blob: 7980910aa8c4d103a0a20a1a66931b96c283bc2d [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -05001#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
Patrick Williams2390b1b2022-11-03 13:47:49 -05007inherit kernel-uboot kernel-artifact-names uboot-config
Patrick Williams92b42cb2022-09-03 06:53:57 -05008
9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
11 replacementtype = ""
12 if 'fitImage' in kerneltypes.split():
13 uarch = d.getVar("UBOOT_ARCH")
14 if uarch == "arm64":
15 replacementtype = "Image"
16 elif uarch == "riscv":
17 replacementtype = "Image"
18 elif uarch == "mips":
19 replacementtype = "vmlinuz.bin"
20 elif uarch == "x86":
21 replacementtype = "bzImage"
22 elif uarch == "microblaze":
23 replacementtype = "linux.bin"
24 else:
25 replacementtype = "zImage"
26 return replacementtype
27
28KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
29DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
30
31python __anonymous () {
32 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
33 # to kernel.bbclass . We have to override it, since we pack zImage
34 # (at least for now) into the fitImage .
35 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
36 if 'fitImage' in typeformake.split():
37 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
38
39 image = d.getVar('INITRAMFS_IMAGE')
40 if image:
41 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
42
43 ubootenv = d.getVar('UBOOT_ENV')
44 if ubootenv:
45 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
46
47 #check if there are any dtb providers
48 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
49 if providerdtb:
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
Patrick Williams92b42cb2022-09-03 06:53:57 -050053}
54
55
56# Description string
57FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
58
Patrick Williams2390b1b2022-11-03 13:47:49 -050059# Kernel fitImage Hash Algo
60FIT_HASH_ALG ?= "sha256"
61
62# Kernel fitImage Signature Algo
63FIT_SIGN_ALG ?= "rsa2048"
64
65# Kernel / U-Boot fitImage Padding Algo
66FIT_PAD_ALG ?= "pkcs-1.5"
67
68# Generate keys for signing Kernel fitImage
69FIT_GENERATE_KEYS ?= "0"
70
71# Size of private keys in number of bits
72FIT_SIGN_NUMBITS ?= "2048"
73
74# args to openssl genrsa (Default is just the public exponent)
75FIT_KEY_GENRSA_ARGS ?= "-F4"
76
77# args to openssl req (Default is -batch for non interactive mode and
78# -new for new certificate)
79FIT_KEY_REQ_ARGS ?= "-batch -new"
80
81# Standard format for public key certificate
82FIT_KEY_SIGN_PKCS ?= "-x509"
83
Patrick Williams92b42cb2022-09-03 06:53:57 -050084# Sign individual images as well
85FIT_SIGN_INDIVIDUAL ?= "0"
86
87FIT_CONF_PREFIX ?= "conf-"
88FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
89
90FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
91
92# Keys used to sign individually image nodes.
93# The keys to sign image nodes must be different from those used to sign
94# configuration nodes, otherwise the "required" property, from
95# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
96# Then the images signature checking will not be mandatory and no error will be
97# raised in case of failure.
98# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
99
100#
101# Emit the fitImage ITS header
102#
103# $1 ... .its filename
104fitimage_emit_fit_header() {
105 cat << EOF >> $1
106/dts-v1/;
107
108/ {
109 description = "${FIT_DESC}";
110 #address-cells = <1>;
111EOF
112}
113
114#
115# Emit the fitImage section bits
116#
117# $1 ... .its filename
118# $2 ... Section bit type: imagestart - image section start
119# confstart - configuration section start
120# sectend - section end
121# fitend - fitimage end
122#
123fitimage_emit_section_maint() {
124 case $2 in
125 imagestart)
126 cat << EOF >> $1
127
128 images {
129EOF
130 ;;
131 confstart)
132 cat << EOF >> $1
133
134 configurations {
135EOF
136 ;;
137 sectend)
138 cat << EOF >> $1
139 };
140EOF
141 ;;
142 fitend)
143 cat << EOF >> $1
144};
145EOF
146 ;;
147 esac
148}
149
150#
151# Emit the fitImage ITS kernel section
152#
153# $1 ... .its filename
154# $2 ... Image counter
155# $3 ... Path to kernel image
156# $4 ... Compression type
157fitimage_emit_section_kernel() {
158
159 kernel_csum="${FIT_HASH_ALG}"
160 kernel_sign_algo="${FIT_SIGN_ALG}"
161 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
162
163 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
164 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
165 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
166 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
167 fi
168
169 cat << EOF >> $1
170 kernel-$2 {
171 description = "Linux kernel";
172 data = /incbin/("$3");
173 type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
174 arch = "${UBOOT_ARCH}";
175 os = "linux";
176 compression = "$4";
177 load = <${UBOOT_LOADADDRESS}>;
178 entry = <$ENTRYPOINT>;
179 hash-1 {
180 algo = "$kernel_csum";
181 };
182 };
183EOF
184
185 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
186 sed -i '$ d' $1
187 cat << EOF >> $1
188 signature-1 {
189 algo = "$kernel_csum,$kernel_sign_algo";
190 key-name-hint = "$kernel_sign_keyname";
191 };
192 };
193EOF
194 fi
195}
196
197#
198# Emit the fitImage ITS DTB section
199#
200# $1 ... .its filename
201# $2 ... Image counter
202# $3 ... Path to DTB image
203fitimage_emit_section_dtb() {
204
205 dtb_csum="${FIT_HASH_ALG}"
206 dtb_sign_algo="${FIT_SIGN_ALG}"
207 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
208
209 dtb_loadline=""
210 dtb_ext=${DTB##*.}
211 if [ "${dtb_ext}" = "dtbo" ]; then
212 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
213 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
214 fi
215 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
216 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
217 fi
218 cat << EOF >> $1
219 fdt-$2 {
220 description = "Flattened Device Tree blob";
221 data = /incbin/("$3");
222 type = "flat_dt";
223 arch = "${UBOOT_ARCH}";
224 compression = "none";
225 $dtb_loadline
226 hash-1 {
227 algo = "$dtb_csum";
228 };
229 };
230EOF
231
232 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
233 sed -i '$ d' $1
234 cat << EOF >> $1
235 signature-1 {
236 algo = "$dtb_csum,$dtb_sign_algo";
237 key-name-hint = "$dtb_sign_keyname";
238 };
239 };
240EOF
241 fi
242}
243
244#
245# Emit the fitImage ITS u-boot script section
246#
247# $1 ... .its filename
248# $2 ... Image counter
249# $3 ... Path to boot script image
250fitimage_emit_section_boot_script() {
251
252 bootscr_csum="${FIT_HASH_ALG}"
253 bootscr_sign_algo="${FIT_SIGN_ALG}"
254 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
255
256 cat << EOF >> $1
257 bootscr-$2 {
258 description = "U-boot script";
259 data = /incbin/("$3");
260 type = "script";
261 arch = "${UBOOT_ARCH}";
262 compression = "none";
263 hash-1 {
264 algo = "$bootscr_csum";
265 };
266 };
267EOF
268
269 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
270 sed -i '$ d' $1
271 cat << EOF >> $1
272 signature-1 {
273 algo = "$bootscr_csum,$bootscr_sign_algo";
274 key-name-hint = "$bootscr_sign_keyname";
275 };
276 };
277EOF
278 fi
279}
280
281#
282# Emit the fitImage ITS setup section
283#
284# $1 ... .its filename
285# $2 ... Image counter
286# $3 ... Path to setup image
287fitimage_emit_section_setup() {
288
289 setup_csum="${FIT_HASH_ALG}"
290
291 cat << EOF >> $1
292 setup-$2 {
293 description = "Linux setup.bin";
294 data = /incbin/("$3");
295 type = "x86_setup";
296 arch = "${UBOOT_ARCH}";
297 os = "linux";
298 compression = "none";
299 load = <0x00090000>;
300 entry = <0x00090000>;
301 hash-1 {
302 algo = "$setup_csum";
303 };
304 };
305EOF
306}
307
308#
309# Emit the fitImage ITS ramdisk section
310#
311# $1 ... .its filename
312# $2 ... Image counter
313# $3 ... Path to ramdisk image
314fitimage_emit_section_ramdisk() {
315
316 ramdisk_csum="${FIT_HASH_ALG}"
317 ramdisk_sign_algo="${FIT_SIGN_ALG}"
318 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
319 ramdisk_loadline=""
320 ramdisk_entryline=""
321
322 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
323 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
324 fi
325 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
326 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
327 fi
328
329 cat << EOF >> $1
330 ramdisk-$2 {
331 description = "${INITRAMFS_IMAGE}";
332 data = /incbin/("$3");
333 type = "ramdisk";
334 arch = "${UBOOT_ARCH}";
335 os = "linux";
336 compression = "none";
337 $ramdisk_loadline
338 $ramdisk_entryline
339 hash-1 {
340 algo = "$ramdisk_csum";
341 };
342 };
343EOF
344
345 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
346 sed -i '$ d' $1
347 cat << EOF >> $1
348 signature-1 {
349 algo = "$ramdisk_csum,$ramdisk_sign_algo";
350 key-name-hint = "$ramdisk_sign_keyname";
351 };
352 };
353EOF
354 fi
355}
356
357#
Patrick Williams2390b1b2022-11-03 13:47:49 -0500358# echoes symlink destination if it points below directory
359#
360# $1 ... file that's a potential symlink
361# $2 ... expected parent directory
362symlink_points_below() {
363 file="$2/$1"
364 dir=$2
365
366 if ! [ -L "$file" ]; then
367 return
368 fi
369
370 realpath="$(realpath --relative-to=$dir $file)"
371 if [ -z "${realpath%%../*}" ]; then
372 return
373 fi
374
375 echo "$realpath"
376}
377
378#
Patrick Williams92b42cb2022-09-03 06:53:57 -0500379# Emit the fitImage ITS configuration section
380#
381# $1 ... .its filename
382# $2 ... Linux kernel ID
383# $3 ... DTB image name
384# $4 ... ramdisk ID
385# $5 ... u-boot script ID
386# $6 ... config ID
387# $7 ... default flag
388fitimage_emit_section_config() {
389
390 conf_csum="${FIT_HASH_ALG}"
391 conf_sign_algo="${FIT_SIGN_ALG}"
392 conf_padding_algo="${FIT_PAD_ALG}"
393 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
394 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
395 fi
396
397 its_file="$1"
398 kernel_id="$2"
399 dtb_image="$3"
400 ramdisk_id="$4"
401 bootscr_id="$5"
402 config_id="$6"
403 default_flag="$7"
404
405 # Test if we have any DTBs at all
406 sep=""
407 conf_desc=""
408 conf_node="${FIT_CONF_PREFIX}"
409 kernel_line=""
410 fdt_line=""
411 ramdisk_line=""
412 bootscr_line=""
413 setup_line=""
414 default_line=""
415
Patrick Williams2390b1b2022-11-03 13:47:49 -0500416 dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}")
417 if [ -z "$dtb_image_sect" ]; then
418 dtb_image_sect=$dtb_image
419 fi
420
421 dtb_image=$(echo $dtb_image | tr '/' '_')
422 dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_')
423
Patrick Williams92b42cb2022-09-03 06:53:57 -0500424 # conf node name is selected based on dtb ID if it is present,
425 # otherwise its selected based on kernel ID
426 if [ -n "$dtb_image" ]; then
427 conf_node=$conf_node$dtb_image
428 else
429 conf_node=$conf_node$kernel_id
430 fi
431
432 if [ -n "$kernel_id" ]; then
433 conf_desc="Linux kernel"
434 sep=", "
435 kernel_line="kernel = \"kernel-$kernel_id\";"
436 fi
437
438 if [ -n "$dtb_image" ]; then
439 conf_desc="$conf_desc${sep}FDT blob"
440 sep=", "
Patrick Williams2390b1b2022-11-03 13:47:49 -0500441 fdt_line="fdt = \"fdt-$dtb_image_sect\";"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500442 fi
443
444 if [ -n "$ramdisk_id" ]; then
445 conf_desc="$conf_desc${sep}ramdisk"
446 sep=", "
447 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
448 fi
449
450 if [ -n "$bootscr_id" ]; then
451 conf_desc="$conf_desc${sep}u-boot script"
452 sep=", "
453 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
454 fi
455
456 if [ -n "$config_id" ]; then
457 conf_desc="$conf_desc${sep}setup"
458 setup_line="setup = \"setup-$config_id\";"
459 fi
460
461 if [ "$default_flag" = "1" ]; then
462 # default node is selected based on dtb ID if it is present,
463 # otherwise its selected based on kernel ID
464 if [ -n "$dtb_image" ]; then
465 default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
466 else
467 default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
468 fi
469 fi
470
471 cat << EOF >> $its_file
472 $default_line
473 $conf_node {
474 description = "$default_flag $conf_desc";
475 $kernel_line
476 $fdt_line
477 $ramdisk_line
478 $bootscr_line
479 $setup_line
480 hash-1 {
481 algo = "$conf_csum";
482 };
483EOF
484
485 if [ -n "$conf_sign_keyname" ] ; then
486
487 sign_line="sign-images = "
488 sep=""
489
490 if [ -n "$kernel_id" ]; then
491 sign_line="$sign_line${sep}\"kernel\""
492 sep=", "
493 fi
494
495 if [ -n "$dtb_image" ]; then
496 sign_line="$sign_line${sep}\"fdt\""
497 sep=", "
498 fi
499
500 if [ -n "$ramdisk_id" ]; then
501 sign_line="$sign_line${sep}\"ramdisk\""
502 sep=", "
503 fi
504
505 if [ -n "$bootscr_id" ]; then
506 sign_line="$sign_line${sep}\"bootscr\""
507 sep=", "
508 fi
509
510 if [ -n "$config_id" ]; then
511 sign_line="$sign_line${sep}\"setup\""
512 fi
513
514 sign_line="$sign_line;"
515
516 cat << EOF >> $its_file
517 signature-1 {
518 algo = "$conf_csum,$conf_sign_algo";
519 key-name-hint = "$conf_sign_keyname";
520 padding = "$conf_padding_algo";
521 $sign_line
522 };
523EOF
524 fi
525
526 cat << EOF >> $its_file
527 };
528EOF
529}
530
531#
532# Assemble fitImage
533#
534# $1 ... .its filename
535# $2 ... fitImage name
536# $3 ... include ramdisk
537fitimage_assemble() {
538 kernelcount=1
539 dtbcount=""
540 DTBS=""
541 ramdiskcount=$3
542 setupcount=""
543 bootscr_id=""
Patrick Williams2390b1b2022-11-03 13:47:49 -0500544 rm -f $1 ${KERNEL_OUTPUT_DIR}/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500545
546 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
547 bbfatal "Keys used to sign images and configuration nodes must be different."
548 fi
549
550 fitimage_emit_fit_header $1
551
552 #
553 # Step 1: Prepare a kernel image section.
554 #
555 fitimage_emit_section_maint $1 imagestart
556
557 uboot_prep_kimage
558 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
559
560 #
561 # Step 2: Prepare a DTB image section
562 #
563
564 if [ -n "${KERNEL_DEVICETREE}" ]; then
565 dtbcount=1
566 for DTB in ${KERNEL_DEVICETREE}; do
567 if echo $DTB | grep -q '/dts/'; then
568 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
569 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
570 fi
571
572 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
573 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
574 continue
575 fi
576
Patrick Williams2390b1b2022-11-03 13:47:49 -0500577 DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500578 if [ ! -e "$DTB_PATH" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500579 DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500580 fi
581
Patrick Williams92b42cb2022-09-03 06:53:57 -0500582 # Skip DTB if we've picked it up previously
583 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
584
585 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500586 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500587 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
588 done
589 fi
590
591 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
592 dtbcount=1
593 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
Patrick Williams92b42cb2022-09-03 06:53:57 -0500594 # Skip DTB if we've picked it up previously
595 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
596
597 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500598
599 # Also skip if a symlink. We'll later have each config section point at it
600 [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue
601
602 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500603 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
604 done
605 fi
606
607 #
608 # Step 3: Prepare a u-boot script section
609 #
610
611 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
612 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
613 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
614 bootscr_id="${UBOOT_ENV_BINARY}"
615 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
616 else
617 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
618 fi
619 fi
620
621 #
622 # Step 4: Prepare a setup section. (For x86)
623 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500624 if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500625 setupcount=1
Patrick Williams2390b1b2022-11-03 13:47:49 -0500626 fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
Patrick Williams92b42cb2022-09-03 06:53:57 -0500627 fi
628
629 #
630 # Step 5: Prepare a ramdisk section.
631 #
632 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
633 # Find and use the first initramfs image archive type we find
634 found=
635 for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
636 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
637 if [ -e "$initramfs_path" ]; then
638 bbnote "Found initramfs image: $initramfs_path"
639 found=true
640 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
641 break
642 else
643 bbnote "Did not find initramfs image: $initramfs_path"
644 fi
645 done
646
647 if [ -z "$found" ]; then
648 bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
649 fi
650 fi
651
652 fitimage_emit_section_maint $1 sectend
653
654 # Force the first Kernel and DTB in the default config
655 kernelcount=1
656 if [ -n "$dtbcount" ]; then
657 dtbcount=1
658 fi
659
660 #
661 # Step 6: Prepare a configurations section
662 #
663 fitimage_emit_section_maint $1 confstart
664
665 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
666 # more) to be added to the FIT image along with 0 or more device trees and
667 # 0 or 1 ramdisk.
668 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
669 # When the initramfs bundle is used ramdisk is disabled.
670 # If a device tree is to be part of the FIT image, then select
671 # the default configuration to be used is based on the dtbcount. If there is
672 # no dtb present than select the default configuation to be based on
673 # the kernelcount.
674 if [ -n "$DTBS" ]; then
675 i=1
676 for DTB in ${DTBS}; do
677 dtb_ext=${DTB##*.}
678 if [ "$dtb_ext" = "dtbo" ]; then
679 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
680 else
681 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
682 fi
683 i=`expr $i + 1`
684 done
685 else
686 defaultconfigcount=1
687 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount
688 fi
689
690 fitimage_emit_section_maint $1 sectend
691
692 fitimage_emit_section_maint $1 fitend
693
694 #
695 # Step 7: Assemble the image
696 #
697 ${UBOOT_MKIMAGE} \
698 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
699 -f $1 \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500700 ${KERNEL_OUTPUT_DIR}/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500701
702 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500703 # Step 8: Sign the image
Patrick Williams92b42cb2022-09-03 06:53:57 -0500704 #
705 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500706 ${UBOOT_MKIMAGE_SIGN} \
707 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
708 -F -k "${UBOOT_SIGN_KEYDIR}" \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500709 -r ${KERNEL_OUTPUT_DIR}/$2 \
Patrick Williams92b42cb2022-09-03 06:53:57 -0500710 ${UBOOT_MKIMAGE_SIGN_ARGS}
711 fi
712}
713
714do_assemble_fitimage() {
715 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
716 cd ${B}
Patrick Williams2390b1b2022-11-03 13:47:49 -0500717 fitimage_assemble fit-image.its fitImage-none ""
718 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
719 ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage
720 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500721 fi
722}
723
724addtask assemble_fitimage before do_install after do_compile
725
Patrick Williams2390b1b2022-11-03 13:47:49 -0500726SYSROOT_DIRS:append = " /sysroot-only"
727do_install:append() {
728 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
729 [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
730 install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage
731 fi
732}
733
Patrick Williams92b42cb2022-09-03 06:53:57 -0500734do_assemble_fitimage_initramfs() {
735 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
736 test -n "${INITRAMFS_IMAGE}" ; then
737 cd ${B}
738 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500739 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle ""
740 ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage
Patrick Williams92b42cb2022-09-03 06:53:57 -0500741 else
742 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
743 fi
744 fi
745}
746
747addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
748
749do_kernel_generate_rsa_keys() {
750 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
751 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
752 fi
753
754 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
755
756 # Generate keys to sign configuration nodes, only if they don't already exist
757 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
758 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
759
760 # make directory if it does not already exist
761 mkdir -p "${UBOOT_SIGN_KEYDIR}"
762
763 bbnote "Generating RSA private key for signing fitImage"
764 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
765 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
766 "${FIT_SIGN_NUMBITS}"
767
768 bbnote "Generating certificate for signing fitImage"
769 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
770 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
771 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
772 fi
773
774 # Generate keys to sign image nodes, only if they don't already exist
775 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
776 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
777
778 # make directory if it does not already exist
779 mkdir -p "${UBOOT_SIGN_KEYDIR}"
780
781 bbnote "Generating RSA private key for signing fitImage"
782 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
783 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
784 "${FIT_SIGN_NUMBITS}"
785
786 bbnote "Generating certificate for signing fitImage"
787 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
788 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
789 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
790 fi
791 fi
792}
793
794addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
795
796kernel_do_deploy[vardepsexclude] = "DATETIME"
797kernel_do_deploy:append() {
798 # Update deploy directory
799 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
800
801 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
802 bbnote "Copying fit-image.its source file..."
803 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
804 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
805 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
806 fi
807
808 bbnote "Copying linux.bin file..."
809 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
810 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
811 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
812 fi
813 fi
814
815 if [ -n "${INITRAMFS_IMAGE}" ]; then
816 bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
817 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
818 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
819 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
820 fi
821
822 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
823 bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
Patrick Williams2390b1b2022-11-03 13:47:49 -0500824 install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500825 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
826 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
827 fi
828 fi
829 fi
830 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500831}