summaryrefslogtreecommitdiffstats
path: root/meta/classes-recipe/uboot-sign.bbclass
diff options
context:
space:
mode:
Diffstat (limited to 'meta/classes-recipe/uboot-sign.bbclass')
-rw-r--r--meta/classes-recipe/uboot-sign.bbclass417
1 files changed, 189 insertions, 228 deletions
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index 569907fa68..3dc029c429 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -5,7 +5,7 @@
5# 5#
6 6
7# This file is part of U-Boot verified boot support and is intended to be 7# This file is part of U-Boot verified boot support and is intended to be
8# inherited from u-boot recipe and from kernel-fitimage.bbclass. 8# inherited from the u-boot recipe.
9# 9#
10# The signature procedure requires the user to generate an RSA key and 10# The signature procedure requires the user to generate an RSA key and
11# certificate in a directory and to define the following variable: 11# certificate in a directory and to define the following variable:
@@ -22,19 +22,6 @@
22# 22#
23# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot. 23# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
24# 24#
25# The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to
26# treat the device tree blob:
27#
28# * u-boot:do_install:append
29# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
30# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
31#
32# * virtual/kernel:do_assemble_fitimage
33# Sign the image
34#
35# * u-boot:do_deploy[postfuncs]
36# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others.
37#
38# For more details on signature process, please refer to U-Boot documentation. 25# For more details on signature process, please refer to U-Boot documentation.
39 26
40# We need some variables from u-boot-config 27# We need some variables from u-boot-config
@@ -49,6 +36,7 @@ SPL_SIGN_ENABLE ?= "0"
49# Default value for deployment filenames. 36# Default value for deployment filenames.
50UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb" 37UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
51UBOOT_DTB_BINARY ?= "u-boot.dtb" 38UBOOT_DTB_BINARY ?= "u-boot.dtb"
39UBOOT_DTB_SIGNED ?= "${UBOOT_DTB_BINARY}-signed"
52UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb" 40UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
53UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin" 41UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
54UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin" 42UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
@@ -62,6 +50,7 @@ UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
62SPL_DIR ?= "spl" 50SPL_DIR ?= "spl"
63SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb" 51SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
64SPL_DTB_BINARY ?= "u-boot-spl.dtb" 52SPL_DTB_BINARY ?= "u-boot-spl.dtb"
53SPL_DTB_SIGNED ?= "${SPL_DTB_BINARY}-signed"
65SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb" 54SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
66SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin" 55SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
67SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin" 56SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
@@ -92,58 +81,48 @@ UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
92# Standard format for public key certificate 81# Standard format for public key certificate
93UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509" 82UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
94 83
95# Functions on this bbclass can apply to either U-boot or Kernel, 84# This is only necessary for determining the signing configuration
96# depending on the scenario 85KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}"
97UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
98KERNEL_PN = "${@d.getVar('PREFERRED_PROVIDER_virtual/kernel')}"
99 86
100# We need u-boot-tools-native if we're creating a U-Boot fitImage
101python() { 87python() {
102 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1': 88 # We need u-boot-tools-native if we're creating a U-Boot fitImage
103 depends = d.getVar("DEPENDS") 89 sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
104 depends = "%s u-boot-tools-native dtc-native" % depends 90 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
105 d.setVar("DEPENDS", depends) 91 d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
92 if sign:
93 d.appendVar('DEPENDS', " " + d.getVar('KERNEL_PN'))
106} 94}
107 95
108concat_dtb_helper() { 96concat_dtb() {
109 if [ -e "${UBOOT_DTB_BINARY}" ]; then 97 type="$1"
110 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY} 98 binary="$2"
111 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
112 fi
113 99
114 if [ -f "${UBOOT_NODTB_BINARY}" ]; then 100 if [ -e "${UBOOT_DTB_BINARY}" ]; then
115 install ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} 101 # Re-sign the kernel in order to add the keys to our dtb
116 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK} 102 ${UBOOT_MKIMAGE_SIGN} \
117 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY} 103 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
104 -F -k "${UBOOT_SIGN_KEYDIR}" \
105 -K "${UBOOT_DTB_BINARY}" \
106 -r ${B}/fitImage-linux \
107 ${UBOOT_MKIMAGE_SIGN_ARGS}
108 cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
118 fi 109 fi
119 110
120 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB 111 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
121 # with public key (otherwise it will be deployed by the equivalent 112 # with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble)
122 # concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
123 if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then 113 if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
124 deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}'
125 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ 114 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
126 [ -e "$deployed_uboot_dtb_binary" ]; then 115 [ -e "${UBOOT_DTB_BINARY}" ]; then
127 oe_runmake EXT_DTB=$deployed_uboot_dtb_binary 116 oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET}
128 install ${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} 117 if [ -n "${binary}" ]; then
129 elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then 118 cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
130 cd ${DEPLOYDIR} 119 fi
131 cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE} 120 elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then
132 121 if [ -n "${binary}" ]; then
133 if [ -n "${UBOOT_CONFIG}" ] 122 cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \
134 then 123 ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
135 i=0 124 else
136 j=0 125 cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} > ${UBOOT_BINARY}
137 for config in ${UBOOT_MACHINE}; do
138 i=$(expr $i + 1);
139 for type in ${UBOOT_CONFIG}; do
140 j=$(expr $j + 1);
141 if [ $j -eq $i ]
142 then
143 cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
144 fi
145 done
146 done
147 fi 126 fi
148 else 127 else
149 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available." 128 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
@@ -151,120 +130,67 @@ concat_dtb_helper() {
151 fi 130 fi
152} 131}
153 132
154concat_spl_dtb_helper() { 133deploy_dtb() {
134 type="$1"
155 135
156 # We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will 136 if [ -n "${type}" ]; then
157 # be responsible for deploying the real file 137 uboot_dtb_binary="u-boot-${type}-${PV}-${PR}.dtb"
158 if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then 138 uboot_nodtb_binary="u-boot-nodtb-${type}-${PV}-${PR}.bin"
159 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
160 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
161 fi
162
163 # Concatenate the SPL nodtb binary and u-boot.dtb
164 deployed_spl_dtb_binary='${DEPLOY_DIR_IMAGE}/${SPL_DTB_IMAGE}'
165 if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
166 cd ${DEPLOYDIR}
167 cat ${SPL_NODTB_IMAGE} $deployed_spl_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${SPL_BINARY} > ${SPL_IMAGE}
168 else 139 else
169 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available." 140 uboot_dtb_binary="${UBOOT_DTB_IMAGE}"
141 uboot_nodtb_binary="${UBOOT_NODTB_IMAGE}"
170 fi 142 fi
171}
172 143
173 144 if [ -e "${UBOOT_DTB_SIGNED}" ]; then
174concat_dtb() { 145 install -Dm644 ${UBOOT_DTB_SIGNED} ${DEPLOYDIR}/${uboot_dtb_binary}
175 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then 146 if [ -n "${type}" ]; then
176 mkdir -p ${DEPLOYDIR} 147 ln -sf ${uboot_dtb_binary} ${DEPLOYDIR}/${UBOOT_DTB_IMAGE}
177 if [ -n "${UBOOT_CONFIG}" ]; then
178 for config in ${UBOOT_MACHINE}; do
179 CONFIG_B_PATH="$config"
180 cd ${B}/$config
181 concat_dtb_helper
182 done
183 else
184 CONFIG_B_PATH=""
185 cd ${B}
186 concat_dtb_helper
187 fi 148 fi
188 fi 149 fi
189}
190 150
191concat_spl_dtb() { 151 if [ -f "${UBOOT_NODTB_BINARY}" ]; then
192 if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then 152 install -Dm644 ${UBOOT_DTB_BINARY} ${DEPLOYDIR}/${uboot_nodtb_binary}
193 mkdir -p ${DEPLOYDIR} 153 if [ -n "${type}" ]; then
194 if [ -n "${UBOOT_CONFIG}" ]; then 154 ln -sf ${uboot_nodtb_binary} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
195 for config in ${UBOOT_MACHINE}; do
196 CONFIG_B_PATH="$config"
197 cd ${B}/$config
198 concat_spl_dtb_helper
199 done
200 else
201 CONFIG_B_PATH=""
202 cd ${B}
203 concat_spl_dtb_helper
204 fi 155 fi
205 fi 156 fi
206} 157}
207 158
208 159concat_spl_dtb() {
209# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for 160 if [ -e "${SPL_DIR}/${SPL_NODTB_BINARY}" -a -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
210# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. 161 cat ${SPL_DIR}/${SPL_NODTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED} > "${SPL_BINARY}"
211install_helper() {
212 if [ -f "${UBOOT_DTB_BINARY}" ]; then
213 # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we
214 # need both of them.
215 install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
216 ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
217 else 162 else
218 bbwarn "${UBOOT_DTB_BINARY} not found" 163 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
219 fi 164 fi
220} 165}
221 166
222# Install SPL dtb and u-boot nodtb to datadir, 167deploy_spl_dtb() {
223install_spl_helper() { 168 type="$1"
224 if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then 169
225 install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE} 170 if [ -n "${type}" ]; then
226 ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY} 171 spl_dtb_binary="u-boot-spl-${type}-${PV}-${PR}.dtb"
227 else 172 spl_nodtb_binary="u-boot-spl-nodtb-${type}-${PV}-${PR}.bin"
228 bbwarn "${SPL_DTB_BINARY} not found"
229 fi
230 if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
231 install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
232 ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
233 else 173 else
234 bbwarn "${UBOOT_NODTB_BINARY} not found" 174 spl_dtb_binary="${SPL_DTB_IMAGE}"
175 spl_nodtb_binary="${SPL_NODTB_IMAGE}"
235 fi 176 fi
236 177
237 # We need to install a 'stub' u-boot-fitimage + its to datadir, 178 if [ -e "${SPL_DIR}/${SPL_DTB_SIGNED}" ] ; then
238 # so that the KERNEL_PN can use the correct filename when 179 install -Dm644 ${SPL_DIR}/${SPL_DTB_SIGNED} ${DEPLOYDIR}/${spl_dtb_binary}
239 # assembling and deploying them 180 if [ -n "${type}" ]; then
240 touch ${D}/${datadir}/${UBOOT_FITIMAGE_IMAGE} 181 ln -sf ${spl_dtb_binary} ${DEPLOYDIR}/${SPL_DTB_IMAGE}
241 touch ${D}/${datadir}/${UBOOT_ITS_IMAGE} 182 fi
242} 183 fi
243 184
244do_install:append() { 185 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
245 if [ "${PN}" = "${UBOOT_PN}" ]; then 186 install -Dm644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${spl_nodtb_binary}
246 if [ -n "${UBOOT_CONFIG}" ]; then 187 if [ -n "${type}" ]; then
247 for config in ${UBOOT_MACHINE}; do 188 ln -sf ${spl_nodtb_binary} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
248 cd ${B}/$config
249 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
250 [ -n "${UBOOT_DTB_BINARY}" ]; then
251 install_helper
252 fi
253 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
254 install_spl_helper
255 fi
256 done
257 else
258 cd ${B}
259 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
260 [ -n "${UBOOT_DTB_BINARY}" ]; then
261 install_helper
262 fi
263 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
264 install_spl_helper
265 fi
266 fi 189 fi
267 fi 190 fi
191
192 # For backwards compatibility...
193 install -Dm644 ${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
268} 194}
269 195
270do_uboot_generate_rsa_keys() { 196do_uboot_generate_rsa_keys() {
@@ -300,13 +226,10 @@ addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compi
300# Create a ITS file for the U-boot FIT, for use when 226# Create a ITS file for the U-boot FIT, for use when
301# we want to sign it so that the SPL can verify it 227# we want to sign it so that the SPL can verify it
302uboot_fitimage_assemble() { 228uboot_fitimage_assemble() {
303 uboot_its="$(basename ${STAGING_DATADIR}/u-boot-its-*)" 229 rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY}
304 uboot_bin="$(basename ${STAGING_DATADIR}/u-boot-fitImage-*)"
305
306 rm -f $uboot_its $uboot_bin
307 230
308 # First we create the ITS script 231 # First we create the ITS script
309 cat << EOF >> $uboot_its 232 cat << EOF >> ${UBOOT_ITS}
310/dts-v1/; 233/dts-v1/;
311 234
312/ { 235/ {
@@ -326,7 +249,7 @@ uboot_fitimage_assemble() {
326EOF 249EOF
327 250
328 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 251 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
329 cat << EOF >> $uboot_its 252 cat << EOF >> ${UBOOT_ITS}
330 signature { 253 signature {
331 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; 254 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
332 key-name-hint = "${SPL_SIGN_KEYNAME}"; 255 key-name-hint = "${SPL_SIGN_KEYNAME}";
@@ -334,7 +257,7 @@ EOF
334EOF 257EOF
335 fi 258 fi
336 259
337 cat << EOF >> $uboot_its 260 cat << EOF >> ${UBOOT_ITS}
338 }; 261 };
339 fdt { 262 fdt {
340 description = "U-Boot FDT"; 263 description = "U-Boot FDT";
@@ -345,7 +268,7 @@ EOF
345EOF 268EOF
346 269
347 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 270 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
348 cat << EOF >> $uboot_its 271 cat << EOF >> ${UBOOT_ITS}
349 signature { 272 signature {
350 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; 273 algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
351 key-name-hint = "${SPL_SIGN_KEYNAME}"; 274 key-name-hint = "${SPL_SIGN_KEYNAME}";
@@ -353,7 +276,7 @@ EOF
353EOF 276EOF
354 fi 277 fi
355 278
356 cat << EOF >> $uboot_its 279 cat << EOF >> ${UBOOT_ITS}
357 }; 280 };
358 }; 281 };
359 282
@@ -373,8 +296,8 @@ EOF
373 # 296 #
374 ${UBOOT_MKIMAGE} \ 297 ${UBOOT_MKIMAGE} \
375 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \ 298 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
376 -f $uboot_its \ 299 -f ${UBOOT_ITS} \
377 $uboot_bin 300 ${UBOOT_FITIMAGE_BINARY}
378 301
379 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then 302 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
380 # 303 #
@@ -383,74 +306,136 @@ EOF
383 ${UBOOT_MKIMAGE_SIGN} \ 306 ${UBOOT_MKIMAGE_SIGN} \
384 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \ 307 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
385 -F -k "${SPL_SIGN_KEYDIR}" \ 308 -F -k "${SPL_SIGN_KEYDIR}" \
386 -K "${SPL_DTB_BINARY}" \ 309 -K "${SPL_DIR}/${SPL_DTB_BINARY}" \
387 -r $uboot_bin \ 310 -r ${UBOOT_FITIMAGE_BINARY} \
388 ${SPL_MKIMAGE_SIGN_ARGS} 311 ${SPL_MKIMAGE_SIGN_ARGS}
389 fi 312 fi
390 313
314 cp ${SPL_DIR}/${SPL_DTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED}
315}
316
317uboot_assemble_fitimage_helper() {
318 type="$1"
319 binary="$2"
320
321 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
322 concat_dtb $type $binary
323 fi
324
325 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
326 uboot_fitimage_assemble
327 fi
328
329 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
330 concat_spl_dtb
331 fi
391} 332}
392 333
393do_uboot_assemble_fitimage() { 334do_uboot_assemble_fitimage() {
394 # This function runs in KERNEL_PN context. The reason for that is that we need to 335 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
395 # support the scenario where UBOOT_SIGN_ENABLE is placing the Kernel fitImage's 336 cp "${STAGING_DIR_HOST}/sysroot-only/fitImage" "${B}/fitImage-linux"
396 # pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot 337 fi
397 # fitImage itself. 338
398 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ 339 if [ -n "${UBOOT_CONFIG}" ]; then
399 [ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then 340 unset i j k
400 if [ "${UBOOT_SIGN_ENABLE}" != "1" ]; then 341 for config in ${UBOOT_MACHINE}; do
401 # If we're not signing the Kernel fitImage, that means 342 i=$(expr $i + 1);
402 # we need to copy the u-boot.dtb from staging ourselves 343 for type in ${UBOOT_CONFIG}; do
403 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} 344 j=$(expr $j + 1);
404 fi 345 if [ $j -eq $i ]; then
405 # As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first. 346 break;
406 # Unfortunately, need to glob on top of ${SPL_DTB_BINARY} since _IMAGE and _SYMLINK 347 fi
407 # will contain U-boot's PV 348 done
408 # Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in 349
409 # staging so that we can use it for creating the image with the correct filename 350 for binary in ${UBOOT_BINARIES}; do
410 # in the KERNEL_PN context. 351 k=$(expr $j + 1);
411 # As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent 352 if [ $k -eq $i ]; then
412 # do_assemble_fitimage task 353 break;
413 cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B} 354 fi
414 cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B} 355 done
415 rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-* 356
357 cd ${B}/${config}
358 uboot_assemble_fitimage_helper ${type} ${binary}
359 done
360 else
416 cd ${B} 361 cd ${B}
417 uboot_fitimage_assemble 362 uboot_assemble_fitimage_helper "" ${UBOOT_BINARY}
418 fi 363 fi
419} 364}
420 365
421addtask uboot_assemble_fitimage before do_deploy after do_compile 366addtask uboot_assemble_fitimage before do_install do_deploy after do_compile
422 367
423do_deploy:prepend:pn-${UBOOT_PN}() { 368deploy_helper() {
424 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then 369 type="$1"
425 concat_dtb 370
371 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_SIGNED}" ] ; then
372 deploy_dtb $type
426 fi 373 fi
427 374
428 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then 375 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
429 # Deploy the u-boot-nodtb binary and symlinks... 376 if [ -n "${type}" ]; then
430 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then 377 uboot_its_image="u-boot-its-${type}-${PV}-${PR}"
431 echo "Copying u-boot-nodtb binary..." 378 uboot_fitimage_image="u-boot-fitImage-${type}-${PV}-${PR}"
432 install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE} 379 else
433 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK} 380 uboot_its_image="${UBOOT_ITS_IMAGE}"
434 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY} 381 uboot_fitimage_image="${UBOOT_FITIMAGE_IMAGE}"
435 fi 382 fi
436 383
384 install -Dm644 ${UBOOT_FITIMAGE_BINARY} ${DEPLOYDIR}/$uboot_fitimage_image
385 install -Dm644 ${UBOOT_ITS} ${DEPLOYDIR}/$uboot_its_image
437 386
438 # We only deploy the symlinks to the uboot-fitImage and uboot-its 387 if [ -n "${type}" ]; then
439 # images, as the KERNEL_PN will take care of deploying the real file 388 ln -sf $uboot_its_image ${DEPLOYDIR}/${UBOOT_ITS_IMAGE}
440 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY} 389 ln -sf $uboot_fitimage_image ${DEPLOYDIR}/${UBOOT_FITIMAGE_IMAGE}
441 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK} 390 fi
391 fi
392
393 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_SIGNED}" ] ; then
394 deploy_spl_dtb $type
395 fi
396}
397
398do_deploy:prepend() {
399 if [ -n "${UBOOT_CONFIG}" ]; then
400 unset i j k
401 for config in ${UBOOT_MACHINE}; do
402 i=$(expr $i + 1);
403 for type in ${UBOOT_CONFIG}; do
404 j=$(expr $j + 1);
405 if [ $j -eq $i ]; then
406 cd ${B}/${config}
407 deploy_helper ${type}
408 fi
409 done
410 done
411 else
412 cd ${B}
413 deploy_helper ""
414 fi
415
416 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
417 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
418 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
419 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
420 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
421 fi
422
423 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
442 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS} 424 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
443 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK} 425 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
426 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
427 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
444 fi 428 fi
445 429
446 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then 430 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
447 concat_spl_dtb 431 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
432 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
433 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
434 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
448 fi 435 fi
449
450
451} 436}
452 437
453do_deploy:append:pn-${UBOOT_PN}() { 438do_deploy:append() {
454 # If we're creating a u-boot fitImage, point u-boot.bin 439 # If we're creating a u-boot fitImage, point u-boot.bin
455 # symlink since it might get used by image recipes 440 # symlink since it might get used by image recipes
456 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then 441 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
@@ -458,27 +443,3 @@ do_deploy:append:pn-${UBOOT_PN}() {
458 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK} 443 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
459 fi 444 fi
460} 445}
461
462python () {
463 if ( (d.getVar('UBOOT_SIGN_ENABLE') == '1'
464 or d.getVar('UBOOT_FITIMAGE_ENABLE') == '1')
465 and d.getVar('PN') == d.getVar('UBOOT_PN')
466 and d.getVar('UBOOT_DTB_BINARY')):
467
468 # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
469 # and/or the U-Boot fitImage
470 d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % d.getVar('KERNEL_PN'))
471
472 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' and d.getVar('PN') == d.getVar('KERNEL_PN'):
473 # As the U-Boot fitImage is created by the KERNEL_PN, we need
474 # to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
475 # files are in the staging dir for it's use
476 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % d.getVar('UBOOT_PN'))
477
478 # If the Kernel fitImage is being signed, we need to
479 # create the U-Boot fitImage after it
480 if d.getVar('UBOOT_SIGN_ENABLE') == '1':
481 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage' % d.getVar('KERNEL_PN'))
482 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage_initramfs' % d.getVar('KERNEL_PN'))
483
484}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 23:13:36 +0000