summaryrefslogtreecommitdiffstats
path: root/meta/classes-recipe/kernel-fitimage.bbclass
diff options
context:
space:
mode:
Diffstat (limited to 'meta/classes-recipe/kernel-fitimage.bbclass')
-rw-r--r--meta/classes-recipe/kernel-fitimage.bbclass803
1 files changed, 803 insertions, 0 deletions
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass
new file mode 100644
index 0000000000..838ce204cb
--- /dev/null
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -0,0 +1,803 @@
1#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
7inherit kernel-uboot kernel-artifact-names uboot-sign
8
9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
11 replacementtype = ""
12 if 'fitImage' in kerneltypes.split():
13 uarch = d.getVar("UBOOT_ARCH")
14 if uarch == "arm64":
15 replacementtype = "Image"
16 elif uarch == "riscv":
17 replacementtype = "Image"
18 elif uarch == "mips":
19 replacementtype = "vmlinuz.bin"
20 elif uarch == "x86":
21 replacementtype = "bzImage"
22 elif uarch == "microblaze":
23 replacementtype = "linux.bin"
24 else:
25 replacementtype = "zImage"
26 return replacementtype
27
28KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
29DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
30
31python __anonymous () {
32 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
33 # to kernel.bbclass . We have to override it, since we pack zImage
34 # (at least for now) into the fitImage .
35 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
36 if 'fitImage' in typeformake.split():
37 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
38
39 image = d.getVar('INITRAMFS_IMAGE')
40 if image:
41 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
42
43 ubootenv = d.getVar('UBOOT_ENV')
44 if ubootenv:
45 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
46
47 #check if there are any dtb providers
48 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
49 if providerdtb:
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
53
54 # Verified boot will sign the fitImage and append the public key to
55 # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling
56 # the fitImage:
57 if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'):
58 uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
59 d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
60 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
61 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
62}
63
64
65# Description string
66FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
67
68# Sign individual images as well
69FIT_SIGN_INDIVIDUAL ?= "0"
70
71FIT_CONF_PREFIX ?= "conf-"
72FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
73
74FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
75
76# Keys used to sign individually image nodes.
77# The keys to sign image nodes must be different from those used to sign
78# configuration nodes, otherwise the "required" property, from
79# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
80# Then the images signature checking will not be mandatory and no error will be
81# raised in case of failure.
82# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
83
84#
85# Emit the fitImage ITS header
86#
87# $1 ... .its filename
88fitimage_emit_fit_header() {
89 cat << EOF >> $1
90/dts-v1/;
91
92/ {
93 description = "${FIT_DESC}";
94 #address-cells = <1>;
95EOF
96}
97
98#
99# Emit the fitImage section bits
100#
101# $1 ... .its filename
102# $2 ... Section bit type: imagestart - image section start
103# confstart - configuration section start
104# sectend - section end
105# fitend - fitimage end
106#
107fitimage_emit_section_maint() {
108 case $2 in
109 imagestart)
110 cat << EOF >> $1
111
112 images {
113EOF
114 ;;
115 confstart)
116 cat << EOF >> $1
117
118 configurations {
119EOF
120 ;;
121 sectend)
122 cat << EOF >> $1
123 };
124EOF
125 ;;
126 fitend)
127 cat << EOF >> $1
128};
129EOF
130 ;;
131 esac
132}
133
134#
135# Emit the fitImage ITS kernel section
136#
137# $1 ... .its filename
138# $2 ... Image counter
139# $3 ... Path to kernel image
140# $4 ... Compression type
141fitimage_emit_section_kernel() {
142
143 kernel_csum="${FIT_HASH_ALG}"
144 kernel_sign_algo="${FIT_SIGN_ALG}"
145 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
146
147 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
148 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
149 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
150 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
151 fi
152
153 cat << EOF >> $1
154 kernel-$2 {
155 description = "Linux kernel";
156 data = /incbin/("$3");
157 type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
158 arch = "${UBOOT_ARCH}";
159 os = "linux";
160 compression = "$4";
161 load = <${UBOOT_LOADADDRESS}>;
162 entry = <$ENTRYPOINT>;
163 hash-1 {
164 algo = "$kernel_csum";
165 };
166 };
167EOF
168
169 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
170 sed -i '$ d' $1
171 cat << EOF >> $1
172 signature-1 {
173 algo = "$kernel_csum,$kernel_sign_algo";
174 key-name-hint = "$kernel_sign_keyname";
175 };
176 };
177EOF
178 fi
179}
180
181#
182# Emit the fitImage ITS DTB section
183#
184# $1 ... .its filename
185# $2 ... Image counter
186# $3 ... Path to DTB image
187fitimage_emit_section_dtb() {
188
189 dtb_csum="${FIT_HASH_ALG}"
190 dtb_sign_algo="${FIT_SIGN_ALG}"
191 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
192
193 dtb_loadline=""
194 dtb_ext=${DTB##*.}
195 if [ "${dtb_ext}" = "dtbo" ]; then
196 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
197 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
198 fi
199 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
200 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
201 fi
202 cat << EOF >> $1
203 fdt-$2 {
204 description = "Flattened Device Tree blob";
205 data = /incbin/("$3");
206 type = "flat_dt";
207 arch = "${UBOOT_ARCH}";
208 compression = "none";
209 $dtb_loadline
210 hash-1 {
211 algo = "$dtb_csum";
212 };
213 };
214EOF
215
216 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
217 sed -i '$ d' $1
218 cat << EOF >> $1
219 signature-1 {
220 algo = "$dtb_csum,$dtb_sign_algo";
221 key-name-hint = "$dtb_sign_keyname";
222 };
223 };
224EOF
225 fi
226}
227
228#
229# Emit the fitImage ITS u-boot script section
230#
231# $1 ... .its filename
232# $2 ... Image counter
233# $3 ... Path to boot script image
234fitimage_emit_section_boot_script() {
235
236 bootscr_csum="${FIT_HASH_ALG}"
237 bootscr_sign_algo="${FIT_SIGN_ALG}"
238 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
239
240 cat << EOF >> $1
241 bootscr-$2 {
242 description = "U-boot script";
243 data = /incbin/("$3");
244 type = "script";
245 arch = "${UBOOT_ARCH}";
246 compression = "none";
247 hash-1 {
248 algo = "$bootscr_csum";
249 };
250 };
251EOF
252
253 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
254 sed -i '$ d' $1
255 cat << EOF >> $1
256 signature-1 {
257 algo = "$bootscr_csum,$bootscr_sign_algo";
258 key-name-hint = "$bootscr_sign_keyname";
259 };
260 };
261EOF
262 fi
263}
264
265#
266# Emit the fitImage ITS setup section
267#
268# $1 ... .its filename
269# $2 ... Image counter
270# $3 ... Path to setup image
271fitimage_emit_section_setup() {
272
273 setup_csum="${FIT_HASH_ALG}"
274
275 cat << EOF >> $1
276 setup-$2 {
277 description = "Linux setup.bin";
278 data = /incbin/("$3");
279 type = "x86_setup";
280 arch = "${UBOOT_ARCH}";
281 os = "linux";
282 compression = "none";
283 load = <0x00090000>;
284 entry = <0x00090000>;
285 hash-1 {
286 algo = "$setup_csum";
287 };
288 };
289EOF
290}
291
292#
293# Emit the fitImage ITS ramdisk section
294#
295# $1 ... .its filename
296# $2 ... Image counter
297# $3 ... Path to ramdisk image
298fitimage_emit_section_ramdisk() {
299
300 ramdisk_csum="${FIT_HASH_ALG}"
301 ramdisk_sign_algo="${FIT_SIGN_ALG}"
302 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
303 ramdisk_loadline=""
304 ramdisk_entryline=""
305
306 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
307 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
308 fi
309 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
310 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
311 fi
312
313 cat << EOF >> $1
314 ramdisk-$2 {
315 description = "${INITRAMFS_IMAGE}";
316 data = /incbin/("$3");
317 type = "ramdisk";
318 arch = "${UBOOT_ARCH}";
319 os = "linux";
320 compression = "none";
321 $ramdisk_loadline
322 $ramdisk_entryline
323 hash-1 {
324 algo = "$ramdisk_csum";
325 };
326 };
327EOF
328
329 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
330 sed -i '$ d' $1
331 cat << EOF >> $1
332 signature-1 {
333 algo = "$ramdisk_csum,$ramdisk_sign_algo";
334 key-name-hint = "$ramdisk_sign_keyname";
335 };
336 };
337EOF
338 fi
339}
340
341#
342# Emit the fitImage ITS configuration section
343#
344# $1 ... .its filename
345# $2 ... Linux kernel ID
346# $3 ... DTB image name
347# $4 ... ramdisk ID
348# $5 ... u-boot script ID
349# $6 ... config ID
350# $7 ... default flag
351fitimage_emit_section_config() {
352
353 conf_csum="${FIT_HASH_ALG}"
354 conf_sign_algo="${FIT_SIGN_ALG}"
355 conf_padding_algo="${FIT_PAD_ALG}"
356 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
357 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
358 fi
359
360 its_file="$1"
361 kernel_id="$2"
362 dtb_image="$3"
363 ramdisk_id="$4"
364 bootscr_id="$5"
365 config_id="$6"
366 default_flag="$7"
367
368 # Test if we have any DTBs at all
369 sep=""
370 conf_desc=""
371 conf_node="${FIT_CONF_PREFIX}"
372 kernel_line=""
373 fdt_line=""
374 ramdisk_line=""
375 bootscr_line=""
376 setup_line=""
377 default_line=""
378
379 # conf node name is selected based on dtb ID if it is present,
380 # otherwise its selected based on kernel ID
381 if [ -n "$dtb_image" ]; then
382 conf_node=$conf_node$dtb_image
383 else
384 conf_node=$conf_node$kernel_id
385 fi
386
387 if [ -n "$kernel_id" ]; then
388 conf_desc="Linux kernel"
389 sep=", "
390 kernel_line="kernel = \"kernel-$kernel_id\";"
391 fi
392
393 if [ -n "$dtb_image" ]; then
394 conf_desc="$conf_desc${sep}FDT blob"
395 sep=", "
396 fdt_line="fdt = \"fdt-$dtb_image\";"
397 fi
398
399 if [ -n "$ramdisk_id" ]; then
400 conf_desc="$conf_desc${sep}ramdisk"
401 sep=", "
402 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
403 fi
404
405 if [ -n "$bootscr_id" ]; then
406 conf_desc="$conf_desc${sep}u-boot script"
407 sep=", "
408 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
409 fi
410
411 if [ -n "$config_id" ]; then
412 conf_desc="$conf_desc${sep}setup"
413 setup_line="setup = \"setup-$config_id\";"
414 fi
415
416 if [ "$default_flag" = "1" ]; then
417 # default node is selected based on dtb ID if it is present,
418 # otherwise its selected based on kernel ID
419 if [ -n "$dtb_image" ]; then
420 default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
421 else
422 default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
423 fi
424 fi
425
426 cat << EOF >> $its_file
427 $default_line
428 $conf_node {
429 description = "$default_flag $conf_desc";
430 $kernel_line
431 $fdt_line
432 $ramdisk_line
433 $bootscr_line
434 $setup_line
435 hash-1 {
436 algo = "$conf_csum";
437 };
438EOF
439
440 if [ -n "$conf_sign_keyname" ] ; then
441
442 sign_line="sign-images = "
443 sep=""
444
445 if [ -n "$kernel_id" ]; then
446 sign_line="$sign_line${sep}\"kernel\""
447 sep=", "
448 fi
449
450 if [ -n "$dtb_image" ]; then
451 sign_line="$sign_line${sep}\"fdt\""
452 sep=", "
453 fi
454
455 if [ -n "$ramdisk_id" ]; then
456 sign_line="$sign_line${sep}\"ramdisk\""
457 sep=", "
458 fi
459
460 if [ -n "$bootscr_id" ]; then
461 sign_line="$sign_line${sep}\"bootscr\""
462 sep=", "
463 fi
464
465 if [ -n "$config_id" ]; then
466 sign_line="$sign_line${sep}\"setup\""
467 fi
468
469 sign_line="$sign_line;"
470
471 cat << EOF >> $its_file
472 signature-1 {
473 algo = "$conf_csum,$conf_sign_algo";
474 key-name-hint = "$conf_sign_keyname";
475 padding = "$conf_padding_algo";
476 $sign_line
477 };
478EOF
479 fi
480
481 cat << EOF >> $its_file
482 };
483EOF
484}
485
486#
487# Assemble fitImage
488#
489# $1 ... .its filename
490# $2 ... fitImage name
491# $3 ... include ramdisk
492fitimage_assemble() {
493 kernelcount=1
494 dtbcount=""
495 DTBS=""
496 ramdiskcount=$3
497 setupcount=""
498 bootscr_id=""
499 rm -f $1 arch/${ARCH}/boot/$2
500
501 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
502 bbfatal "Keys used to sign images and configuration nodes must be different."
503 fi
504
505 fitimage_emit_fit_header $1
506
507 #
508 # Step 1: Prepare a kernel image section.
509 #
510 fitimage_emit_section_maint $1 imagestart
511
512 uboot_prep_kimage
513 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
514
515 #
516 # Step 2: Prepare a DTB image section
517 #
518
519 if [ -n "${KERNEL_DEVICETREE}" ]; then
520 dtbcount=1
521 for DTB in ${KERNEL_DEVICETREE}; do
522 if echo $DTB | grep -q '/dts/'; then
523 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
524 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
525 fi
526
527 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
528 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
529 continue
530 fi
531
532 DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
533 if [ ! -e "$DTB_PATH" ]; then
534 DTB_PATH="arch/${ARCH}/boot/$DTB"
535 fi
536
537 DTB=$(echo "$DTB" | tr '/' '_')
538 DTBS="$DTBS $DTB"
539 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
540 done
541 fi
542
543 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
544 dtbcount=1
545 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
546 DTB=$(echo "$DTB" | tr '/' '_')
547 DTBS="$DTBS $DTB"
548 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
549 done
550 fi
551
552 #
553 # Step 3: Prepare a u-boot script section
554 #
555
556 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
557 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
558 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
559 bootscr_id="${UBOOT_ENV_BINARY}"
560 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
561 else
562 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
563 fi
564 fi
565
566 #
567 # Step 4: Prepare a setup section. (For x86)
568 #
569 if [ -e arch/${ARCH}/boot/setup.bin ]; then
570 setupcount=1
571 fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
572 fi
573
574 #
575 # Step 5: Prepare a ramdisk section.
576 #
577 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
578 # Find and use the first initramfs image archive type we find
579 found=
580 for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
581 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
582 if [ -e "$initramfs_path" ]; then
583 bbnote "Found initramfs image: $initramfs_path"
584 found=true
585 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
586 break
587 else
588 bbnote "Did not find initramfs image: $initramfs_path"
589 fi
590 done
591
592 if [ -z "$found" ]; then
593 bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
594 fi
595 fi
596
597 fitimage_emit_section_maint $1 sectend
598
599 # Force the first Kernel and DTB in the default config
600 kernelcount=1
601 if [ -n "$dtbcount" ]; then
602 dtbcount=1
603 fi
604
605 #
606 # Step 6: Prepare a configurations section
607 #
608 fitimage_emit_section_maint $1 confstart
609
610 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
611 # more) to be added to the FIT image along with 0 or more device trees and
612 # 0 or 1 ramdisk.
613 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
614 # When the initramfs bundle is used ramdisk is disabled.
615 # If a device tree is to be part of the FIT image, then select
616 # the default configuration to be used is based on the dtbcount. If there is
617 # no dtb present than select the default configuation to be based on
618 # the kernelcount.
619 if [ -n "$DTBS" ]; then
620 i=1
621 for DTB in ${DTBS}; do
622 dtb_ext=${DTB##*.}
623 if [ "$dtb_ext" = "dtbo" ]; then
624 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
625 else
626 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
627 fi
628 i=`expr $i + 1`
629 done
630 else
631 defaultconfigcount=1
632 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount
633 fi
634
635 fitimage_emit_section_maint $1 sectend
636
637 fitimage_emit_section_maint $1 fitend
638
639 #
640 # Step 7: Assemble the image
641 #
642 ${UBOOT_MKIMAGE} \
643 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
644 -f $1 \
645 arch/${ARCH}/boot/$2
646
647 #
648 # Step 8: Sign the image and add public key to U-Boot dtb
649 #
650 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
651 add_key_to_u_boot=""
652 if [ -n "${UBOOT_DTB_BINARY}" ]; then
653 # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy
654 # both of them, and don't dereference the symlink.
655 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
656 add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}"
657 fi
658 ${UBOOT_MKIMAGE_SIGN} \
659 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
660 -F -k "${UBOOT_SIGN_KEYDIR}" \
661 $add_key_to_u_boot \
662 -r arch/${ARCH}/boot/$2 \
663 ${UBOOT_MKIMAGE_SIGN_ARGS}
664 fi
665}
666
667do_assemble_fitimage() {
668 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
669 cd ${B}
670 fitimage_assemble fit-image.its fitImage ""
671 fi
672}
673
674addtask assemble_fitimage before do_install after do_compile
675
676do_assemble_fitimage_initramfs() {
677 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
678 test -n "${INITRAMFS_IMAGE}" ; then
679 cd ${B}
680 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
681 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage ""
682 else
683 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
684 fi
685 fi
686}
687
688addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
689
690do_kernel_generate_rsa_keys() {
691 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
692 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
693 fi
694
695 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
696
697 # Generate keys to sign configuration nodes, only if they don't already exist
698 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
699 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
700
701 # make directory if it does not already exist
702 mkdir -p "${UBOOT_SIGN_KEYDIR}"
703
704 bbnote "Generating RSA private key for signing fitImage"
705 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
706 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
707 "${FIT_SIGN_NUMBITS}"
708
709 bbnote "Generating certificate for signing fitImage"
710 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
711 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
712 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
713 fi
714
715 # Generate keys to sign image nodes, only if they don't already exist
716 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
717 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
718
719 # make directory if it does not already exist
720 mkdir -p "${UBOOT_SIGN_KEYDIR}"
721
722 bbnote "Generating RSA private key for signing fitImage"
723 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
724 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
725 "${FIT_SIGN_NUMBITS}"
726
727 bbnote "Generating certificate for signing fitImage"
728 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
729 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
730 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
731 fi
732 fi
733}
734
735addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
736
737kernel_do_deploy[vardepsexclude] = "DATETIME"
738kernel_do_deploy:append() {
739 # Update deploy directory
740 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
741
742 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
743 bbnote "Copying fit-image.its source file..."
744 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
745 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
746 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
747 fi
748
749 bbnote "Copying linux.bin file..."
750 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
751 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
752 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
753 fi
754 fi
755
756 if [ -n "${INITRAMFS_IMAGE}" ]; then
757 bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
758 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
759 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
760 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
761 fi
762
763 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
764 bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
765 install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
766 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
767 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
768 fi
769 fi
770 fi
771 fi
772 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
773 [ -n "${UBOOT_DTB_BINARY}" ] ; then
774 # UBOOT_DTB_IMAGE is a realfile, but we can't use
775 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
776 # for u-boot, but we are in kernel env now.
777 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
778 fi
779 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
780 # If we're also creating and/or signing the uboot fit, now we need to
781 # deploy it, it's its file, as well as u-boot-spl.dtb
782 install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
783 bbnote "Copying u-boot-fitImage file..."
784 install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
785 bbnote "Copying u-boot-its file..."
786 install -m 0644 ${B}/u-boot-its-* "$deployDir/"
787 fi
788}
789
790# The function below performs the following in case of initramfs bundles:
791# - Removes do_assemble_fitimage. FIT generation is done through
792# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
793# and should not be part of the tasks to be executed.
794# - Since do_kernel_generate_rsa_keys is inserted by default
795# between do_compile and do_assemble_fitimage, this is
796# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys
797# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
798python () {
799 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
800 bb.build.deltask('do_assemble_fitimage', d)
801 bb.build.deltask('kernel_generate_rsa_keys', d)
802 bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
803}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-10 06:26:19 +0000