Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 1 | # |
| 2 | # Copyright OpenEmbedded Contributors |
| 3 | # |
| 4 | # SPDX-License-Identifier: MIT |
| 5 | # |
| 6 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 7 | inherit kernel-uboot kernel-artifact-names uboot-config |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 8 | |
| 9 | def get_fit_replacement_type(d): |
| 10 | kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" |
| 11 | replacementtype = "" |
| 12 | if 'fitImage' in kerneltypes.split(): |
| 13 | uarch = d.getVar("UBOOT_ARCH") |
| 14 | if uarch == "arm64": |
| 15 | replacementtype = "Image" |
| 16 | elif uarch == "riscv": |
| 17 | replacementtype = "Image" |
| 18 | elif uarch == "mips": |
| 19 | replacementtype = "vmlinuz.bin" |
| 20 | elif uarch == "x86": |
| 21 | replacementtype = "bzImage" |
| 22 | elif uarch == "microblaze": |
| 23 | replacementtype = "linux.bin" |
| 24 | else: |
| 25 | replacementtype = "zImage" |
| 26 | return replacementtype |
| 27 | |
| 28 | KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" |
| 29 | DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" |
| 30 | |
| 31 | python __anonymous () { |
| 32 | # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal |
| 33 | # to kernel.bbclass . We have to override it, since we pack zImage |
| 34 | # (at least for now) into the fitImage . |
| 35 | typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" |
| 36 | if 'fitImage' in typeformake.split(): |
| 37 | d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) |
| 38 | |
| 39 | image = d.getVar('INITRAMFS_IMAGE') |
| 40 | if image: |
| 41 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') |
| 42 | |
| 43 | ubootenv = d.getVar('UBOOT_ENV') |
| 44 | if ubootenv: |
| 45 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') |
| 46 | |
| 47 | #check if there are any dtb providers |
| 48 | providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") |
| 49 | if providerdtb: |
| 50 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') |
| 51 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') |
| 52 | d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 53 | } |
| 54 | |
| 55 | |
| 56 | # Description string |
| 57 | FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
| 58 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 59 | # Kernel fitImage Hash Algo |
| 60 | FIT_HASH_ALG ?= "sha256" |
| 61 | |
| 62 | # Kernel fitImage Signature Algo |
| 63 | FIT_SIGN_ALG ?= "rsa2048" |
| 64 | |
| 65 | # Kernel / U-Boot fitImage Padding Algo |
| 66 | FIT_PAD_ALG ?= "pkcs-1.5" |
| 67 | |
| 68 | # Generate keys for signing Kernel fitImage |
| 69 | FIT_GENERATE_KEYS ?= "0" |
| 70 | |
| 71 | # Size of private keys in number of bits |
| 72 | FIT_SIGN_NUMBITS ?= "2048" |
| 73 | |
| 74 | # args to openssl genrsa (Default is just the public exponent) |
| 75 | FIT_KEY_GENRSA_ARGS ?= "-F4" |
| 76 | |
| 77 | # args to openssl req (Default is -batch for non interactive mode and |
| 78 | # -new for new certificate) |
| 79 | FIT_KEY_REQ_ARGS ?= "-batch -new" |
| 80 | |
| 81 | # Standard format for public key certificate |
| 82 | FIT_KEY_SIGN_PKCS ?= "-x509" |
| 83 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 84 | # Sign individual images as well |
| 85 | FIT_SIGN_INDIVIDUAL ?= "0" |
| 86 | |
| 87 | FIT_CONF_PREFIX ?= "conf-" |
| 88 | FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" |
| 89 | |
| 90 | FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" |
| 91 | |
| 92 | # Keys used to sign individually image nodes. |
| 93 | # The keys to sign image nodes must be different from those used to sign |
| 94 | # configuration nodes, otherwise the "required" property, from |
| 95 | # UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". |
| 96 | # Then the images signature checking will not be mandatory and no error will be |
| 97 | # raised in case of failure. |
| 98 | # UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") |
| 99 | |
| 100 | # |
| 101 | # Emit the fitImage ITS header |
| 102 | # |
| 103 | # $1 ... .its filename |
| 104 | fitimage_emit_fit_header() { |
| 105 | cat << EOF >> $1 |
| 106 | /dts-v1/; |
| 107 | |
| 108 | / { |
| 109 | description = "${FIT_DESC}"; |
| 110 | #address-cells = <1>; |
| 111 | EOF |
| 112 | } |
| 113 | |
| 114 | # |
| 115 | # Emit the fitImage section bits |
| 116 | # |
| 117 | # $1 ... .its filename |
| 118 | # $2 ... Section bit type: imagestart - image section start |
| 119 | # confstart - configuration section start |
| 120 | # sectend - section end |
| 121 | # fitend - fitimage end |
| 122 | # |
| 123 | fitimage_emit_section_maint() { |
| 124 | case $2 in |
| 125 | imagestart) |
| 126 | cat << EOF >> $1 |
| 127 | |
| 128 | images { |
| 129 | EOF |
| 130 | ;; |
| 131 | confstart) |
| 132 | cat << EOF >> $1 |
| 133 | |
| 134 | configurations { |
| 135 | EOF |
| 136 | ;; |
| 137 | sectend) |
| 138 | cat << EOF >> $1 |
| 139 | }; |
| 140 | EOF |
| 141 | ;; |
| 142 | fitend) |
| 143 | cat << EOF >> $1 |
| 144 | }; |
| 145 | EOF |
| 146 | ;; |
| 147 | esac |
| 148 | } |
| 149 | |
| 150 | # |
| 151 | # Emit the fitImage ITS kernel section |
| 152 | # |
| 153 | # $1 ... .its filename |
| 154 | # $2 ... Image counter |
| 155 | # $3 ... Path to kernel image |
| 156 | # $4 ... Compression type |
| 157 | fitimage_emit_section_kernel() { |
| 158 | |
| 159 | kernel_csum="${FIT_HASH_ALG}" |
| 160 | kernel_sign_algo="${FIT_SIGN_ALG}" |
| 161 | kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 162 | |
| 163 | ENTRYPOINT="${UBOOT_ENTRYPOINT}" |
| 164 | if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then |
| 165 | ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ |
| 166 | awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` |
| 167 | fi |
| 168 | |
| 169 | cat << EOF >> $1 |
| 170 | kernel-$2 { |
| 171 | description = "Linux kernel"; |
| 172 | data = /incbin/("$3"); |
| 173 | type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; |
| 174 | arch = "${UBOOT_ARCH}"; |
| 175 | os = "linux"; |
| 176 | compression = "$4"; |
| 177 | load = <${UBOOT_LOADADDRESS}>; |
| 178 | entry = <$ENTRYPOINT>; |
| 179 | hash-1 { |
| 180 | algo = "$kernel_csum"; |
| 181 | }; |
| 182 | }; |
| 183 | EOF |
| 184 | |
| 185 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then |
| 186 | sed -i '$ d' $1 |
| 187 | cat << EOF >> $1 |
| 188 | signature-1 { |
| 189 | algo = "$kernel_csum,$kernel_sign_algo"; |
| 190 | key-name-hint = "$kernel_sign_keyname"; |
| 191 | }; |
| 192 | }; |
| 193 | EOF |
| 194 | fi |
| 195 | } |
| 196 | |
| 197 | # |
| 198 | # Emit the fitImage ITS DTB section |
| 199 | # |
| 200 | # $1 ... .its filename |
| 201 | # $2 ... Image counter |
| 202 | # $3 ... Path to DTB image |
| 203 | fitimage_emit_section_dtb() { |
| 204 | |
| 205 | dtb_csum="${FIT_HASH_ALG}" |
| 206 | dtb_sign_algo="${FIT_SIGN_ALG}" |
| 207 | dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 208 | |
| 209 | dtb_loadline="" |
| 210 | dtb_ext=${DTB##*.} |
| 211 | if [ "${dtb_ext}" = "dtbo" ]; then |
| 212 | if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then |
| 213 | dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" |
| 214 | fi |
| 215 | elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then |
| 216 | dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" |
| 217 | fi |
| 218 | cat << EOF >> $1 |
| 219 | fdt-$2 { |
| 220 | description = "Flattened Device Tree blob"; |
| 221 | data = /incbin/("$3"); |
| 222 | type = "flat_dt"; |
| 223 | arch = "${UBOOT_ARCH}"; |
| 224 | compression = "none"; |
| 225 | $dtb_loadline |
| 226 | hash-1 { |
| 227 | algo = "$dtb_csum"; |
| 228 | }; |
| 229 | }; |
| 230 | EOF |
| 231 | |
| 232 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then |
| 233 | sed -i '$ d' $1 |
| 234 | cat << EOF >> $1 |
| 235 | signature-1 { |
| 236 | algo = "$dtb_csum,$dtb_sign_algo"; |
| 237 | key-name-hint = "$dtb_sign_keyname"; |
| 238 | }; |
| 239 | }; |
| 240 | EOF |
| 241 | fi |
| 242 | } |
| 243 | |
| 244 | # |
| 245 | # Emit the fitImage ITS u-boot script section |
| 246 | # |
| 247 | # $1 ... .its filename |
| 248 | # $2 ... Image counter |
| 249 | # $3 ... Path to boot script image |
| 250 | fitimage_emit_section_boot_script() { |
| 251 | |
| 252 | bootscr_csum="${FIT_HASH_ALG}" |
| 253 | bootscr_sign_algo="${FIT_SIGN_ALG}" |
| 254 | bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 255 | |
| 256 | cat << EOF >> $1 |
| 257 | bootscr-$2 { |
| 258 | description = "U-boot script"; |
| 259 | data = /incbin/("$3"); |
| 260 | type = "script"; |
| 261 | arch = "${UBOOT_ARCH}"; |
| 262 | compression = "none"; |
| 263 | hash-1 { |
| 264 | algo = "$bootscr_csum"; |
| 265 | }; |
| 266 | }; |
| 267 | EOF |
| 268 | |
| 269 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then |
| 270 | sed -i '$ d' $1 |
| 271 | cat << EOF >> $1 |
| 272 | signature-1 { |
| 273 | algo = "$bootscr_csum,$bootscr_sign_algo"; |
| 274 | key-name-hint = "$bootscr_sign_keyname"; |
| 275 | }; |
| 276 | }; |
| 277 | EOF |
| 278 | fi |
| 279 | } |
| 280 | |
| 281 | # |
| 282 | # Emit the fitImage ITS setup section |
| 283 | # |
| 284 | # $1 ... .its filename |
| 285 | # $2 ... Image counter |
| 286 | # $3 ... Path to setup image |
| 287 | fitimage_emit_section_setup() { |
| 288 | |
| 289 | setup_csum="${FIT_HASH_ALG}" |
| 290 | |
| 291 | cat << EOF >> $1 |
| 292 | setup-$2 { |
| 293 | description = "Linux setup.bin"; |
| 294 | data = /incbin/("$3"); |
| 295 | type = "x86_setup"; |
| 296 | arch = "${UBOOT_ARCH}"; |
| 297 | os = "linux"; |
| 298 | compression = "none"; |
| 299 | load = <0x00090000>; |
| 300 | entry = <0x00090000>; |
| 301 | hash-1 { |
| 302 | algo = "$setup_csum"; |
| 303 | }; |
| 304 | }; |
| 305 | EOF |
| 306 | } |
| 307 | |
| 308 | # |
| 309 | # Emit the fitImage ITS ramdisk section |
| 310 | # |
| 311 | # $1 ... .its filename |
| 312 | # $2 ... Image counter |
| 313 | # $3 ... Path to ramdisk image |
| 314 | fitimage_emit_section_ramdisk() { |
| 315 | |
| 316 | ramdisk_csum="${FIT_HASH_ALG}" |
| 317 | ramdisk_sign_algo="${FIT_SIGN_ALG}" |
| 318 | ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 319 | ramdisk_loadline="" |
| 320 | ramdisk_entryline="" |
| 321 | |
| 322 | if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then |
| 323 | ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" |
| 324 | fi |
| 325 | if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then |
| 326 | ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" |
| 327 | fi |
| 328 | |
| 329 | cat << EOF >> $1 |
| 330 | ramdisk-$2 { |
| 331 | description = "${INITRAMFS_IMAGE}"; |
| 332 | data = /incbin/("$3"); |
| 333 | type = "ramdisk"; |
| 334 | arch = "${UBOOT_ARCH}"; |
| 335 | os = "linux"; |
| 336 | compression = "none"; |
| 337 | $ramdisk_loadline |
| 338 | $ramdisk_entryline |
| 339 | hash-1 { |
| 340 | algo = "$ramdisk_csum"; |
| 341 | }; |
| 342 | }; |
| 343 | EOF |
| 344 | |
| 345 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then |
| 346 | sed -i '$ d' $1 |
| 347 | cat << EOF >> $1 |
| 348 | signature-1 { |
| 349 | algo = "$ramdisk_csum,$ramdisk_sign_algo"; |
| 350 | key-name-hint = "$ramdisk_sign_keyname"; |
| 351 | }; |
| 352 | }; |
| 353 | EOF |
| 354 | fi |
| 355 | } |
| 356 | |
| 357 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 358 | # echoes symlink destination if it points below directory |
| 359 | # |
| 360 | # $1 ... file that's a potential symlink |
| 361 | # $2 ... expected parent directory |
| 362 | symlink_points_below() { |
| 363 | file="$2/$1" |
| 364 | dir=$2 |
| 365 | |
| 366 | if ! [ -L "$file" ]; then |
| 367 | return |
| 368 | fi |
| 369 | |
| 370 | realpath="$(realpath --relative-to=$dir $file)" |
| 371 | if [ -z "${realpath%%../*}" ]; then |
| 372 | return |
| 373 | fi |
| 374 | |
| 375 | echo "$realpath" |
| 376 | } |
| 377 | |
| 378 | # |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 379 | # Emit the fitImage ITS configuration section |
| 380 | # |
| 381 | # $1 ... .its filename |
| 382 | # $2 ... Linux kernel ID |
| 383 | # $3 ... DTB image name |
| 384 | # $4 ... ramdisk ID |
| 385 | # $5 ... u-boot script ID |
| 386 | # $6 ... config ID |
| 387 | # $7 ... default flag |
| 388 | fitimage_emit_section_config() { |
| 389 | |
| 390 | conf_csum="${FIT_HASH_ALG}" |
| 391 | conf_sign_algo="${FIT_SIGN_ALG}" |
| 392 | conf_padding_algo="${FIT_PAD_ALG}" |
| 393 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then |
| 394 | conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" |
| 395 | fi |
| 396 | |
| 397 | its_file="$1" |
| 398 | kernel_id="$2" |
| 399 | dtb_image="$3" |
| 400 | ramdisk_id="$4" |
| 401 | bootscr_id="$5" |
| 402 | config_id="$6" |
| 403 | default_flag="$7" |
| 404 | |
| 405 | # Test if we have any DTBs at all |
| 406 | sep="" |
| 407 | conf_desc="" |
| 408 | conf_node="${FIT_CONF_PREFIX}" |
| 409 | kernel_line="" |
| 410 | fdt_line="" |
| 411 | ramdisk_line="" |
| 412 | bootscr_line="" |
| 413 | setup_line="" |
| 414 | default_line="" |
| 415 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 416 | dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}") |
| 417 | if [ -z "$dtb_image_sect" ]; then |
| 418 | dtb_image_sect=$dtb_image |
| 419 | fi |
| 420 | |
| 421 | dtb_image=$(echo $dtb_image | tr '/' '_') |
| 422 | dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_') |
| 423 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 424 | # conf node name is selected based on dtb ID if it is present, |
| 425 | # otherwise its selected based on kernel ID |
| 426 | if [ -n "$dtb_image" ]; then |
| 427 | conf_node=$conf_node$dtb_image |
| 428 | else |
| 429 | conf_node=$conf_node$kernel_id |
| 430 | fi |
| 431 | |
| 432 | if [ -n "$kernel_id" ]; then |
| 433 | conf_desc="Linux kernel" |
| 434 | sep=", " |
| 435 | kernel_line="kernel = \"kernel-$kernel_id\";" |
| 436 | fi |
| 437 | |
| 438 | if [ -n "$dtb_image" ]; then |
| 439 | conf_desc="$conf_desc${sep}FDT blob" |
| 440 | sep=", " |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 441 | fdt_line="fdt = \"fdt-$dtb_image_sect\";" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 442 | fi |
| 443 | |
| 444 | if [ -n "$ramdisk_id" ]; then |
| 445 | conf_desc="$conf_desc${sep}ramdisk" |
| 446 | sep=", " |
| 447 | ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" |
| 448 | fi |
| 449 | |
| 450 | if [ -n "$bootscr_id" ]; then |
| 451 | conf_desc="$conf_desc${sep}u-boot script" |
| 452 | sep=", " |
| 453 | bootscr_line="bootscr = \"bootscr-$bootscr_id\";" |
| 454 | fi |
| 455 | |
| 456 | if [ -n "$config_id" ]; then |
| 457 | conf_desc="$conf_desc${sep}setup" |
| 458 | setup_line="setup = \"setup-$config_id\";" |
| 459 | fi |
| 460 | |
| 461 | if [ "$default_flag" = "1" ]; then |
| 462 | # default node is selected based on dtb ID if it is present, |
| 463 | # otherwise its selected based on kernel ID |
| 464 | if [ -n "$dtb_image" ]; then |
| 465 | default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" |
| 466 | else |
| 467 | default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" |
| 468 | fi |
| 469 | fi |
| 470 | |
| 471 | cat << EOF >> $its_file |
| 472 | $default_line |
| 473 | $conf_node { |
| 474 | description = "$default_flag $conf_desc"; |
| 475 | $kernel_line |
| 476 | $fdt_line |
| 477 | $ramdisk_line |
| 478 | $bootscr_line |
| 479 | $setup_line |
| 480 | hash-1 { |
| 481 | algo = "$conf_csum"; |
| 482 | }; |
| 483 | EOF |
| 484 | |
| 485 | if [ -n "$conf_sign_keyname" ] ; then |
| 486 | |
| 487 | sign_line="sign-images = " |
| 488 | sep="" |
| 489 | |
| 490 | if [ -n "$kernel_id" ]; then |
| 491 | sign_line="$sign_line${sep}\"kernel\"" |
| 492 | sep=", " |
| 493 | fi |
| 494 | |
| 495 | if [ -n "$dtb_image" ]; then |
| 496 | sign_line="$sign_line${sep}\"fdt\"" |
| 497 | sep=", " |
| 498 | fi |
| 499 | |
| 500 | if [ -n "$ramdisk_id" ]; then |
| 501 | sign_line="$sign_line${sep}\"ramdisk\"" |
| 502 | sep=", " |
| 503 | fi |
| 504 | |
| 505 | if [ -n "$bootscr_id" ]; then |
| 506 | sign_line="$sign_line${sep}\"bootscr\"" |
| 507 | sep=", " |
| 508 | fi |
| 509 | |
| 510 | if [ -n "$config_id" ]; then |
| 511 | sign_line="$sign_line${sep}\"setup\"" |
| 512 | fi |
| 513 | |
| 514 | sign_line="$sign_line;" |
| 515 | |
| 516 | cat << EOF >> $its_file |
| 517 | signature-1 { |
| 518 | algo = "$conf_csum,$conf_sign_algo"; |
| 519 | key-name-hint = "$conf_sign_keyname"; |
| 520 | padding = "$conf_padding_algo"; |
| 521 | $sign_line |
| 522 | }; |
| 523 | EOF |
| 524 | fi |
| 525 | |
| 526 | cat << EOF >> $its_file |
| 527 | }; |
| 528 | EOF |
| 529 | } |
| 530 | |
| 531 | # |
| 532 | # Assemble fitImage |
| 533 | # |
| 534 | # $1 ... .its filename |
| 535 | # $2 ... fitImage name |
| 536 | # $3 ... include ramdisk |
| 537 | fitimage_assemble() { |
| 538 | kernelcount=1 |
| 539 | dtbcount="" |
| 540 | DTBS="" |
| 541 | ramdiskcount=$3 |
| 542 | setupcount="" |
| 543 | bootscr_id="" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 544 | rm -f $1 ${KERNEL_OUTPUT_DIR}/$2 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 545 | |
| 546 | if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then |
| 547 | bbfatal "Keys used to sign images and configuration nodes must be different." |
| 548 | fi |
| 549 | |
| 550 | fitimage_emit_fit_header $1 |
| 551 | |
| 552 | # |
| 553 | # Step 1: Prepare a kernel image section. |
| 554 | # |
| 555 | fitimage_emit_section_maint $1 imagestart |
| 556 | |
| 557 | uboot_prep_kimage |
| 558 | fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" |
| 559 | |
| 560 | # |
| 561 | # Step 2: Prepare a DTB image section |
| 562 | # |
| 563 | |
| 564 | if [ -n "${KERNEL_DEVICETREE}" ]; then |
| 565 | dtbcount=1 |
| 566 | for DTB in ${KERNEL_DEVICETREE}; do |
| 567 | if echo $DTB | grep -q '/dts/'; then |
| 568 | bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." |
| 569 | DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` |
| 570 | fi |
| 571 | |
| 572 | # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} |
| 573 | if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then |
| 574 | continue |
| 575 | fi |
| 576 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 577 | DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 578 | if [ ! -e "$DTB_PATH" ]; then |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 579 | DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 580 | fi |
| 581 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 582 | # Skip DTB if we've picked it up previously |
| 583 | echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| 584 | |
| 585 | DTBS="$DTBS $DTB" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 586 | DTB=$(echo $DTB | tr '/' '_') |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 587 | fitimage_emit_section_dtb $1 $DTB $DTB_PATH |
| 588 | done |
| 589 | fi |
| 590 | |
| 591 | if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then |
| 592 | dtbcount=1 |
| 593 | for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 594 | # Skip DTB if we've picked it up previously |
| 595 | echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| 596 | |
| 597 | DTBS="$DTBS $DTB" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 598 | |
| 599 | # Also skip if a symlink. We'll later have each config section point at it |
| 600 | [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue |
| 601 | |
| 602 | DTB=$(echo $DTB | tr '/' '_') |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 603 | fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" |
| 604 | done |
| 605 | fi |
| 606 | |
| 607 | # |
| 608 | # Step 3: Prepare a u-boot script section |
| 609 | # |
| 610 | |
| 611 | if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then |
| 612 | if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then |
| 613 | cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} |
| 614 | bootscr_id="${UBOOT_ENV_BINARY}" |
| 615 | fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} |
| 616 | else |
| 617 | bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." |
| 618 | fi |
| 619 | fi |
| 620 | |
| 621 | # |
| 622 | # Step 4: Prepare a setup section. (For x86) |
| 623 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 624 | if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 625 | setupcount=1 |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 626 | fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 627 | fi |
| 628 | |
| 629 | # |
| 630 | # Step 5: Prepare a ramdisk section. |
| 631 | # |
| 632 | if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 633 | # Find and use the first initramfs image archive type we find |
| 634 | found= |
| 635 | for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do |
| 636 | initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" |
| 637 | if [ -e "$initramfs_path" ]; then |
| 638 | bbnote "Found initramfs image: $initramfs_path" |
| 639 | found=true |
| 640 | fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" |
| 641 | break |
| 642 | else |
| 643 | bbnote "Did not find initramfs image: $initramfs_path" |
| 644 | fi |
| 645 | done |
| 646 | |
| 647 | if [ -z "$found" ]; then |
| 648 | bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" |
| 649 | fi |
| 650 | fi |
| 651 | |
| 652 | fitimage_emit_section_maint $1 sectend |
| 653 | |
| 654 | # Force the first Kernel and DTB in the default config |
| 655 | kernelcount=1 |
| 656 | if [ -n "$dtbcount" ]; then |
| 657 | dtbcount=1 |
| 658 | fi |
| 659 | |
| 660 | # |
| 661 | # Step 6: Prepare a configurations section |
| 662 | # |
| 663 | fitimage_emit_section_maint $1 confstart |
| 664 | |
| 665 | # kernel-fitimage.bbclass currently only supports a single kernel (no less or |
| 666 | # more) to be added to the FIT image along with 0 or more device trees and |
| 667 | # 0 or 1 ramdisk. |
| 668 | # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) |
| 669 | # When the initramfs bundle is used ramdisk is disabled. |
| 670 | # If a device tree is to be part of the FIT image, then select |
| 671 | # the default configuration to be used is based on the dtbcount. If there is |
| 672 | # no dtb present than select the default configuation to be based on |
| 673 | # the kernelcount. |
| 674 | if [ -n "$DTBS" ]; then |
| 675 | i=1 |
| 676 | for DTB in ${DTBS}; do |
| 677 | dtb_ext=${DTB##*.} |
| 678 | if [ "$dtb_ext" = "dtbo" ]; then |
| 679 | fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" |
| 680 | else |
| 681 | fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" |
| 682 | fi |
| 683 | i=`expr $i + 1` |
| 684 | done |
| 685 | else |
| 686 | defaultconfigcount=1 |
| 687 | fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount |
| 688 | fi |
| 689 | |
| 690 | fitimage_emit_section_maint $1 sectend |
| 691 | |
| 692 | fitimage_emit_section_maint $1 fitend |
| 693 | |
| 694 | # |
| 695 | # Step 7: Assemble the image |
| 696 | # |
| 697 | ${UBOOT_MKIMAGE} \ |
| 698 | ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| 699 | -f $1 \ |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 700 | ${KERNEL_OUTPUT_DIR}/$2 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 701 | |
| 702 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 703 | # Step 8: Sign the image |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 704 | # |
| 705 | if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 706 | ${UBOOT_MKIMAGE_SIGN} \ |
| 707 | ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| 708 | -F -k "${UBOOT_SIGN_KEYDIR}" \ |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 709 | -r ${KERNEL_OUTPUT_DIR}/$2 \ |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 710 | ${UBOOT_MKIMAGE_SIGN_ARGS} |
| 711 | fi |
| 712 | } |
| 713 | |
| 714 | do_assemble_fitimage() { |
| 715 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| 716 | cd ${B} |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 717 | fitimage_assemble fit-image.its fitImage-none "" |
| 718 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 719 | ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage |
| 720 | fi |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 721 | fi |
| 722 | } |
| 723 | |
| 724 | addtask assemble_fitimage before do_install after do_compile |
| 725 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 726 | SYSROOT_DIRS:append = " /sysroot-only" |
| 727 | do_install:append() { |
| 728 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ |
| 729 | [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then |
| 730 | install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage |
| 731 | fi |
| 732 | } |
| 733 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 734 | do_assemble_fitimage_initramfs() { |
| 735 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ |
| 736 | test -n "${INITRAMFS_IMAGE}" ; then |
| 737 | cd ${B} |
| 738 | if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 739 | fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle "" |
| 740 | ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 741 | else |
| 742 | fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 |
| 743 | fi |
| 744 | fi |
| 745 | } |
| 746 | |
| 747 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs |
| 748 | |
| 749 | do_kernel_generate_rsa_keys() { |
| 750 | if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| 751 | bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." |
| 752 | fi |
| 753 | |
| 754 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| 755 | |
| 756 | # Generate keys to sign configuration nodes, only if they don't already exist |
| 757 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ |
| 758 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then |
| 759 | |
| 760 | # make directory if it does not already exist |
| 761 | mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| 762 | |
| 763 | bbnote "Generating RSA private key for signing fitImage" |
| 764 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| 765 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| 766 | "${FIT_SIGN_NUMBITS}" |
| 767 | |
| 768 | bbnote "Generating certificate for signing fitImage" |
| 769 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| 770 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| 771 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt |
| 772 | fi |
| 773 | |
| 774 | # Generate keys to sign image nodes, only if they don't already exist |
| 775 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ |
| 776 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then |
| 777 | |
| 778 | # make directory if it does not already exist |
| 779 | mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| 780 | |
| 781 | bbnote "Generating RSA private key for signing fitImage" |
| 782 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| 783 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| 784 | "${FIT_SIGN_NUMBITS}" |
| 785 | |
| 786 | bbnote "Generating certificate for signing fitImage" |
| 787 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| 788 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| 789 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt |
| 790 | fi |
| 791 | fi |
| 792 | } |
| 793 | |
| 794 | addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile |
| 795 | |
| 796 | kernel_do_deploy[vardepsexclude] = "DATETIME" |
| 797 | kernel_do_deploy:append() { |
| 798 | # Update deploy directory |
| 799 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| 800 | |
| 801 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 802 | bbnote "Copying fit-image.its source file..." |
| 803 | install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" |
| 804 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 805 | ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" |
| 806 | fi |
| 807 | |
| 808 | bbnote "Copying linux.bin file..." |
| 809 | install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} |
| 810 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 811 | ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" |
| 812 | fi |
| 813 | fi |
| 814 | |
| 815 | if [ -n "${INITRAMFS_IMAGE}" ]; then |
| 816 | bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." |
| 817 | install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" |
| 818 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 819 | ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| 820 | fi |
| 821 | |
| 822 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 823 | bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 824 | install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 825 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 826 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| 827 | fi |
| 828 | fi |
| 829 | fi |
| 830 | fi |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 831 | } |