Lines Matching +full:u +full:- +full:boot
1 # This file is part of U-Boot verified boot support and is intended to be
2 # inherited from u-boot recipe and from kernel-fitimage.bbclass.
9 # UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
12 # As verified boot depends on fitImage generation, following is also required:
14 # KERNEL_CLASSES ?= " kernel-fitimage "
17 # The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
22 # * u-boot:do_install:append
29 # * u-boot:do_deploy[postfuncs]
32 # For more details on signature process, please refer to U-Boot documentation.
34 # We need some variables from u-boot-config
35 inherit uboot-config
37 # Enable use of a U-Boot fitImage
40 # Signature activation - these require their respective fitImages
45 UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
46 UBOOT_DTB_BINARY ?= "u-boot.dtb"
47 UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
48 UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
49 UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
50 UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.bin"
51 UBOOT_ITS_IMAGE ?= "u-boot-its-${MACHINE}-${PV}-${PR}"
52 UBOOT_ITS ?= "u-boot.its"
53 UBOOT_ITS_SYMLINK ?= "u-boot-its-${MACHINE}"
54 UBOOT_FITIMAGE_IMAGE ?= "u-boot-fitImage-${MACHINE}-${PV}-${PR}"
55 UBOOT_FITIMAGE_BINARY ?= "u-boot-fitImage"
56 UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
58 SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
59 SPL_DTB_BINARY ?= "u-boot-spl.dtb"
60 SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
61 SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
62 SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
63 SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
65 # U-Boot fitImage description
66 UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
68 # Kernel / U-Boot fitImage Hash Algo
72 # Kernel / U-Boot fitImage Signature Algo
76 # Kernel / U-Boot fitImage Padding Algo
77 FIT_PAD_ALG ?= "pkcs-1.5"
79 # Generate keys for signing Kernel / U-Boot fitImage
88 FIT_KEY_GENRSA_ARGS ?= "-F4"
89 UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
91 # args to openssl req (Default is -batch for non interactive mode and
92 # -new for new certificate)
93 FIT_KEY_REQ_ARGS ?= "-batch -new"
94 UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
97 FIT_KEY_SIGN_PKCS ?= "-x509"
98 UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
100 # Functions on this bbclass can apply to either U-boot or Kernel,
102 UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}"
105 # We need u-boot-tools-native if we're creating a U-Boot fitImage
109 depends = "%s u-boot-tools-native dtc-native" % depends
114 if [ -e "${UBOOT_DTB_BINARY}" ]; then
115 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
116 ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
119 if [ -f "${UBOOT_NODTB_BINARY}" ]; then
121 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
122 ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
125 # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
127 # concat_spl_dtb_helper function - cf. kernel-fitimage.bbclass for more details)
130 if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
131 [ -e "$deployed_uboot_dtb_binary" ]; then
134 elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
138 if [ -n "${UBOOT_CONFIG}" ]
146 if [ $j -eq $i ]
148 cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
154 bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
161 # We only deploy symlinks to the u-boot-spl.dtb,as the KERNEL_PN will
163 if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
164 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
165 ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
168 # Concatenate the SPL nodtb binary and u-boot.dtb
170 if [ -e "${DEPLOYDIR}/${SPL_NODTB_IMAGE}" -a -e "$deployed_spl_dtb_binary" ] ; then
174 bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
180 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${UBOOT_DTB_BINARY}" ]; then
181 mkdir -p ${DEPLOYDIR}
182 if [ -n "${UBOOT_CONFIG}" ]; then
197 if [ "${SPL_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" -a -n "${SPL_DTB_BINARY}" ]; then
198 mkdir -p ${DEPLOYDIR}
199 if [ -n "${UBOOT_CONFIG}" ]; then
217 if [ -f "${UBOOT_DTB_BINARY}" ]; then
220 install -Dm 0644 ${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE}
221 ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY}
227 # Install SPL dtb and u-boot nodtb to datadir,
229 if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
230 install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
231 ln -sf ${SPL_DTB_IMAGE} ${D}${datadir}/${SPL_DTB_BINARY}
235 if [ -f "${UBOOT_NODTB_BINARY}" ] ; then
236 install -Dm 0644 ${UBOOT_NODTB_BINARY} ${D}${datadir}/${UBOOT_NODTB_IMAGE}
237 ln -sf ${UBOOT_NODTB_IMAGE} ${D}${datadir}/${UBOOT_NODTB_BINARY}
242 # We need to install a 'stub' u-boot-fitimage + its to datadir,
251 if [ -n "${UBOOT_CONFIG}" ]; then
254 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
255 [ -n "${UBOOT_DTB_BINARY}" ]; then
258 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
264 if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
265 [ -n "${UBOOT_DTB_BINARY}" ]; then
268 if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
283 if [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key ] || \
284 [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt ]; then
287 mkdir -p "${SPL_SIGN_KEYDIR}"
289 echo "Generating RSA private key for signing U-Boot fitImage"
290 openssl genrsa ${UBOOT_FIT_KEY_GENRSA_ARGS} -out \
294 echo "Generating certificate for signing U-Boot fitImage"
296 -key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
297 -out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
305 # Create a ITS file for the U-boot FIT, for use when
317 rm -f $uboot_its $uboot_bin
321 /dts-v1/;
325 #address-cells = <1>;
329 description = "U-Boot image";
332 os = "u-boot";
343 key-name-hint = "$uboot_sign_keyname";
351 description = "U-Boot FDT";
362 key-name-hint = "$uboot_sign_keyname";
374 description = "Boot with signed U-Boot FIT";
383 # Assemble the U-boot FIT image
386 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
387 -f $uboot_its \
392 # Sign the U-boot FIT image and add public key to SPL dtb
395 ${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
396 -F -k "${SPL_SIGN_KEYDIR}" \
397 -K "$spl_dtb" \
398 -r $uboot_bin \
407 # pubkey in the u-boot.dtb file, so that we can use it when building the U-Boot
410 [ -n "${SPL_DTB_BINARY}" -a "${PN}" = "${KERNEL_PN}" ] ; then
413 # we need to copy the u-boot.dtb from staging ourselves
414 cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
416 # As we are in the kernel context, we need to copy u-boot-spl.dtb from staging first.
418 # will contain U-boot's PV
419 # Similarly, we need to get the filename for the 'stub' u-boot-fitimage + its in
422 # As for the u-boot.dtb (with fitimage's pubkey), it should come from the dependent
424 cp -P ${STAGING_DATADIR}/u-boot-spl*.dtb ${B}
425 cp -P ${STAGING_DATADIR}/u-boot-nodtb*.bin ${B}
426 rm -rf ${B}/u-boot-fitImage-* ${B}/u-boot-its-*
427 kernel_uboot_fitimage_name=`basename ${STAGING_DATADIR}/u-boot-fitImage-*`
428 kernel_uboot_its_name=`basename ${STAGING_DATADIR}/u-boot-its-*`
438 do_deploy:prepend:pn-${UBOOT_PN}() {
439 if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
444 # Deploy the u-boot-nodtb binary and symlinks...
445 if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
446 echo "Copying u-boot-nodtb binary..."
447 install -m 0644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
448 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
449 ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
453 # We only deploy the symlinks to the uboot-fitImage and uboot-its
455 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
456 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
457 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
458 ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
461 if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
468 do_deploy:append:pn-${UBOOT_PN}() {
469 # If we're creating a u-boot fitImage, point u-boot.bin
472 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_BINARY}
473 ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
483 # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb
484 # and/or the U-Boot fitImage
488 # As the U-Boot fitImage is created by the KERNEL_PN, we need
489 # to make sure that the u-boot-spl.dtb and u-boot-spl-nodtb.bin
494 # create the U-Boot fitImage after it