[][MAC80211][Fix Patch Fail]
[Description]
Fix Patch Fail
[Release-log]
N/A
Change-Id: I1849f0d9124a6f64ffa6092494c2c3d32907a3fb
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/5695401
diff --git a/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch b/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch
new file mode 100644
index 0000000..6bce579
--- /dev/null
+++ b/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch
@@ -0,0 +1,213 @@
+--- a/include/image.mk
++++ b/include/image.mk
+@@ -227,8 +227,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(c
+ define Image/mkfs/squashfs-common
+ $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
+ -nopad -noappend -root-owned \
+- -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
+- -processors 1
++ -comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
+ endef
+
+ ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
+@@ -441,6 +440,9 @@ else
+ DEVICE_CHECK_PROFILE = $(CONFIG_TARGET_$(if $(CONFIG_TARGET_MULTI_PROFILE),DEVICE_)$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_$(1))
+ endif
+
++DEVICE_CHECK_FIT_KEY = $(if $(wildcard $(FIT_KEY_DIR)/$(FIT_KEY_NAME).key),install-images,install-disabled)
++DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-images)
++
+ DEVICE_EXTRA_PACKAGES = $(call qstrip,$(CONFIG_TARGET_DEVICE_PACKAGES_$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_DEVICE_$(1)))
+
+ define merge_packages
+@@ -463,7 +465,7 @@ endef
+ define Device/Check
+ $(Device/Check/Common)
+ KDIR_KERNEL_IMAGE := $(KDIR)/$(1)$$(KERNEL_SUFFIX)
+- _TARGET := $$(if $$(_PROFILE_SET),install-images,install-disabled)
++ _TARGET := $$(if $$(_PROFILE_SET),$$(DEVICE_CHECK_FIT_DIR),install-disabled)
+ ifndef IB
+ _COMPILE_TARGET := $$(if $(CONFIG_IB)$$(_PROFILE_SET),compile,compile-disabled)
+ endif
+--- a/scripts/mkits.sh
++++ b/scripts/mkits.sh
+@@ -17,6 +17,7 @@
+ usage() {
+ printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")"
+ printf " -v version -k kernel [-D name -n address -d dtb] -o its_file"
++ printf " [-s script] [-S key_name_hint] [-r ar_ver]"
+
+ printf "\n\t-A ==> set architecture to 'arch'"
+ printf "\n\t-C ==> set compression type 'comp'"
+@@ -28,13 +29,16 @@ usage() {
+ printf "\n\t-D ==> human friendly Device Tree Blob 'name'"
+ printf "\n\t-n ==> fdt unit-address 'address'"
+ printf "\n\t-d ==> include Device Tree Blob 'dtb'"
+- printf "\n\t-o ==> create output file 'its_file'\n"
++ printf "\n\t-o ==> create output file 'its_file'"
++ printf "\n\t-s ==> include u-boot script 'script'"
++ printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'"
++ printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)\n"
+ exit 1
+ }
+
+ FDTNUM=1
+
+-while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION
++while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:" OPTION
+ do
+ case $OPTION in
+ A ) ARCH=$OPTARG;;
+@@ -48,6 +52,9 @@ do
+ n ) FDTNUM=$OPTARG;;
+ o ) OUTPUT=$OPTARG;;
+ v ) VERSION=$OPTARG;;
++ s ) UBOOT_SCRIPT=$OPTARG;;
++ S ) KEY_NAME_HINT=$OPTARG;;
++ r ) AR_VER=$OPTARG;;
+ * ) echo "Invalid option passed to '$0' (options:$*)"
+ usage;;
+ esac
+@@ -132,6 +139,56 @@ if [ -n "${AR_VER}" ]; then
+ "
+ fi
+
++# Conditionally create script information
++if [ -n "${UBOOT_SCRIPT}" ]; then
++ SCRIPT="\
++ script@1 {
++ description = \"U-Boot Script\";
++ data = /incbin/(\"${UBOOT_SCRIPT}\");
++ type = \"script\";
++ arch = \"${ARCH}\";
++ os = \"linux\";
++ load = <0>;
++ entry = <0>;
++ compression = \"none\";
++ hash@1 {
++ algo = \"crc32\";
++ };
++ hash@2 {
++ algo = \"sha1\";
++ };
++ };\
++"
++ LOADABLES="\
++ loadables = \"script@1\";\
++"
++ SIGN_IMAGES="\
++ sign-images = \"fdt\", \"kernel\", \"loadables\";\
++"
++else
++ SIGN_IMAGES="\
++ sign-images = \"fdt\", \"kernel\";\
++"
++fi
++
++# Conditionally create signature information
++if [ -n "${KEY_NAME_HINT}" ]; then
++ SIGNATURE="\
++ signature {
++ algo = \"sha1,rsa2048\";
++ key-name-hint = \"${KEY_NAME_HINT}\";
++${SIGN_IMAGES}
++ };\
++"
++fi
++
++# Conditionally create anti-rollback version information
++if [ -n "${AR_VER}" ]; then
++ FW_AR_VER="\
++ fw_ar_ver = <${AR_VER}>;\
++"
++fi
++
+ # Create a default, fully populated DTS file
+ DATA="/dts-v1/;
+
+@@ -157,14 +214,18 @@ DATA="/dts-v1/;
+ };
+ };
+ ${FDT_NODE}
++${SCRIPT}
+ };
+
+ configurations {
+ default = \"${CONFIG}\";
+ ${CONFIG} {
+ description = \"OpenWrt\";
++${FW_AR_VER}
++${LOADABLES}
+ kernel = \"kernel@1\";
+ ${FDT_PROP}
++${SIGNATURE}
+ };
+ };
+ };"
+--- a/target/linux/mediatek/image/Makefile
++++ b/target/linux/mediatek/image/Makefile
+@@ -16,6 +16,55 @@ define Build/sysupgrade-emmc
+ $(IMAGE_ROOTFS)
+ endef
+
++# build squashfs-hashed
++define Build/squashfs-hashed
++ $(CP) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME)) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed
++ $(TOPDIR)/scripts/make-squashfs-hashed.sh \
++ $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed \
++ $(STAGING_DIR_HOST) \
++ $(TOPDIR) \
++ $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary
++ cat $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary | \
++ $(TOPDIR)/scripts/prepare-dm-verity-uboot-script.sh \
++ "$(HASHED_BOOT_DEVICE)" \
++ "$(BASIC_KERNEL_CMDLINE)" \
++ > $(KDIR)/$(DEVICE_NAME)-u-boot-script
++endef
++
++# build fw-ar-ver
++get_fw_ar_ver = \
++ $(if $(wildcard $(2)),$(shell rm -rf $(2))) \
++ $(if $(wildcard $(1)),$(info $(shell $(STAGING_DIR_HOST)/bin/ar-tool fw_ar_table create_ar_conf $(1) $(2)))) \
++ $(if $(wildcard $(2)),$(eval include $(2))) \
++ $(if $(FW_AR_VER),$(info FW_AR_VER = $(FW_AR_VER)))
++
++define Build/fw-ar-ver
++ $(call get_fw_ar_ver,$(ANTI_ROLLBACK_TABLE),$(AUTO_AR_CONF))
++endef
++
++# build signed fit
++define Build/fit-sign
++ $(TOPDIR)/scripts/mkits.sh \
++ -D $(DEVICE_NAME) \
++ -o $@.its \
++ -k $@ \
++ $(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \
++ -a $(KERNEL_LOADADDR) \
++ -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
++ -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
++ -A $(LINUX_KARCH) \
++ -v $(LINUX_VERSION) \
++ -s $(KDIR)/$(DEVICE_NAME)-u-boot-script \
++ $(if $(FIT_KEY_NAME),-S $(FIT_KEY_NAME)) \
++ $(if $(FW_AR_VER),-r $(FW_AR_VER))
++ PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage \
++ -f $@.its \
++ $(if $(FIT_KEY_DIR),-k $(FIT_KEY_DIR)) \
++ -r \
++ $@.new
++ @mv $@.new $@
++endef
++
+ # default all platform image(fit) build
+ define Device/Default
+ PROFILES = Default $$(DEVICE_NAME)
+@@ -29,6 +78,8 @@ define Device/Default
+ IMAGES := sysupgrade.bin
+ IMAGE/sysupgrade.bin := append-kernel | pad-to 128k | append-rootfs | \
+ pad-rootfs | append-metadata
++ FIT_KEY_DIR :=
++ FIT_KEY_NAME :=
+ endef
+
+ include $(SUBTARGET).mk