@@ -90,26 +90,75 @@ KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}"
python() {
# We need u-boot-tools-native if we're creating a U-Boot fitImage
- sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
- if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
+ if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or d.getVar('UBOOT_SIGN_ENABLE') == '1':
d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
- if sign:
- d.appendVar('DEPENDS', " " + d.getVar('KERNEL_PN'))
}
+# Create a dummy U-boot FIT and use that as input to mkimage when we want to
+# add the public key used to sign the Linux FIT to the U-Boot dtb.
+uboot_dtb_add_keys() {
+ # First we create an ITS script
+ cat << EOF > dummy.its
+/dts-v1/;
+
+/ {
+ description = "Dummy U-Boot its";
+
+ images {
+ uboot {
+ description = "U-Boot image";
+ data = /incbin/("${UBOOT_NODTB_BINARY}");
+ type = "standalone";
+ os = "u-boot";
+ arch = "${UBOOT_ARCH}";
+ compression = "none";
+ load = <${UBOOT_LOADADDRESS}>;
+ entry = <${UBOOT_ENTRYPOINT}>;
+ signature {
+ algo = "${FIT_HASH_ALG},${FIT_SIGN_ALG}";
+ key-name-hint = "${UBOOT_SIGN_KEYNAME}";
+ };
+ };
+ };
+
+ configurations {
+ default = "conf";
+ conf {
+ description = "Boot with signed U-Boot FIT";
+ loadables = "uboot";
+ };
+ };
+};
+EOF
+
+ #
+ # Assemble the Dummy FIT image
+ #
+ ${UBOOT_MKIMAGE} \
+ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
+ -f dummy.its \
+ dummy-fitImage
+
+ #
+ # Sign the Dummy FIT image to add public key to the U-Boot dtb
+ #
+ ${UBOOT_MKIMAGE_SIGN} \
+ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
+ -F -k "${UBOOT_SIGN_KEYDIR}" \
+ -K "${UBOOT_DTB_BINARY}" \
+ -r ${B}/dummy-fitImage \
+ ${UBOOT_MKIMAGE_SIGN_ARGS}
+ cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
+}
+
+
+
concat_dtb() {
type="$1"
binary="$2"
if [ -e "${UBOOT_DTB_BINARY}" ]; then
- # Re-sign the kernel in order to add the keys to our dtb
- ${UBOOT_MKIMAGE_SIGN} \
- ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
- -F -k "${UBOOT_SIGN_KEYDIR}" \
- -K "${UBOOT_DTB_BINARY}" \
- -r ${B}/fitImage-linux \
- ${UBOOT_MKIMAGE_SIGN_ARGS}
- cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
+ uboot_dtb_add_keys
fi
# If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
@@ -336,10 +385,6 @@ uboot_assemble_fitimage_helper() {
}
do_uboot_assemble_fitimage() {
- if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
- cp "${STAGING_DIR_HOST}/sysroot-only/fitImage" "${B}/fitImage-linux"
- fi
-
if [ -n "${UBOOT_CONFIG}" ]; then
unset i j k
for config in ${UBOOT_MACHINE}; do
This commit creates a dummy fitImage to feed to mkimage when adding the public key to the U-Boot dtb. This instead of using the Linux fitImage. The dependency on Linux fitImage availability from U-Boot recipes can then be removed, breaking a dependecy loop created when trying to add a boot script to a signed Linux fitImage. Signed-off-by: David Wretman <david.wretman@ferroamp.se> --- meta/classes-recipe/uboot-sign.bbclass | 77 ++++++++++++++++++++------ 1 file changed, 61 insertions(+), 16 deletions(-)