[][SBC][Refactor mkits.sh related patches]
[Description]
Refactor mkits.sh related patches
- patch 'mtk-openwrt-feed/openwrt_patches-21.02/9990-fit-replace-@-with--.patch' first
- split mkits.sh related in
'mtk-openwrt-feed/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch'
to 'mtk-openwrt-feed/openwrt_patches-21.02/9991-fit-secure-boot-and-anti-rollback-support.patch',
and move it to 'autobuild/openwrt_patches-21.02/0902-sbc-secure-boot-and-anti-rollback-support.patch'
[Release-log]
N/A
Change-Id: Id97d51c885d0e8f82de09f7380097f30261fcb52
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/5806065
diff --git a/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch b/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch
deleted file mode 100644
index 6bce579..0000000
--- a/openwrt_patches-21.02/9989-sbc-secure-boot-and-anti-rollback-support.patch
+++ /dev/null
@@ -1,213 +0,0 @@
---- a/include/image.mk
-+++ b/include/image.mk
-@@ -227,8 +227,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(c
- define Image/mkfs/squashfs-common
- $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
- -nopad -noappend -root-owned \
-- -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-- -processors 1
-+ -comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
- endef
-
- ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
-@@ -441,6 +440,9 @@ else
- DEVICE_CHECK_PROFILE = $(CONFIG_TARGET_$(if $(CONFIG_TARGET_MULTI_PROFILE),DEVICE_)$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_$(1))
- endif
-
-+DEVICE_CHECK_FIT_KEY = $(if $(wildcard $(FIT_KEY_DIR)/$(FIT_KEY_NAME).key),install-images,install-disabled)
-+DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-images)
-+
- DEVICE_EXTRA_PACKAGES = $(call qstrip,$(CONFIG_TARGET_DEVICE_PACKAGES_$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_DEVICE_$(1)))
-
- define merge_packages
-@@ -463,7 +465,7 @@ endef
- define Device/Check
- $(Device/Check/Common)
- KDIR_KERNEL_IMAGE := $(KDIR)/$(1)$$(KERNEL_SUFFIX)
-- _TARGET := $$(if $$(_PROFILE_SET),install-images,install-disabled)
-+ _TARGET := $$(if $$(_PROFILE_SET),$$(DEVICE_CHECK_FIT_DIR),install-disabled)
- ifndef IB
- _COMPILE_TARGET := $$(if $(CONFIG_IB)$$(_PROFILE_SET),compile,compile-disabled)
- endif
---- a/scripts/mkits.sh
-+++ b/scripts/mkits.sh
-@@ -17,6 +17,7 @@
- usage() {
- printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")"
- printf " -v version -k kernel [-D name -n address -d dtb] -o its_file"
-+ printf " [-s script] [-S key_name_hint] [-r ar_ver]"
-
- printf "\n\t-A ==> set architecture to 'arch'"
- printf "\n\t-C ==> set compression type 'comp'"
-@@ -28,13 +29,16 @@ usage() {
- printf "\n\t-D ==> human friendly Device Tree Blob 'name'"
- printf "\n\t-n ==> fdt unit-address 'address'"
- printf "\n\t-d ==> include Device Tree Blob 'dtb'"
-- printf "\n\t-o ==> create output file 'its_file'\n"
-+ printf "\n\t-o ==> create output file 'its_file'"
-+ printf "\n\t-s ==> include u-boot script 'script'"
-+ printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'"
-+ printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)\n"
- exit 1
- }
-
- FDTNUM=1
-
--while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION
-+while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:" OPTION
- do
- case $OPTION in
- A ) ARCH=$OPTARG;;
-@@ -48,6 +52,9 @@ do
- n ) FDTNUM=$OPTARG;;
- o ) OUTPUT=$OPTARG;;
- v ) VERSION=$OPTARG;;
-+ s ) UBOOT_SCRIPT=$OPTARG;;
-+ S ) KEY_NAME_HINT=$OPTARG;;
-+ r ) AR_VER=$OPTARG;;
- * ) echo "Invalid option passed to '$0' (options:$*)"
- usage;;
- esac
-@@ -132,6 +139,56 @@ if [ -n "${AR_VER}" ]; then
- "
- fi
-
-+# Conditionally create script information
-+if [ -n "${UBOOT_SCRIPT}" ]; then
-+ SCRIPT="\
-+ script@1 {
-+ description = \"U-Boot Script\";
-+ data = /incbin/(\"${UBOOT_SCRIPT}\");
-+ type = \"script\";
-+ arch = \"${ARCH}\";
-+ os = \"linux\";
-+ load = <0>;
-+ entry = <0>;
-+ compression = \"none\";
-+ hash@1 {
-+ algo = \"crc32\";
-+ };
-+ hash@2 {
-+ algo = \"sha1\";
-+ };
-+ };\
-+"
-+ LOADABLES="\
-+ loadables = \"script@1\";\
-+"
-+ SIGN_IMAGES="\
-+ sign-images = \"fdt\", \"kernel\", \"loadables\";\
-+"
-+else
-+ SIGN_IMAGES="\
-+ sign-images = \"fdt\", \"kernel\";\
-+"
-+fi
-+
-+# Conditionally create signature information
-+if [ -n "${KEY_NAME_HINT}" ]; then
-+ SIGNATURE="\
-+ signature {
-+ algo = \"sha1,rsa2048\";
-+ key-name-hint = \"${KEY_NAME_HINT}\";
-+${SIGN_IMAGES}
-+ };\
-+"
-+fi
-+
-+# Conditionally create anti-rollback version information
-+if [ -n "${AR_VER}" ]; then
-+ FW_AR_VER="\
-+ fw_ar_ver = <${AR_VER}>;\
-+"
-+fi
-+
- # Create a default, fully populated DTS file
- DATA="/dts-v1/;
-
-@@ -157,14 +214,18 @@ DATA="/dts-v1/;
- };
- };
- ${FDT_NODE}
-+${SCRIPT}
- };
-
- configurations {
- default = \"${CONFIG}\";
- ${CONFIG} {
- description = \"OpenWrt\";
-+${FW_AR_VER}
-+${LOADABLES}
- kernel = \"kernel@1\";
- ${FDT_PROP}
-+${SIGNATURE}
- };
- };
- };"
---- a/target/linux/mediatek/image/Makefile
-+++ b/target/linux/mediatek/image/Makefile
-@@ -16,6 +16,55 @@ define Build/sysupgrade-emmc
- $(IMAGE_ROOTFS)
- endef
-
-+# build squashfs-hashed
-+define Build/squashfs-hashed
-+ $(CP) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME)) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed
-+ $(TOPDIR)/scripts/make-squashfs-hashed.sh \
-+ $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed \
-+ $(STAGING_DIR_HOST) \
-+ $(TOPDIR) \
-+ $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary
-+ cat $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary | \
-+ $(TOPDIR)/scripts/prepare-dm-verity-uboot-script.sh \
-+ "$(HASHED_BOOT_DEVICE)" \
-+ "$(BASIC_KERNEL_CMDLINE)" \
-+ > $(KDIR)/$(DEVICE_NAME)-u-boot-script
-+endef
-+
-+# build fw-ar-ver
-+get_fw_ar_ver = \
-+ $(if $(wildcard $(2)),$(shell rm -rf $(2))) \
-+ $(if $(wildcard $(1)),$(info $(shell $(STAGING_DIR_HOST)/bin/ar-tool fw_ar_table create_ar_conf $(1) $(2)))) \
-+ $(if $(wildcard $(2)),$(eval include $(2))) \
-+ $(if $(FW_AR_VER),$(info FW_AR_VER = $(FW_AR_VER)))
-+
-+define Build/fw-ar-ver
-+ $(call get_fw_ar_ver,$(ANTI_ROLLBACK_TABLE),$(AUTO_AR_CONF))
-+endef
-+
-+# build signed fit
-+define Build/fit-sign
-+ $(TOPDIR)/scripts/mkits.sh \
-+ -D $(DEVICE_NAME) \
-+ -o $@.its \
-+ -k $@ \
-+ $(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \
-+ -a $(KERNEL_LOADADDR) \
-+ -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
-+ -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
-+ -A $(LINUX_KARCH) \
-+ -v $(LINUX_VERSION) \
-+ -s $(KDIR)/$(DEVICE_NAME)-u-boot-script \
-+ $(if $(FIT_KEY_NAME),-S $(FIT_KEY_NAME)) \
-+ $(if $(FW_AR_VER),-r $(FW_AR_VER))
-+ PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage \
-+ -f $@.its \
-+ $(if $(FIT_KEY_DIR),-k $(FIT_KEY_DIR)) \
-+ -r \
-+ $@.new
-+ @mv $@.new $@
-+endef
-+
- # default all platform image(fit) build
- define Device/Default
- PROFILES = Default $$(DEVICE_NAME)
-@@ -29,6 +78,8 @@ define Device/Default
- IMAGES := sysupgrade.bin
- IMAGE/sysupgrade.bin := append-kernel | pad-to 128k | append-rootfs | \
- pad-rootfs | append-metadata
-+ FIT_KEY_DIR :=
-+ FIT_KEY_NAME :=
- endef
-
- include $(SUBTARGET).mk
diff --git a/openwrt_patches-21.02/9990-fit-replace-@-with--.patch b/openwrt_patches-21.02/9990-fit-replace-@-with--.patch
index 8a9f5f8..b73f9c3 100644
--- a/openwrt_patches-21.02/9990-fit-replace-@-with--.patch
+++ b/openwrt_patches-21.02/9990-fit-replace-@-with--.patch
@@ -1,8 +1,8 @@
diff --git a/scripts/mkits.sh b/scripts/mkits.sh
-index 42a8818..9cb1407 100755
+index bb629d6..547a4eb 100755
--- a/scripts/mkits.sh
+++ b/scripts/mkits.sh
-@@ -72,27 +72,27 @@ ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
+@@ -65,21 +65,21 @@ ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
# Conditionally create fdt information
if [ -n "${DTB}" ]; then
FDT_NODE="
@@ -27,35 +27,8 @@
+ FDT_PROP="fdt = \"fdt-$FDTNUM\";"
fi
- # Conditionally create script information
- if [ -n "${UBOOT_SCRIPT}" ]; then
- SCRIPT="\
-- script@1 {
-+ script-1 {
- description = \"U-Boot Script\";
- data = /incbin/(\"${UBOOT_SCRIPT}\");
- type = \"script\";
-@@ -101,16 +101,16 @@ if [ -n "${UBOOT_SCRIPT}" ]; then
- load = <0>;
- entry = <0>;
- compression = \"none\";
-- hash@1 {
-+ hash-1 {
- algo = \"crc32\";
- };
-- hash@2 {
-+ hash-2 {
- algo = \"sha1\";
- };
- };\
- "
- LOADABLES="\
-- loadables = \"script@1\";\
-+ loadables = \"script-1\";\
- "
- SIGN_IMAGES="\
- sign-images = \"fdt\", \"kernel\", \"loadables\";\
-@@ -147,7 +147,7 @@ DATA="/dts-v1/;
+ # Create a default, fully populated DTS file
+@@ -90,7 +90,7 @@ DATA="/dts-v1/;
#address-cells = <1>;
images {
@@ -64,7 +37,7 @@
description = \"${ARCH_UPPER} OpenWrt Linux-${VERSION}\";
data = /incbin/(\"${KERNEL}\");
type = \"kernel\";
-@@ -156,10 +156,10 @@ DATA="/dts-v1/;
+@@ -99,10 +99,10 @@ DATA="/dts-v1/;
compression = \"${COMPRESS}\";
load = <${LOAD_ADDR}>;
entry = <${ENTRY_ADDR}>;
@@ -77,15 +50,15 @@
algo = \"sha1\";
};
};
-@@ -173,7 +173,7 @@ ${SCRIPT}
+@@ -113,7 +113,7 @@ ${FDT_NODE}
+ default = \"${CONFIG}\";
+ ${CONFIG} {
description = \"OpenWrt\";
- ${FIT_AR_VER}
- ${LOADABLES}
- kernel = \"kernel@1\";
+ kernel = \"kernel-1\";
${FDT_PROP}
- ${SIGNATURE}
};
+ };
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 51e7459..5a3f624 100644
--- a/include/image-commands.mk
diff --git a/openwrt_patches-21.02/9991-fit-secure-boot-and-anti-rollback-support.patch b/openwrt_patches-21.02/9991-fit-secure-boot-and-anti-rollback-support.patch
new file mode 100644
index 0000000..905e51d
--- /dev/null
+++ b/openwrt_patches-21.02/9991-fit-secure-boot-and-anti-rollback-support.patch
@@ -0,0 +1,117 @@
+diff --git a/scripts/mkits.sh b/scripts/mkits.sh
+index 547a4eb..1075367 100755
+--- a/scripts/mkits.sh
++++ b/scripts/mkits.sh
+@@ -17,6 +17,7 @@
+ usage() {
+ printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")"
+ printf " -v version -k kernel [-D name -n address -d dtb] -o its_file"
++ printf " [-s script] [-S key_name_hint] [-r ar_ver]"
+
+ printf "\n\t-A ==> set architecture to 'arch'"
+ printf "\n\t-C ==> set compression type 'comp'"
+@@ -28,13 +29,16 @@ usage() {
+ printf "\n\t-D ==> human friendly Device Tree Blob 'name'"
+ printf "\n\t-n ==> fdt unit-address 'address'"
+ printf "\n\t-d ==> include Device Tree Blob 'dtb'"
+- printf "\n\t-o ==> create output file 'its_file'\n"
++ printf "\n\t-o ==> create output file 'its_file'"
++ printf "\n\t-s ==> include u-boot script 'script'"
++ printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'"
++ printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)\n"
+ exit 1
+ }
+
+ FDTNUM=1
+
+-while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION
++while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:" OPTION
+ do
+ case $OPTION in
+ A ) ARCH=$OPTARG;;
+@@ -48,6 +52,9 @@ do
+ n ) FDTNUM=$OPTARG;;
+ o ) OUTPUT=$OPTARG;;
+ v ) VERSION=$OPTARG;;
++ s ) UBOOT_SCRIPT=$OPTARG;;
++ S ) KEY_NAME_HINT=$OPTARG;;
++ r ) AR_VER=$OPTARG;;
+ * ) echo "Invalid option passed to '$0' (options:$*)"
+ usage;;
+ esac
+@@ -82,6 +89,56 @@ if [ -n "${DTB}" ]; then
+ FDT_PROP="fdt = \"fdt-$FDTNUM\";"
+ fi
+
++# Conditionally create script information
++if [ -n "${UBOOT_SCRIPT}" ]; then
++ SCRIPT="\
++ script-1 {
++ description = \"U-Boot Script\";
++ data = /incbin/(\"${UBOOT_SCRIPT}\");
++ type = \"script\";
++ arch = \"${ARCH}\";
++ os = \"linux\";
++ load = <0>;
++ entry = <0>;
++ compression = \"none\";
++ hash-1 {
++ algo = \"crc32\";
++ };
++ hash-2 {
++ algo = \"sha1\";
++ };
++ };\
++"
++ LOADABLES="\
++ loadables = \"script-1\";\
++"
++ SIGN_IMAGES="\
++ sign-images = \"fdt\", \"kernel\", \"loadables\";\
++"
++else
++ SIGN_IMAGES="\
++ sign-images = \"fdt\", \"kernel\";\
++"
++fi
++
++# Conditionally create signature information
++if [ -n "${KEY_NAME_HINT}" ]; then
++ SIGNATURE="\
++ signature {
++ algo = \"sha1,rsa2048\";
++ key-name-hint = \"${KEY_NAME_HINT}\";
++${SIGN_IMAGES}
++ };\
++"
++fi
++
++# Conditionally create anti-rollback version information
++if [ -n "${AR_VER}" ]; then
++ FW_AR_VER="\
++ fw_ar_ver = <${AR_VER}>;\
++"
++fi
++
+ # Create a default, fully populated DTS file
+ DATA="/dts-v1/;
+
+@@ -107,14 +164,18 @@ DATA="/dts-v1/;
+ };
+ };
+ ${FDT_NODE}
++${SCRIPT}
+ };
+
+ configurations {
+ default = \"${CONFIG}\";
+ ${CONFIG} {
+ description = \"OpenWrt\";
++${FW_AR_VER}
++${LOADABLES}
+ kernel = \"kernel-1\";
+ ${FDT_PROP}
++${SIGNATURE}
+ };
+ };
+ };"