diff options
| author | Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> | 2021-03-26 17:14:08 -0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-04-06 11:36:51 +0100 |
| commit | 49d274b61b01dc3b48c58526c932e701deae3b62 (patch) | |
| tree | a315d5283e72098687fa07b4ad31cc50dc6d7ab2 /meta/classes/kernel-fitimage.bbclass | |
| parent | 068d114385adc679770dc5e8909ad7c432bf8ec1 (diff) | |
| download | poky-49d274b61b01dc3b48c58526c932e701deae3b62.tar.gz | |
u-boot: Add infrastructure to SPL verified boot
Add the necessary infrastructure to create a U-boot proper fitimage,
sign it (using the same keys as the kernel-fitimage), and put the public
key in the SPL binary so that verified SPL boot can be accomplished.
(From OE-Core rev: 5af4dfe83c2f6509015916262be32fc09bc9714d)
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/kernel-fitimage.bbclass')
| -rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 6b7c1c3a7d..5cfd8af99d 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass | |||
| @@ -55,7 +55,7 @@ python __anonymous () { | |||
| 55 | 55 | ||
| 56 | 56 | ||
| 57 | # Description string | 57 | # Description string |
| 58 | FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" | 58 | FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
| 59 | 59 | ||
| 60 | # Sign individual images as well | 60 | # Sign individual images as well |
| 61 | FIT_SIGN_INDIVIDUAL ?= "0" | 61 | FIT_SIGN_INDIVIDUAL ?= "0" |
| @@ -695,12 +695,22 @@ kernel_do_deploy_append() { | |||
| 695 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" | 695 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| 696 | fi | 696 | fi |
| 697 | fi | 697 | fi |
| 698 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then | 698 | fi |
| 699 | # UBOOT_DTB_IMAGE is a realfile, but we can't use | 699 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ |
| 700 | # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed | 700 | [ -n "${UBOOT_DTB_BINARY}" ] ; then |
| 701 | # for u-boot, but we are in kernel env now. | 701 | # UBOOT_DTB_IMAGE is a realfile, but we can't use |
| 702 | install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" | 702 | # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed |
| 703 | fi | 703 | # for u-boot, but we are in kernel env now. |
| 704 | install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" | ||
| 705 | fi | ||
| 706 | if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then | ||
| 707 | # If we're also creating and/or signing the uboot fit, now we need to | ||
| 708 | # deploy it, it's its file, as well as u-boot-spl.dtb | ||
| 709 | install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" | ||
| 710 | echo "Copying u-boot-fitImage file..." | ||
| 711 | install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" | ||
| 712 | echo "Copying u-boot-its file..." | ||
| 713 | install -m 0644 ${B}/u-boot-its-* "$deployDir/" | ||
| 704 | fi | 714 | fi |
| 705 | } | 715 | } |
| 706 | 716 | ||