<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/classes-recipe/uboot-sign.bbclass, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-11-07T13:31:53+00:00</updated>
<entry>
<title>The poky repository master branch is no longer being updated.</title>
<updated>2025-11-07T13:31:53+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-11-07T13:31:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8c22ff0d8b70d9b12f0487ef696a7e915b9e3173'/>
<id>urn:sha1:8c22ff0d8b70d9b12f0487ef696a7e915b9e3173</id>
<content type='text'>
You can either:

a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs

b) use the new bitbake-setup

You can find information about either approach in our documentation:
https://docs.yoctoproject.org/

Note that "poky" the distro setting is still available in meta-yocto as
before and we continue to use and maintain that.

Long live Poky!

Some further information on the background of this change can be found
in: https://lists.openembedded.org/g/openembedded-architecture/message/2179

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>u-boot: Make sure the build dir is unique for each UBOOT_CONFIG</title>
<updated>2025-10-13T17:01:03+00:00</updated>
<author>
<name>Ryan Eatmon</name>
<email>reatmon@ti.com</email>
</author>
<published>2025-10-07T22:43:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=91f50b7c55968b0857818cf05c03488cd19452d4'/>
<id>urn:sha1:91f50b7c55968b0857818cf05c03488cd19452d4</id>
<content type='text'>
Each UBOOT_CONFIG entry is run in a different directory under ${B} so
that the files can be generated, compiled, and installed differently
from each other.  Currently that unique directory name was just the
defconfig used for each UBOOT_CONFIG.

One potential conflict arises when you want build the same defconfig
twice, but pass in different make options.  Then we get directory
collision.  Simple fix is to include both the defconfig name and the
UBOOT_CONFIG type in the directory name.

This change has the potential to be backwards breaking if a layer is
using the UBOOT_CONFIG flow and overriding/appending any of the do_*
shell functions.  Each of those will either need to change to using:

${B}/${config}  -&gt;  ${B}/${config}-${type}

or for append functions they can use the new variable in the parent
function:

${B}/${config}  -&gt;  ${B}/${builddir}

(From OE-Core rev: 22e96b32b0be02ec0971c9334d4b1df7c9ef8d84)

Signed-off-by: Ryan Eatmon &lt;reatmon@ti.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign.bbclass: Refactor condition checks to use &amp;&amp; and || instead of -a and -o</title>
<updated>2025-06-19T20:54:43+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-06-17T08:10:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6d3b93af2e955a462f3f0a68693a07f5f1d775ff'/>
<id>urn:sha1:6d3b93af2e955a462f3f0a68693a07f5f1d775ff</id>
<content type='text'>
This commit cleans up and modernizes the shell condition expressions in
`uboot-sign.bbclass` to follow best practices for portable and reliable shell usage.

Key changes:
- Replace legacy `[ -a ]` and `[ -o ]` with explicit `[ ] &amp;&amp; [ ]` and `[ ] || [ ]`.
  Modern POSIX and busybox sh recommend using `&amp;&amp;` and `||` instead of `-a` and `-o`
  because `-a` and `-o` are less robust and can cause parsing ambiguities in some shells.
- Simplify `concat_dtb()` by moving the DTB existence check to the top and using
  early `return` to avoid deep nesting.
- Remove redundant fallback `else` blocks; use clearer control flow with direct checks.

This improves maintainability, reduces shell syntax pitfalls, and aligns with
current shell scripting best practices.

References:
- POSIX recommends avoiding `-a` and `-o` in `[ ]` and using explicit `&amp;&amp;` and `||`:
  https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html

(From OE-Core rev: d2740e39800a044d557b620e38ca0ac1b8c6d030)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign: Support signing U-Boot FIT image without SPL</title>
<updated>2025-06-19T20:54:43+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-06-17T08:10:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d8cd58cc7ad5d8b7c92ef6eb6f0b973f0276422d'/>
<id>urn:sha1:d8cd58cc7ad5d8b7c92ef6eb6f0b973f0276422d</id>
<content type='text'>
Previously, the signing flow in "uboot-sign.bbclass" assumed that SPL was always
present and that the FIT signing process must inject the public key into the
SPL DTB. This made it inflexible for use cases where only the U-Boot proper
FIT image is built and signed, with no SPL binary at all.

This change introduces the following adjustments:
- The `SPL_DTB_BINARY` variable can be explicitly set to an empty string
  to indicate that no SPL is present.
- The signing logic checks `SPL_DTB_BINARY` and skips injecting the
  key or verifying the SPL DTB if it is empty.
- The FIT image generation and deployment are always performed if
  `UBOOT_FITIMAGE_ENABLE` is enabled, regardless of the SPL settings.
- The deploy helper now uses a single check on `SPL_DTB_BINARY` to decide
  whether to deploy the signed SPL DTB.

Now the sign step checks if SPL_DTB_BINARY is empty:
If present, it signs the FIT image and injects the public key into the SPL DTB,
then verifies both.
If empty, it only signs the FIT image and generates the ITS with the signature
node, but does not attempt to verify or add the key to a non-existent SPL DTB.

Key Behavior Explained
If SPL_DTB_BINARY is empty, we assume there is no SPL.
If UBOOT_FITIMAGE_ENABLE=1, we always create the FIT image and ITS.
If SPL_SIGN_ENABLE=1, we always sign the FIT image, but only inject the key into
the SPL DTB if it exists.

Example usage:
  UBOOT_FITIMAGE_ENABLE = "1"
  SPL_SIGN_ENABLE = "1"
  SPL_DTB_BINARY = ""

This means:
  - Generate and sign the FIT image.
  - Do not attempt to sign or deploy an SPL DTB.

This aligns the implementation with real scenarios where some boards do not
require an SPL.

(From OE-Core rev: 7ad6acd8841752a5b75b8e2666bca5b609347cc1)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>kernel-signing-keys-native: refactor key generation into a new recipe</title>
<updated>2025-06-05T10:02:21+00:00</updated>
<author>
<name>Adrian Freihofer</name>
<email>adrian.freihofer@siemens.com</email>
</author>
<published>2025-06-03T08:23:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=29a931bfbfdef89855f264d414c4d006639acfd3'/>
<id>urn:sha1:29a931bfbfdef89855f264d414c4d006639acfd3</id>
<content type='text'>
The do_kernel_generate_rsa_keys function from kernel-fitimage.bbclass
is moved to a new recipe, kernel-signing-keys-native.bb. This
refactoring introduces no functional changes.

Intention this change:
- Remove the dependency of uboot-sign.bbclass on kernel-fitimage.bbclass.
- Simplify the use of custom key generation implementations by
  isolating the functionality into a separate recipe.

Known limitations of this (and also the previous) implementation:
- When generating from an existing TMPDIR, the existing key is reused.
  However, when generating from an empty TMPDIR or an SDK using the
  sstate-cache, a new key is generated, which may lead to
  inconsistencies.
- The use of random keys (via FIT_GENERATE_KEYS) is convenient for
  experiments but unsuitable for production environments requiring
  deterministic and secure key management.

Future improvements to consider:
- Ensure reproducibility, even when using the sstate-cache. However,
  simply storing the private key in a potentially shared sstate artifact
  may not always be ideal from a security perspective.
- Support encrypted keys via `SRC_URI` for reliable key updates.
- Enable signing with an HSM (Hardware Security Module) through
  mechanisms like PKCS#11 or post-processing scripts.

(From OE-Core rev: 88736bb53fd2f0ffa1d249fc1a37897d10c8be18)

Signed-off-by: Adrian Freihofer &lt;adrian.freihofer@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign: Add support for setting firmware property in FIT configuration</title>
<updated>2025-05-22T13:36:49+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-05-21T01:21:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=13d83810b810c316432c09c91d9e306ebfd4fcda'/>
<id>urn:sha1:13d83810b810c316432c09c91d9e306ebfd4fcda</id>
<content type='text'>
Add the ability to set the "firmware" property in the FIT configuration node
by introducing the UBOOT_FIT_CONF_FIRMWARE variable.

This property defines the primary image to be executed during boot. If it is
set, its value will be written into the FIT configuration under the "firmware"
field. If not set, the bootloader will fall back to using the first entry in
the "loadables" list.

Using this property improves control over the boot sequence, especially in
multi-binary boot scenarios.

(From OE-Core rev: 82e1d7cbc855dbe4bec93f9b049851cbe376ea5e)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign: Fix unintended "-e" written into ITS</title>
<updated>2025-05-22T13:36:49+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-05-21T01:21:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a50b243ea67514aad4b8ebdca63cf088f42e56ca'/>
<id>urn:sha1:a50b243ea67514aad4b8ebdca63cf088f42e56ca</id>
<content type='text'>
An unintended "-e" string may be written into the generated ITS file when users
set the UBOOT_FIT_USER_SETTINGS variable to include custom binaries in the U-Boot
image.

This issue is caused by the use of 'echo -e', which behaves inconsistently across
different shells. While bash interprets '-e' as enabling escape sequences
(e.g., \n, \t), dash—the default /bin/sh on many systems—does not recognize
'-e' and treats it as a literal string. As a result, "-e" can be mistakenly
injected into the ITS file under certain build environments.

To ensure consistent and shell-agnostic behavior, replace 'echo -e' with
'printf', which is well-defined by POSIX and behaves reliably across all common
shells.

This change improves portability and prevents malformed ITS files caused by unintended
string injection.

Fixes: c12e013 ("uboot-sign: support to add users specific image tree source")
(From OE-Core rev: 1d5d22a38188f2c879e289a9732b620b0a6f7a6e)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>u-boot: ensure keys are generated before assembling U-Boot FIT image</title>
<updated>2025-05-15T09:55:26+00:00</updated>
<author>
<name>Rogerio Guerra Borin</name>
<email>rogerio.borin@toradex.com</email>
</author>
<published>2025-05-12T15:48:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1c0c5c258d03e2c4df3fa62705c2c5534ea66082'/>
<id>urn:sha1:1c0c5c258d03e2c4df3fa62705c2c5534ea66082</id>
<content type='text'>
Add the task dependency:

do_uboot_assemble_fitimage -&gt; virtual/kernel:do_kernel_generate_rsa_keys

to ensure the kernel FIT image signing keys are available when creating
the U-Boot DTB. This is done only if the signing of the kernel FIT image
is enabled (UBOOT_SIGN_ENABLE="1").

The lack of the dependency causes build errors when executing a build
with no kernel FIT keys initially present in the keys directory. In such
cases one would see an output like this in the Bitbake logs:

Log data follows:
| DEBUG: Executing shell function do_uboot_assemble_fitimage
| Couldn't open RSA private key: '/workdir/build/keys/fit/dev.key': No such file or directory
| Failed to sign 'signature' signature node in 'conf-1' conf node
| FIT description: Kernel Image image with one or more FDT blobs
| ...

This issue was introduced by commit 259bfa86f384 where the dependency
between U-Boot and the kernel was removed (for good reasons). Before
that commit the dependency was set via DEPENDS so that, in terms of
tasks, one had:

u-boot:do_configure -&gt; virtual/kernel:do_populate_sysroot

and the chain leading to the key generation was:

virtual/kernel:do_populate_sysroot -&gt; virtual/kernel:do_install
virtual/kernel:do_install -&gt; virtual/kernel:do_assemble_fitimage
virtual/kernel:do_assemble_fitimage -&gt; virtual/kernel:do_kernel_generate_rsa_keys

With the removal of the first dependency, no more guarantees exist that
the keys would be present when assembling the U-Boot FIT image. That's
the situation we are solving with the present commit.

Fixes: 259bfa86f384 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled")
(From OE-Core rev: 036f20156b3c7d0a8b912e90aa29a9b986106d5a)

Signed-off-by: Rogerio Guerra Borin &lt;rogerio.borin@toradex.com&gt;
Cc: Marek Vasut &lt;marex@denx.de&gt;
Cc: Sean Anderson &lt;sean.anderson@seco.com&gt;
Cc: Adrian Freihofer &lt;adrian.freihofer@siemens.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign: support to add users specific image tree source</title>
<updated>2025-02-27T10:55:17+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-02-17T08:52:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7be7e16cbb26f87ed1fda853c037265c0cbb00a3'/>
<id>urn:sha1:7be7e16cbb26f87ed1fda853c037265c0cbb00a3</id>
<content type='text'>
Currently, uboot-sign.bbclass only supports to create Image Tree Source(ITS)
for "u-boot" and "flat_dt". However, users may want to add their private
images into u-boot FIT image for specific application and purpose.

To make this bbclass more flexible and support to add users specific snippet
ITS, creates a new "UBOOT_FIT_USER_SETTINGS" variable. Users can add their
specific snippet ITS into this variable.

Example:

```
UBOOT_FIT_MY_ITS = '\
       myfw {\n\
            description = \"MY Firmware\";\n\
            data = /incbin/(\"myfw.bin\");\n\
            type = \"mytype\";\n\
            arch = \"myarch\";\n\
            os = \"myos\";\n\
            load = &lt;0xb2000000&gt;;\n\
            entry = &lt;0xb2000000&gt;;\n\
            compression = \"none\";\n\
        };\n\
'

UBOOT_FIT_USER_SETTINGS = "${UBOOT_FIT_MY_ITS}"
```

The generated ITS

```
       myfw {
            description = "My Firmware";
            data = /incbin/("myfw.bin");
            type = "mytype";
            arch = "myarch";
            os = "myos";
            load = &lt;0xb2000000&gt;;
            entry = &lt;0xb2000000&gt;;
            compression = "none";
       };
```

Add a variable "UBOOT_FIT_CONF_USER_LOADABLES" to load users specific images
and it is an empty by default.

(From OE-Core rev: c12e013453689697a8680f1c7de3e625a0ff28ec)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>uboot-sign: support to create TEE and ATF image tree source</title>
<updated>2025-02-27T10:55:17+00:00</updated>
<author>
<name>Jamin Lin</name>
<email>jamin_lin@aspeedtech.com</email>
</author>
<published>2025-02-17T08:52:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e6ff7089771a332779e894959855c4788a4c9720'/>
<id>urn:sha1:e6ff7089771a332779e894959855c4788a4c9720</id>
<content type='text'>
Currently, uboot-sign.bbclass only supports to create Image Tree Source(ITS)
for "u-boot" and "flat_dt". However, users may want to support multiple images
such as  ARM Trusted Firmware(ATF), Trusted Execution Environment(TEE) and
users private images for specific application and purpose.

To make this bbclass more flexible and support ATF and TEE, creates new
functions which are "uboot_fitimage_atf" and "uboot_fitimage_tee"
for ATF and TEE ITS file creation, respectively.

Add a variable "UBOOT_FIT_ARM_TRUSTED_FIRMWARE" to
enable ATF ITS generation and it is disable by default.

Add a variable "UBOOT_FIT_TEE" to enable TEE ITS generation
and it is disable by default.

(From OE-Core rev: c14641a964b5b802e995e574a599c5b4937fb488)

Signed-off-by: Jamin Lin &lt;jamin_lin@aspeedtech.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
