diff options
author | Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> | 2021-03-26 17:14:07 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-04-06 11:35:53 +0100 |
commit | cc6c3e31526d3b6ef3a87ba5e548fcad7483bd51 (patch) | |
tree | 39916510cdcaed50a850fc1f30d4b70e23d34583 /meta/classes | |
parent | fd1c26ab426c3699ffd8082b83d65a84c8eb8bff (diff) | |
download | openembedded-core-cc6c3e31526d3b6ef3a87ba5e548fcad7483bd51.tar.gz |
u-boot: Move definitions to common locations
Move some definitions from u-boot.inc into uboot-config.bbclass and
similarly from kernel-fitimage.bbclass into uboot-sign.bbclass, so that
they can be useful when signing the U-boot proper fitimage, for a
verified-boot SPL.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/kernel-fitimage.bbclass | 58 | ||||
-rw-r--r-- | meta/classes/uboot-config.bbclass | 56 | ||||
-rw-r--r-- | meta/classes/uboot-sign.bbclass | 35 |
3 files changed, 91 insertions, 58 deletions
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index b9d8270027..6b7c1c3a7d 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -53,30 +53,6 @@ python __anonymous () { d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) } -# Options for the device tree compiler passed to mkimage '-D' feature: -UBOOT_MKIMAGE_DTCOPTS ??= "" - -# fitImage Hash Algo -FIT_HASH_ALG ?= "sha256" - -# fitImage Signature Algo -FIT_SIGN_ALG ?= "rsa2048" - -# Generate keys for signing fitImage -FIT_GENERATE_KEYS ?= "0" - -# Size of private key in number of bits -FIT_SIGN_NUMBITS ?= "2048" - -# args to openssl genrsa (Default is just the public exponent) -FIT_KEY_GENRSA_ARGS ?= "-F4" - -# args to openssl req (Default is -batch for non interactive mode and -# -new for new certificate) -FIT_KEY_REQ_ARGS ?= "-batch -new" - -# Standard format for public key certificate -FIT_KEY_SIGN_PKCS ?= "-x509" # Description string FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" @@ -84,13 +60,6 @@ FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" # Sign individual images as well FIT_SIGN_INDIVIDUAL ?= "0" -# mkimage command -UBOOT_MKIMAGE ?= "uboot-mkimage" -UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}" - -# Arguments passed to mkimage for signing -UBOOT_MKIMAGE_SIGN_ARGS ?= "" - # # Emit the fitImage ITS header # @@ -698,33 +667,6 @@ do_assemble_fitimage_initramfs() { addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs -do_generate_rsa_keys() { - if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." - fi - - if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - - # Generate keys only if they don't already exist - if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ - [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt]; then - - # make directory if it does not already exist - mkdir -p "${UBOOT_SIGN_KEYDIR}" - - echo "Generating RSA private key for signing fitImage" - openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ - "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - "${FIT_SIGN_NUMBITS}" - - echo "Generating certificate for signing fitImage" - openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ - -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ - -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt - fi - fi -} - addtask generate_rsa_keys before do_assemble_fitimage after do_compile kernel_do_deploy[vardepsexclude] = "DATETIME" diff --git a/meta/classes/uboot-config.bbclass b/meta/classes/uboot-config.bbclass index 89ff970fcc..31487c1418 100644 --- a/meta/classes/uboot-config.bbclass +++ b/meta/classes/uboot-config.bbclass @@ -11,7 +11,63 @@ # # Copyright 2013, 2014 (C) O.S. Systems Software LTDA. +# Some versions of u-boot use .bin and others use .img. By default use .bin +# but enable individual recipes to change this value. +UBOOT_SUFFIX ??= "bin" UBOOT_BINARY ?= "u-boot.${UBOOT_SUFFIX}" +UBOOT_BINARYNAME ?= "${@os.path.splitext(d.getVar("UBOOT_BINARY"))[0]}" +UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" +UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}" +UBOOT_MAKE_TARGET ?= "all" + +# Output the ELF generated. Some platforms can use the ELF file and directly +# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging +# purposes. +UBOOT_ELF ?= "" +UBOOT_ELF_SUFFIX ?= "elf" +UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}" +UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}" +UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}" + +# Some versions of u-boot build an SPL (Second Program Loader) image that +# should be packaged along with the u-boot binary as well as placed in the +# deploy directory. For those versions they can set the following variables +# to allow packaging the SPL. +SPL_BINARY ?= "" +SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}" +SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}" +SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}" + +# Additional environment variables or a script can be installed alongside +# u-boot to be used automatically on boot. This file, typically 'uEnv.txt' +# or 'boot.scr', should be packaged along with u-boot as well as placed in the +# deploy directory. Machine configurations needing one of these files should +# include it in the SRC_URI and set the UBOOT_ENV parameter. +UBOOT_ENV_SUFFIX ?= "txt" +UBOOT_ENV ?= "" +UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}" +UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}" +UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}" + +# Default name of u-boot initial env, but enable individual recipes to change +# this value. +UBOOT_INITIAL_ENV ?= "${PN}-initial-env" + +# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf +# to find EXTLINUX conf file. +UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux" +UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf" +UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}" + +# Options for the device tree compiler passed to mkimage '-D' feature: +UBOOT_MKIMAGE_DTCOPTS ??= "" + +# mkimage command +UBOOT_MKIMAGE ?= "uboot-mkimage" +UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}" + +# Arguments passed to mkimage for signing +UBOOT_MKIMAGE_SIGN_ARGS ?= "" python () { ubootmachine = d.getVar("UBOOT_MACHINE") diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index d590971a27..4e4941e733 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass @@ -31,6 +31,9 @@ # # For more details on signature process, please refer to U-Boot documentation. +# We need some variables from u-boot-config +inherit uboot-config + # Signature activation. UBOOT_SIGN_ENABLE ?= "0" @@ -41,6 +44,38 @@ UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb" UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" UBOOT_NODTB_BINARY ?= "u-boot-nodtb.${UBOOT_SUFFIX}" UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.${UBOOT_SUFFIX}" +UBOOT_ITS_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.its" +UBOOT_ITS ?= "u-boot.its" +UBOOT_ITS_SYMLINK ?= "u-boot-${MACHINE}.its" +SPL_DIR ?= "${@os.path.dirname(d.getVar("SPL_BINARY")) or '.'}" +SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb" +SPL_DTB_BINARY ?= "u-boot-spl.dtb" +SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb" +SPL_NODTB_IMAGE ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb-${MACHINE}-${PV}-${PR}${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}" +SPL_NODTB_BINARY ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}" +SPL_NODTB_SYMLINK ?= "${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[0]}-nodtb-${MACHINE}${@os.path.splitext(d.getVar("SPL_BINARYNAME"))[1]}" + +# fitImage Hash Algo +FIT_HASH_ALG ?= "sha256" + +# fitImage Signature Algo +FIT_SIGN_ALG ?= "rsa2048" + +# Generate keys for signing fitImage +FIT_GENERATE_KEYS ?= "0" + +# Size of private key in number of bits +FIT_SIGN_NUMBITS ?= "2048" + +# args to openssl genrsa (Default is just the public exponent) +FIT_KEY_GENRSA_ARGS ?= "-F4" + +# args to openssl req (Default is -batch for non interactive mode and +# -new for new certificate) +FIT_KEY_REQ_ARGS ?= "-batch -new" + +# Standard format for public key certificate +FIT_KEY_SIGN_PKCS ?= "-x509" # Functions in this bbclass is for u-boot only UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}" |