diff options
| author |   Ming Liu <liu.ming50@gmail.com> | 2021-05-22 10:25:41 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-25 10:04:06 +0100 |
| commit | 36814f5467c9abd84aeb05916b4fd49f766f4f9f (patch) | |
| tree | c2d39a8250fba20e6d97d6427a46d99ccba7740e /meta/classes/uboot-sign.bbclass | |
| parent | 0ef3a5e2a6d4507c8d9bc6143f9aa65e6cdb1ed7 (diff) | |
| download | openembedded-core-contrib-36814f5467c9abd84aeb05916b4fd49f766f4f9f.tar.gz | |
uboot-sign/kernel-fitimage: split generate_rsa_keys task
Currently generate_rsa_keys tasks are being executed parallelly in
kernel and uboot's task list, and both of them are calling openssl to
generate rsa keys in same path, this can lead to race condition.
Let's split it to kernel_generate_rsa_keys and uboot_generate_rsa_keys.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/uboot-sign.bbclass')
| -rw-r--r-- | meta/classes/uboot-sign.bbclass | 29 |
1 files changed, 2 insertions, 27 deletions
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index d11882f90f..29b2edc833 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass @@ -255,32 +255,7 @@ do_install_append() { fi } -do_generate_rsa_keys() { - if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." - fi - - if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - - # Generate keys only if they don't already exist - if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ - [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then - - # make directory if it does not already exist - mkdir -p "${UBOOT_SIGN_KEYDIR}" - - echo "Generating RSA private key for signing fitImage" - openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ - "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - "${FIT_SIGN_NUMBITS}" - - echo "Generating certificate for signing fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ - -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt - fi - fi - +do_uboot_generate_rsa_keys() { if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." fi @@ -308,7 +283,7 @@ do_generate_rsa_keys() { } -addtask generate_rsa_keys before do_uboot_assemble_fitimage after do_compile +addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile # Create a ITS file for the U-boot FIT, for use when # we want to sign it so that the SPL can verify it |