diff options
Diffstat (limited to 'meta/classes-recipe/kernel-fitimage.bbclass')
-rw-r--r-- | meta/classes-recipe/kernel-fitimage.bbclass | 803 |
1 files changed, 803 insertions, 0 deletions
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass new file mode 100644 index 0000000000..838ce204cb --- /dev/null +++ b/meta/classes-recipe/kernel-fitimage.bbclass @@ -0,0 +1,803 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +inherit kernel-uboot kernel-artifact-names uboot-sign + +def get_fit_replacement_type(d): + kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" + replacementtype = "" + if 'fitImage' in kerneltypes.split(): + uarch = d.getVar("UBOOT_ARCH") + if uarch == "arm64": + replacementtype = "Image" + elif uarch == "riscv": + replacementtype = "Image" + elif uarch == "mips": + replacementtype = "vmlinuz.bin" + elif uarch == "x86": + replacementtype = "bzImage" + elif uarch == "microblaze": + replacementtype = "linux.bin" + else: + replacementtype = "zImage" + return replacementtype + +KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" +DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" + +python __anonymous () { + # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal + # to kernel.bbclass . We have to override it, since we pack zImage + # (at least for now) into the fitImage . + typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" + if 'fitImage' in typeformake.split(): + d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) + + image = d.getVar('INITRAMFS_IMAGE') + if image: + d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') + + ubootenv = d.getVar('UBOOT_ENV') + if ubootenv: + d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') + + #check if there are any dtb providers + providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") + if providerdtb: + d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') + d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') + d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") + + # Verified boot will sign the fitImage and append the public key to + # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling + # the fitImage: + if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'): + uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' + d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) + if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": + d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) +} + + +# Description string +FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" + +# Sign individual images as well +FIT_SIGN_INDIVIDUAL ?= "0" + +FIT_CONF_PREFIX ?= "conf-" +FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" + +FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" + +# Keys used to sign individually image nodes. +# The keys to sign image nodes must be different from those used to sign +# configuration nodes, otherwise the "required" property, from +# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". +# Then the images signature checking will not be mandatory and no error will be +# raised in case of failure. +# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") + +# +# Emit the fitImage ITS header +# +# $1 ... .its filename +fitimage_emit_fit_header() { + cat << EOF >> $1 +/dts-v1/; + +/ { + description = "${FIT_DESC}"; + #address-cells = <1>; +EOF +} + +# +# Emit the fitImage section bits +# +# $1 ... .its filename +# $2 ... Section bit type: imagestart - image section start +# confstart - configuration section start +# sectend - section end +# fitend - fitimage end +# +fitimage_emit_section_maint() { + case $2 in + imagestart) + cat << EOF >> $1 + + images { +EOF + ;; + confstart) + cat << EOF >> $1 + + configurations { +EOF + ;; + sectend) + cat << EOF >> $1 + }; +EOF + ;; + fitend) + cat << EOF >> $1 +}; +EOF + ;; + esac +} + +# +# Emit the fitImage ITS kernel section +# +# $1 ... .its filename +# $2 ... Image counter +# $3 ... Path to kernel image +# $4 ... Compression type +fitimage_emit_section_kernel() { + + kernel_csum="${FIT_HASH_ALG}" + kernel_sign_algo="${FIT_SIGN_ALG}" + kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" + + ENTRYPOINT="${UBOOT_ENTRYPOINT}" + if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then + ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ + awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` + fi + + cat << EOF >> $1 + kernel-$2 { + description = "Linux kernel"; + data = /incbin/("$3"); + type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; + arch = "${UBOOT_ARCH}"; + os = "linux"; + compression = "$4"; + load = <${UBOOT_LOADADDRESS}>; + entry = <$ENTRYPOINT>; + hash-1 { + algo = "$kernel_csum"; + }; + }; +EOF + + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then + sed -i '$ d' $1 + cat << EOF >> $1 + signature-1 { + algo = "$kernel_csum,$kernel_sign_algo"; + key-name-hint = "$kernel_sign_keyname"; + }; + }; +EOF + fi +} + +# +# Emit the fitImage ITS DTB section +# +# $1 ... .its filename +# $2 ... Image counter +# $3 ... Path to DTB image +fitimage_emit_section_dtb() { + + dtb_csum="${FIT_HASH_ALG}" + dtb_sign_algo="${FIT_SIGN_ALG}" + dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" + + dtb_loadline="" + dtb_ext=${DTB##*.} + if [ "${dtb_ext}" = "dtbo" ]; then + if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then + dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" + fi + elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then + dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" + fi + cat << EOF >> $1 + fdt-$2 { + description = "Flattened Device Tree blob"; + data = /incbin/("$3"); + type = "flat_dt"; + arch = "${UBOOT_ARCH}"; + compression = "none"; + $dtb_loadline + hash-1 { + algo = "$dtb_csum"; + }; + }; +EOF + + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then + sed -i '$ d' $1 + cat << EOF >> $1 + signature-1 { + algo = "$dtb_csum,$dtb_sign_algo"; + key-name-hint = "$dtb_sign_keyname"; + }; + }; +EOF + fi +} + +# +# Emit the fitImage ITS u-boot script section +# +# $1 ... .its filename +# $2 ... Image counter +# $3 ... Path to boot script image +fitimage_emit_section_boot_script() { + + bootscr_csum="${FIT_HASH_ALG}" + bootscr_sign_algo="${FIT_SIGN_ALG}" + bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" + + cat << EOF >> $1 + bootscr-$2 { + description = "U-boot script"; + data = /incbin/("$3"); + type = "script"; + arch = "${UBOOT_ARCH}"; + compression = "none"; + hash-1 { + algo = "$bootscr_csum"; + }; + }; +EOF + + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then + sed -i '$ d' $1 + cat << EOF >> $1 + signature-1 { + algo = "$bootscr_csum,$bootscr_sign_algo"; + key-name-hint = "$bootscr_sign_keyname"; + }; + }; +EOF + fi +} + +# +# Emit the fitImage ITS setup section +# +# $1 ... .its filename +# $2 ... Image counter +# $3 ... Path to setup image +fitimage_emit_section_setup() { + + setup_csum="${FIT_HASH_ALG}" + + cat << EOF >> $1 + setup-$2 { + description = "Linux setup.bin"; + data = /incbin/("$3"); + type = "x86_setup"; + arch = "${UBOOT_ARCH}"; + os = "linux"; + compression = "none"; + load = <0x00090000>; + entry = <0x00090000>; + hash-1 { + algo = "$setup_csum"; + }; + }; +EOF +} + +# +# Emit the fitImage ITS ramdisk section +# +# $1 ... .its filename +# $2 ... Image counter +# $3 ... Path to ramdisk image +fitimage_emit_section_ramdisk() { + + ramdisk_csum="${FIT_HASH_ALG}" + ramdisk_sign_algo="${FIT_SIGN_ALG}" + ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" + ramdisk_loadline="" + ramdisk_entryline="" + + if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then + ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" + fi + if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then + ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" + fi + + cat << EOF >> $1 + ramdisk-$2 { + description = "${INITRAMFS_IMAGE}"; + data = /incbin/("$3"); + type = "ramdisk"; + arch = "${UBOOT_ARCH}"; + os = "linux"; + compression = "none"; + $ramdisk_loadline + $ramdisk_entryline + hash-1 { + algo = "$ramdisk_csum"; + }; + }; +EOF + + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then + sed -i '$ d' $1 + cat << EOF >> $1 + signature-1 { + algo = "$ramdisk_csum,$ramdisk_sign_algo"; + key-name-hint = "$ramdisk_sign_keyname"; + }; + }; +EOF + fi +} + +# +# Emit the fitImage ITS configuration section +# +# $1 ... .its filename +# $2 ... Linux kernel ID +# $3 ... DTB image name +# $4 ... ramdisk ID +# $5 ... u-boot script ID +# $6 ... config ID +# $7 ... default flag +fitimage_emit_section_config() { + + conf_csum="${FIT_HASH_ALG}" + conf_sign_algo="${FIT_SIGN_ALG}" + conf_padding_algo="${FIT_PAD_ALG}" + if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then + conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" + fi + + its_file="$1" + kernel_id="$2" + dtb_image="$3" + ramdisk_id="$4" + bootscr_id="$5" + config_id="$6" + default_flag="$7" + + # Test if we have any DTBs at all + sep="" + conf_desc="" + conf_node="${FIT_CONF_PREFIX}" + kernel_line="" + fdt_line="" + ramdisk_line="" + bootscr_line="" + setup_line="" + default_line="" + + # conf node name is selected based on dtb ID if it is present, + # otherwise its selected based on kernel ID + if [ -n "$dtb_image" ]; then + conf_node=$conf_node$dtb_image + else + conf_node=$conf_node$kernel_id + fi + + if [ -n "$kernel_id" ]; then + conf_desc="Linux kernel" + sep=", " + kernel_line="kernel = \"kernel-$kernel_id\";" + fi + + if [ -n "$dtb_image" ]; then + conf_desc="$conf_desc${sep}FDT blob" + sep=", " + fdt_line="fdt = \"fdt-$dtb_image\";" + fi + + if [ -n "$ramdisk_id" ]; then + conf_desc="$conf_desc${sep}ramdisk" + sep=", " + ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" + fi + + if [ -n "$bootscr_id" ]; then + conf_desc="$conf_desc${sep}u-boot script" + sep=", " + bootscr_line="bootscr = \"bootscr-$bootscr_id\";" + fi + + if [ -n "$config_id" ]; then + conf_desc="$conf_desc${sep}setup" + setup_line="setup = \"setup-$config_id\";" + fi + + if [ "$default_flag" = "1" ]; then + # default node is selected based on dtb ID if it is present, + # otherwise its selected based on kernel ID + if [ -n "$dtb_image" ]; then + default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + else + default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" + fi + fi + + cat << EOF >> $its_file + $default_line + $conf_node { + description = "$default_flag $conf_desc"; + $kernel_line + $fdt_line + $ramdisk_line + $bootscr_line + $setup_line + hash-1 { + algo = "$conf_csum"; + }; +EOF + + if [ -n "$conf_sign_keyname" ] ; then + + sign_line="sign-images = " + sep="" + + if [ -n "$kernel_id" ]; then + sign_line="$sign_line${sep}\"kernel\"" + sep=", " + fi + + if [ -n "$dtb_image" ]; then + sign_line="$sign_line${sep}\"fdt\"" + sep=", " + fi + + if [ -n "$ramdisk_id" ]; then + sign_line="$sign_line${sep}\"ramdisk\"" + sep=", " + fi + + if [ -n "$bootscr_id" ]; then + sign_line="$sign_line${sep}\"bootscr\"" + sep=", " + fi + + if [ -n "$config_id" ]; then + sign_line="$sign_line${sep}\"setup\"" + fi + + sign_line="$sign_line;" + + cat << EOF >> $its_file + signature-1 { + algo = "$conf_csum,$conf_sign_algo"; + key-name-hint = "$conf_sign_keyname"; + padding = "$conf_padding_algo"; + $sign_line + }; +EOF + fi + + cat << EOF >> $its_file + }; +EOF +} + +# +# Assemble fitImage +# +# $1 ... .its filename +# $2 ... fitImage name +# $3 ... include ramdisk +fitimage_assemble() { + kernelcount=1 + dtbcount="" + DTBS="" + ramdiskcount=$3 + setupcount="" + bootscr_id="" + rm -f $1 arch/${ARCH}/boot/$2 + + if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then + bbfatal "Keys used to sign images and configuration nodes must be different." + fi + + fitimage_emit_fit_header $1 + + # + # Step 1: Prepare a kernel image section. + # + fitimage_emit_section_maint $1 imagestart + + uboot_prep_kimage + fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" + + # + # Step 2: Prepare a DTB image section + # + + if [ -n "${KERNEL_DEVICETREE}" ]; then + dtbcount=1 + for DTB in ${KERNEL_DEVICETREE}; do + if echo $DTB | grep -q '/dts/'; then + bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." + DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` + fi + + # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} + if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then + continue + fi + + DTB_PATH="arch/${ARCH}/boot/dts/$DTB" + if [ ! -e "$DTB_PATH" ]; then + DTB_PATH="arch/${ARCH}/boot/$DTB" + fi + + DTB=$(echo "$DTB" | tr '/' '_') + DTBS="$DTBS $DTB" + fitimage_emit_section_dtb $1 $DTB $DTB_PATH + done + fi + + if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then + dtbcount=1 + for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do + DTB=$(echo "$DTB" | tr '/' '_') + DTBS="$DTBS $DTB" + fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" + done + fi + + # + # Step 3: Prepare a u-boot script section + # + + if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then + if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then + cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} + bootscr_id="${UBOOT_ENV_BINARY}" + fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} + else + bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." + fi + fi + + # + # Step 4: Prepare a setup section. (For x86) + # + if [ -e arch/${ARCH}/boot/setup.bin ]; then + setupcount=1 + fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin + fi + + # + # Step 5: Prepare a ramdisk section. + # + if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then + # Find and use the first initramfs image archive type we find + found= + for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do + initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" + if [ -e "$initramfs_path" ]; then + bbnote "Found initramfs image: $initramfs_path" + found=true + fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" + break + else + bbnote "Did not find initramfs image: $initramfs_path" + fi + done + + if [ -z "$found" ]; then + bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" + fi + fi + + fitimage_emit_section_maint $1 sectend + + # Force the first Kernel and DTB in the default config + kernelcount=1 + if [ -n "$dtbcount" ]; then + dtbcount=1 + fi + + # + # Step 6: Prepare a configurations section + # + fitimage_emit_section_maint $1 confstart + + # kernel-fitimage.bbclass currently only supports a single kernel (no less or + # more) to be added to the FIT image along with 0 or more device trees and + # 0 or 1 ramdisk. + # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) + # When the initramfs bundle is used ramdisk is disabled. + # If a device tree is to be part of the FIT image, then select + # the default configuration to be used is based on the dtbcount. If there is + # no dtb present than select the default configuation to be based on + # the kernelcount. + if [ -n "$DTBS" ]; then + i=1 + for DTB in ${DTBS}; do + dtb_ext=${DTB##*.} + if [ "$dtb_ext" = "dtbo" ]; then + fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" + else + fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" + fi + i=`expr $i + 1` + done + else + defaultconfigcount=1 + fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount + fi + + fitimage_emit_section_maint $1 sectend + + fitimage_emit_section_maint $1 fitend + + # + # Step 7: Assemble the image + # + ${UBOOT_MKIMAGE} \ + ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ + -f $1 \ + arch/${ARCH}/boot/$2 + + # + # Step 8: Sign the image and add public key to U-Boot dtb + # + if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then + add_key_to_u_boot="" + if [ -n "${UBOOT_DTB_BINARY}" ]; then + # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy + # both of them, and don't dereference the symlink. + cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} + add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" + fi + ${UBOOT_MKIMAGE_SIGN} \ + ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ + -F -k "${UBOOT_SIGN_KEYDIR}" \ + $add_key_to_u_boot \ + -r arch/${ARCH}/boot/$2 \ + ${UBOOT_MKIMAGE_SIGN_ARGS} + fi +} + +do_assemble_fitimage() { + if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then + cd ${B} + fitimage_assemble fit-image.its fitImage "" + fi +} + +addtask assemble_fitimage before do_install after do_compile + +do_assemble_fitimage_initramfs() { + if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ + test -n "${INITRAMFS_IMAGE}" ; then + cd ${B} + if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then + fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage "" + else + fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 + fi + fi +} + +addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs + +do_kernel_generate_rsa_keys() { + if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then + bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." + fi + + if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then + + # Generate keys to sign configuration nodes, only if they don't already exist + if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ + [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then + + # make directory if it does not already exist + mkdir -p "${UBOOT_SIGN_KEYDIR}" + + bbnote "Generating RSA private key for signing fitImage" + openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ + "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ + "${FIT_SIGN_NUMBITS}" + + bbnote "Generating certificate for signing fitImage" + openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ + -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ + -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt + fi + + # Generate keys to sign image nodes, only if they don't already exist + if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ + [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then + + # make directory if it does not already exist + mkdir -p "${UBOOT_SIGN_KEYDIR}" + + bbnote "Generating RSA private key for signing fitImage" + openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ + "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ + "${FIT_SIGN_NUMBITS}" + + bbnote "Generating certificate for signing fitImage" + openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ + -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ + -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt + fi + fi +} + +addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile + +kernel_do_deploy[vardepsexclude] = "DATETIME" +kernel_do_deploy:append() { + # Update deploy directory + if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then + + if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then + bbnote "Copying fit-image.its source file..." + install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" + if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then + ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" + fi + + bbnote "Copying linux.bin file..." + install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} + if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then + ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" + fi + fi + + if [ -n "${INITRAMFS_IMAGE}" ]; then + bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." + install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" + if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then + ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" + fi + + if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then + bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." + install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" + if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then + ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" + fi + fi + fi + fi + if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ + [ -n "${UBOOT_DTB_BINARY}" ] ; then + # UBOOT_DTB_IMAGE is a realfile, but we can't use + # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed + # for u-boot, but we are in kernel env now. + install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" + fi + if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then + # If we're also creating and/or signing the uboot fit, now we need to + # deploy it, it's its file, as well as u-boot-spl.dtb + install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" + bbnote "Copying u-boot-fitImage file..." + install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" + bbnote "Copying u-boot-its file..." + install -m 0644 ${B}/u-boot-its-* "$deployDir/" + fi +} + +# The function below performs the following in case of initramfs bundles: +# - Removes do_assemble_fitimage. FIT generation is done through +# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed +# and should not be part of the tasks to be executed. +# - Since do_kernel_generate_rsa_keys is inserted by default +# between do_compile and do_assemble_fitimage, this is +# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys +# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. +python () { + if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": + bb.build.deltask('do_assemble_fitimage', d) + bb.build.deltask('kernel_generate_rsa_keys', d) + bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) +} |