blob: d76a6ed8986d9c7c5ac36106858e0965fa89322a [file] [log] [blame]
developer5d627592022-12-02 10:26:07 +08001inherit kernel-uboot kernel-artifact-names uboot-sign kernel-fitimage
2
3python __anonymous () {
4 d.appendVarFlag('do_gen_sb_dtb', 'depends', ' rdk-generic-broadband-image:do_hash_rootfs')
5}
6
7# Options for the device tree compiler passed to mkimage '-D' feature:
8UBOOT_MKIMAGE_DTCOPTS ??= ""
9
10# fitImage Hash Algo
11FIT_HASH_ALG ?= "sha256"
12
13# fitImage Signature Algo
14FIT_SIGN_ALG ?= "rsa2048"
15
16#
17# Emit the fitImage ITS header
18#
19# $1 ... .its filename
20fitimage_emit_fit_header() {
21 cat << EOF >> ${1}
22/dts-v1/;
23
24/ {
25 description = "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}";
26 #address-cells = <1>;
27EOF
28}
29
30#
31# Emit the fitImage section bits
32#
33# $1 ... .its filename
34# $2 ... Section bit type: imagestart - image section start
35# confstart - configuration section start
36# sectend - section end
37# fitend - fitimage end
38#
39fitimage_emit_section_maint() {
40 case $2 in
41 imagestart)
42 cat << EOF >> ${1}
43
44 images {
45EOF
46 ;;
47 confstart)
48 cat << EOF >> ${1}
49
50 configurations {
51EOF
52 ;;
53 sectend)
54 cat << EOF >> ${1}
55 };
56EOF
57 ;;
58 fitend)
59 cat << EOF >> ${1}
60};
61EOF
62 ;;
63 esac
64}
65
66#
67# Emit the fitImage ITS kernel section
68#
69# $1 ... .its filename
70# $2 ... Image counter
71# $3 ... Path to kernel image
72# $4 ... Compression type
73fitimage_emit_section_kernel() {
74
75 kernel_csum="${FIT_HASH_ALG}"
76
77 ENTRYPOINT="${UBOOT_ENTRYPOINT}"
78 if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
79 ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
80 awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
81 fi
82
83 cat << EOF >> ${1}
84 kernel-${2} {
85 description = "Linux kernel";
86 data = /incbin/("${3}");
87 type = "kernel";
88 arch = "${UBOOT_ARCH}";
89 os = "linux";
90 compression = "${4}";
91 load = <${UBOOT_LOADADDRESS}>;
92 entry = <${ENTRYPOINT}>;
93 hash-1 {
94 algo = "${kernel_csum}";
95 };
96 };
97EOF
98}
99
100#
101# Emit the fitImage ITS DTB section
102#
103# $1 ... .its filename
104# $2 ... Image counter
105# $3 ... Path to DTB image
106fitimage_emit_section_dtb() {
107
108 dtb_csum="${FIT_HASH_ALG}"
109
110 dtb_loadline=""
111 dtb_ext=${DTB##*.}
112 if [ "${dtb_ext}" = "dtbo" ]; then
113 if [ -n "${UBOOT_DTBO_LOADADDRESS}" ]; then
114 dtb_loadline="load = <${UBOOT_DTBO_LOADADDRESS}>;"
115 fi
116 elif [ -n "${UBOOT_DTB_LOADADDRESS}" ]; then
117 dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
118 fi
119 cat << EOF >> ${1}
120 fdt-${2} {
121 description = "Flattened Device Tree blob";
122 data = /incbin/("${3}");
123 type = "flat_dt";
124 arch = "${UBOOT_ARCH}";
125 compression = "none";
126 ${dtb_loadline}
127 hash-1 {
128 algo = "${dtb_csum}";
129 };
130 };
131EOF
132}
133
134#
135# Emit the fitImage ITS setup section
136#
137# $1 ... .its filename
138# $2 ... Image counter
139# $3 ... Path to setup image
140fitimage_emit_section_setup() {
141
142 setup_csum="${FIT_HASH_ALG}"
143
144 cat << EOF >> ${1}
145 setup-${2} {
146 description = "Linux setup.bin";
147 data = /incbin/("${3}");
148 type = "x86_setup";
149 arch = "${UBOOT_ARCH}";
150 os = "linux";
151 compression = "none";
152 load = <0x00090000>;
153 entry = <0x00090000>;
154 hash-1 {
155 algo = "${setup_csum}";
156 };
157 };
158EOF
159}
160
161#
162# Emit the fitImage ITS ramdisk section
163#
164# $1 ... .its filename
165# $2 ... Image counter
166# $3 ... Path to ramdisk image
167fitimage_emit_section_ramdisk() {
168
169 ramdisk_csum="${FIT_HASH_ALG}"
170 ramdisk_loadline=""
171 ramdisk_entryline=""
172
173 if [ -n "${UBOOT_RD_LOADADDRESS}" ]; then
174 ramdisk_loadline="load = <${UBOOT_RD_LOADADDRESS}>;"
175 fi
176 if [ -n "${UBOOT_RD_ENTRYPOINT}" ]; then
177 ramdisk_entryline="entry = <${UBOOT_RD_ENTRYPOINT}>;"
178 fi
179
180 cat << EOF >> ${1}
181 ramdisk-${2} {
182 description = "${INITRAMFS_IMAGE}";
183 data = /incbin/("${3}");
184 type = "ramdisk";
185 arch = "${UBOOT_ARCH}";
186 os = "linux";
187 compression = "none";
188 ${ramdisk_loadline}
189 ${ramdisk_entryline}
190 hash-1 {
191 algo = "${ramdisk_csum}";
192 };
193 };
194EOF
195}
196
197python do_gen_sb_dtb(){
198
199 DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
200 SUMMARY_FILE="%s/hash-summary" %(DEPLOY_DIR_IMAGE)
201 HASHED_BOOT_DEVICE="252:0"
202 KERNEL_DEVICETREE = d.getVar('KERNEL_DEVICETREE', d, 1)
203 dest = d.getVar('D', d, 1)
204 build = d.getVar('B', d, 1)
205 arch = d.getVar('ARCH', d, 1)
206 KERNEL_IMAGEDEST = d.getVar('KERNEL_IMAGEDEST', d, 1)
207 dtblist=KERNEL_DEVICETREE.split(" ")
208 import os
209 for DTB in dtblist:
210 if len(DTB) != 0:
211 SecureDTB=DTB.replace(".dtb","-sb.dtb")
212 BaseDTB=os.path.basename(DTB)
213 BaseSecureDTB=BaseDTB.replace(".dtb","-sb.dtb")
214 import time
215 import subprocess
216 subprocess.Popen("fdt-patch-dm-verify %s %s/arch/%s/boot/dts/%s %s/arch/%s/boot/dts/%s %s" %(SUMMARY_FILE, build, arch, DTB, build, arch, SecureDTB, HASHED_BOOT_DEVICE), shell=True)
217 time.sleep( 1 )
218 subprocess.Popen("install -m 0644 %s/arch/%s/boot/dts/%s %s/%s/%s" %(build, arch, SecureDTB, dest, KERNEL_IMAGEDEST, BaseSecureDTB), shell=True)
219
220}
221
222addtask gen_sb_dtb before do_deploy after do_install
223
224#
225# Emit the fitImage ITS configuration section
226#
227# $1 ... .its filename
228# $2 ... Linux kernel ID
229# $3 ... DTB image name
230# $4 ... ramdisk ID
231# $5 ... config ID
232# $6 ... default flag
233fitimage_emit_section_config_sb() {
234
235 conf_csum="${FIT_HASH_ALG}"
236 conf_sign_algo="${FIT_SIGN_ALG}"
237
238 sb_sign_keyname="${SECURE_BOOT_KEYNAME}"
239
240
241 # Test if we have any DTBs at all
242 sep=""
243 conf_desc=""
244 kernel_line=""
245 fdt_line=""
246 ramdisk_line=""
247 setup_line=""
248 default_line=""
249
250 if [ -n "${2}" ]; then
251 conf_desc="Linux kernel"
252 sep=", "
253 kernel_line="kernel = \"kernel-${2}\";"
254 fi
255
256 if [ -n "${3}" ]; then
257 conf_desc="${conf_desc}${sep}FDT blob"
258 sep=", "
259 fdt_line="fdt = \"fdt-${3}\";"
260 fi
261
262 if [ -n "${4}" ]; then
263 conf_desc="${conf_desc}${sep}ramdisk"
264 sep=", "
265 ramdisk_line="ramdisk = \"ramdisk-${4}\";"
266 fi
267
268 if [ -n "${5}" ]; then
269 conf_desc="${conf_desc}${sep}setup"
270 setup_line="setup = \"setup-${5}\";"
271 fi
272
273 if [ "${6}" = "1" ]; then
274 default_line="default = \"conf-${3}\";"
275 fi
276
277 cat << EOF >> ${1}
278 ${default_line}
279 conf-${3} {
280 description = "${6} ${conf_desc}";
281 ${kernel_line}
282 ${fdt_line}
283 ${ramdisk_line}
284 ${setup_line}
285 hash-1 {
286 algo = "${conf_csum}";
287 };
288EOF
289
290 if [ ! -z "${sb_sign_keyname}" ] ; then
291
292 sign_line="sign-images = "
293 sep=""
294
295 if [ -n "${2}" ]; then
296 sign_line="${sign_line}${sep}\"kernel\""
297 sep=", "
298 fi
299
300 if [ -n "${3}" ]; then
301 sign_line="${sign_line}${sep}\"fdt\""
302 sep=", "
303 fi
304
305 if [ -n "${4}" ]; then
306 sign_line="${sign_line}${sep}\"ramdisk\""
307 sep=", "
308 fi
309
310 if [ -n "${5}" ]; then
311 sign_line="${sign_line}${sep}\"setup\""
312 fi
313
314 sign_line="${sign_line};"
315
316 cat << EOF >> ${1}
317 signature-1 {
318 algo = "${conf_csum},${conf_sign_algo}";
319 key-name-hint = "${sb_sign_keyname}";
320 ${sign_line}
321 };
322EOF
323 fi
324
325 cat << EOF >> ${1}
326 };
327EOF
328}
329#
330# Assemble fitImage
331#
332# $1 ... .its filename
333# $2 ... fitImage name
334# $3 ... include ramdisk
335fitimage_assemble_sb() {
336 kernelcount=1
337 dtbcount=""
338 DTBS=""
339 ramdiskcount=${3}
340 setupcount=""
341 rm -f ${1} arch/${ARCH}/boot/${2}
342
343 fitimage_emit_fit_header ${1}
344
345 #
346 # Step 1: Prepare a kernel image section.
347 #
348 fitimage_emit_section_maint ${1} imagestart
349
350 uboot_prep_kimage
351 fitimage_emit_section_kernel ${1} "${kernelcount}" linux.bin "${linux_comp}"
352
353 #
354 # Step 2: Prepare a DTB image section
355 #
356
357 if [ -z "${EXTERNAL_KERNEL_DEVICETREE}" ] && [ -n "${KERNEL_DEVICETREE}" ]; then
358 dtbcount=1
359 for DTB in ${KERNEL_DEVICETREE}; do
360 if echo ${DTB} | grep -q '/dts/'; then
361 bbwarn "${DTB} contains the full path to the the dts file, but only the dtb name should be used."
362 DTB=`basename ${DTB} | sed 's,\.dts$,.dtb,g'`
363 fi
364 DTB=`echo ${DTB} | sed 's,\.dtb$,-sb.dtb,g'`
365 DTB_PATH="arch/${ARCH}/boot/dts/${DTB}"
366 if [ ! -e "${DTB_PATH}" ]; then
367 DTB_PATH="arch/${ARCH}/boot/${DTB}"
368 fi
369
370 DTB=$(echo "${DTB}" | tr '/' '_')
371 DTBS="${DTBS} ${DTB}"
372 fitimage_emit_section_dtb ${1} ${DTB} ${DTB_PATH}
373 done
374 fi
375
376 if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
377 dtbcount=1
378 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
379 DTB=$(echo "${DTB}" | tr '/' '_')
380 DTBS="${DTBS} ${DTB}"
381 fitimage_emit_section_dtb ${1} ${DTB} "${EXTERNAL_KERNEL_DEVICETREE}/${DTB}"
382 done
383 fi
384
385 #
386 # Step 3: Prepare a setup section. (For x86)
387 #
388 if [ -e arch/${ARCH}/boot/setup.bin ]; then
389 setupcount=1
390 fitimage_emit_section_setup ${1} "${setupcount}" arch/${ARCH}/boot/setup.bin
391 fi
392
393 #
394 # Step 4: Prepare a ramdisk section.
395 #
396 if [ "x${ramdiskcount}" = "x1" ] ; then
397 # Find and use the first initramfs image archive type we find
398 for img in cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.gz ext2.gz cpio; do
399 initramfs_path="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.${img}"
400 echo "Using $initramfs_path"
401 if [ -e "${initramfs_path}" ]; then
402 fitimage_emit_section_ramdisk ${1} "${ramdiskcount}" "${initramfs_path}"
403 break
404 fi
405 done
406 fi
407
408 fitimage_emit_section_maint ${1} sectend
409
410 # Force the first Kernel and DTB in the default config
411 kernelcount=1
412 if [ -n "${dtbcount}" ]; then
413 dtbcount=1
414 fi
415
416 #
417 # Step 5: Prepare a configurations section
418 #
419 fitimage_emit_section_maint ${1} confstart
420
421 if [ -n "${DTBS}" ]; then
422 i=1
423 for DTB in ${DTBS}; do
424 dtb_ext=${DTB##*.}
425 if [ "${dtb_ext}" = "dtbo" ]; then
426 fitimage_emit_section_config_sb ${1} "" "${DTB}" "" "" "`expr ${i} = ${dtbcount}`"
427 else
428 fitimage_emit_section_config_sb ${1} "${kernelcount}" "${DTB}" "${ramdiskcount}" "${setupcount}" "`expr ${i} = ${dtbcount}`"
429 fi
430 i=`expr ${i} + 1`
431 done
432 fi
433
434 fitimage_emit_section_maint ${1} sectend
435
436 fitimage_emit_section_maint ${1} fitend
437
438 #
439 # Step 6: Sign the image and add public key to U-Boot dtb
440 #
441
442 uboot-mkimage \
443 ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
444 -f ${1} \
445 -k "${SECURE_BOOT_KEYDIR}" \
446 -r arch/${ARCH}/boot/${2}
447
448}
449
450python do_gen_sb_dtb(){
451
452 DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
453 SUMMARY_FILE="%s/hash-summary" %(DEPLOY_DIR_IMAGE)
454 HASHED_BOOT_DEVICE=d.getVar('HASHED_BOOT_DEVICE', d, 1)
455 KERNEL_DEVICETREE = d.getVar('KERNEL_DEVICETREE', d, 1)
456 DEST = d.getVar('D', d, 1)
457 BUILD = d.getVar('B', d, 1)
458 ARCH = d.getVar('ARCH', d, 1)
459 KERNEL_IMAGEDEST = d.getVar('KERNEL_IMAGEDEST', d, 1)
460 DTBLIST=KERNEL_DEVICETREE.split(" ")
461 import os
462 for DTB in DTBLIST:
463 if len(DTB) != 0:
464 SecureDTB=DTB.replace(".dtb","-sb.dtb")
465 BaseDTB=os.path.basename(DTB)
466 BaseSecureDTB=BaseDTB.replace(".dtb","-sb.dtb")
467 import time
468 import subprocess
469 subprocess.Popen("fdt-patch-dm-verify %s %s/arch/%s/boot/dts/%s %s/arch/%s/boot/dts/%s %s" %(SUMMARY_FILE, BUILD, ARCH, DTB, BUILD, ARCH, SecureDTB, HASHED_BOOT_DEVICE), shell=True)
470 time.sleep( 1 )
471 subprocess.Popen("install -m 0644 %s/arch/%s/boot/dts/%s %s/%s/%s" %(BUILD, ARCH, SecureDTB, DEST, KERNEL_IMAGEDEST, BaseSecureDTB), shell=True)
472
473}
474
475addtask gen_sb_dtb before do_deploy after do_install
476
477do_assemble_secure_boot_fitimage() {
478 if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
479 cd ${B}
480 fitimage_assemble_sb fit-image-sb.its fitImage-sb
481 fi
482}
483
484addtask assemble_secure_boot_fitimage before do_deploy after do_gen_sb_dtb
485
486python do_fit_image_sb_deploy(){
487 DEPLOY_DIR_IMAGE = d.getVar('DEPLOY_DIR_IMAGE', d, 1)
488 BUILD = d.getVar('B', d, 1)
489 ARCH = d.getVar('ARCH', d, 1)
490 import subprocess
491 import time
492 subprocess.Popen("rm %s/fitImage-sb" %(DEPLOY_DIR_IMAGE), shell=True)
493 time.sleep( 1 )
494 subprocess.Popen("install -m 0644 %s/arch/%s/boot/fitImage-sb %s/" %(BUILD, ARCH, DEPLOY_DIR_IMAGE), shell=True)
495}
496addtask fit_image_sb_deploy before do_deploy after do_assemble_secure_boot_fitimage
497
498DEPENDS += "fdt-patch-dm-verify-native"