| inherit hsm-sign-env |
| |
| python __anonymous () { |
| spmfwtype = d.getVar('SPMFW_IMAGETYPE', True) |
| if spmfwtype == 'fitImage': |
| depends = d.getVar("DEPENDS", True) |
| depends = "%s u-boot-mkimage-native lz4-native dtc-native " % depends |
| d.setVar("DEPENDS", depends) |
| } |
| |
| # |
| # Emit the fitImage ITS header |
| # |
| fitimage_emit_fit_header() { |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| /dts-v1/; |
| |
| / { |
| description = "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"; |
| #address-cells = <1>; |
| EOF |
| } |
| |
| # |
| # Emit the fitImage section bits |
| # |
| # $1 ... Section bit type: imagestart - image section start |
| # confstart - configuration section start |
| # sectend - section end |
| # fitend - fitimage end |
| # |
| fitimage_emit_section_maint() { |
| case $1 in |
| imagestart) |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| |
| images { |
| EOF |
| ;; |
| confstart) |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| |
| configurations { |
| EOF |
| ;; |
| sectend) |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| }; |
| EOF |
| ;; |
| fitend) |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| }; |
| EOF |
| ;; |
| esac |
| } |
| |
| # |
| # Emit the fitImage ITS spm section |
| # |
| # $1 ... Path to spmfw image |
| # $2 ... Compression type |
| fitimage_emit_section_spmfw() { |
| |
| if [ -n "${IMAGE_HASH_ALGO}" ] ; then |
| spmfw_csum="${IMAGE_HASH_ALGO}" |
| else |
| spmfw_csum="sha256" |
| fi |
| |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| spmfw@1 { |
| description = "SPM firmware"; |
| data = /incbin/("${1}"); |
| type = "kernel"; |
| arch = "arm"; |
| os = "linux"; |
| compression = "${2}"; |
| load = <${SPMFW_LOADADDRESS}>; |
| entry = <${SPMFW_ENTRYPOINT}>; |
| hash@1 { |
| algo = "${spmfw_csum}"; |
| }; |
| }; |
| EOF |
| } |
| |
| # |
| # Emit the fitImage ITS configuration section |
| # |
| # $1 ... spmfw image ID |
| fitimage_emit_section_config() { |
| |
| if [ -n "${VB_HASH_ALGO}" -a -n "${VB_RSA_ALGO}" ] ; then |
| conf_csum="${VB_HASH_ALGO},${VB_RSA_ALGO}" |
| else |
| conf_csum="sha256,rsa2048" |
| fi |
| conf_key_name="dev" |
| conf_desc="spmfw configuration" |
| |
| spmfw_line="kernel = \"spmfw@1\";" |
| sign_images_line="sign-images = \"kernel\";" |
| |
| cat << EOF >> ${WORKDIR}/fit-image.its |
| default = "conf@1"; |
| conf@1 { |
| description = "${conf_desc}"; |
| ${spmfw_line} |
| signature@1 { |
| algo = "${conf_csum}"; |
| key-name-hint="${conf_key_name}"; |
| ${sign_images_line} |
| }; |
| }; |
| EOF |
| } |
| |
| do_assemble_fitimage() { |
| rm -f ${WORKDIR}/fit-image.its |
| |
| fitimage_emit_fit_header |
| |
| # |
| # Step 1: Prepare a spmfw image section. |
| # |
| fitimage_emit_section_maint imagestart |
| |
| fitimage_emit_section_spmfw ${SPMFW_OUT}/${SPMFW_BINARY_SELECT} ${SPMFW_COMPRESS} |
| |
| fitimage_emit_section_maint sectend |
| |
| # |
| # Step 2: Prepare a configurations section |
| # |
| fitimage_emit_section_maint confstart |
| |
| fitimage_emit_section_config |
| |
| fitimage_emit_section_maint sectend |
| |
| fitimage_emit_section_maint fitend |
| |
| # |
| # Step 3: Assemble the image |
| # |
| ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${SPMFW_OUT}/${SPMFW_BINARY} |
| |
| if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then |
| if [ "${STANDALONE_SIGN_PREPARE}" = "yes" ];then |
| exit 0 |
| fi |
| mkdir -p ./mykeys |
| cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt |
| cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key |
| ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${SPMFW_OUT}/${SPMFW_BINARY} |
| fi |
| } |
| |
| addtask assemble_fitimage before do_install after do_compile |