| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
u-boot.bin with dtb & signature should be placed in ${B} so that
it can be deployed by u-boot as expected. Otherwise, the version
without signature is installed.
(From OE-Core rev: bfc8c964a9760a2c4a1d1902918908a1e7361c17)
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since UBOOT_DTB_BINARY empty means we don't need to inject signatures
into the U-Boot DTB, we can remove the dependencies between consumers of
these two classes and resolve a circular dependency between u-boot and
kernel.
(From OE-Core rev: c6b49cb75285e71909d1f9e4bf636f186941b519)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
When using u-boot-nodtb, the symlink didn't install correctly to the
${DEPLOYDIR}. This commit fixes this bug.
(From OE-Core rev: c4eddb65e2ddb61bf519b768fab1e131fb0c297b)
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When UBOOT_DTB_BINARY is empty and because the code now changes
directory into ${B}, the test for the existence becomes `[ -f ]` which
succeeds and subsequently the install fails.
Reorder the code so it's clear that UBOOT_DTB_BINARY empty is an
expected configuration and then quote UBOOT_DTB_BINARY everywhere so
no one trips over this again.
Fixes: bacb59079eb6 ("uboot-sign: add support for different u-boot configurations")
(From OE-Core rev: e79f0db0745625b35dd83483747e486d08eebfde)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This is done by concatenating the DTB with the kernels public key
to all built u-boot binaries. Furthermore the installation of all
the binaries is required.
(From OE-Core rev: bacb59079eb6ba7e43507a6d3a357341fb367f83)
Signed-off-by: Andreas Obergschwandtner <andreas.obergschwandtner@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When UBOOT_DTB_BINARY is set to "", the keys for signed booting are
expected to be already present in U-Boot's DTB, so don't issue warnings
for this.
(From OE-Core rev: 04656f5df326a72747fc5878ce201b636a2a419c)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
MACHINE = "beaglebone-yocto"
KERNEL_CLASSES += "kernel-fitimage"
KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage"
UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf"
UBOOT_SIGN_KEYNAME = "dev"
UBOOT_SIGN_ENABLE = "1"
IMAGE_INSTALL_remove = "kernel-image-zimage"
$ cd conf
$ openssl genrsa -F4 -out dev.key 2048
$ openssl req -batch -new -x509 -key dev.key -out dev.crt
$ cd ../
$ bitbake u-boot linux-yocto
$ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb
Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches
Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches
Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches
And there would be no signature info when rebuild from sstate:
$ bitbake u-boot linux-yocto -cclean
$ bitbake u-boot linux-yocto
$ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb
No result
This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it
is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified
info is not in sstate, and would be lost when rebuild from sstate.
There are other problems in previouse code:
- The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so
it should be deployed by kernel rather than u-boot.
- The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE},
this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy.
- It seems that it assumes do_deploy depends on do_install according the comments,
but they have no relationships:
# do_concat_dtb is scheduled _before_ do_install as it overwrite the
# u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
- The do_concat_dtb should be run after do_compile, but it doesn't have this
dependency.
Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from
${STAGING_DATADIR} to ${B} and deploy it can fix the problem.
[YOCTO #12112]
Reported-by: Christian Andersen <c.andersen@kostal.com>
(From OE-Core rev: 493f70cfb177f1d452a13329647a38642bf2b161)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Use 4 spaces to replace a tab.
(From OE-Core rev: 790828a65316fee57cd7659ad8b7544de5d2610c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
U-Boot people are amazingly pedantic in their insistence on proper
spelling of "U-Boot", so humour them.
(From OE-Core rev: f346a9bdc372ec477bafcda358f9339ff4e4c79d)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Now that out of tree building is enabled, ${B} must be used instead of
${S} as the path for UBOOT_BINARY.
(From OE-Core rev: 1fe17c52e4d7ce1b9d69aaa2cd9d4b351a4b2603)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to running oe_runmake make sure $B is the cwd. This is required
due to bitbake commit 67a7b8b021badc17d8fdf447c250e79d291e75f7
"build: don't use $B as the default cwd for functions".
Without this change, do_concat_dtb fails with:
| ERROR: oe_runmake failed
| make: *** No targets specified and no makefile found. Stop.
(From OE-Core rev: 6dca3dee34b587157d0d49c590a177ff1dabb374)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Handle u-boot.rom signing (U-Boot as x86 BIOS replacement) the same way
that u-boot.img signing is handled.
(From OE-Core rev: 94e3f427bbeb005d8443e9d822c3182f280df470)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
u-boot-nodtb.img doesn't exist so if UBOOT_SUFFIX = "img" is used
u-boot.img must be rebuilt by running make with
EXT_DTB=${DEPLOYDIR}/${UBOOT_DTB_IMAGE} then the resulting .img file must
be install to the deploy directories.
(From OE-Core rev: 4afee787e455ce1d4c002cd5c003182f1fc50028)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This enable the deployment of u-boot-nodtb.bin and u-boot.dtb files.
(From OE-Core rev: 396a3fb0f55a443f73d6ddd99d8ba83412db2d40)
Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This introduces a new uboot-sign.class to support U-Boot verified boot.
This part delivers the new class file, with related environment variables, and
a new task intended to run before do_install task and which performs the
concatenation of the u-boot-nodtb.bin and the device tree blob. The 'cat'
command used overrides the u-boot.bin in both DEPLOYDIR & build dir to
propagate the changes in later tasks (do_install, do_package, etc.)
(From OE-Core rev: 27e21c50ada2f5fb6296cce680da4350a229977c)
Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|