blob: 75fca5974a6c21fa63c2793d4a83c6fbe1c5441a [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +08001inherit hsm-sign-env
2
3python __anonymous () {
4 depends = d.getVar("DEPENDS", True)
5 depends = "%s u-boot-mkimage-native dtc-native" % depends
6 d.setVar("DEPENDS", depends)
7}
8
9#
10# Emit the fitImage ITS header
11#
12fitimage_emit_fit_header() {
13 cat << EOF >> ${WORKDIR}/fit-image.its
14/dts-v1/;
15
16/ {
17 description = "SSPM fitImage";
18 #address-cells = <1>;
19EOF
20}
21
22#
23# Emit the fitImage section bits
24#
25# $1 ... Section bit type: imagestart - image section start
26# confstart - configuration section start
27# sectend - section end
28# fitend - fitimage end
29#
30fitimage_emit_section_maint() {
31 case $1 in
32 imagestart)
33 cat << EOF >> ${WORKDIR}/fit-image.its
34
35 images {
36EOF
37 ;;
38 confstart)
39 cat << EOF >> ${WORKDIR}/fit-image.its
40
41 configurations {
42EOF
43 ;;
44 sectend)
45 cat << EOF >> ${WORKDIR}/fit-image.its
46 };
47EOF
48 ;;
49 fitend)
50 cat << EOF >> ${WORKDIR}/fit-image.its
51};
52EOF
53 ;;
54 esac
55}
56
57#
58# Emit the fitImage ITS sspm section
59#
60# $1 ... Path to sspm image
61# $2 ... Compression type
62fitimage_emit_section_sspm() {
63
64 if [ -n "${IMAGE_HASH_ALGO}" ] ; then
65 sspm_csum="${IMAGE_HASH_ALGO}"
66 else
67 sspm_csum="sha256"
68 fi
69
70 cat << EOF >> ${WORKDIR}/fit-image.its
71 sspm@1 {
72 description = "SSPM firmware";
73 data = /incbin/("${1}");
74 type = "kernel";
75 arch = "arm";
76 os = "linux";
77 compression = "${2}";
78 load = <${SSPM_LOADADDRESS}>;
79 entry = <${SSPM_ENTRYPOINT}>;
80 hash@1 {
81 algo = "${sspm_csum}";
82 };
83 };
84EOF
85}
86
87#
88# Emit the fitImage ITS configuration section
89#
90# $1 ... sspm image ID
91fitimage_emit_section_config() {
92
93 if [ -n "${VB_HASH_ALGO}" -a -n "${VB_RSA_ALGO}" ] ; then
94 conf_csum="${VB_HASH_ALGO},${VB_RSA_ALGO}"
95 else
96 conf_csum="sha256,rsa2048"
97 fi
98 conf_key_name="dev"
99 conf_desc="sspm configuration"
100
101 sspm_line="kernel = \"sspm@1\";"
102 sign_images_line="sign-images = \"kernel\";"
103
104 cat << EOF >> ${WORKDIR}/fit-image.its
105 default = "conf@1";
106 conf@1 {
107 description = "${conf_desc}";
108 ${sspm_line}
109 signature@1 {
110 algo = "${conf_csum}";
111 key-name-hint="${conf_key_name}";
112 ${sign_images_line}
113 };
114 };
115EOF
116}
117
118do_assemble_fitimage() {
119
120 rm -f ${WORKDIR}/fit-image.its
121
122 fitimage_emit_fit_header
123
124 #
125 # Step 1: Prepare a sspm image section.
126 #
127 fitimage_emit_section_maint imagestart
128
129 fitimage_emit_section_sspm ${SSPM_OUT}/${SSPM_BINARY} ${SSPM_COMPRESS}
130
131 fitimage_emit_section_maint sectend
132
133 #
134 # Step 2: Prepare a configurations section
135 #
136 fitimage_emit_section_maint confstart
137
138 fitimage_emit_section_config
139
140 fitimage_emit_section_maint sectend
141
142 fitimage_emit_section_maint fitend
143
144 #
145 # Step 3: Assemble the image
146 #
147 ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${WORKDIR}/${SSPM_IMAGE}
148
149 if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then
150 if [ "${STANDALONE_SIGN_PREPARE}" = "yes" ];then
151 exit 0
152 fi
153 mkdir -p ./mykeys
154 cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt
155 cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key
156 ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${SSPM_IMAGE}
157 fi
158}
159
160addtask assemble_fitimage before do_deploy after do_install
161