Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / d38f89c490ce5e3e01379fb09e16809c2bce7669 / . / autobuild_mac80211_release / openwrt_patches-21.02 / mtk_soc / 0910-fsek-encrypt-rfsk-and-patch-dm-crypt.patch
blob: 7aca849887d72b06c1827775774bf12ce427235f [file] [log] [blame]
developer23f9f0f2023-06-15 13:06:25 +0800[diff] [blame]1diff --git a/include/image.mk b/include/image.mk
2index 92d343c..f93fb01 100644
3--- a/include/image.mk
4+++ b/include/image.mk
5@@ -440,6 +440,8 @@ else
6 DEVICE_CHECK_PROFILE = $(CONFIG_TARGET_$(if $(CONFIG_TARGET_MULTI_PROFILE),DEVICE_)$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_$(1))
7 endif
8
9+ROOTFS_ENCRYPT = $(if $(ROE_KEY_DIR),$(wildcard $(ROE_KEY_DIR)/$(ROE_KEY_NAME).key),)
10+
11 DEVICE_CHECK_FIT_KEY = $(if $(wildcard $(FIT_KEY_DIR)/$(FIT_KEY_NAME).key),install-images,install-disabled)
12 DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-images)
13
14diff --git a/target/linux/mediatek/image/Makefile b/target/linux/mediatek/image/Makefile
15index 20e5977..52c266e 100644
16--- a/target/linux/mediatek/image/Makefile
17+++ b/target/linux/mediatek/image/Makefile
18@@ -16,6 +16,14 @@ define Build/sysupgrade-emmc
19 $(IMAGE_ROOTFS)
20 endef
21
22+define Build/fdt-patch-dm-crypt
23+ BIN=$(STAGING_DIR_HOST)/bin \
24+ LIBFDT_PATH=$(STAGING_DIR_HOST)/lib \
25+ $(TOPDIR)/scripts/fdt-patch-dm-crypt.sh \
26+ $(KDIR)/image-sb-$(firstword $(DEVICE_DTS)).dtb \
27+ $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary-$(firstword $(DEVICE_DTS))
28+endef
29+
30 # build squashfs-hashed
31 define Build/squashfs-hashed
32 $(CP) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME)) $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-$(firstword $(DEVICE_DTS))
33@@ -27,6 +35,7 @@ define Build/squashfs-hashed
34 fdt-patch-dm-verify $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-summary-$(firstword $(DEVICE_DTS)) \
35 $(KDIR)/image-$(firstword $(DEVICE_DTS)).dtb $(KDIR)/image-sb-$(firstword $(DEVICE_DTS)).dtb \
36 $(HASHED_BOOT_DEVICE)
37+ $(if $(ROOTFS_ENCRYPT),$(call Build/fdt-patch-dm-crypt))
38 endef
39
40 # build fw-ar-ver
41@@ -40,6 +49,30 @@ define Build/fw-ar-ver
42 $(call get_fw_ar_ver,$(ANTI_ROLLBACK_TABLE),$(AUTO_AR_CONF))
43 endef
44
45+define Build/rfsk-encrypt
46+ BIN=$(STAGING_DIR_HOST)/bin \
47+ $(TOPDIR)/scripts/enc-rfsk.sh \
48+ -d $(ROE_KEY_DIR) \
49+ -f $@ \
50+ -k $(ROE_KEY_DIR)/$(ROE_KEY_NAME) \
51+ -s $(dir $@)
52+endef
53+
54+define Build/fit-secret
55+ BIN=$(STAGING_DIR_HOST)/bin \
56+ LIBFDT_PATH=$(STAGING_DIR_HOST)/lib \
57+ $(TOPDIR)/scripts/enc-rfsk.sh \
58+ -c "config-1" \
59+ -d $(ROE_KEY_DIR) \
60+ -f $@ \
61+ -k $(ROE_KEY_DIR)/$(ROE_KEY_NAME) \
62+ -s $(dir $@)
63+endef
64+
65+define Build/rootfs-encrypt
66+ $(if $(ROOTFS_ENCRYPT),$(call Build/rfsk-encrypt))
67+endef
68+
69 # build signed fit
70 define Build/fit-sign
71 $(TOPDIR)/scripts/mkits.sh \
72@@ -54,13 +87,18 @@ define Build/fit-sign
73 -v $(LINUX_VERSION) \
74 $(if $(FIT_KEY_NAME),-S $(FIT_KEY_NAME)) \
75 $(if $(FW_AR_VER),-r $(FW_AR_VER)) \
76- $(if $(CONFIG_TARGET_ROOTFS_SQUASHFS),-R $(ROOTFS/squashfs/$(DEVICE_NAME)))
77+ $(if $(CONFIG_TARGET_ROOTFS_SQUASHFS), \
78+ $(if $(ROOTFS_ENCRYPT), \
79+ -R $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME))-hashed-$(firstword $(DEVICE_DTS)), \
80+ -R $(ROOTFS/$(FILESYSTEMS)/$(DEVICE_NAME)))) \
81+ $(if $(ROOTFS_ENCRYPT),-m $(addsuffix -rfsk.enc,$(basename $@)))
82 PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage \
83 -f $@.its \
84 $(if $(FIT_KEY_DIR),-k $(FIT_KEY_DIR)) \
85 -r \
86 $@.new
87 @mv $@.new $@
88+ $(if $(ROOTFS_ENCRYPT),$(call Build/fit-secret))
89 endef
90
91 # default all platform image(fit) build
92@@ -78,6 +116,8 @@ define Device/Default
93 pad-rootfs | append-metadata
94 FIT_KEY_DIR :=
95 FIT_KEY_NAME :=
96+ ROE_KEY_DIR :=
97+ ROE_KEY_NAME :=
98 endef
99
100 include $(SUBTARGET).mk