classes: Update classes to match new bitbake class scope functionality

Move classes to classes-global or classes-recipe as appropriate to take advantage of new bitbake functionality to check class scope/usage. (From OE-Core rev: f5c128008365e141082c129417eb72d2751e8045) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-08-10 14:35:29 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-08-12 15:27:17 +0100
commit: fd1517e2b51a170f2427122c6b95396db251d827 (patch)
tree: dabfe3e631339c2fc99a9ee7febb0f9c128e325e /meta/classes/uboot-sign.bbclass
parent: 10317912ee319ccf7f83605d438b5cbf9663f296 (diff)
download: poky-fd1517e2b51a170f2427122c6b95396db251d827.tar.gz
1 files changed, 0 insertions, 505 deletions
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
deleted file mode 100644
index debbf23ec6..0000000000
--- a/meta/classes/uboot-sign.bbclass
+++ /dev/null
@@ -1,505 +0,0 @@
-#
-# Copyright OpenEmbedded Contributors
-#
-# SPDX-License-Identifier: MIT
-#
-# This file is part of U-Boot verified boot support and is intended to be
-# inherited from u-boot recipe and from kernel-fitimage.bbclass.
-#
-# The signature procedure requires the user to generate an RSA key and
-# certificate in a directory and to define the following variable:
-#
-#   UBOOT_SIGN_KEYDIR = "/keys/directory"
-#   UBOOT_SIGN_KEYNAME = "dev" # keys name in keydir (eg. "dev.crt", "dev.key")
-#   UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-#   UBOOT_SIGN_ENABLE = "1"
-#
-# As verified boot depends on fitImage generation, following is also required:
-#
-#   KERNEL_CLASSES ?= " kernel-fitimage "
-#   KERNEL_IMAGETYPE ?= "fitImage"
-#
-# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
-#
-# The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to
-# treat the device tree blob:
-#
-# * u-boot:do_install:append
-#   Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
-#   signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
-#
-# * virtual/kernel:do_assemble_fitimage
-#   Sign the image
-#
-# * u-boot:do_deploy[postfuncs]
-#   Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others.
-#
-# For more details on signature process, please refer to U-Boot documentation.
-# We need some variables from u-boot-config
-inherit uboot-config
-# Enable use of a U-Boot fitImage
-UBOOT_FITIMAGE_ENABLE ?= "0"
-# Signature activation - these require their respective fitImages
-UBOOT_SIGN_ENABLE ?= "0"
-SPL_SIGN_ENABLE ?= "0"
-# Default value for deployment filenames.
-UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
-UBOOT_DTB_BINARY ?= "u-boot.dtb"
-UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
-UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
-UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
-UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.bin"
-UBOOT_ITS_IMAGE ?= "u-boot-its-${MACHINE}-${PV}-${PR}"
-UBOOT_ITS ?= "u-boot.its"
-UBOOT_ITS_SYMLINK ?= "u-boot-its-${MACHINE}"
-UBOOT_FITIMAGE_IMAGE ?= "u-boot-fitImage-${MACHINE}-${PV}-${PR}"
-UBOOT_FITIMAGE_BINARY ?= "u-boot-fitImage"
-UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
-SPL_DIR ?= "spl"
-SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
-SPL_DTB_BINARY ?= "u-boot-spl.dtb"
-SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
-SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
-SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
-SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
-# U-Boot fitImage description
-UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
-# Kernel / U-Boot fitImage Hash Algo
-FIT_HASH_ALG ?= "sha256"
-UBOOT_FIT_HASH_ALG ?= "sha256"
-# Kernel / U-Boot fitImage Signature Algo
-FIT_SIGN_ALG ?= "rsa2048"
-UBOOT_FIT_SIGN_ALG ?= "rsa2048"
-# Kernel / U-Boot fitImage Padding Algo
-FIT_PAD_ALG ?= "pkcs-1.5"
-# Generate keys for signing Kernel / U-Boot fitImage
-FIT_GENERATE_KEYS ?= "0"
-UBOOT_FIT_GENERATE_KEYS ?= "0"
-# Size of private keys in number of bits
-FIT_SIGN_NUMBITS ?= "2048"
-UBOOT_FIT_SIGN_NUMBITS ?= "2048"
-# args to openssl genrsa (Default is just the public exponent)
-FIT_KEY_GENRSA_ARGS ?= "-F4"
-UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
-# args to openssl req (Default is -batch for non interactive mode and
-# -new for new certificate)
-FIT_KEY_REQ_ARGS ?= "-batch -new"
-UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
-# Standard format for public key certificate
-FIT_KEY_SIGN_PKCS ?= "-x509"
-UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
-# Functions on this bbclass can apply to either U-boot or Kernel,
-# depending on the scenario
-UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
-KERNEL_PN = "${@d.getVar('PREFERRED_PROVIDER_virtual/kernel')}"
-# We need u-boot-tools-native if we're creating a U-Boot fitImage
-python() {
-    if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1':
-        depends = d.getVar("DEPENDS")
-        depends = "%s u-boot-tools-native dtc-native" % depends
-        d.setVar("DEPENDS", depends)
-}
-concat_dtb_helper() {
-        if [ -e "${UBOOT_DTB_BINARY}" ]; then
-                ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
-                ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
-        fi
-        if [ -f "${UBOOT_NODTB_BINARY}" ]; then
-                install ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
-                ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
-                ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
-        fi
-        # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
-        # with public key (otherwise it will be deployed by the equivalent
-        # concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
-        if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
-                deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}'
-                if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
-                        [ -e "$deployed_uboot_dtb_binary" ]; then
-                        oe_runmake EXT_DTB=$deployed_uboot_dtb_binary
-                        install ${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE}
-                elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
-                        cd ${DEPLOYDIR}
-                        cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE}
-                        if [ -n "${UBOOT_CONFIG}" ]
-                        then
-                                i=0
-                                j=0
-                                for config in ${UBOOT_MACHINE}; do
-                                        i=$(expr $i + 1);
-                                        for type in ${UBOOT_CONFIG}; do
-                                                j=$(expr $j + 1);
-                                                if [ $j -eq $i ]
-                                                then
-                                                        cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
-                                                fi
-                                        done
-                                done
-                        fi
-                else
-                        bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
-                fi
-        fi
-}
-concat_spl_dtb_helper() {
-        # We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will
-        # be responsible for deploying the real file
-        if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
-                ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
-                ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
-        fi
-        # Concatenate the SPL nodtb binary and u-boot.dtb
-        deployed_spl_dtb_binary='${DEPLOY_DIR_IMAGE}/${SPL_DTB_IMAGE}'
-        if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
-                cd ${DEPLOYDIR}
-                cat ${SPL_NODTB_IMAGE} $deployed_spl_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${SPL_BINARY} > ${SPL_IMAGE}
-        else
-                bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
-        fi
-}
-concat_dtb() {
-        if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then
-                mkdir -p ${DEPLOYDIR}
-                if [ -n "${UBOOT_CONFIG}" ]; then
-                        for config in ${UBOOT_MACHINE}; do
-                                CONFIG_B_PATH="$config"
-                                cd ${B}/$config
-                                concat_dtb_helper
-                        done
-                else
-                        CONFIG_B_PATH=""
-                        cd ${B}
-                        concat_dtb_helper
-                fi
-        fi
-}
-concat_spl_dtb() {
-        if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then
-                mkdir -p ${DEPLOYDIR}
-                if [ -n "${UBOOT_CONFIG}" ]; then
-                        for config in ${UBOOT_MACHINE}; do
-                                CONFIG_B_PATH="$config"
-                                cd ${B}/$config
-                                concat_spl_dtb_helper
-                        done
-                else
-                        CONFIG_B_PATH=""
-                        cd ${B}
-                        concat_spl_dtb_helper
-                fi
-        fi
-}
-# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
-# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
-install_helper() {
-        if [ -f "${UBOOT_DTB_BINARY}" ]; then
-                # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we
-                # need both of them.
-                install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
-                ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
-        else
-                bbwarn "${UBOOT_DTB_BINARY} not found"
-        fi
-}
-# Install SPL dtb and u-boot nodtb to datadir,
-install_spl_helper() {
-        if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
-                install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
-                ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY}
-        else
-                bbwarn "${SPL_DTB_BINARY} not found"
-        fi
-        if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
-                install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
-                ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
-        else
-                bbwarn "${UBOOT_NODTB_BINARY} not found"
-        fi
-        # We need to install a 'stub' u-boot-fitimage + its to datadir,
-        # so that the KERNEL_PN can use the correct filename when
-        # assembling and deploying them
-        touch ${D}/${datadir}/${UBOOT_FITIMAGE_IMAGE}
-        touch ${D}/${datadir}/${UBOOT_ITS_IMAGE}
-}
-do_install:append() {
-        if [ "${PN}" = "${UBOOT_PN}" ]; then
-                if [ -n "${UBOOT_CONFIG}" ]; then
-                        for config in ${UBOOT_MACHINE}; do
-                                cd ${B}/$config
-                                if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
-                                        [ -n "${UBOOT_DTB_BINARY}" ]; then
-                                        install_helper
-                                fi
-                                if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
-                                        install_spl_helper
-                                fi
-                        done
-                else
-                        cd ${B}
-                        if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
-                                [ -n "${UBOOT_DTB_BINARY}" ]; then
-                                install_helper
-                        fi
-                        if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
-                                install_spl_helper
-                        fi
-                fi
-        fi
-}
-do_uboot_generate_rsa_keys() {
-        if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
-                bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
-        fi
-        if [ "${SPL_SIGN_ENABLE}" = "1" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
-                # Generate keys only if they don't already exist
-                if [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key ] || \
-                        [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt ]; then
-                        # make directory if it does not already exist
-                        mkdir -p "${SPL_SIGN_KEYDIR}"
-                        echo "Generating RSA private key for signing U-Boot fitImage"
-                        openssl genrsa ${UBOOT_FIT_KEY_GENRSA_ARGS} -out \
-                                "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
-                                "${UBOOT_FIT_SIGN_NUMBITS}"
-                        echo "Generating certificate for signing U-Boot fitImage"
-                        openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
-                                -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
-                                -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
-                fi
-        fi
-}
-addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile
-# Create a ITS file for the U-boot FIT, for use when
-# we want to sign it so that the SPL can verify it
-uboot_fitimage_assemble() {
-        uboot_its="$1"
-        uboot_nodtb_bin="$2"
-        uboot_dtb="$3"
-        uboot_bin="$4"
-        spl_dtb="$5"
-        uboot_csum="${UBOOT_FIT_HASH_ALG}"
-        uboot_sign_algo="${UBOOT_FIT_SIGN_ALG}"
-        uboot_sign_keyname="${SPL_SIGN_KEYNAME}"
-        rm -f $uboot_its $uboot_bin
-        # First we create the ITS script
-        cat << EOF >> $uboot_its
-/dts-v1/;
-/ {
-    description = "${UBOOT_FIT_DESC}";
-    #address-cells = <1>;
-    images {
-        uboot {
-            description = "U-Boot image";
-            data = /incbin/("$uboot_nodtb_bin");
-            type = "standalone";
-            os = "u-boot";
-            arch = "${UBOOT_ARCH}";
-            compression = "none";
-            load = <${UBOOT_LOADADDRESS}>;
-            entry = <${UBOOT_ENTRYPOINT}>;
-EOF
-        if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
-                cat << EOF >> $uboot_its
-            signature {
-                algo = "$uboot_csum,$uboot_sign_algo";
-                key-name-hint = "$uboot_sign_keyname";
-            };
-EOF
-        fi
-        cat << EOF >> $uboot_its
-        };
-        fdt {
-            description = "U-Boot FDT";
-            data = /incbin/("$uboot_dtb");
-            type = "flat_dt";
-            arch = "${UBOOT_ARCH}";
-            compression = "none";
-EOF
-        if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
-                cat << EOF >> $uboot_its
-            signature {
-                algo = "$uboot_csum,$uboot_sign_algo";
-                key-name-hint = "$uboot_sign_keyname";
-            };
-EOF
-        fi
-        cat << EOF >> $uboot_its
-        };
-    };
-    configurations {
-        default = "conf";
-        conf {
-            description = "Boot with signed U-Boot FIT";
-            loadables = "uboot";
-            fdt = "fdt";
-        };
-    };
-};
-EOF
-        #
-        # Assemble the U-boot FIT image
-        #
-        ${UBOOT_MKIMAGE} \
-                ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
-                -f $uboot_its \
-                $uboot_bin
-        if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
-                #
-                # Sign the U-boot FIT image and add public key to SPL dtb
-                #
-                ${UBOOT_MKIMAGE_SIGN} \
-                        ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
-                        -F -k "${SPL_SIGN_KEYDIR}" \
-                        -K "$spl_dtb" \
-                        -r $uboot_bin \
-                        ${SPL_MKIMAGE_SIGN_ARGS}
-        fi
-}
-do_uboot_assemble_fitimage() {
-        # This function runs in KERNEL_PN context. The reason for that is that we need to
-        # support the scenario where UBOOT_SIGN_ENABLE is placing the Kernel fitImage's
-        # pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot
-        # fitImage itself.
-        if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
-           [ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then
-                if [ "${UBOOT_SIGN_ENABLE}" != "1" ]; then
-                        # If we're not signing the Kernel fitImage, that means
-                        # we need to copy the u-boot.dtb from staging ourselves
-                        cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
-                fi
-                # As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first.
-                # Unfortunately, need to glob on top of ${SPL_DTB_BINARY} since _IMAGE and _SYMLINK
-                # will contain U-boot's PV
-                # Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in
-                # staging so that we can use it for creating the image with the correct filename
-                # in the KERNEL_PN context.
-                # As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent
-                # do_assemble_fitimage task
-                cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B}
-                cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B}
-                rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-*
-                kernel_uboot_fitimage_name=`basename ${STAGING_DATADIR}/u-boot-fitImage-*`
-                kernel_uboot_its_name=`basename ${STAGING_DATADIR}/u-boot-its-*`
-                cd ${B}
-                uboot_fitimage_assemble $kernel_uboot_its_name ${UBOOT_NODTB_BINARY} \
-                                        ${UBOOT_DTB_BINARY} $kernel_uboot_fitimage_name \
-                                        ${SPL_DTB_BINARY}
-        fi
-}
-addtask uboot_assemble_fitimage before do_deploy after do_compile
-do_deploy:prepend:pn-${UBOOT_PN}() {
-        if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
-                concat_dtb
-        fi
-        if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
-        # Deploy the u-boot-nodtb binary and symlinks...
-                if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
-                        echo "Copying u-boot-nodtb binary..."
-                        install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
-                        ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
-                        ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
-                fi
-                # We only deploy the symlinks to the uboot-fitImage and uboot-its
-                # images, as the KERNEL_PN will take care of deploying the real file
-                ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
-                ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
-                ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
-                ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
-        fi
-        if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
-                concat_spl_dtb
-        fi
-}
-do_deploy:append:pn-${UBOOT_PN}() {
-        # If we're creating a u-boot fitImage, point u-boot.bin
-        # symlink since it might get used by image recipes
-        if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
-                ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_BINARY}
-                ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
-        fi
-}
-python () {
-    if (   (d.getVar('UBOOT_SIGN_ENABLE') == '1'
-            or d.getVar('UBOOT_FITIMAGE_ENABLE') == '1')
-        and d.getVar('PN') == d.getVar('UBOOT_PN')
-        and d.getVar('UBOOT_DTB_BINARY')):
-        # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
-        # and/or the U-Boot fitImage
-        d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % d.getVar('KERNEL_PN'))
-    if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' and d.getVar('PN') == d.getVar('KERNEL_PN'):
-        # As the U-Boot fitImage is created by the KERNEL_PN, we need
-        # to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
-        # files are in the staging dir for it's use
-        d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % d.getVar('UBOOT_PN'))
-        # If the Kernel fitImage is being signed, we need to
-        # create the U-Boot fitImage after it
-        if d.getVar('UBOOT_SIGN_ENABLE') == '1':
-            d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage' % d.getVar('KERNEL_PN'))
-            d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage_initramfs' % d.getVar('KERNEL_PN'))
-}
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-10 14:35:29 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-12 15:27:17 +0100
commit	fd1517e2b51a170f2427122c6b95396db251d827 (patch)
tree	dabfe3e631339c2fc99a9ee7febb0f9c128e325e /meta/classes/uboot-sign.bbclass
parent	10317912ee319ccf7f83605d438b5cbf9663f296 (diff)
download	poky-fd1517e2b51a170f2427122c6b95396db251d827.tar.gz

diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass deleted file mode 100644 index debbf23ec6..0000000000 --- a/meta/classes/uboot-sign.bbclass +++ /dev/null
@@ -1,505 +0,0 @@
1	#
2	# Copyright OpenEmbedded Contributors
3	#
4	# SPDX-License-Identifier: MIT
5	#
6
7	# This file is part of U-Boot verified boot support and is intended to be
8	# inherited from u-boot recipe and from kernel-fitimage.bbclass.
9	#
10	# The signature procedure requires the user to generate an RSA key and
11	# certificate in a directory and to define the following variable:
12	#
13	# UBOOT_SIGN_KEYDIR = "/keys/directory"
14	# UBOOT_SIGN_KEYNAME = "dev" # keys name in keydir (eg. "dev.crt", "dev.key")
15	# UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
16	# UBOOT_SIGN_ENABLE = "1"
17	#
18	# As verified boot depends on fitImage generation, following is also required:
19	#
20	# KERNEL_CLASSES ?= " kernel-fitimage "
21	# KERNEL_IMAGETYPE ?= "fitImage"
22	#
23	# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
24	#
25	# The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to
26	# treat the device tree blob:
27	#
28	# * u-boot:do_install:append
29	# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
30	# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
31	#
32	# * virtual/kernel:do_assemble_fitimage
33	# Sign the image
34	#
35	# * u-boot:do_deploy[postfuncs]
36	# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others.
37	#
38	# For more details on signature process, please refer to U-Boot documentation.
39
40	# We need some variables from u-boot-config
41	inherit uboot-config
42
43	# Enable use of a U-Boot fitImage
44	UBOOT_FITIMAGE_ENABLE ?= "0"
45
46	# Signature activation - these require their respective fitImages
47	UBOOT_SIGN_ENABLE ?= "0"
48	SPL_SIGN_ENABLE ?= "0"
49
50	# Default value for deployment filenames.
51	UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
52	UBOOT_DTB_BINARY ?= "u-boot.dtb"
53	UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
54	UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
55	UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
56	UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.bin"
57	UBOOT_ITS_IMAGE ?= "u-boot-its-${MACHINE}-${PV}-${PR}"
58	UBOOT_ITS ?= "u-boot.its"
59	UBOOT_ITS_SYMLINK ?= "u-boot-its-${MACHINE}"
60	UBOOT_FITIMAGE_IMAGE ?= "u-boot-fitImage-${MACHINE}-${PV}-${PR}"
61	UBOOT_FITIMAGE_BINARY ?= "u-boot-fitImage"
62	UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
63	SPL_DIR ?= "spl"
64	SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
65	SPL_DTB_BINARY ?= "u-boot-spl.dtb"
66	SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
67	SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
68	SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
69	SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
70
71	# U-Boot fitImage description
72	UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
73
74	# Kernel / U-Boot fitImage Hash Algo
75	FIT_HASH_ALG ?= "sha256"
76	UBOOT_FIT_HASH_ALG ?= "sha256"
77
78	# Kernel / U-Boot fitImage Signature Algo
79	FIT_SIGN_ALG ?= "rsa2048"
80	UBOOT_FIT_SIGN_ALG ?= "rsa2048"
81
82	# Kernel / U-Boot fitImage Padding Algo
83	FIT_PAD_ALG ?= "pkcs-1.5"
84
85	# Generate keys for signing Kernel / U-Boot fitImage
86	FIT_GENERATE_KEYS ?= "0"
87	UBOOT_FIT_GENERATE_KEYS ?= "0"
88
89	# Size of private keys in number of bits
90	FIT_SIGN_NUMBITS ?= "2048"
91	UBOOT_FIT_SIGN_NUMBITS ?= "2048"
92
93	# args to openssl genrsa (Default is just the public exponent)
94	FIT_KEY_GENRSA_ARGS ?= "-F4"
95	UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
96
97	# args to openssl req (Default is -batch for non interactive mode and
98	# -new for new certificate)
99	FIT_KEY_REQ_ARGS ?= "-batch -new"
100	UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
101
102	# Standard format for public key certificate
103	FIT_KEY_SIGN_PKCS ?= "-x509"
104	UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
105
106	# Functions on this bbclass can apply to either U-boot or Kernel,
107	# depending on the scenario
108	UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
109	KERNEL_PN = "${@d.getVar('PREFERRED_PROVIDER_virtual/kernel')}"
110
111	# We need u-boot-tools-native if we're creating a U-Boot fitImage
112	python() {
113	if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1':
114	depends = d.getVar("DEPENDS")
115	depends = "%s u-boot-tools-native dtc-native" % depends
116	d.setVar("DEPENDS", depends)
117	}
118
119	concat_dtb_helper() {
120	if [ -e "${UBOOT_DTB_BINARY}" ]; then
121	ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
122	ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
123	fi
124
125	if [ -f "${UBOOT_NODTB_BINARY}" ]; then
126	install ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
127	ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
128	ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
129	fi
130
131	# If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
132	# with public key (otherwise it will be deployed by the equivalent
133	# concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
134	if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
135	deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}'
136	if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
137	[ -e "$deployed_uboot_dtb_binary" ]; then
138	oe_runmake EXT_DTB=$deployed_uboot_dtb_binary
139	install ${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE}
140	elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
141	cd ${DEPLOYDIR}
142	cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary \| tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE}
143
144	if [ -n "${UBOOT_CONFIG}" ]
145	then
146	i=0
147	j=0
148	for config in ${UBOOT_MACHINE}; do
149	i=$(expr $i + 1);
150	for type in ${UBOOT_CONFIG}; do
151	j=$(expr $j + 1);
152	if [ $j -eq $i ]
153	then
154	cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
155	fi
156	done
157	done
158	fi
159	else
160	bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
161	fi
162	fi
163	}
164
165	concat_spl_dtb_helper() {
166
167	# We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will
168	# be responsible for deploying the real file
169	if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
170	ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
171	ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
172	fi
173
174	# Concatenate the SPL nodtb binary and u-boot.dtb
175	deployed_spl_dtb_binary='${DEPLOY_DIR_IMAGE}/${SPL_DTB_IMAGE}'
176	if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
177	cd ${DEPLOYDIR}
178	cat ${SPL_NODTB_IMAGE} $deployed_spl_dtb_binary \| tee ${B}/${CONFIG_B_PATH}/${SPL_BINARY} > ${SPL_IMAGE}
179	else
180	bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
181	fi
182	}
183
184
185	concat_dtb() {
186	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then
187	mkdir -p ${DEPLOYDIR}
188	if [ -n "${UBOOT_CONFIG}" ]; then
189	for config in ${UBOOT_MACHINE}; do
190	CONFIG_B_PATH="$config"
191	cd ${B}/$config
192	concat_dtb_helper
193	done
194	else
195	CONFIG_B_PATH=""
196	cd ${B}
197	concat_dtb_helper
198	fi
199	fi
200	}
201
202	concat_spl_dtb() {
203	if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then
204	mkdir -p ${DEPLOYDIR}
205	if [ -n "${UBOOT_CONFIG}" ]; then
206	for config in ${UBOOT_MACHINE}; do
207	CONFIG_B_PATH="$config"
208	cd ${B}/$config
209	concat_spl_dtb_helper
210	done
211	else
212	CONFIG_B_PATH=""
213	cd ${B}
214	concat_spl_dtb_helper
215	fi
216	fi
217	}
218
219
220	# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
221	# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
222	install_helper() {
223	if [ -f "${UBOOT_DTB_BINARY}" ]; then
224	# UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we
225	# need both of them.
226	install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
227	ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
228	else
229	bbwarn "${UBOOT_DTB_BINARY} not found"
230	fi
231	}
232
233	# Install SPL dtb and u-boot nodtb to datadir,
234	install_spl_helper() {
235	if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
236	install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
237	ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY}
238	else
239	bbwarn "${SPL_DTB_BINARY} not found"
240	fi
241	if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
242	install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
243	ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
244	else
245	bbwarn "${UBOOT_NODTB_BINARY} not found"
246	fi
247
248	# We need to install a 'stub' u-boot-fitimage + its to datadir,
249	# so that the KERNEL_PN can use the correct filename when
250	# assembling and deploying them
251	touch ${D}/${datadir}/${UBOOT_FITIMAGE_IMAGE}
252	touch ${D}/${datadir}/${UBOOT_ITS_IMAGE}
253	}
254
255	do_install:append() {
256	if [ "${PN}" = "${UBOOT_PN}" ]; then
257	if [ -n "${UBOOT_CONFIG}" ]; then
258	for config in ${UBOOT_MACHINE}; do
259	cd ${B}/$config
260	if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
261	[ -n "${UBOOT_DTB_BINARY}" ]; then
262	install_helper
263	fi
264	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
265	install_spl_helper
266	fi
267	done
268	else
269	cd ${B}
270	if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
271	[ -n "${UBOOT_DTB_BINARY}" ]; then
272	install_helper
273	fi
274	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
275	install_spl_helper
276	fi
277	fi
278	fi
279	}
280
281	do_uboot_generate_rsa_keys() {
282	if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
283	bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
284	fi
285
286	if [ "${SPL_SIGN_ENABLE}" = "1" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
287
288	# Generate keys only if they don't already exist
289	if [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key ] \|\| \
290	[ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt ]; then
291
292	# make directory if it does not already exist
293	mkdir -p "${SPL_SIGN_KEYDIR}"
294
295	echo "Generating RSA private key for signing U-Boot fitImage"
296	openssl genrsa ${UBOOT_FIT_KEY_GENRSA_ARGS} -out \
297	"${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
298	"${UBOOT_FIT_SIGN_NUMBITS}"
299
300	echo "Generating certificate for signing U-Boot fitImage"
301	openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
302	-key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
303	-out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
304	fi
305	fi
306
307	}
308
309	addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile
310
311	# Create a ITS file for the U-boot FIT, for use when
312	# we want to sign it so that the SPL can verify it
313	uboot_fitimage_assemble() {
314	uboot_its="$1"
315	uboot_nodtb_bin="$2"
316	uboot_dtb="$3"
317	uboot_bin="$4"
318	spl_dtb="$5"
319	uboot_csum="${UBOOT_FIT_HASH_ALG}"
320	uboot_sign_algo="${UBOOT_FIT_SIGN_ALG}"
321	uboot_sign_keyname="${SPL_SIGN_KEYNAME}"
322
323	rm -f $uboot_its $uboot_bin
324
325	# First we create the ITS script
326	cat << EOF >> $uboot_its
327	/dts-v1/;
328
329	/ {
330	description = "${UBOOT_FIT_DESC}";
331	#address-cells = <1>;
332
333	images {
334	uboot {
335	description = "U-Boot image";
336	data = /incbin/("$uboot_nodtb_bin");
337	type = "standalone";
338	os = "u-boot";
339	arch = "${UBOOT_ARCH}";
340	compression = "none";
341	load = <${UBOOT_LOADADDRESS}>;
342	entry = <${UBOOT_ENTRYPOINT}>;
343	EOF
344
345	if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
346	cat << EOF >> $uboot_its
347	signature {
348	algo = "$uboot_csum,$uboot_sign_algo";
349	key-name-hint = "$uboot_sign_keyname";
350	};
351	EOF
352	fi
353
354	cat << EOF >> $uboot_its
355	};
356	fdt {
357	description = "U-Boot FDT";
358	data = /incbin/("$uboot_dtb");
359	type = "flat_dt";
360	arch = "${UBOOT_ARCH}";
361	compression = "none";
362	EOF
363
364	if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
365	cat << EOF >> $uboot_its
366	signature {
367	algo = "$uboot_csum,$uboot_sign_algo";
368	key-name-hint = "$uboot_sign_keyname";
369	};
370	EOF
371	fi
372
373	cat << EOF >> $uboot_its
374	};
375	};
376
377	configurations {
378	default = "conf";
379	conf {
380	description = "Boot with signed U-Boot FIT";
381	loadables = "uboot";
382	fdt = "fdt";
383	};
384	};
385	};
386	EOF
387
388	#
389	# Assemble the U-boot FIT image
390	#
391	${UBOOT_MKIMAGE} \
392	${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
393	-f $uboot_its \
394	$uboot_bin
395
396	if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
397	#
398	# Sign the U-boot FIT image and add public key to SPL dtb
399	#
400	${UBOOT_MKIMAGE_SIGN} \
401	${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
402	-F -k "${SPL_SIGN_KEYDIR}" \
403	-K "$spl_dtb" \
404	-r $uboot_bin \
405	${SPL_MKIMAGE_SIGN_ARGS}
406	fi
407
408	}
409
410	do_uboot_assemble_fitimage() {
411	# This function runs in KERNEL_PN context. The reason for that is that we need to
412	# support the scenario where UBOOT_SIGN_ENABLE is placing the Kernel fitImage's
413	# pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot
414	# fitImage itself.
415	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
416	[ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then
417	if [ "${UBOOT_SIGN_ENABLE}" != "1" ]; then
418	# If we're not signing the Kernel fitImage, that means
419	# we need to copy the u-boot.dtb from staging ourselves
420	cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
421	fi
422	# As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first.
423	# Unfortunately, need to glob on top of ${SPL_DTB_BINARY} since _IMAGE and _SYMLINK
424	# will contain U-boot's PV
425	# Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in
426	# staging so that we can use it for creating the image with the correct filename
427	# in the KERNEL_PN context.
428	# As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent
429	# do_assemble_fitimage task
430	cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B}
431	cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B}
432	rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-*
433	kernel_uboot_fitimage_name=`basename ${STAGING_DATADIR}/u-boot-fitImage-*`
434	kernel_uboot_its_name=`basename ${STAGING_DATADIR}/u-boot-its-*`
435	cd ${B}
436	uboot_fitimage_assemble $kernel_uboot_its_name ${UBOOT_NODTB_BINARY} \
437	${UBOOT_DTB_BINARY} $kernel_uboot_fitimage_name \
438	${SPL_DTB_BINARY}
439	fi
440	}
441
442	addtask uboot_assemble_fitimage before do_deploy after do_compile
443
444	do_deploy:prepend:pn-${UBOOT_PN}() {
445	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
446	concat_dtb
447	fi
448
449	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
450	# Deploy the u-boot-nodtb binary and symlinks...
451	if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
452	echo "Copying u-boot-nodtb binary..."
453	install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
454	ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
455	ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
456	fi
457
458
459	# We only deploy the symlinks to the uboot-fitImage and uboot-its
460	# images, as the KERNEL_PN will take care of deploying the real file
461	ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
462	ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
463	ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
464	ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
465	fi
466
467	if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
468	concat_spl_dtb
469	fi
470
471
472	}
473
474	do_deploy:append:pn-${UBOOT_PN}() {
475	# If we're creating a u-boot fitImage, point u-boot.bin
476	# symlink since it might get used by image recipes
477	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
478	ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_BINARY}
479	ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
480	fi
481	}
482
483	python () {
484	if ( (d.getVar('UBOOT_SIGN_ENABLE') == '1'
485	or d.getVar('UBOOT_FITIMAGE_ENABLE') == '1')
486	and d.getVar('PN') == d.getVar('UBOOT_PN')
487	and d.getVar('UBOOT_DTB_BINARY')):
488
489	# Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
490	# and/or the U-Boot fitImage
491	d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % d.getVar('KERNEL_PN'))
492
493	if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' and d.getVar('PN') == d.getVar('KERNEL_PN'):
494	# As the U-Boot fitImage is created by the KERNEL_PN, we need
495	# to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
496	# files are in the staging dir for it's use
497	d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % d.getVar('UBOOT_PN'))
498
499	# If the Kernel fitImage is being signed, we need to
500	# create the U-Boot fitImage after it
501	if d.getVar('UBOOT_SIGN_ENABLE') == '1':
502	d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage' % d.getVar('KERNEL_PN'))
503	d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage_initramfs' % d.getVar('KERNEL_PN'))
504
505	}