Add manifest and signature for fixed flash layout
In generated fixed flash layout tarball, add manifest and signature
which can be used for code update by phosphor-software-manager.
Tested: Verify the generated static tar contains image(s), manifest,
public key and their signatures.
Verify that all.tar can be used to do code update by both
legacy method (org.openbmc.control.BmcFlash.service) and
phosphor-software-manager.
Change-Id: Ib6880c8a6d456cce6b0fd47116960d1d448d5d50
Signed-off-by: Lei YU <mine260309@gmail.com>
diff --git a/meta-phosphor/classes/image_types_phosphor.bbclass b/meta-phosphor/classes/image_types_phosphor.bbclass
index 97b0baf..16e47dd 100644
--- a/meta-phosphor/classes/image_types_phosphor.bbclass
+++ b/meta-phosphor/classes/image_types_phosphor.bbclass
@@ -223,8 +223,17 @@
"
do_generate_static_alltar() {
+ ln -sf ${S}/MANIFEST MANIFEST
+ ln -sf ${S}/publickey publickey
ln -sf ${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.static.mtd image-bmc
- tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.static.mtd.all.tar image-bmc
+
+ for file in image-bmc MANIFEST publickey; do
+ openssl dgst -sha256 -sign ${SIGNING_KEY} -out "${file}.sig" $file
+ signature_files="${signature_files} ${file}.sig"
+ done
+
+ tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.static.mtd.all.tar \
+ image-bmc MANIFEST publickey ${signature_files}
cd ${IMGDEPLOYDIR}
@@ -234,9 +243,15 @@
# Maintain non-standard legacy link.
ln -sf ${IMAGE_NAME}.static.mtd.all.tar \
${IMGDEPLOYDIR}/${MACHINE}-${DATETIME}.all.tar
+
}
do_generate_static_alltar[vardepsexclude] = "DATETIME"
do_generate_static_alltar[dirs] = "${S}/static"
+do_generate_static_alltar[depends] += " \
+ openssl-native:do_populate_sysroot \
+ ${SIGNING_KEY_DEPENDS} \
+ ${PN}:do_copy_signing_pubkey \
+ "
make_image_links() {
rwfs=$1
@@ -266,8 +281,14 @@
}
do_generate_static_tar() {
+ ln -sf ${S}/MANIFEST MANIFEST
+ ln -sf ${S}/publickey publickey
make_image_links ${OVERLAY_BASETYPE} ${IMAGE_BASETYPE}
- make_tar_of_images static
+ for file in image-u-boot image-kernel image-rofs image-rwfs MANIFEST publickey; do
+ openssl dgst -sha256 -sign ${SIGNING_KEY} -out "${file}.sig" $file
+ signature_files="${signature_files} ${file}.sig"
+ done
+ make_tar_of_images static MANIFEST publickey ${signature_files}
# Maintain non-standard legacy link.
cd ${IMGDEPLOYDIR}
@@ -278,6 +299,9 @@
${PN}:do_image_${@d.getVar('IMAGE_BASETYPE', True).replace('-', '_')} \
virtual/kernel:do_deploy \
u-boot:do_populate_sysroot \
+ openssl-native:do_populate_sysroot \
+ ${SIGNING_KEY_DEPENDS} \
+ ${PN}:do_copy_signing_pubkey \
"
do_generate_static_tar[vardepsexclude] = "DATETIME"
@@ -357,12 +381,12 @@
bb.build.addtask(
'do_generate_static_alltar',
'do_image_complete',
- 'do_generate_static', d)
+ 'do_generate_static do_generate_phosphor_manifest', d)
if 'mtd-static-tar' in types:
bb.build.addtask(
'do_generate_static_tar',
'do_image_complete',
- 'do_generate_rwfs_static', d)
+ 'do_generate_rwfs_static do_generate_phosphor_manifest', d)
if 'mtd-ubi' in types:
bb.build.addtask(