| Age | Commit message (Collapse) | Author |
|---|
|
When UBOOT_DTB_BINARY is set to "", the keys for signed booting are
expected to be already present in U-Boot's DTB, so don't issue warnings
for this.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
MACHINE = "beaglebone-yocto"
KERNEL_CLASSES += "kernel-fitimage"
KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage"
UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf"
UBOOT_SIGN_KEYNAME = "dev"
UBOOT_SIGN_ENABLE = "1"
IMAGE_INSTALL_remove = "kernel-image-zimage"
$ cd conf
$ openssl genrsa -F4 -out dev.key 2048
$ openssl req -batch -new -x509 -key dev.key -out dev.crt
$ cd ../
$ bitbake u-boot linux-yocto
$ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb
Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches
Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches
Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches
And there would be no signature info when rebuild from sstate:
$ bitbake u-boot linux-yocto -cclean
$ bitbake u-boot linux-yocto
$ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb
No result
This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it
is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified
info is not in sstate, and would be lost when rebuild from sstate.
There are other problems in previouse code:
- The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so
it should be deployed by kernel rather than u-boot.
- The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE},
this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy.
- It seems that it assumes do_deploy depends on do_install according the comments,
but they have no relationships:
# do_concat_dtb is scheduled _before_ do_install as it overwrite the
# u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
- The do_concat_dtb should be run after do_compile, but it doesn't have this
dependency.
Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from
${STAGING_DATADIR} to ${B} and deploy it can fix the problem.
[YOCTO #12112]
Reported-by: Christian Andersen <c.andersen@kostal.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use 4 spaces to replace a tab.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
U-Boot people are amazingly pedantic in their insistence on proper
spelling of "U-Boot", so humour them.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now that out of tree building is enabled, ${B} must be used instead of
${S} as the path for UBOOT_BINARY.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Prior to running oe_runmake make sure $B is the cwd. This is required
due to bitbake commit 67a7b8b021badc17d8fdf447c250e79d291e75f7
"build: don't use $B as the default cwd for functions".
Without this change, do_concat_dtb fails with:
| ERROR: oe_runmake failed
| make: *** No targets specified and no makefile found. Stop.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Handle u-boot.rom signing (U-Boot as x86 BIOS replacement) the same way
that u-boot.img signing is handled.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
u-boot-nodtb.img doesn't exist so if UBOOT_SUFFIX = "img" is used
u-boot.img must be rebuilt by running make with
EXT_DTB=${DEPLOYDIR}/${UBOOT_DTB_IMAGE} then the resulting .img file must
be install to the deploy directories.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This enable the deployment of u-boot-nodtb.bin and u-boot.dtb files.
Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This introduces a new uboot-sign.class to support U-Boot verified boot.
This part delivers the new class file, with related environment variables, and
a new task intended to run before do_install task and which performs the
concatenation of the u-boot-nodtb.bin and the device tree blob. The 'cat'
command used overrides the u-boot.bin in both DEPLOYDIR & build dir to
propagate the changes in later tasks (do_install, do_package, etc.)
Signed-off-by: Yannick Gicquel <yannick.gicquel@iot.bzh>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Alex Kiernan
Robert Yang
Robert P. J. Day
Joshua Lock
George McCollister
Yannick Gicquel