diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 37 | ||||
-rw-r--r-- | meta/classes/uboot-sign.bbclass | 29 |
2 files changed, 34 insertions, 32 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 67cbda4d93..e363eeb64c 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass | |||
@@ -667,7 +667,34 @@ do_assemble_fitimage_initramfs() { | |||
667 | 667 | ||
668 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs | 668 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs |
669 | 669 | ||
670 | addtask generate_rsa_keys before do_assemble_fitimage after do_compile | 670 | do_kernel_generate_rsa_keys() { |
671 | if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
672 | bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." | ||
673 | fi | ||
674 | |||
675 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
676 | |||
677 | # Generate keys only if they don't already exist | ||
678 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ | ||
679 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then | ||
680 | |||
681 | # make directory if it does not already exist | ||
682 | mkdir -p "${UBOOT_SIGN_KEYDIR}" | ||
683 | |||
684 | echo "Generating RSA private key for signing fitImage" | ||
685 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ | ||
686 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
687 | "${FIT_SIGN_NUMBITS}" | ||
688 | |||
689 | echo "Generating certificate for signing fitImage" | ||
690 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ | ||
691 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
692 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt | ||
693 | fi | ||
694 | fi | ||
695 | } | ||
696 | |||
697 | addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile | ||
671 | 698 | ||
672 | kernel_do_deploy[vardepsexclude] = "DATETIME" | 699 | kernel_do_deploy[vardepsexclude] = "DATETIME" |
673 | kernel_do_deploy_append() { | 700 | kernel_do_deploy_append() { |
@@ -718,13 +745,13 @@ kernel_do_deploy_append() { | |||
718 | # - Removes do_assemble_fitimage. FIT generation is done through | 745 | # - Removes do_assemble_fitimage. FIT generation is done through |
719 | # do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed | 746 | # do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed |
720 | # and should not be part of the tasks to be executed. | 747 | # and should not be part of the tasks to be executed. |
721 | # - Since do_generate_rsa_keys is inserted by default | 748 | # - Since do_kernel_generate_rsa_keys is inserted by default |
722 | # between do_compile and do_assemble_fitimage, this is | 749 | # between do_compile and do_assemble_fitimage, this is |
723 | # not suitable in case of initramfs bundles. do_generate_rsa_keys | 750 | # not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys |
724 | # should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. | 751 | # should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. |
725 | python () { | 752 | python () { |
726 | if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": | 753 | if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": |
727 | bb.build.deltask('do_assemble_fitimage', d) | 754 | bb.build.deltask('do_assemble_fitimage', d) |
728 | bb.build.deltask('generate_rsa_keys', d) | 755 | bb.build.deltask('kernel_generate_rsa_keys', d) |
729 | bb.build.addtask('generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) | 756 | bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) |
730 | } | 757 | } |
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index d11882f90f..29b2edc833 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass | |||
@@ -255,32 +255,7 @@ do_install_append() { | |||
255 | fi | 255 | fi |
256 | } | 256 | } |
257 | 257 | ||
258 | do_generate_rsa_keys() { | 258 | do_uboot_generate_rsa_keys() { |
259 | if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
260 | bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." | ||
261 | fi | ||
262 | |||
263 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then | ||
264 | |||
265 | # Generate keys only if they don't already exist | ||
266 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ | ||
267 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then | ||
268 | |||
269 | # make directory if it does not already exist | ||
270 | mkdir -p "${UBOOT_SIGN_KEYDIR}" | ||
271 | |||
272 | echo "Generating RSA private key for signing fitImage" | ||
273 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ | ||
274 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
275 | "${FIT_SIGN_NUMBITS}" | ||
276 | |||
277 | echo "Generating certificate for signing fitImage" | ||
278 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ | ||
279 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ | ||
280 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt | ||
281 | fi | ||
282 | fi | ||
283 | |||
284 | if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then | 259 | if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then |
285 | bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." | 260 | bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." |
286 | fi | 261 | fi |
@@ -308,7 +283,7 @@ do_generate_rsa_keys() { | |||
308 | 283 | ||
309 | } | 284 | } |
310 | 285 | ||
311 | addtask generate_rsa_keys before do_uboot_assemble_fitimage after do_compile | 286 | addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile |
312 | 287 | ||
313 | # Create a ITS file for the U-boot FIT, for use when | 288 | # Create a ITS file for the U-boot FIT, for use when |
314 | # we want to sign it so that the SPL can verify it | 289 | # we want to sign it so that the SPL can verify it |