summaryrefslogtreecommitdiffstats
path: root/meta/classes/kernel-fitimage.bbclass
diff options
context:
space:
mode:
authorKlaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>2021-03-26 17:14:08 -0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-04-06 11:36:51 +0100
commit49d274b61b01dc3b48c58526c932e701deae3b62 (patch)
treea315d5283e72098687fa07b4ad31cc50dc6d7ab2 /meta/classes/kernel-fitimage.bbclass
parent068d114385adc679770dc5e8909ad7c432bf8ec1 (diff)
downloadpoky-49d274b61b01dc3b48c58526c932e701deae3b62.tar.gz
u-boot: Add infrastructure to SPL verified boot
Add the necessary infrastructure to create a U-boot proper fitimage, sign it (using the same keys as the kernel-fitimage), and put the public key in the SPL binary so that verified SPL boot can be accomplished. (From OE-Core rev: 5af4dfe83c2f6509015916262be32fc09bc9714d) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/kernel-fitimage.bbclass')
-rw-r--r--meta/classes/kernel-fitimage.bbclass24
1 files changed, 17 insertions, 7 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 6b7c1c3a7d..5cfd8af99d 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -55,7 +55,7 @@ python __anonymous () {
55 55
56 56
57# Description string 57# Description string
58FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" 58FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
59 59
60# Sign individual images as well 60# Sign individual images as well
61FIT_SIGN_INDIVIDUAL ?= "0" 61FIT_SIGN_INDIVIDUAL ?= "0"
@@ -695,12 +695,22 @@ kernel_do_deploy_append() {
695 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" 695 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
696 fi 696 fi
697 fi 697 fi
698 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then 698 fi
699 # UBOOT_DTB_IMAGE is a realfile, but we can't use 699 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
700 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed 700 [ -n "${UBOOT_DTB_BINARY}" ] ; then
701 # for u-boot, but we are in kernel env now. 701 # UBOOT_DTB_IMAGE is a realfile, but we can't use
702 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" 702 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
703 fi 703 # for u-boot, but we are in kernel env now.
704 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
705 fi
706 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
707 # If we're also creating and/or signing the uboot fit, now we need to
708 # deploy it, it's its file, as well as u-boot-spl.dtb
709 install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
710 echo "Copying u-boot-fitImage file..."
711 install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
712 echo "Copying u-boot-its file..."
713 install -m 0644 ${B}/u-boot-its-* "$deployDir/"
704 fi 714 fi
705} 715}
706 716