developer | 5d62759 | 2022-12-02 10:26:07 +0800 | [diff] [blame] | 1 | inherit kernel-uboot kernel-artifact-names uboot-sign kernel-fitimage
|
| 2 |
|
| 3 | python __anonymous () {
|
| 4 | d.appendVarFlag('do_gen_sb_dtb', 'depends', ' rdk-generic-broadband-image:do_hash_rootfs')
|
| 5 | }
|
| 6 |
|
| 7 | # Options for the device tree compiler passed to mkimage '-D' feature:
|
| 8 | UBOOT_MKIMAGE_DTCOPTS ??= ""
|
| 9 |
|
| 10 | # fitImage Hash Algo
|
| 11 | FIT_HASH_ALG ?= "sha256"
|
| 12 |
|
| 13 | # fitImage Signature Algo
|
| 14 | FIT_SIGN_ALG ?= "rsa2048"
|
| 15 |
|
| 16 | #
|
| 17 | # Emit the fitImage ITS header
|
| 18 | #
|
| 19 | # $1 ... .its filename
|
| 20 | fitimage_emit_fit_header() {
|
| 21 | cat << EOF >> ${1}
|
| 22 | /dts-v1/;
|
| 23 |
|
| 24 | / {
|
| 25 | description = "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}";
|
| 26 | #address-cells = <1>;
|
| 27 | EOF
|
| 28 | }
|
| 29 |
|
| 30 | #
|
| 31 | # Emit the fitImage section bits
|
| 32 | #
|
| 33 | # $1 ... .its filename
|
| 34 | # $2 ... Section bit type: imagestart - image section start
|
| 35 | # confstart - configuration section start
|
| 36 | # sectend - section end
|
| 37 | # fitend - fitimage end
|
| 38 | #
|
| 39 | fitimage_emit_section_maint() {
|
| 40 | case $2 in
|
| 41 | imagestart)
|
| 42 | cat << EOF >> ${1}
|
| 43 |
|
| 44 | images {
|
| 45 | EOF
|
| 46 | ;;
|
| 47 | confstart)
|
| 48 | cat << EOF >> ${1}
|
| 49 |
|
| 50 | configurations {
|
| 51 | EOF
|
| 52 | ;;
|
| 53 | sectend)
|
| 54 | cat << EOF >> ${1}
|
| 55 | };
|
| 56 | EOF
|
| 57 | ;;
|
| 58 | fitend)
|
| 59 | cat << EOF >> ${1}
|
| 60 | };
|
| 61 | EOF
|
| 62 | ;;
|
| 63 | esac
|
| 64 | }
|
| 65 |
|
| 66 | #
|
| 67 | # Emit the fitImage ITS kernel section
|
| 68 | #
|
| 69 | # $1 ... .its filename
|
| 70 | # $2 ... Image counter
|
| 71 | # $3 ... Path to kernel image
|
| 72 | # $4 ... Compression type
|
| 73 | fitimage_emit_section_kernel() {
|
| 74 |
|
| 75 | kernel_csum="${FIT_HASH_ALG}"
|
| 76 |
|
| 77 | ENTRYPOINT="${UBOOT_ENTRYPOINT}"
|
| 78 | if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
|
| 79 | ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
|
| 80 | awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
|
| 81 | fi
|
| 82 |
|
| 83 | cat << EOF >> ${1}
|
| 84 | kernel-${2} {
|
| 85 | description = "Linux kernel";
|
| 86 | data = /incbin/("${3}");
|
| 87 | type = "kernel";
|
| 88 | arch = "${UBOOT_ARCH}";
|
| 89 | os = "linux";
|
| 90 | compression = "${4}";
|
| 91 | load = <${UBOOT_LOADADDRESS}>;
|
| 92 | entry = <${ENTRYPOINT}>;
|
| 93 | hash-1 {
|
| 94 | algo = "${kernel_csum}";
|
| 95 | };
|
| 96 | };
|
| 97 | EOF
|
| 98 | }
|
| 99 |
|
| 100 | #
|
| 101 | # Emit the fitImage ITS DTB section
|
| 102 | #
|
| 103 | # $1 ... .its filename
|
| 104 | # $2 ... Image counter
|
| 105 | # $3 ... Path to DTB image
|
| 106 | fitimage_emit_section_dtb() {
|
| 107 |
|
| 108 | dtb_csum="${FIT_HASH_ALG}"
|
| 109 |
|
| 110 | dtb_loadline=""
|
| 111 | dtb_ext=${DTB##*.}
|
| 112 | if [ "${dtb_ext}" = "dtbo" ]; then
|
| 113 | if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
|
| 114 | dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
|
| 115 | fi
|
| 116 | elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
|
| 117 | dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
|
| 118 | fi
|
| 119 | cat << EOF >> ${1}
|
| 120 | fdt-${2} {
|
| 121 | description = "Flattened Device Tree blob";
|
| 122 | data = /incbin/("${3}");
|
| 123 | type = "flat_dt";
|
| 124 | arch = "${UBOOT_ARCH}";
|
| 125 | compression = "none";
|
| 126 | ${dtb_loadline}
|
| 127 | hash-1 {
|
| 128 | algo = "${dtb_csum}";
|
| 129 | };
|
| 130 | };
|
| 131 | EOF
|
| 132 | }
|
| 133 |
|
| 134 | #
|
| 135 | # Emit the fitImage ITS setup section
|
| 136 | #
|
| 137 | # $1 ... .its filename
|
| 138 | # $2 ... Image counter
|
| 139 | # $3 ... Path to setup image
|
| 140 | fitimage_emit_section_setup() {
|
| 141 |
|
| 142 | setup_csum="${FIT_HASH_ALG}"
|
| 143 |
|
| 144 | cat << EOF >> ${1}
|
| 145 | setup-${2} {
|
| 146 | description = "Linux setup.bin";
|
| 147 | data = /incbin/("${3}");
|
| 148 | type = "x86_setup";
|
| 149 | arch = "${UBOOT_ARCH}";
|
| 150 | os = "linux";
|
| 151 | compression = "none";
|
| 152 | load = <0x00090000>;
|
| 153 | entry = <0x00090000>;
|
| 154 | hash-1 {
|
| 155 | algo = "${setup_csum}";
|
| 156 | };
|
| 157 | };
|
| 158 | EOF
|
| 159 | }
|
| 160 |
|
| 161 | #
|
| 162 | # Emit the fitImage ITS ramdisk section
|
| 163 | #
|
| 164 | # $1 ... .its filename
|
| 165 | # $2 ... Image counter
|
| 166 | # $3 ... Path to ramdisk image
|
| 167 | fitimage_emit_section_ramdisk() {
|
| 168 |
|
| 169 | ramdisk_csum="${FIT_HASH_ALG}"
|
| 170 | ramdisk_loadline=""
|
| 171 | ramdisk_entryline=""
|
| 172 |
|
| 173 | if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
|
| 174 | ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
|
| 175 | fi
|
| 176 | if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
|
| 177 | ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
|
| 178 | fi
|
| 179 |
|
| 180 | cat << EOF >> ${1}
|
| 181 | ramdisk-${2} {
|
| 182 | description = "${INITRAMFS_IMAGE}";
|
| 183 | data = /incbin/("${3}");
|
| 184 | type = "ramdisk";
|
| 185 | arch = "${UBOOT_ARCH}";
|
| 186 | os = "linux";
|
| 187 | compression = "none";
|
| 188 | ${ramdisk_loadline}
|
| 189 | ${ramdisk_entryline}
|
| 190 | hash-1 {
|
| 191 | algo = "${ramdisk_csum}";
|
| 192 | };
|
| 193 | };
|
| 194 | EOF
|
| 195 | }
|
| 196 |
|
| 197 | python do_gen_sb_dtb(){
|
| 198 |
|
| 199 | DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
|
| 200 | SUMMARY_FILE="%s/hash-summary" %(DEPLOY_DIR_IMAGE)
|
| 201 | HASHED_BOOT_DEVICE="252:0"
|
| 202 | KERNEL_DEVICETREE = d.getVar('KERNEL_DEVICETREE', d, 1)
|
| 203 | dest = d.getVar('D', d, 1)
|
| 204 | build = d.getVar('B', d, 1)
|
| 205 | arch = d.getVar('ARCH', d, 1)
|
| 206 | KERNEL_IMAGEDEST = d.getVar('KERNEL_IMAGEDEST', d, 1)
|
| 207 | dtblist=KERNEL_DEVICETREE.split(" ")
|
| 208 | import os
|
| 209 | for DTB in dtblist:
|
| 210 | if len(DTB) != 0:
|
| 211 | SecureDTB=DTB.replace(".dtb","-sb.dtb")
|
| 212 | BaseDTB=os.path.basename(DTB)
|
| 213 | BaseSecureDTB=BaseDTB.replace(".dtb","-sb.dtb")
|
| 214 | import time
|
| 215 | import subprocess
|
| 216 | subprocess.Popen("fdt-patch-dm-verify %s %s/arch/%s/boot/dts/%s %s/arch/%s/boot/dts/%s %s" %(SUMMARY_FILE, build, arch, DTB, build, arch, SecureDTB, HASHED_BOOT_DEVICE), shell=True)
|
| 217 | time.sleep( 1 )
|
| 218 | subprocess.Popen("install -m 0644 %s/arch/%s/boot/dts/%s %s/%s/%s" %(build, arch, SecureDTB, dest, KERNEL_IMAGEDEST, BaseSecureDTB), shell=True)
|
| 219 |
|
| 220 | }
|
| 221 |
|
| 222 | addtask gen_sb_dtb before do_deploy after do_install
|
| 223 |
|
| 224 | #
|
| 225 | # Emit the fitImage ITS configuration section
|
| 226 | #
|
| 227 | # $1 ... .its filename
|
| 228 | # $2 ... Linux kernel ID
|
| 229 | # $3 ... DTB image name
|
| 230 | # $4 ... ramdisk ID
|
| 231 | # $5 ... config ID
|
| 232 | # $6 ... default flag
|
| 233 | fitimage_emit_section_config_sb() {
|
| 234 |
|
| 235 | conf_csum="${FIT_HASH_ALG}"
|
| 236 | conf_sign_algo="${FIT_SIGN_ALG}"
|
| 237 |
|
| 238 | sb_sign_keyname="${SECURE_BOOT_KEYNAME}"
|
| 239 |
|
| 240 |
|
| 241 | # Test if we have any DTBs at all
|
| 242 | sep=""
|
| 243 | conf_desc=""
|
| 244 | kernel_line=""
|
| 245 | fdt_line=""
|
| 246 | ramdisk_line=""
|
| 247 | setup_line=""
|
| 248 | default_line=""
|
| 249 |
|
| 250 | if [ -n "${2}" ]; then
|
| 251 | conf_desc="Linux kernel"
|
| 252 | sep=", "
|
| 253 | kernel_line="kernel = \"kernel-${2}\";"
|
| 254 | fi
|
| 255 |
|
| 256 | if [ -n "${3}" ]; then
|
| 257 | conf_desc="${conf_desc}${sep}FDT blob"
|
| 258 | sep=", "
|
| 259 | fdt_line="fdt = \"fdt-${3}\";"
|
| 260 | fi
|
| 261 |
|
| 262 | if [ -n "${4}" ]; then
|
| 263 | conf_desc="${conf_desc}${sep}ramdisk"
|
| 264 | sep=", "
|
| 265 | ramdisk_line="ramdisk = \"ramdisk-${4}\";"
|
| 266 | fi
|
| 267 |
|
| 268 | if [ -n "${5}" ]; then
|
| 269 | conf_desc="${conf_desc}${sep}setup"
|
| 270 | setup_line="setup = \"setup-${5}\";"
|
| 271 | fi
|
| 272 |
|
| 273 | if [ "${6}" = "1" ]; then
|
| 274 | default_line="default = \"conf-${3}\";"
|
| 275 | fi
|
| 276 |
|
| 277 | cat << EOF >> ${1}
|
| 278 | ${default_line}
|
| 279 | conf-${3} {
|
| 280 | description = "${6} ${conf_desc}";
|
| 281 | ${kernel_line}
|
| 282 | ${fdt_line}
|
| 283 | ${ramdisk_line}
|
| 284 | ${setup_line}
|
| 285 | hash-1 {
|
| 286 | algo = "${conf_csum}";
|
| 287 | };
|
| 288 | EOF
|
| 289 |
|
| 290 | if [ ! -z "${sb_sign_keyname}" ] ; then
|
| 291 |
|
| 292 | sign_line="sign-images = "
|
| 293 | sep=""
|
| 294 |
|
| 295 | if [ -n "${2}" ]; then
|
| 296 | sign_line="${sign_line}${sep}\"kernel\""
|
| 297 | sep=", "
|
| 298 | fi
|
| 299 |
|
| 300 | if [ -n "${3}" ]; then
|
| 301 | sign_line="${sign_line}${sep}\"fdt\""
|
| 302 | sep=", "
|
| 303 | fi
|
| 304 |
|
| 305 | if [ -n "${4}" ]; then
|
| 306 | sign_line="${sign_line}${sep}\"ramdisk\""
|
| 307 | sep=", "
|
| 308 | fi
|
| 309 |
|
| 310 | if [ -n "${5}" ]; then
|
| 311 | sign_line="${sign_line}${sep}\"setup\""
|
| 312 | fi
|
| 313 |
|
| 314 | sign_line="${sign_line};"
|
| 315 |
|
| 316 | cat << EOF >> ${1}
|
| 317 | signature-1 {
|
| 318 | algo = "${conf_csum},${conf_sign_algo}";
|
| 319 | key-name-hint = "${sb_sign_keyname}";
|
| 320 | ${sign_line}
|
| 321 | };
|
| 322 | EOF
|
| 323 | fi
|
| 324 |
|
| 325 | cat << EOF >> ${1}
|
| 326 | };
|
| 327 | EOF
|
| 328 | }
|
| 329 | #
|
| 330 | # Assemble fitImage
|
| 331 | #
|
| 332 | # $1 ... .its filename
|
| 333 | # $2 ... fitImage name
|
| 334 | # $3 ... include ramdisk
|
| 335 | fitimage_assemble_sb() {
|
| 336 | kernelcount=1
|
| 337 | dtbcount=""
|
| 338 | DTBS=""
|
| 339 | ramdiskcount=${3}
|
| 340 | setupcount=""
|
| 341 | rm -f ${1} arch/${ARCH}/boot/${2}
|
| 342 |
|
| 343 | fitimage_emit_fit_header ${1}
|
| 344 |
|
| 345 | #
|
| 346 | # Step 1: Prepare a kernel image section.
|
| 347 | #
|
| 348 | fitimage_emit_section_maint ${1} imagestart
|
| 349 |
|
| 350 | uboot_prep_kimage
|
| 351 | fitimage_emit_section_kernel ${1} "${kernelcount}" linux.bin "${linux_comp}"
|
| 352 |
|
| 353 | #
|
| 354 | # Step 2: Prepare a DTB image section
|
| 355 | #
|
| 356 |
|
| 357 | if [ -z "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -n "${KERNEL_DEVICETREE}" ]; then
|
| 358 | dtbcount=1
|
| 359 | for DTB in ${KERNEL_DEVICETREE}; do
|
| 360 | if echo ${DTB} | grep -q '/dts/'; then
|
| 361 | bbwarn "${DTB} contains the full path to the the dts file, but only the dtb name should be used."
|
| 362 | DTB=`basename ${DTB} | sed 's,\.dts$,.dtb,g'`
|
| 363 | fi
|
| 364 | DTB=`echo ${DTB} | sed 's,\.dtb$,-sb.dtb,g'`
|
| 365 | DTB_PATH="arch/${ARCH}/boot/dts/${DTB}"
|
| 366 | if [ ! -e "${DTB_PATH}" ]; then
|
| 367 | DTB_PATH="arch/${ARCH}/boot/${DTB}"
|
| 368 | fi
|
| 369 |
|
| 370 | DTB=$(echo "${DTB}" | tr '/' '_')
|
| 371 | DTBS="${DTBS} ${DTB}"
|
| 372 | fitimage_emit_section_dtb ${1} ${DTB} ${DTB_PATH}
|
| 373 | done
|
| 374 | fi
|
| 375 |
|
| 376 | if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
|
| 377 | dtbcount=1
|
| 378 | for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
|
| 379 | DTB=$(echo "${DTB}" | tr '/' '_')
|
| 380 | DTBS="${DTBS} ${DTB}"
|
| 381 | fitimage_emit_section_dtb ${1} ${DTB} "${EXTERNAL_KERNEL_DEVICETREE}/${DTB}"
|
| 382 | done
|
| 383 | fi
|
| 384 |
|
| 385 | #
|
| 386 | # Step 3: Prepare a setup section. (For x86)
|
| 387 | #
|
| 388 | if [ -e arch/${ARCH}/boot/setup.bin ]; then
|
| 389 | setupcount=1
|
| 390 | fitimage_emit_section_setup ${1} "${setupcount}" arch/${ARCH}/boot/setup.bin
|
| 391 | fi
|
| 392 |
|
| 393 | #
|
| 394 | # Step 4: Prepare a ramdisk section.
|
| 395 | #
|
| 396 | if [ "x${ramdiskcount}" = "x1" ] ; then
|
| 397 | # Find and use the first initramfs image archive type we find
|
| 398 | for img in cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.gz ext2.gz cpio; do
|
| 399 | initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.${img}"
|
| 400 | echo "Using $initramfs_path"
|
| 401 | if [ -e "${initramfs_path}" ]; then
|
| 402 | fitimage_emit_section_ramdisk ${1} "${ramdiskcount}" "${initramfs_path}"
|
| 403 | break
|
| 404 | fi
|
| 405 | done
|
| 406 | fi
|
| 407 |
|
| 408 | fitimage_emit_section_maint ${1} sectend
|
| 409 |
|
| 410 | # Force the first Kernel and DTB in the default config
|
| 411 | kernelcount=1
|
| 412 | if [ -n "${dtbcount}" ]; then
|
| 413 | dtbcount=1
|
| 414 | fi
|
| 415 |
|
| 416 | #
|
| 417 | # Step 5: Prepare a configurations section
|
| 418 | #
|
| 419 | fitimage_emit_section_maint ${1} confstart
|
| 420 |
|
| 421 | if [ -n "${DTBS}" ]; then
|
| 422 | i=1
|
| 423 | for DTB in ${DTBS}; do
|
| 424 | dtb_ext=${DTB##*.}
|
| 425 | if [ "${dtb_ext}" = "dtbo" ]; then
|
| 426 | fitimage_emit_section_config_sb ${1} "" "${DTB}" "" "" "`expr ${i} = ${dtbcount}`"
|
| 427 | else
|
| 428 | fitimage_emit_section_config_sb ${1} "${kernelcount}" "${DTB}" "${ramdiskcount}" "${setupcount}" "`expr ${i} = ${dtbcount}`"
|
| 429 | fi
|
| 430 | i=`expr ${i} + 1`
|
| 431 | done
|
| 432 | fi
|
| 433 |
|
| 434 | fitimage_emit_section_maint ${1} sectend
|
| 435 |
|
| 436 | fitimage_emit_section_maint ${1} fitend
|
| 437 |
|
| 438 | #
|
| 439 | # Step 6: Sign the image and add public key to U-Boot dtb
|
| 440 | #
|
| 441 |
|
| 442 | uboot-mkimage \
|
| 443 | ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
|
| 444 | -f ${1} \
|
| 445 | -k "${SECURE_BOOT_KEYDIR}" \
|
| 446 | -r arch/${ARCH}/boot/${2}
|
| 447 |
|
| 448 | }
|
| 449 |
|
| 450 | python do_gen_sb_dtb(){
|
| 451 |
|
| 452 | DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
|
| 453 | SUMMARY_FILE="%s/hash-summary" %(DEPLOY_DIR_IMAGE)
|
| 454 | HASHED_BOOT_DEVICE=d.getVar('HASHED_BOOT_DEVICE', d, 1)
|
| 455 | KERNEL_DEVICETREE = d.getVar('KERNEL_DEVICETREE', d, 1)
|
| 456 | DEST = d.getVar('D', d, 1)
|
| 457 | BUILD = d.getVar('B', d, 1)
|
| 458 | ARCH = d.getVar('ARCH', d, 1)
|
| 459 | KERNEL_IMAGEDEST = d.getVar('KERNEL_IMAGEDEST', d, 1)
|
| 460 | DTBLIST=KERNEL_DEVICETREE.split(" ")
|
| 461 | import os
|
| 462 | for DTB in DTBLIST:
|
| 463 | if len(DTB) != 0:
|
| 464 | SecureDTB=DTB.replace(".dtb","-sb.dtb")
|
| 465 | BaseDTB=os.path.basename(DTB)
|
| 466 | BaseSecureDTB=BaseDTB.replace(".dtb","-sb.dtb")
|
| 467 | import time
|
| 468 | import subprocess
|
| 469 | subprocess.Popen("fdt-patch-dm-verify %s %s/arch/%s/boot/dts/%s %s/arch/%s/boot/dts/%s %s" %(SUMMARY_FILE, BUILD, ARCH, DTB, BUILD, ARCH, SecureDTB, HASHED_BOOT_DEVICE), shell=True)
|
| 470 | time.sleep( 1 )
|
| 471 | subprocess.Popen("install -m 0644 %s/arch/%s/boot/dts/%s %s/%s/%s" %(BUILD, ARCH, SecureDTB, DEST, KERNEL_IMAGEDEST, BaseSecureDTB), shell=True)
|
| 472 |
|
| 473 | }
|
| 474 |
|
| 475 | addtask gen_sb_dtb before do_deploy after do_install
|
| 476 |
|
| 477 | do_assemble_secure_boot_fitimage() {
|
| 478 | if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
|
| 479 | cd ${B}
|
| 480 | fitimage_assemble_sb fit-image-sb.its fitImage-sb
|
| 481 | fi
|
| 482 | }
|
| 483 |
|
| 484 | addtask assemble_secure_boot_fitimage before do_deploy after do_gen_sb_dtb
|
| 485 |
|
| 486 | python do_fit_image_sb_deploy(){
|
| 487 | DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
|
| 488 | BUILD = d.getVar('B', d, 1)
|
| 489 | ARCH = d.getVar('ARCH', d, 1)
|
| 490 | import subprocess
|
| 491 | import time
|
| 492 | subprocess.Popen("rm %s/fitImage-sb" %(DEPLOY_DIR_IMAGE), shell=True)
|
| 493 | time.sleep( 1 )
|
| 494 | subprocess.Popen("install -m 0644 %s/arch/%s/boot/fitImage-sb %s/" %(BUILD, ARCH, DEPLOY_DIR_IMAGE), shell=True)
|
| 495 | }
|
| 496 | addtask fit_image_sb_deploy before do_deploy after do_assemble_secure_boot_fitimage
|
| 497 |
|
| 498 | DEPENDS += "fdt-patch-dm-verify-native" |