From 068d114385adc679770dc5e8909ad7c432bf8ec1 Mon Sep 17 00:00:00 2001 From: Klaus Heinrich Kiwi Date: Fri, 26 Mar 2021 17:14:07 -0300 Subject: u-boot: Move definitions to common locations Move some definitions from u-boot.inc into uboot-config.bbclass and similarly from kernel-fitimage.bbclass into uboot-sign.bbclass, so that they can be useful when signing the U-boot proper fitimage, for a verified-boot SPL. (From OE-Core rev: cc6c3e31526d3b6ef3a87ba5e548fcad7483bd51) Signed-off-by: Klaus Heinrich Kiwi Signed-off-by: Richard Purdie --- meta/classes/kernel-fitimage.bbclass | 58 ------------------------------------ 1 file changed, 58 deletions(-) (limited to 'meta/classes/kernel-fitimage.bbclass') diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index b9d8270027..6b7c1c3a7d 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -53,30 +53,6 @@ python __anonymous () { d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) } -# Options for the device tree compiler passed to mkimage '-D' feature: -UBOOT_MKIMAGE_DTCOPTS ??= "" - -# fitImage Hash Algo -FIT_HASH_ALG ?= "sha256" - -# fitImage Signature Algo -FIT_SIGN_ALG ?= "rsa2048" - -# Generate keys for signing fitImage -FIT_GENERATE_KEYS ?= "0" - -# Size of private key in number of bits -FIT_SIGN_NUMBITS ?= "2048" - -# args to openssl genrsa (Default is just the public exponent) -FIT_KEY_GENRSA_ARGS ?= "-F4" - -# args to openssl req (Default is -batch for non interactive mode and -# -new for new certificate) -FIT_KEY_REQ_ARGS ?= "-batch -new" - -# Standard format for public key certificate -FIT_KEY_SIGN_PKCS ?= "-x509" # Description string FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" @@ -84,13 +60,6 @@ FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" # Sign individual images as well FIT_SIGN_INDIVIDUAL ?= "0" -# mkimage command -UBOOT_MKIMAGE ?= "uboot-mkimage" -UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}" - -# Arguments passed to mkimage for signing -UBOOT_MKIMAGE_SIGN_ARGS ?= "" - # # Emit the fitImage ITS header # @@ -698,33 +667,6 @@ do_assemble_fitimage_initramfs() { addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs -do_generate_rsa_keys() { - if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." - fi - - if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - - # Generate keys only if they don't already exist - if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ - [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt]; then - - # make directory if it does not already exist - mkdir -p "${UBOOT_SIGN_KEYDIR}" - - echo "Generating RSA private key for signing fitImage" - openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ - "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - "${FIT_SIGN_NUMBITS}" - - echo "Generating certificate for signing fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ - -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt - fi - fi -} - addtask generate_rsa_keys before do_assemble_fitimage after do_compile kernel_do_deploy[vardepsexclude] = "DATETIME" -- cgit v1.2.3-54-g00ecf