1*4882a593Smuzhiyuninherit kernel-uboot kernel-artifact-names uboot-sign 2*4882a593Smuzhiyun 3*4882a593Smuzhiyundef get_fit_replacement_type(d): 4*4882a593Smuzhiyun kerneltypes = d.getVar('KERNEL_IMAGETYPES') or "" 5*4882a593Smuzhiyun replacementtype = "" 6*4882a593Smuzhiyun if 'fitImage' in kerneltypes.split(): 7*4882a593Smuzhiyun uarch = d.getVar("UBOOT_ARCH") 8*4882a593Smuzhiyun if uarch == "arm64": 9*4882a593Smuzhiyun replacementtype = "Image" 10*4882a593Smuzhiyun elif uarch == "riscv": 11*4882a593Smuzhiyun replacementtype = "Image" 12*4882a593Smuzhiyun elif uarch == "mips": 13*4882a593Smuzhiyun replacementtype = "vmlinuz.bin" 14*4882a593Smuzhiyun elif uarch == "x86": 15*4882a593Smuzhiyun replacementtype = "bzImage" 16*4882a593Smuzhiyun elif uarch == "microblaze": 17*4882a593Smuzhiyun replacementtype = "linux.bin" 18*4882a593Smuzhiyun else: 19*4882a593Smuzhiyun replacementtype = "zImage" 20*4882a593Smuzhiyun return replacementtype 21*4882a593Smuzhiyun 22*4882a593SmuzhiyunKERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" 23*4882a593SmuzhiyunDEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" 24*4882a593Smuzhiyun 25*4882a593Smuzhiyunpython __anonymous () { 26*4882a593Smuzhiyun # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal 27*4882a593Smuzhiyun # to kernel.bbclass . We have to override it, since we pack zImage 28*4882a593Smuzhiyun # (at least for now) into the fitImage . 29*4882a593Smuzhiyun typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" 30*4882a593Smuzhiyun if 'fitImage' in typeformake.split(): 31*4882a593Smuzhiyun d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun image = d.getVar('INITRAMFS_IMAGE') 34*4882a593Smuzhiyun if image: 35*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun ubootenv = d.getVar('UBOOT_ENV') 38*4882a593Smuzhiyun if ubootenv: 39*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun #check if there are any dtb providers 42*4882a593Smuzhiyun providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") 43*4882a593Smuzhiyun if providerdtb: 44*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') 45*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') 46*4882a593Smuzhiyun d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") 47*4882a593Smuzhiyun 48*4882a593Smuzhiyun # Verified boot will sign the fitImage and append the public key to 49*4882a593Smuzhiyun # U-Boot dtb. We ensure the U-Boot dtb is deployed before assembling 50*4882a593Smuzhiyun # the fitImage: 51*4882a593Smuzhiyun if d.getVar('UBOOT_SIGN_ENABLE') == "1" and d.getVar('UBOOT_DTB_BINARY'): 52*4882a593Smuzhiyun uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' 53*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) 54*4882a593Smuzhiyun if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": 55*4882a593Smuzhiyun d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' %s:do_populate_sysroot' % uboot_pn) 56*4882a593Smuzhiyun} 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun# Description string 60*4882a593SmuzhiyunFIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun# Sign individual images as well 63*4882a593SmuzhiyunFIT_SIGN_INDIVIDUAL ?= "0" 64*4882a593Smuzhiyun 65*4882a593SmuzhiyunFIT_CONF_PREFIX ?= "conf-" 66*4882a593SmuzhiyunFIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" 67*4882a593Smuzhiyun 68*4882a593SmuzhiyunFIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun# Allow user to select the default DTB for FIT image when multiple dtb's exists. 71*4882a593SmuzhiyunFIT_CONF_DEFAULT_DTB ?= "" 72*4882a593Smuzhiyun 73*4882a593Smuzhiyun# Keys used to sign individually image nodes. 74*4882a593Smuzhiyun# The keys to sign image nodes must be different from those used to sign 75*4882a593Smuzhiyun# configuration nodes, otherwise the "required" property, from 76*4882a593Smuzhiyun# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". 77*4882a593Smuzhiyun# Then the images signature checking will not be mandatory and no error will be 78*4882a593Smuzhiyun# raised in case of failure. 79*4882a593Smuzhiyun# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun# 82*4882a593Smuzhiyun# Emit the fitImage ITS header 83*4882a593Smuzhiyun# 84*4882a593Smuzhiyun# $1 ... .its filename 85*4882a593Smuzhiyunfitimage_emit_fit_header() { 86*4882a593Smuzhiyun cat << EOF >> $1 87*4882a593Smuzhiyun/dts-v1/; 88*4882a593Smuzhiyun 89*4882a593Smuzhiyun/ { 90*4882a593Smuzhiyun description = "${FIT_DESC}"; 91*4882a593Smuzhiyun #address-cells = <1>; 92*4882a593SmuzhiyunEOF 93*4882a593Smuzhiyun} 94*4882a593Smuzhiyun 95*4882a593Smuzhiyun# 96*4882a593Smuzhiyun# Emit the fitImage section bits 97*4882a593Smuzhiyun# 98*4882a593Smuzhiyun# $1 ... .its filename 99*4882a593Smuzhiyun# $2 ... Section bit type: imagestart - image section start 100*4882a593Smuzhiyun# confstart - configuration section start 101*4882a593Smuzhiyun# sectend - section end 102*4882a593Smuzhiyun# fitend - fitimage end 103*4882a593Smuzhiyun# 104*4882a593Smuzhiyunfitimage_emit_section_maint() { 105*4882a593Smuzhiyun case $2 in 106*4882a593Smuzhiyun imagestart) 107*4882a593Smuzhiyun cat << EOF >> $1 108*4882a593Smuzhiyun 109*4882a593Smuzhiyun images { 110*4882a593SmuzhiyunEOF 111*4882a593Smuzhiyun ;; 112*4882a593Smuzhiyun confstart) 113*4882a593Smuzhiyun cat << EOF >> $1 114*4882a593Smuzhiyun 115*4882a593Smuzhiyun configurations { 116*4882a593SmuzhiyunEOF 117*4882a593Smuzhiyun ;; 118*4882a593Smuzhiyun sectend) 119*4882a593Smuzhiyun cat << EOF >> $1 120*4882a593Smuzhiyun }; 121*4882a593SmuzhiyunEOF 122*4882a593Smuzhiyun ;; 123*4882a593Smuzhiyun fitend) 124*4882a593Smuzhiyun cat << EOF >> $1 125*4882a593Smuzhiyun}; 126*4882a593SmuzhiyunEOF 127*4882a593Smuzhiyun ;; 128*4882a593Smuzhiyun esac 129*4882a593Smuzhiyun} 130*4882a593Smuzhiyun 131*4882a593Smuzhiyun# 132*4882a593Smuzhiyun# Emit the fitImage ITS kernel section 133*4882a593Smuzhiyun# 134*4882a593Smuzhiyun# $1 ... .its filename 135*4882a593Smuzhiyun# $2 ... Image counter 136*4882a593Smuzhiyun# $3 ... Path to kernel image 137*4882a593Smuzhiyun# $4 ... Compression type 138*4882a593Smuzhiyunfitimage_emit_section_kernel() { 139*4882a593Smuzhiyun 140*4882a593Smuzhiyun kernel_csum="${FIT_HASH_ALG}" 141*4882a593Smuzhiyun kernel_sign_algo="${FIT_SIGN_ALG}" 142*4882a593Smuzhiyun kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" 143*4882a593Smuzhiyun 144*4882a593Smuzhiyun ENTRYPOINT="${UBOOT_ENTRYPOINT}" 145*4882a593Smuzhiyun if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then 146*4882a593Smuzhiyun ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \ 147*4882a593Smuzhiyun awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` 148*4882a593Smuzhiyun fi 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun cat << EOF >> $1 151*4882a593Smuzhiyun kernel-$2 { 152*4882a593Smuzhiyun description = "Linux kernel"; 153*4882a593Smuzhiyun data = /incbin/("$3"); 154*4882a593Smuzhiyun type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; 155*4882a593Smuzhiyun arch = "${UBOOT_ARCH}"; 156*4882a593Smuzhiyun os = "linux"; 157*4882a593Smuzhiyun compression = "$4"; 158*4882a593Smuzhiyun load = <${UBOOT_LOADADDRESS}>; 159*4882a593Smuzhiyun entry = <$ENTRYPOINT>; 160*4882a593Smuzhiyun hash-1 { 161*4882a593Smuzhiyun algo = "$kernel_csum"; 162*4882a593Smuzhiyun }; 163*4882a593Smuzhiyun }; 164*4882a593SmuzhiyunEOF 165*4882a593Smuzhiyun 166*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$kernel_sign_keyname" ] ; then 167*4882a593Smuzhiyun sed -i '$ d' $1 168*4882a593Smuzhiyun cat << EOF >> $1 169*4882a593Smuzhiyun signature-1 { 170*4882a593Smuzhiyun algo = "$kernel_csum,$kernel_sign_algo"; 171*4882a593Smuzhiyun key-name-hint = "$kernel_sign_keyname"; 172*4882a593Smuzhiyun }; 173*4882a593Smuzhiyun }; 174*4882a593SmuzhiyunEOF 175*4882a593Smuzhiyun fi 176*4882a593Smuzhiyun} 177*4882a593Smuzhiyun 178*4882a593Smuzhiyun# 179*4882a593Smuzhiyun# Emit the fitImage ITS DTB section 180*4882a593Smuzhiyun# 181*4882a593Smuzhiyun# $1 ... .its filename 182*4882a593Smuzhiyun# $2 ... Image counter 183*4882a593Smuzhiyun# $3 ... Path to DTB image 184*4882a593Smuzhiyunfitimage_emit_section_dtb() { 185*4882a593Smuzhiyun 186*4882a593Smuzhiyun dtb_csum="${FIT_HASH_ALG}" 187*4882a593Smuzhiyun dtb_sign_algo="${FIT_SIGN_ALG}" 188*4882a593Smuzhiyun dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" 189*4882a593Smuzhiyun 190*4882a593Smuzhiyun dtb_loadline="" 191*4882a593Smuzhiyun dtb_ext=${DTB##*.} 192*4882a593Smuzhiyun if [ "${dtb_ext}" = "dtbo" ]; then 193*4882a593Smuzhiyun if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then 194*4882a593Smuzhiyun dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;" 195*4882a593Smuzhiyun fi 196*4882a593Smuzhiyun elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then 197*4882a593Smuzhiyun dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;" 198*4882a593Smuzhiyun fi 199*4882a593Smuzhiyun cat << EOF >> $1 200*4882a593Smuzhiyun fdt-$2 { 201*4882a593Smuzhiyun description = "Flattened Device Tree blob"; 202*4882a593Smuzhiyun data = /incbin/("$3"); 203*4882a593Smuzhiyun type = "flat_dt"; 204*4882a593Smuzhiyun arch = "${UBOOT_ARCH}"; 205*4882a593Smuzhiyun compression = "none"; 206*4882a593Smuzhiyun $dtb_loadline 207*4882a593Smuzhiyun hash-1 { 208*4882a593Smuzhiyun algo = "$dtb_csum"; 209*4882a593Smuzhiyun }; 210*4882a593Smuzhiyun }; 211*4882a593SmuzhiyunEOF 212*4882a593Smuzhiyun 213*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$dtb_sign_keyname" ] ; then 214*4882a593Smuzhiyun sed -i '$ d' $1 215*4882a593Smuzhiyun cat << EOF >> $1 216*4882a593Smuzhiyun signature-1 { 217*4882a593Smuzhiyun algo = "$dtb_csum,$dtb_sign_algo"; 218*4882a593Smuzhiyun key-name-hint = "$dtb_sign_keyname"; 219*4882a593Smuzhiyun }; 220*4882a593Smuzhiyun }; 221*4882a593SmuzhiyunEOF 222*4882a593Smuzhiyun fi 223*4882a593Smuzhiyun} 224*4882a593Smuzhiyun 225*4882a593Smuzhiyun# 226*4882a593Smuzhiyun# Emit the fitImage ITS u-boot script section 227*4882a593Smuzhiyun# 228*4882a593Smuzhiyun# $1 ... .its filename 229*4882a593Smuzhiyun# $2 ... Image counter 230*4882a593Smuzhiyun# $3 ... Path to boot script image 231*4882a593Smuzhiyunfitimage_emit_section_boot_script() { 232*4882a593Smuzhiyun 233*4882a593Smuzhiyun bootscr_csum="${FIT_HASH_ALG}" 234*4882a593Smuzhiyun bootscr_sign_algo="${FIT_SIGN_ALG}" 235*4882a593Smuzhiyun bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" 236*4882a593Smuzhiyun 237*4882a593Smuzhiyun cat << EOF >> $1 238*4882a593Smuzhiyun bootscr-$2 { 239*4882a593Smuzhiyun description = "U-boot script"; 240*4882a593Smuzhiyun data = /incbin/("$3"); 241*4882a593Smuzhiyun type = "script"; 242*4882a593Smuzhiyun arch = "${UBOOT_ARCH}"; 243*4882a593Smuzhiyun compression = "none"; 244*4882a593Smuzhiyun hash-1 { 245*4882a593Smuzhiyun algo = "$bootscr_csum"; 246*4882a593Smuzhiyun }; 247*4882a593Smuzhiyun }; 248*4882a593SmuzhiyunEOF 249*4882a593Smuzhiyun 250*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$bootscr_sign_keyname" ] ; then 251*4882a593Smuzhiyun sed -i '$ d' $1 252*4882a593Smuzhiyun cat << EOF >> $1 253*4882a593Smuzhiyun signature-1 { 254*4882a593Smuzhiyun algo = "$bootscr_csum,$bootscr_sign_algo"; 255*4882a593Smuzhiyun key-name-hint = "$bootscr_sign_keyname"; 256*4882a593Smuzhiyun }; 257*4882a593Smuzhiyun }; 258*4882a593SmuzhiyunEOF 259*4882a593Smuzhiyun fi 260*4882a593Smuzhiyun} 261*4882a593Smuzhiyun 262*4882a593Smuzhiyun# 263*4882a593Smuzhiyun# Emit the fitImage ITS setup section 264*4882a593Smuzhiyun# 265*4882a593Smuzhiyun# $1 ... .its filename 266*4882a593Smuzhiyun# $2 ... Image counter 267*4882a593Smuzhiyun# $3 ... Path to setup image 268*4882a593Smuzhiyunfitimage_emit_section_setup() { 269*4882a593Smuzhiyun 270*4882a593Smuzhiyun setup_csum="${FIT_HASH_ALG}" 271*4882a593Smuzhiyun 272*4882a593Smuzhiyun cat << EOF >> $1 273*4882a593Smuzhiyun setup-$2 { 274*4882a593Smuzhiyun description = "Linux setup.bin"; 275*4882a593Smuzhiyun data = /incbin/("$3"); 276*4882a593Smuzhiyun type = "x86_setup"; 277*4882a593Smuzhiyun arch = "${UBOOT_ARCH}"; 278*4882a593Smuzhiyun os = "linux"; 279*4882a593Smuzhiyun compression = "none"; 280*4882a593Smuzhiyun load = <0x00090000>; 281*4882a593Smuzhiyun entry = <0x00090000>; 282*4882a593Smuzhiyun hash-1 { 283*4882a593Smuzhiyun algo = "$setup_csum"; 284*4882a593Smuzhiyun }; 285*4882a593Smuzhiyun }; 286*4882a593SmuzhiyunEOF 287*4882a593Smuzhiyun} 288*4882a593Smuzhiyun 289*4882a593Smuzhiyun# 290*4882a593Smuzhiyun# Emit the fitImage ITS ramdisk section 291*4882a593Smuzhiyun# 292*4882a593Smuzhiyun# $1 ... .its filename 293*4882a593Smuzhiyun# $2 ... Image counter 294*4882a593Smuzhiyun# $3 ... Path to ramdisk image 295*4882a593Smuzhiyunfitimage_emit_section_ramdisk() { 296*4882a593Smuzhiyun 297*4882a593Smuzhiyun ramdisk_csum="${FIT_HASH_ALG}" 298*4882a593Smuzhiyun ramdisk_sign_algo="${FIT_SIGN_ALG}" 299*4882a593Smuzhiyun ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" 300*4882a593Smuzhiyun ramdisk_loadline="" 301*4882a593Smuzhiyun ramdisk_entryline="" 302*4882a593Smuzhiyun 303*4882a593Smuzhiyun if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then 304*4882a593Smuzhiyun ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;" 305*4882a593Smuzhiyun fi 306*4882a593Smuzhiyun if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then 307*4882a593Smuzhiyun ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;" 308*4882a593Smuzhiyun fi 309*4882a593Smuzhiyun 310*4882a593Smuzhiyun cat << EOF >> $1 311*4882a593Smuzhiyun ramdisk-$2 { 312*4882a593Smuzhiyun description = "${INITRAMFS_IMAGE}"; 313*4882a593Smuzhiyun data = /incbin/("$3"); 314*4882a593Smuzhiyun type = "ramdisk"; 315*4882a593Smuzhiyun arch = "${UBOOT_ARCH}"; 316*4882a593Smuzhiyun os = "linux"; 317*4882a593Smuzhiyun compression = "none"; 318*4882a593Smuzhiyun $ramdisk_loadline 319*4882a593Smuzhiyun $ramdisk_entryline 320*4882a593Smuzhiyun hash-1 { 321*4882a593Smuzhiyun algo = "$ramdisk_csum"; 322*4882a593Smuzhiyun }; 323*4882a593Smuzhiyun }; 324*4882a593SmuzhiyunEOF 325*4882a593Smuzhiyun 326*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$ramdisk_sign_keyname" ] ; then 327*4882a593Smuzhiyun sed -i '$ d' $1 328*4882a593Smuzhiyun cat << EOF >> $1 329*4882a593Smuzhiyun signature-1 { 330*4882a593Smuzhiyun algo = "$ramdisk_csum,$ramdisk_sign_algo"; 331*4882a593Smuzhiyun key-name-hint = "$ramdisk_sign_keyname"; 332*4882a593Smuzhiyun }; 333*4882a593Smuzhiyun }; 334*4882a593SmuzhiyunEOF 335*4882a593Smuzhiyun fi 336*4882a593Smuzhiyun} 337*4882a593Smuzhiyun 338*4882a593Smuzhiyun# 339*4882a593Smuzhiyun# Emit the fitImage ITS configuration section 340*4882a593Smuzhiyun# 341*4882a593Smuzhiyun# $1 ... .its filename 342*4882a593Smuzhiyun# $2 ... Linux kernel ID 343*4882a593Smuzhiyun# $3 ... DTB image name 344*4882a593Smuzhiyun# $4 ... ramdisk ID 345*4882a593Smuzhiyun# $5 ... u-boot script ID 346*4882a593Smuzhiyun# $6 ... config ID 347*4882a593Smuzhiyun# $7 ... default flag 348*4882a593Smuzhiyunfitimage_emit_section_config() { 349*4882a593Smuzhiyun 350*4882a593Smuzhiyun conf_csum="${FIT_HASH_ALG}" 351*4882a593Smuzhiyun conf_sign_algo="${FIT_SIGN_ALG}" 352*4882a593Smuzhiyun conf_padding_algo="${FIT_PAD_ALG}" 353*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then 354*4882a593Smuzhiyun conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" 355*4882a593Smuzhiyun fi 356*4882a593Smuzhiyun 357*4882a593Smuzhiyun its_file="$1" 358*4882a593Smuzhiyun kernel_id="$2" 359*4882a593Smuzhiyun dtb_image="$3" 360*4882a593Smuzhiyun ramdisk_id="$4" 361*4882a593Smuzhiyun bootscr_id="$5" 362*4882a593Smuzhiyun config_id="$6" 363*4882a593Smuzhiyun default_flag="$7" 364*4882a593Smuzhiyun 365*4882a593Smuzhiyun # Test if we have any DTBs at all 366*4882a593Smuzhiyun sep="" 367*4882a593Smuzhiyun conf_desc="" 368*4882a593Smuzhiyun conf_node="${FIT_CONF_PREFIX}" 369*4882a593Smuzhiyun kernel_line="" 370*4882a593Smuzhiyun fdt_line="" 371*4882a593Smuzhiyun ramdisk_line="" 372*4882a593Smuzhiyun bootscr_line="" 373*4882a593Smuzhiyun setup_line="" 374*4882a593Smuzhiyun default_line="" 375*4882a593Smuzhiyun default_dtb_image="${FIT_CONF_DEFAULT_DTB}" 376*4882a593Smuzhiyun 377*4882a593Smuzhiyun # conf node name is selected based on dtb ID if it is present, 378*4882a593Smuzhiyun # otherwise its selected based on kernel ID 379*4882a593Smuzhiyun if [ -n "$dtb_image" ]; then 380*4882a593Smuzhiyun conf_node=$conf_node$dtb_image 381*4882a593Smuzhiyun else 382*4882a593Smuzhiyun conf_node=$conf_node$kernel_id 383*4882a593Smuzhiyun fi 384*4882a593Smuzhiyun 385*4882a593Smuzhiyun if [ -n "$kernel_id" ]; then 386*4882a593Smuzhiyun conf_desc="Linux kernel" 387*4882a593Smuzhiyun sep=", " 388*4882a593Smuzhiyun kernel_line="kernel = \"kernel-$kernel_id\";" 389*4882a593Smuzhiyun fi 390*4882a593Smuzhiyun 391*4882a593Smuzhiyun if [ -n "$dtb_image" ]; then 392*4882a593Smuzhiyun conf_desc="$conf_desc${sep}FDT blob" 393*4882a593Smuzhiyun sep=", " 394*4882a593Smuzhiyun fdt_line="fdt = \"fdt-$dtb_image\";" 395*4882a593Smuzhiyun fi 396*4882a593Smuzhiyun 397*4882a593Smuzhiyun if [ -n "$ramdisk_id" ]; then 398*4882a593Smuzhiyun conf_desc="$conf_desc${sep}ramdisk" 399*4882a593Smuzhiyun sep=", " 400*4882a593Smuzhiyun ramdisk_line="ramdisk = \"ramdisk-$ramdisk_id\";" 401*4882a593Smuzhiyun fi 402*4882a593Smuzhiyun 403*4882a593Smuzhiyun if [ -n "$bootscr_id" ]; then 404*4882a593Smuzhiyun conf_desc="$conf_desc${sep}u-boot script" 405*4882a593Smuzhiyun sep=", " 406*4882a593Smuzhiyun bootscr_line="bootscr = \"bootscr-$bootscr_id\";" 407*4882a593Smuzhiyun fi 408*4882a593Smuzhiyun 409*4882a593Smuzhiyun if [ -n "$config_id" ]; then 410*4882a593Smuzhiyun conf_desc="$conf_desc${sep}setup" 411*4882a593Smuzhiyun setup_line="setup = \"setup-$config_id\";" 412*4882a593Smuzhiyun fi 413*4882a593Smuzhiyun 414*4882a593Smuzhiyun if [ "$default_flag" = "1" ]; then 415*4882a593Smuzhiyun # default node is selected based on dtb ID if it is present, 416*4882a593Smuzhiyun # otherwise its selected based on kernel ID 417*4882a593Smuzhiyun if [ -n "$dtb_image" ]; then 418*4882a593Smuzhiyun # Select default node as user specified dtb when 419*4882a593Smuzhiyun # multiple dtb exists. 420*4882a593Smuzhiyun if [ -n "$default_dtb_image" ]; then 421*4882a593Smuzhiyun if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then 422*4882a593Smuzhiyun default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" 423*4882a593Smuzhiyun else 424*4882a593Smuzhiyun bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" 425*4882a593Smuzhiyun fi 426*4882a593Smuzhiyun else 427*4882a593Smuzhiyun default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" 428*4882a593Smuzhiyun fi 429*4882a593Smuzhiyun else 430*4882a593Smuzhiyun default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" 431*4882a593Smuzhiyun fi 432*4882a593Smuzhiyun fi 433*4882a593Smuzhiyun 434*4882a593Smuzhiyun cat << EOF >> $its_file 435*4882a593Smuzhiyun $default_line 436*4882a593Smuzhiyun $conf_node { 437*4882a593Smuzhiyun description = "$default_flag $conf_desc"; 438*4882a593Smuzhiyun $kernel_line 439*4882a593Smuzhiyun $fdt_line 440*4882a593Smuzhiyun $ramdisk_line 441*4882a593Smuzhiyun $bootscr_line 442*4882a593Smuzhiyun $setup_line 443*4882a593Smuzhiyun hash-1 { 444*4882a593Smuzhiyun algo = "$conf_csum"; 445*4882a593Smuzhiyun }; 446*4882a593SmuzhiyunEOF 447*4882a593Smuzhiyun 448*4882a593Smuzhiyun if [ -n "$conf_sign_keyname" ] ; then 449*4882a593Smuzhiyun 450*4882a593Smuzhiyun sign_line="sign-images = " 451*4882a593Smuzhiyun sep="" 452*4882a593Smuzhiyun 453*4882a593Smuzhiyun if [ -n "$kernel_id" ]; then 454*4882a593Smuzhiyun sign_line="$sign_line${sep}\"kernel\"" 455*4882a593Smuzhiyun sep=", " 456*4882a593Smuzhiyun fi 457*4882a593Smuzhiyun 458*4882a593Smuzhiyun if [ -n "$dtb_image" ]; then 459*4882a593Smuzhiyun sign_line="$sign_line${sep}\"fdt\"" 460*4882a593Smuzhiyun sep=", " 461*4882a593Smuzhiyun fi 462*4882a593Smuzhiyun 463*4882a593Smuzhiyun if [ -n "$ramdisk_id" ]; then 464*4882a593Smuzhiyun sign_line="$sign_line${sep}\"ramdisk\"" 465*4882a593Smuzhiyun sep=", " 466*4882a593Smuzhiyun fi 467*4882a593Smuzhiyun 468*4882a593Smuzhiyun if [ -n "$bootscr_id" ]; then 469*4882a593Smuzhiyun sign_line="$sign_line${sep}\"bootscr\"" 470*4882a593Smuzhiyun sep=", " 471*4882a593Smuzhiyun fi 472*4882a593Smuzhiyun 473*4882a593Smuzhiyun if [ -n "$config_id" ]; then 474*4882a593Smuzhiyun sign_line="$sign_line${sep}\"setup\"" 475*4882a593Smuzhiyun fi 476*4882a593Smuzhiyun 477*4882a593Smuzhiyun sign_line="$sign_line;" 478*4882a593Smuzhiyun 479*4882a593Smuzhiyun cat << EOF >> $its_file 480*4882a593Smuzhiyun signature-1 { 481*4882a593Smuzhiyun algo = "$conf_csum,$conf_sign_algo"; 482*4882a593Smuzhiyun key-name-hint = "$conf_sign_keyname"; 483*4882a593Smuzhiyun padding = "$conf_padding_algo"; 484*4882a593Smuzhiyun $sign_line 485*4882a593Smuzhiyun }; 486*4882a593SmuzhiyunEOF 487*4882a593Smuzhiyun fi 488*4882a593Smuzhiyun 489*4882a593Smuzhiyun cat << EOF >> $its_file 490*4882a593Smuzhiyun }; 491*4882a593SmuzhiyunEOF 492*4882a593Smuzhiyun} 493*4882a593Smuzhiyun 494*4882a593Smuzhiyun# 495*4882a593Smuzhiyun# Assemble fitImage 496*4882a593Smuzhiyun# 497*4882a593Smuzhiyun# $1 ... .its filename 498*4882a593Smuzhiyun# $2 ... fitImage name 499*4882a593Smuzhiyun# $3 ... include ramdisk 500*4882a593Smuzhiyunfitimage_assemble() { 501*4882a593Smuzhiyun kernelcount=1 502*4882a593Smuzhiyun dtbcount="" 503*4882a593Smuzhiyun DTBS="" 504*4882a593Smuzhiyun ramdiskcount=$3 505*4882a593Smuzhiyun setupcount="" 506*4882a593Smuzhiyun bootscr_id="" 507*4882a593Smuzhiyun rm -f $1 arch/${ARCH}/boot/$2 508*4882a593Smuzhiyun 509*4882a593Smuzhiyun if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then 510*4882a593Smuzhiyun bbfatal "Keys used to sign images and configuration nodes must be different." 511*4882a593Smuzhiyun fi 512*4882a593Smuzhiyun 513*4882a593Smuzhiyun fitimage_emit_fit_header $1 514*4882a593Smuzhiyun 515*4882a593Smuzhiyun # 516*4882a593Smuzhiyun # Step 1: Prepare a kernel image section. 517*4882a593Smuzhiyun # 518*4882a593Smuzhiyun fitimage_emit_section_maint $1 imagestart 519*4882a593Smuzhiyun 520*4882a593Smuzhiyun uboot_prep_kimage 521*4882a593Smuzhiyun fitimage_emit_section_kernel $1 $kernelcount linux.bin "$linux_comp" 522*4882a593Smuzhiyun 523*4882a593Smuzhiyun # 524*4882a593Smuzhiyun # Step 2: Prepare a DTB image section 525*4882a593Smuzhiyun # 526*4882a593Smuzhiyun 527*4882a593Smuzhiyun if [ -n "${KERNEL_DEVICETREE}" ]; then 528*4882a593Smuzhiyun dtbcount=1 529*4882a593Smuzhiyun for DTB in ${KERNEL_DEVICETREE}; do 530*4882a593Smuzhiyun if echo $DTB | grep -q '/dts/'; then 531*4882a593Smuzhiyun bbwarn "$DTB contains the full path to the the dts file, but only the dtb name should be used." 532*4882a593Smuzhiyun DTB=`basename $DTB | sed 's,\.dts$,.dtb,g'` 533*4882a593Smuzhiyun fi 534*4882a593Smuzhiyun 535*4882a593Smuzhiyun # Skip ${DTB} if it's also provided in ${EXTERNAL_KERNEL_DEVICETREE} 536*4882a593Smuzhiyun if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -s ${EXTERNAL_KERNEL_DEVICETREE}/${DTB} ]; then 537*4882a593Smuzhiyun continue 538*4882a593Smuzhiyun fi 539*4882a593Smuzhiyun 540*4882a593Smuzhiyun DTB_PATH="arch/${ARCH}/boot/dts/$DTB" 541*4882a593Smuzhiyun if [ ! -e "$DTB_PATH" ]; then 542*4882a593Smuzhiyun DTB_PATH="arch/${ARCH}/boot/$DTB" 543*4882a593Smuzhiyun fi 544*4882a593Smuzhiyun 545*4882a593Smuzhiyun DTB=$(echo "$DTB" | tr '/' '_') 546*4882a593Smuzhiyun 547*4882a593Smuzhiyun # Skip DTB if we've picked it up previously 548*4882a593Smuzhiyun echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue 549*4882a593Smuzhiyun 550*4882a593Smuzhiyun DTBS="$DTBS $DTB" 551*4882a593Smuzhiyun fitimage_emit_section_dtb $1 $DTB $DTB_PATH 552*4882a593Smuzhiyun done 553*4882a593Smuzhiyun fi 554*4882a593Smuzhiyun 555*4882a593Smuzhiyun if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then 556*4882a593Smuzhiyun dtbcount=1 557*4882a593Smuzhiyun for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ 558*4882a593Smuzhiyun $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do 559*4882a593Smuzhiyun DTB=$(echo "$DTB" | tr '/' '_') 560*4882a593Smuzhiyun 561*4882a593Smuzhiyun # Skip DTB/DTBO if we've picked it up previously 562*4882a593Smuzhiyun echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue 563*4882a593Smuzhiyun 564*4882a593Smuzhiyun DTBS="$DTBS $DTB" 565*4882a593Smuzhiyun fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" 566*4882a593Smuzhiyun done 567*4882a593Smuzhiyun fi 568*4882a593Smuzhiyun 569*4882a593Smuzhiyun # 570*4882a593Smuzhiyun # Step 3: Prepare a u-boot script section 571*4882a593Smuzhiyun # 572*4882a593Smuzhiyun 573*4882a593Smuzhiyun if [ -n "${UBOOT_ENV}" ] && [ -d "${STAGING_DIR_HOST}/boot" ]; then 574*4882a593Smuzhiyun if [ -e "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY}" ]; then 575*4882a593Smuzhiyun cp ${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} ${B} 576*4882a593Smuzhiyun bootscr_id="${UBOOT_ENV_BINARY}" 577*4882a593Smuzhiyun fitimage_emit_section_boot_script $1 "$bootscr_id" ${UBOOT_ENV_BINARY} 578*4882a593Smuzhiyun else 579*4882a593Smuzhiyun bbwarn "${STAGING_DIR_HOST}/boot/${UBOOT_ENV_BINARY} not found." 580*4882a593Smuzhiyun fi 581*4882a593Smuzhiyun fi 582*4882a593Smuzhiyun 583*4882a593Smuzhiyun # 584*4882a593Smuzhiyun # Step 4: Prepare a setup section. (For x86) 585*4882a593Smuzhiyun # 586*4882a593Smuzhiyun if [ -e arch/${ARCH}/boot/setup.bin ]; then 587*4882a593Smuzhiyun setupcount=1 588*4882a593Smuzhiyun fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin 589*4882a593Smuzhiyun fi 590*4882a593Smuzhiyun 591*4882a593Smuzhiyun # 592*4882a593Smuzhiyun # Step 5: Prepare a ramdisk section. 593*4882a593Smuzhiyun # 594*4882a593Smuzhiyun if [ "x${ramdiskcount}" = "x1" ] && [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then 595*4882a593Smuzhiyun # Find and use the first initramfs image archive type we find 596*4882a593Smuzhiyun found= 597*4882a593Smuzhiyun for img in ${FIT_SUPPORTED_INITRAMFS_FSTYPES}; do 598*4882a593Smuzhiyun initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.$img" 599*4882a593Smuzhiyun if [ -e "$initramfs_path" ]; then 600*4882a593Smuzhiyun bbnote "Found initramfs image: $initramfs_path" 601*4882a593Smuzhiyun found=true 602*4882a593Smuzhiyun fitimage_emit_section_ramdisk $1 "$ramdiskcount" "$initramfs_path" 603*4882a593Smuzhiyun break 604*4882a593Smuzhiyun else 605*4882a593Smuzhiyun bbnote "Did not find initramfs image: $initramfs_path" 606*4882a593Smuzhiyun fi 607*4882a593Smuzhiyun done 608*4882a593Smuzhiyun 609*4882a593Smuzhiyun if [ -z "$found" ]; then 610*4882a593Smuzhiyun bbfatal "Could not find a valid initramfs type for ${INITRAMFS_IMAGE_NAME}, the supported types are: ${FIT_SUPPORTED_INITRAMFS_FSTYPES}" 611*4882a593Smuzhiyun fi 612*4882a593Smuzhiyun fi 613*4882a593Smuzhiyun 614*4882a593Smuzhiyun fitimage_emit_section_maint $1 sectend 615*4882a593Smuzhiyun 616*4882a593Smuzhiyun # Force the first Kernel and DTB in the default config 617*4882a593Smuzhiyun kernelcount=1 618*4882a593Smuzhiyun if [ -n "$dtbcount" ]; then 619*4882a593Smuzhiyun dtbcount=1 620*4882a593Smuzhiyun fi 621*4882a593Smuzhiyun 622*4882a593Smuzhiyun # 623*4882a593Smuzhiyun # Step 6: Prepare a configurations section 624*4882a593Smuzhiyun # 625*4882a593Smuzhiyun fitimage_emit_section_maint $1 confstart 626*4882a593Smuzhiyun 627*4882a593Smuzhiyun # kernel-fitimage.bbclass currently only supports a single kernel (no less or 628*4882a593Smuzhiyun # more) to be added to the FIT image along with 0 or more device trees and 629*4882a593Smuzhiyun # 0 or 1 ramdisk. 630*4882a593Smuzhiyun # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) 631*4882a593Smuzhiyun # When the initramfs bundle is used ramdisk is disabled. 632*4882a593Smuzhiyun # If a device tree is to be part of the FIT image, then select 633*4882a593Smuzhiyun # the default configuration to be used is based on the dtbcount. If there is 634*4882a593Smuzhiyun # no dtb present than select the default configuation to be based on 635*4882a593Smuzhiyun # the kernelcount. 636*4882a593Smuzhiyun if [ -n "$DTBS" ]; then 637*4882a593Smuzhiyun i=1 638*4882a593Smuzhiyun for DTB in ${DTBS}; do 639*4882a593Smuzhiyun dtb_ext=${DTB##*.} 640*4882a593Smuzhiyun if [ "$dtb_ext" = "dtbo" ]; then 641*4882a593Smuzhiyun fitimage_emit_section_config $1 "" "$DTB" "" "$bootscr_id" "" "`expr $i = $dtbcount`" 642*4882a593Smuzhiyun else 643*4882a593Smuzhiyun fitimage_emit_section_config $1 $kernelcount "$DTB" "$ramdiskcount" "$bootscr_id" "$setupcount" "`expr $i = $dtbcount`" 644*4882a593Smuzhiyun fi 645*4882a593Smuzhiyun i=`expr $i + 1` 646*4882a593Smuzhiyun done 647*4882a593Smuzhiyun else 648*4882a593Smuzhiyun defaultconfigcount=1 649*4882a593Smuzhiyun fitimage_emit_section_config $1 $kernelcount "" "$ramdiskcount" "$bootscr_id" "$setupcount" $defaultconfigcount 650*4882a593Smuzhiyun fi 651*4882a593Smuzhiyun 652*4882a593Smuzhiyun fitimage_emit_section_maint $1 sectend 653*4882a593Smuzhiyun 654*4882a593Smuzhiyun fitimage_emit_section_maint $1 fitend 655*4882a593Smuzhiyun 656*4882a593Smuzhiyun # 657*4882a593Smuzhiyun # Step 7: Assemble the image 658*4882a593Smuzhiyun # 659*4882a593Smuzhiyun ${UBOOT_MKIMAGE} \ 660*4882a593Smuzhiyun ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ 661*4882a593Smuzhiyun -f $1 \ 662*4882a593Smuzhiyun arch/${ARCH}/boot/$2 663*4882a593Smuzhiyun 664*4882a593Smuzhiyun # 665*4882a593Smuzhiyun # Step 8: Sign the image and add public key to U-Boot dtb 666*4882a593Smuzhiyun # 667*4882a593Smuzhiyun if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then 668*4882a593Smuzhiyun add_key_to_u_boot="" 669*4882a593Smuzhiyun if [ -n "${UBOOT_DTB_BINARY}" ]; then 670*4882a593Smuzhiyun # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy 671*4882a593Smuzhiyun # both of them, and don't dereference the symlink. 672*4882a593Smuzhiyun cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} 673*4882a593Smuzhiyun add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" 674*4882a593Smuzhiyun fi 675*4882a593Smuzhiyun ${UBOOT_MKIMAGE_SIGN} \ 676*4882a593Smuzhiyun ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ 677*4882a593Smuzhiyun -F -k "${UBOOT_SIGN_KEYDIR}" \ 678*4882a593Smuzhiyun $add_key_to_u_boot \ 679*4882a593Smuzhiyun -r arch/${ARCH}/boot/$2 \ 680*4882a593Smuzhiyun ${UBOOT_MKIMAGE_SIGN_ARGS} 681*4882a593Smuzhiyun fi 682*4882a593Smuzhiyun} 683*4882a593Smuzhiyun 684*4882a593Smuzhiyundo_assemble_fitimage() { 685*4882a593Smuzhiyun if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then 686*4882a593Smuzhiyun cd ${B} 687*4882a593Smuzhiyun fitimage_assemble fit-image.its fitImage "" 688*4882a593Smuzhiyun fi 689*4882a593Smuzhiyun} 690*4882a593Smuzhiyun 691*4882a593Smuzhiyunaddtask assemble_fitimage before do_install after do_compile 692*4882a593Smuzhiyun 693*4882a593Smuzhiyundo_assemble_fitimage_initramfs() { 694*4882a593Smuzhiyun if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage" && \ 695*4882a593Smuzhiyun test -n "${INITRAMFS_IMAGE}" ; then 696*4882a593Smuzhiyun cd ${B} 697*4882a593Smuzhiyun if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ]; then 698*4882a593Smuzhiyun fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage "" 699*4882a593Smuzhiyun else 700*4882a593Smuzhiyun fitimage_assemble fit-image-${INITRAMFS_IMAGE}.its fitImage-${INITRAMFS_IMAGE} 1 701*4882a593Smuzhiyun fi 702*4882a593Smuzhiyun fi 703*4882a593Smuzhiyun} 704*4882a593Smuzhiyun 705*4882a593Smuzhiyunaddtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs 706*4882a593Smuzhiyun 707*4882a593Smuzhiyundo_kernel_generate_rsa_keys() { 708*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then 709*4882a593Smuzhiyun bbwarn "FIT_GENERATE_KEYS is set to 1 even though UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used." 710*4882a593Smuzhiyun fi 711*4882a593Smuzhiyun 712*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then 713*4882a593Smuzhiyun 714*4882a593Smuzhiyun # Generate keys to sign configuration nodes, only if they don't already exist 715*4882a593Smuzhiyun if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ 716*4882a593Smuzhiyun [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then 717*4882a593Smuzhiyun 718*4882a593Smuzhiyun # make directory if it does not already exist 719*4882a593Smuzhiyun mkdir -p "${UBOOT_SIGN_KEYDIR}" 720*4882a593Smuzhiyun 721*4882a593Smuzhiyun bbnote "Generating RSA private key for signing fitImage" 722*4882a593Smuzhiyun openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ 723*4882a593Smuzhiyun "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ 724*4882a593Smuzhiyun "${FIT_SIGN_NUMBITS}" 725*4882a593Smuzhiyun 726*4882a593Smuzhiyun bbnote "Generating certificate for signing fitImage" 727*4882a593Smuzhiyun openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ 728*4882a593Smuzhiyun -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ 729*4882a593Smuzhiyun -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt 730*4882a593Smuzhiyun fi 731*4882a593Smuzhiyun 732*4882a593Smuzhiyun # Generate keys to sign image nodes, only if they don't already exist 733*4882a593Smuzhiyun if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ 734*4882a593Smuzhiyun [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then 735*4882a593Smuzhiyun 736*4882a593Smuzhiyun # make directory if it does not already exist 737*4882a593Smuzhiyun mkdir -p "${UBOOT_SIGN_KEYDIR}" 738*4882a593Smuzhiyun 739*4882a593Smuzhiyun bbnote "Generating RSA private key for signing fitImage" 740*4882a593Smuzhiyun openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ 741*4882a593Smuzhiyun "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ 742*4882a593Smuzhiyun "${FIT_SIGN_NUMBITS}" 743*4882a593Smuzhiyun 744*4882a593Smuzhiyun bbnote "Generating certificate for signing fitImage" 745*4882a593Smuzhiyun openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ 746*4882a593Smuzhiyun -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ 747*4882a593Smuzhiyun -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt 748*4882a593Smuzhiyun fi 749*4882a593Smuzhiyun fi 750*4882a593Smuzhiyun} 751*4882a593Smuzhiyun 752*4882a593Smuzhiyunaddtask kernel_generate_rsa_keys before do_assemble_fitimage after do_compile 753*4882a593Smuzhiyun 754*4882a593Smuzhiyunkernel_do_deploy[vardepsexclude] = "DATETIME" 755*4882a593Smuzhiyunkernel_do_deploy:append() { 756*4882a593Smuzhiyun # Update deploy directory 757*4882a593Smuzhiyun if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then 758*4882a593Smuzhiyun 759*4882a593Smuzhiyun if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then 760*4882a593Smuzhiyun bbnote "Copying fit-image.its source file..." 761*4882a593Smuzhiyun install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its" 762*4882a593Smuzhiyun if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then 763*4882a593Smuzhiyun ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}" 764*4882a593Smuzhiyun fi 765*4882a593Smuzhiyun 766*4882a593Smuzhiyun bbnote "Copying linux.bin file..." 767*4882a593Smuzhiyun install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} 768*4882a593Smuzhiyun if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then 769*4882a593Smuzhiyun ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}" 770*4882a593Smuzhiyun fi 771*4882a593Smuzhiyun fi 772*4882a593Smuzhiyun 773*4882a593Smuzhiyun if [ -n "${INITRAMFS_IMAGE}" ]; then 774*4882a593Smuzhiyun bbnote "Copying fit-image-${INITRAMFS_IMAGE}.its source file..." 775*4882a593Smuzhiyun install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its" 776*4882a593Smuzhiyun if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then 777*4882a593Smuzhiyun ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" 778*4882a593Smuzhiyun fi 779*4882a593Smuzhiyun 780*4882a593Smuzhiyun if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then 781*4882a593Smuzhiyun bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..." 782*4882a593Smuzhiyun install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}" 783*4882a593Smuzhiyun if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then 784*4882a593Smuzhiyun ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}" 785*4882a593Smuzhiyun fi 786*4882a593Smuzhiyun fi 787*4882a593Smuzhiyun fi 788*4882a593Smuzhiyun fi 789*4882a593Smuzhiyun if [ "${UBOOT_SIGN_ENABLE}" = "1" -o "${UBOOT_FITIMAGE_ENABLE}" = "1" ] && \ 790*4882a593Smuzhiyun [ -n "${UBOOT_DTB_BINARY}" ] ; then 791*4882a593Smuzhiyun # UBOOT_DTB_IMAGE is a realfile, but we can't use 792*4882a593Smuzhiyun # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed 793*4882a593Smuzhiyun # for u-boot, but we are in kernel env now. 794*4882a593Smuzhiyun install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/" 795*4882a593Smuzhiyun fi 796*4882a593Smuzhiyun if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${UBOOT_BINARY}" -a -n "${SPL_DTB_BINARY}" ] ; then 797*4882a593Smuzhiyun # If we're also creating and/or signing the uboot fit, now we need to 798*4882a593Smuzhiyun # deploy it, it's its file, as well as u-boot-spl.dtb 799*4882a593Smuzhiyun install -m 0644 ${B}/u-boot-spl-${MACHINE}*.dtb "$deployDir/" 800*4882a593Smuzhiyun bbnote "Copying u-boot-fitImage file..." 801*4882a593Smuzhiyun install -m 0644 ${B}/u-boot-fitImage-* "$deployDir/" 802*4882a593Smuzhiyun bbnote "Copying u-boot-its file..." 803*4882a593Smuzhiyun install -m 0644 ${B}/u-boot-its-* "$deployDir/" 804*4882a593Smuzhiyun fi 805*4882a593Smuzhiyun} 806*4882a593Smuzhiyun 807*4882a593Smuzhiyun# The function below performs the following in case of initramfs bundles: 808*4882a593Smuzhiyun# - Removes do_assemble_fitimage. FIT generation is done through 809*4882a593Smuzhiyun# do_assemble_fitimage_initramfs. do_assemble_fitimage is not needed 810*4882a593Smuzhiyun# and should not be part of the tasks to be executed. 811*4882a593Smuzhiyun# - Since do_kernel_generate_rsa_keys is inserted by default 812*4882a593Smuzhiyun# between do_compile and do_assemble_fitimage, this is 813*4882a593Smuzhiyun# not suitable in case of initramfs bundles. do_kernel_generate_rsa_keys 814*4882a593Smuzhiyun# should be between do_bundle_initramfs and do_assemble_fitimage_initramfs. 815*4882a593Smuzhiyunpython () { 816*4882a593Smuzhiyun if d.getVar('INITRAMFS_IMAGE_BUNDLE') == "1": 817*4882a593Smuzhiyun bb.build.deltask('do_assemble_fitimage', d) 818*4882a593Smuzhiyun bb.build.deltask('kernel_generate_rsa_keys', d) 819*4882a593Smuzhiyun bb.build.addtask('kernel_generate_rsa_keys', 'do_assemble_fitimage_initramfs', 'do_bundle_initramfs', d) 820*4882a593Smuzhiyun} 821