Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 92b42cb35d755f8cfe6c17d403711a536e0f0721 / . / poky / meta / classes-recipe / kernel-fitimage.bbclass
blob: 107914e28cfba8dd85aed6f5a8c28f0d87be5fa6 [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame^]1#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
7inherit kernel-uboot kernel-artifact-names uboot-sign
8
9def get_fit_replacement_type(d):
10 kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
11 replacementtype = ""
12 if 'fitImage' in kerneltypes.split():
13 uarch = d.getVar("UBOOT_ARCH")
14 if uarch == "arm64":
15 replacementtype = "Image"
16 elif uarch == "riscv":
17 replacementtype = "Image"
18 elif uarch == "mips":
19 replacementtype = "vmlinuz.bin"
20 elif uarch == "x86":
21 replacementtype = "bzImage"
22 elif uarch == "microblaze":
23 replacementtype = "linux.bin"
24 else:
25 replacementtype = "zImage"
26 return replacementtype
27
28KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
29DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
30
31python __anonymous () {
32 # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
33 # to kernel.bbclass . We have to override it, since we pack zImage
34 # (at least for now) into the fitImage .
35 typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
36 if 'fitImage' in typeformake.split():
37 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
38
39 image = d.getVar('INITRAMFS_IMAGE')
40 if image:
41 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
42
43 ubootenv = d.getVar('UBOOT_ENV')
44 if ubootenv:
45 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
46
47 #check if there are any dtb providers
48 providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
49 if providerdtb:
50 d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
51 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
52 d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
53
54 # Verified boot will sign the fitImage and append the public key to
55 # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling
56 # the fitImage:
57 if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'):
58 uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
59 d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
60 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
61 d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
62}
63
64
65# Description string
66FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
67
68# Sign individual images as well
69FIT_SIGN_INDIVIDUAL ?= "0"
70
71FIT_CONF_PREFIX ?= "conf-"
72FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
73
74FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
75
76# Keys used to sign individually image nodes.
77# The keys to sign image nodes must be different from those used to sign
78# configuration nodes, otherwise the "required" property, from
79# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
80# Then the images signature checking will not be mandatory and no error will be
81# raised in case of failure.
82# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
83
84#
85# Emit the fitImage ITS header
86#
87# $1 ... .its filename
88fitimage_emit_fit_header() {
89 cat << EOF >> $1
90/dts-v1/;
91
92/ {
93 description = "${FIT_DESC}";
94 #address-cells = <1>;
95EOF
96}
97
98#
99# Emit the fitImage section bits
100#
101# $1 ... .its filename
102# $2 ... Section bit type: imagestart - image section start
103# confstart - configuration section start
104# sectend - section end
105# fitend - fitimage end
106#
107fitimage_emit_section_maint() {
108 case $2 in
109 imagestart)
110 cat << EOF >> $1
111
112 images {
113EOF
114 ;;
115 confstart)
116 cat << EOF >> $1
117
118 configurations {
119EOF
120 ;;
121 sectend)
122 cat << EOF >> $1
123 };
124EOF
125 ;;
126 fitend)
127 cat << EOF >> $1
128};
129EOF
130 ;;
131 esac
132}
133
134#
135# Emit the fitImage ITS kernel section
136#
137# $1 ... .its filename
138# $2 ... Image counter
139# $3 ... Path to kernel image
140# $4 ... Compression type
141fitimage_emit_section_kernel() {
142
143 kernel_csum="${FIT_HASH_ALG}"
144 kernel_sign_algo="${FIT_SIGN_ALG}"
145 kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
146
147 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
148 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
149 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
150 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
151 fi
152
153 cat << EOF >> $1
154 kernel-$2 {
155 description = "Linux kernel";
156 data = /incbin/("$3");
157 type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
158 arch = "${UBOOT_ARCH}";
159 os = "linux";
160 compression = "$4";
161 load = <${UBOOT_LOADADDRESS}>;
162 entry = <$ENTRYPOINT>;
163 hash-1 {
164 algo = "$kernel_csum";
165 };
166 };
167EOF
168
169 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
170 sed -i '$ d' $1
171 cat << EOF >> $1
172 signature-1 {
173 algo = "$kernel_csum,$kernel_sign_algo";
174 key-name-hint = "$kernel_sign_keyname";
175 };
176 };
177EOF
178 fi
179}
180
181#
182# Emit the fitImage ITS DTB section
183#
184# $1 ... .its filename
185# $2 ... Image counter
186# $3 ... Path to DTB image
187fitimage_emit_section_dtb() {
188
189 dtb_csum="${FIT_HASH_ALG}"
190 dtb_sign_algo="${FIT_SIGN_ALG}"
191 dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
192
193 dtb_loadline=""
194 dtb_ext=${DTB##*.}
195 if [ "${dtb_ext}" = "dtbo" ]; then
196 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
197 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
198 fi
199 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
200 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
201 fi
202 cat << EOF >> $1
203 fdt-$2 {
204 description = "Flattened Device Tree blob";
205 data = /incbin/("$3");
206 type = "flat_dt";
207 arch = "${UBOOT_ARCH}";
208 compression = "none";
209 $dtb_loadline
210 hash-1 {
211 algo = "$dtb_csum";
212 };
213 };
214EOF
215
216 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
217 sed -i '$ d' $1
218 cat << EOF >> $1
219 signature-1 {
220 algo = "$dtb_csum,$dtb_sign_algo";
221 key-name-hint = "$dtb_sign_keyname";
222 };
223 };
224EOF
225 fi
226}
227
228#
229# Emit the fitImage ITS u-boot script section
230#
231# $1 ... .its filename
232# $2 ... Image counter
233# $3 ... Path to boot script image
234fitimage_emit_section_boot_script() {
235
236 bootscr_csum="${FIT_HASH_ALG}"
237 bootscr_sign_algo="${FIT_SIGN_ALG}"
238 bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
239
240 cat << EOF >> $1
241 bootscr-$2 {
242 description = "U-boot script";
243 data = /incbin/("$3");
244 type = "script";
245 arch = "${UBOOT_ARCH}";
246 compression = "none";
247 hash-1 {
248 algo = "$bootscr_csum";
249 };
250 };
251EOF
252
253 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
254 sed -i '$ d' $1
255 cat << EOF >> $1
256 signature-1 {
257 algo = "$bootscr_csum,$bootscr_sign_algo";
258 key-name-hint = "$bootscr_sign_keyname";
259 };
260 };
261EOF
262 fi
263}
264
265#
266# Emit the fitImage ITS setup section
267#
268# $1 ... .its filename
269# $2 ... Image counter
270# $3 ... Path to setup image
271fitimage_emit_section_setup() {
272
273 setup_csum="${FIT_HASH_ALG}"
274
275 cat << EOF >> $1
276 setup-$2 {
277 description = "Linux setup.bin";
278 data = /incbin/("$3");
279 type = "x86_setup";
280 arch = "${UBOOT_ARCH}";
281 os = "linux";
282 compression = "none";
283 load = <0x00090000>;
284 entry = <0x00090000>;
285 hash-1 {
286 algo = "$setup_csum";
287 };
288 };
289EOF
290}
291
292#
293# Emit the fitImage ITS ramdisk section
294#
295# $1 ... .its filename
296# $2 ... Image counter
297# $3 ... Path to ramdisk image
298fitimage_emit_section_ramdisk() {
299
300 ramdisk_csum="${FIT_HASH_ALG}"
301 ramdisk_sign_algo="${FIT_SIGN_ALG}"
302 ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
303 ramdisk_loadline=""
304 ramdisk_entryline=""
305
306 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
307 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
308 fi
309 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
310 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
311 fi
312
313 cat << EOF >> $1
314 ramdisk-$2 {
315 description = "${INITRAMFS_IMAGE}";
316 data = /incbin/("$3");
317 type = "ramdisk";
318 arch = "${UBOOT_ARCH}";
319 os = "linux";
320 compression = "none";
321 $ramdisk_loadline
322 $ramdisk_entryline
323 hash-1 {
324 algo = "$ramdisk_csum";
325 };
326 };
327EOF
328
329 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
330 sed -i '$ d' $1
331 cat << EOF >> $1
332 signature-1 {
333 algo = "$ramdisk_csum,$ramdisk_sign_algo";
334 key-name-hint = "$ramdisk_sign_keyname";
335 };
336 };
337EOF
338 fi
339}
340
341#
342# Emit the fitImage ITS configuration section
343#
344# $1 ... .its filename
345# $2 ... Linux kernel ID
346# $3 ... DTB image name
347# $4 ... ramdisk ID
348# $5 ... u-boot script ID
349# $6 ... config ID
350# $7 ... default flag
351fitimage_emit_section_config() {
352
353 conf_csum="${FIT_HASH_ALG}"
354 conf_sign_algo="${FIT_SIGN_ALG}"
355 conf_padding_algo="${FIT_PAD_ALG}"
356 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
357 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
358 fi
359
360 its_file="$1"
361 kernel_id="$2"
362 dtb_image="$3"
363 ramdisk_id="$4"
364 bootscr_id="$5"
365 config_id="$6"
366 default_flag="$7"
367
368 # Test if we have any DTBs at all
369 sep=""
370 conf_desc=""
371 conf_node="${FIT_CONF_PREFIX}"
372 kernel_line=""
373 fdt_line=""
374 ramdisk_line=""
375 bootscr_line=""
376 setup_line=""
377 default_line=""
378
379 # conf node name is selected based on dtb ID if it is present,
380 # otherwise its selected based on kernel ID
381 if [ -n "$dtb_image" ]; then
382 conf_node=$conf_node$dtb_image
383 else
384 conf_node=$conf_node$kernel_id
385 fi
386
387 if [ -n "$kernel_id" ]; then
388 conf_desc="Linux kernel"
389 sep=", "
390 kernel_line="kernel = \"kernel-$kernel_id\";"
391 fi
392
393 if [ -n "$dtb_image" ]; then
394 conf_desc="$conf_desc${sep}FDT blob"
395 sep=", "
396 fdt_line="fdt = \"fdt-$dtb_image\";"
397 fi
398
399 if [ -n "$ramdisk_id" ]; then
400 conf_desc="$conf_desc${sep}ramdisk"
401 sep=", "
402 ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
403 fi
404
405 if [ -n "$bootscr_id" ]; then
406 conf_desc="$conf_desc${sep}u-boot script"
407 sep=", "
408 bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
409 fi
410
411 if [ -n "$config_id" ]; then
412 conf_desc="$conf_desc${sep}setup"
413 setup_line="setup = \"setup-$config_id\";"
414 fi
415
416 if [ "$default_flag" = "1" ]; then
417 # default node is selected based on dtb ID if it is present,
418 # otherwise its selected based on kernel ID
419 if [ -n "$dtb_image" ]; then
420 default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
421 else
422 default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
423 fi
424 fi
425
426 cat << EOF >> $its_file
427 $default_line
428 $conf_node {
429 description = "$default_flag $conf_desc";
430 $kernel_line
431 $fdt_line
432 $ramdisk_line
433 $bootscr_line
434 $setup_line
435 hash-1 {
436 algo = "$conf_csum";
437 };
438EOF
439
440 if [ -n "$conf_sign_keyname" ] ; then
441
442 sign_line="sign-images = "
443 sep=""
444
445 if [ -n "$kernel_id" ]; then
446 sign_line="$sign_line${sep}\"kernel\""
447 sep=", "
448 fi
449
450 if [ -n "$dtb_image" ]; then
451 sign_line="$sign_line${sep}\"fdt\""
452 sep=", "
453 fi
454
455 if [ -n "$ramdisk_id" ]; then
456 sign_line="$sign_line${sep}\"ramdisk\""
457 sep=", "
458 fi
459
460 if [ -n "$bootscr_id" ]; then
461 sign_line="$sign_line${sep}\"bootscr\""
462 sep=", "
463 fi
464
465 if [ -n "$config_id" ]; then
466 sign_line="$sign_line${sep}\"setup\""
467 fi
468
469 sign_line="$sign_line;"
470
471 cat << EOF >> $its_file
472 signature-1 {
473 algo = "$conf_csum,$conf_sign_algo";
474 key-name-hint = "$conf_sign_keyname";
475 padding = "$conf_padding_algo";
476 $sign_line
477 };
478EOF
479 fi
480
481 cat << EOF >> $its_file
482 };
483EOF
484}
485
486#
487# Assemble fitImage
488#
489# $1 ... .its filename
490# $2 ... fitImage name
491# $3 ... include ramdisk
492fitimage_assemble() {
493 kernelcount=1
494 dtbcount=""
495 DTBS=""
496 ramdiskcount=$3
497 setupcount=""
498 bootscr_id=""
499 rm -f $1 arch/${ARCH}/boot/$2
500
501 if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
502 bbfatal "Keys used to sign images and configuration nodes must be different."
503 fi
504
505 fitimage_emit_fit_header $1
506
507 #
508 # Step 1: Prepare a kernel image section.
509 #
510 fitimage_emit_section_maint $1 imagestart
511
512 uboot_prep_kimage
513 fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
514
515 #
516 # Step 2: Prepare a DTB image section
517 #
518
519 if [ -n "${KERNEL_DEVICETREE}" ]; then
520 dtbcount=1
521 for DTB in ${KERNEL_DEVICETREE}; do
522 if echo $DTB | grep -q '/dts/'; then
523 bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
524 DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
525 fi
526
527 # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
528 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
529 continue
530 fi
531
532 DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
533 if [ ! -e "$DTB_PATH" ]; then
534 DTB_PATH="arch/${ARCH}/boot/$DTB"
535 fi
536
537 DTB=$(echo "$DTB" | tr '/' '_')
538
539 # Skip DTB if we've picked it up previously
540 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
541
542 DTBS="$DTBS $DTB"
543 fitimage_emit_section_dtb $1 $DTB $DTB_PATH
544 done
545 fi
546
547 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
548 dtbcount=1
549 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
550 DTB=$(echo "$DTB" | tr '/' '_')
551
552 # Skip DTB if we've picked it up previously
553 echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
554
555 DTBS="$DTBS $DTB"
556 fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
557 done
558 fi
559
560 #
561 # Step 3: Prepare a u-boot script section
562 #
563
564 if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
565 if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
566 cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
567 bootscr_id="${UBOOT_ENV_BINARY}"
568 fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
569 else
570 bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
571 fi
572 fi
573
574 #
575 # Step 4: Prepare a setup section. (For x86)
576 #
577 if [ -e arch/${ARCH}/boot/setup.bin ]; then
578 setupcount=1
579 fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
580 fi
581
582 #
583 # Step 5: Prepare a ramdisk section.
584 #
585 if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
586 # Find and use the first initramfs image archive type we find
587 found=
588 for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
589 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
590 if [ -e "$initramfs_path" ]; then
591 bbnote "Found initramfs image: $initramfs_path"
592 found=true
593 fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
594 break
595 else
596 bbnote "Did not find initramfs image: $initramfs_path"
597 fi
598 done
599
600 if [ -z "$found" ]; then
601 bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
602 fi
603 fi
604
605 fitimage_emit_section_maint $1 sectend
606
607 # Force the first Kernel and DTB in the default config
608 kernelcount=1
609 if [ -n "$dtbcount" ]; then
610 dtbcount=1
611 fi
612
613 #
614 # Step 6: Prepare a configurations section
615 #
616 fitimage_emit_section_maint $1 confstart
617
618 # kernel-fitimage.bbclass currently only supports a single kernel (no less or
619 # more) to be added to the FIT image along with 0 or more device trees and
620 # 0 or 1 ramdisk.
621 # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
622 # When the initramfs bundle is used ramdisk is disabled.
623 # If a device tree is to be part of the FIT image, then select
624 # the default configuration to be used is based on the dtbcount. If there is
625 # no dtb present than select the default configuation to be based on
626 # the kernelcount.
627 if [ -n "$DTBS" ]; then
628 i=1
629 for DTB in ${DTBS}; do
630 dtb_ext=${DTB##*.}
631 if [ "$dtb_ext" = "dtbo" ]; then
632 fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
633 else
634 fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
635 fi
636 i=`expr $i + 1`
637 done
638 else
639 defaultconfigcount=1
640 fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount
641 fi
642
643 fitimage_emit_section_maint $1 sectend
644
645 fitimage_emit_section_maint $1 fitend
646
647 #
648 # Step 7: Assemble the image
649 #
650 ${UBOOT_MKIMAGE} \
651 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
652 -f $1 \
653 arch/${ARCH}/boot/$2
654
655 #
656 # Step 8: Sign the image and add public key to U-Boot dtb
657 #
658 if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
659 add_key_to_u_boot=""
660 if [ -n "${UBOOT_DTB_BINARY}" ]; then
661 # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy
662 # both of them, and don't dereference the symlink.
663 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
664 add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}"
665 fi
666 ${UBOOT_MKIMAGE_SIGN} \
667 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
668 -F -k "${UBOOT_SIGN_KEYDIR}" \
669 $add_key_to_u_boot \
670 -r arch/${ARCH}/boot/$2 \
671 ${UBOOT_MKIMAGE_SIGN_ARGS}
672 fi
673}
674
675do_assemble_fitimage() {
676 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
677 cd ${B}
678 fitimage_assemble fit-image.its fitImage ""
679 fi
680}
681
682addtask assemble_fitimage before do_install after do_compile
683
684do_assemble_fitimage_initramfs() {
685 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
686 test -n "${INITRAMFS_IMAGE}" ; then
687 cd ${B}
688 if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
689 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage ""
690 else
691 fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
692 fi
693 fi
694}
695
696addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
697
698do_kernel_generate_rsa_keys() {
699 if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
700 bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
701 fi
702
703 if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
704
705 # Generate keys to sign configuration nodes, only if they don't already exist
706 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
707 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
708
709 # make directory if it does not already exist
710 mkdir -p "${UBOOT_SIGN_KEYDIR}"
711
712 bbnote "Generating RSA private key for signing fitImage"
713 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
714 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
715 "${FIT_SIGN_NUMBITS}"
716
717 bbnote "Generating certificate for signing fitImage"
718 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
719 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
720 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
721 fi
722
723 # Generate keys to sign image nodes, only if they don't already exist
724 if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
725 [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
726
727 # make directory if it does not already exist
728 mkdir -p "${UBOOT_SIGN_KEYDIR}"
729
730 bbnote "Generating RSA private key for signing fitImage"
731 openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
732 "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
733 "${FIT_SIGN_NUMBITS}"
734
735 bbnote "Generating certificate for signing fitImage"
736 openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
737 -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
738 -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
739 fi
740 fi
741}
742
743addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
744
745kernel_do_deploy[vardepsexclude] = "DATETIME"
746kernel_do_deploy:append() {
747 # Update deploy directory
748 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
749
750 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
751 bbnote "Copying fit-image.its source file..."
752 install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
753 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
754 ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
755 fi
756
757 bbnote "Copying linux.bin file..."
758 install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
759 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
760 ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
761 fi
762 fi
763
764 if [ -n "${INITRAMFS_IMAGE}" ]; then
765 bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
766 install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
767 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
768 ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
769 fi
770
771 if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
772 bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
773 install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
774 if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
775 ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
776 fi
777 fi
778 fi
779 fi
780 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
781 [ -n "${UBOOT_DTB_BINARY}" ] ; then
782 # UBOOT_DTB_IMAGE is a realfile, but we can't use
783 # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
784 # for u-boot, but we are in kernel env now.
785 install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
786 fi
787 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
788 # If we're also creating and/or signing the uboot fit, now we need to
789 # deploy it, it's its file, as well as u-boot-spl.dtb
790 install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
791 bbnote "Copying u-boot-fitImage file..."
792 install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
793 bbnote "Copying u-boot-its file..."
794 install -m 0644 ${B}/u-boot-its-* "$deployDir/"
795 fi
796}
797
798# The function below performs the following in case of initramfs bundles:
799# - Removes do_assemble_fitimage. FIT generation is done through
800# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
801# and should not be part of the tasks to be executed.
802# - Since do_kernel_generate_rsa_keys is inserted by default
803# between do_compile and do_assemble_fitimage, this is
804# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys
805# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
806python () {
807 if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
808 bb.build.deltask('do_assemble_fitimage', d)
809 bb.build.deltask('kernel_generate_rsa_keys', d)
810 bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
811}