 | echo "Copying u-boot-its file..." | ||
713 | install -m 0644 ${B}/u-boot-its-* "$deployDir/" | ||
704 | fi | 714 | fi |
705 | } | 715 | } |
706 | 716 | ||