xref: /OK3568_Linux_fs/yocto/poky/meta/classes/kernel-fitimage.bbclass (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1inherit kernel-uboot kernel-artifact-names uboot-sign
2
3def get_fit_replacement_type(d):
4    kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
5    replacementtype = ""
6    if 'fitImage' in kerneltypes.split():
7        uarch = d.getVar("UBOOT_ARCH")
8        if uarch == "arm64":
9            replacementtype = "Image"
10        elif uarch == "riscv":
11            replacementtype = "Image"
12        elif uarch == "mips":
13            replacementtype = "vmlinuz.bin"
14        elif uarch == "x86":
15            replacementtype = "bzImage"
16        elif uarch == "microblaze":
17            replacementtype = "linux.bin"
18        else:
19            replacementtype = "zImage"
20    return replacementtype
21
22KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}"
23DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}"
24
25python __anonymous () {
26        # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal
27        # to kernel.bbclass . We have to override it, since we pack zImage
28        # (at least for now) into the fitImage .
29        typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
30        if 'fitImage' in typeformake.split():
31            d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT')))
32
33        image = d.getVar('INITRAMFS_IMAGE')
34        if image:
35            d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
36
37        ubootenv = d.getVar('UBOOT_ENV')
38        if ubootenv:
39            d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot')
40
41        #check if there are any dtb providers
42        providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb")
43        if providerdtb:
44            d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot')
45            d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot')
46            d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
47
48        # Verified boot will sign the fitImage and append the public key to
49        # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling
50        # the fitImage:
51        if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'):
52            uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
53            d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
54            if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
55                d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn)
56}
57
58
59# Description string
60FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
61
62# Sign individual images as well
63FIT_SIGN_INDIVIDUAL ?= "0"
64
65FIT_CONF_PREFIX ?= "conf-"
66FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
67
68FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
69
70# Allow user to select the default DTB for FIT image when multiple dtb's exists.
71FIT_CONF_DEFAULT_DTB ?= ""
72
73# Keys used to sign individually image nodes.
74# The keys to sign image nodes must be different from those used to sign
75# configuration nodes, otherwise the "required" property, from
76# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
77# Then the images signature checking will not be mandatory and no error will be
78# raised in case of failure.
79# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
80
81#
82# Emit the fitImage ITS header
83#
84# $1 ... .its filename
85fitimage_emit_fit_header() {
86	cat << EOF >> $1
87/dts-v1/;
88
89/ {
90        description = "${FIT_DESC}";
91        #address-cells = <1>;
92EOF
93}
94
95#
96# Emit the fitImage section bits
97#
98# $1 ... .its filename
99# $2 ... Section bit type: imagestart - image section start
100#                          confstart  - configuration section start
101#                          sectend    - section end
102#                          fitend     - fitimage end
103#
104fitimage_emit_section_maint() {
105	case $2 in
106	imagestart)
107		cat << EOF >> $1
108
109        images {
110EOF
111	;;
112	confstart)
113		cat << EOF >> $1
114
115        configurations {
116EOF
117	;;
118	sectend)
119		cat << EOF >> $1
120	};
121EOF
122	;;
123	fitend)
124		cat << EOF >> $1
125};
126EOF
127	;;
128	esac
129}
130
131#
132# Emit the fitImage ITS kernel section
133#
134# $1 ... .its filename
135# $2 ... Image counter
136# $3 ... Path to kernel image
137# $4 ... Compression type
138fitimage_emit_section_kernel() {
139
140	kernel_csum="${FIT_HASH_ALG}"
141	kernel_sign_algo="${FIT_SIGN_ALG}"
142	kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
143
144	ENTRYPOINT="${UBOOT_ENTRYPOINT}"
145	if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
146		ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
147			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
148	fi
149
150	cat << EOF >> $1
151                kernel-$2 {
152                        description = "Linux kernel";
153                        data = /incbin/("$3");
154                        type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
155                        arch = "${UBOOT_ARCH}";
156                        os = "linux";
157                        compression = "$4";
158                        load = <${UBOOT_LOADADDRESS}>;
159                        entry = <$ENTRYPOINT>;
160                        hash-1 {
161                                algo = "$kernel_csum";
162                        };
163                };
164EOF
165
166	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then
167		sed -i '$ d' $1
168		cat << EOF >> $1
169                        signature-1 {
170                                algo = "$kernel_csum,$kernel_sign_algo";
171                                key-name-hint = "$kernel_sign_keyname";
172                        };
173                };
174EOF
175	fi
176}
177
178#
179# Emit the fitImage ITS DTB section
180#
181# $1 ... .its filename
182# $2 ... Image counter
183# $3 ... Path to DTB image
184fitimage_emit_section_dtb() {
185
186	dtb_csum="${FIT_HASH_ALG}"
187	dtb_sign_algo="${FIT_SIGN_ALG}"
188	dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
189
190	dtb_loadline=""
191	dtb_ext=${DTB##*.}
192	if [ "${dtb_ext}" = "dtbo" ]; then
193		if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
194			dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
195		fi
196	elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
197		dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
198	fi
199	cat << EOF >> $1
200                fdt-$2 {
201                        description = "Flattened Device Tree blob";
202                        data = /incbin/("$3");
203                        type = "flat_dt";
204                        arch = "${UBOOT_ARCH}";
205                        compression = "none";
206                        $dtb_loadline
207                        hash-1 {
208                                algo = "$dtb_csum";
209                        };
210                };
211EOF
212
213	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then
214		sed -i '$ d' $1
215		cat << EOF >> $1
216                        signature-1 {
217                                algo = "$dtb_csum,$dtb_sign_algo";
218                                key-name-hint = "$dtb_sign_keyname";
219                        };
220                };
221EOF
222	fi
223}
224
225#
226# Emit the fitImage ITS u-boot script section
227#
228# $1 ... .its filename
229# $2 ... Image counter
230# $3 ... Path to boot script image
231fitimage_emit_section_boot_script() {
232
233	bootscr_csum="${FIT_HASH_ALG}"
234	bootscr_sign_algo="${FIT_SIGN_ALG}"
235	bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
236
237        cat << EOF >> $1
238                bootscr-$2 {
239                        description = "U-boot script";
240                        data = /incbin/("$3");
241                        type = "script";
242                        arch = "${UBOOT_ARCH}";
243                        compression = "none";
244                        hash-1 {
245                                algo = "$bootscr_csum";
246                        };
247                };
248EOF
249
250	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then
251		sed -i '$ d' $1
252		cat << EOF >> $1
253                        signature-1 {
254                                algo = "$bootscr_csum,$bootscr_sign_algo";
255                                key-name-hint = "$bootscr_sign_keyname";
256                        };
257                };
258EOF
259	fi
260}
261
262#
263# Emit the fitImage ITS setup section
264#
265# $1 ... .its filename
266# $2 ... Image counter
267# $3 ... Path to setup image
268fitimage_emit_section_setup() {
269
270	setup_csum="${FIT_HASH_ALG}"
271
272	cat << EOF >> $1
273                setup-$2 {
274                        description = "Linux setup.bin";
275                        data = /incbin/("$3");
276                        type = "x86_setup";
277                        arch = "${UBOOT_ARCH}";
278                        os = "linux";
279                        compression = "none";
280                        load = <0x00090000>;
281                        entry = <0x00090000>;
282                        hash-1 {
283                                algo = "$setup_csum";
284                        };
285                };
286EOF
287}
288
289#
290# Emit the fitImage ITS ramdisk section
291#
292# $1 ... .its filename
293# $2 ... Image counter
294# $3 ... Path to ramdisk image
295fitimage_emit_section_ramdisk() {
296
297	ramdisk_csum="${FIT_HASH_ALG}"
298	ramdisk_sign_algo="${FIT_SIGN_ALG}"
299	ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
300	ramdisk_loadline=""
301	ramdisk_entryline=""
302
303	if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
304		ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
305	fi
306	if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
307		ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
308	fi
309
310	cat << EOF >> $1
311                ramdisk-$2 {
312                        description = "${INITRAMFS_IMAGE}";
313                        data = /incbin/("$3");
314                        type = "ramdisk";
315                        arch = "${UBOOT_ARCH}";
316                        os = "linux";
317                        compression = "none";
318                        $ramdisk_loadline
319                        $ramdisk_entryline
320                        hash-1 {
321                                algo = "$ramdisk_csum";
322                        };
323                };
324EOF
325
326	if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then
327		sed -i '$ d' $1
328		cat << EOF >> $1
329                        signature-1 {
330                                algo = "$ramdisk_csum,$ramdisk_sign_algo";
331                                key-name-hint = "$ramdisk_sign_keyname";
332                        };
333                };
334EOF
335	fi
336}
337
338#
339# Emit the fitImage ITS configuration section
340#
341# $1 ... .its filename
342# $2 ... Linux kernel ID
343# $3 ... DTB image name
344# $4 ... ramdisk ID
345# $5 ... u-boot script ID
346# $6 ... config ID
347# $7 ... default flag
348fitimage_emit_section_config() {
349
350	conf_csum="${FIT_HASH_ALG}"
351	conf_sign_algo="${FIT_SIGN_ALG}"
352	conf_padding_algo="${FIT_PAD_ALG}"
353	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
354		conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
355	fi
356
357	its_file="$1"
358	kernel_id="$2"
359	dtb_image="$3"
360	ramdisk_id="$4"
361	bootscr_id="$5"
362	config_id="$6"
363	default_flag="$7"
364
365	# Test if we have any DTBs at all
366	sep=""
367	conf_desc=""
368	conf_node="${FIT_CONF_PREFIX}"
369	kernel_line=""
370	fdt_line=""
371	ramdisk_line=""
372	bootscr_line=""
373	setup_line=""
374	default_line=""
375	default_dtb_image="${FIT_CONF_DEFAULT_DTB}"
376
377	# conf node name is selected based on dtb ID if it is present,
378	# otherwise its selected based on kernel ID
379	if [ -n "$dtb_image" ]; then
380		conf_node=$conf_node$dtb_image
381	else
382		conf_node=$conf_node$kernel_id
383	fi
384
385	if [ -n "$kernel_id" ]; then
386		conf_desc="Linux kernel"
387		sep=", "
388		kernel_line="kernel = \"kernel-$kernel_id\";"
389	fi
390
391	if [ -n "$dtb_image" ]; then
392		conf_desc="$conf_desc${sep}FDT blob"
393		sep=", "
394		fdt_line="fdt = \"fdt-$dtb_image\";"
395	fi
396
397	if [ -n "$ramdisk_id" ]; then
398		conf_desc="$conf_desc${sep}ramdisk"
399		sep=", "
400		ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";"
401	fi
402
403	if [ -n "$bootscr_id" ]; then
404		conf_desc="$conf_desc${sep}u-boot script"
405		sep=", "
406		bootscr_line="bootscr = \"bootscr-$bootscr_id\";"
407	fi
408
409	if [ -n "$config_id" ]; then
410		conf_desc="$conf_desc${sep}setup"
411		setup_line="setup = \"setup-$config_id\";"
412	fi
413
414	if [ "$default_flag" = "1" ]; then
415		# default node is selected based on dtb ID if it is present,
416		# otherwise its selected based on kernel ID
417		if [ -n "$dtb_image" ]; then
418		        # Select default node as user specified dtb when
419		        # multiple dtb exists.
420		        if [ -n "$default_dtb_image" ]; then
421			        if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then
422			                default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
423			        else
424			                bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image"
425			        fi
426		        else
427			        default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
428		        fi
429		else
430			default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
431		fi
432	fi
433
434	cat << EOF >> $its_file
435                $default_line
436                $conf_node {
437                        description = "$default_flag $conf_desc";
438                        $kernel_line
439                        $fdt_line
440                        $ramdisk_line
441                        $bootscr_line
442                        $setup_line
443                        hash-1 {
444                                algo = "$conf_csum";
445                        };
446EOF
447
448	if [ -n "$conf_sign_keyname" ] ; then
449
450		sign_line="sign-images = "
451		sep=""
452
453		if [ -n "$kernel_id" ]; then
454			sign_line="$sign_line${sep}\"kernel\""
455			sep=", "
456		fi
457
458		if [ -n "$dtb_image" ]; then
459			sign_line="$sign_line${sep}\"fdt\""
460			sep=", "
461		fi
462
463		if [ -n "$ramdisk_id" ]; then
464			sign_line="$sign_line${sep}\"ramdisk\""
465			sep=", "
466		fi
467
468		if [ -n "$bootscr_id" ]; then
469			sign_line="$sign_line${sep}\"bootscr\""
470			sep=", "
471		fi
472
473		if [ -n "$config_id" ]; then
474			sign_line="$sign_line${sep}\"setup\""
475		fi
476
477		sign_line="$sign_line;"
478
479		cat << EOF >> $its_file
480                        signature-1 {
481                                algo = "$conf_csum,$conf_sign_algo";
482                                key-name-hint = "$conf_sign_keyname";
483                                padding = "$conf_padding_algo";
484                                $sign_line
485                        };
486EOF
487	fi
488
489	cat << EOF >> $its_file
490                };
491EOF
492}
493
494#
495# Assemble fitImage
496#
497# $1 ... .its filename
498# $2 ... fitImage name
499# $3 ... include ramdisk
500fitimage_assemble() {
501	kernelcount=1
502	dtbcount=""
503	DTBS=""
504	ramdiskcount=$3
505	setupcount=""
506	bootscr_id=""
507	rm -f $1 arch/${ARCH}/boot/$2
508
509	if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
510		bbfatal "Keys used to sign images and configuration nodes must be different."
511	fi
512
513	fitimage_emit_fit_header $1
514
515	#
516	# Step 1: Prepare a kernel image section.
517	#
518	fitimage_emit_section_maint $1 imagestart
519
520	uboot_prep_kimage
521	fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp"
522
523	#
524	# Step 2: Prepare a DTB image section
525	#
526
527	if [ -n "${KERNEL_DEVICETREE}" ]; then
528		dtbcount=1
529		for DTB in ${KERNEL_DEVICETREE}; do
530			if echo $DTB | grep -q '/dts/'; then
531				bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used."
532				DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'`
533			fi
534
535			# Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE}
536			if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then
537				continue
538			fi
539
540			DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
541			if [ ! -e "$DTB_PATH" ]; then
542				DTB_PATH="arch/${ARCH}/boot/$DTB"
543			fi
544
545			DTB=$(echo "$DTB" | tr '/' '_')
546
547			# Skip DTB if we've picked it up previously
548			echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
549
550			DTBS="$DTBS $DTB"
551			fitimage_emit_section_dtb $1 $DTB $DTB_PATH
552		done
553	fi
554
555	if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
556		dtbcount=1
557		for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
558		$(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
559			DTB=$(echo "$DTB" | tr '/' '_')
560
561			# Skip DTB/DTBO if we've picked it up previously
562			echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
563
564			DTBS="$DTBS $DTB"
565			fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB"
566		done
567	fi
568
569	#
570	# Step 3: Prepare a u-boot script section
571	#
572
573	if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then
574		if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then
575			cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B}
576			bootscr_id="${UBOOT_ENV_BINARY}"
577			fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY}
578		else
579			bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found."
580		fi
581	fi
582
583	#
584	# Step 4: Prepare a setup section. (For x86)
585	#
586	if [ -e arch/${ARCH}/boot/setup.bin ]; then
587		setupcount=1
588		fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
589	fi
590
591	#
592	# Step 5: Prepare a ramdisk section.
593	#
594	if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
595		# Find and use the first initramfs image archive type we find
596		found=
597		for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do
598			initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img"
599			if [ -e "$initramfs_path" ]; then
600				bbnote "Found initramfs image: $initramfs_path"
601				found=true
602				fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path"
603				break
604			else
605				bbnote "Did not find initramfs image: $initramfs_path"
606			fi
607		done
608
609		if [ -z "$found" ]; then
610			bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}"
611		fi
612	fi
613
614	fitimage_emit_section_maint $1 sectend
615
616	# Force the first Kernel and DTB in the default config
617	kernelcount=1
618	if [ -n "$dtbcount" ]; then
619		dtbcount=1
620	fi
621
622	#
623	# Step 6: Prepare a configurations section
624	#
625	fitimage_emit_section_maint $1 confstart
626
627	# kernel-fitimage.bbclass currently only supports a single kernel (no less or
628	# more) to be added to the FIT image along with 0 or more device trees and
629	# 0 or 1 ramdisk.
630        # It is also possible to include an initramfs bundle (kernel and rootfs in one binary)
631        # When the initramfs bundle is used ramdisk is disabled.
632	# If a device tree is to be part of the FIT image, then select
633	# the default configuration to be used is based on the dtbcount. If there is
634	# no dtb present than select the default configuation to be based on
635	# the kernelcount.
636	if [ -n "$DTBS" ]; then
637		i=1
638		for DTB in ${DTBS}; do
639			dtb_ext=${DTB##*.}
640			if [ "$dtb_ext" = "dtbo" ]; then
641				fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`"
642			else
643				fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`"
644			fi
645			i=`expr $i + 1`
646		done
647	else
648		defaultconfigcount=1
649		fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id"  "$setupcount" $defaultconfigcount
650	fi
651
652	fitimage_emit_section_maint $1 sectend
653
654	fitimage_emit_section_maint $1 fitend
655
656	#
657	# Step 7: Assemble the image
658	#
659	${UBOOT_MKIMAGE} \
660		${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
661		-f $1 \
662		arch/${ARCH}/boot/$2
663
664	#
665	# Step 8: Sign the image and add public key to U-Boot dtb
666	#
667	if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
668		add_key_to_u_boot=""
669		if [ -n "${UBOOT_DTB_BINARY}" ]; then
670			# The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy
671			# both of them, and don't dereference the symlink.
672			cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B}
673			add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}"
674		fi
675		${UBOOT_MKIMAGE_SIGN} \
676			${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
677			-F -k "${UBOOT_SIGN_KEYDIR}" \
678			$add_key_to_u_boot \
679			-r arch/${ARCH}/boot/$2 \
680			${UBOOT_MKIMAGE_SIGN_ARGS}
681	fi
682}
683
684do_assemble_fitimage() {
685	if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
686		cd ${B}
687		fitimage_assemble fit-image.its fitImage ""
688	fi
689}
690
691addtask assemble_fitimage before do_install after do_compile
692
693do_assemble_fitimage_initramfs() {
694	if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \
695		test -n "${INITRAMFS_IMAGE}" ; then
696		cd ${B}
697		if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then
698			fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage ""
699		else
700			fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1
701		fi
702	fi
703}
704
705addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
706
707do_kernel_generate_rsa_keys() {
708	if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
709		bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
710	fi
711
712	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
713
714		# Generate keys to sign configuration nodes, only if they don't already exist
715		if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
716			[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then
717
718			# make directory if it does not already exist
719			mkdir -p "${UBOOT_SIGN_KEYDIR}"
720
721			bbnote "Generating RSA private key for signing fitImage"
722			openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
723				"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
724			"${FIT_SIGN_NUMBITS}"
725
726			bbnote "Generating certificate for signing fitImage"
727			openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
728				-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
729				-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
730		fi
731
732		# Generate keys to sign image nodes, only if they don't already exist
733		if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \
734			[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then
735
736			# make directory if it does not already exist
737			mkdir -p "${UBOOT_SIGN_KEYDIR}"
738
739			bbnote "Generating RSA private key for signing fitImage"
740			openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
741				"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
742			"${FIT_SIGN_NUMBITS}"
743
744			bbnote "Generating certificate for signing fitImage"
745			openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
746				-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \
747				-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt
748		fi
749	fi
750}
751
752addtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile
753
754kernel_do_deploy[vardepsexclude] = "DATETIME"
755kernel_do_deploy:append() {
756	# Update deploy directory
757	if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
758
759		if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
760			bbnote "Copying fit-image.its source file..."
761			install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
762			if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
763				ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
764			fi
765
766			bbnote "Copying linux.bin file..."
767			install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}
768			if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
769				ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
770			fi
771		fi
772
773		if [ -n "${INITRAMFS_IMAGE}" ]; then
774			bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
775			install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
776			if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
777				ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
778			fi
779
780			if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
781				bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
782				install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
783				if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
784					ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
785				fi
786			fi
787		fi
788	fi
789	if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \
790	   [ -n "${UBOOT_DTB_BINARY}" ] ; then
791		# UBOOT_DTB_IMAGE is a realfile, but we can't use
792		# ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
793		# for u-boot, but we are in kernel env now.
794		install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
795	fi
796	if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then
797		# If we're also creating and/or signing the uboot fit, now we need to
798		# deploy it, it's its file, as well as u-boot-spl.dtb
799		install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/"
800		bbnote "Copying u-boot-fitImage file..."
801		install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/"
802		bbnote "Copying u-boot-its file..."
803		install -m 0644 ${B}/u-boot-its-* "$deployDir/"
804	fi
805}
806
807# The function below performs the following in case of initramfs bundles:
808# - Removes do_assemble_fitimage. FIT generation is done through
809#   do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed
810#   and should not be part of the tasks to be executed.
811# - Since do_kernel_generate_rsa_keys is inserted by default
812#   between do_compile and do_assemble_fitimage, this is
813#   not suitable in case of initramfs bundles.  do_kernel_generate_rsa_keys
814#   should be between do_bundle_initramfs and do_assemble_fitimage_initramfs.
815python () {
816    if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1":
817        bb.build.deltask('do_assemble_fitimage', d)
818        bb.build.deltask('kernel_generate_rsa_keys', d)
819        bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d)
820}
821