Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 8e7b46e2350c3689938f309eaca929aada20b5a0 / . / poky / meta / classes-recipe / kernel-fitimage.bbclass
blob: 6684478c33c3677dd66ba95296cf52e76d02b706 [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]1#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]7inherit kernel-uboot kernel-artifact-names uboot-config
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]8
9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
11 replacementtype = ""
12 if 'fitImage' in kerneltypes.split():
13 uarch = d.getVar("UBOOT_ARCH")
14 if uarch == "arm64":
15 replacementtype = "Image"
16 elif uarch == "riscv":
17 replacementtype = "Image"
18 elif uarch == "mips":
19 replacementtype = "vmlinuz.bin"
20 elif uarch == "x86":
21 replacementtype = "bzImage"
22 elif uarch == "microblaze":
23 replacementtype = "linux.bin"
24 else:
25 replacementtype = "zImage"
26 return replacementtype
27
28KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
29DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
30
31python __anonymous () {
32 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
33 # to kernel.bbclass . We have to override it, since we pack zImage
34 # (at least for now) into the fitImage .
35 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
36 if 'fitImage' in typeformake.split():
37 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
38
39 image = d.getVar('INITRAMFS_IMAGE')
40 if image:
41 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
42
43 ubootenv = d.getVar('UBOOT_ENV')
44 if ubootenv:
45 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
46
47 #check if there are any dtb providers
48 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
49 if providerdtb:
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]53}
54
55
56# Description string
57FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
58
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]59# Kernel fitImage Hash Algo
60FIT_HASH_ALG ?= "sha256"
61
62# Kernel fitImage Signature Algo
63FIT_SIGN_ALG ?= "rsa2048"
64
65# Kernel / U-Boot fitImage Padding Algo
66FIT_PAD_ALG ?= "pkcs-1.5"
67
68# Generate keys for signing Kernel fitImage
69FIT_GENERATE_KEYS ?= "0"
70
71# Size of private keys in number of bits
72FIT_SIGN_NUMBITS ?= "2048"
73
74# args to openssl genrsa (Default is just the public exponent)
75FIT_KEY_GENRSA_ARGS ?= "-F4"
76
77# args to openssl req (Default is -batch for non interactive mode and
78# -new for new certificate)
79FIT_KEY_REQ_ARGS ?= "-batch -new"
80
81# Standard format for public key certificate
82FIT_KEY_SIGN_PKCS ?= "-x509"
83
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]84# Sign individual images as well
85FIT_SIGN_INDIVIDUAL ?= "0"
86
87FIT_CONF_PREFIX ?= "conf-"
88FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
89
90FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
91
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame]92# Allow user to select the default DTB for FIT image when multiple dtb's exists.
93FIT_CONF_DEFAULT_DTB ?= ""
94
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]95# Keys used to sign individually image nodes.
96# The keys to sign image nodes must be different from those used to sign
97# configuration nodes, otherwise the "required" property, from
98# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
99# Then the images signature checking will not be mandatory and no error will be
100# raised in case of failure.
101# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
102
103#
104# Emit the fitImage ITS header
105#
106# $1 ... .its filename
107fitimage_emit_fit_header() {
108 cat << EOF >> $1
109/dts-v1/;
110
111/ {
112 description = "${FIT_DESC}";
113 #address-cells = <1>;
114EOF
115}
116
117#
118# Emit the fitImage section bits
119#
120# $1 ... .its filename
121# $2 ... Section bit type: imagestart - image section start
122# confstart - configuration section start
123# sectend - section end
124# fitend - fitimage end
125#
126fitimage_emit_section_maint() {
127 case $2 in
128 imagestart)
129 cat << EOF >> $1
130
131 images {
132EOF
133 ;;
134 confstart)
135 cat << EOF >> $1
136
137 configurations {
138EOF
139 ;;
140 sectend)
141 cat << EOF >> $1
142 };
143EOF
144 ;;
145 fitend)
146 cat << EOF >> $1
147};
148EOF
149 ;;
150 esac
151}
152
153#
154# Emit the fitImage ITS kernel section
155#
156# $1 ... .its filename
157# $2 ... Image counter
158# $3 ... Path to kernel image
159# $4 ... Compression type
160fitimage_emit_section_kernel() {
161
162 kernel_csum="${FIT_HASH_ALG}"
163 kernel_sign_algo="${FIT_SIGN_ALG}"
164 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
165
166 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
167 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
168 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
169 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
170 fi
171
172 cat << EOF >> $1
173 kernel-$2 {
174 description = "Linux kernel";
175 data = /incbin/("$3");
176 type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
177 arch = "${UBOOT_ARCH}";
178 os = "linux";
179 compression = "$4";
180 load = <${UBOOT_LOADADDRESS}>;
181 entry = <$ENTRYPOINT>;
182 hash-1 {
183 algo = "$kernel_csum";
184 };
185 };
186EOF
187
188 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
189 sed -i '$ d' $1
190 cat << EOF >> $1
191 signature-1 {
192 algo = "$kernel_csum,$kernel_sign_algo";
193 key-name-hint = "$kernel_sign_keyname";
194 };
195 };
196EOF
197 fi
198}
199
200#
201# Emit the fitImage ITS DTB section
202#
203# $1 ... .its filename
204# $2 ... Image counter
205# $3 ... Path to DTB image
206fitimage_emit_section_dtb() {
207
208 dtb_csum="${FIT_HASH_ALG}"
209 dtb_sign_algo="${FIT_SIGN_ALG}"
210 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
211
212 dtb_loadline=""
213 dtb_ext=${DTB##*.}
214 if [ "${dtb_ext}" = "dtbo" ]; then
215 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
216 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
217 fi
218 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
219 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
220 fi
221 cat << EOF >> $1
222 fdt-$2 {
223 description = "Flattened Device Tree blob";
224 data = /incbin/("$3");
225 type = "flat_dt";
226 arch = "${UBOOT_ARCH}";
227 compression = "none";
228 $dtb_loadline
229 hash-1 {
230 algo = "$dtb_csum";
231 };
232 };
233EOF
234
235 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
236 sed -i '$ d' $1
237 cat << EOF >> $1
238 signature-1 {
239 algo = "$dtb_csum,$dtb_sign_algo";
240 key-name-hint = "$dtb_sign_keyname";
241 };
242 };
243EOF
244 fi
245}
246
247#
248# Emit the fitImage ITS u-boot script section
249#
250# $1 ... .its filename
251# $2 ... Image counter
252# $3 ... Path to boot script image
253fitimage_emit_section_boot_script() {
254
255 bootscr_csum="${FIT_HASH_ALG}"
256 bootscr_sign_algo="${FIT_SIGN_ALG}"
257 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
258
259 cat << EOF >> $1
260 bootscr-$2 {
261 description = "U-boot script";
262 data = /incbin/("$3");
263 type = "script";
264 arch = "${UBOOT_ARCH}";
265 compression = "none";
266 hash-1 {
267 algo = "$bootscr_csum";
268 };
269 };
270EOF
271
272 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
273 sed -i '$ d' $1
274 cat << EOF >> $1
275 signature-1 {
276 algo = "$bootscr_csum,$bootscr_sign_algo";
277 key-name-hint = "$bootscr_sign_keyname";
278 };
279 };
280EOF
281 fi
282}
283
284#
285# Emit the fitImage ITS setup section
286#
287# $1 ... .its filename
288# $2 ... Image counter
289# $3 ... Path to setup image
290fitimage_emit_section_setup() {
291
292 setup_csum="${FIT_HASH_ALG}"
293
294 cat << EOF >> $1
295 setup-$2 {
296 description = "Linux setup.bin";
297 data = /incbin/("$3");
298 type = "x86_setup";
299 arch = "${UBOOT_ARCH}";
300 os = "linux";
301 compression = "none";
302 load = <0x00090000>;
303 entry = <0x00090000>;
304 hash-1 {
305 algo = "$setup_csum";
306 };
307 };
308EOF
309}
310
311#
312# Emit the fitImage ITS ramdisk section
313#
314# $1 ... .its filename
315# $2 ... Image counter
316# $3 ... Path to ramdisk image
317fitimage_emit_section_ramdisk() {
318
319 ramdisk_csum="${FIT_HASH_ALG}"
320 ramdisk_sign_algo="${FIT_SIGN_ALG}"
321 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
322 ramdisk_loadline=""
323 ramdisk_entryline=""
324
325 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
326 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
327 fi
328 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
329 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
330 fi
331
332 cat << EOF >> $1
333 ramdisk-$2 {
334 description = "${INITRAMFS_IMAGE}";
335 data = /incbin/("$3");
336 type = "ramdisk";
337 arch = "${UBOOT_ARCH}";
338 os = "linux";
339 compression = "none";
340 $ramdisk_loadline
341 $ramdisk_entryline
342 hash-1 {
343 algo = "$ramdisk_csum";
344 };
345 };
346EOF
347
348 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
349 sed -i '$ d' $1
350 cat << EOF >> $1
351 signature-1 {
352 algo = "$ramdisk_csum,$ramdisk_sign_algo";
353 key-name-hint = "$ramdisk_sign_keyname";
354 };
355 };
356EOF
357 fi
358}
359
360#
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]361# echoes symlink destination if it points below directory
362#
363# $1 ... file that's a potential symlink
364# $2 ... expected parent directory
365symlink_points_below() {
366 file="$2/$1"
367 dir=$2
368
369 if ! [ -L "$file" ]; then
370 return
371 fi
372
373 realpath="$(realpath --relative-to=$dir $file)"
374 if [ -z "${realpath%%../*}" ]; then
375 return
376 fi
377
378 echo "$realpath"
379}
380
381#
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]382# Emit the fitImage ITS configuration section
383#
384# $1 ... .its filename
385# $2 ... Linux kernel ID
386# $3 ... DTB image name
387# $4 ... ramdisk ID
388# $5 ... u-boot script ID
389# $6 ... config ID
390# $7 ... default flag
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]391# $8 ... default DTB image name
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]392fitimage_emit_section_config() {
393
394 conf_csum="${FIT_HASH_ALG}"
395 conf_sign_algo="${FIT_SIGN_ALG}"
396 conf_padding_algo="${FIT_PAD_ALG}"
397 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
398 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
399 fi
400
401 its_file="$1"
402 kernel_id="$2"
403 dtb_image="$3"
404 ramdisk_id="$4"
405 bootscr_id="$5"
406 config_id="$6"
407 default_flag="$7"
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]408 default_dtb_image="$8"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]409
410 # Test if we have any DTBs at all
411 sep=""
412 conf_desc=""
413 conf_node="${FIT_CONF_PREFIX}"
414 kernel_line=""
415 fdt_line=""
416 ramdisk_line=""
417 bootscr_line=""
418 setup_line=""
419 default_line=""
420
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]421 dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}")
422 if [ -z "$dtb_image_sect" ]; then
423 dtb_image_sect=$dtb_image
424 fi
425
426 dtb_image=$(echo $dtb_image | tr '/' '_')
427 dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_')
428
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]429 # conf node name is selected based on dtb ID if it is present,
430 # otherwise its selected based on kernel ID
431 if [ -n "$dtb_image" ]; then
432 conf_node=$conf_node$dtb_image
433 else
434 conf_node=$conf_node$kernel_id
435 fi
436
437 if [ -n "$kernel_id" ]; then
438 conf_desc="Linux kernel"
439 sep=", "
440 kernel_line="kernel = \"kernel-$kernel_id\";"
441 fi
442
443 if [ -n "$dtb_image" ]; then
444 conf_desc="$conf_desc${sep}FDT blob"
445 sep=", "
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]446 fdt_line="fdt = \"fdt-$dtb_image_sect\";"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]447 fi
448
449 if [ -n "$ramdisk_id" ]; then
450 conf_desc="$conf_desc${sep}ramdisk"
451 sep=", "
452 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
453 fi
454
455 if [ -n "$bootscr_id" ]; then
456 conf_desc="$conf_desc${sep}u-boot script"
457 sep=", "
458 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
459 fi
460
461 if [ -n "$config_id" ]; then
462 conf_desc="$conf_desc${sep}setup"
463 setup_line="setup = \"setup-$config_id\";"
464 fi
465
466 if [ "$default_flag" = "1" ]; then
467 # default node is selected based on dtb ID if it is present,
468 # otherwise its selected based on kernel ID
469 if [ -n "$dtb_image" ]; then
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame]470 # Select default node as user specified dtb when
471 # multiple dtb exists.
472 if [ -n "$default_dtb_image" ]; then
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]473 default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame]474 else
475 default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
476 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]477 else
478 default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
479 fi
480 fi
481
482 cat << EOF >> $its_file
483 $default_line
484 $conf_node {
485 description = "$default_flag $conf_desc";
486 $kernel_line
487 $fdt_line
488 $ramdisk_line
489 $bootscr_line
490 $setup_line
491 hash-1 {
492 algo = "$conf_csum";
493 };
494EOF
495
496 if [ -n "$conf_sign_keyname" ] ; then
497
498 sign_line="sign-images = "
499 sep=""
500
501 if [ -n "$kernel_id" ]; then
502 sign_line="$sign_line${sep}\"kernel\""
503 sep=", "
504 fi
505
506 if [ -n "$dtb_image" ]; then
507 sign_line="$sign_line${sep}\"fdt\""
508 sep=", "
509 fi
510
511 if [ -n "$ramdisk_id" ]; then
512 sign_line="$sign_line${sep}\"ramdisk\""
513 sep=", "
514 fi
515
516 if [ -n "$bootscr_id" ]; then
517 sign_line="$sign_line${sep}\"bootscr\""
518 sep=", "
519 fi
520
521 if [ -n "$config_id" ]; then
522 sign_line="$sign_line${sep}\"setup\""
523 fi
524
525 sign_line="$sign_line;"
526
527 cat << EOF >> $its_file
528 signature-1 {
529 algo = "$conf_csum,$conf_sign_algo";
530 key-name-hint = "$conf_sign_keyname";
531 padding = "$conf_padding_algo";
532 $sign_line
533 };
534EOF
535 fi
536
537 cat << EOF >> $its_file
538 };
539EOF
540}
541
542#
543# Assemble fitImage
544#
545# $1 ... .its filename
546# $2 ... fitImage name
547# $3 ... include ramdisk
548fitimage_assemble() {
549 kernelcount=1
550 dtbcount=""
551 DTBS=""
552 ramdiskcount=$3
553 setupcount=""
554 bootscr_id=""
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]555 default_dtb_image=""
556 rm -f $1 arch/${ARCH}/boot/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]557
558 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
559 bbfatal "Keys used to sign images and configuration nodes must be different."
560 fi
561
562 fitimage_emit_fit_header $1
563
564 #
565 # Step 1: Prepare a kernel image section.
566 #
567 fitimage_emit_section_maint $1 imagestart
568
569 uboot_prep_kimage
570 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
571
572 #
573 # Step 2: Prepare a DTB image section
574 #
575
576 if [ -n "${KERNEL_DEVICETREE}" ]; then
577 dtbcount=1
578 for DTB in ${KERNEL_DEVICETREE}; do
579 if echo $DTB | grep -q '/dts/'; then
580 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
581 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
582 fi
583
584 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
585 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
586 continue
587 fi
588
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]589 DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]590 if [ ! -e "$DTB_PATH" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]591 DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]592 fi
593
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]594 # Set the default dtb image if it exists in the devicetree.
595 if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then
596 default_dtb_image=$(echo "$DTB" | tr '/' '_')
597 fi
598
599 DTB=$(echo "$DTB" | tr '/' '_')
600
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]601 # Skip DTB if we've picked it up previously
602 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
603
604 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]605 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]606 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
607 done
608 fi
609
610 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
611 dtbcount=1
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame]612 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
613 $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]614 # Set the default dtb image if it exists in the devicetree.
615 if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then
616 default_dtb_image=$(echo "$DTB" | tr '/' '_')
617 fi
618
619 DTB=$(echo "$DTB" | tr '/' '_')
620
Andrew Geissler517393d2023-01-13 08:55:19 -0600[diff] [blame]621 # Skip DTB/DTBO if we've picked it up previously
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]622 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
623
624 DTBS="$DTBS $DTB"
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]625
626 # Also skip if a symlink. We'll later have each config section point at it
627 [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue
628
629 DTB=$(echo $DTB | tr '/' '_')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]630 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
631 done
632 fi
633
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]634 if [ -n "${FIT_CONF_DEFAULT_DTB}" ] && [ -z $default_dtb_image ]; then
635 bbwarn "${FIT_CONF_DEFAULT_DTB} is not available in the list of device trees."
636 fi
637
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]638 #
639 # Step 3: Prepare a u-boot script section
640 #
641
642 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
643 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
644 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
645 bootscr_id="${UBOOT_ENV_BINARY}"
646 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
647 else
648 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
649 fi
650 fi
651
652 #
653 # Step 4: Prepare a setup section. (For x86)
654 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]655 if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]656 setupcount=1
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]657 fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]658 fi
659
660 #
661 # Step 5: Prepare a ramdisk section.
662 #
663 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
664 # Find and use the first initramfs image archive type we find
665 found=
666 for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
667 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
668 if [ -e "$initramfs_path" ]; then
669 bbnote "Found initramfs image: $initramfs_path"
670 found=true
671 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
672 break
673 else
674 bbnote "Did not find initramfs image: $initramfs_path"
675 fi
676 done
677
678 if [ -z "$found" ]; then
679 bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
680 fi
681 fi
682
683 fitimage_emit_section_maint $1 sectend
684
685 # Force the first Kernel and DTB in the default config
686 kernelcount=1
687 if [ -n "$dtbcount" ]; then
688 dtbcount=1
689 fi
690
691 #
692 # Step 6: Prepare a configurations section
693 #
694 fitimage_emit_section_maint $1 confstart
695
696 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
697 # more) to be added to the FIT image along with 0 or more device trees and
698 # 0 or 1 ramdisk.
699 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
700 # When the initramfs bundle is used ramdisk is disabled.
701 # If a device tree is to be part of the FIT image, then select
702 # the default configuration to be used is based on the dtbcount. If there is
703 # no dtb present than select the default configuation to be based on
704 # the kernelcount.
705 if [ -n "$DTBS" ]; then
706 i=1
707 for DTB in ${DTBS}; do
708 dtb_ext=${DTB##*.}
709 if [ "$dtb_ext" = "dtbo" ]; then
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]710 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" "$default_dtb_image"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]711 else
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]712 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" "$default_dtb_image"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]713 fi
714 i=`expr $i + 1`
715 done
716 else
717 defaultconfigcount=1
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]718 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount "$default_dtb_image"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]719 fi
720
721 fitimage_emit_section_maint $1 sectend
722
723 fitimage_emit_section_maint $1 fitend
724
725 #
726 # Step 7: Assemble the image
727 #
728 ${UBOOT_MKIMAGE} \
729 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
730 -f $1 \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]731 ${KERNEL_OUTPUT_DIR}/$2
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]732
733 #
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]734 # Step 8: Sign the image
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]735 #
736 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]737 ${UBOOT_MKIMAGE_SIGN} \
738 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
739 -F -k "${UBOOT_SIGN_KEYDIR}" \
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]740 -r ${KERNEL_OUTPUT_DIR}/$2 \
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]741 ${UBOOT_MKIMAGE_SIGN_ARGS}
742 fi
743}
744
745do_assemble_fitimage() {
746 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
747 cd ${B}
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]748 fitimage_assemble fit-image.its fitImage-none ""
749 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
750 ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage
751 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]752 fi
753}
754
755addtask assemble_fitimage before do_install after do_compile
756
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]757SYSROOT_DIRS:append = " /sysroot-only"
758do_install:append() {
759 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
760 [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
761 install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage
762 fi
763}
764
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]765do_assemble_fitimage_initramfs() {
766 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
767 test -n "${INITRAMFS_IMAGE}" ; then
768 cd ${B}
769 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]770 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle ""
771 ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]772 else
773 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
774 fi
775 fi
776}
777
778addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
779
780do_kernel_generate_rsa_keys() {
781 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
782 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
783 fi
784
785 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
786
787 # Generate keys to sign configuration nodes, only if they don't already exist
788 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
789 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
790
791 # make directory if it does not already exist
792 mkdir -p "${UBOOT_SIGN_KEYDIR}"
793
794 bbnote "Generating RSA private key for signing fitImage"
795 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
796 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
797 "${FIT_SIGN_NUMBITS}"
798
799 bbnote "Generating certificate for signing fitImage"
800 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
801 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
802 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
803 fi
804
805 # Generate keys to sign image nodes, only if they don't already exist
806 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
807 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
808
809 # make directory if it does not already exist
810 mkdir -p "${UBOOT_SIGN_KEYDIR}"
811
812 bbnote "Generating RSA private key for signing fitImage"
813 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
814 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
815 "${FIT_SIGN_NUMBITS}"
816
817 bbnote "Generating certificate for signing fitImage"
818 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
819 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
820 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
821 fi
822 fi
823}
824
825addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
826
827kernel_do_deploy[vardepsexclude] = "DATETIME"
828kernel_do_deploy:append() {
829 # Update deploy directory
830 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
831
832 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
833 bbnote "Copying fit-image.its source file..."
834 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
835 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
836 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
837 fi
838
839 bbnote "Copying linux.bin file..."
840 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
841 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
842 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
843 fi
844 fi
845
846 if [ -n "${INITRAMFS_IMAGE}" ]; then
847 bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
848 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
849 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
850 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
851 fi
852
853 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
854 bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
Patrick Williams2390b1b2022-11-03 13:47:49 -0500[diff] [blame]855 install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]856 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
857 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
858 fi
859 fi
860 fi
861 fi
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]862}