diff options
author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2022-03-15 18:23:53 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-16 10:31:37 +0000 |
commit | 7892ee3dc37d302c8eb9c13cd8bb4b7b6e103949 (patch) | |
tree | ae934ed54a7d61c0261f00eefd1887d4cb05db0b /meta/classes | |
parent | 3da6a4151ed3d69595548931a86a64268be55749 (diff) | |
download | openembedded-core-contrib-7892ee3dc37d302c8eb9c13cd8bb4b7b6e103949.tar.gz |
kernel-fitimage: allow overriding FIT configuration prefix
The prefix was recently changed to play ball with the CVE-2021-27138
workaround in U-Boot. Already deployed bootloaders though may still
expect a configuration name containing @ or they may not be affected
by this issue.
Also, uses may want to customize it beyond the [@-] issue: When
device trees are built from a recipe using kernel-devicetree.bbclass
the configuration nodes will contain the parent directories, e.g.
KERNEL_DEVICETREE = "freescale/imx8mm-myboard.dtb"
will become "conf-freescale_imx8mm-myboard.dtb". When moving to
devicetree.bbclass, this prefix go away. With this change here,
users can restore it easily by setting FIT_CONF_PREFIX =
"conf-freescale_", ensuring backwards compatibility.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index c16977c477..8a9b195d6e 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -64,6 +64,9 @@ FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" # Sign individual images as well FIT_SIGN_INDIVIDUAL ?= "0" +FIT_CONF_PREFIX ?= "conf-" +FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" + # Keys used to sign individually image nodes. # The keys to sign image nodes must be different from those used to sign # configuration nodes, otherwise the "required" property, from @@ -358,7 +361,7 @@ fitimage_emit_section_config() { # Test if we have any DTBs at all sep="" conf_desc="" - conf_node="conf-" + conf_node="${FIT_CONF_PREFIX}" kernel_line="" fdt_line="" ramdisk_line="" @@ -407,9 +410,9 @@ fitimage_emit_section_config() { # default node is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then - default_line="default = \"conf-$dtb_image\";" + default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" else - default_line="default = \"conf-$kernel_id\";" + default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" fi fi |