1 files changed, 32 insertions, 5 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 67cbda4d93..e363eeb64c 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -667,7 +667,34 @@ do_assemble_fitimage_initramfs() {
 addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
-addtask generate_rsa_keys before do_assemble_fitimage after do_compile
+do_kernel_generate_rsa_keys() {
+        if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
+                bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
+        fi
+        if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
+                # Generate keys only if they don't already exist
+                if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
+                        [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
+                        # make directory if it does not already exist
+                        mkdir -p "${UBOOT_SIGN_KEYDIR}"
+                        echo "Generating RSA private key for signing fitImage"
+                        openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
+                                "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+                        "${FIT_SIGN_NUMBITS}"
+                        echo "Generating certificate for signing fitImage"
+                        openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
+                                -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+                                -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
+                fi
+        fi
+}
+addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
 kernel_do_deploy[vardepsexclude] = "DATETIME"
 kernel_do_deploy_append() {
@@ -718,13 +745,13 @@ kernel_do_deploy_append() {
 # - Removes do_assemble_fitimage. FIT generation is done through
 #   do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
 #   and should not be part of the tasks to be executed.
-# - Since do_generate_rsa_keys is inserted by default
+# - Since do_kernel_generate_rsa_keys is inserted by default
 #   between do_compile and do_assemble_fitimage, this is
-#   not suitable in case of initramfs bundles.  do_generate_rsa_keys
+#   not suitable in case of initramfs bundles.  do_kernel_generate_rsa_keys
 #   should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
 python () {
    if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
        bb.build.deltask('do_assemble_fitimage', d)
-        bb.build.deltask('generate_rsa_keys', d)
+        bb.build.deltask('kernel_generate_rsa_keys', d)
-        bb.build.addtask('generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
+        bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
 }

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 67cbda4d93..e363eeb64c 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass
@@ -667,7 +667,34 @@ do_assemble_fitimage_initramfs() {
667		667
668	addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs	668	addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
669		669
670	addtask generate_rsa_keys before do_assemble_fitimage after do_compile	670	do_kernel_generate_rsa_keys() {
		671	if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
		672	bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
		673	fi
		674
		675	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
		676
		677	# Generate keys only if they don't already exist
		678	if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] \|\| \
		679	[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
		680
		681	# make directory if it does not already exist
		682	mkdir -p "${UBOOT_SIGN_KEYDIR}"
		683
		684	echo "Generating RSA private key for signing fitImage"
		685	openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
		686	"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
		687	"${FIT_SIGN_NUMBITS}"
		688
		689	echo "Generating certificate for signing fitImage"
		690	openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
		691	-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
		692	-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
		693	fi
		694	fi
		695	}
		696
		697	addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
671		698
672	kernel_do_deploy[vardepsexclude] = "DATETIME"	699	kernel_do_deploy[vardepsexclude] = "DATETIME"
673	kernel_do_deploy_append() {	700	kernel_do_deploy_append() {
@@ -718,13 +745,13 @@ kernel_do_deploy_append() {
718	# - Removes do_assemble_fitimage. FIT generation is done through	745	# - Removes do_assemble_fitimage. FIT generation is done through
719	# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed	746	# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
720	# and should not be part of the tasks to be executed.	747	# and should not be part of the tasks to be executed.
721	# - Since do_generate_rsa_keys is inserted by default	748	# - Since do_kernel_generate_rsa_keys is inserted by default
722	# between do_compile and do_assemble_fitimage, this is	749	# between do_compile and do_assemble_fitimage, this is
723	# not suitable in case of initramfs bundles. do_generate_rsa_keys	750	# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys
724	# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.	751	# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
725	python () {	752	python () {
726	if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":	753	if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
727	bb.build.deltask('do_assemble_fitimage', d)	754	bb.build.deltask('do_assemble_fitimage', d)
728	bb.build.deltask('generate_rsa_keys', d)	755	bb.build.deltask('kernel_generate_rsa_keys', d)
729	bb.build.addtask('generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)	756	bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
730	}	757	}