meta-hpe: add new meta layer for rl300-g11
Signed-off-by: Charles Kearney <charles.kearney@hpe.com>
Change-Id: I650f926349ef2a57c352aac36a801b07fb4001ca
diff --git a/meta-hpe/meta-common/conf/layer.conf b/meta-hpe/meta-common/conf/layer.conf
new file mode 100644
index 0000000..8ae7db1
--- /dev/null
+++ b/meta-hpe/meta-common/conf/layer.conf
@@ -0,0 +1,10 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+ ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "common-layer"
+BBFILE_PATTERN_common-layer := "^${LAYERDIR}/"
+LAYERSERIES_COMPAT_common-layer = "mickledore"
diff --git a/meta-hpe/meta-common/recipes-phosphor/image/obmc-phosphor-image.bbappend b/meta-hpe/meta-common/recipes-phosphor/image/obmc-phosphor-image.bbappend
index 5cc1192..0eb0069 100644
--- a/meta-hpe/meta-common/recipes-phosphor/image/obmc-phosphor-image.bbappend
+++ b/meta-hpe/meta-common/recipes-phosphor/image/obmc-phosphor-image.bbappend
@@ -10,7 +10,7 @@
import io
path = d.getVar('STAGING_DIR_TARGET', True) + d.getVar('sysconfdir', True)
path = os.path.join(path, 'os-release')
- parser = configparser.ConfigParser(strict=False)
+ parser = configparser.SafeConfigParser(strict=False)
parser.optionxform = str
version = ''
try:
@@ -27,32 +27,57 @@
pass
return version
+CUSTOMER_KEY_BLOCK ?= "customer-key-block"
HPE_GXP_BOOTBLOCK_IMAGE ?= "gxp-bootblock.bin"
HPE_UBOOT_SIGNING_HEADER ?= "hpe-uboot-header.section"
+HPE_UBOOT_SIGNING_HEADER_512 ?= "hpe-uboot-header-512.section"
HPE_UBOOT_SIGNING_KEY ?= "hpe-uboot-signing-key.pem"
+# Offsets that are the same for the standard image and secure boot image
FLASH_SIZE = "31552"
FLASH_UBOOT_OFFSET = "0"
+UBOOT_IMG_SIZE = "393216"
FLASH_KERNEL_OFFSET = "512"
FLASH_ROFS_OFFSET = "5376"
FLASH_RWFS_OFFSET = "29184"
-FLASH_SECTION_OFFSET = "31552"
+
+# Standard image offsets
+FLASH_STANDARD_SECTION_OFFSET = "31552"
+FLASH_STANDARD_SECTION_END = "32768"
+
+# Secure boot offsets
+# offset at 0x01f7_0000 / 1024 = 32192
+FLASH_SECTION_OFFSET = "32192"
+# end is offset + 576
FLASH_SECTION_END = "32768"
-UBOOT_IMG_SIZE = "393216"
+# offset at 0x01ee_0000 / 1024 = 31616
+FLASH_SECTION2_OFFSET = "31616"
+FLASH_SECTION2_END = "32192"
+
+# offset at 0x01c0_0000 / 1024 = 28672
+FLASH_UBOOT2_OFFSET = "28672"
do_generate_static[depends] += " \
- gxp-bootblock:do_deploy \
+ gxp-bootblock:do_deploy \
gxp-bootblock:do_populate_sysroot \
"
-
-
make_image_links:append() {
ln -sf ${DEPLOY_DIR_IMAGE}/hpe-section image-section
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/hpe-section2 ]
+ then
+ ln -sf ${DEPLOY_DIR_IMAGE}/hpe-section2 image-section2
+ fi
}
do_mk_static_symlinks:append() {
ln -sf hpe-section image-section
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/hpe-section2 ]
+ then
+ ln -sf hpe-section2 image-section2
+ fi
}
do_generate_static:prepend() {
@@ -60,12 +85,27 @@
}
do_generate_static:append() {
- _append_image(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True),
- 'hpe-section'),
- int(d.getVar('FLASH_SECTION_OFFSET', True)),
- int(d.getVar('FLASH_SECTION_END', True)))
+ # hpe-section2 and u-boot2 only exist in the secure boot image.
+ # If hpe-section2 exists, then this is secure boot.
+ if os.path.exists(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True), 'hpe-section2')):
+ _append_image(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True), 'hpe-section'),
+ int(d.getVar('FLASH_SECTION_OFFSET', True)),
+ int(d.getVar('FLASH_SECTION_END', True)))
+
+ _append_image(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True), 'hpe-section2'),
+ int(d.getVar('FLASH_SECTION2_OFFSET', True)),
+ int(d.getVar('FLASH_SECTION2_END', True)))
+
+ _append_image(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True), 'u-boot.%s' % d.getVar('UBOOT_SUFFIX',True)),
+ int(d.getVar('FLASH_UBOOT2_OFFSET', True)),
+ int(d.getVar('FLASH_RWFS_OFFSET', True)))
+ else:
+ _append_image(os.path.join(d.getVar('DEPLOY_DIR_IMAGE', True), 'hpe-section'),
+ int(d.getVar('FLASH_STANDARD_SECTION_OFFSET', True)),
+ int(d.getVar('FLASH_STANDARD_SECTION_END', True)))
}
+# Generate the secure boot image by default
do_generate_hpe_image() {
# Extract uboot 256K
dd if=/dev/zero bs=1k count=256 > ${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
@@ -73,38 +113,75 @@
if=${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX} \
of=${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
- # Sign uboot 256K
- openssl sha256 -sign ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_KEY} -out ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
+ keyblockver="$(expr `grep -c -i 'CustomerKeyBlockVersion\$2.0' "${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}"` + 1)"
+
+ # TODO - replace this openssl signing command line with whatever command you need to create a
+ # digital signature of ${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
+ if [ ${keyblockver} -eq 1 ]
+ then
+ openssl sha256 -sign ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_KEY} -out ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
- # Expand (header+signature) to 4K
- cat ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_HEADER} ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
- > ${DEPLOY_DIR_IMAGE}/gxp.sig
+ # Cat U-Boot header+signature
+ cat ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_HEADER} ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
+ > ${DEPLOY_DIR_IMAGE}/gxp-uboot.sig
+ elif [ ${keyblockver} -eq 2 ]
+ then
+ openssl sha384 -sign ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_KEY} -out ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
+ ${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
- # Add Header and Signature to hpe-section (from 60K)
- dd bs=1k conv=notrunc seek=60 \
- if=${DEPLOY_DIR_IMAGE}/gxp.sig \
- of=${DEPLOY_DIR_IMAGE}/hpe-section
+ # Cat U-Boot header+signature
+ cat ${DEPLOY_DIR_IMAGE}/${HPE_UBOOT_SIGNING_HEADER_512} ${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
+ > ${DEPLOY_DIR_IMAGE}/gxp-uboot.sig
+ fi
- # Add ubb to hpe-section
+ # Create hpe-section
+ dd if=/dev/zero bs=1k count=576 > ${DEPLOY_DIR_IMAGE}/hpe-section
+
+ # Add U-Boot Header and Signature to hpe-section
+ dd bs=1k conv=notrunc seek=0 \
+ if=${DEPLOY_DIR_IMAGE}/gxp-uboot.sig \
+ of=${DEPLOY_DIR_IMAGE}/hpe-section
+
+ # Add gxp-bootblock to hpe-section
dd bs=1k conv=notrunc seek=64 \
- if=${DEPLOY_DIR_IMAGE}/${HPE_GXP_BOOTBLOCK_IMAGE} \
- of=${DEPLOY_DIR_IMAGE}/hpe-section
+ if=${DEPLOY_DIR_IMAGE}/${HPE_GXP_BOOTBLOCK_IMAGE} \
+ of=${DEPLOY_DIR_IMAGE}/hpe-section
+
+ # hpe-section2 is the same as hpe-section up to this point
+ cp ${DEPLOY_DIR_IMAGE}/hpe-section ${DEPLOY_DIR_IMAGE}/hpe-section2
+
+ # Expand the customer-key-block to 64 KB
+ dd if=/dev/zero bs=1k count=64 > ${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}.tmp
+ dd bs=1k conv=notrunc seek=0 count=64 \
+ if=${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK} \
+ of=${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}.tmp
+
+ # Add the customer-key-block to hpe-section
+ dd bs=1k conv=notrunc seek=320 count=64 \
+ if=${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}.tmp \
+ of=${DEPLOY_DIR_IMAGE}/hpe-section
+
+ # Add a second copy of the customer-key-block to hpe-section
+ dd bs=1k conv=notrunc seek=384 count=64 \
+ if=${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}.tmp \
+ of=${DEPLOY_DIR_IMAGE}/hpe-section
# Expand uboot to 384K
dd if=/dev/zero bs=1k count=384 > ${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
- dd bs=1k conv=notrunc seek=0 count=384\
+ dd bs=1k conv=notrunc seek=0 count=384 \
if=${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX} \
of=${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX}
# Remove unnecessary files
rm ${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX} \
${DEPLOY_DIR_IMAGE}/gxp_tmp.sig \
- ${DEPLOY_DIR_IMAGE}/gxp.sig
+ ${DEPLOY_DIR_IMAGE}/gxp-uboot.sig \
+ ${DEPLOY_DIR_IMAGE}/${CUSTOMER_KEY_BLOCK}.tmp
mv ${DEPLOY_DIR_IMAGE}/u-boot-tmp.${UBOOT_SUFFIX} ${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX}
- # Check uboot image size equals to 384K
+ # Check uboot image size equals to 384K
size="$(wc -c < "${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX}")"
if [ ${size} -ne ${UBOOT_IMG_SIZE} ]
then
@@ -120,10 +197,16 @@
# Create the tar archive
tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.$type.mtd.tar \
- image-u-boot image-kernel image-rofs image-rwfs image-section $extra_files
+ image-u-boot image-kernel image-rofs image-rwfs image-section* $extra_files
+
+ # Create the min tar archive
+ tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.$type.mtd.min.tar \
+ image-kernel image-rofs image-rwfs MANIFEST \
+ image-kernel.sig image-rofs.sig image-rwfs.sig MANIFEST.sig publickey
cd ${IMGDEPLOYDIR}
ln -sf ${IMAGE_NAME}.$type.mtd.tar ${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.$type.mtd.tar
+ ln -sf ${IMAGE_NAME}.$type.mtd.min.tar ${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.$type.mtd.min.tar
}
do_generate_static_tar[depends] += " obmc-phosphor-image:do_generate_static"
@@ -142,10 +225,17 @@
exit 1
fi
- make_signatures image-u-boot image-kernel image-rofs image-rwfs image-section MANIFEST publickey
+ if [ -f image-section2 ]
+ then
+ make_signatures image-u-boot image-kernel image-rofs image-rwfs image-section image-section2 MANIFEST publickey
+ else
+ make_signatures image-u-boot image-kernel image-rofs image-rwfs image-section MANIFEST publickey
+ fi
+
make_tar_of_images static MANIFEST publickey ${signature_files}
# Maintain non-standard legacy link.
cd ${IMGDEPLOYDIR}
ln -sf ${IMAGE_NAME}.static.mtd.tar ${IMGDEPLOYDIR}/${MACHINE}-${DATETIME}.tar
+ ln -sf ${IMAGE_NAME}.static.mtd.min.tar ${IMGDEPLOYDIR}/${MACHINE}-${DATETIME}.min.tar
}