| # |
| # Copyright OpenEmbedded Contributors |
| # |
| # SPDX-License-Identifier: MIT |
| # |
| |
| inherit kernel-uboot kernel-artifact-names uboot-sign |
| |
| def get_fit_replacement_type(d): |
| kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" |
| replacementtype = "" |
| if 'fitImage' in kerneltypes.split(): |
| uarch = d.getVar("UBOOT_ARCH") |
| if uarch == "arm64": |
| replacementtype = "Image" |
| elif uarch == "riscv": |
| replacementtype = "Image" |
| elif uarch == "mips": |
| replacementtype = "vmlinuz.bin" |
| elif uarch == "x86": |
| replacementtype = "bzImage" |
| elif uarch == "microblaze": |
| replacementtype = "linux.bin" |
| else: |
| replacementtype = "zImage" |
| return replacementtype |
| |
| KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" |
| DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" |
| |
| python __anonymous () { |
| # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal |
| # to kernel.bbclass . We have to override it, since we pack zImage |
| # (at least for now) into the fitImage . |
| typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" |
| if 'fitImage' in typeformake.split(): |
| d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) |
| |
| image = d.getVar('INITRAMFS_IMAGE') |
| if image: |
| d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') |
| |
| ubootenv = d.getVar('UBOOT_ENV') |
| if ubootenv: |
| d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') |
| |
| #check if there are any dtb providers |
| providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") |
| if providerdtb: |
| d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') |
| d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') |
| d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") |
| |
| # Verified boot will sign the fitImage and append the public key to |
| # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling |
| # the fitImage: |
| if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'): |
| uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' |
| d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) |
| if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": |
| d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) |
| } |
| |
| |
| # Description string |
| FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
| |
| # Sign individual images as well |
| FIT_SIGN_INDIVIDUAL ?= "0" |
| |
| FIT_CONF_PREFIX ?= "conf-" |
| FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" |
| |
| FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" |
| |
| # Keys used to sign individually image nodes. |
| # The keys to sign image nodes must be different from those used to sign |
| # configuration nodes, otherwise the "required" property, from |
| # UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". |
| # Then the images signature checking will not be mandatory and no error will be |
| # raised in case of failure. |
| # UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") |
| |
| # |
| # Emit the fitImage ITS header |
| # |
| # $1 ... .its filename |
| fitimage_emit_fit_header() { |
| cat << EOF >> $1 |
| /dts-v1/; |
| |
| / { |
| description = "${FIT_DESC}"; |
| #address-cells = <1>; |
| EOF |
| } |
| |
| # |
| # Emit the fitImage section bits |
| # |
| # $1 ... .its filename |
| # $2 ... Section bit type: imagestart - image section start |
| # confstart - configuration section start |
| # sectend - section end |
| # fitend - fitimage end |
| # |
| fitimage_emit_section_maint() { |
| case $2 in |
| imagestart) |
| cat << EOF >> $1 |
| |
| images { |
| EOF |
| ;; |
| confstart) |
| cat << EOF >> $1 |
| |
| configurations { |
| EOF |
| ;; |
| sectend) |
| cat << EOF >> $1 |
| }; |
| EOF |
| ;; |
| fitend) |
| cat << EOF >> $1 |
| }; |
| EOF |
| ;; |
| esac |
| } |
| |
| # |
| # Emit the fitImage ITS kernel section |
| # |
| # $1 ... .its filename |
| # $2 ... Image counter |
| # $3 ... Path to kernel image |
| # $4 ... Compression type |
| fitimage_emit_section_kernel() { |
| |
| kernel_csum="${FIT_HASH_ALG}" |
| kernel_sign_algo="${FIT_SIGN_ALG}" |
| kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| |
| ENTRYPOINT="${UBOOT_ENTRYPOINT}" |
| if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then |
| ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ |
| awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` |
| fi |
| |
| cat << EOF >> $1 |
| kernel-$2 { |
| description = "Linux kernel"; |
| data = /incbin/("$3"); |
| type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; |
| arch = "${UBOOT_ARCH}"; |
| os = "linux"; |
| compression = "$4"; |
| load = <${UBOOT_LOADADDRESS}>; |
| entry = <$ENTRYPOINT>; |
| hash-1 { |
| algo = "$kernel_csum"; |
| }; |
| }; |
| EOF |
| |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then |
| sed -i '$ d' $1 |
| cat << EOF >> $1 |
| signature-1 { |
| algo = "$kernel_csum,$kernel_sign_algo"; |
| key-name-hint = "$kernel_sign_keyname"; |
| }; |
| }; |
| EOF |
| fi |
| } |
| |
| # |
| # Emit the fitImage ITS DTB section |
| # |
| # $1 ... .its filename |
| # $2 ... Image counter |
| # $3 ... Path to DTB image |
| fitimage_emit_section_dtb() { |
| |
| dtb_csum="${FIT_HASH_ALG}" |
| dtb_sign_algo="${FIT_SIGN_ALG}" |
| dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| |
| dtb_loadline="" |
| dtb_ext=${DTB##*.} |
| if [ "${dtb_ext}" = "dtbo" ]; then |
| if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then |
| dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" |
| fi |
| elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then |
| dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" |
| fi |
| cat << EOF >> $1 |
| fdt-$2 { |
| description = "Flattened Device Tree blob"; |
| data = /incbin/("$3"); |
| type = "flat_dt"; |
| arch = "${UBOOT_ARCH}"; |
| compression = "none"; |
| $dtb_loadline |
| hash-1 { |
| algo = "$dtb_csum"; |
| }; |
| }; |
| EOF |
| |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then |
| sed -i '$ d' $1 |
| cat << EOF >> $1 |
| signature-1 { |
| algo = "$dtb_csum,$dtb_sign_algo"; |
| key-name-hint = "$dtb_sign_keyname"; |
| }; |
| }; |
| EOF |
| fi |
| } |
| |
| # |
| # Emit the fitImage ITS u-boot script section |
| # |
| # $1 ... .its filename |
| # $2 ... Image counter |
| # $3 ... Path to boot script image |
| fitimage_emit_section_boot_script() { |
| |
| bootscr_csum="${FIT_HASH_ALG}" |
| bootscr_sign_algo="${FIT_SIGN_ALG}" |
| bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| |
| cat << EOF >> $1 |
| bootscr-$2 { |
| description = "U-boot script"; |
| data = /incbin/("$3"); |
| type = "script"; |
| arch = "${UBOOT_ARCH}"; |
| compression = "none"; |
| hash-1 { |
| algo = "$bootscr_csum"; |
| }; |
| }; |
| EOF |
| |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then |
| sed -i '$ d' $1 |
| cat << EOF >> $1 |
| signature-1 { |
| algo = "$bootscr_csum,$bootscr_sign_algo"; |
| key-name-hint = "$bootscr_sign_keyname"; |
| }; |
| }; |
| EOF |
| fi |
| } |
| |
| # |
| # Emit the fitImage ITS setup section |
| # |
| # $1 ... .its filename |
| # $2 ... Image counter |
| # $3 ... Path to setup image |
| fitimage_emit_section_setup() { |
| |
| setup_csum="${FIT_HASH_ALG}" |
| |
| cat << EOF >> $1 |
| setup-$2 { |
| description = "Linux setup.bin"; |
| data = /incbin/("$3"); |
| type = "x86_setup"; |
| arch = "${UBOOT_ARCH}"; |
| os = "linux"; |
| compression = "none"; |
| load = <0x00090000>; |
| entry = <0x00090000>; |
| hash-1 { |
| algo = "$setup_csum"; |
| }; |
| }; |
| EOF |
| } |
| |
| # |
| # Emit the fitImage ITS ramdisk section |
| # |
| # $1 ... .its filename |
| # $2 ... Image counter |
| # $3 ... Path to ramdisk image |
| fitimage_emit_section_ramdisk() { |
| |
| ramdisk_csum="${FIT_HASH_ALG}" |
| ramdisk_sign_algo="${FIT_SIGN_ALG}" |
| ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| ramdisk_loadline="" |
| ramdisk_entryline="" |
| |
| if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then |
| ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" |
| fi |
| if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then |
| ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" |
| fi |
| |
| cat << EOF >> $1 |
| ramdisk-$2 { |
| description = "${INITRAMFS_IMAGE}"; |
| data = /incbin/("$3"); |
| type = "ramdisk"; |
| arch = "${UBOOT_ARCH}"; |
| os = "linux"; |
| compression = "none"; |
| $ramdisk_loadline |
| $ramdisk_entryline |
| hash-1 { |
| algo = "$ramdisk_csum"; |
| }; |
| }; |
| EOF |
| |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then |
| sed -i '$ d' $1 |
| cat << EOF >> $1 |
| signature-1 { |
| algo = "$ramdisk_csum,$ramdisk_sign_algo"; |
| key-name-hint = "$ramdisk_sign_keyname"; |
| }; |
| }; |
| EOF |
| fi |
| } |
| |
| # |
| # Emit the fitImage ITS configuration section |
| # |
| # $1 ... .its filename |
| # $2 ... Linux kernel ID |
| # $3 ... DTB image name |
| # $4 ... ramdisk ID |
| # $5 ... u-boot script ID |
| # $6 ... config ID |
| # $7 ... default flag |
| fitimage_emit_section_config() { |
| |
| conf_csum="${FIT_HASH_ALG}" |
| conf_sign_algo="${FIT_SIGN_ALG}" |
| conf_padding_algo="${FIT_PAD_ALG}" |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then |
| conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" |
| fi |
| |
| its_file="$1" |
| kernel_id="$2" |
| dtb_image="$3" |
| ramdisk_id="$4" |
| bootscr_id="$5" |
| config_id="$6" |
| default_flag="$7" |
| |
| # Test if we have any DTBs at all |
| sep="" |
| conf_desc="" |
| conf_node="${FIT_CONF_PREFIX}" |
| kernel_line="" |
| fdt_line="" |
| ramdisk_line="" |
| bootscr_line="" |
| setup_line="" |
| default_line="" |
| |
| # conf node name is selected based on dtb ID if it is present, |
| # otherwise its selected based on kernel ID |
| if [ -n "$dtb_image" ]; then |
| conf_node=$conf_node$dtb_image |
| else |
| conf_node=$conf_node$kernel_id |
| fi |
| |
| if [ -n "$kernel_id" ]; then |
| conf_desc="Linux kernel" |
| sep=", " |
| kernel_line="kernel = \"kernel-$kernel_id\";" |
| fi |
| |
| if [ -n "$dtb_image" ]; then |
| conf_desc="$conf_desc${sep}FDT blob" |
| sep=", " |
| fdt_line="fdt = \"fdt-$dtb_image\";" |
| fi |
| |
| if [ -n "$ramdisk_id" ]; then |
| conf_desc="$conf_desc${sep}ramdisk" |
| sep=", " |
| ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" |
| fi |
| |
| if [ -n "$bootscr_id" ]; then |
| conf_desc="$conf_desc${sep}u-boot script" |
| sep=", " |
| bootscr_line="bootscr = \"bootscr-$bootscr_id\";" |
| fi |
| |
| if [ -n "$config_id" ]; then |
| conf_desc="$conf_desc${sep}setup" |
| setup_line="setup = \"setup-$config_id\";" |
| fi |
| |
| if [ "$default_flag" = "1" ]; then |
| # default node is selected based on dtb ID if it is present, |
| # otherwise its selected based on kernel ID |
| if [ -n "$dtb_image" ]; then |
| default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" |
| else |
| default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" |
| fi |
| fi |
| |
| cat << EOF >> $its_file |
| $default_line |
| $conf_node { |
| description = "$default_flag $conf_desc"; |
| $kernel_line |
| $fdt_line |
| $ramdisk_line |
| $bootscr_line |
| $setup_line |
| hash-1 { |
| algo = "$conf_csum"; |
| }; |
| EOF |
| |
| if [ -n "$conf_sign_keyname" ] ; then |
| |
| sign_line="sign-images = " |
| sep="" |
| |
| if [ -n "$kernel_id" ]; then |
| sign_line="$sign_line${sep}\"kernel\"" |
| sep=", " |
| fi |
| |
| if [ -n "$dtb_image" ]; then |
| sign_line="$sign_line${sep}\"fdt\"" |
| sep=", " |
| fi |
| |
| if [ -n "$ramdisk_id" ]; then |
| sign_line="$sign_line${sep}\"ramdisk\"" |
| sep=", " |
| fi |
| |
| if [ -n "$bootscr_id" ]; then |
| sign_line="$sign_line${sep}\"bootscr\"" |
| sep=", " |
| fi |
| |
| if [ -n "$config_id" ]; then |
| sign_line="$sign_line${sep}\"setup\"" |
| fi |
| |
| sign_line="$sign_line;" |
| |
| cat << EOF >> $its_file |
| signature-1 { |
| algo = "$conf_csum,$conf_sign_algo"; |
| key-name-hint = "$conf_sign_keyname"; |
| padding = "$conf_padding_algo"; |
| $sign_line |
| }; |
| EOF |
| fi |
| |
| cat << EOF >> $its_file |
| }; |
| EOF |
| } |
| |
| # |
| # Assemble fitImage |
| # |
| # $1 ... .its filename |
| # $2 ... fitImage name |
| # $3 ... include ramdisk |
| fitimage_assemble() { |
| kernelcount=1 |
| dtbcount="" |
| DTBS="" |
| ramdiskcount=$3 |
| setupcount="" |
| bootscr_id="" |
| rm -f $1 arch/${ARCH}/boot/$2 |
| |
| if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then |
| bbfatal "Keys used to sign images and configuration nodes must be different." |
| fi |
| |
| fitimage_emit_fit_header $1 |
| |
| # |
| # Step 1: Prepare a kernel image section. |
| # |
| fitimage_emit_section_maint $1 imagestart |
| |
| uboot_prep_kimage |
| fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" |
| |
| # |
| # Step 2: Prepare a DTB image section |
| # |
| |
| if [ -n "${KERNEL_DEVICETREE}" ]; then |
| dtbcount=1 |
| for DTB in ${KERNEL_DEVICETREE}; do |
| if echo $DTB | grep -q '/dts/'; then |
| bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." |
| DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` |
| fi |
| |
| # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} |
| if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then |
| continue |
| fi |
| |
| DTB_PATH="arch/${ARCH}/boot/dts/$DTB" |
| if [ ! -e "$DTB_PATH" ]; then |
| DTB_PATH="arch/${ARCH}/boot/$DTB" |
| fi |
| |
| DTB=$(echo "$DTB" | tr '/' '_') |
| |
| # Skip DTB if we've picked it up previously |
| echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| |
| DTBS="$DTBS $DTB" |
| fitimage_emit_section_dtb $1 $DTB $DTB_PATH |
| done |
| fi |
| |
| if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then |
| dtbcount=1 |
| for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do |
| DTB=$(echo "$DTB" | tr '/' '_') |
| |
| # Skip DTB if we've picked it up previously |
| echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| |
| DTBS="$DTBS $DTB" |
| fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" |
| done |
| fi |
| |
| # |
| # Step 3: Prepare a u-boot script section |
| # |
| |
| if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then |
| if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then |
| cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} |
| bootscr_id="${UBOOT_ENV_BINARY}" |
| fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} |
| else |
| bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." |
| fi |
| fi |
| |
| # |
| # Step 4: Prepare a setup section. (For x86) |
| # |
| if [ -e arch/${ARCH}/boot/setup.bin ]; then |
| setupcount=1 |
| fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin |
| fi |
| |
| # |
| # Step 5: Prepare a ramdisk section. |
| # |
| if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| # Find and use the first initramfs image archive type we find |
| found= |
| for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do |
| initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" |
| if [ -e "$initramfs_path" ]; then |
| bbnote "Found initramfs image: $initramfs_path" |
| found=true |
| fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" |
| break |
| else |
| bbnote "Did not find initramfs image: $initramfs_path" |
| fi |
| done |
| |
| if [ -z "$found" ]; then |
| bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" |
| fi |
| fi |
| |
| fitimage_emit_section_maint $1 sectend |
| |
| # Force the first Kernel and DTB in the default config |
| kernelcount=1 |
| if [ -n "$dtbcount" ]; then |
| dtbcount=1 |
| fi |
| |
| # |
| # Step 6: Prepare a configurations section |
| # |
| fitimage_emit_section_maint $1 confstart |
| |
| # kernel-fitimage.bbclass currently only supports a single kernel (no less or |
| # more) to be added to the FIT image along with 0 or more device trees and |
| # 0 or 1 ramdisk. |
| # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) |
| # When the initramfs bundle is used ramdisk is disabled. |
| # If a device tree is to be part of the FIT image, then select |
| # the default configuration to be used is based on the dtbcount. If there is |
| # no dtb present than select the default configuation to be based on |
| # the kernelcount. |
| if [ -n "$DTBS" ]; then |
| i=1 |
| for DTB in ${DTBS}; do |
| dtb_ext=${DTB##*.} |
| if [ "$dtb_ext" = "dtbo" ]; then |
| fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" |
| else |
| fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" |
| fi |
| i=`expr $i + 1` |
| done |
| else |
| defaultconfigcount=1 |
| fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount |
| fi |
| |
| fitimage_emit_section_maint $1 sectend |
| |
| fitimage_emit_section_maint $1 fitend |
| |
| # |
| # Step 7: Assemble the image |
| # |
| ${UBOOT_MKIMAGE} \ |
| ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| -f $1 \ |
| arch/${ARCH}/boot/$2 |
| |
| # |
| # Step 8: Sign the image and add public key to U-Boot dtb |
| # |
| if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then |
| add_key_to_u_boot="" |
| if [ -n "${UBOOT_DTB_BINARY}" ]; then |
| # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy |
| # both of them, and don't dereference the symlink. |
| cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} |
| add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" |
| fi |
| ${UBOOT_MKIMAGE_SIGN} \ |
| ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| -F -k "${UBOOT_SIGN_KEYDIR}" \ |
| $add_key_to_u_boot \ |
| -r arch/${ARCH}/boot/$2 \ |
| ${UBOOT_MKIMAGE_SIGN_ARGS} |
| fi |
| } |
| |
| do_assemble_fitimage() { |
| if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| cd ${B} |
| fitimage_assemble fit-image.its fitImage "" |
| fi |
| } |
| |
| addtask assemble_fitimage before do_install after do_compile |
| |
| do_assemble_fitimage_initramfs() { |
| if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ |
| test -n "${INITRAMFS_IMAGE}" ; then |
| cd ${B} |
| if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then |
| fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage "" |
| else |
| fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 |
| fi |
| fi |
| } |
| |
| addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs |
| |
| do_kernel_generate_rsa_keys() { |
| if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." |
| fi |
| |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| |
| # Generate keys to sign configuration nodes, only if they don't already exist |
| if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ |
| [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then |
| |
| # make directory if it does not already exist |
| mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| |
| bbnote "Generating RSA private key for signing fitImage" |
| openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| "${FIT_SIGN_NUMBITS}" |
| |
| bbnote "Generating certificate for signing fitImage" |
| openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt |
| fi |
| |
| # Generate keys to sign image nodes, only if they don't already exist |
| if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ |
| [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then |
| |
| # make directory if it does not already exist |
| mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| |
| bbnote "Generating RSA private key for signing fitImage" |
| openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| "${FIT_SIGN_NUMBITS}" |
| |
| bbnote "Generating certificate for signing fitImage" |
| openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt |
| fi |
| fi |
| } |
| |
| addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile |
| |
| kernel_do_deploy[vardepsexclude] = "DATETIME" |
| kernel_do_deploy:append() { |
| # Update deploy directory |
| if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| |
| if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| bbnote "Copying fit-image.its source file..." |
| install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" |
| if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" |
| fi |
| |
| bbnote "Copying linux.bin file..." |
| install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} |
| if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" |
| fi |
| fi |
| |
| if [ -n "${INITRAMFS_IMAGE}" ]; then |
| bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." |
| install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" |
| if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| fi |
| |
| if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." |
| install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" |
| if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| fi |
| fi |
| fi |
| fi |
| if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ |
| [ -n "${UBOOT_DTB_BINARY}" ] ; then |
| # UBOOT_DTB_IMAGE is a realfile, but we can't use |
| # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed |
| # for u-boot, but we are in kernel env now. |
| install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" |
| fi |
| if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then |
| # If we're also creating and/or signing the uboot fit, now we need to |
| # deploy it, it's its file, as well as u-boot-spl.dtb |
| install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" |
| bbnote "Copying u-boot-fitImage file..." |
| install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" |
| bbnote "Copying u-boot-its file..." |
| install -m 0644 ${B}/u-boot-its-* "$deployDir/" |
| fi |
| } |
| |
| # The function below performs the following in case of initramfs bundles: |
| # - Removes do_assemble_fitimage. FIT generation is done through |
| # do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed |
| # and should not be part of the tasks to be executed. |
| # - Since do_kernel_generate_rsa_keys is inserted by default |
| # between do_compile and do_assemble_fitimage, this is |
| # not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys |
| # should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. |
| python () { |
| if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": |
| bb.build.deltask('do_assemble_fitimage', d) |
| bb.build.deltask('kernel_generate_rsa_keys', d) |
| bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) |
| } |