diff options
Diffstat (limited to 'meta/classes/kernel-fitimage.bbclass')
-rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index b9d8270027..6b7c1c3a7d 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass | |||
@@ -53,30 +53,6 @@ python __anonymous () { | |||
53 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) | 53 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) |
54 | } | 54 | } |
55 | 55 | ||
56 | # Options for the device tree compiler passed to mkimage '-D' feature: | ||
57 | UBOOT_MKIMAGE_DTCOPTS ??= "" | ||
58 | |||
59 | # fitImage Hash Algo | ||
60 | FIT_HASH_ALG ?= "sha256" | ||
61 | |||
62 | # fitImage Signature Algo | ||
63 | FIT_SIGN_ALG ?= "rsa2048" | ||
64 | |||
65 | # Generate keys for signing fitImage | ||
66 | FIT_GENERATE_KEYS ?= "0" | ||
67 | |||
68 | # Size of private key in number of bits | ||
69 | FIT_SIGN_NUMBITS ?= "2048" | ||
70 | |||
71 | # args to openssl genrsa (Default is just the public exponent) | ||
72 | FIT_KEY_GENRSA_ARGS ?= "-F4" | ||
73 | |||
74 | # args to openssl req (Default is -batch for non interactive mode and | ||
75 | # -new for new certificate) | ||
76 | FIT_KEY_REQ_ARGS ?= "-batch -new" | ||
77 | |||
78 | # Standard format for public key certificate | ||
79 | FIT_KEY_SIGN_PKCS ?= "-x509" | ||
80 | 56 | ||
81 | # Description string | 57 | # Description string |
82 | FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" | 58 | FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
@@ -84,13 +60,6 @@ FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" | |||
84 | # Sign individual images as well | 60 | # Sign individual images as well |
85 | FIT_SIGN_INDIVIDUAL ?= "0" | 61 | FIT_SIGN_INDIVIDUAL ?= "0" |
86 | 62 | ||
87 | # mkimage command | ||
88 | UBOOT_MKIMAGE ?= "uboot-mkimage" | ||
89 | UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}" | ||
90 | |||
91 | # Arguments passed to mkimage for signing | ||
92 | UBOOT_MKIMAGE_SIGN_ARGS ?= "" | ||
93 | |||
94 | # | 63 | # |
95 | # Emit the fitImage ITS header | 64 | # Emit the fitImage ITS header |
96 | # | 65 | # |
@@ -698,33 +667,6 @@ do_assemble_fitimage_initramfs() { | |||
698 | 667 | ||
699 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs | 668 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs |
700 | 669 | ||
701 | do_generate_rsa_keys() { | ||
702 | if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
703 | bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." | ||
704 | fi | ||
705 | |||
706 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
707 | |||
708 | # Generate keys only if they don't already exist | ||
709 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ | ||
710 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt]; then | ||
711 | |||
712 | # make directory if it does not already exist | ||
713 | mkdir -p "${UBOOT_SIGN_KEYDIR}" | ||
714 | |||
715 | echo "Generating RSA private key for signing fitImage" | ||
716 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ | ||
717 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
718 | "${FIT_SIGN_NUMBITS}" | ||
719 | |||
720 | echo "Generating certificate for signing fitImage" | ||
721 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ | ||
722 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
723 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt | ||
724 | fi | ||
725 | fi | ||
726 | } | ||
727 | |||
728 | addtask generate_rsa_keys before do_assemble_fitimage after do_compile | 670 | addtask generate_rsa_keys before do_assemble_fitimage after do_compile |
729 | 671 | ||
730 | kernel_do_deploy[vardepsexclude] = "DATETIME" | 672 | kernel_do_deploy[vardepsexclude] = "DATETIME" |