rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | inherit hsm-sign-env
|
| 2 |
|
| 3 | python __anonymous () {
|
| 4 | depends = d.getVar("DEPENDS", True)
|
| 5 | depends = "%s u-boot-mkimage-native dtc-native" % depends
|
| 6 | d.setVar("DEPENDS", depends)
|
| 7 | }
|
| 8 |
|
| 9 | #
|
| 10 | # Emit the fitImage ITS header
|
| 11 | #
|
| 12 | fitimage_emit_fit_header() {
|
| 13 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 14 | /dts-v1/;
|
| 15 |
|
| 16 | / {
|
| 17 | description = "SSPM fitImage";
|
| 18 | #address-cells = <1>;
|
| 19 | EOF
|
| 20 | }
|
| 21 |
|
| 22 | #
|
| 23 | # Emit the fitImage section bits
|
| 24 | #
|
| 25 | # $1 ... Section bit type: imagestart - image section start
|
| 26 | # confstart - configuration section start
|
| 27 | # sectend - section end
|
| 28 | # fitend - fitimage end
|
| 29 | #
|
| 30 | fitimage_emit_section_maint() {
|
| 31 | case $1 in
|
| 32 | imagestart)
|
| 33 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 34 |
|
| 35 | images {
|
| 36 | EOF
|
| 37 | ;;
|
| 38 | confstart)
|
| 39 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 40 |
|
| 41 | configurations {
|
| 42 | EOF
|
| 43 | ;;
|
| 44 | sectend)
|
| 45 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 46 | };
|
| 47 | EOF
|
| 48 | ;;
|
| 49 | fitend)
|
| 50 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 51 | };
|
| 52 | EOF
|
| 53 | ;;
|
| 54 | esac
|
| 55 | }
|
| 56 |
|
| 57 | #
|
| 58 | # Emit the fitImage ITS sspm section
|
| 59 | #
|
| 60 | # $1 ... Path to sspm image
|
| 61 | # $2 ... Compression type
|
| 62 | fitimage_emit_section_sspm() {
|
| 63 |
|
| 64 | if [ -n "${IMAGE_HASH_ALGO}" ] ; then
|
| 65 | sspm_csum="${IMAGE_HASH_ALGO}"
|
| 66 | else
|
| 67 | sspm_csum="sha256"
|
| 68 | fi
|
| 69 |
|
| 70 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 71 | sspm@1 {
|
| 72 | description = "SSPM firmware";
|
| 73 | data = /incbin/("${1}");
|
| 74 | type = "kernel";
|
| 75 | arch = "arm";
|
| 76 | os = "linux";
|
| 77 | compression = "${2}";
|
| 78 | load = <${SSPM_LOADADDRESS}>;
|
| 79 | entry = <${SSPM_ENTRYPOINT}>;
|
| 80 | hash@1 {
|
| 81 | algo = "${sspm_csum}";
|
| 82 | };
|
| 83 | };
|
| 84 | EOF
|
| 85 | }
|
| 86 |
|
| 87 | #
|
| 88 | # Emit the fitImage ITS configuration section
|
| 89 | #
|
| 90 | # $1 ... sspm image ID
|
| 91 | fitimage_emit_section_config() {
|
| 92 |
|
| 93 | if [ -n "${VB_HASH_ALGO}" -a -n "${VB_RSA_ALGO}" ] ; then
|
| 94 | conf_csum="${VB_HASH_ALGO},${VB_RSA_ALGO}"
|
| 95 | else
|
| 96 | conf_csum="sha256,rsa2048"
|
| 97 | fi
|
| 98 | conf_key_name="dev"
|
| 99 | conf_desc="sspm configuration"
|
| 100 |
|
| 101 | sspm_line="kernel = \"sspm@1\";"
|
| 102 | sign_images_line="sign-images = \"kernel\";"
|
| 103 |
|
| 104 | cat << EOF >> ${WORKDIR}/fit-image.its
|
| 105 | default = "conf@1";
|
| 106 | conf@1 {
|
| 107 | description = "${conf_desc}";
|
| 108 | ${sspm_line}
|
| 109 | signature@1 {
|
| 110 | algo = "${conf_csum}";
|
| 111 | key-name-hint="${conf_key_name}";
|
| 112 | ${sign_images_line}
|
| 113 | };
|
| 114 | };
|
| 115 | EOF
|
| 116 | }
|
| 117 |
|
| 118 | do_assemble_fitimage() {
|
| 119 |
|
| 120 | rm -f ${WORKDIR}/fit-image.its
|
| 121 |
|
| 122 | fitimage_emit_fit_header
|
| 123 |
|
| 124 | #
|
| 125 | # Step 1: Prepare a sspm image section.
|
| 126 | #
|
| 127 | fitimage_emit_section_maint imagestart
|
| 128 |
|
| 129 | fitimage_emit_section_sspm ${SSPM_OUT}/${SSPM_BINARY} ${SSPM_COMPRESS}
|
| 130 |
|
| 131 | fitimage_emit_section_maint sectend
|
| 132 |
|
| 133 | #
|
| 134 | # Step 2: Prepare a configurations section
|
| 135 | #
|
| 136 | fitimage_emit_section_maint confstart
|
| 137 |
|
| 138 | fitimage_emit_section_config
|
| 139 |
|
| 140 | fitimage_emit_section_maint sectend
|
| 141 |
|
| 142 | fitimage_emit_section_maint fitend
|
| 143 |
|
| 144 | #
|
| 145 | # Step 3: Assemble the image
|
| 146 | #
|
| 147 | ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${WORKDIR}/${SSPM_IMAGE}
|
| 148 |
|
| 149 | if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then
|
| 150 | if [ "${STANDALONE_SIGN_PREPARE}" = "yes" ];then
|
| 151 | exit 0
|
| 152 | fi
|
| 153 | mkdir -p ./mykeys
|
| 154 | cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt
|
| 155 | cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key
|
| 156 | ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${SSPM_IMAGE}
|
| 157 | fi
|
| 158 | }
|
| 159 |
|
| 160 | addtask assemble_fitimage before do_deploy after do_install
|
| 161 |
|