blob: b0c971b0eb61bcc56023d9340f1087ae937b557d [file] [log] [blame]
Brad Bishop1a4b7ee2018-12-16 17:11:34 -08001inherit kernel-uboot kernel-artifact-names uboot-sign
Patrick Williamsc124f4f2015-09-15 14:41:29 -05002
Andrew Geisslerd1e89492021-02-12 15:35:20 -06003KERNEL_IMAGETYPE_REPLACEMENT = ""
4
Patrick Williamsc124f4f2015-09-15 14:41:29 -05005python __anonymous () {
Brad Bishop6e60e8b2018-02-01 10:27:11 -05006 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
He Zhefe76b1e2016-05-25 04:47:16 -04007 if 'fitImage' in kerneltypes.split():
Brad Bishop6e60e8b2018-02-01 10:27:11 -05008 depends = d.getVar("DEPENDS")
Brad Bishop19323692019-04-05 15:28:33 -04009 depends = "%s u-boot-tools-native dtc-native" % depends
Patrick Williamsc124f4f2015-09-15 14:41:29 -050010 d.setVar("DEPENDS", depends)
11
Brad Bishopd7bf8c12018-02-25 22:55:05 -050012 uarch = d.getVar("UBOOT_ARCH")
13 if uarch == "arm64":
14 replacementtype = "Image"
Brad Bishopc342db32019-05-15 21:57:59 -040015 elif uarch == "riscv":
16 replacementtype = "Image"
Brad Bishopd7bf8c12018-02-25 22:55:05 -050017 elif uarch == "mips":
Brad Bishop6e60e8b2018-02-01 10:27:11 -050018 replacementtype = "vmlinuz.bin"
Brad Bishopd7bf8c12018-02-25 22:55:05 -050019 elif uarch == "x86":
Patrick Williamsc0f7c042017-02-23 20:41:17 -060020 replacementtype = "bzImage"
Brad Bishop316dfdd2018-06-25 12:45:53 -040021 elif uarch == "microblaze":
22 replacementtype = "linux.bin"
Patrick Williamsc0f7c042017-02-23 20:41:17 -060023 else:
24 replacementtype = "zImage"
25
Andrew Geisslerd1e89492021-02-12 15:35:20 -060026 d.setVar("KERNEL_IMAGETYPE_REPLACEMENT", replacementtype)
27
Brad Bishop19323692019-04-05 15:28:33 -040028 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
29 # to kernel.bbclass . We have to override it, since we pack zImage
30 # (at least for now) into the fitImage .
Brad Bishop6e60e8b2018-02-01 10:27:11 -050031 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
He Zhefe76b1e2016-05-25 04:47:16 -040032 if 'fitImage' in typeformake.split():
Patrick Williamsc0f7c042017-02-23 20:41:17 -060033 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', replacementtype))
Patrick Williamsc124f4f2015-09-15 14:41:29 -050034
Brad Bishop6e60e8b2018-02-01 10:27:11 -050035 image = d.getVar('INITRAMFS_IMAGE')
Patrick Williamsc124f4f2015-09-15 14:41:29 -050036 if image:
George McCollister185c8ae2016-05-26 08:55:16 -050037 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
38
Brad Bishop19323692019-04-05 15:28:33 -040039 #check if there are any dtb providers
40 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
41 if providerdtb:
42 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
43 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
44 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
45
Patrick Williamsc0f7c042017-02-23 20:41:17 -060046 # Verified boot will sign the fitImage and append the public key to
Brad Bishop6e60e8b2018-02-01 10:27:11 -050047 # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling
Patrick Williamsc0f7c042017-02-23 20:41:17 -060048 # the fitImage:
Brad Bishop15ae2502019-06-18 21:44:24 -040049 if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'):
Brad Bishop6e60e8b2018-02-01 10:27:11 -050050 uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
Brad Bishop19323692019-04-05 15:28:33 -040051 d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
Andrew Geisslerd1e89492021-02-12 15:35:20 -060052 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
53 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
Patrick Williamsc124f4f2015-09-15 14:41:29 -050054}
55
Andrew Geisslerf0343792020-11-18 10:42:21 -060056
Andrew Geisslerd1e89492021-02-12 15:35:20 -060057# Description string
Andrew Geissler3b8a17c2021-04-15 15:55:55 -050058FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -060059
60# Sign individual images as well
61FIT_SIGN_INDIVIDUAL ?= "0"
62
Patrick Williams0ca19cc2021-08-16 14:03:13 -050063# Keys used to sign individually image nodes.
64# The keys to sign image nodes must be different from those used to sign
65# configuration nodes, otherwise the "required" property, from
66# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
67# Then the images signature checking will not be mandatory and no error will be
68# raised in case of failure.
69# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
70
Patrick Williamsc124f4f2015-09-15 14:41:29 -050071#
72# Emit the fitImage ITS header
73#
George McCollister185c8ae2016-05-26 08:55:16 -050074# $1 ... .its filename
Patrick Williamsc124f4f2015-09-15 14:41:29 -050075fitimage_emit_fit_header() {
Andrew Geisslereff27472021-10-29 15:35:00 -050076 cat << EOF >> $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -050077/dts-v1/;
78
79/ {
Andrew Geisslerd1e89492021-02-12 15:35:20 -060080 description = "${FIT_DESC}";
Patrick Williamsc124f4f2015-09-15 14:41:29 -050081 #address-cells = <1>;
82EOF
83}
84
85#
86# Emit the fitImage section bits
87#
George McCollister185c8ae2016-05-26 08:55:16 -050088# $1 ... .its filename
89# $2 ... Section bit type: imagestart - image section start
Patrick Williamsc124f4f2015-09-15 14:41:29 -050090# confstart - configuration section start
91# sectend - section end
92# fitend - fitimage end
93#
94fitimage_emit_section_maint() {
George McCollister185c8ae2016-05-26 08:55:16 -050095 case $2 in
Patrick Williamsc124f4f2015-09-15 14:41:29 -050096 imagestart)
Andrew Geisslereff27472021-10-29 15:35:00 -050097 cat << EOF >> $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -050098
99 images {
100EOF
101 ;;
102 confstart)
Andrew Geisslereff27472021-10-29 15:35:00 -0500103 cat << EOF >> $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500104
105 configurations {
106EOF
107 ;;
108 sectend)
Andrew Geisslereff27472021-10-29 15:35:00 -0500109 cat << EOF >> $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500110 };
111EOF
112 ;;
113 fitend)
Andrew Geisslereff27472021-10-29 15:35:00 -0500114 cat << EOF >> $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500115};
116EOF
117 ;;
118 esac
119}
120
121#
122# Emit the fitImage ITS kernel section
123#
George McCollister185c8ae2016-05-26 08:55:16 -0500124# $1 ... .its filename
125# $2 ... Image counter
126# $3 ... Path to kernel image
127# $4 ... Compression type
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500128fitimage_emit_section_kernel() {
129
Brad Bishopf3fd2882019-06-21 08:06:37 -0400130 kernel_csum="${FIT_HASH_ALG}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600131 kernel_sign_algo="${FIT_SIGN_ALG}"
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500132 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500133
Brad Bishop316dfdd2018-06-25 12:45:53 -0400134 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500135 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
136 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
137 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500138 fi
139
Andrew Geisslereff27472021-10-29 15:35:00 -0500140 cat << EOF >> $1
141 kernel-$2 {
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500142 description = "Linux kernel";
Andrew Geisslereff27472021-10-29 15:35:00 -0500143 data = /incbin/("$3");
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500144 type = "kernel";
145 arch = "${UBOOT_ARCH}";
146 os = "linux";
Andrew Geisslereff27472021-10-29 15:35:00 -0500147 compression = "$4";
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500148 load = <${UBOOT_LOADADDRESS}>;
Andrew Geisslereff27472021-10-29 15:35:00 -0500149 entry = <$ENTRYPOINT>;
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600150 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500151 algo = "$kernel_csum";
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500152 };
153 };
154EOF
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600155
Andrew Geisslereff27472021-10-29 15:35:00 -0500156 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
157 sed -i '$ d' $1
158 cat << EOF >> $1
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600159 signature-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500160 algo = "$kernel_csum,$kernel_sign_algo";
161 key-name-hint = "$kernel_sign_keyname";
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600162 };
163 };
164EOF
165 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500166}
167
168#
169# Emit the fitImage ITS DTB section
170#
George McCollister185c8ae2016-05-26 08:55:16 -0500171# $1 ... .its filename
172# $2 ... Image counter
173# $3 ... Path to DTB image
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500174fitimage_emit_section_dtb() {
175
Brad Bishopf3fd2882019-06-21 08:06:37 -0400176 dtb_csum="${FIT_HASH_ALG}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600177 dtb_sign_algo="${FIT_SIGN_ALG}"
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500178 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500179
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800180 dtb_loadline=""
181 dtb_ext=${DTB##*.}
182 if [ "${dtb_ext}" = "dtbo" ]; then
183 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
184 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
185 fi
186 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
187 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
188 fi
Andrew Geisslereff27472021-10-29 15:35:00 -0500189 cat << EOF >> $1
190 fdt-$2 {
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500191 description = "Flattened Device Tree blob";
Andrew Geisslereff27472021-10-29 15:35:00 -0500192 data = /incbin/("$3");
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500193 type = "flat_dt";
194 arch = "${UBOOT_ARCH}";
195 compression = "none";
Andrew Geisslereff27472021-10-29 15:35:00 -0500196 $dtb_loadline
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600197 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500198 algo = "$dtb_csum";
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500199 };
200 };
201EOF
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600202
Andrew Geisslereff27472021-10-29 15:35:00 -0500203 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
204 sed -i '$ d' $1
205 cat << EOF >> $1
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600206 signature-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500207 algo = "$dtb_csum,$dtb_sign_algo";
208 key-name-hint = "$dtb_sign_keyname";
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600209 };
210 };
211EOF
212 fi
213}
214
215#
216# Emit the fitImage ITS u-boot script section
217#
218# $1 ... .its filename
219# $2 ... Image counter
220# $3 ... Path to boot script image
221fitimage_emit_section_boot_script() {
222
Andrew Geisslereff27472021-10-29 15:35:00 -0500223 bootscr_csum="${FIT_HASH_ALG}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600224 bootscr_sign_algo="${FIT_SIGN_ALG}"
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500225 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600226
Andrew Geisslereff27472021-10-29 15:35:00 -0500227 cat << EOF >> $1
228 bootscr-$2 {
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600229 description = "U-boot script";
Andrew Geisslereff27472021-10-29 15:35:00 -0500230 data = /incbin/("$3");
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600231 type = "script";
232 arch = "${UBOOT_ARCH}";
233 compression = "none";
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700234 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500235 algo = "$bootscr_csum";
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600236 };
237 };
238EOF
239
Andrew Geisslereff27472021-10-29 15:35:00 -0500240 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
241 sed -i '$ d' $1
242 cat << EOF >> $1
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700243 signature-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500244 algo = "$bootscr_csum,$bootscr_sign_algo";
245 key-name-hint = "$bootscr_sign_keyname";
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600246 };
247 };
248EOF
249 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500250}
251
252#
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600253# Emit the fitImage ITS setup section
254#
255# $1 ... .its filename
256# $2 ... Image counter
257# $3 ... Path to setup image
258fitimage_emit_section_setup() {
259
Brad Bishopf3fd2882019-06-21 08:06:37 -0400260 setup_csum="${FIT_HASH_ALG}"
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600261
Andrew Geisslereff27472021-10-29 15:35:00 -0500262 cat << EOF >> $1
263 setup-$2 {
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600264 description = "Linux setup.bin";
Andrew Geisslereff27472021-10-29 15:35:00 -0500265 data = /incbin/("$3");
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600266 type = "x86_setup";
267 arch = "${UBOOT_ARCH}";
268 os = "linux";
269 compression = "none";
270 load = <0x00090000>;
271 entry = <0x00090000>;
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600272 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500273 algo = "$setup_csum";
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600274 };
275 };
276EOF
277}
278
279#
George McCollister185c8ae2016-05-26 08:55:16 -0500280# Emit the fitImage ITS ramdisk section
281#
282# $1 ... .its filename
283# $2 ... Image counter
284# $3 ... Path to ramdisk image
285fitimage_emit_section_ramdisk() {
286
Brad Bishopf3fd2882019-06-21 08:06:37 -0400287 ramdisk_csum="${FIT_HASH_ALG}"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600288 ramdisk_sign_algo="${FIT_SIGN_ALG}"
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500289 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
Nathan Rossib4a4dc02016-10-21 22:07:27 +1000290 ramdisk_loadline=""
291 ramdisk_entryline=""
292
293 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
294 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
295 fi
296 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
297 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
298 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500299
Andrew Geisslereff27472021-10-29 15:35:00 -0500300 cat << EOF >> $1
301 ramdisk-$2 {
Rick Altherrbc1b8802017-01-20 11:28:53 -0800302 description = "${INITRAMFS_IMAGE}";
Andrew Geisslereff27472021-10-29 15:35:00 -0500303 data = /incbin/("$3");
George McCollister185c8ae2016-05-26 08:55:16 -0500304 type = "ramdisk";
305 arch = "${UBOOT_ARCH}";
306 os = "linux";
Brad Bishop00e122a2019-10-05 11:10:57 -0400307 compression = "none";
Andrew Geisslereff27472021-10-29 15:35:00 -0500308 $ramdisk_loadline
309 $ramdisk_entryline
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600310 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500311 algo = "$ramdisk_csum";
George McCollister185c8ae2016-05-26 08:55:16 -0500312 };
313 };
314EOF
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600315
Andrew Geisslereff27472021-10-29 15:35:00 -0500316 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
317 sed -i '$ d' $1
318 cat << EOF >> $1
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600319 signature-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500320 algo = "$ramdisk_csum,$ramdisk_sign_algo";
321 key-name-hint = "$ramdisk_sign_keyname";
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600322 };
323 };
324EOF
325 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500326}
327
328#
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500329# Emit the fitImage ITS configuration section
330#
George McCollister185c8ae2016-05-26 08:55:16 -0500331# $1 ... .its filename
332# $2 ... Linux kernel ID
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500333# $3 ... DTB image name
George McCollister185c8ae2016-05-26 08:55:16 -0500334# $4 ... ramdisk ID
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600335# $5 ... u-boot script ID
336# $6 ... config ID
337# $7 ... default flag
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500338fitimage_emit_section_config() {
339
Brad Bishopf3fd2882019-06-21 08:06:37 -0400340 conf_csum="${FIT_HASH_ALG}"
Brad Bishop64c979e2019-11-04 13:55:29 -0500341 conf_sign_algo="${FIT_SIGN_ALG}"
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700342 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600343 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
344 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500345
Andrew Geisslereff27472021-10-29 15:35:00 -0500346 its_file="$1"
347 kernel_id="$2"
348 dtb_image="$3"
349 ramdisk_id="$4"
350 bootscr_id="$5"
351 config_id="$6"
352 default_flag="$7"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600353
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500354 # Test if we have any DTBs at all
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800355 sep=""
356 conf_desc=""
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600357 conf_node="conf-"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800358 kernel_line=""
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600359 fdt_line=""
360 ramdisk_line=""
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600361 bootscr_line=""
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500362 setup_line=""
363 default_line=""
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600364
Andrew Geissler635e0e42020-08-21 15:58:33 -0500365 # conf node name is selected based on dtb ID if it is present,
366 # otherwise its selected based on kernel ID
Andrew Geisslereff27472021-10-29 15:35:00 -0500367 if [ -n "$dtb_image" ]; then
368 conf_node=$conf_node$dtb_image
Andrew Geissler635e0e42020-08-21 15:58:33 -0500369 else
Andrew Geisslereff27472021-10-29 15:35:00 -0500370 conf_node=$conf_node$kernel_id
Andrew Geissler635e0e42020-08-21 15:58:33 -0500371 fi
372
Andrew Geisslereff27472021-10-29 15:35:00 -0500373 if [ -n "$kernel_id" ]; then
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800374 conf_desc="Linux kernel"
375 sep=", "
Andrew Geisslereff27472021-10-29 15:35:00 -0500376 kernel_line="kernel = \"kernel-$kernel_id\";"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800377 fi
378
Andrew Geisslereff27472021-10-29 15:35:00 -0500379 if [ -n "$dtb_image" ]; then
380 conf_desc="$conf_desc${sep}FDT blob"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800381 sep=", "
Andrew Geisslereff27472021-10-29 15:35:00 -0500382 fdt_line="fdt = \"fdt-$dtb_image\";"
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600383 fi
384
Andrew Geisslereff27472021-10-29 15:35:00 -0500385 if [ -n "$ramdisk_id" ]; then
386 conf_desc="$conf_desc${sep}ramdisk"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800387 sep=", "
Andrew Geisslereff27472021-10-29 15:35:00 -0500388 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500389 fi
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600390
Andrew Geisslereff27472021-10-29 15:35:00 -0500391 if [ -n "$bootscr_id" ]; then
392 conf_desc="$conf_desc${sep}u-boot script"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600393 sep=", "
Andrew Geisslereff27472021-10-29 15:35:00 -0500394 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600395 fi
396
Andrew Geisslereff27472021-10-29 15:35:00 -0500397 if [ -n "$config_id" ]; then
398 conf_desc="$conf_desc${sep}setup"
399 setup_line="setup = \"setup-$config_id\";"
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600400 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500401
Andrew Geisslereff27472021-10-29 15:35:00 -0500402 if [ "$default_flag" = "1" ]; then
Andrew Geissler635e0e42020-08-21 15:58:33 -0500403 # default node is selected based on dtb ID if it is present,
404 # otherwise its selected based on kernel ID
Andrew Geisslereff27472021-10-29 15:35:00 -0500405 if [ -n "$dtb_image" ]; then
406 default_line="default = \"conf-$dtb_image\";"
Andrew Geissler635e0e42020-08-21 15:58:33 -0500407 else
Andrew Geisslereff27472021-10-29 15:35:00 -0500408 default_line="default = \"conf-$kernel_id\";"
Andrew Geissler635e0e42020-08-21 15:58:33 -0500409 fi
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500410 fi
411
Andrew Geisslereff27472021-10-29 15:35:00 -0500412 cat << EOF >> $its_file
413 $default_line
Andrew Geissler635e0e42020-08-21 15:58:33 -0500414 $conf_node {
Andrew Geisslereff27472021-10-29 15:35:00 -0500415 description = "$default_flag $conf_desc";
416 $kernel_line
417 $fdt_line
418 $ramdisk_line
419 $bootscr_line
420 $setup_line
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600421 hash-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500422 algo = "$conf_csum";
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500423 };
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600424EOF
425
Andrew Geisslereff27472021-10-29 15:35:00 -0500426 if [ -n "$conf_sign_keyname" ] ; then
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600427
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800428 sign_line="sign-images = "
429 sep=""
430
Andrew Geisslereff27472021-10-29 15:35:00 -0500431 if [ -n "$kernel_id" ]; then
432 sign_line="$sign_line${sep}\"kernel\""
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800433 sep=", "
434 fi
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600435
Andrew Geisslereff27472021-10-29 15:35:00 -0500436 if [ -n "$dtb_image" ]; then
437 sign_line="$sign_line${sep}\"fdt\""
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800438 sep=", "
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600439 fi
440
Andrew Geisslereff27472021-10-29 15:35:00 -0500441 if [ -n "$ramdisk_id" ]; then
442 sign_line="$sign_line${sep}\"ramdisk\""
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800443 sep=", "
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600444 fi
445
Andrew Geisslereff27472021-10-29 15:35:00 -0500446 if [ -n "$bootscr_id" ]; then
447 sign_line="$sign_line${sep}\"bootscr\""
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600448 sep=", "
449 fi
450
Andrew Geisslereff27472021-10-29 15:35:00 -0500451 if [ -n "$config_id" ]; then
452 sign_line="$sign_line${sep}\"setup\""
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600453 fi
454
Andrew Geisslereff27472021-10-29 15:35:00 -0500455 sign_line="$sign_line;"
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600456
Andrew Geisslereff27472021-10-29 15:35:00 -0500457 cat << EOF >> $its_file
Andrew Geissler90fd73c2021-03-05 15:25:55 -0600458 signature-1 {
Andrew Geisslereff27472021-10-29 15:35:00 -0500459 algo = "$conf_csum,$conf_sign_algo";
460 key-name-hint = "$conf_sign_keyname";
461 $sign_line
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600462 };
463EOF
464 fi
465
Andrew Geisslereff27472021-10-29 15:35:00 -0500466 cat << EOF >> $its_file
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500467 };
468EOF
469}
470
George McCollister185c8ae2016-05-26 08:55:16 -0500471#
472# Assemble fitImage
473#
474# $1 ... .its filename
475# $2 ... fitImage name
476# $3 ... include ramdisk
477fitimage_assemble() {
478 kernelcount=1
479 dtbcount=""
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500480 DTBS=""
Andrew Geisslereff27472021-10-29 15:35:00 -0500481 ramdiskcount=$3
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600482 setupcount=""
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600483 bootscr_id=""
Andrew Geisslereff27472021-10-29 15:35:00 -0500484 rm -f $1 arch/${ARCH}/boot/$2
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500485
Andrew Geisslereff27472021-10-29 15:35:00 -0500486 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500487 bbfatal "Keys used to sign images and configuration nodes must be different."
488 fi
489
Andrew Geisslereff27472021-10-29 15:35:00 -0500490 fitimage_emit_fit_header $1
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500491
George McCollister185c8ae2016-05-26 08:55:16 -0500492 #
493 # Step 1: Prepare a kernel image section.
494 #
Andrew Geisslereff27472021-10-29 15:35:00 -0500495 fitimage_emit_section_maint $1 imagestart
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500496
George McCollister185c8ae2016-05-26 08:55:16 -0500497 uboot_prep_kimage
Andrew Geisslereff27472021-10-29 15:35:00 -0500498 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500499
George McCollister185c8ae2016-05-26 08:55:16 -0500500 #
501 # Step 2: Prepare a DTB image section
502 #
Brad Bishop19323692019-04-05 15:28:33 -0400503
Andrew Geissler95ac1b82021-03-31 14:34:31 -0500504 if [ -n "${KERNEL_DEVICETREE}" ]; then
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500505 dtbcount=1
George McCollister185c8ae2016-05-26 08:55:16 -0500506 for DTB in ${KERNEL_DEVICETREE}; do
Andrew Geisslereff27472021-10-29 15:35:00 -0500507 if echo $DTB | grep -q '/dts/'; then
508 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
509 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
George McCollister185c8ae2016-05-26 08:55:16 -0500510 fi
Andrew Geissler95ac1b82021-03-31 14:34:31 -0500511
512 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
513 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
514 continue
515 fi
516
Andrew Geisslereff27472021-10-29 15:35:00 -0500517 DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
518 if [ ! -e "$DTB_PATH" ]; then
519 DTB_PATH="arch/${ARCH}/boot/$DTB"
George McCollister185c8ae2016-05-26 08:55:16 -0500520 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500521
Andrew Geisslereff27472021-10-29 15:35:00 -0500522 DTB=$(echo "$DTB" | tr '/' '_')
523 DTBS="$DTBS $DTB"
524 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
George McCollister185c8ae2016-05-26 08:55:16 -0500525 done
526 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500527
Brad Bishop19323692019-04-05 15:28:33 -0400528 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
529 dtbcount=1
Andrew Geissler82c905d2020-04-13 13:39:40 -0500530 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
Andrew Geisslereff27472021-10-29 15:35:00 -0500531 DTB=$(echo "$DTB" | tr '/' '_')
532 DTBS="$DTBS $DTB"
533 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
Brad Bishop19323692019-04-05 15:28:33 -0400534 done
535 fi
536
George McCollister185c8ae2016-05-26 08:55:16 -0500537 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600538 # Step 3: Prepare a u-boot script section
539 #
540
541 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
542 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
543 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
544 bootscr_id="${UBOOT_ENV_BINARY}"
Andrew Geisslereff27472021-10-29 15:35:00 -0500545 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600546 else
547 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
548 fi
549 fi
550
551 #
552 # Step 4: Prepare a setup section. (For x86)
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600553 #
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500554 if [ -e arch/${ARCH}/boot/setup.bin ]; then
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600555 setupcount=1
Andrew Geisslereff27472021-10-29 15:35:00 -0500556 fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600557 fi
558
559 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600560 # Step 5: Prepare a ramdisk section.
George McCollister185c8ae2016-05-26 08:55:16 -0500561 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600562 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
Rick Altherrbc1b8802017-01-20 11:28:53 -0800563 # Find and use the first initramfs image archive type we find
Andrew Geisslerd159c7f2021-09-02 21:05:58 -0500564 for img in cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio; do
Andrew Geisslereff27472021-10-29 15:35:00 -0500565 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
566 echo -n "Searching for $initramfs_path..."
567 if [ -e "$initramfs_path" ]; then
568 echo "found"
569 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
Rick Altherrbc1b8802017-01-20 11:28:53 -0800570 break
Andrew Geisslereff27472021-10-29 15:35:00 -0500571 else
572 echo "not found"
Rick Altherrbc1b8802017-01-20 11:28:53 -0800573 fi
574 done
George McCollister185c8ae2016-05-26 08:55:16 -0500575 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500576
Andrew Geisslereff27472021-10-29 15:35:00 -0500577 fitimage_emit_section_maint $1 sectend
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500578
George McCollister185c8ae2016-05-26 08:55:16 -0500579 # Force the first Kernel and DTB in the default config
580 kernelcount=1
Andrew Geisslereff27472021-10-29 15:35:00 -0500581 if [ -n "$dtbcount" ]; then
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600582 dtbcount=1
583 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500584
George McCollister185c8ae2016-05-26 08:55:16 -0500585 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600586 # Step 6: Prepare a configurations section
George McCollister185c8ae2016-05-26 08:55:16 -0500587 #
Andrew Geisslereff27472021-10-29 15:35:00 -0500588 fitimage_emit_section_maint $1 confstart
George McCollister185c8ae2016-05-26 08:55:16 -0500589
Andrew Geissler635e0e42020-08-21 15:58:33 -0500590 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
591 # more) to be added to the FIT image along with 0 or more device trees and
592 # 0 or 1 ramdisk.
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600593 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
594 # When the initramfs bundle is used ramdisk is disabled.
Andrew Geissler635e0e42020-08-21 15:58:33 -0500595 # If a device tree is to be part of the FIT image, then select
596 # the default configuration to be used is based on the dtbcount. If there is
597 # no dtb present than select the default configuation to be based on
598 # the kernelcount.
Andrew Geisslereff27472021-10-29 15:35:00 -0500599 if [ -n "$DTBS" ]; then
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500600 i=1
601 for DTB in ${DTBS}; do
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800602 dtb_ext=${DTB##*.}
Andrew Geisslereff27472021-10-29 15:35:00 -0500603 if [ "$dtb_ext" = "dtbo" ]; then
604 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800605 else
Andrew Geisslereff27472021-10-29 15:35:00 -0500606 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800607 fi
Andrew Geisslereff27472021-10-29 15:35:00 -0500608 i=`expr $i + 1`
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500609 done
Andrew Geissler635e0e42020-08-21 15:58:33 -0500610 else
611 defaultconfigcount=1
Andrew Geisslereff27472021-10-29 15:35:00 -0500612 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500613 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500614
Andrew Geisslereff27472021-10-29 15:35:00 -0500615 fitimage_emit_section_maint $1 sectend
George McCollister185c8ae2016-05-26 08:55:16 -0500616
Andrew Geisslereff27472021-10-29 15:35:00 -0500617 fitimage_emit_section_maint $1 fitend
George McCollister185c8ae2016-05-26 08:55:16 -0500618
619 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600620 # Step 7: Assemble the image
George McCollister185c8ae2016-05-26 08:55:16 -0500621 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600622 ${UBOOT_MKIMAGE} \
George McCollister185c8ae2016-05-26 08:55:16 -0500623 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
Andrew Geisslereff27472021-10-29 15:35:00 -0500624 -f $1 \
625 arch/${ARCH}/boot/$2
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600626
627 #
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600628 # Step 8: Sign the image and add public key to U-Boot dtb
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600629 #
630 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
Brad Bishop19323692019-04-05 15:28:33 -0400631 add_key_to_u_boot=""
632 if [ -n "${UBOOT_DTB_BINARY}" ]; then
633 # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy
634 # both of them, and don't dereference the symlink.
635 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
636 add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}"
637 fi
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600638 ${UBOOT_MKIMAGE_SIGN} \
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600639 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
640 -F -k "${UBOOT_SIGN_KEYDIR}" \
Brad Bishop19323692019-04-05 15:28:33 -0400641 $add_key_to_u_boot \
Andrew Geisslereff27472021-10-29 15:35:00 -0500642 -r arch/${ARCH}/boot/$2 \
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600643 ${UBOOT_MKIMAGE_SIGN_ARGS}
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600644 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500645}
646
647do_assemble_fitimage() {
648 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
649 cd ${B}
Andrew Geisslereff27472021-10-29 15:35:00 -0500650 fitimage_assemble fit-image.its fitImage ""
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500651 fi
652}
653
654addtask assemble_fitimage before do_install after do_compile
655
George McCollister185c8ae2016-05-26 08:55:16 -0500656do_assemble_fitimage_initramfs() {
657 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
658 test -n "${INITRAMFS_IMAGE}" ; then
659 cd ${B}
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600660 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
661 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage ""
662 else
663 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
664 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500665 fi
666}
667
Brad Bishop19323692019-04-05 15:28:33 -0400668addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
George McCollister185c8ae2016-05-26 08:55:16 -0500669
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700670do_kernel_generate_rsa_keys() {
671 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
672 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
673 fi
674
675 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
676
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500677 # Generate keys to sign configuration nodes, only if they don't already exist
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700678 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
679 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
680
681 # make directory if it does not already exist
682 mkdir -p "${UBOOT_SIGN_KEYDIR}"
683
684 echo "Generating RSA private key for signing fitImage"
685 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
686 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
687 "${FIT_SIGN_NUMBITS}"
688
689 echo "Generating certificate for signing fitImage"
690 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
691 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
692 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
693 fi
Patrick Williams0ca19cc2021-08-16 14:03:13 -0500694
695 # Generate keys to sign image nodes, only if they don't already exist
696 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
697 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
698
699 # make directory if it does not already exist
700 mkdir -p "${UBOOT_SIGN_KEYDIR}"
701
702 echo "Generating RSA private key for signing fitImage"
703 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
704 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
705 "${FIT_SIGN_NUMBITS}"
706
707 echo "Generating certificate for signing fitImage"
708 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
709 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
710 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
711 fi
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700712 fi
713}
714
715addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
George McCollister185c8ae2016-05-26 08:55:16 -0500716
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500717kernel_do_deploy[vardepsexclude] = "DATETIME"
Patrick Williams213cb262021-08-07 19:21:33 -0500718kernel_do_deploy:append() {
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500719 # Update deploy directory
He Zhefe76b1e2016-05-25 04:47:16 -0400720 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800721
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600722 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
723 echo "Copying fit-image.its source file..."
724 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
Andrew Geissler595f6302022-01-24 19:11:47 +0000725 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
726 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
727 fi
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600728
729 echo "Copying linux.bin file..."
Andrew Geissler595f6302022-01-24 19:11:47 +0000730 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
731 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
732 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
733 fi
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600734 fi
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500735
George McCollister185c8ae2016-05-26 08:55:16 -0500736 if [ -n "${INITRAMFS_IMAGE}" ]; then
737 echo "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
Brad Bishop64c979e2019-11-04 13:55:29 -0500738 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
Andrew Geissler595f6302022-01-24 19:11:47 +0000739 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
740 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
741 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500742
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600743 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
744 echo "Copying fitImage-${INITRAMFS_IMAGE} file..."
Andrew Geissler595f6302022-01-24 19:11:47 +0000745 install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
746 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
747 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
748 fi
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600749 fi
George McCollister185c8ae2016-05-26 08:55:16 -0500750 fi
Andrew Geissler3b8a17c2021-04-15 15:55:55 -0500751 fi
752 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
753 [ -n "${UBOOT_DTB_BINARY}" ] ; then
754 # UBOOT_DTB_IMAGE is a realfile, but we can't use
755 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
756 # for u-boot, but we are in kernel env now.
757 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
758 fi
759 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
760 # If we're also creating and/or signing the uboot fit, now we need to
761 # deploy it, it's its file, as well as u-boot-spl.dtb
762 install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
763 echo "Copying u-boot-fitImage file..."
764 install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
765 echo "Copying u-boot-its file..."
766 install -m 0644 ${B}/u-boot-its-* "$deployDir/"
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500767 fi
768}
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600769
770# The function below performs the following in case of initramfs bundles:
771# - Removes do_assemble_fitimage. FIT generation is done through
772# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
773# and should not be part of the tasks to be executed.
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700774# - Since do_kernel_generate_rsa_keys is inserted by default
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600775# between do_compile and do_assemble_fitimage, this is
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700776# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys
Andrew Geisslerd1e89492021-02-12 15:35:20 -0600777# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
778python () {
779 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
780 bb.build.deltask('do_assemble_fitimage', d)
William A. Kennington IIIac69b482021-06-02 12:28:27 -0700781 bb.build.deltask('kernel_generate_rsa_keys', d)
782 bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
Andrew Geissler95ac1b82021-03-31 14:34:31 -0500783}