summaryrefslogtreecommitdiffstats
path: root/meta/classes/uboot-sign.bbclass
Commit message (Collapse)AuthorAgeFilesLines
* uboot-sign.bbclass: silence warnings when UBOOT_DTB_BINARY is emptyAlex Kiernan2019-01-111-2/+2
| | | | | | | | | | | | When UBOOT_DTB_BINARY is set to "", the keys for signed booting are expected to be already present in U-Boot's DTB, so don't issue warnings for this. (From OE-Core rev: 04656f5df326a72747fc5878ce201b636a2a419c) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign.bbclass: fix signature and deploymentRobert Yang2018-12-081-42/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed: MACHINE = "beaglebone-yocto" KERNEL_CLASSES += "kernel-fitimage" KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" UBOOT_SIGN_KEYNAME = "dev" UBOOT_SIGN_ENABLE = "1" IMAGE_INSTALL_remove = "kernel-image-zimage" $ cd conf $ openssl genrsa -F4 -out dev.key 2048 $ openssl req -batch -new -x509 -key dev.key -out dev.crt $ cd ../ $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches And there would be no signature info when rebuild from sstate: $ bitbake u-boot linux-yocto -cclean $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb No result This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified info is not in sstate, and would be lost when rebuild from sstate. There are other problems in previouse code: - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so it should be deployed by kernel rather than u-boot. - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. - It seems that it assumes do_deploy depends on do_install according the comments, but they have no relationships: # do_concat_dtb is scheduled _before_ do_install as it overwrite the # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. - The do_concat_dtb should be run after do_compile, but it doesn't have this dependency. Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. [YOCTO #12112] Reported-by: Christian Andersen <c.andersen@kostal.com> (From OE-Core rev: 493f70cfb177f1d452a13329647a38642bf2b161) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign.bbclass: Remove tab indentations in python codeRobert Yang2018-12-051-10/+10
| | | | | | | | | Use 4 spaces to replace a tab. (From OE-Core rev: 790828a65316fee57cd7659ad8b7544de5d2610c) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes: Fix "U-boot", use proper spelling of "U-Boot".Robert P. J. Day2017-03-171-1/+1
| | | | | | | | | | | U-Boot people are amazingly pedantic in their insistence on proper spelling of "U-Boot", so humour them. (From OE-Core rev: f346a9bdc372ec477bafcda358f9339ff4e4c79d) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-161-3/+3
| | | | | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) (From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign: fix do_concat_dtb for .img, .romGeorge McCollister2016-11-061-2/+2
| | | | | | | | | | | Now that out of tree building is enabled, ${B} must be used instead of ${S} as the path for UBOOT_BINARY. (From OE-Core rev: 1fe17c52e4d7ce1b9d69aaa2cd9d4b351a4b2603) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign: do_concat_dtb(): cd to $BGeorge McCollister2016-08-101-0/+1
| | | | | | | | | | | | | | | | Prior to running oe_runmake make sure $B is the cwd. This is required due to bitbake commit 67a7b8b021badc17d8fdf447c250e79d291e75f7 "build: don't use $B as the default cwd for functions". Without this change, do_concat_dtb fails with: | ERROR: oe_runmake failed | make: *** No targets specified and no makefile found. Stop. (From OE-Core rev: 6dca3dee34b587157d0d49c590a177ff1dabb374) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign: Handle .rom signing the same as .imgGeorge McCollister2016-08-101-1/+2
| | | | | | | | | | | Handle u-boot.rom signing (U-Boot as x86 BIOS replacement) the same way that u-boot.img signing is handled. (From OE-Core rev: 94e3f427bbeb005d8443e9d822c3182f280df470) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign: rebuild u-boot.img with signed dtbGeorge McCollister2016-05-301-2/+6
| | | | | | | | | | | | | u-boot-nodtb.img doesn't exist so if UBOOT_SUFFIX = "img" is used u-boot.img must be rebuilt by running make with EXT_DTB=${DEPLOYDIR}/${UBOOT_DTB_IMAGE} then the resulting .img file must be install to the deploy directories. (From OE-Core rev: 4afee787e455ce1d4c002cd5c003182f1fc50028) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot: deploy u-boot-nodtb and dtb filesYannick Gicquel2016-05-061-0/+22
| | | | | | | | | This enable the deployment of u-boot-nodtb.bin and u-boot.dtb files. (From OE-Core rev: 396a3fb0f55a443f73d6ddd99d8ba83412db2d40) Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot: basic support of dtb append for verified bootYannick Gicquel2016-05-061-0/+67
This introduces a new uboot-sign.class to support U-Boot verified boot. This part delivers the new class file, with related environment variables, and a new task intended to run before do_install task and which performs the concatenation of the u-boot-nodtb.bin and the device tree blob. The 'cat' command used overrides the u-boot.bin in both DEPLOYDIR & build dir to propagate the changes in later tasks (do_install, do_package, etc.) (From OE-Core rev: 27e21c50ada2f5fb6296cce680da4350a229977c) Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>