mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-08 01:36:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dadccd9e67d831cfda17035472c41de484ed1c1
poky/meta/classes-recipe/uboot-sign.bbclass
Jamin Lin 13d83810b8 uboot-sign: Add support for setting firmware property in FIT configuration 
Add the ability to set the "firmware" property in the FIT configuration node
by introducing the UBOOT_FIT_CONF_FIRMWARE variable.

This property defines the primary image to be executed during boot. If it is
set, its value will be written into the FIT configuration under the "firmware"
field. If not set, the bootloader will fall back to using the first entry in
the "loadables" list.

Using this property improves control over the boot sequence, especially in
multi-binary boot scenarios.

(From OE-Core rev: 82e1d7cbc855dbe4bec93f9b049851cbe376ea5e)

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-05-22 14:36:49 +01:00

618 lines
19 KiB
Plaintext
Raw Blame History

#
# Copyright OpenEmbedded Contributors
#
# SPDX-License-Identifier: MIT
#
# This file is part of U-Boot verified boot support and is intended to be
# inherited from the u-boot recipe.
#
# The signature procedure requires the user to generate an RSA key and
# certificate in a directory and to define the following variable:
#
# UBOOT_SIGN_KEYDIR = "/keys/directory"
# UBOOT_SIGN_KEYNAME = "dev" # keys name in keydir (eg. "dev.crt", "dev.key")
# UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
# UBOOT_SIGN_ENABLE = "1"
#
# As verified boot depends on fitImage generation, following is also required:
#
# KERNEL_CLASSES ?= " kernel-fitimage "
# KERNEL_IMAGETYPE ?= "fitImage"
#
# The signature support is limited to the use of CONFIG_OF_SEPARATE in U-Boot.
#
# For more details on signature process, please refer to U-Boot documentation.
# We need some variables from u-boot-config
inherit uboot-config
require conf/image-fitimage.conf
# Enable use of a U-Boot fitImage
UBOOT_FITIMAGE_ENABLE ?= "0"
# Signature activation - this requires UBOOT_FITIMAGE_ENABLE = "1"
SPL_SIGN_ENABLE ?= "0"
# Default value for deployment filenames.
UBOOT_DTB_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.dtb"
UBOOT_DTB_BINARY ?= "u-boot.dtb"
UBOOT_DTB_SIGNED ?= "${UBOOT_DTB_BINARY}-signed"
UBOOT_DTB_SYMLINK ?= "u-boot-${MACHINE}.dtb"
UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.bin"
UBOOT_NODTB_BINARY ?= "u-boot-nodtb.bin"
UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.bin"
UBOOT_ITS_IMAGE ?= "u-boot-its-${MACHINE}-${PV}-${PR}"
UBOOT_ITS ?= "u-boot.its"
UBOOT_ITS_SYMLINK ?= "u-boot-its-${MACHINE}"
UBOOT_FITIMAGE_IMAGE ?= "u-boot-fitImage-${MACHINE}-${PV}-${PR}"
UBOOT_FITIMAGE_BINARY ?= "u-boot-fitImage"
UBOOT_FITIMAGE_SYMLINK ?= "u-boot-fitImage-${MACHINE}"
SPL_DIR ?= "spl"
SPL_DTB_IMAGE ?= "u-boot-spl-${MACHINE}-${PV}-${PR}.dtb"
SPL_DTB_BINARY ?= "u-boot-spl.dtb"
SPL_DTB_SIGNED ?= "${SPL_DTB_BINARY}-signed"
SPL_DTB_SYMLINK ?= "u-boot-spl-${MACHINE}.dtb"
SPL_NODTB_IMAGE ?= "u-boot-spl-nodtb-${MACHINE}-${PV}-${PR}.bin"
SPL_NODTB_BINARY ?= "u-boot-spl-nodtb.bin"
SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
# U-Boot fitImage description
UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
# U-Boot fitImage Hash Algo
UBOOT_FIT_HASH_ALG ?= "sha256"
# U-Boot fitImage Signature Algo
UBOOT_FIT_SIGN_ALG ?= "rsa2048"
# Generate keys for signing U-Boot fitImage
UBOOT_FIT_GENERATE_KEYS ?= "0"
# Size of private keys in number of bits
UBOOT_FIT_SIGN_NUMBITS ?= "2048"
# args to openssl genrsa (Default is just the public exponent)
UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
# args to openssl req (Default is -batch for non interactive mode and
# -new for new certificate)
UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
# Standard format for public key certificate
UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
# length of address in number of <u32> cells
# ex: 1 32bits address, 2 64bits address
UBOOT_FIT_ADDRESS_CELLS ?= "1"
# ARM Trusted Firmware(ATF) is a reference implementation of secure world
# software for Arm A-Profile architectures, (Armv8-A and Armv7-A), including
# an Exception Level 3 (EL3) Secure Monitor.
UBOOT_FIT_ARM_TRUSTED_FIRMWARE ?= "0"
UBOOT_FIT_ARM_TRUSTED_FIRMWARE_IMAGE ?= "bl31.bin"
# A Trusted Execution Environment(TEE) is an environment for executing code,
# in which those executing the code can have high levels of trust in the asset
# management of that surrounding environment.
UBOOT_FIT_TEE ?= "0"
UBOOT_FIT_TEE_IMAGE ?= "tee-raw.bin"
# User specific settings
UBOOT_FIT_USER_SETTINGS ?= ""
# Sets the firmware property to select the image to boot first.
# If not set, the first entry in "loadables" is used instead.
UBOOT_FIT_CONF_FIRMWARE ?= ""
# Unit name containing a list of users additional binaries to be loaded.
# It is a comma-separated list of strings.
UBOOT_FIT_CONF_USER_LOADABLES ?= ''
UBOOT_FIT_UBOOT_LOADADDRESS ?= "${UBOOT_LOADADDRESS}"
UBOOT_FIT_UBOOT_ENTRYPOINT ?= "${UBOOT_ENTRYPOINT}"
python() {
# We need u-boot-tools-native if we're creating a U-Boot fitImage
sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
if d.getVar('FIT_GENERATE_KEYS') == '1' and sign:
d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' virtual/kernel:do_kernel_generate_rsa_keys')
}
concat_dtb() {
type="$1"
binary="$2"
if [ -e "${UBOOT_DTB_BINARY}" ]; then
# Signing individual images is not recommended as that
# makes fitImage susceptible to mix-and-match attack.
#
# OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner,
# where the resulting signed fitImage contains both signed
# images and signed configurations. This is redundant. In
# order to prevent mix-and-match attack, it is sufficient
# to sign configurations. The FIT_SIGN_INDIVIDUAL = "1"
# support is kept to avoid breakage of existing layers, but
# it is highly recommended to avoid FIT_SIGN_INDIVIDUAL = "1",
# i.e. set FIT_SIGN_INDIVIDUAL = "0" .
if [ "${FIT_SIGN_INDIVIDUAL}" = "1" ] ; then
# Sign dummy image images in order to
# add the image signing keys to our dtb
${UBOOT_MKIMAGE_SIGN} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-f auto \
-k "${UBOOT_SIGN_KEYDIR}" \
-o "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
-g "${UBOOT_SIGN_IMG_KEYNAME}" \
-K "${UBOOT_DTB_BINARY}" \
-d /dev/null \
-r ${B}/unused.itb \
${UBOOT_MKIMAGE_SIGN_ARGS}
fi
# Sign dummy image configurations in order to
# add the configuration signing keys to our dtb
${UBOOT_MKIMAGE_SIGN} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-f auto-conf \
-k "${UBOOT_SIGN_KEYDIR}" \
-o "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
-g "${UBOOT_SIGN_KEYNAME}" \
-K "${UBOOT_DTB_BINARY}" \
-d /dev/null \
-r ${B}/unused.itb \
${UBOOT_MKIMAGE_SIGN_ARGS}
# Verify the dummy fitImage signature against u-boot.dtb
# augmented using public key material.
#
# This only works for FIT_SIGN_INDIVIDUAL = "0", because
# mkimage -f auto-conf does not support -F to extend the
# existing unused.itb , and instead rewrites unused.itb
# from scratch.
#
# Using two separate unused.itb for mkimage -f auto and
# mkimage -f auto-conf invocation above would not help, as
# the signature verification process below checks whether
# all keys inserted into u-boot.dtb /signature node pass
# the verification. Separate unused.itb would each miss one
# of the signatures.
#
# The FIT_SIGN_INDIVIDUAL = "1" support is kept to avoid
# breakage of existing layers, but it is highly recommended
# to not use FIT_SIGN_INDIVIDUAL = "1", i.e. set
# FIT_SIGN_INDIVIDUAL = "0" .
if [ "${FIT_SIGN_INDIVIDUAL}" != "1" ] ; then
${UBOOT_FIT_CHECK_SIGN} \
-k "${UBOOT_DTB_BINARY}" \
-f ${B}/unused.itb
fi
cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
fi
# If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
# with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble)
if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
[ -e "${UBOOT_DTB_BINARY}" ]; then
oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET}
if [ -n "${binary}" ]; then
cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
fi
elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then
if [ -n "${binary}" ]; then
cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \
${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
else
cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} > ${UBOOT_BINARY}
fi
else
bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
fi
fi
}
deploy_dtb() {
type="$1"
if [ -n "${type}" ]; then
uboot_dtb_binary="u-boot-${type}-${PV}-${PR}.dtb"
uboot_nodtb_binary="u-boot-nodtb-${type}-${PV}-${PR}.bin"
else
uboot_dtb_binary="${UBOOT_DTB_IMAGE}"
uboot_nodtb_binary="${UBOOT_NODTB_IMAGE}"
fi
if [ -e "${UBOOT_DTB_SIGNED}" ]; then
install -Dm644 ${UBOOT_DTB_SIGNED} ${DEPLOYDIR}/${uboot_dtb_binary}
if [ -n "${type}" ]; then
ln -sf ${uboot_dtb_binary} ${DEPLOYDIR}/${UBOOT_DTB_IMAGE}
fi
fi
if [ -f "${UBOOT_NODTB_BINARY}" ]; then
install -Dm644 ${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${uboot_nodtb_binary}
if [ -n "${type}" ]; then
ln -sf ${uboot_nodtb_binary} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}
fi
fi
}
concat_spl_dtb() {
if [ -e "${SPL_DIR}/${SPL_NODTB_BINARY}" -a -e "${SPL_DIR}/${SPL_DTB_BINARY}" ] ; then
cat ${SPL_DIR}/${SPL_NODTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED} > "${SPL_BINARY}"
else
bbwarn "Failure while adding public key to spl binary. Verified U-Boot boot won't be available."
fi
}
deploy_spl_dtb() {
type="$1"
if [ -n "${type}" ]; then
spl_dtb_binary="u-boot-spl-${type}-${PV}-${PR}.dtb"
spl_nodtb_binary="u-boot-spl-nodtb-${type}-${PV}-${PR}.bin"
else
spl_dtb_binary="${SPL_DTB_IMAGE}"
spl_nodtb_binary="${SPL_NODTB_IMAGE}"
fi
if [ -e "${SPL_DIR}/${SPL_DTB_SIGNED}" ] ; then
install -Dm644 ${SPL_DIR}/${SPL_DTB_SIGNED} ${DEPLOYDIR}/${spl_dtb_binary}
if [ -n "${type}" ]; then
ln -sf ${spl_dtb_binary} ${DEPLOYDIR}/${SPL_DTB_IMAGE}
fi
fi
if [ -f "${SPL_DIR}/${SPL_NODTB_BINARY}" ] ; then
install -Dm644 ${SPL_DIR}/${SPL_NODTB_BINARY} ${DEPLOYDIR}/${spl_nodtb_binary}
if [ -n "${type}" ]; then
ln -sf ${spl_nodtb_binary} ${DEPLOYDIR}/${SPL_NODTB_IMAGE}
fi
fi
# For backwards compatibility...
install -Dm644 ${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
}
do_uboot_generate_rsa_keys() {
if [ "${SPL_SIGN_ENABLE}" = "0" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
bbwarn "UBOOT_FIT_GENERATE_KEYS is set to 1 eventhough SPL_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
fi
if [ "${SPL_SIGN_ENABLE}" = "1" ] && [ "${UBOOT_FIT_GENERATE_KEYS}" = "1" ]; then
# Generate keys only if they don't already exist
if [ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key ] || \
[ ! -f "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt ]; then
# make directory if it does not already exist
mkdir -p "${SPL_SIGN_KEYDIR}"
echo "Generating RSA private key for signing U-Boot fitImage"
openssl genrsa ${UBOOT_FIT_KEY_GENRSA_ARGS} -out \
"${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
"${UBOOT_FIT_SIGN_NUMBITS}"
echo "Generating certificate for signing U-Boot fitImage"
openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
-key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
-out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
fi
fi
}
addtask uboot_generate_rsa_keys before do_uboot_assemble_fitimage after do_compile
# Create a ITS file for the atf
uboot_fitimage_atf() {
cat << EOF >> ${UBOOT_ITS}
atf {
description = "ARM Trusted Firmware";
data = /incbin/("${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_IMAGE}");
type = "firmware";
arch = "${UBOOT_ARCH}";
os = "arm-trusted-firmware";
load = <${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_LOADADDRESS}>;
entry = <${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_ENTRYPOINT}>;
compression = "none";
EOF
if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
cat << EOF >> ${UBOOT_ITS}
signature {
algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
key-name-hint = "${SPL_SIGN_KEYNAME}";
};
EOF
fi
cat << EOF >> ${UBOOT_ITS}
};
EOF
}
# Create a ITS file for the tee
uboot_fitimage_tee() {
cat << EOF >> ${UBOOT_ITS}
tee {
description = "Trusted Execution Environment";
data = /incbin/("${UBOOT_FIT_TEE_IMAGE}");
type = "tee";
arch = "${UBOOT_ARCH}";
os = "tee";
load = <${UBOOT_FIT_TEE_LOADADDRESS}>;
entry = <${UBOOT_FIT_TEE_ENTRYPOINT}>;
compression = "none";
EOF
if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
cat << EOF >> ${UBOOT_ITS}
signature {
algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
key-name-hint = "${SPL_SIGN_KEYNAME}";
};
EOF
fi
cat << EOF >> ${UBOOT_ITS}
};
EOF
}
# Create a ITS file for the U-boot FIT, for use when
# we want to sign it so that the SPL can verify it
uboot_fitimage_assemble() {
conf_loadables="\"uboot\""
conf_firmware=""
rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY}
# First we create the ITS script
cat << EOF >> ${UBOOT_ITS}
/dts-v1/;
/ {
description = "${UBOOT_FIT_DESC}";
#address-cells = <${UBOOT_FIT_ADDRESS_CELLS}>;
images {
uboot {
description = "U-Boot image";
data = /incbin/("${UBOOT_NODTB_BINARY}");
type = "standalone";
os = "u-boot";
arch = "${UBOOT_ARCH}";
compression = "none";
load = <${UBOOT_FIT_UBOOT_LOADADDRESS}>;
entry = <${UBOOT_FIT_UBOOT_ENTRYPOINT}>;
EOF
if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
cat << EOF >> ${UBOOT_ITS}
signature {
algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
key-name-hint = "${SPL_SIGN_KEYNAME}";
};
EOF
fi
cat << EOF >> ${UBOOT_ITS}
};
fdt {
description = "U-Boot FDT";
data = /incbin/("${UBOOT_DTB_BINARY}");
type = "flat_dt";
arch = "${UBOOT_ARCH}";
compression = "none";
EOF
if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
cat << EOF >> ${UBOOT_ITS}
signature {
algo = "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}";
key-name-hint = "${SPL_SIGN_KEYNAME}";
};
EOF
fi
cat << EOF >> ${UBOOT_ITS}
};
EOF
if [ "${UBOOT_FIT_TEE}" = "1" ] ; then
conf_loadables="\"tee\", ${conf_loadables}"
uboot_fitimage_tee
fi
if [ "${UBOOT_FIT_ARM_TRUSTED_FIRMWARE}" = "1" ] ; then
conf_loadables="\"atf\", ${conf_loadables}"
uboot_fitimage_atf
fi
if [ -n "${UBOOT_FIT_USER_SETTINGS}" ] ; then
printf "%b" "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS}
fi
if [ -n "${UBOOT_FIT_CONF_USER_LOADABLES}" ] ; then
conf_loadables="${conf_loadables}${UBOOT_FIT_CONF_USER_LOADABLES}"
fi
if [ -n "${UBOOT_FIT_CONF_FIRMWARE}" ] ; then
conf_firmware="firmware = \"${UBOOT_FIT_CONF_FIRMWARE}\";"
fi
cat << EOF >> ${UBOOT_ITS}
};
configurations {
default = "conf";
conf {
description = "Boot with signed U-Boot FIT";
${conf_firmware}
loadables = ${conf_loadables};
fdt = "fdt";
};
};
};
EOF
#
# Assemble the U-boot FIT image
#
${UBOOT_MKIMAGE} \
${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
-f ${UBOOT_ITS} \
${UBOOT_FITIMAGE_BINARY}
if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then
#
# Sign the U-boot FIT image and add public key to SPL dtb
#
${UBOOT_MKIMAGE_SIGN} \
${@'-D "${SPL_MKIMAGE_DTCOPTS}"' if len('${SPL_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${SPL_SIGN_KEYDIR}" \
-K "${SPL_DIR}/${SPL_DTB_BINARY}" \
-r ${UBOOT_FITIMAGE_BINARY} \
${SPL_MKIMAGE_SIGN_ARGS}
#
# Verify the U-boot FIT image and SPL dtb
#
${UBOOT_FIT_CHECK_SIGN} \
-k "${SPL_DIR}/${SPL_DTB_BINARY}" \
-f ${UBOOT_FITIMAGE_BINARY}
fi
if [ -e "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
cp ${SPL_DIR}/${SPL_DTB_BINARY} ${SPL_DIR}/${SPL_DTB_SIGNED}
fi
}
uboot_assemble_fitimage_helper() {
type="$1"
binary="$2"
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
concat_dtb "$type" "$binary"
fi
if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
uboot_fitimage_assemble
fi
if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
concat_spl_dtb
fi
}
do_uboot_assemble_fitimage() {
if [ -n "${UBOOT_CONFIG}" ]; then
unset i
for config in ${UBOOT_MACHINE}; do
unset j k
i=$(expr $i + 1);
for type in ${UBOOT_CONFIG}; do
j=$(expr $j + 1);
if [ $j -eq $i ]; then
break;
fi
done
for binary in ${UBOOT_BINARIES}; do
k=$(expr $k + 1);
if [ $k -eq $i ]; then
break;
fi
done
cd ${B}/${config}
uboot_assemble_fitimage_helper ${type} ${binary}
done
else
cd ${B}
uboot_assemble_fitimage_helper "" ${UBOOT_BINARY}
fi
}
addtask uboot_assemble_fitimage before do_install do_deploy after do_compile
deploy_helper() {
type="$1"
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_SIGNED}" ] ; then
deploy_dtb $type
fi
if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
if [ -n "${type}" ]; then
uboot_its_image="u-boot-its-${type}-${PV}-${PR}"
uboot_fitimage_image="u-boot-fitImage-${type}-${PV}-${PR}"
else
uboot_its_image="${UBOOT_ITS_IMAGE}"
uboot_fitimage_image="${UBOOT_FITIMAGE_IMAGE}"
fi
install -Dm644 ${UBOOT_FITIMAGE_BINARY} ${DEPLOYDIR}/$uboot_fitimage_image
install -Dm644 ${UBOOT_ITS} ${DEPLOYDIR}/$uboot_its_image
if [ -n "${type}" ]; then
ln -sf $uboot_its_image ${DEPLOYDIR}/${UBOOT_ITS_IMAGE}
ln -sf $uboot_fitimage_image ${DEPLOYDIR}/${UBOOT_FITIMAGE_IMAGE}
fi
fi
if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_SIGNED}" ] ; then
deploy_spl_dtb $type
fi
}
do_deploy:prepend() {
if [ -n "${UBOOT_CONFIG}" ]; then
unset i j k
for config in ${UBOOT_MACHINE}; do
i=$(expr $i + 1);
for type in ${UBOOT_CONFIG}; do
j=$(expr $j + 1);
if [ $j -eq $i ]; then
cd ${B}/${config}
deploy_helper ${type}
fi
done
unset j
done
unset i
else
cd ${B}
deploy_helper ""
fi
if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY}
ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK}
ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_SYMLINK}
ln -sf ${UBOOT_NODTB_IMAGE} ${DEPLOYDIR}/${UBOOT_NODTB_BINARY}
fi
if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS}
ln -sf ${UBOOT_ITS_IMAGE} ${DEPLOYDIR}/${UBOOT_ITS_SYMLINK}
ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_BINARY}
ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_FITIMAGE_SYMLINK}
fi
if [ "${SPL_SIGN_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ] ; then
ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_SYMLINK}
ln -sf ${SPL_DTB_IMAGE} ${DEPLOYDIR}/${SPL_DTB_BINARY}
ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_SYMLINK}
ln -sf ${SPL_NODTB_IMAGE} ${DEPLOYDIR}/${SPL_NODTB_BINARY}
fi
}
do_deploy:append() {
# If we're creating a u-boot fitImage, point u-boot.bin
# symlink since it might get used by image recipes
if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" ] ; then
ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_BINARY}
ln -sf ${UBOOT_FITIMAGE_IMAGE} ${DEPLOYDIR}/${UBOOT_SYMLINK}
fi
}
Reference in New Issue View Git Blame Copy Permalink