# # Copyright OpenEmbedded Contributors # # SPDX-License-Identifier: MIT # inherit kernel-uboot kernel-artifact-names uboot-config def get_fit_replacement_type(d): kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" replacementtype = "" if 'fitImage' in kerneltypes.split(): uarch = d.getVar("UBOOT_ARCH") if uarch == "arm64": replacementtype = "Image" elif uarch == "riscv": replacementtype = "Image" elif uarch == "mips": replacementtype = "vmlinuz.bin" elif uarch == "x86": replacementtype = "bzImage" elif uarch == "microblaze": replacementtype = "linux.bin" else: replacementtype = "zImage" return replacementtype KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" python __anonymous () { # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal # to kernel.bbclass . We have to override it, since we pack zImage # (at least for now) into the fitImage . typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" if 'fitImage' in typeformake.split(): d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) image = d.getVar('INITRAMFS_IMAGE') if image: d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') ubootenv = d.getVar('UBOOT_ENV') if ubootenv: d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') #check if there are any dtb providers providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") if providerdtb: d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") } # Description string FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" # Kernel fitImage Hash Algo FIT_HASH_ALG ?= "sha256" # Kernel fitImage Signature Algo FIT_SIGN_ALG ?= "rsa2048" # Kernel / U-Boot fitImage Padding Algo FIT_PAD_ALG ?= "pkcs-1.5" # Generate keys for signing Kernel fitImage FIT_GENERATE_KEYS ?= "0" # Size of private keys in number of bits FIT_SIGN_NUMBITS ?= "2048" # args to openssl genrsa (Default is just the public exponent) FIT_KEY_GENRSA_ARGS ?= "-F4" # args to openssl req (Default is -batch for non interactive mode and # -new for new certificate) FIT_KEY_REQ_ARGS ?= "-batch -new" # Standard format for public key certificate FIT_KEY_SIGN_PKCS ?= "-x509" # Sign individual images as well FIT_SIGN_INDIVIDUAL ?= "0" FIT_CONF_PREFIX ?= "conf-" FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" # Allow user to select the default DTB for FIT image when multiple dtb's exists. FIT_CONF_DEFAULT_DTB ?= "" # length of address in number of cells # ex: 1 32bits address, 2 64bits address FIT_ADDRESS_CELLS ?= "1" # Keys used to sign individually image nodes. # The keys to sign image nodes must be different from those used to sign # configuration nodes, otherwise the "required" property, from # UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". # Then the images signature checking will not be mandatory and no error will be # raised in case of failure. # UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") # # Emit the fitImage ITS header # # $1 ... .its filename fitimage_emit_fit_header() { cat << EOF >> $1 /dts-v1/; / { description = "${FIT_DESC}"; #address-cells = <${FIT_ADDRESS_CELLS}>; EOF } # # Emit the fitImage section bits # # $1 ... .its filename # $2 ... Section bit type: imagestart - image section start # confstart - configuration section start # sectend - section end # fitend - fitimage end # fitimage_emit_section_maint() { case $2 in imagestart) cat << EOF >> $1 images { EOF ;; confstart) cat << EOF >> $1 configurations { EOF ;; sectend) cat << EOF >> $1 }; EOF ;; fitend) cat << EOF >> $1 }; EOF ;; esac } # # Emit the fitImage ITS kernel section # # $1 ... .its filename # $2 ... Image counter # $3 ... Path to kernel image # $4 ... Compression type fitimage_emit_section_kernel() { kernel_csum="${FIT_HASH_ALG}" kernel_sign_algo="${FIT_SIGN_ALG}" kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" ENTRYPOINT="${UBOOT_ENTRYPOINT}" if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` fi cat << EOF >> $1 kernel-$2 { description = "Linux kernel"; data = /incbin/("$3"); type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "$4"; load = <${UBOOT_LOADADDRESS}>; entry = <$ENTRYPOINT>; hash-1 { algo = "$kernel_csum"; }; }; EOF if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then sed -i '$ d' $1 cat << EOF >> $1 signature-1 { algo = "$kernel_csum,$kernel_sign_algo"; key-name-hint = "$kernel_sign_keyname"; }; }; EOF fi } # # Emit the fitImage ITS DTB section # # $1 ... .its filename # $2 ... Image counter # $3 ... Path to DTB image fitimage_emit_section_dtb() { dtb_csum="${FIT_HASH_ALG}" dtb_sign_algo="${FIT_SIGN_ALG}" dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" dtb_loadline="" dtb_ext=${DTB##*.} if [ "${dtb_ext}" = "dtbo" ]; then if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" fi elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" fi cat << EOF >> $1 fdt-$2 { description = "Flattened Device Tree blob"; data = /incbin/("$3"); type = "flat_dt"; arch = "${UBOOT_ARCH}"; compression = "none"; $dtb_loadline hash-1 { algo = "$dtb_csum"; }; }; EOF if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then sed -i '$ d' $1 cat << EOF >> $1 signature-1 { algo = "$dtb_csum,$dtb_sign_algo"; key-name-hint = "$dtb_sign_keyname"; }; }; EOF fi } # # Emit the fitImage ITS u-boot script section # # $1 ... .its filename # $2 ... Image counter # $3 ... Path to boot script image fitimage_emit_section_boot_script() { bootscr_csum="${FIT_HASH_ALG}" bootscr_sign_algo="${FIT_SIGN_ALG}" bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" cat << EOF >> $1 bootscr-$2 { description = "U-boot script"; data = /incbin/("$3"); type = "script"; arch = "${UBOOT_ARCH}"; compression = "none"; hash-1 { algo = "$bootscr_csum"; }; }; EOF if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then sed -i '$ d' $1 cat << EOF >> $1 signature-1 { algo = "$bootscr_csum,$bootscr_sign_algo"; key-name-hint = "$bootscr_sign_keyname"; }; }; EOF fi } # # Emit the fitImage ITS setup section # # $1 ... .its filename # $2 ... Image counter # $3 ... Path to setup image fitimage_emit_section_setup() { setup_csum="${FIT_HASH_ALG}" cat << EOF >> $1 setup-$2 { description = "Linux setup.bin"; data = /incbin/("$3"); type = "x86_setup"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "none"; load = <0x00090000>; entry = <0x00090000>; hash-1 { algo = "$setup_csum"; }; }; EOF } # # Emit the fitImage ITS ramdisk section # # $1 ... .its filename # $2 ... Image counter # $3 ... Path to ramdisk image fitimage_emit_section_ramdisk() { ramdisk_csum="${FIT_HASH_ALG}" ramdisk_sign_algo="${FIT_SIGN_ALG}" ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" ramdisk_loadline="" ramdisk_entryline="" if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" fi if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" fi cat << EOF >> $1 ramdisk-$2 { description = "${INITRAMFS_IMAGE}"; data = /incbin/("$3"); type = "ramdisk"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "none"; $ramdisk_loadline $ramdisk_entryline hash-1 { algo = "$ramdisk_csum"; }; }; EOF if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then sed -i '$ d' $1 cat << EOF >> $1 signature-1 { algo = "$ramdisk_csum,$ramdisk_sign_algo"; key-name-hint = "$ramdisk_sign_keyname"; }; }; EOF fi } # # echoes symlink destination if it points below directory # # $1 ... file that's a potential symlink # $2 ... expected parent directory symlink_points_below() { file="$2/$1" dir=$2 if ! [ -L "$file" ]; then return fi realpath="$(realpath --relative-to=$dir $file)" if [ -z "${realpath%%../*}" ]; then return fi echo "$realpath" } # # Emit the fitImage ITS configuration section # # $1 ... .its filename # $2 ... Linux kernel ID # $3 ... DTB image name # $4 ... ramdisk ID # $5 ... u-boot script ID # $6 ... config ID # $7 ... default flag # $8 ... default DTB image name fitimage_emit_section_config() { conf_csum="${FIT_HASH_ALG}" conf_sign_algo="${FIT_SIGN_ALG}" conf_padding_algo="${FIT_PAD_ALG}" if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" fi its_file="$1" kernel_id="$2" dtb_image="$3" ramdisk_id="$4" bootscr_id="$5" config_id="$6" default_flag="$7" default_dtb_image="$8" # Test if we have any DTBs at all sep="" conf_desc="" conf_node="${FIT_CONF_PREFIX}" kernel_line="" fdt_line="" ramdisk_line="" bootscr_line="" setup_line="" default_line="" compatible_line="" dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}") if [ -z "$dtb_image_sect" ]; then dtb_image_sect=$dtb_image fi dtb_path="${EXTERNAL_KERNEL_DEVICETREE}/${dtb_image_sect}" if [ -f "$dtb_path" ] || [ -L "$dtb_path" ]; then compat=$(fdtget -t s "$dtb_path" / compatible | sed 's/ /", "/g') if [ -n "$compat" ]; then compatible_line="compatible = \"$compat\";" fi fi dtb_image=$(echo $dtb_image | tr '/' '_') dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_') # conf node name is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then conf_node=$conf_node$dtb_image else conf_node=$conf_node$kernel_id fi if [ -n "$kernel_id" ]; then conf_desc="Linux kernel" sep=", " kernel_line="kernel = \"kernel-$kernel_id\";" fi if [ -n "$dtb_image" ]; then conf_desc="$conf_desc${sep}FDT blob" sep=", " fdt_line="fdt = \"fdt-$dtb_image_sect\";" fi if [ -n "$ramdisk_id" ]; then conf_desc="$conf_desc${sep}ramdisk" sep=", " ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" fi if [ -n "$bootscr_id" ]; then conf_desc="$conf_desc${sep}u-boot script" sep=", " bootscr_line="bootscr = \"bootscr-$bootscr_id\";" fi if [ -n "$config_id" ]; then conf_desc="$conf_desc${sep}setup" setup_line="setup = \"setup-$config_id\";" fi if [ "$default_flag" = "1" ]; then # default node is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then # Select default node as user specified dtb when # multiple dtb exists. if [ -n "$default_dtb_image" ]; then default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" else default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" fi else default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" fi fi cat << EOF >> $its_file $default_line $conf_node { description = "$default_flag $conf_desc"; $compatible_line $kernel_line $fdt_line $ramdisk_line $bootscr_line $setup_line hash-1 { algo = "$conf_csum"; }; EOF if [ -n "$conf_sign_keyname" ] ; then sign_line="sign-images = " sep="" if [ -n "$kernel_id" ]; then sign_line="$sign_line${sep}\"kernel\"" sep=", " fi if [ -n "$dtb_image" ]; then sign_line="$sign_line${sep}\"fdt\"" sep=", " fi if [ -n "$ramdisk_id" ]; then sign_line="$sign_line${sep}\"ramdisk\"" sep=", " fi if [ -n "$bootscr_id" ]; then sign_line="$sign_line${sep}\"bootscr\"" sep=", " fi if [ -n "$config_id" ]; then sign_line="$sign_line${sep}\"setup\"" fi sign_line="$sign_line;" cat << EOF >> $its_file signature-1 { algo = "$conf_csum,$conf_sign_algo"; key-name-hint = "$conf_sign_keyname"; padding = "$conf_padding_algo"; $sign_line }; EOF fi cat << EOF >> $its_file }; EOF } # # Assemble fitImage # # $1 ... .its filename # $2 ... fitImage name # $3 ... include ramdisk fitimage_assemble() { kernelcount=1 dtbcount="" DTBS="" ramdiskcount=$3 setupcount="" bootscr_id="" default_dtb_image="" rm -f $1 arch/${ARCH}/boot/$2 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then bbfatal "Keys used to sign images and configuration nodes must be different." fi fitimage_emit_fit_header $1 # # Step 1: Prepare a kernel image section. # fitimage_emit_section_maint $1 imagestart uboot_prep_kimage fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" # # Step 2: Prepare a DTB image section # if [ -n "${KERNEL_DEVICETREE}" ]; then dtbcount=1 for DTB in ${KERNEL_DEVICETREE}; do if echo $DTB | grep -q '/dts/'; then bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` fi # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then continue fi DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB" if [ ! -e "$DTB_PATH" ]; then DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" fi # Strip off the path component from the filename if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then DTB=`basename $DTB` fi # Set the default dtb image if it exists in the devicetree. if [ "${FIT_CONF_DEFAULT_DTB}" = "$DTB" ];then default_dtb_image=$(echo "$DTB" | tr '/' '_') fi DTB=$(echo "$DTB" | tr '/' '_') # Skip DTB if we've picked it up previously echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue DTBS="$DTBS $DTB" DTB=$(echo $DTB | tr '/' '_') fitimage_emit_section_dtb $1 $DTB $DTB_PATH done fi if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then dtbcount=1 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do # Set the default dtb image if it exists in the devicetree. if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then default_dtb_image=$(echo "$DTB" | tr '/' '_') fi DTB=$(echo "$DTB" | tr '/' '_') # Skip DTB/DTBO if we've picked it up previously echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue DTBS="$DTBS $DTB" # Also skip if a symlink. We'll later have each config section point at it [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue DTB=$(echo $DTB | tr '/' '_') fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" done fi if [ -n "${FIT_CONF_DEFAULT_DTB}" ] && [ -z $default_dtb_image ]; then bbwarn "${FIT_CONF_DEFAULT_DTB} is not available in the list of device trees." fi # # Step 3: Prepare a u-boot script section # if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} bootscr_id="${UBOOT_ENV_BINARY}" fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} else bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." fi fi # # Step 4: Prepare a setup section. (For x86) # if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then setupcount=1 fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin fi # # Step 5: Prepare a ramdisk section. # if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then # Find and use the first initramfs image archive type we find found= for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" if [ -e "$initramfs_path" ]; then bbnote "Found initramfs image: $initramfs_path" found=true fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" break else bbnote "Did not find initramfs image: $initramfs_path" fi done if [ -z "$found" ]; then bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" fi fi fitimage_emit_section_maint $1 sectend # Force the first Kernel and DTB in the default config kernelcount=1 if [ -n "$dtbcount" ]; then dtbcount=1 fi # # Step 6: Prepare a configurations section # fitimage_emit_section_maint $1 confstart # kernel-fitimage.bbclass currently only supports a single kernel (no less or # more) to be added to the FIT image along with 0 or more device trees and # 0 or 1 ramdisk. # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) # When the initramfs bundle is used ramdisk is disabled. # If a device tree is to be part of the FIT image, then select # the default configuration to be used is based on the dtbcount. If there is # no dtb present than select the default configuation to be based on # the kernelcount. if [ -n "$DTBS" ]; then i=1 for DTB in ${DTBS}; do dtb_ext=${DTB##*.} if [ "$dtb_ext" = "dtbo" ]; then fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" "$default_dtb_image" else fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" "$default_dtb_image" fi i=`expr $i + 1` done else defaultconfigcount=1 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount "$default_dtb_image" fi fitimage_emit_section_maint $1 sectend fitimage_emit_section_maint $1 fitend # # Step 7: Assemble the image # ${UBOOT_MKIMAGE} \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -f $1 \ ${KERNEL_OUTPUT_DIR}/$2 # # Step 8: Sign the image # if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then ${UBOOT_MKIMAGE_SIGN} \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -F -k "${UBOOT_SIGN_KEYDIR}" \ -r ${KERNEL_OUTPUT_DIR}/$2 \ ${UBOOT_MKIMAGE_SIGN_ARGS} fi } do_assemble_fitimage() { if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then cd ${B} fitimage_assemble fit-image.its fitImage-none "" if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage fi fi } addtask assemble_fitimage before do_install after do_compile SYSROOT_DIRS:append = " /sysroot-only" do_install:append() { if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage fi } do_assemble_fitimage_initramfs() { if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ test -n "${INITRAMFS_IMAGE}" ; then cd ${B} if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle "" ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage else fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 fi fi } addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs do_kernel_generate_rsa_keys() { if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." fi if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then # Generate keys to sign configuration nodes, only if they don't already exist if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then # make directory if it does not already exist mkdir -p "${UBOOT_SIGN_KEYDIR}" bbnote "Generating RSA private key for signing fitImage" openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ "${FIT_SIGN_NUMBITS}" bbnote "Generating certificate for signing fitImage" openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt fi # Generate keys to sign image nodes, only if they don't already exist if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then # make directory if it does not already exist mkdir -p "${UBOOT_SIGN_KEYDIR}" bbnote "Generating RSA private key for signing fitImage" openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ "${FIT_SIGN_NUMBITS}" bbnote "Generating certificate for signing fitImage" openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt fi fi } addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile kernel_do_deploy[vardepsexclude] = "DATETIME" kernel_do_deploy:append() { # Update deploy directory if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then bbnote "Copying fit-image.its source file..." install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" fi bbnote "Copying linux.bin file..." install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" fi fi if [ -n "${INITRAMFS_IMAGE}" ]; then bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" fi if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" fi fi fi fi }