Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 1 | # |
| 2 | # Copyright OpenEmbedded Contributors |
| 3 | # |
| 4 | # SPDX-License-Identifier: MIT |
| 5 | # |
| 6 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 7 | inherit kernel-uboot kernel-artifact-names uboot-config |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 8 | |
| 9 | def get_fit_replacement_type(d): |
| 10 | kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" |
| 11 | replacementtype = "" |
| 12 | if 'fitImage' in kerneltypes.split(): |
| 13 | uarch = d.getVar("UBOOT_ARCH") |
| 14 | if uarch == "arm64": |
| 15 | replacementtype = "Image" |
| 16 | elif uarch == "riscv": |
| 17 | replacementtype = "Image" |
| 18 | elif uarch == "mips": |
| 19 | replacementtype = "vmlinuz.bin" |
| 20 | elif uarch == "x86": |
| 21 | replacementtype = "bzImage" |
| 22 | elif uarch == "microblaze": |
| 23 | replacementtype = "linux.bin" |
| 24 | else: |
| 25 | replacementtype = "zImage" |
| 26 | return replacementtype |
| 27 | |
| 28 | KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" |
| 29 | DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" |
| 30 | |
| 31 | python __anonymous () { |
| 32 | # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal |
| 33 | # to kernel.bbclass . We have to override it, since we pack zImage |
| 34 | # (at least for now) into the fitImage . |
| 35 | typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" |
| 36 | if 'fitImage' in typeformake.split(): |
| 37 | d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) |
| 38 | |
| 39 | image = d.getVar('INITRAMFS_IMAGE') |
| 40 | if image: |
| 41 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') |
| 42 | |
| 43 | ubootenv = d.getVar('UBOOT_ENV') |
| 44 | if ubootenv: |
| 45 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') |
| 46 | |
| 47 | #check if there are any dtb providers |
| 48 | providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") |
| 49 | if providerdtb: |
| 50 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') |
| 51 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') |
| 52 | d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 53 | } |
| 54 | |
| 55 | |
| 56 | # Description string |
| 57 | FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" |
| 58 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 59 | # Kernel fitImage Hash Algo |
| 60 | FIT_HASH_ALG ?= "sha256" |
| 61 | |
| 62 | # Kernel fitImage Signature Algo |
| 63 | FIT_SIGN_ALG ?= "rsa2048" |
| 64 | |
| 65 | # Kernel / U-Boot fitImage Padding Algo |
| 66 | FIT_PAD_ALG ?= "pkcs-1.5" |
| 67 | |
| 68 | # Generate keys for signing Kernel fitImage |
| 69 | FIT_GENERATE_KEYS ?= "0" |
| 70 | |
| 71 | # Size of private keys in number of bits |
| 72 | FIT_SIGN_NUMBITS ?= "2048" |
| 73 | |
| 74 | # args to openssl genrsa (Default is just the public exponent) |
| 75 | FIT_KEY_GENRSA_ARGS ?= "-F4" |
| 76 | |
| 77 | # args to openssl req (Default is -batch for non interactive mode and |
| 78 | # -new for new certificate) |
| 79 | FIT_KEY_REQ_ARGS ?= "-batch -new" |
| 80 | |
| 81 | # Standard format for public key certificate |
| 82 | FIT_KEY_SIGN_PKCS ?= "-x509" |
| 83 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 84 | # Sign individual images as well |
| 85 | FIT_SIGN_INDIVIDUAL ?= "0" |
| 86 | |
| 87 | FIT_CONF_PREFIX ?= "conf-" |
| 88 | FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" |
| 89 | |
| 90 | FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" |
| 91 | |
Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 92 | # Allow user to select the default DTB for FIT image when multiple dtb's exists. |
| 93 | FIT_CONF_DEFAULT_DTB ?= "" |
| 94 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 95 | # Keys used to sign individually image nodes. |
| 96 | # The keys to sign image nodes must be different from those used to sign |
| 97 | # configuration nodes, otherwise the "required" property, from |
| 98 | # UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". |
| 99 | # Then the images signature checking will not be mandatory and no error will be |
| 100 | # raised in case of failure. |
| 101 | # UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") |
| 102 | |
| 103 | # |
| 104 | # Emit the fitImage ITS header |
| 105 | # |
| 106 | # $1 ... .its filename |
| 107 | fitimage_emit_fit_header() { |
| 108 | cat << EOF >> $1 |
| 109 | /dts-v1/; |
| 110 | |
| 111 | / { |
| 112 | description = "${FIT_DESC}"; |
| 113 | #address-cells = <1>; |
| 114 | EOF |
| 115 | } |
| 116 | |
| 117 | # |
| 118 | # Emit the fitImage section bits |
| 119 | # |
| 120 | # $1 ... .its filename |
| 121 | # $2 ... Section bit type: imagestart - image section start |
| 122 | # confstart - configuration section start |
| 123 | # sectend - section end |
| 124 | # fitend - fitimage end |
| 125 | # |
| 126 | fitimage_emit_section_maint() { |
| 127 | case $2 in |
| 128 | imagestart) |
| 129 | cat << EOF >> $1 |
| 130 | |
| 131 | images { |
| 132 | EOF |
| 133 | ;; |
| 134 | confstart) |
| 135 | cat << EOF >> $1 |
| 136 | |
| 137 | configurations { |
| 138 | EOF |
| 139 | ;; |
| 140 | sectend) |
| 141 | cat << EOF >> $1 |
| 142 | }; |
| 143 | EOF |
| 144 | ;; |
| 145 | fitend) |
| 146 | cat << EOF >> $1 |
| 147 | }; |
| 148 | EOF |
| 149 | ;; |
| 150 | esac |
| 151 | } |
| 152 | |
| 153 | # |
| 154 | # Emit the fitImage ITS kernel section |
| 155 | # |
| 156 | # $1 ... .its filename |
| 157 | # $2 ... Image counter |
| 158 | # $3 ... Path to kernel image |
| 159 | # $4 ... Compression type |
| 160 | fitimage_emit_section_kernel() { |
| 161 | |
| 162 | kernel_csum="${FIT_HASH_ALG}" |
| 163 | kernel_sign_algo="${FIT_SIGN_ALG}" |
| 164 | kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 165 | |
| 166 | ENTRYPOINT="${UBOOT_ENTRYPOINT}" |
| 167 | if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then |
| 168 | ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ |
| 169 | awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` |
| 170 | fi |
| 171 | |
| 172 | cat << EOF >> $1 |
| 173 | kernel-$2 { |
| 174 | description = "Linux kernel"; |
| 175 | data = /incbin/("$3"); |
| 176 | type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; |
| 177 | arch = "${UBOOT_ARCH}"; |
| 178 | os = "linux"; |
| 179 | compression = "$4"; |
| 180 | load = <${UBOOT_LOADADDRESS}>; |
| 181 | entry = <$ENTRYPOINT>; |
| 182 | hash-1 { |
| 183 | algo = "$kernel_csum"; |
| 184 | }; |
| 185 | }; |
| 186 | EOF |
| 187 | |
| 188 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then |
| 189 | sed -i '$ d' $1 |
| 190 | cat << EOF >> $1 |
| 191 | signature-1 { |
| 192 | algo = "$kernel_csum,$kernel_sign_algo"; |
| 193 | key-name-hint = "$kernel_sign_keyname"; |
| 194 | }; |
| 195 | }; |
| 196 | EOF |
| 197 | fi |
| 198 | } |
| 199 | |
| 200 | # |
| 201 | # Emit the fitImage ITS DTB section |
| 202 | # |
| 203 | # $1 ... .its filename |
| 204 | # $2 ... Image counter |
| 205 | # $3 ... Path to DTB image |
| 206 | fitimage_emit_section_dtb() { |
| 207 | |
| 208 | dtb_csum="${FIT_HASH_ALG}" |
| 209 | dtb_sign_algo="${FIT_SIGN_ALG}" |
| 210 | dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 211 | |
| 212 | dtb_loadline="" |
| 213 | dtb_ext=${DTB##*.} |
| 214 | if [ "${dtb_ext}" = "dtbo" ]; then |
| 215 | if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then |
| 216 | dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" |
| 217 | fi |
| 218 | elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then |
| 219 | dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" |
| 220 | fi |
| 221 | cat << EOF >> $1 |
| 222 | fdt-$2 { |
| 223 | description = "Flattened Device Tree blob"; |
| 224 | data = /incbin/("$3"); |
| 225 | type = "flat_dt"; |
| 226 | arch = "${UBOOT_ARCH}"; |
| 227 | compression = "none"; |
| 228 | $dtb_loadline |
| 229 | hash-1 { |
| 230 | algo = "$dtb_csum"; |
| 231 | }; |
| 232 | }; |
| 233 | EOF |
| 234 | |
| 235 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then |
| 236 | sed -i '$ d' $1 |
| 237 | cat << EOF >> $1 |
| 238 | signature-1 { |
| 239 | algo = "$dtb_csum,$dtb_sign_algo"; |
| 240 | key-name-hint = "$dtb_sign_keyname"; |
| 241 | }; |
| 242 | }; |
| 243 | EOF |
| 244 | fi |
| 245 | } |
| 246 | |
| 247 | # |
| 248 | # Emit the fitImage ITS u-boot script section |
| 249 | # |
| 250 | # $1 ... .its filename |
| 251 | # $2 ... Image counter |
| 252 | # $3 ... Path to boot script image |
| 253 | fitimage_emit_section_boot_script() { |
| 254 | |
| 255 | bootscr_csum="${FIT_HASH_ALG}" |
| 256 | bootscr_sign_algo="${FIT_SIGN_ALG}" |
| 257 | bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 258 | |
| 259 | cat << EOF >> $1 |
| 260 | bootscr-$2 { |
| 261 | description = "U-boot script"; |
| 262 | data = /incbin/("$3"); |
| 263 | type = "script"; |
| 264 | arch = "${UBOOT_ARCH}"; |
| 265 | compression = "none"; |
| 266 | hash-1 { |
| 267 | algo = "$bootscr_csum"; |
| 268 | }; |
| 269 | }; |
| 270 | EOF |
| 271 | |
| 272 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then |
| 273 | sed -i '$ d' $1 |
| 274 | cat << EOF >> $1 |
| 275 | signature-1 { |
| 276 | algo = "$bootscr_csum,$bootscr_sign_algo"; |
| 277 | key-name-hint = "$bootscr_sign_keyname"; |
| 278 | }; |
| 279 | }; |
| 280 | EOF |
| 281 | fi |
| 282 | } |
| 283 | |
| 284 | # |
| 285 | # Emit the fitImage ITS setup section |
| 286 | # |
| 287 | # $1 ... .its filename |
| 288 | # $2 ... Image counter |
| 289 | # $3 ... Path to setup image |
| 290 | fitimage_emit_section_setup() { |
| 291 | |
| 292 | setup_csum="${FIT_HASH_ALG}" |
| 293 | |
| 294 | cat << EOF >> $1 |
| 295 | setup-$2 { |
| 296 | description = "Linux setup.bin"; |
| 297 | data = /incbin/("$3"); |
| 298 | type = "x86_setup"; |
| 299 | arch = "${UBOOT_ARCH}"; |
| 300 | os = "linux"; |
| 301 | compression = "none"; |
| 302 | load = <0x00090000>; |
| 303 | entry = <0x00090000>; |
| 304 | hash-1 { |
| 305 | algo = "$setup_csum"; |
| 306 | }; |
| 307 | }; |
| 308 | EOF |
| 309 | } |
| 310 | |
| 311 | # |
| 312 | # Emit the fitImage ITS ramdisk section |
| 313 | # |
| 314 | # $1 ... .its filename |
| 315 | # $2 ... Image counter |
| 316 | # $3 ... Path to ramdisk image |
| 317 | fitimage_emit_section_ramdisk() { |
| 318 | |
| 319 | ramdisk_csum="${FIT_HASH_ALG}" |
| 320 | ramdisk_sign_algo="${FIT_SIGN_ALG}" |
| 321 | ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" |
| 322 | ramdisk_loadline="" |
| 323 | ramdisk_entryline="" |
| 324 | |
| 325 | if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then |
| 326 | ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" |
| 327 | fi |
| 328 | if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then |
| 329 | ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" |
| 330 | fi |
| 331 | |
| 332 | cat << EOF >> $1 |
| 333 | ramdisk-$2 { |
| 334 | description = "${INITRAMFS_IMAGE}"; |
| 335 | data = /incbin/("$3"); |
| 336 | type = "ramdisk"; |
| 337 | arch = "${UBOOT_ARCH}"; |
| 338 | os = "linux"; |
| 339 | compression = "none"; |
| 340 | $ramdisk_loadline |
| 341 | $ramdisk_entryline |
| 342 | hash-1 { |
| 343 | algo = "$ramdisk_csum"; |
| 344 | }; |
| 345 | }; |
| 346 | EOF |
| 347 | |
| 348 | if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then |
| 349 | sed -i '$ d' $1 |
| 350 | cat << EOF >> $1 |
| 351 | signature-1 { |
| 352 | algo = "$ramdisk_csum,$ramdisk_sign_algo"; |
| 353 | key-name-hint = "$ramdisk_sign_keyname"; |
| 354 | }; |
| 355 | }; |
| 356 | EOF |
| 357 | fi |
| 358 | } |
| 359 | |
| 360 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 361 | # echoes symlink destination if it points below directory |
| 362 | # |
| 363 | # $1 ... file that's a potential symlink |
| 364 | # $2 ... expected parent directory |
| 365 | symlink_points_below() { |
| 366 | file="$2/$1" |
| 367 | dir=$2 |
| 368 | |
| 369 | if ! [ -L "$file" ]; then |
| 370 | return |
| 371 | fi |
| 372 | |
| 373 | realpath="$(realpath --relative-to=$dir $file)" |
| 374 | if [ -z "${realpath%%../*}" ]; then |
| 375 | return |
| 376 | fi |
| 377 | |
| 378 | echo "$realpath" |
| 379 | } |
| 380 | |
| 381 | # |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 382 | # Emit the fitImage ITS configuration section |
| 383 | # |
| 384 | # $1 ... .its filename |
| 385 | # $2 ... Linux kernel ID |
| 386 | # $3 ... DTB image name |
| 387 | # $4 ... ramdisk ID |
| 388 | # $5 ... u-boot script ID |
| 389 | # $6 ... config ID |
| 390 | # $7 ... default flag |
| 391 | fitimage_emit_section_config() { |
| 392 | |
| 393 | conf_csum="${FIT_HASH_ALG}" |
| 394 | conf_sign_algo="${FIT_SIGN_ALG}" |
| 395 | conf_padding_algo="${FIT_PAD_ALG}" |
| 396 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then |
| 397 | conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" |
| 398 | fi |
| 399 | |
| 400 | its_file="$1" |
| 401 | kernel_id="$2" |
| 402 | dtb_image="$3" |
| 403 | ramdisk_id="$4" |
| 404 | bootscr_id="$5" |
| 405 | config_id="$6" |
| 406 | default_flag="$7" |
| 407 | |
| 408 | # Test if we have any DTBs at all |
| 409 | sep="" |
| 410 | conf_desc="" |
| 411 | conf_node="${FIT_CONF_PREFIX}" |
| 412 | kernel_line="" |
| 413 | fdt_line="" |
| 414 | ramdisk_line="" |
| 415 | bootscr_line="" |
| 416 | setup_line="" |
| 417 | default_line="" |
Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 418 | default_dtb_image="${FIT_CONF_DEFAULT_DTB}" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 419 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 420 | dtb_image_sect=$(symlink_points_below $dtb_image "${EXTERNAL_KERNEL_DEVICETREE}") |
| 421 | if [ -z "$dtb_image_sect" ]; then |
| 422 | dtb_image_sect=$dtb_image |
| 423 | fi |
| 424 | |
| 425 | dtb_image=$(echo $dtb_image | tr '/' '_') |
| 426 | dtb_image_sect=$(echo "${dtb_image_sect}" | tr '/' '_') |
| 427 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 428 | # conf node name is selected based on dtb ID if it is present, |
| 429 | # otherwise its selected based on kernel ID |
| 430 | if [ -n "$dtb_image" ]; then |
| 431 | conf_node=$conf_node$dtb_image |
| 432 | else |
| 433 | conf_node=$conf_node$kernel_id |
| 434 | fi |
| 435 | |
| 436 | if [ -n "$kernel_id" ]; then |
| 437 | conf_desc="Linux kernel" |
| 438 | sep=", " |
| 439 | kernel_line="kernel = \"kernel-$kernel_id\";" |
| 440 | fi |
| 441 | |
| 442 | if [ -n "$dtb_image" ]; then |
| 443 | conf_desc="$conf_desc${sep}FDT blob" |
| 444 | sep=", " |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 445 | fdt_line="fdt = \"fdt-$dtb_image_sect\";" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 446 | fi |
| 447 | |
| 448 | if [ -n "$ramdisk_id" ]; then |
| 449 | conf_desc="$conf_desc${sep}ramdisk" |
| 450 | sep=", " |
| 451 | ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" |
| 452 | fi |
| 453 | |
| 454 | if [ -n "$bootscr_id" ]; then |
| 455 | conf_desc="$conf_desc${sep}u-boot script" |
| 456 | sep=", " |
| 457 | bootscr_line="bootscr = \"bootscr-$bootscr_id\";" |
| 458 | fi |
| 459 | |
| 460 | if [ -n "$config_id" ]; then |
| 461 | conf_desc="$conf_desc${sep}setup" |
| 462 | setup_line="setup = \"setup-$config_id\";" |
| 463 | fi |
| 464 | |
| 465 | if [ "$default_flag" = "1" ]; then |
| 466 | # default node is selected based on dtb ID if it is present, |
| 467 | # otherwise its selected based on kernel ID |
| 468 | if [ -n "$dtb_image" ]; then |
Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 469 | # Select default node as user specified dtb when |
| 470 | # multiple dtb exists. |
| 471 | if [ -n "$default_dtb_image" ]; then |
| 472 | if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then |
| 473 | default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" |
| 474 | else |
| 475 | bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" |
| 476 | fi |
| 477 | else |
| 478 | default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" |
| 479 | fi |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 480 | else |
| 481 | default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" |
| 482 | fi |
| 483 | fi |
| 484 | |
| 485 | cat << EOF >> $its_file |
| 486 | $default_line |
| 487 | $conf_node { |
| 488 | description = "$default_flag $conf_desc"; |
| 489 | $kernel_line |
| 490 | $fdt_line |
| 491 | $ramdisk_line |
| 492 | $bootscr_line |
| 493 | $setup_line |
| 494 | hash-1 { |
| 495 | algo = "$conf_csum"; |
| 496 | }; |
| 497 | EOF |
| 498 | |
| 499 | if [ -n "$conf_sign_keyname" ] ; then |
| 500 | |
| 501 | sign_line="sign-images = " |
| 502 | sep="" |
| 503 | |
| 504 | if [ -n "$kernel_id" ]; then |
| 505 | sign_line="$sign_line${sep}\"kernel\"" |
| 506 | sep=", " |
| 507 | fi |
| 508 | |
| 509 | if [ -n "$dtb_image" ]; then |
| 510 | sign_line="$sign_line${sep}\"fdt\"" |
| 511 | sep=", " |
| 512 | fi |
| 513 | |
| 514 | if [ -n "$ramdisk_id" ]; then |
| 515 | sign_line="$sign_line${sep}\"ramdisk\"" |
| 516 | sep=", " |
| 517 | fi |
| 518 | |
| 519 | if [ -n "$bootscr_id" ]; then |
| 520 | sign_line="$sign_line${sep}\"bootscr\"" |
| 521 | sep=", " |
| 522 | fi |
| 523 | |
| 524 | if [ -n "$config_id" ]; then |
| 525 | sign_line="$sign_line${sep}\"setup\"" |
| 526 | fi |
| 527 | |
| 528 | sign_line="$sign_line;" |
| 529 | |
| 530 | cat << EOF >> $its_file |
| 531 | signature-1 { |
| 532 | algo = "$conf_csum,$conf_sign_algo"; |
| 533 | key-name-hint = "$conf_sign_keyname"; |
| 534 | padding = "$conf_padding_algo"; |
| 535 | $sign_line |
| 536 | }; |
| 537 | EOF |
| 538 | fi |
| 539 | |
| 540 | cat << EOF >> $its_file |
| 541 | }; |
| 542 | EOF |
| 543 | } |
| 544 | |
| 545 | # |
| 546 | # Assemble fitImage |
| 547 | # |
| 548 | # $1 ... .its filename |
| 549 | # $2 ... fitImage name |
| 550 | # $3 ... include ramdisk |
| 551 | fitimage_assemble() { |
| 552 | kernelcount=1 |
| 553 | dtbcount="" |
| 554 | DTBS="" |
| 555 | ramdiskcount=$3 |
| 556 | setupcount="" |
| 557 | bootscr_id="" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 558 | rm -f $1 ${KERNEL_OUTPUT_DIR}/$2 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 559 | |
| 560 | if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then |
| 561 | bbfatal "Keys used to sign images and configuration nodes must be different." |
| 562 | fi |
| 563 | |
| 564 | fitimage_emit_fit_header $1 |
| 565 | |
| 566 | # |
| 567 | # Step 1: Prepare a kernel image section. |
| 568 | # |
| 569 | fitimage_emit_section_maint $1 imagestart |
| 570 | |
| 571 | uboot_prep_kimage |
| 572 | fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" |
| 573 | |
| 574 | # |
| 575 | # Step 2: Prepare a DTB image section |
| 576 | # |
| 577 | |
| 578 | if [ -n "${KERNEL_DEVICETREE}" ]; then |
| 579 | dtbcount=1 |
| 580 | for DTB in ${KERNEL_DEVICETREE}; do |
| 581 | if echo $DTB | grep -q '/dts/'; then |
| 582 | bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." |
| 583 | DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` |
| 584 | fi |
| 585 | |
| 586 | # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} |
| 587 | if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then |
| 588 | continue |
| 589 | fi |
| 590 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 591 | DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 592 | if [ ! -e "$DTB_PATH" ]; then |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 593 | DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 594 | fi |
| 595 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 596 | # Skip DTB if we've picked it up previously |
| 597 | echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| 598 | |
| 599 | DTBS="$DTBS $DTB" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 600 | DTB=$(echo $DTB | tr '/' '_') |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 601 | fitimage_emit_section_dtb $1 $DTB $DTB_PATH |
| 602 | done |
| 603 | fi |
| 604 | |
| 605 | if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then |
| 606 | dtbcount=1 |
Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 607 | for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ |
| 608 | $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do |
| 609 | # Skip DTB/DTBO if we've picked it up previously |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 610 | echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue |
| 611 | |
| 612 | DTBS="$DTBS $DTB" |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 613 | |
| 614 | # Also skip if a symlink. We'll later have each config section point at it |
| 615 | [ $(symlink_points_below $DTB "${EXTERNAL_KERNEL_DEVICETREE}") ] && continue |
| 616 | |
| 617 | DTB=$(echo $DTB | tr '/' '_') |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 618 | fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" |
| 619 | done |
| 620 | fi |
| 621 | |
| 622 | # |
| 623 | # Step 3: Prepare a u-boot script section |
| 624 | # |
| 625 | |
| 626 | if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then |
| 627 | if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then |
| 628 | cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} |
| 629 | bootscr_id="${UBOOT_ENV_BINARY}" |
| 630 | fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} |
| 631 | else |
| 632 | bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." |
| 633 | fi |
| 634 | fi |
| 635 | |
| 636 | # |
| 637 | # Step 4: Prepare a setup section. (For x86) |
| 638 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 639 | if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 640 | setupcount=1 |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 641 | fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 642 | fi |
| 643 | |
| 644 | # |
| 645 | # Step 5: Prepare a ramdisk section. |
| 646 | # |
| 647 | if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 648 | # Find and use the first initramfs image archive type we find |
| 649 | found= |
| 650 | for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do |
| 651 | initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" |
| 652 | if [ -e "$initramfs_path" ]; then |
| 653 | bbnote "Found initramfs image: $initramfs_path" |
| 654 | found=true |
| 655 | fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" |
| 656 | break |
| 657 | else |
| 658 | bbnote "Did not find initramfs image: $initramfs_path" |
| 659 | fi |
| 660 | done |
| 661 | |
| 662 | if [ -z "$found" ]; then |
| 663 | bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" |
| 664 | fi |
| 665 | fi |
| 666 | |
| 667 | fitimage_emit_section_maint $1 sectend |
| 668 | |
| 669 | # Force the first Kernel and DTB in the default config |
| 670 | kernelcount=1 |
| 671 | if [ -n "$dtbcount" ]; then |
| 672 | dtbcount=1 |
| 673 | fi |
| 674 | |
| 675 | # |
| 676 | # Step 6: Prepare a configurations section |
| 677 | # |
| 678 | fitimage_emit_section_maint $1 confstart |
| 679 | |
| 680 | # kernel-fitimage.bbclass currently only supports a single kernel (no less or |
| 681 | # more) to be added to the FIT image along with 0 or more device trees and |
| 682 | # 0 or 1 ramdisk. |
| 683 | # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) |
| 684 | # When the initramfs bundle is used ramdisk is disabled. |
| 685 | # If a device tree is to be part of the FIT image, then select |
| 686 | # the default configuration to be used is based on the dtbcount. If there is |
| 687 | # no dtb present than select the default configuation to be based on |
| 688 | # the kernelcount. |
| 689 | if [ -n "$DTBS" ]; then |
| 690 | i=1 |
| 691 | for DTB in ${DTBS}; do |
| 692 | dtb_ext=${DTB##*.} |
| 693 | if [ "$dtb_ext" = "dtbo" ]; then |
| 694 | fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" |
| 695 | else |
| 696 | fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" |
| 697 | fi |
| 698 | i=`expr $i + 1` |
| 699 | done |
| 700 | else |
| 701 | defaultconfigcount=1 |
| 702 | fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount |
| 703 | fi |
| 704 | |
| 705 | fitimage_emit_section_maint $1 sectend |
| 706 | |
| 707 | fitimage_emit_section_maint $1 fitend |
| 708 | |
| 709 | # |
| 710 | # Step 7: Assemble the image |
| 711 | # |
| 712 | ${UBOOT_MKIMAGE} \ |
| 713 | ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| 714 | -f $1 \ |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 715 | ${KERNEL_OUTPUT_DIR}/$2 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 716 | |
| 717 | # |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 718 | # Step 8: Sign the image |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 719 | # |
| 720 | if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 721 | ${UBOOT_MKIMAGE_SIGN} \ |
| 722 | ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ |
| 723 | -F -k "${UBOOT_SIGN_KEYDIR}" \ |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 724 | -r ${KERNEL_OUTPUT_DIR}/$2 \ |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 725 | ${UBOOT_MKIMAGE_SIGN_ARGS} |
| 726 | fi |
| 727 | } |
| 728 | |
| 729 | do_assemble_fitimage() { |
| 730 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| 731 | cd ${B} |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 732 | fitimage_assemble fit-image.its fitImage-none "" |
| 733 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 734 | ln -sf fitImage-none ${B}/${KERNEL_OUTPUT_DIR}/fitImage |
| 735 | fi |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 736 | fi |
| 737 | } |
| 738 | |
| 739 | addtask assemble_fitimage before do_install after do_compile |
| 740 | |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 741 | SYSROOT_DIRS:append = " /sysroot-only" |
| 742 | do_install:append() { |
| 743 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ |
| 744 | [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then |
| 745 | install -D ${B}/${KERNEL_OUTPUT_DIR}/fitImage-none ${D}/sysroot-only/fitImage |
| 746 | fi |
| 747 | } |
| 748 | |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 749 | do_assemble_fitimage_initramfs() { |
| 750 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ |
| 751 | test -n "${INITRAMFS_IMAGE}" ; then |
| 752 | cd ${B} |
| 753 | if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 754 | fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-bundle "" |
| 755 | ln -sf fitImage-bundle ${B}/${KERNEL_OUTPUT_DIR}/fitImage |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 756 | else |
| 757 | fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 |
| 758 | fi |
| 759 | fi |
| 760 | } |
| 761 | |
| 762 | addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs |
| 763 | |
| 764 | do_kernel_generate_rsa_keys() { |
| 765 | if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| 766 | bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." |
| 767 | fi |
| 768 | |
| 769 | if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then |
| 770 | |
| 771 | # Generate keys to sign configuration nodes, only if they don't already exist |
| 772 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ |
| 773 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then |
| 774 | |
| 775 | # make directory if it does not already exist |
| 776 | mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| 777 | |
| 778 | bbnote "Generating RSA private key for signing fitImage" |
| 779 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| 780 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| 781 | "${FIT_SIGN_NUMBITS}" |
| 782 | |
| 783 | bbnote "Generating certificate for signing fitImage" |
| 784 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| 785 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ |
| 786 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt |
| 787 | fi |
| 788 | |
| 789 | # Generate keys to sign image nodes, only if they don't already exist |
| 790 | if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ |
| 791 | [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then |
| 792 | |
| 793 | # make directory if it does not already exist |
| 794 | mkdir -p "${UBOOT_SIGN_KEYDIR}" |
| 795 | |
| 796 | bbnote "Generating RSA private key for signing fitImage" |
| 797 | openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ |
| 798 | "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| 799 | "${FIT_SIGN_NUMBITS}" |
| 800 | |
| 801 | bbnote "Generating certificate for signing fitImage" |
| 802 | openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ |
| 803 | -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ |
| 804 | -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt |
| 805 | fi |
| 806 | fi |
| 807 | } |
| 808 | |
| 809 | addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile |
| 810 | |
| 811 | kernel_do_deploy[vardepsexclude] = "DATETIME" |
| 812 | kernel_do_deploy:append() { |
| 813 | # Update deploy directory |
| 814 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then |
| 815 | |
| 816 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 817 | bbnote "Copying fit-image.its source file..." |
| 818 | install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" |
| 819 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 820 | ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" |
| 821 | fi |
| 822 | |
| 823 | bbnote "Copying linux.bin file..." |
| 824 | install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} |
| 825 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 826 | ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" |
| 827 | fi |
| 828 | fi |
| 829 | |
| 830 | if [ -n "${INITRAMFS_IMAGE}" ]; then |
| 831 | bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." |
| 832 | install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" |
| 833 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 834 | ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| 835 | fi |
| 836 | |
| 837 | if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then |
| 838 | bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." |
Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame] | 839 | install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 840 | if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then |
| 841 | ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" |
| 842 | fi |
| 843 | fi |
| 844 | fi |
| 845 | fi |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 846 | } |