Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 517393d903089f921915530ffa689a7a1d113420 / . / poky / meta / classes-recipe / kernel-fitimage.bbclass
blob: b77747404f5be797964dca3b20e1ac988ff6580b [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]1#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]7inherit kernel-uboot kernel-artifact-names uboot-config
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]8
9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
11 replacementtype = ""
12 if 'fitImage' in kerneltypes.split():
13 uarch = d.getVar("UBOOT_ARCH")
14 if uarch == "arm64":
15 replacementtype = "Image"
16 elif uarch == "riscv":
17 replacementtype = "Image"
18 elif uarch == "mips":
19 replacementtype = "vmlinuz.bin"
20 elif uarch == "x86":
21 replacementtype = "bzImage"
22 elif uarch == "microblaze":
23 replacementtype = "linux.bin"
24 else:
25 replacementtype = "zImage"
26 return replacementtype
27
28KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
29DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
30
31python __anonymous () {
32 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
33 # to kernel.bbclass . We have to override it, since we pack zImage
34 # (at least for now) into the fitImage .
35 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
36 if 'fitImage' in typeformake.split():
37 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
38
39 image = d.getVar('INITRAMFS_IMAGE')
40 if image:
41 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
42
43 ubootenv = d.getVar('UBOOT_ENV')
44 if ubootenv:
45 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
46
47 #check if there are any dtb providers
48 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
49 if providerdtb:
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]53}
54
55
56# Description string
57FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
58
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]59# Kernel fitImage Hash Algo
60FIT_HASH_ALG ?= "sha256"
61
62# Kernel fitImage Signature Algo
63FIT_SIGN_ALG ?= "rsa2048"
64
65# Kernel / U-Boot fitImage Padding Algo
66FIT_PAD_ALG ?= "pkcs-1.5"
67
68# Generate keys for signing Kernel fitImage
69FIT_GENERATE_KEYS ?= "0"
70
71# Size of private keys in number of bits
72FIT_SIGN_NUMBITS ?= "2048"
73
74# args to openssl genrsa (Default is just the public exponent)
75FIT_KEY_GENRSA_ARGS ?= "-F4"
76
77# args to openssl req (Default is -batch for non interactive mode and
78# -new for new certificate)
79FIT_KEY_REQ_ARGS ?= "-batch -new"
80
81# Standard format for public key certificate
82FIT_KEY_SIGN_PKCS ?= "-x509"
83
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]84# Sign individual images as well
85FIT_SIGN_INDIVIDUAL ?= "0"
86
87FIT_CONF_PREFIX ?= "conf-"
88FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
89
90FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
91
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame^]92# Allow user to select the default DTB for FIT image when multiple dtb's exists.
93FIT_CONF_DEFAULT_DTB ?= ""
94
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]95# Keys used to sign individually image nodes.
96# The keys to sign image nodes must be different from those used to sign
97# configuration nodes, otherwise the "required" property, from
98# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
99# Then the images signature checking will not be mandatory and no error will be
100# raised in case of failure.
101# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
102
103#
104# Emit the fitImage ITS header
105#
106# $1 ... .its filename
107fitimage_emit_fit_header() {
108 cat << EOF >> $1
109/dts-v1/;
110
111/ {
112 description = "${FIT_DESC}";
113 #address-cells = <1>;
114EOF
115}
116
117#
118# Emit the fitImage section bits
119#
120# $1 ... .its filename
121# $2 ... Section bit type: imagestart - image section start
122# confstart - configuration section start
123# sectend - section end
124# fitend - fitimage end
125#
126fitimage_emit_section_maint() {
127 case $2 in
128 imagestart)
129 cat << EOF >> $1
130
131 images {
132EOF
133 ;;
134 confstart)
135 cat << EOF >> $1
136
137 configurations {
138EOF
139 ;;
140 sectend)
141 cat << EOF >> $1
142 };
143EOF
144 ;;
145 fitend)
146 cat << EOF >> $1
147};
148EOF
149 ;;
150 esac
151}
152
153#
154# Emit the fitImage ITS kernel section
155#
156# $1 ... .its filename
157# $2 ... Image counter
158# $3 ... Path to kernel image
159# $4 ... Compression type
160fitimage_emit_section_kernel() {
161
162 kernel_csum="${FIT_HASH_ALG}"
163 kernel_sign_algo="${FIT_SIGN_ALG}"
164 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
165
166 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
167 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
168 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
169 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
170 fi
171
172 cat << EOF >> $1
173 kernel-$2 {
174 description = "Linux kernel";
175 data = /incbin/("$3");
176 type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
177 arch = "${UBOOT_ARCH}";
178 os = "linux";
179 compression = "$4";
180 load = <${UBOOT_LOADADDRESS}>;
181 entry = <$ENTRYPOINT>;
182 hash-1 {
183 algo = "$kernel_csum";
184 };
185 };
186EOF
187
188 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
189 sed -i '$ d' $1
190 cat << EOF >> $1
191 signature-1 {
192 algo = "$kernel_csum,$kernel_sign_algo";
193 key-name-hint = "$kernel_sign_keyname";
194 };
195 };
196EOF
197 fi
198}
199
200#
201# Emit the fitImage ITS DTB section
202#
203# $1 ... .its filename
204# $2 ... Image counter
205# $3 ... Path to DTB image
206fitimage_emit_section_dtb() {
207
208 dtb_csum="${FIT_HASH_ALG}"
209 dtb_sign_algo="${FIT_SIGN_ALG}"
210 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
211
212 dtb_loadline=""
213 dtb_ext=${DTB##*.}
214 if [ "${dtb_ext}" = "dtbo" ]; then
215 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
216 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
217 fi
218 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
219 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
220 fi
221 cat << EOF >> $1
222 fdt-$2 {
223 description = "Flattened Device Tree blob";
224 data = /incbin/("$3");
225 type = "flat_dt";
226 arch = "${UBOOT_ARCH}";
227 compression = "none";
228 $dtb_loadline
229 hash-1 {
230 algo = "$dtb_csum";
231 };
232 };
233EOF
234
235 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
236 sed -i '$ d' $1
237 cat << EOF >> $1
238 signature-1 {
239 algo = "$dtb_csum,$dtb_sign_algo";
240 key-name-hint = "$dtb_sign_keyname";
241 };
242 };
243EOF
244 fi
245}
246
247#
248# Emit the fitImage ITS u-boot script section
249#
250# $1 ... .its filename
251# $2 ... Image counter
252# $3 ... Path to boot script image
253fitimage_emit_section_boot_script() {
254
255 bootscr_csum="${FIT_HASH_ALG}"
256 bootscr_sign_algo="${FIT_SIGN_ALG}"
257 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
258
259 cat << EOF >> $1
260 bootscr-$2 {
261 description = "U-boot script";
262 data = /incbin/("$3");
263 type = "script";
264 arch = "${UBOOT_ARCH}";
265 compression = "none";
266 hash-1 {
267 algo = "$bootscr_csum";
268 };
269 };
270EOF
271
272 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
273 sed -i '$ d' $1
274 cat << EOF >> $1
275 signature-1 {
276 algo = "$bootscr_csum,$bootscr_sign_algo";
277 key-name-hint = "$bootscr_sign_keyname";
278 };
279 };
280EOF
281 fi
282}
283
284#
285# Emit the fitImage ITS setup section
286#
287# $1 ... .its filename
288# $2 ... Image counter
289# $3 ... Path to setup image
290fitimage_emit_section_setup() {
291
292 setup_csum="${FIT_HASH_ALG}"
293
294 cat << EOF >> $1
295 setup-$2 {
296 description = "Linux setup.bin";
297 data = /incbin/("$3");
298 type = "x86_setup";
299 arch = "${UBOOT_ARCH}";
300 os = "linux";
301 compression = "none";
302 load = <0x00090000>;
303 entry = <0x00090000>;
304 hash-1 {
305 algo = "$setup_csum";
306 };
307 };
308EOF
309}
310
311#
312# Emit the fitImage ITS ramdisk section
313#
314# $1 ... .its filename
315# $2 ... Image counter
316# $3 ... Path to ramdisk image
317fitimage_emit_section_ramdisk() {
318
319 ramdisk_csum="${FIT_HASH_ALG}"
320 ramdisk_sign_algo="${FIT_SIGN_ALG}"
321 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
322 ramdisk_loadline=""
323 ramdisk_entryline=""
324
325 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
326 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
327 fi
328 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
329 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
330 fi
331
332 cat << EOF >> $1
333 ramdisk-$2 {
334 description = "${INITRAMFS_IMAGE}";
335 data = /incbin/("$3");
336 type = "ramdisk";
337 arch = "${UBOOT_ARCH}";
338 os = "linux";
339 compression = "none";
340 $ramdisk_loadline
341 $ramdisk_entryline
342 hash-1 {
343 algo = "$ramdisk_csum";
344 };
345 };
346EOF
347
348 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
349 sed -i '$ d' $1
350 cat << EOF >> $1
351 signature-1 {
352 algo = "$ramdisk_csum,$ramdisk_sign_algo";
353 key-name-hint = "$ramdisk_sign_keyname";
354 };
355 };
356EOF
357 fi
358}
359
360#
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]361# echoes symlink destination if it points below directory
362#
363# $1 ... file that's a potential symlink
364# $2 ... expected parent directory
365symlink_points_below() {
366 file="$2/$1"
367 dir=$2
368
369 if ! [ -L "$file" ]; then
370 return
371 fi
372
373 realpath="$(realpath --relative-to=$dir $file)"
374 if [ -z "${realpath%%../*}" ]; then
375 return
376 fi
377
378 echo "$realpath"
379}
380
381#
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]382# Emit the fitImage ITS configuration section
383#
384# $1 ... .its filename
385# $2 ... Linux kernel ID
386# $3 ... DTB image name
387# $4 ... ramdisk ID
388# $5 ... u-boot script ID
389# $6 ... config ID
390# $7 ... default flag
391fitimage_emit_section_config() {
392
393 conf_csum="${FIT_HASH_ALG}"
394 conf_sign_algo="${FIT_SIGN_ALG}"
395 conf_padding_algo="${FIT_PAD_ALG}"
396 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
397 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
398 fi
399
400 its_file="$1"
401 kernel_id="$2"
402 dtb_image="$3"
403 ramdisk_id="$4"
404 bootscr_id="$5"
405 config_id="$6"
406 default_flag="$7"
407
408 # Test if we have any DTBs at all
409 sep=""
410 conf_desc=""
411 conf_node="${FIT_CONF_PREFIX}"
412 kernel_line=""
413 fdt_line=""
414 ramdisk_line=""
415 bootscr_line=""
416 setup_line=""
417 default_line=""
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame^]418 default_dtb_image="${FIT_CONF_DEFAULT_DTB}"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]419
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]420 dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}")
421 if [ -z "$dtb_image_sect" ]; then
422 dtb_image_sect=$dtb_image
423 fi
424
425 dtb_image=$(echo $dtb_image | tr '/' '_')
426 dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_')
427
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]428 # conf node name is selected based on dtb ID if it is present,
429 # otherwise its selected based on kernel ID
430 if [ -n "$dtb_image" ]; then
431 conf_node=$conf_node$dtb_image
432 else
433 conf_node=$conf_node$kernel_id
434 fi
435
436 if [ -n "$kernel_id" ]; then
437 conf_desc="Linux kernel"
438 sep=", "
439 kernel_line="kernel = \"kernel-$kernel_id\";"
440 fi
441
442 if [ -n "$dtb_image" ]; then
443 conf_desc="$conf_desc${sep}FDT blob"
444 sep=", "
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]445 fdt_line="fdt = \"fdt-$dtb_image_sect\";"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]446 fi
447
448 if [ -n "$ramdisk_id" ]; then
449 conf_desc="$conf_desc${sep}ramdisk"
450 sep=", "
451 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
452 fi
453
454 if [ -n "$bootscr_id" ]; then
455 conf_desc="$conf_desc${sep}u-boot script"
456 sep=", "
457 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
458 fi
459
460 if [ -n "$config_id" ]; then
461 conf_desc="$conf_desc${sep}setup"
462 setup_line="setup = \"setup-$config_id\";"
463 fi
464
465 if [ "$default_flag" = "1" ]; then
466 # default node is selected based on dtb ID if it is present,
467 # otherwise its selected based on kernel ID
468 if [ -n "$dtb_image" ]; then
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame^]469 # Select default node as user specified dtb when
470 # multiple dtb exists.
471 if [ -n "$default_dtb_image" ]; then
472 if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then
473 default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
474 else
475 bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image"
476 fi
477 else
478 default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
479 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]480 else
481 default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
482 fi
483 fi
484
485 cat << EOF >> $its_file
486 $default_line
487 $conf_node {
488 description = "$default_flag $conf_desc";
489 $kernel_line
490 $fdt_line
491 $ramdisk_line
492 $bootscr_line
493 $setup_line
494 hash-1 {
495 algo = "$conf_csum";
496 };
497EOF
498
499 if [ -n "$conf_sign_keyname" ] ; then
500
501 sign_line="sign-images = "
502 sep=""
503
504 if [ -n "$kernel_id" ]; then
505 sign_line="$sign_line${sep}\"kernel\""
506 sep=", "
507 fi
508
509 if [ -n "$dtb_image" ]; then
510 sign_line="$sign_line${sep}\"fdt\""
511 sep=", "
512 fi
513
514 if [ -n "$ramdisk_id" ]; then
515 sign_line="$sign_line${sep}\"ramdisk\""
516 sep=", "
517 fi
518
519 if [ -n "$bootscr_id" ]; then
520 sign_line="$sign_line${sep}\"bootscr\""
521 sep=", "
522 fi
523
524 if [ -n "$config_id" ]; then
525 sign_line="$sign_line${sep}\"setup\""
526 fi
527
528 sign_line="$sign_line;"
529
530 cat << EOF >> $its_file
531 signature-1 {
532 algo = "$conf_csum,$conf_sign_algo";
533 key-name-hint = "$conf_sign_keyname";
534 padding = "$conf_padding_algo";
535 $sign_line
536 };
537EOF
538 fi
539
540 cat << EOF >> $its_file
541 };
542EOF
543}
544
545#
546# Assemble fitImage
547#
548# $1 ... .its filename
549# $2 ... fitImage name
550# $3 ... include ramdisk
551fitimage_assemble() {
552 kernelcount=1
553 dtbcount=""
554 DTBS=""
555 ramdiskcount=$3
556 setupcount=""
557 bootscr_id=""
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]558 rm -f $1 ${KERNEL_OUTPUT_DIR}/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]559
560 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
561 bbfatal "Keys used to sign images and configuration nodes must be different."
562 fi
563
564 fitimage_emit_fit_header $1
565
566 #
567 # Step 1: Prepare a kernel image section.
568 #
569 fitimage_emit_section_maint $1 imagestart
570
571 uboot_prep_kimage
572 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
573
574 #
575 # Step 2: Prepare a DTB image section
576 #
577
578 if [ -n "${KERNEL_DEVICETREE}" ]; then
579 dtbcount=1
580 for DTB in ${KERNEL_DEVICETREE}; do
581 if echo $DTB | grep -q '/dts/'; then
582 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
583 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
584 fi
585
586 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
587 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
588 continue
589 fi
590
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]591 DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]592 if [ ! -e "$DTB_PATH" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]593 DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]594 fi
595
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]596 # Skip DTB if we've picked it up previously
597 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
598
599 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]600 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]601 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
602 done
603 fi
604
605 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
606 dtbcount=1
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame^]607 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
608 $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
609 # Skip DTB/DTBO if we've picked it up previously
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]610 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
611
612 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]613
614 # Also skip if a symlink. We'll later have each config section point at it
615 [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue
616
617 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]618 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
619 done
620 fi
621
622 #
623 # Step 3: Prepare a u-boot script section
624 #
625
626 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
627 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
628 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
629 bootscr_id="${UBOOT_ENV_BINARY}"
630 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
631 else
632 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
633 fi
634 fi
635
636 #
637 # Step 4: Prepare a setup section. (For x86)
638 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]639 if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]640 setupcount=1
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]641 fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]642 fi
643
644 #
645 # Step 5: Prepare a ramdisk section.
646 #
647 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
648 # Find and use the first initramfs image archive type we find
649 found=
650 for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
651 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
652 if [ -e "$initramfs_path" ]; then
653 bbnote "Found initramfs image: $initramfs_path"
654 found=true
655 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
656 break
657 else
658 bbnote "Did not find initramfs image: $initramfs_path"
659 fi
660 done
661
662 if [ -z "$found" ]; then
663 bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
664 fi
665 fi
666
667 fitimage_emit_section_maint $1 sectend
668
669 # Force the first Kernel and DTB in the default config
670 kernelcount=1
671 if [ -n "$dtbcount" ]; then
672 dtbcount=1
673 fi
674
675 #
676 # Step 6: Prepare a configurations section
677 #
678 fitimage_emit_section_maint $1 confstart
679
680 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
681 # more) to be added to the FIT image along with 0 or more device trees and
682 # 0 or 1 ramdisk.
683 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
684 # When the initramfs bundle is used ramdisk is disabled.
685 # If a device tree is to be part of the FIT image, then select
686 # the default configuration to be used is based on the dtbcount. If there is
687 # no dtb present than select the default configuation to be based on
688 # the kernelcount.
689 if [ -n "$DTBS" ]; then
690 i=1
691 for DTB in ${DTBS}; do
692 dtb_ext=${DTB##*.}
693 if [ "$dtb_ext" = "dtbo" ]; then
694 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
695 else
696 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
697 fi
698 i=`expr $i + 1`
699 done
700 else
701 defaultconfigcount=1
702 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount
703 fi
704
705 fitimage_emit_section_maint $1 sectend
706
707 fitimage_emit_section_maint $1 fitend
708
709 #
710 # Step 7: Assemble the image
711 #
712 ${UBOOT_MKIMAGE} \
713 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
714 -f $1 \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]715 ${KERNEL_OUTPUT_DIR}/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]716
717 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]718 # Step 8: Sign the image
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]719 #
720 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]721 ${UBOOT_MKIMAGE_SIGN} \
722 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
723 -F -k "${UBOOT_SIGN_KEYDIR}" \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]724 -r ${KERNEL_OUTPUT_DIR}/$2 \
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]725 ${UBOOT_MKIMAGE_SIGN_ARGS}
726 fi
727}
728
729do_assemble_fitimage() {
730 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
731 cd ${B}
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]732 fitimage_assemble fit-image.its fitImage-none ""
733 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
734 ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage
735 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]736 fi
737}
738
739addtask assemble_fitimage before do_install after do_compile
740
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]741SYSROOT_DIRS:append = " /sysroot-only"
742do_install:append() {
743 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
744 [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
745 install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage
746 fi
747}
748
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]749do_assemble_fitimage_initramfs() {
750 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
751 test -n "${INITRAMFS_IMAGE}" ; then
752 cd ${B}
753 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]754 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle ""
755 ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]756 else
757 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
758 fi
759 fi
760}
761
762addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
763
764do_kernel_generate_rsa_keys() {
765 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
766 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
767 fi
768
769 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
770
771 # Generate keys to sign configuration nodes, only if they don't already exist
772 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
773 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
774
775 # make directory if it does not already exist
776 mkdir -p "${UBOOT_SIGN_KEYDIR}"
777
778 bbnote "Generating RSA private key for signing fitImage"
779 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
780 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
781 "${FIT_SIGN_NUMBITS}"
782
783 bbnote "Generating certificate for signing fitImage"
784 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
785 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
786 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
787 fi
788
789 # Generate keys to sign image nodes, only if they don't already exist
790 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
791 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
792
793 # make directory if it does not already exist
794 mkdir -p "${UBOOT_SIGN_KEYDIR}"
795
796 bbnote "Generating RSA private key for signing fitImage"
797 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
798 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
799 "${FIT_SIGN_NUMBITS}"
800
801 bbnote "Generating certificate for signing fitImage"
802 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
803 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
804 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
805 fi
806 fi
807}
808
809addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
810
811kernel_do_deploy[vardepsexclude] = "DATETIME"
812kernel_do_deploy:append() {
813 # Update deploy directory
814 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
815
816 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
817 bbnote "Copying fit-image.its source file..."
818 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
819 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
820 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
821 fi
822
823 bbnote "Copying linux.bin file..."
824 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
825 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
826 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
827 fi
828 fi
829
830 if [ -n "${INITRAMFS_IMAGE}" ]; then
831 bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
832 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
833 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
834 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
835 fi
836
837 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
838 bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]839 install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]840 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
841 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
842 fi
843 fi
844 fi
845 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]846}