From fd1517e2b51a170f2427122c6b95396db251d827 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 10 Aug 2022 14:35:29 +0100 Subject: classes: Update classes to match new bitbake class scope functionality Move classes to classes-global or classes-recipe as appropriate to take advantage of new bitbake functionality to check class scope/usage. (From OE-Core rev: f5c128008365e141082c129417eb72d2751e8045) Signed-off-by: Richard Purdie --- meta/classes/kernel-fitimage.bbclass | 803 ----------------------------------- 1 file changed, 803 deletions(-) delete mode 100644 meta/classes/kernel-fitimage.bbclass (limited to 'meta/classes/kernel-fitimage.bbclass') diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass deleted file mode 100644 index 838ce204cb..0000000000 --- a/meta/classes/kernel-fitimage.bbclass +++ /dev/null @@ -1,803 +0,0 @@ -# -# Copyright OpenEmbedded Contributors -# -# SPDX-License-Identifier: MIT -# - -inherit kernel-uboot kernel-artifact-names uboot-sign - -def get_fit_replacement_type(d): - kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" - replacementtype = "" - if 'fitImage' in kerneltypes.split(): - uarch = d.getVar("UBOOT_ARCH") - if uarch == "arm64": - replacementtype = "Image" - elif uarch == "riscv": - replacementtype = "Image" - elif uarch == "mips": - replacementtype = "vmlinuz.bin" - elif uarch == "x86": - replacementtype = "bzImage" - elif uarch == "microblaze": - replacementtype = "linux.bin" - else: - replacementtype = "zImage" - return replacementtype - -KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" -DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" - -python __anonymous () { - # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal - # to kernel.bbclass . We have to override it, since we pack zImage - # (at least for now) into the fitImage . - typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" - if 'fitImage' in typeformake.split(): - d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) - - image = d.getVar('INITRAMFS_IMAGE') - if image: - d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') - - ubootenv = d.getVar('UBOOT_ENV') - if ubootenv: - d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') - - #check if there are any dtb providers - providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") - if providerdtb: - d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') - d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') - d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") - - # Verified boot will sign the fitImage and append the public key to - # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling - # the fitImage: - if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'): - uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' - d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) - if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": - d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) -} - - -# Description string -FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" - -# Sign individual images as well -FIT_SIGN_INDIVIDUAL ?= "0" - -FIT_CONF_PREFIX ?= "conf-" -FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" - -FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" - -# Keys used to sign individually image nodes. -# The keys to sign image nodes must be different from those used to sign -# configuration nodes, otherwise the "required" property, from -# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". -# Then the images signature checking will not be mandatory and no error will be -# raised in case of failure. -# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") - -# -# Emit the fitImage ITS header -# -# $1 ... .its filename -fitimage_emit_fit_header() { - cat << EOF >> $1 -/dts-v1/; - -/ { - description = "${FIT_DESC}"; - #address-cells = <1>; -EOF -} - -# -# Emit the fitImage section bits -# -# $1 ... .its filename -# $2 ... Section bit type: imagestart - image section start -# confstart - configuration section start -# sectend - section end -# fitend - fitimage end -# -fitimage_emit_section_maint() { - case $2 in - imagestart) - cat << EOF >> $1 - - images { -EOF - ;; - confstart) - cat << EOF >> $1 - - configurations { -EOF - ;; - sectend) - cat << EOF >> $1 - }; -EOF - ;; - fitend) - cat << EOF >> $1 -}; -EOF - ;; - esac -} - -# -# Emit the fitImage ITS kernel section -# -# $1 ... .its filename -# $2 ... Image counter -# $3 ... Path to kernel image -# $4 ... Compression type -fitimage_emit_section_kernel() { - - kernel_csum="${FIT_HASH_ALG}" - kernel_sign_algo="${FIT_SIGN_ALG}" - kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" - - ENTRYPOINT="${UBOOT_ENTRYPOINT}" - if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then - ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ - awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` - fi - - cat << EOF >> $1 - kernel-$2 { - description = "Linux kernel"; - data = /incbin/("$3"); - type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; - arch = "${UBOOT_ARCH}"; - os = "linux"; - compression = "$4"; - load = <${UBOOT_LOADADDRESS}>; - entry = <$ENTRYPOINT>; - hash-1 { - algo = "$kernel_csum"; - }; - }; -EOF - - if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then - sed -i '$ d' $1 - cat << EOF >> $1 - signature-1 { - algo = "$kernel_csum,$kernel_sign_algo"; - key-name-hint = "$kernel_sign_keyname"; - }; - }; -EOF - fi -} - -# -# Emit the fitImage ITS DTB section -# -# $1 ... .its filename -# $2 ... Image counter -# $3 ... Path to DTB image -fitimage_emit_section_dtb() { - - dtb_csum="${FIT_HASH_ALG}" - dtb_sign_algo="${FIT_SIGN_ALG}" - dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" - - dtb_loadline="" - dtb_ext=${DTB##*.} - if [ "${dtb_ext}" = "dtbo" ]; then - if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then - dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" - fi - elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then - dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" - fi - cat << EOF >> $1 - fdt-$2 { - description = "Flattened Device Tree blob"; - data = /incbin/("$3"); - type = "flat_dt"; - arch = "${UBOOT_ARCH}"; - compression = "none"; - $dtb_loadline - hash-1 { - algo = "$dtb_csum"; - }; - }; -EOF - - if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then - sed -i '$ d' $1 - cat << EOF >> $1 - signature-1 { - algo = "$dtb_csum,$dtb_sign_algo"; - key-name-hint = "$dtb_sign_keyname"; - }; - }; -EOF - fi -} - -# -# Emit the fitImage ITS u-boot script section -# -# $1 ... .its filename -# $2 ... Image counter -# $3 ... Path to boot script image -fitimage_emit_section_boot_script() { - - bootscr_csum="${FIT_HASH_ALG}" - bootscr_sign_algo="${FIT_SIGN_ALG}" - bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" - - cat << EOF >> $1 - bootscr-$2 { - description = "U-boot script"; - data = /incbin/("$3"); - type = "script"; - arch = "${UBOOT_ARCH}"; - compression = "none"; - hash-1 { - algo = "$bootscr_csum"; - }; - }; -EOF - - if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then - sed -i '$ d' $1 - cat << EOF >> $1 - signature-1 { - algo = "$bootscr_csum,$bootscr_sign_algo"; - key-name-hint = "$bootscr_sign_keyname"; - }; - }; -EOF - fi -} - -# -# Emit the fitImage ITS setup section -# -# $1 ... .its filename -# $2 ... Image counter -# $3 ... Path to setup image -fitimage_emit_section_setup() { - - setup_csum="${FIT_HASH_ALG}" - - cat << EOF >> $1 - setup-$2 { - description = "Linux setup.bin"; - data = /incbin/("$3"); - type = "x86_setup"; - arch = "${UBOOT_ARCH}"; - os = "linux"; - compression = "none"; - load = <0x00090000>; - entry = <0x00090000>; - hash-1 { - algo = "$setup_csum"; - }; - }; -EOF -} - -# -# Emit the fitImage ITS ramdisk section -# -# $1 ... .its filename -# $2 ... Image counter -# $3 ... Path to ramdisk image -fitimage_emit_section_ramdisk() { - - ramdisk_csum="${FIT_HASH_ALG}" - ramdisk_sign_algo="${FIT_SIGN_ALG}" - ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" - ramdisk_loadline="" - ramdisk_entryline="" - - if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then - ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" - fi - if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then - ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" - fi - - cat << EOF >> $1 - ramdisk-$2 { - description = "${INITRAMFS_IMAGE}"; - data = /incbin/("$3"); - type = "ramdisk"; - arch = "${UBOOT_ARCH}"; - os = "linux"; - compression = "none"; - $ramdisk_loadline - $ramdisk_entryline - hash-1 { - algo = "$ramdisk_csum"; - }; - }; -EOF - - if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then - sed -i '$ d' $1 - cat << EOF >> $1 - signature-1 { - algo = "$ramdisk_csum,$ramdisk_sign_algo"; - key-name-hint = "$ramdisk_sign_keyname"; - }; - }; -EOF - fi -} - -# -# Emit the fitImage ITS configuration section -# -# $1 ... .its filename -# $2 ... Linux kernel ID -# $3 ... DTB image name -# $4 ... ramdisk ID -# $5 ... u-boot script ID -# $6 ... config ID -# $7 ... default flag -fitimage_emit_section_config() { - - conf_csum="${FIT_HASH_ALG}" - conf_sign_algo="${FIT_SIGN_ALG}" - conf_padding_algo="${FIT_PAD_ALG}" - if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then - conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" - fi - - its_file="$1" - kernel_id="$2" - dtb_image="$3" - ramdisk_id="$4" - bootscr_id="$5" - config_id="$6" - default_flag="$7" - - # Test if we have any DTBs at all - sep="" - conf_desc="" - conf_node="${FIT_CONF_PREFIX}" - kernel_line="" - fdt_line="" - ramdisk_line="" - bootscr_line="" - setup_line="" - default_line="" - - # conf node name is selected based on dtb ID if it is present, - # otherwise its selected based on kernel ID - if [ -n "$dtb_image" ]; then - conf_node=$conf_node$dtb_image - else - conf_node=$conf_node$kernel_id - fi - - if [ -n "$kernel_id" ]; then - conf_desc="Linux kernel" - sep=", " - kernel_line="kernel = \"kernel-$kernel_id\";" - fi - - if [ -n "$dtb_image" ]; then - conf_desc="$conf_desc${sep}FDT blob" - sep=", " - fdt_line="fdt = \"fdt-$dtb_image\";" - fi - - if [ -n "$ramdisk_id" ]; then - conf_desc="$conf_desc${sep}ramdisk" - sep=", " - ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" - fi - - if [ -n "$bootscr_id" ]; then - conf_desc="$conf_desc${sep}u-boot script" - sep=", " - bootscr_line="bootscr = \"bootscr-$bootscr_id\";" - fi - - if [ -n "$config_id" ]; then - conf_desc="$conf_desc${sep}setup" - setup_line="setup = \"setup-$config_id\";" - fi - - if [ "$default_flag" = "1" ]; then - # default node is selected based on dtb ID if it is present, - # otherwise its selected based on kernel ID - if [ -n "$dtb_image" ]; then - default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" - else - default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" - fi - fi - - cat << EOF >> $its_file - $default_line - $conf_node { - description = "$default_flag $conf_desc"; - $kernel_line - $fdt_line - $ramdisk_line - $bootscr_line - $setup_line - hash-1 { - algo = "$conf_csum"; - }; -EOF - - if [ -n "$conf_sign_keyname" ] ; then - - sign_line="sign-images = " - sep="" - - if [ -n "$kernel_id" ]; then - sign_line="$sign_line${sep}\"kernel\"" - sep=", " - fi - - if [ -n "$dtb_image" ]; then - sign_line="$sign_line${sep}\"fdt\"" - sep=", " - fi - - if [ -n "$ramdisk_id" ]; then - sign_line="$sign_line${sep}\"ramdisk\"" - sep=", " - fi - - if [ -n "$bootscr_id" ]; then - sign_line="$sign_line${sep}\"bootscr\"" - sep=", " - fi - - if [ -n "$config_id" ]; then - sign_line="$sign_line${sep}\"setup\"" - fi - - sign_line="$sign_line;" - - cat << EOF >> $its_file - signature-1 { - algo = "$conf_csum,$conf_sign_algo"; - key-name-hint = "$conf_sign_keyname"; - padding = "$conf_padding_algo"; - $sign_line - }; -EOF - fi - - cat << EOF >> $its_file - }; -EOF -} - -# -# Assemble fitImage -# -# $1 ... .its filename -# $2 ... fitImage name -# $3 ... include ramdisk -fitimage_assemble() { - kernelcount=1 - dtbcount="" - DTBS="" - ramdiskcount=$3 - setupcount="" - bootscr_id="" - rm -f $1 arch/${ARCH}/boot/$2 - - if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then - bbfatal "Keys used to sign images and configuration nodes must be different." - fi - - fitimage_emit_fit_header $1 - - # - # Step 1: Prepare a kernel image section. - # - fitimage_emit_section_maint $1 imagestart - - uboot_prep_kimage - fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" - - # - # Step 2: Prepare a DTB image section - # - - if [ -n "${KERNEL_DEVICETREE}" ]; then - dtbcount=1 - for DTB in ${KERNEL_DEVICETREE}; do - if echo $DTB | grep -q '/dts/'; then - bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." - DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` - fi - - # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} - if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then - continue - fi - - DTB_PATH="arch/${ARCH}/boot/dts/$DTB" - if [ ! -e "$DTB_PATH" ]; then - DTB_PATH="arch/${ARCH}/boot/$DTB" - fi - - DTB=$(echo "$DTB" | tr '/' '_') - DTBS="$DTBS $DTB" - fitimage_emit_section_dtb $1 $DTB $DTB_PATH - done - fi - - if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then - dtbcount=1 - for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do - DTB=$(echo "$DTB" | tr '/' '_') - DTBS="$DTBS $DTB" - fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" - done - fi - - # - # Step 3: Prepare a u-boot script section - # - - if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then - if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then - cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} - bootscr_id="${UBOOT_ENV_BINARY}" - fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} - else - bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." - fi - fi - - # - # Step 4: Prepare a setup section. (For x86) - # - if [ -e arch/${ARCH}/boot/setup.bin ]; then - setupcount=1 - fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin - fi - - # - # Step 5: Prepare a ramdisk section. - # - if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then - # Find and use the first initramfs image archive type we find - found= - for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do - initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" - if [ -e "$initramfs_path" ]; then - bbnote "Found initramfs image: $initramfs_path" - found=true - fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" - break - else - bbnote "Did not find initramfs image: $initramfs_path" - fi - done - - if [ -z "$found" ]; then - bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" - fi - fi - - fitimage_emit_section_maint $1 sectend - - # Force the first Kernel and DTB in the default config - kernelcount=1 - if [ -n "$dtbcount" ]; then - dtbcount=1 - fi - - # - # Step 6: Prepare a configurations section - # - fitimage_emit_section_maint $1 confstart - - # kernel-fitimage.bbclass currently only supports a single kernel (no less or - # more) to be added to the FIT image along with 0 or more device trees and - # 0 or 1 ramdisk. - # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) - # When the initramfs bundle is used ramdisk is disabled. - # If a device tree is to be part of the FIT image, then select - # the default configuration to be used is based on the dtbcount. If there is - # no dtb present than select the default configuation to be based on - # the kernelcount. - if [ -n "$DTBS" ]; then - i=1 - for DTB in ${DTBS}; do - dtb_ext=${DTB##*.} - if [ "$dtb_ext" = "dtbo" ]; then - fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" - else - fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" - fi - i=`expr $i + 1` - done - else - defaultconfigcount=1 - fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount - fi - - fitimage_emit_section_maint $1 sectend - - fitimage_emit_section_maint $1 fitend - - # - # Step 7: Assemble the image - # - ${UBOOT_MKIMAGE} \ - ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ - -f $1 \ - arch/${ARCH}/boot/$2 - - # - # Step 8: Sign the image and add public key to U-Boot dtb - # - if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then - add_key_to_u_boot="" - if [ -n "${UBOOT_DTB_BINARY}" ]; then - # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy - # both of them, and don't dereference the symlink. - cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} - add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" - fi - ${UBOOT_MKIMAGE_SIGN} \ - ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ - -F -k "${UBOOT_SIGN_KEYDIR}" \ - $add_key_to_u_boot \ - -r arch/${ARCH}/boot/$2 \ - ${UBOOT_MKIMAGE_SIGN_ARGS} - fi -} - -do_assemble_fitimage() { - if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then - cd ${B} - fitimage_assemble fit-image.its fitImage "" - fi -} - -addtask assemble_fitimage before do_install after do_compile - -do_assemble_fitimage_initramfs() { - if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ - test -n "${INITRAMFS_IMAGE}" ; then - cd ${B} - if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then - fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage "" - else - fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 - fi - fi -} - -addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs - -do_kernel_generate_rsa_keys() { - if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." - fi - - if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - - # Generate keys to sign configuration nodes, only if they don't already exist - if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ - [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then - - # make directory if it does not already exist - mkdir -p "${UBOOT_SIGN_KEYDIR}" - - bbnote "Generating RSA private key for signing fitImage" - openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ - "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - "${FIT_SIGN_NUMBITS}" - - bbnote "Generating certificate for signing fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ - -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt - fi - - # Generate keys to sign image nodes, only if they don't already exist - if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ - [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then - - # make directory if it does not already exist - mkdir -p "${UBOOT_SIGN_KEYDIR}" - - bbnote "Generating RSA private key for signing fitImage" - openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ - "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ - "${FIT_SIGN_NUMBITS}" - - bbnote "Generating certificate for signing fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ - -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ - -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt - fi - fi -} - -addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile - -kernel_do_deploy[vardepsexclude] = "DATETIME" -kernel_do_deploy:append() { - # Update deploy directory - if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then - - if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then - bbnote "Copying fit-image.its source file..." - install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" - if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then - ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" - fi - - bbnote "Copying linux.bin file..." - install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} - if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then - ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" - fi - fi - - if [ -n "${INITRAMFS_IMAGE}" ]; then - bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." - install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" - if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then - ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" - fi - - if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then - bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." - install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" - if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then - ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" - fi - fi - fi - fi - if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ - [ -n "${UBOOT_DTB_BINARY}" ] ; then - # UBOOT_DTB_IMAGE is a realfile, but we can't use - # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed - # for u-boot, but we are in kernel env now. - install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" - fi - if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then - # If we're also creating and/or signing the uboot fit, now we need to - # deploy it, it's its file, as well as u-boot-spl.dtb - install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" - bbnote "Copying u-boot-fitImage file..." - install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" - bbnote "Copying u-boot-its file..." - install -m 0644 ${B}/u-boot-its-* "$deployDir/" - fi -} - -# The function below performs the following in case of initramfs bundles: -# - Removes do_assemble_fitimage. FIT generation is done through -# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed -# and should not be part of the tasks to be executed. -# - Since do_kernel_generate_rsa_keys is inserted by default -# between do_compile and do_assemble_fitimage, this is -# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys -# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. -python () { - if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": - bb.build.deltask('do_assemble_fitimage', d) - bb.build.deltask('kernel_generate_rsa_keys', d) - bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) -} -- cgit v1.2.3-54-g00ecf