blob: debbf23ec603f75dd10c225efb2449b23c2e197c [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -05001#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
7# This file is part of U-Boot verified boot support and is intended to be
8# inherited from u-boot recipe and from kernel-fitimage.bbclass.
9#
10# The signature procedure requires the user to generate an RSA key and
11# certificate in a directory and to define the following variable:
12#
13# UBOOT_SIGN_KEYDIR = "/keys/directory"
14# UBOOT_SIGN_KEYNAME = "dev" # keys name in keydir (eg. "dev.crt", "dev.key")
15# UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
16# UBOOT_SIGN_ENABLE = "1"
17#
18# As verified boot depends on fitImage generation, following is also required:
19#
20# KERNEL_CLASSES ?= " kernel-fitimage "
21# KERNEL_IMAGETYPE ?= "fitImage"
22#
23# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
24#
25# The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to
26# treat the device tree blob:
27#
28# * u-boot:do_install:append
29# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
30# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
31#
32# * virtual/kernel:do_assemble_fitimage
33# Sign the image
34#
35# * u-boot:do_deploy[postfuncs]
36# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others.
37#
38# For more details on signature process, please refer to U-Boot documentation.
39
40# We need some variables from u-boot-config
41inherit uboot-config
42
43# Enable use of a U-Boot fitImage
44UBOOT_FITIMAGE_ENABLE ?= "0"
45
46# Signature activation - these require their respective fitImages
47UBOOT_SIGN_ENABLE ?= "0"
48SPL_SIGN_ENABLE ?= "0"
49
50# Default value for deployment filenames.
51UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
52UBOOT_DTB_BINARY ?= "u-boot.dtb"
53UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
54UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
55UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
56UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.bin"
57UBOOT_ITS_IMAGE ?= "u-boot-its-${MACHINE}-${PV}-${PR}"
58UBOOT_ITS ?= "u-boot.its"
59UBOOT_ITS_SYMLINK ?= "u-boot-its-${MACHINE}"
60UBOOT_FITIMAGE_IMAGE ?= "u-boot-fitImage-${MACHINE}-${PV}-${PR}"
61UBOOT_FITIMAGE_BINARY ?= "u-boot-fitImage"
62UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
63SPL_DIR ?= "spl"
64SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
65SPL_DTB_BINARY ?= "u-boot-spl.dtb"
66SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
67SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
68SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
69SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
70
71# U-Boot fitImage description
72UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
73
74# Kernel / U-Boot fitImage Hash Algo
75FIT_HASH_ALG ?= "sha256"
76UBOOT_FIT_HASH_ALG ?= "sha256"
77
78# Kernel / U-Boot fitImage Signature Algo
79FIT_SIGN_ALG ?= "rsa2048"
80UBOOT_FIT_SIGN_ALG ?= "rsa2048"
81
82# Kernel / U-Boot fitImage Padding Algo
83FIT_PAD_ALG ?= "pkcs-1.5"
84
85# Generate keys for signing Kernel / U-Boot fitImage
86FIT_GENERATE_KEYS ?= "0"
87UBOOT_FIT_GENERATE_KEYS ?= "0"
88
89# Size of private keys in number of bits
90FIT_SIGN_NUMBITS ?= "2048"
91UBOOT_FIT_SIGN_NUMBITS ?= "2048"
92
93# args to openssl genrsa (Default is just the public exponent)
94FIT_KEY_GENRSA_ARGS ?= "-F4"
95UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
96
97# args to openssl req (Default is -batch for non interactive mode and
98# -new for new certificate)
99FIT_KEY_REQ_ARGS ?= "-batch -new"
100UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
101
102# Standard format for public key certificate
103FIT_KEY_SIGN_PKCS ?= "-x509"
104UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
105
106# Functions on this bbclass can apply to either U-boot or Kernel,
107# depending on the scenario
108UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
109KERNEL_PN = "${@d.getVar('PREFERRED_PROVIDER_virtual/kernel')}"
110
111# We need u-boot-tools-native if we're creating a U-Boot fitImage
112python() {
113 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1':
114 depends = d.getVar("DEPENDS")
115 depends = "%s u-boot-tools-native dtc-native" % depends
116 d.setVar("DEPENDS", depends)
117}
118
119concat_dtb_helper() {
120 if [ -e "${UBOOT_DTB_BINARY}" ]; then
121 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
122 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
123 fi
124
125 if [ -f "${UBOOT_NODTB_BINARY}" ]; then
126 install ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
127 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
128 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
129 fi
130
131 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
132 # with public key (otherwise it will be deployed by the equivalent
133 # concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
134 if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
135 deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}'
136 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
137 [ -e "$deployed_uboot_dtb_binary" ]; then
138 oe_runmake EXT_DTB=$deployed_uboot_dtb_binary
139 install ${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE}
140 elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
141 cd ${DEPLOYDIR}
142 cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE}
143
144 if [ -n "${UBOOT_CONFIG}" ]
145 then
146 i=0
147 j=0
148 for config in ${UBOOT_MACHINE}; do
149 i=$(expr $i + 1);
150 for type in ${UBOOT_CONFIG}; do
151 j=$(expr $j + 1);
152 if [ $j -eq $i ]
153 then
154 cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
155 fi
156 done
157 done
158 fi
159 else
160 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
161 fi
162 fi
163}
164
165concat_spl_dtb_helper() {
166
167 # We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will
168 # be responsible for deploying the real file
169 if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
170 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
171 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
172 fi
173
174 # Concatenate the SPL nodtb binary and u-boot.dtb
175 deployed_spl_dtb_binary='${DEPLOY_DIR_IMAGE}/${SPL_DTB_IMAGE}'
176 if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
177 cd ${DEPLOYDIR}
178 cat ${SPL_NODTB_IMAGE} $deployed_spl_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${SPL_BINARY} > ${SPL_IMAGE}
179 else
180 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
181 fi
182}
183
184
185concat_dtb() {
186 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then
187 mkdir -p ${DEPLOYDIR}
188 if [ -n "${UBOOT_CONFIG}" ]; then
189 for config in ${UBOOT_MACHINE}; do
190 CONFIG_B_PATH="$config"
191 cd ${B}/$config
192 concat_dtb_helper
193 done
194 else
195 CONFIG_B_PATH=""
196 cd ${B}
197 concat_dtb_helper
198 fi
199 fi
200}
201
202concat_spl_dtb() {
203 if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then
204 mkdir -p ${DEPLOYDIR}
205 if [ -n "${UBOOT_CONFIG}" ]; then
206 for config in ${UBOOT_MACHINE}; do
207 CONFIG_B_PATH="$config"
208 cd ${B}/$config
209 concat_spl_dtb_helper
210 done
211 else
212 CONFIG_B_PATH=""
213 cd ${B}
214 concat_spl_dtb_helper
215 fi
216 fi
217}
218
219
220# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for
221# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it.
222install_helper() {
223 if [ -f "${UBOOT_DTB_BINARY}" ]; then
224 # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we
225 # need both of them.
226 install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
227 ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
228 else
229 bbwarn "${UBOOT_DTB_BINARY} not found"
230 fi
231}
232
233# Install SPL dtb and u-boot nodtb to datadir,
234install_spl_helper() {
235 if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
236 install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
237 ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY}
238 else
239 bbwarn "${SPL_DTB_BINARY} not found"
240 fi
241 if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
242 install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
243 ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
244 else
245 bbwarn "${UBOOT_NODTB_BINARY} not found"
246 fi
247
248 # We need to install a 'stub' u-boot-fitimage + its to datadir,
249 # so that the KERNEL_PN can use the correct filename when
250 # assembling and deploying them
251 touch ${D}/${datadir}/${UBOOT_FITIMAGE_IMAGE}
252 touch ${D}/${datadir}/${UBOOT_ITS_IMAGE}
253}
254
255do_install:append() {
256 if [ "${PN}" = "${UBOOT_PN}" ]; then
257 if [ -n "${UBOOT_CONFIG}" ]; then
258 for config in ${UBOOT_MACHINE}; do
259 cd ${B}/$config
260 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
261 [ -n "${UBOOT_DTB_BINARY}" ]; then
262 install_helper
263 fi
264 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
265 install_spl_helper
266 fi
267 done
268 else
269 cd ${B}
270 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
271 [ -n "${UBOOT_DTB_BINARY}" ]; then
272 install_helper
273 fi
274 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
275 install_spl_helper
276 fi
277 fi
278 fi
279}
280
281do_uboot_generate_rsa_keys() {
282 if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
283 bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
284 fi
285
286 if [ "${SPL_SIGN_ENABLE}" = "1" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
287
288 # Generate keys only if they don't already exist
289 if [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key ] || \
290 [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt ]; then
291
292 # make directory if it does not already exist
293 mkdir -p "${SPL_SIGN_KEYDIR}"
294
295 echo "Generating RSA private key for signing U-Boot fitImage"
296 openssl genrsa ${UBOOT_FIT_KEY_GENRSA_ARGS} -out \
297 "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
298 "${UBOOT_FIT_SIGN_NUMBITS}"
299
300 echo "Generating certificate for signing U-Boot fitImage"
301 openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
302 -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
303 -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
304 fi
305 fi
306
307}
308
309addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile
310
311# Create a ITS file for the U-boot FIT, for use when
312# we want to sign it so that the SPL can verify it
313uboot_fitimage_assemble() {
314 uboot_its="$1"
315 uboot_nodtb_bin="$2"
316 uboot_dtb="$3"
317 uboot_bin="$4"
318 spl_dtb="$5"
319 uboot_csum="${UBOOT_FIT_HASH_ALG}"
320 uboot_sign_algo="${UBOOT_FIT_SIGN_ALG}"
321 uboot_sign_keyname="${SPL_SIGN_KEYNAME}"
322
323 rm -f $uboot_its $uboot_bin
324
325 # First we create the ITS script
326 cat << EOF >> $uboot_its
327/dts-v1/;
328
329/ {
330 description = "${UBOOT_FIT_DESC}";
331 #address-cells = <1>;
332
333 images {
334 uboot {
335 description = "U-Boot image";
336 data = /incbin/("$uboot_nodtb_bin");
337 type = "standalone";
338 os = "u-boot";
339 arch = "${UBOOT_ARCH}";
340 compression = "none";
341 load = <${UBOOT_LOADADDRESS}>;
342 entry = <${UBOOT_ENTRYPOINT}>;
343EOF
344
345 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
346 cat << EOF >> $uboot_its
347 signature {
348 algo = "$uboot_csum,$uboot_sign_algo";
349 key-name-hint = "$uboot_sign_keyname";
350 };
351EOF
352 fi
353
354 cat << EOF >> $uboot_its
355 };
356 fdt {
357 description = "U-Boot FDT";
358 data = /incbin/("$uboot_dtb");
359 type = "flat_dt";
360 arch = "${UBOOT_ARCH}";
361 compression = "none";
362EOF
363
364 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
365 cat << EOF >> $uboot_its
366 signature {
367 algo = "$uboot_csum,$uboot_sign_algo";
368 key-name-hint = "$uboot_sign_keyname";
369 };
370EOF
371 fi
372
373 cat << EOF >> $uboot_its
374 };
375 };
376
377 configurations {
378 default = "conf";
379 conf {
380 description = "Boot with signed U-Boot FIT";
381 loadables = "uboot";
382 fdt = "fdt";
383 };
384 };
385};
386EOF
387
388 #
389 # Assemble the U-boot FIT image
390 #
391 ${UBOOT_MKIMAGE} \
392 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
393 -f $uboot_its \
394 $uboot_bin
395
396 if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
397 #
398 # Sign the U-boot FIT image and add public key to SPL dtb
399 #
400 ${UBOOT_MKIMAGE_SIGN} \
401 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
402 -F -k "${SPL_SIGN_KEYDIR}" \
403 -K "$spl_dtb" \
404 -r $uboot_bin \
405 ${SPL_MKIMAGE_SIGN_ARGS}
406 fi
407
408}
409
410do_uboot_assemble_fitimage() {
411 # This function runs in KERNEL_PN context. The reason for that is that we need to
412 # support the scenario where UBOOT_SIGN_ENABLE is placing the Kernel fitImage's
413 # pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot
414 # fitImage itself.
415 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
416 [ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then
417 if [ "${UBOOT_SIGN_ENABLE}" != "1" ]; then
418 # If we're not signing the Kernel fitImage, that means
419 # we need to copy the u-boot.dtb from staging ourselves
420 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
421 fi
422 # As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first.
423 # Unfortunately, need to glob on top of ${SPL_DTB_BINARY} since _IMAGE and _SYMLINK
424 # will contain U-boot's PV
425 # Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in
426 # staging so that we can use it for creating the image with the correct filename
427 # in the KERNEL_PN context.
428 # As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent
429 # do_assemble_fitimage task
430 cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B}
431 cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B}
432 rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-*
433 kernel_uboot_fitimage_name=`basename ${STAGING_DATADIR}/u-boot-fitImage-*`
434 kernel_uboot_its_name=`basename ${STAGING_DATADIR}/u-boot-its-*`
435 cd ${B}
436 uboot_fitimage_assemble $kernel_uboot_its_name ${UBOOT_NODTB_BINARY} \
437 ${UBOOT_DTB_BINARY} $kernel_uboot_fitimage_name \
438 ${SPL_DTB_BINARY}
439 fi
440}
441
442addtask uboot_assemble_fitimage before do_deploy after do_compile
443
444do_deploy:prepend:pn-${UBOOT_PN}() {
445 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
446 concat_dtb
447 fi
448
449 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
450 # Deploy the u-boot-nodtb binary and symlinks...
451 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
452 echo "Copying u-boot-nodtb binary..."
453 install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
454 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
455 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
456 fi
457
458
459 # We only deploy the symlinks to the uboot-fitImage and uboot-its
460 # images, as the KERNEL_PN will take care of deploying the real file
461 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
462 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
463 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
464 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
465 fi
466
467 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
468 concat_spl_dtb
469 fi
470
471
472}
473
474do_deploy:append:pn-${UBOOT_PN}() {
475 # If we're creating a u-boot fitImage, point u-boot.bin
476 # symlink since it might get used by image recipes
477 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
478 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_BINARY}
479 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
480 fi
481}
482
483python () {
484 if ( (d.getVar('UBOOT_SIGN_ENABLE') == '1'
485 or d.getVar('UBOOT_FITIMAGE_ENABLE') == '1')
486 and d.getVar('PN') == d.getVar('UBOOT_PN')
487 and d.getVar('UBOOT_DTB_BINARY')):
488
489 # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
490 # and/or the U-Boot fitImage
491 d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % d.getVar('KERNEL_PN'))
492
493 if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' and d.getVar('PN') == d.getVar('KERNEL_PN'):
494 # As the U-Boot fitImage is created by the KERNEL_PN, we need
495 # to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
496 # files are in the staging dir for it's use
497 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % d.getVar('UBOOT_PN'))
498
499 # If the Kernel fitImage is being signed, we need to
500 # create the U-Boot fitImage after it
501 if d.getVar('UBOOT_SIGN_ENABLE') == '1':
502 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage' % d.getVar('KERNEL_PN'))
503 d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' %s:do_assemble_fitimage_initramfs' % d.getVar('KERNEL_PN'))
504
505}