[Feature]Merge MP1_MR1 from MTK meta and prebulit
Change-Id: I7c6ce41ec9a078a1daa51fcc339e13ed412518c1
diff --git a/meta/meta-mediatek-classes-overlay/classes/package_rpm.bbclass b/meta/meta-mediatek-classes-overlay/classes/package_rpm.bbclass
old mode 100644
new mode 100755
index bf97bdd..3431e8a
--- a/meta/meta-mediatek-classes-overlay/classes/package_rpm.bbclass
+++ b/meta/meta-mediatek-classes-overlay/classes/package_rpm.bbclass
@@ -286,25 +286,27 @@
# Construct the SPEC file...
srcname = d.getVar('PN')
- srcsummary = (d.getVar('SUMMARY') or d.getVar('DESCRIPTION') or ".")
- srcversion = d.getVar('PKGV').replace('-', '+')
- srcrelease = d.getVar('PKGR')
- srcepoch = (d.getVar('PKGE') or "")
- srclicense = d.getVar('LICENSE')
- srcsection = d.getVar('SECTION')
- srcmaintainer = d.getVar('MAINTAINER')
- srchomepage = d.getVar('HOMEPAGE')
- srcdescription = d.getVar('DESCRIPTION') or "."
- srccustomtagschunk = get_package_additional_metadata("rpm", d)
+ localdata = bb.data.createCopy(d)
+ localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + srcname)
+ srcsummary = (localdata.getVar('SUMMARY') or localdata.getVar('DESCRIPTION') or ".")
+ srcversion = localdata.getVar('PKGV').replace('-', '+')
+ srcrelease = localdata.getVar('PKGR')
+ srcepoch = (localdata.getVar('PKGE') or "")
+ srclicense = localdata.getVar('LICENSE')
+ srcsection = localdata.getVar('SECTION')
+ srcmaintainer = localdata.getVar('MAINTAINER')
+ srchomepage = localdata.getVar('HOMEPAGE')
+ srcdescription = localdata.getVar('DESCRIPTION') or "."
+ srccustomtagschunk = get_package_additional_metadata("rpm", localdata)
srcdepends = d.getVar('DEPENDS')
- srcrdepends = []
- srcrrecommends = []
- srcrsuggests = []
- srcrprovides = []
- srcrreplaces = []
- srcrconflicts = []
- srcrobsoletes = []
+ srcrdepends = ""
+ srcrrecommends = ""
+ srcrsuggests = ""
+ srcrprovides = ""
+ srcrreplaces = ""
+ srcrconflicts = ""
+ srcrobsoletes = ""
srcrpreinst = []
srcrpostinst = []
@@ -363,13 +365,13 @@
# Map the dependencies into their final form
mapping_rename_hook(localdata)
- splitrdepends = localdata.getVar('RDEPENDS')
- splitrrecommends = localdata.getVar('RRECOMMENDS')
- splitrsuggests = localdata.getVar('RSUGGESTS')
- splitrprovides = localdata.getVar('RPROVIDES')
- splitrreplaces = localdata.getVar('RREPLACES')
- splitrconflicts = localdata.getVar('RCONFLICTS')
- splitrobsoletes = []
+ splitrdepends = localdata.getVar('RDEPENDS') or ""
+ splitrrecommends = localdata.getVar('RRECOMMENDS') or ""
+ splitrsuggests = localdata.getVar('RSUGGESTS') or ""
+ splitrprovides = localdata.getVar('RPROVIDES') or ""
+ splitrreplaces = localdata.getVar('RREPLACES') or ""
+ splitrconflicts = localdata.getVar('RCONFLICTS') or ""
+ splitrobsoletes = ""
splitrpreinst = localdata.getVar('pkg_preinst')
splitrpostinst = localdata.getVar('pkg_postinst')
@@ -437,9 +439,9 @@
spec_preamble_bottom.append(splitcustomtagschunk)
# Replaces == Obsoletes && Provides
- robsoletes = bb.utils.explode_dep_versions2(splitrobsoletes or "")
- rprovides = bb.utils.explode_dep_versions2(splitrprovides or "")
- rreplaces = bb.utils.explode_dep_versions2(splitrreplaces or "")
+ robsoletes = bb.utils.explode_dep_versions2(splitrobsoletes)
+ rprovides = bb.utils.explode_dep_versions2(splitrprovides)
+ rreplaces = bb.utils.explode_dep_versions2(splitrreplaces)
for dep in rreplaces:
if not dep in robsoletes:
robsoletes[dep] = rreplaces[dep]
@@ -531,9 +533,9 @@
tail_source(d)
# Replaces == Obsoletes && Provides
- robsoletes = bb.utils.explode_dep_versions2(srcrobsoletes or "")
- rprovides = bb.utils.explode_dep_versions2(srcrprovides or "")
- rreplaces = bb.utils.explode_dep_versions2(srcrreplaces or "")
+ robsoletes = bb.utils.explode_dep_versions2(srcrobsoletes)
+ rprovides = bb.utils.explode_dep_versions2(srcrprovides)
+ rreplaces = bb.utils.explode_dep_versions2(srcrreplaces)
for dep in rreplaces:
if not dep in robsoletes:
robsoletes[dep] = rreplaces[dep]
@@ -555,7 +557,7 @@
print_deps(srcrrecommends, "Recommends", spec_preamble_top, d)
print_deps(srcrsuggests, "Suggests", spec_preamble_top, d)
- print_deps(srcrprovides + (" /bin/sh" if srcname.startswith("nativesdk-") else ""), "Provides", spec_preamble_top, d)
+ print_deps(srcrprovides, "Provides", spec_preamble_top, d)
print_deps(srcrobsoletes, "Obsoletes", spec_preamble_top, d)
print_deps(srcrconflicts, "Conflicts", spec_preamble_top, d)
@@ -621,6 +623,10 @@
# Otherwise allarch packages may change depending on override configuration
write_specfile[vardepsexclude] = "OVERRIDES"
+# Have to list any variables referenced as X_<pkg> that aren't in pkgdata here
+RPMEXTRAVARS = "PACKAGE_ADD_METADATA_RPM"
+write_specfile[vardeps] += "${@gen_packagevar(d, 'RPMEXTRAVARS')}"
+
python do_package_rpm () {
workdir = d.getVar('WORKDIR')
tmpdir = d.getVar('TMPDIR')
@@ -686,7 +692,9 @@
cmd = cmd + " --define '_binary_payload w6T.xzdio'"
cmd = cmd + " --define '_source_payload w6T.xzdio'"
cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
+ cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'"
cmd = cmd + " --define '_buildhost reproducible'"
+ cmd = cmd + " --define '__font_provides %{nil}'"
if perfiledeps:
cmd = cmd + " --define '__find_requires " + outdepends + "'"
cmd = cmd + " --define '__find_provides " + outprovides + "'"
@@ -744,7 +752,6 @@
do_package_write_rpm[dirs] = "${PKGWRITEDIRRPM}"
do_package_write_rpm[cleandirs] = "${PKGWRITEDIRRPM}"
-do_package_write_rpm[umask] = "022"
do_package_write_rpm[depends] += "${@oe.utils.build_depends_string(d.getVar('PACKAGE_WRITE_DEPS'), 'do_populate_sysroot')}"
addtask package_write_rpm after do_packagedata do_package
diff --git a/meta/meta-mediatek-classes-overlay/conf/layer.conf b/meta/meta-mediatek-classes-overlay/conf/layer.conf
old mode 100644
new mode 100755
index 90a71fa..2b26f92
--- a/meta/meta-mediatek-classes-overlay/conf/layer.conf
+++ b/meta/meta-mediatek-classes-overlay/conf/layer.conf
@@ -6,6 +6,7 @@
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "mediatek-classes-overlay"
-BBFILE_PATTERN_mediatek-classes-overlay = "^${LAYERDIR}/"
+BBFILE_PATTERN_mediatek-classes-overlay := "^${LAYERDIR}/"
BBFILE_PRIORITY_mediatek-classes-overlay = "8"
LICENSE_PATH += "${LAYERDIR}/files/additional-licenses"
+LAYERSERIES_COMPAT_mediatek-classes-overlay = "hardknott"
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-common_2021.04.inc b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-common_2021.04.inc
new file mode 100755
index 0000000..05593e2
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-common_2021.04.inc
@@ -0,0 +1,17 @@
+HOMEPAGE = "http://www.denx.de/wiki/U-Boot/WebHome"
+SECTION = "bootloaders"
+# Add make-native to use GNU Make 4.2.1 under u-boot-mkimage/xxx/recipe-sysroot-native/usr/bin
+DEPENDS += "flex-native bison-native make-native"
+
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://Licenses/README;md5=5a7450c57ffe5ae63fd732446b988025"
+PE = "1"
+
+# We use the revision in order to avoid having to fetch it from the
+# repo during parse
+SRCREV = "b46dd116ce03e235f2a7d4843c6278e1da44b5e1"
+
+SRC_URI = "git://git.denx.de/u-boot.git;branch=master"
+
+
+S = "${WORKDIR}/git"
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0001-libfdt-fix-fdt_find_regions-incorrectly-adding-paren.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0001-libfdt-fix-fdt_find_regions-incorrectly-adding-paren.patch
new file mode 100755
index 0000000..1f88c24
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0001-libfdt-fix-fdt_find_regions-incorrectly-adding-paren.patch
@@ -0,0 +1,31 @@
+From 2908f865fe5814e3eeb80c222bf5ef477bebf79e Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Thu, 3 Jun 2021 17:29:33 +0800
+Subject: [PATCH 1/8] libfdt: fix fdt_find_regions incorrectly adding parent's
+ end node
+
+This patch fix fdt_find_regions incorrectly adding parent's end node to
+regions when it shouldn't. For example, when finding regions for
+/signature/key-dev, the end node of its parent, /signature, will also
+be included which is incorrect behavior.
+
+%% original patch: 0001-libfdt-fix-fdt_find_regions-incorrectly-adding-paren.patch
+---
+ common/fdt_region.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/common/fdt_region.c b/common/fdt_region.c
+index e4ef0ca770..a49ef8c28c 100644
+--- a/common/fdt_region.c
++++ b/common/fdt_region.c
+@@ -113,6 +113,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
+ if (depth < 0)
+ return -FDT_ERR_BADSTRUCTURE;
+ include = want;
++ stop_at = offset;
+ want = stack[depth--];
+ while (end > path && *--end != '/')
+ ;
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0002-rsa-add-rsa3072-crypto-algorithm.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0002-rsa-add-rsa3072-crypto-algorithm.patch
new file mode 100755
index 0000000..38ee0e7
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0002-rsa-add-rsa3072-crypto-algorithm.patch
@@ -0,0 +1,46 @@
+From d610729f6b09ac89064e5dff0d36de6905770563 Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Thu, 3 Jun 2021 19:05:59 +0800
+Subject: [PATCH 2/8] rsa: add rsa3072 crypto algorithm
+
+Add rsa3072 crypto algorithm.
+
+%% original patch: 0002-rsa-add-rsa3072-crypto-algorithm.patch
+---
+ common/image-sig.c | 7 +++++++
+ include/u-boot/rsa.h | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 4abd3c080f..310b823b36 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -77,6 +77,13 @@ struct crypto_algo crypto_algos[] = {
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
+ },
++ {
++ .name = "rsa3072",
++ .key_len = RSA3072_BYTES,
++ .sign = rsa_sign,
++ .add_verify_data = rsa_add_verify_data,
++ .verify = rsa_verify,
++ },
+ {
+ .name = "rsa4096",
+ .key_len = RSA4096_BYTES,
+diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
+index bed1c097c2..7e1ddab6e2 100644
+--- a/include/u-boot/rsa.h
++++ b/include/u-boot/rsa.h
+@@ -159,6 +159,7 @@ static inline int padding_pss_verify(struct image_sign_info *info,
+ #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
+
+ #define RSA2048_BYTES (2048 / 8)
++#define RSA3072_BYTES (3072 / 8)
+ #define RSA4096_BYTES (4096 / 8)
+
+ /* This is the minimum/maximum key size we support, in bits */
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0003-rsa-add-pss-padding-scheme-support-for-Mediatek.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0003-rsa-add-pss-padding-scheme-support-for-Mediatek.patch
new file mode 100755
index 0000000..4229ae7
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0003-rsa-add-pss-padding-scheme-support-for-Mediatek.patch
@@ -0,0 +1,110 @@
+From 61edbeee273b60646821dbf62003ed5fa9b528fa Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Thu, 3 Jun 2021 22:15:53 +0800
+Subject: [PATCH 3/8] rsa: add pss padding scheme support for Mediatek
+
+Mediatek doesn't use "padding" property, but determine the padding
+scheme from crypto name,
+ - rsa2048, rsa3072, rsa4096: pkcs-1.5
+ - rsassa-pss2048, rsassa-pss3072, rsassa-pss4096: pss
+---
+ common/image-fit-sig.c | 9 +++++++++
+ common/image-sig.c | 23 ++++++++++++++++++++++-
+ lib/rsa/rsa-sign.c | 5 +++++
+ tools/image-host.c | 9 +++++++++
+ 4 files changed, 45 insertions(+), 1 deletion(-)
+
+diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
+index 34ebb8edfe..0166430dce 100644
+--- a/common/image-fit-sig.c
++++ b/common/image-fit-sig.c
+@@ -83,6 +83,15 @@ static int fit_image_setup_verify(struct image_sign_info *info,
+ }
+
+ padding_name = fdt_getprop(fit, noffset, "padding", NULL);
++ /*
++ * Mediatek legacy software has no "padding" property, but use crypto
++ * algo name to determine padding scheme.
++ */
++ if (!padding_name) {
++ struct crypto_algo *crypto = image_get_crypto_algo(algo_name);
++ if (crypto && !strncmp(crypto->name, "rsassa-pss", strlen("rsassa-pss")))
++ padding_name = "pss";
++ }
+ if (!padding_name)
+ padding_name = RSA_DEFAULT_PADDING_NAME;
+
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 310b823b36..962cf73bcf 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -90,8 +90,29 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
+- }
++ },
+
++ {
++ .name = "rsassa-pss2048",
++ .key_len = RSA2048_BYTES,
++ .sign = rsa_sign,
++ .add_verify_data = rsa_add_verify_data,
++ .verify = rsa_verify,
++ },
++ {
++ .name = "rsassa-pss3072",
++ .key_len = RSA3072_BYTES,
++ .sign = rsa_sign,
++ .add_verify_data = rsa_add_verify_data,
++ .verify = rsa_verify,
++ },
++ {
++ .name = "rsassa-pss4096",
++ .key_len = RSA4096_BYTES,
++ .sign = rsa_sign,
++ .add_verify_data = rsa_add_verify_data,
++ .verify = rsa_verify,
++ }
+ };
+
+ struct padding_algo padding_algos[] = {
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 1f0d81bd7a..57806f00a4 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -474,6 +474,11 @@ static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
+ ret = rsa_err("Signer padding setup failed");
+ goto err_sign;
+ }
++
++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ckey, -1) <= 0) {
++ ret = rsa_err("EVP key setup saltlen failed");
++ goto err_sign;
++ }
+ }
+ #endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+
+diff --git a/tools/image-host.c b/tools/image-host.c
+index 33a224129a..22d19a4a2b 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -168,6 +168,15 @@ static int fit_image_setup_sig(struct image_sign_info *info,
+ }
+
+ padding_name = fdt_getprop(fit, noffset, "padding", NULL);
++ /*
++ * Mediatek legacy software has no "padding" property, but use crypto
++ * algo name to determine padding scheme.
++ */
++ if (!padding_name) {
++ struct crypto_algo *crypto = image_get_crypto_algo(algo_name);
++ if (crypto && !strncmp(crypto->name, "rsassa-pss", strlen("rsassa-pss")))
++ padding_name = "pss";
++ }
+
+ memset(info, '\0', sizeof(*info));
+ info->keydir = keydir;
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0004-rsa-extend-bits-of-n0-inverse.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0004-rsa-extend-bits-of-n0-inverse.patch
new file mode 100755
index 0000000..7621fa1
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0004-rsa-extend-bits-of-n0-inverse.patch
@@ -0,0 +1,117 @@
+From 92c2fc4a6e4c60d2d4af9e973674470052aa7c2b Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Thu, 3 Jun 2021 22:33:29 +0800
+Subject: [PATCH 4/8] rsa: extend bits of n0-inverse
+
+Extend "rsa,n0-inverse" property to 64 bits.
+---
+ lib/rsa/rsa-sign.c | 38 ++++++++++++++++++++------------------
+ 1 file changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 57806f00a4..397fbacd99 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -615,11 +615,11 @@ cleanup:
+ /*
+ * rsa_get_params(): - Get the important parameters of an RSA public key
+ */
+-int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
++int rsa_get_params(RSA *key, uint64_t *exponent, BIGNUM **n0_invp,
+ BIGNUM **modulusp, BIGNUM **r_squaredp)
+ {
+- BIGNUM *big1, *big2, *big32, *big2_32;
+- BIGNUM *n, *r, *r_squared, *tmp;
++ BIGNUM *big1, *big2, *big64, *big2_64;
++ BIGNUM *n0, *n, *r, *r_squared, *tmp;
+ const BIGNUM *key_n;
+ BN_CTX *bn_ctx = BN_CTX_new();
+ int ret = 0;
+@@ -627,14 +627,15 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
+ /* Initialize BIGNUMs */
+ big1 = BN_new();
+ big2 = BN_new();
+- big32 = BN_new();
++ big64 = BN_new();
+ r = BN_new();
+ r_squared = BN_new();
+ tmp = BN_new();
+- big2_32 = BN_new();
++ big2_64 = BN_new();
++ n0 = BN_new();
+ n = BN_new();
+- if (!big1 || !big2 || !big32 || !r || !r_squared || !tmp || !big2_32 ||
+- !n) {
++ if (!big1 || !big2 || !big64 || !r || !r_squared || !tmp || !big2_64 ||
++ !n0 || !n) {
+ fprintf(stderr, "Out of memory (bignum)\n");
+ return -ENOMEM;
+ }
+@@ -644,18 +645,18 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
+
+ RSA_get0_key(key, &key_n, NULL, NULL);
+ if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
+- !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
++ !BN_set_word(big2, 2L) || !BN_set_word(big64, 64L))
+ ret = -1;
+
+- /* big2_32 = 2^32 */
+- if (!BN_exp(big2_32, big2, big32, bn_ctx))
++ /* big2_64 = 2^64 */
++ if (!BN_exp(big2_64, big2, big64, bn_ctx))
+ ret = -1;
+
+- /* Calculate n0_inv = -1 / n[0] mod 2^32 */
+- if (!BN_mod_inverse(tmp, n, big2_32, bn_ctx) ||
+- !BN_sub(tmp, big2_32, tmp))
++ /* Calculate n0_inv = -1 / n[0] mod 2^64 */
++ if (!BN_mod_inverse(n0, n, big2_64, bn_ctx) ||
++ !BN_sub(n0, big2_64, n0))
+ ret = -1;
+- *n0_invp = BN_get_word(tmp);
++ *n0_invp = n0;
+
+ /* Calculate R = 2^(# of key bits) */
+ if (!BN_set_word(tmp, BN_num_bits(n)) ||
+@@ -673,10 +674,10 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
+
+ BN_free(big1);
+ BN_free(big2);
+- BN_free(big32);
++ BN_free(big64);
+ BN_free(r);
+ BN_free(tmp);
+- BN_free(big2_32);
++ BN_free(big2_64);
+ if (ret) {
+ fprintf(stderr, "Bignum operations failed\n");
+ return -ENOMEM;
+@@ -753,7 +754,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ {
+ BIGNUM *modulus, *r_squared;
+ uint64_t exponent;
+- uint32_t n0_inv;
++ BIGNUM *n0_inv;
+ int parent, node;
+ char name[100];
+ int ret;
+@@ -813,7 +814,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ if (!ret)
+ ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
+ if (!ret)
+- ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
++ ret = fdt_add_bignum(keydest, node, "rsa,n0-inverse", n0_inv, 64);
+ if (!ret) {
+ ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent);
+ }
+@@ -836,6 +837,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ done:
+ BN_free(modulus);
+ BN_free(r_squared);
++ BN_free(n0_inv);
+ if (ret)
+ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+ err_get_params:
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0005-add-u-boot-support-hsm_sign_tool.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0005-add-u-boot-support-hsm_sign_tool.patch
new file mode 100755
index 0000000..8050e54
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0005-add-u-boot-support-hsm_sign_tool.patch
@@ -0,0 +1,112 @@
+From 95537aa038c7de34e0ca395b110fbc5d8b6a5c1c Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Fri, 4 Jun 2021 00:37:51 +0800
+Subject: [PATCH 5/8] add u-boot support hsm_sign_tool
+
+Test: OK
+
+Signed-off-by: Yang Xu <Yang.Xu@mediatek.com>
+CR-Id: AUTO00000778
+---
+ lib/rsa/rsa-sign.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 78 insertions(+)
+
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index 397fbacd99..cfe898ce3f 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -520,6 +520,79 @@ err_set:
+ return ret;
+ }
+
++int rsa_sign_with_hsm(struct image_sign_info *info,
++ const struct image_region region[], int region_count,
++ uint8_t **sigp, uint *sig_len)
++{
++ /* prepare temp file*/
++ char tmpfile[] = "/tmp/hsm_content_XXXXXX";
++ char cmd[1024];
++ char sig[512];
++ int fd;
++ int i, ret, siglen;
++ char* hsm_sign_tool;
++ char* key_name;
++ const char *padding;
++
++ if (!info || !info->padding || !info->padding->name) {
++ fprintf(stderr, "Failure to get rsa padding scheme.\n");
++ return -1;
++ }
++
++ if (strcmp(info->padding->name, "pss") == 0)
++ padding = "pss";
++ else
++ padding = "pkcs1";
++
++ memset(cmd, 0, 1024);
++ memset(sig, 0, 512);
++ if ((fd = mkstemp(tmpfile)) < 0)
++ {
++ fprintf(stderr, "Failure to create tmp file\n");
++ return -1;
++ }
++
++ for (i = 0; i < region_count; i++) {
++ ret = write(fd,region[i].data, region[i].size);
++ if (ret != region[i].size)
++ {
++ fprintf(stderr, "Failure to write to tmp file\n");
++ return -1;
++ }
++ }
++
++ close(fd);
++
++ hsm_sign_tool = getenv("HSM_SIGN_TOOL");
++ key_name = getenv("HSM_KEY_NAME");
++ sprintf(cmd, "%s %s %s %s %s",
++ hsm_sign_tool, key_name, info->checksum->name, padding, tmpfile);
++ ret = system(cmd);
++
++ if (ret != 0)
++ {
++ fprintf(stderr, "hsm sign failed\n");
++ return -1;
++ }
++
++ fd = open(tmpfile, O_RDONLY);
++ if (fd < 0)
++ {
++ fprintf(stderr, "open temp file %s fail\n",cmd);
++ return -1;
++ }
++
++ siglen = read(fd, sig, 512);
++ close(fd);
++
++ *sigp = (uint8_t*)malloc(siglen);
++ memcpy(*sigp, sig, siglen);
++
++ *sig_len = siglen;
++
++ return 0;
++}
++
+ int rsa_sign(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t **sigp, uint *sig_len)
+@@ -527,6 +600,11 @@ int rsa_sign(struct image_sign_info *info,
+ RSA *rsa;
+ ENGINE *e = NULL;
+ int ret;
++ char *hsm_support;
++
++ hsm_support = getenv("HSM_SUPPORT");
++ if (hsm_support && !strcmp(hsm_support, "yes"))
++ return rsa_sign_with_hsm(info, region, region_count, sigp, sig_len);
+
+ ret = rsa_init();
+ if (ret)
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0006-Add-secure-boot-ECC-support.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0006-Add-secure-boot-ECC-support.patch
new file mode 100755
index 0000000..94ab057
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0006-Add-secure-boot-ECC-support.patch
@@ -0,0 +1,698 @@
+From 1904dc67f08fbbac3f89d0913ee5b4ef3727ac2f Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Fri, 4 Jun 2021 03:03:24 +0800
+Subject: [PATCH 6/8] Add secure boot ECC support
+
+---
+ common/Kconfig.boot | 1 +
+ common/image-sig.c | 22 +++
+ include/image.h | 1 +
+ include/u-boot/ecc.h | 66 +++++++
+ lib/Kconfig | 1 +
+ lib/Makefile | 3 +
+ lib/ecc/Kconfig | 8 +
+ lib/ecc/Makefile | 2 +
+ lib/ecc/ecc-sig.c | 414 +++++++++++++++++++++++++++++++++++++++++++
+ lib/ecc/ecc-verify.c | 26 +++
+ tools/Makefile | 7 +-
+ 11 files changed, 550 insertions(+), 1 deletion(-)
+ create mode 100644 include/u-boot/ecc.h
+ create mode 100644 lib/ecc/Kconfig
+ create mode 100644 lib/ecc/Makefile
+ create mode 100644 lib/ecc/ecc-sig.c
+ create mode 100644 lib/ecc/ecc-verify.c
+
+diff --git a/common/Kconfig.boot b/common/Kconfig.boot
+index 9c335f4f8c..47e41e9aa9 100644
+--- a/common/Kconfig.boot
++++ b/common/Kconfig.boot
+@@ -80,6 +80,7 @@ config FIT_SIGNATURE
+ select RSA_VERIFY
+ select IMAGE_SIGN_INFO
+ select FIT_FULL_CHECK
++ select ECC
+ help
+ This option enables signature verification of FIT uImages,
+ using a hash signed and verified using RSA. If
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 962cf73bcf..1480b852c7 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -18,6 +18,7 @@ DECLARE_GLOBAL_DATA_PTR;
+ #include <image.h>
+ #include <u-boot/rsa.h>
+ #include <u-boot/rsa-checksum.h>
++#include <u-boot/ecc.h>
+
+ #define IMAGE_MAX_HASHED_NODES 100
+
+@@ -112,6 +113,27 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ },
++ {
++ .name = "nistp256",
++ .key_len = ECC256_BYTES,
++ .sign = ecc_sign,
++ .add_verify_data = ecc_add_verify_data,
++ .verify = ecc_verify,
++ },
++ {
++ .name = "nistp384",
++ .key_len = ECC384_BYTES,
++ .sign = ecc_sign,
++ .add_verify_data = ecc_add_verify_data,
++ .verify = ecc_verify,
++ },
++ {
++ .name = "nistp521",
++ .key_len = ECC521_BYTES,
++ .sign = ecc_sign,
++ .add_verify_data = ecc_add_verify_data,
++ .verify = ecc_verify,
+ }
+ };
+
+diff --git a/include/image.h b/include/image.h
+index b4b284d52b..392f4d4789 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -38,6 +38,7 @@ struct fdt_region;
+ #define CONFIG_SHA256
+ #define CONFIG_SHA384
+ #define CONFIG_SHA512
++#define CONFIG_ECC
+
+ #define IMAGE_ENABLE_IGNORE 0
+ #define IMAGE_INDENT_STRING ""
+diff --git a/include/u-boot/ecc.h b/include/u-boot/ecc.h
+new file mode 100644
+index 0000000000..2fe75cb759
+--- /dev/null
++++ b/include/u-boot/ecc.h
+@@ -0,0 +1,66 @@
++
++#ifndef _ECC_H
++#define _ECC_H
++
++#include <errno.h>
++#include <image.h>
++
++#define ECC256_BYTES (32)
++#define ECC384_BYTES (48)
++#define ECC521_BYTES (66)
++
++/**
++ * sign() - calculate and return signature for given input data
++ *
++ * @info: Specifies key and FIT information
++ * @data: Pointer to the input data
++ * @data_len: Data length
++ * @sigp: Set to an allocated buffer holding the signature
++ * @sig_len: Set to length of the calculated hash
++ *
++ * This computes input data signature according to selected algorithm.
++ * Resulting signature value is placed in an allocated buffer, the
++ * pointer is returned as *sigp. The length of the calculated
++ * signature is returned via the sig_len pointer argument. The caller
++ * should free *sigp.
++ *
++ * @return: 0, on success, -ve on error
++ */
++int ecc_sign(struct image_sign_info *info,
++ const struct image_region region[],
++ int region_count, uint8_t **sigp, uint *sig_len);
++
++/**
++ * add_verify_data() - Add verification information to FDT
++ *
++ * Add public key information to the FDT node, suitable for
++ * verification at run-time. The information added depends on the
++ * algorithm being used.
++ *
++ * @info: Specifies key and FIT information
++ * @keydest: Destination FDT blob for public key data
++ * @return: 0, on success,
++ * -ENOSPC if the keydest FDT blob ran out of space,
++ * other -ve value on error
++ */
++int ecc_add_verify_data(struct image_sign_info *info, void *keydest);
++
++/**
++ * rsa_verify() - Verify a signature against some data
++ *
++ * Verify a RSA PKCS1.5 signature against an expected hash.
++ *
++ * @info: Specifies key and FIT information
++ * @data: Pointer to the input data
++ * @data_len: Data length
++ * @sig: Signature
++ * @sig_len: Number of bytes in signature
++ * @return 0 if verified, -ve on error
++ */
++int ecc_verify(struct image_sign_info *info,
++ const struct image_region region[], int region_count,
++ uint8_t *sig, uint sig_len);
++
++#endif
++
++/* vim: set ts=4 sw=4 et : */
+diff --git a/lib/Kconfig b/lib/Kconfig
+index 7288340614..371dcc5494 100644
+--- a/lib/Kconfig
++++ b/lib/Kconfig
+@@ -297,6 +297,7 @@ config AES
+
+ source lib/rsa/Kconfig
+ source lib/crypto/Kconfig
++source lib/ecc/Kconfig
+
+ config TPM
+ bool "Trusted Platform Module (TPM) Support"
+diff --git a/lib/Makefile b/lib/Makefile
+index edc1c3dd4f..ece0d8fe1b 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -61,9 +61,12 @@ obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
+ obj-$(CONFIG_$(SPL_)MD5) += md5.o
+ obj-$(CONFIG_$(SPL_)RSA) += rsa/
+ obj-$(CONFIG_SHA1) += sha1.o
++obj-$(CONFIG_SHA1) += sha4.o
+ obj-$(CONFIG_SHA256) += sha256.o
+ obj-$(CONFIG_SHA512_ALGO) += sha512.o
+
++obj-$(CONFIG_ECC) += ecc/
++
+ obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
+ obj-$(CONFIG_$(SPL_)ZSTD) += zstd/
+ obj-$(CONFIG_$(SPL_)GZIP) += gunzip.o
+diff --git a/lib/ecc/Kconfig b/lib/ecc/Kconfig
+new file mode 100644
+index 0000000000..bd6f99aa19
+--- /dev/null
++++ b/lib/ecc/Kconfig
+@@ -0,0 +1,8 @@
++config ECC
++ bool "Use ECC Library"
++ help
++ ECC support. This enables the ECC algorithm used for FIT image
++ verification in U-Boot.
++ The signing part is build into mkimage regardless of this
++ option. The software based modular exponentiation is built into
++ mkimage irrespective of this option.
+diff --git a/lib/ecc/Makefile b/lib/ecc/Makefile
+new file mode 100644
+index 0000000000..36b57fb7a6
+--- /dev/null
++++ b/lib/ecc/Makefile
+@@ -0,0 +1,2 @@
++obj-$(CONFIG_ECC) += ecc-sig.o
++obj-$(CONFIG_ECC) += ecc-verify.o
+diff --git a/lib/ecc/ecc-sig.c b/lib/ecc/ecc-sig.c
+new file mode 100644
+index 0000000000..bcd6e4a769
+--- /dev/null
++++ b/lib/ecc/ecc-sig.c
+@@ -0,0 +1,414 @@
++#include "mkimage.h"
++#include <stdio.h>
++#include <string.h>
++#include <image.h>
++#include <time.h>
++#include <openssl/bn.h>
++#include <openssl/ec.h>
++#include <openssl/pem.h>
++#include <openssl/err.h>
++#include <openssl/ssl.h>
++#include <openssl/evp.h>
++#include <openssl/engine.h>
++
++static int fdt_add_bignum(void *blob, int noffset, const char *prop_name,
++ BIGNUM *num, int num_bits)
++{
++ int nwords = num_bits / 32;
++ int size;
++ uint32_t *buf, *ptr;
++ BIGNUM *tmp, *big2, *big32, *big2_32;
++ BN_CTX *ctx;
++ int ret;
++
++ tmp = BN_new();
++ big2 = BN_new();
++ big32 = BN_new();
++ big2_32 = BN_new();
++
++ /*
++ * Note: This code assumes that all of the above succeed, or all fail.
++ * In practice memory allocations generally do not fail (unless the
++ * process is killed), so it does not seem worth handling each of these
++ * as a separate case. Technicaly this could leak memory on failure,
++ * but a) it won't happen in practice, and b) it doesn't matter as we
++ * will immediately exit with a failure code.
++ */
++ if (!tmp || !big2 || !big32 || !big2_32) {
++ fprintf(stderr, "Out of memory (bignum)\n");
++ return -ENOMEM;
++ }
++ ctx = BN_CTX_new();
++ if (!tmp) {
++ fprintf(stderr, "Out of memory (bignum context)\n");
++ return -ENOMEM;
++ }
++ BN_set_word(big2, 2L);
++ BN_set_word(big32, 32L);
++ BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
++
++ size = nwords * sizeof(uint32_t);
++ buf = malloc(size);
++ if (!buf) {
++ fprintf(stderr, "Out of memory (%d bytes)\n", size);
++ return -ENOMEM;
++ }
++
++ /* Write out modulus as big endian array of integers */
++ for (ptr = buf + nwords - 1; ptr >= buf; ptr--) {
++ BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
++ *ptr = cpu_to_fdt32(BN_get_word(tmp));
++ BN_rshift(num, num, 32); /* N = N/B */
++ }
++
++ /*
++ * We try signing with successively increasing size values, so this
++ * might fail several times
++ */
++ ret = fdt_setprop(blob, noffset, prop_name, buf, size);
++
++ free(buf);
++ BN_free(tmp);
++ BN_free(big2);
++ BN_free(big32);
++ BN_free(big2_32);
++
++ return ret ? -FDT_ERR_NOSPACE : 0;
++}
++
++static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
++{
++ EC_KEY *dtmp;
++ if (!key)
++ return NULL;
++ dtmp = EVP_PKEY_get1_EC_KEY(key);
++ EVP_PKEY_free(key);
++ if (!dtmp)
++ return NULL;
++ if (eckey) {
++ EC_KEY_free(*eckey);
++ *eckey = dtmp;
++ }
++ return dtmp;
++}
++
++/**
++ * ec_pem_get_priv_key() - read a private key from a .key file
++ *
++ * @keydir: Directory containing the key
++ * @name Name of key file (will have a .key extension)
++ * @rsap Returns EC object, or NULL on failure
++ * @return 0 if ok, -ve on error (in which case *ecp will be set to NULL)
++ */
++static int ec_pem_get_priv_key(const char *keydir, const char *name,
++ EC_KEY **ecp)
++{
++ char path[1024];
++ EC_KEY *ec;
++ FILE *f;
++ EVP_PKEY *pktmp;
++
++ *ecp = NULL;
++ snprintf(path, sizeof(path), "%s/%s_priv.key", keydir, name);
++ f = fopen(path, "r");
++ if (!f) {
++ fprintf(stderr, "Couldn't open EC private key: '%s': %s\n",
++ path, strerror(errno));
++ return -ENOENT;
++ }
++
++ pktmp = PEM_read_PrivateKey(f, 0, NULL, path);
++ ec = pkey_get_eckey(pktmp, ecp);
++ if (!ec) {
++ fprintf(stderr, "Failure reading EC private key\n");
++ fclose(f);
++ return -EPROTO;
++ }
++ fclose(f);
++ *ecp = ec;
++
++ return 0;
++}
++
++/**
++ * ec_pem_get_pub_key() - read a public key from a .key file
++ *
++ * @keydir: Directory containing the key
++ * @name Name of key file (will have a .key extension)
++ * @pub_key Returns BIGNUM object, or NULL on failure
++ * @return 0 if ok, -ve on error (in which case *pub_key will be set to NULL)
++ */
++static int ec_pem_get_pub_key(const char *keydir, const char *name, BIGNUM **pub_key)
++{
++ char path[1024];
++ EC_KEY *ec;
++ FILE *f;
++ unsigned char *pub_k_cp = NULL;
++ int ret;
++
++ snprintf(path, sizeof(path), "%s/%s_public.key", keydir, name);
++ f = fopen(path, "r");
++ if (!f) {
++ fprintf(stderr, "Couldn't open EC public key: '%s': %s\n",
++ path, strerror(errno));
++ return -ENOENT;
++ }
++
++ ec = PEM_read_EC_PUBKEY(f, 0, NULL, path);
++
++ if (!ec) {
++ fprintf(stderr, "Failure reading EC public key\n");
++ fclose(f);
++ return -EPROTO;
++ }
++ fclose(f);
++
++ /* Transform from EC_POINT to char */
++ ret = i2o_ECPublicKey(ec, &pub_k_cp);
++ if (ret == 0) {
++ return -1;
++ } else {
++ /* Transform from char to BIGNUM */
++ *pub_key = BN_bin2bn(pub_k_cp, ret , NULL);
++ }
++
++ return 0;
++}
++
++int ecc_add_verify_data(struct image_sign_info *info, void *keydest)
++{
++ BIGNUM *pub_key;
++ int parent, node;
++ char name[100];
++ int ret=0;
++ int bits;
++
++ // get public key
++ ret = ec_pem_get_pub_key(info->keydir, info->keyname, &pub_key);
++
++ if (ret)
++ goto err_get_pub_key;
++
++ parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
++ if (parent == -FDT_ERR_NOTFOUND) {
++ parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
++ if (parent < 0) {
++ ret = parent;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Couldn't create signature node: %s\n",
++ fdt_strerror(parent));
++ }
++ }
++ }
++ if (ret)
++ goto done;
++
++ /* Either create or overwrite the named key node */
++ snprintf(name, sizeof(name), "key-%s", info->keyname);
++ node = fdt_subnode_offset(keydest, parent, name);
++ if (node == -FDT_ERR_NOTFOUND) {
++ node = fdt_add_subnode(keydest, parent, name);
++ if (node < 0) {
++ ret = node;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Could not create key subnode: %s\n",
++ fdt_strerror(node));
++ }
++ }
++ } else if (node < 0) {
++ fprintf(stderr, "Cannot select keys parent: %s\n",
++ fdt_strerror(node));
++ ret = node;
++ }
++
++ if (!ret) {
++ ret = fdt_setprop_string(keydest, node, "key-name-hint", info->keyname);
++ }
++
++ if (!ret) {
++ bits = info->crypto->key_len * 16;
++ ret = fdt_add_bignum(keydest, node, "ecc,public-key", pub_key, bits);
++ }
++ if (!ret) {
++ ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP, info->name);
++ }
++ if (!ret && info->require_keys) {
++ ret = fdt_setprop_string(keydest, node, "required", info->require_keys);
++ }
++done:
++ BN_free(pub_key);
++ if (ret) {
++ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
++ }
++
++err_get_pub_key:
++
++
++ return ret;
++}
++
++static int ec_sign_with_key(EC_KEY *ec, struct checksum_algo *checksum_algo,
++ const struct image_region region[], int region_count,
++ uint8_t **sigp, uint *sig_size)
++{
++ EVP_PKEY *key;
++ EVP_PKEY_CTX *keyctx;
++ EVP_MD_CTX *context;
++ int size, ret = 0;
++ uint8_t *sig;
++ int i;
++
++ key = EVP_PKEY_new();
++ if (!key) {
++ fprintf(stderr, "EVP_PKEY object creation failed \n");
++ return -1;
++ }
++
++ if (!EVP_PKEY_set1_EC_KEY(key, ec)) {
++ fprintf(stderr, "EVP key setup failed \n");
++ ret = -1;
++ goto err_set;
++ }
++
++ keyctx = EVP_PKEY_CTX_new(key, NULL);
++ if (!keyctx) {
++ fprintf(stderr, "EVP_PKEY_CTX object creation failed \n");
++ ret = -1;
++ goto err_set;
++ }
++
++ size = EVP_PKEY_size(key);
++ sig = malloc(size);
++ if (!sig) {
++ fprintf(stderr, "Out of memory for signature (%d bytes)\n", size);
++ ret = -ENOMEM;
++ goto err_alloc;
++ }
++
++ context = EVP_MD_CTX_create();
++ if (!context) {
++ fprintf(stderr, "EVP context creation failed \n");
++ ret = -1;
++ goto err_create;
++ }
++ EVP_MD_CTX_init(context);
++ if (!EVP_DigestSignInit(context, &keyctx, checksum_algo->calculate_sign(), NULL, key)) {
++ fprintf(stderr, "Signer setup failed \n");
++ ret = -1;
++ goto err_sign;
++ }
++
++ for (i = 0; i < region_count; i++) {
++
++ if (!EVP_DigestSignUpdate(context, region[i].data, region[i].size)) {
++ fprintf(stderr, "Signing data failed \n");
++ ret = -1;
++ goto err_sign;
++ }
++ }
++
++ if (!EVP_DigestSignFinal(context, sig, (size_t *)sig_size)) {
++ fprintf(stderr, "Could not obtain signature \n");
++ ret = -1;
++ goto err_sign;
++ }
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_MD_CTX_cleanup(context);
++#else
++ EVP_MD_CTX_reset(context);
++#endif
++ EVP_MD_CTX_destroy(context);
++ EVP_PKEY_free(key);
++
++ fprintf(stderr, "Got signature: %d bytes, expected %d\n", *sig_size, size);
++ *sigp = sig;
++ *sig_size = size;
++
++ return 0;
++
++err_sign:
++ EVP_MD_CTX_destroy(context);
++err_create:
++ free(sig);
++err_alloc:
++err_set:
++ EVP_PKEY_free(key);
++ return ret;
++}
++
++int ecc_sign(struct image_sign_info *info,
++ const struct image_region region[], int region_count,
++ uint8_t **sigp, uint *sig_len)
++{
++ EC_KEY *ec;
++ int ret = 0;
++
++ /* To read private key from pem */
++ ret = ec_pem_get_priv_key(info->keydir, info->keyname, &ec);
++
++ if (ret) {
++ fprintf(stderr, "Failure reading EC private key\n");
++ goto err_priv;
++ }
++
++ /* To signature */
++ ret = ec_sign_with_key(ec, info->checksum, region,
++ region_count, sigp, sig_len);
++ if (ret) {
++ goto err_sign;
++ }
++
++
++err_sign:
++
++err_priv:
++
++ return ret;
++}
++
++/**
++ * ec_pem_get_pub_key_by_path() - read a public key from a .key file
++ *
++ * @path Path of key file (will have a .key extension)
++ * @pub_key Returns BIGNUM object, or NULL on failure
++ * @return 0 if ok, -ve on error (in which case *pub_key will be set to NULL)
++ */
++static int ec_pem_get_pub_key_by_path(const char *keydir, const char *name, BIGNUM **pub_key)
++{
++ char path[1024];
++ EC_KEY *ec;
++ FILE *f;
++ unsigned char *pub_k_cp = NULL;
++ int ret;
++
++ snprintf(path, sizeof(path), "%s/tier_public.key", keydir);
++ f = fopen(path, "r");
++ if (!f) {
++ fprintf(stderr, "Couldn't open EC public key: '%s': %s\n",
++ path, strerror(errno));
++ return -ENOENT;
++ }
++
++ ec = PEM_read_EC_PUBKEY(f, 0, NULL, path);
++
++ if (!ec) {
++ fprintf(stderr, "Failure reading EC public key\n");
++ fclose(f);
++ return -EPROTO;
++ }
++ fclose(f);
++
++ /* Transform from EC_POINT to char */
++ ret = i2o_ECPublicKey(ec, &pub_k_cp);
++ if (ret == 0) {
++ return -1;
++ } else {
++ /* Transform from char to BIGNUM */
++ *pub_key = BN_bin2bn(pub_k_cp, ret , NULL);
++ }
++
++ return 0;
++}
++
++/* vim: set ts=4 sw=4 et : */
+diff --git a/lib/ecc/ecc-verify.c b/lib/ecc/ecc-verify.c
+new file mode 100644
+index 0000000000..d893317236
+--- /dev/null
++++ b/lib/ecc/ecc-verify.c
+@@ -0,0 +1,26 @@
++
++#ifndef USE_HOSTCC
++#include <common.h>
++#include <fdtdec.h>
++#include <asm/types.h>
++#include <asm/byteorder.h>
++#include <linux/errno.h>
++#include <asm/types.h>
++#include <asm/unaligned.h>
++#include <dm.h>
++#else
++#include "fdt_host.h"
++//#include "mkimage.h"
++#include <fdt_support.h>
++#endif
++
++#include <u-boot/ecc.h>
++
++
++int ecc_verify(struct image_sign_info *info,
++ const struct image_region region[], int region_count,
++ uint8_t *sig, uint sig_len)
++{
++
++ return 0;
++}
+diff --git a/tools/Makefile b/tools/Makefile
+index 62de7e6fe0..e1db151e37 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -70,6 +70,9 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \
+ rsa-sign.o rsa-verify.o rsa-checksum.o \
+ rsa-mod-exp.o)
+
++ECC_OBJS-$(CONFIG_ECC) := $(addprefix lib/ecc/, \
++ ecc-sig.o ecc-verify.o)
++
+ AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \
+ aes-encrypt.o aes-decrypt.o)
+
+@@ -119,7 +122,8 @@ dumpimage-mkimage-objs := aisimage.o \
+ gpimage-common.o \
+ mtk_image.o \
+ $(RSA_OBJS-y) \
+- $(AES_OBJS-y)
++ $(AES_OBJS-y) \
++ $(ECC_OBJS-y) \
+
+ dumpimage-objs := $(dumpimage-mkimage-objs) dumpimage.o
+ mkimage-objs := $(dumpimage-mkimage-objs) mkimage.o
+@@ -167,6 +171,7 @@ ifeq ($(HOSTOS),darwin)
+ HOSTCFLAGS_mxsimage.o += -Wno-deprecated-declarations
+ HOSTCFLAGS_image-sig.o += -Wno-deprecated-declarations
+ HOSTCFLAGS_rsa-sign.o += -Wno-deprecated-declarations
++HOSTCFLAGS_ecc-sig.o += -Wno-deprecated-declarations
+ endif
+ endif
+
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0007-Support-trusted-key-certificate.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0007-Support-trusted-key-certificate.patch
new file mode 100755
index 0000000..89e3c4c
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0007-Support-trusted-key-certificate.patch
@@ -0,0 +1,3116 @@
+From 09133e7ce9886df14b486850cafb935b701dbf68 Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Tue, 8 Jun 2021 23:49:47 +0800
+Subject: [PATCH 7/8] Support trusted key certificate
+
+---
+ common/image-sig.c | 9 +
+ include/image.h | 45 +-
+ include/u-boot/ecc.h | 13 +
+ include/u-boot/rsa.h | 23 +-
+ lib/ecc/ecc-sig.c | 146 ++--
+ lib/rsa/rsa-sign.c | 122 +++-
+ tools/fit_image.c | 1572 +++++++++++++++++++++---------------------
+ tools/image-host.c | 232 ++++++-
+ tools/imagetool.h | 340 ++++-----
+ tools/mkimage.c | 16 +-
+ 10 files changed, 1513 insertions(+), 1005 deletions(-)
+
+diff --git a/common/image-sig.c b/common/image-sig.c
+index 1480b852c7..3769ce5af4 100644
+--- a/common/image-sig.c
++++ b/common/image-sig.c
+@@ -77,6 +77,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "rsa3072",
+@@ -84,6 +85,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "rsa4096",
+@@ -91,6 +93,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+
+ {
+@@ -99,6 +102,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "rsassa-pss3072",
+@@ -106,6 +110,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "rsassa-pss4096",
+@@ -113,6 +118,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "nistp256",
+@@ -120,6 +126,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = ecc_sign,
+ .add_verify_data = ecc_add_verify_data,
+ .verify = ecc_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "nistp384",
+@@ -127,6 +134,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = ecc_sign,
+ .add_verify_data = ecc_add_verify_data,
+ .verify = ecc_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ },
+ {
+ .name = "nistp521",
+@@ -134,6 +142,7 @@ struct crypto_algo crypto_algos[] = {
+ .sign = ecc_sign,
+ .add_verify_data = ecc_add_verify_data,
+ .verify = ecc_verify,
++ .add_tkc_data = rsa_add_tkc_data,
+ }
+ };
+
+diff --git a/include/image.h b/include/image.h
+index 392f4d4789..52e67e1aa9 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -993,6 +993,7 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size,
+
+ #define FIT_IMAGES_PATH "/images"
+ #define FIT_CONFS_PATH "/configurations"
++#define FIT_TKC_PATH "/trusted-key-certificate"
+
+ /* hash/signature/key node */
+ #define FIT_HASH_NODENAME "hash"
+@@ -1032,6 +1033,12 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size,
+ #define FIT_FIRMWARE_PROP "firmware"
+ #define FIT_STANDALONE_PROP "standalone"
+
++/* trusted-key-certificate node */
++#define FIT_TKC_SIGN_PROP "sign-value"
++#define FIT_TKC_NODENAME "trusted-key-certificate"
++#define FIT_TKC_SIGN_NODENAME "sign-node"
++#define FIT_TKC_KEY_NODENAME "trusted-key"
++
+ #define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
+
+ #if IMAGE_ENABLE_FIT
+@@ -1115,12 +1122,13 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
+ * fit_add_verification_data() - add verification data to FIT image nodes
+ *
+ * @keydir: Directory containing keys
+- * @kwydest: FDT blob to write public key information to
++ * @keydest: FDT blob to write public key information to
+ * @fit: Pointer to the FIT format image header
+ * @comment: Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
+ * @cmdname: Command name used when reporting errors
++ * @params: Image tool params
+ *
+ * Adds hash values for all component images in the FIT blob.
+ * Hashes are calculated for all component images which have hash subnodes
+@@ -1134,7 +1142,26 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
+ */
+ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ const char *comment, int require_keys,
+- const char *engine_id, const char *cmdname);
++ const char *engine_id, const char *cmdname, const void *params);
++
++/**
++ * fit_add_tkc_data() - add trusted-key-certificate data to FIT image nodes
++ *
++ * @keydir: Directory containing keys
++ * @keydest: FDT blob to write public key information to
++ * @fit: Pointer to the FIT format image header
++ *
++ * Adds hash values for all component images in the FIT blob.
++ * Hashes are calculated for all component images which have hash subnodes
++ * with algorithm property set to one of the supported hash algorithms.
++ *
++ * Also add signatures if signature nodes are present.
++ *
++ * returns
++ * 0, on success
++ * libfdt error code, on failure
++ */
++int fit_add_tkc_data(const char *keydir, void *keydest, void *fit);
+
+ int fit_image_verify_with_data(const void *fit, int image_noffset,
+ const void *data, size_t size);
+@@ -1263,6 +1290,7 @@ struct image_sign_info {
+ int required_keynode; /* Node offset of key to use: -1=any */
+ const char *require_keys; /* Value for 'required' property */
+ const char *engine_id; /* Engine to use for signing */
++ int tkc_tier_flag;
+ /*
+ * Note: the following two fields are always valid even w/o
+ * RSA_VERIFY_WITH_PKEY in order to make sure this structure is
+@@ -1345,6 +1373,19 @@ struct crypto_algo {
+ int (*verify)(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len);
++
++ /**
++ * add_tkc_data() - Add trusted-key-certificate data to FDT
++ *
++ * Add Tier-1 public key information to the FDT node, suitable for
++ * verification at run-time. The information added depends on the
++ * algorithm being used.
++ *
++ * @info: Specifies key and FIT information
++ * @keydest: Destination FDT blob for public key data
++ * @return: 0, on success, -ve on error
++ */
++ int (*add_tkc_data)(struct image_sign_info *info, void *keydest);
+ };
+
+ struct padding_algo {
+diff --git a/include/u-boot/ecc.h b/include/u-boot/ecc.h
+index 2fe75cb759..acd8b4960a 100644
+--- a/include/u-boot/ecc.h
++++ b/include/u-boot/ecc.h
+@@ -60,6 +60,19 @@ int ecc_add_verify_data(struct image_sign_info *info, void *keydest);
+ int ecc_verify(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len);
++/**
++ * add_tkc_data() - Add trusted-key-certificate information to FDT
++ *
++ * Add Tier-1 public key information to the FDT node, suitable for
++ * verification at run-time. The information added depends on the
++ * algorithm being used.
++ *
++ * @info: Specifies key and FIT information
++ * @keydest: Destination FDT blob for public key data
++ * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
++ other -ve value on error
++*/
++int ecc_add_tkc_data(struct image_sign_info *info, void *keydest);
+
+ #endif
+
+diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
+index 7e1ddab6e2..ea624b2e86 100644
+--- a/include/u-boot/rsa.h
++++ b/include/u-boot/rsa.h
+@@ -54,7 +54,7 @@ int rsa_sign(struct image_sign_info *info,
+ int region_count, uint8_t **sigp, uint *sig_len);
+
+ /**
+- * add_verify_data() - Add verification information to FDT
++ * rsa_add_verify_data() - Add verification information to FDT
+ *
+ * Add public key information to the FDT node, suitable for
+ * verification at run-time. The information added depends on the
+@@ -66,6 +66,21 @@ int rsa_sign(struct image_sign_info *info,
+ other -ve value on error
+ */
+ int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
++
++/**
++ * rsa_add_tkc_data() - Add trusted-key-certificate information to FDT
++ *
++ * Add Tier-1 public key information to the FDT node, suitable for
++ * verification at run-time. The information added depends on the
++ * algorithm being used.
++ *
++ * @info: Specifies key and FIT information
++ * @keydest: Destination FDT blob for public key data
++ * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
++ other -ve value on error
++*/
++int rsa_add_tkc_data(struct image_sign_info *info, void *keydest);
++
+ #else
+ static inline int rsa_sign(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+@@ -79,6 +94,12 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
+ {
+ return -ENXIO;
+ }
++
++static inline int rsa_add_tkc_data(struct image_sign_info *info, void *keydest)
++{
++ return -ENXIO;
++}
++
+ #endif
+
+ #if IMAGE_ENABLE_VERIFY
+diff --git a/lib/ecc/ecc-sig.c b/lib/ecc/ecc-sig.c
+index bcd6e4a769..567ea876ff 100644
+--- a/lib/ecc/ecc-sig.c
++++ b/lib/ecc/ecc-sig.c
+@@ -133,9 +133,9 @@ static int ec_pem_get_priv_key(const char *keydir, const char *name,
+ /**
+ * ec_pem_get_pub_key() - read a public key from a .key file
+ *
+- * @keydir: Directory containing the key
+- * @name Name of key file (will have a .key extension)
+- * @pub_key Returns BIGNUM object, or NULL on failure
++ * @keydir: Directory containing the key
++ * @name Name of key file (will have a .key extension)
++ * @pub_key Returns BIGNUM object, or NULL on failure
+ * @return 0 if ok, -ve on error (in which case *pub_key will be set to NULL)
+ */
+ static int ec_pem_get_pub_key(const char *keydir, const char *name, BIGNUM **pub_key)
+@@ -184,7 +184,11 @@ int ecc_add_verify_data(struct image_sign_info *info, void *keydest)
+ int bits;
+
+ // get public key
+- ret = ec_pem_get_pub_key(info->keydir, info->keyname, &pub_key);
++ if (info->tkc_tier_flag) {
++ ret = ec_pem_get_pub_key(info->keydir, "oem", &pub_key);
++ } else {
++ ret = ec_pem_get_pub_key(info->keydir, info->keyname, &pub_key);
++ }
+
+ if (ret)
+ goto err_get_pub_key;
+@@ -243,10 +247,47 @@ done:
+
+ err_get_pub_key:
+
+-
+ return ret;
+ }
+
++static int ec_init(void)
++{
++ int ret;
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ ret = SSL_library_init();
++#else
++ ret = OPENSSL_init_ssl(0, NULL);
++#endif
++ if (!ret) {
++ fprintf(stderr, "Failure to init SSL library\n");
++ return -1;
++ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ SSL_load_error_strings();
++
++ OpenSSL_add_all_algorithms();
++ OpenSSL_add_all_digests();
++ OpenSSL_add_all_ciphers();
++#endif
++
++ return 0;
++}
++
++static void ec_remove(void)
++{
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ CRYPTO_cleanup_all_ex_data();
++ ERR_free_strings();
++#ifdef HAVE_ERR_REMOVE_THREAD_STATE
++ ERR_remove_thread_state(NULL);
++#else
++ ERR_remove_state(0);
++#endif
++ EVP_cleanup();
++#endif
++}
++
+ static int ec_sign_with_key(EC_KEY *ec, struct checksum_algo *checksum_algo,
+ const struct image_region region[], int region_count,
+ uint8_t **sigp, uint *sig_size)
+@@ -344,6 +385,10 @@ int ecc_sign(struct image_sign_info *info,
+ EC_KEY *ec;
+ int ret = 0;
+
++ ret = ec_init();
++ if (ret)
++ return ret;
++
+ /* To read private key from pem */
+ ret = ec_pem_get_priv_key(info->keydir, info->keyname, &ec);
+
+@@ -359,56 +404,79 @@ int ecc_sign(struct image_sign_info *info,
+ goto err_sign;
+ }
+
+-
+ err_sign:
+
+ err_priv:
++ ec_remove();
+
+ return ret;
+ }
+
+-/**
+- * ec_pem_get_pub_key_by_path() - read a public key from a .key file
+- *
+- * @path Path of key file (will have a .key extension)
+- * @pub_key Returns BIGNUM object, or NULL on failure
+- * @return 0 if ok, -ve on error (in which case *pub_key will be set to NULL)
+- */
+-static int ec_pem_get_pub_key_by_path(const char *keydir, const char *name, BIGNUM **pub_key)
++int ecc_add_tkc_data(struct image_sign_info *info, void *keydest)
+ {
+- char path[1024];
+- EC_KEY *ec;
+- FILE *f;
+- unsigned char *pub_k_cp = NULL;
+- int ret;
++ BIGNUM *pub_key;
++ int tkc_parent, sign_node, key_node;
++ int ret=0;
++ int bits;
+
+- snprintf(path, sizeof(path), "%s/tier_public.key", keydir);
+- f = fopen(path, "r");
+- if (!f) {
+- fprintf(stderr, "Couldn't open EC public key: '%s': %s\n",
+- path, strerror(errno));
+- return -ENOENT;
++ // get public key
++ ret = ec_pem_get_pub_key(info->keydir, "tier", &pub_key);
++ if (ret)
++ goto err_get_pub_key;
++
++ // Step 1: detect trusted-key-certificate node
++ // if not found, then create it
++ tkc_parent = fdt_subnode_offset(keydest, 0, FIT_TKC_NODENAME);
++ if (tkc_parent == -FDT_ERR_NOTFOUND) {
++ tkc_parent = fdt_add_subnode(keydest, 0, FIT_TKC_NODENAME);
++ if (tkc_parent < 0) {
++ ret = tkc_parent;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Couldn't create trusted-key-certificate node: %s\n",
++ fdt_strerror(tkc_parent));
++ }
++ }
+ }
++ if (ret)
++ goto done;
+
+- ec = PEM_read_EC_PUBKEY(f, 0, NULL, path);
++ // Step 3: detect trusted-key node
++ // if not found, then create it
++ key_node = fdt_subnode_offset(keydest, sign_node, FIT_TKC_KEY_NODENAME);
++ if (key_node == -FDT_ERR_NOTFOUND) {
++ key_node = fdt_add_subnode(keydest, sign_node, FIT_TKC_KEY_NODENAME);
++ if (key_node < 0) {
++ ret = key_node;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Could not create trusted-key subnode: %s\n",
++ fdt_strerror(key_node));
++ }
++ }
++ }
++ if (ret)
++ goto done;
+
+- if (!ec) {
+- fprintf(stderr, "Failure reading EC public key\n");
+- fclose(f);
+- return -EPROTO;
++ // start to write key info into key_node
++ if (!ret) {
++ bits = info->crypto->key_len * 16;
++ ret = fdt_add_bignum(keydest, key_node, "ecc,public-key", pub_key, bits);
+ }
+- fclose(f);
+
+- /* Transform from EC_POINT to char */
+- ret = i2o_ECPublicKey(ec, &pub_k_cp);
+- if (ret == 0) {
+- return -1;
+- } else {
+- /* Transform from char to BIGNUM */
+- *pub_key = BN_bin2bn(pub_k_cp, ret , NULL);
++ if (!ret) {
++ if (info->name) {
++ ret = fdt_setprop_string(keydest, key_node, FIT_ALGO_PROP, info->name);
++ }
+ }
+
+- return 0;
++done:
++ BN_free(pub_key);
++ if (ret) {
++ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
++ }
++
++err_get_pub_key:
++
++ return ret;
+ }
+
+ /* vim: set ts=4 sw=4 et : */
+diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
+index cfe898ce3f..5f2b6e36b9 100644
+--- a/lib/rsa/rsa-sign.c
++++ b/lib/rsa/rsa-sign.c
+@@ -846,7 +846,12 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
+ if (ret)
+ return ret;
+ }
+- ret = rsa_get_pub_key(info->keydir, info->keyname, e, &rsa);
++
++ if (info->tkc_tier_flag) {
++ ret = rsa_get_pub_key(info->keydir, "oem_public", e, &rsa);
++ } else {
++ ret = rsa_get_pub_key(info->keydir, info->keyname, e, &rsa);
++ }
+ if (ret)
+ goto err_get_pub_key;
+ ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
+@@ -926,3 +931,118 @@ err_get_pub_key:
+
+ return ret;
+ }
++
++int rsa_add_tkc_data(struct image_sign_info *info, void *keydest)
++{
++ BIGNUM *modulus, *r_squared;
++ uint64_t exponent;
++ BIGNUM *n0_inv;
++ int bits;
++ RSA *rsa;
++ ENGINE *e = NULL;
++
++ int tkc_parent, sign_node, key_node;
++ int ret;
++
++ debug("%s: Getting verification data\n", __func__);
++ if (info->engine_id) {
++ ret = rsa_engine_init(info->engine_id, &e);
++ if (ret)
++ return ret;
++ }
++
++ ret = rsa_get_pub_key(info->keydir, "tier_public", e, &rsa);
++ if (ret)
++ goto err_get_pub_key;
++ ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
++ if (ret)
++ goto err_get_params;
++ bits = BN_num_bits(modulus);
++
++ // Step 1: detect trusted-key-certificate node
++ // if not found, then create it
++ tkc_parent = fdt_subnode_offset(keydest, 0, FIT_TKC_NODENAME);
++ if (tkc_parent == -FDT_ERR_NOTFOUND) {
++ tkc_parent = fdt_add_subnode(keydest, 0, FIT_TKC_NODENAME);
++ if (tkc_parent < 0) {
++ ret = tkc_parent;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Couldn't create trusted-key-certificate node: %s\n",
++ fdt_strerror(tkc_parent));
++ }
++ }
++ }
++ if (ret)
++ goto done;
++
++ // Step 2: detect sign-node node
++ // if not found, then create it
++ sign_node = fdt_subnode_offset(keydest, tkc_parent, FIT_TKC_SIGN_NODENAME);
++ if (sign_node == -FDT_ERR_NOTFOUND) {
++ sign_node = fdt_add_subnode(keydest, tkc_parent, FIT_TKC_SIGN_NODENAME);
++ if (sign_node < 0) {
++ ret = sign_node;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Could not create sign-node subnode: %s\n",
++ fdt_strerror(sign_node));
++ }
++ }
++ }
++ if (ret)
++ goto done;
++
++ // Step 3: detect trusted-key node
++ // if not found, then create it
++ key_node = fdt_subnode_offset(keydest, sign_node, FIT_TKC_KEY_NODENAME);
++ if (key_node == -FDT_ERR_NOTFOUND) {
++ key_node = fdt_add_subnode(keydest, sign_node, FIT_TKC_KEY_NODENAME);
++ if (key_node < 0) {
++ ret = key_node;
++ if (ret != -FDT_ERR_NOSPACE) {
++ fprintf(stderr, "Could not create trusted-key subnode: %s\n",
++ fdt_strerror(key_node));
++ }
++ }
++ }
++ if (ret)
++ goto done;
++
++ if (!ret)
++ ret = fdt_setprop_u32(keydest, key_node, "rsa,num-bits", bits);
++ if (!ret)
++ ret = fdt_add_bignum(keydest, key_node, "rsa,n0-inverse", n0_inv,
++ 64);
++ if (!ret) {
++ ret = fdt_setprop_u64(keydest, key_node, "rsa,exponent", exponent);
++ }
++ if (!ret) {
++ ret = fdt_add_bignum(keydest, key_node, "rsa,modulus", modulus,
++ bits);
++ }
++ if (!ret) {
++ ret = fdt_add_bignum(keydest, key_node, "rsa,r-squared", r_squared,
++ bits);
++ }
++ if (!ret) {
++ ret = fdt_setprop_string(keydest, key_node, FIT_ALGO_PROP,
++ info->name);
++ }
++ if (!ret && info->require_keys) {
++ ret = fdt_setprop_string(keydest, key_node, "required",
++ info->require_keys);
++ }
++
++done:
++ BN_free(modulus);
++ BN_free(r_squared);
++ BN_free(n0_inv);
++ if (ret)
++ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
++err_get_params:
++ RSA_free(rsa);
++err_get_pub_key:
++ if (info->engine_id)
++ rsa_engine_remove(e);
++
++ return ret;
++}
+diff --git a/tools/fit_image.c b/tools/fit_image.c
+index d440d143c6..fb49f09da1 100644
+--- a/tools/fit_image.c
++++ b/tools/fit_image.c
+@@ -7,8 +7,8 @@
+ * Wolfgang Denk, wd@denx.de
+ *
+ * Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
+- * FIT image specific code abstracted from mkimage.c
+- * some functions added to address abstraction
++ * FIT image specific code abstracted from mkimage.c
++ * some functions added to address abstraction
+ *
+ * All rights reserved.
+ */
+@@ -25,65 +25,73 @@
+ static image_header_t header;
+
+ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
+- const char *tmpfile)
++ const char *tmpfile)
+ {
+- int tfd, destfd = 0;
+- void *dest_blob = NULL;
+- off_t destfd_size = 0;
+- struct stat sbuf;
+- void *ptr;
+- int ret = 0;
+-
+- tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true,
+- false);
+- if (tfd < 0)
+- return -EIO;
+-
+- if (params->keydest) {
+- struct stat dest_sbuf;
+-
+- destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
+- &dest_blob, &dest_sbuf, false,
+- false);
+- if (destfd < 0) {
+- ret = -EIO;
+- goto err_keydest;
+- }
+- destfd_size = dest_sbuf.st_size;
+- }
+-
+- /* for first image creation, add a timestamp at offset 0 i.e., root */
+- if (params->datafile || params->reset_timestamp) {
+- time_t time = imagetool_get_source_date(params->cmdname,
+- sbuf.st_mtime);
+- ret = fit_set_timestamp(ptr, 0, time);
+- }
+-
+- if (!ret) {
+- ret = fit_cipher_data(params->keydir, dest_blob, ptr,
+- params->comment,
+- params->require_keys,
+- params->engine_id,
+- params->cmdname);
+- }
+-
+- if (!ret) {
+- ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
+- params->comment,
+- params->require_keys,
+- params->engine_id,
+- params->cmdname);
+- }
+-
+- if (dest_blob) {
+- munmap(dest_blob, destfd_size);
+- close(destfd);
+- }
++ int tfd, destfd = 0;
++ void *dest_blob = NULL;
++ off_t destfd_size = 0;
++ struct stat sbuf;
++ void *ptr;
++ int ret = 0;
++
++ tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true,
++ false);
++ if (tfd < 0)
++ return -EIO;
++
++ if (params->keydest) {
++ struct stat dest_sbuf;
++
++ destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
++ &dest_blob, &dest_sbuf, false,
++ false);
++ if (destfd < 0) {
++ ret = -EIO;
++ goto err_keydest;
++ }
++ destfd_size = dest_sbuf.st_size;
++ }
++
++ /* for first image creation, add a timestamp at offset 0 i.e., root */
++ if (params->datafile || params->reset_timestamp) {
++ time_t time = imagetool_get_source_date(params->cmdname,
++ sbuf.st_mtime);
++ ret = fit_set_timestamp(ptr, 0, time);
++ }
++
++ if (!ret) {
++ if (params->tkc_oem_flag) {
++ ret = fit_add_tkc_data(params->keydir, dest_blob, ptr);
++ }
++ }
++
++
++ if (!ret) {
++ ret = fit_cipher_data(params->keydir, dest_blob, ptr,
++ params->comment,
++ params->require_keys,
++ params->engine_id,
++ params->cmdname);
++ }
++
++ if (!ret) {
++ ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
++ params->comment,
++ params->require_keys,
++ params->engine_id,
++ params->cmdname,
++ params);
++ }
++
++ if (dest_blob) {
++ munmap(dest_blob, destfd_size);
++ close(destfd);
++ }
+
+ err_keydest:
+- munmap(ptr, sbuf.st_size);
+- close(tfd);
+- return ret;
++ munmap(ptr, sbuf.st_size);
++ close(tfd);
++ return ret;
+ }
+
+ /**
+@@ -91,105 +99,105 @@ err_keydest:
+ */
+ static int fit_calc_size(struct image_tool_params *params)
+ {
+- struct content_info *cont;
+- int size, total_size;
+-
+- size = imagetool_get_filesize(params, params->datafile);
+- if (size < 0)
+- return -1;
+- total_size = size;
+-
+- if (params->fit_ramdisk) {
+- size = imagetool_get_filesize(params, params->fit_ramdisk);
+- if (size < 0)
+- return -1;
+- total_size += size;
+- }
+-
+- for (cont = params->content_head; cont; cont = cont->next) {
+- size = imagetool_get_filesize(params, cont->fname);
+- if (size < 0)
+- return -1;
+-
+- /* Add space for properties and hash node */
+- total_size += size + 300;
+- }
+-
+- /* Add plenty of space for headers, properties, nodes, etc. */
+- total_size += 4096;
+-
+- return total_size;
++ struct content_info *cont;
++ int size, total_size;
++
++ size = imagetool_get_filesize(params, params->datafile);
++ if (size < 0)
++ return -1;
++ total_size = size;
++
++ if (params->fit_ramdisk) {
++ size = imagetool_get_filesize(params, params->fit_ramdisk);
++ if (size < 0)
++ return -1;
++ total_size += size;
++ }
++
++ for (cont = params->content_head; cont; cont = cont->next) {
++ size = imagetool_get_filesize(params, cont->fname);
++ if (size < 0)
++ return -1;
++
++ /* Add space for properties and hash node */
++ total_size += size + 300;
++ }
++
++ /* Add plenty of space for headers, properties, nodes, etc. */
++ total_size += 4096;
++
++ return total_size;
+ }
+
+ static int fdt_property_file(struct image_tool_params *params,
+- void *fdt, const char *name, const char *fname)
++ void *fdt, const char *name, const char *fname)
+ {
+- struct stat sbuf;
+- void *ptr;
+- int ret;
+- int fd;
+-
+- fd = open(fname, O_RDWR | O_BINARY);
+- if (fd < 0) {
+- fprintf(stderr, "%s: Can't open %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- return -1;
+- }
+-
+- if (fstat(fd, &sbuf) < 0) {
+- fprintf(stderr, "%s: Can't stat %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- goto err;
+- }
+-
+- ret = fdt_property_placeholder(fdt, "data", sbuf.st_size, &ptr);
+- if (ret)
+- goto err;
+- ret = read(fd, ptr, sbuf.st_size);
+- if (ret != sbuf.st_size) {
+- fprintf(stderr, "%s: Can't read %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- goto err;
+- }
+- close(fd);
+-
+- return 0;
++ struct stat sbuf;
++ void *ptr;
++ int ret;
++ int fd;
++
++ fd = open(fname, O_RDWR | O_BINARY);
++ if (fd < 0) {
++ fprintf(stderr, "%s: Can't open %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ return -1;
++ }
++
++ if (fstat(fd, &sbuf) < 0) {
++ fprintf(stderr, "%s: Can't stat %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ goto err;
++ }
++
++ ret = fdt_property_placeholder(fdt, "data", sbuf.st_size, &ptr);
++ if (ret)
++ goto err;
++ ret = read(fd, ptr, sbuf.st_size);
++ if (ret != sbuf.st_size) {
++ fprintf(stderr, "%s: Can't read %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ goto err;
++ }
++ close(fd);
++
++ return 0;
+ err:
+- close(fd);
+- return -1;
++ close(fd);
++ return -1;
+ }
+
+ static int fdt_property_strf(void *fdt, const char *name, const char *fmt, ...)
+ {
+- char str[100];
+- va_list ptr;
++ char str[100];
++ va_list ptr;
+
+- va_start(ptr, fmt);
+- vsnprintf(str, sizeof(str), fmt, ptr);
+- va_end(ptr);
+- return fdt_property_string(fdt, name, str);
++ va_start(ptr, fmt);
++ vsnprintf(str, sizeof(str), fmt, ptr);
++ va_end(ptr);
++ return fdt_property_string(fdt, name, str);
+ }
+
+ static void get_basename(char *str, int size, const char *fname)
+ {
+- const char *p, *start, *end;
+- int len;
+-
+- /*
+- * Use the base name as the 'name' field. So for example:
+- *
+- * "arch/arm/dts/sun7i-a20-bananapro.dtb"
+- * becomes "sun7i-a20-bananapro"
+- */
+- p = strrchr(fname, '/');
+- start = p ? p + 1 : fname;
+- p = strrchr(fname, '.');
+- end = p ? p : fname + strlen(fname);
+- len = end - start;
+- if (len >= size)
+- len = size - 1;
+- memcpy(str, start, len);
+- str[len] = '\0';
++ const char *p, *start, *end;
++ int len;
++
++ /*
++ * Use the base name as the 'name' field. So for example:
++ *
++ * "arch/arm/dts/sun7i-a20-bananapro.dtb"
++ * becomes "sun7i-a20-bananapro"
++ */
++ p = strrchr(fname, '/');
++ start = p ? p + 1 : fname;
++ p = strrchr(fname, '.');
++ end = p ? p : fname + strlen(fname);
++ len = end - start;
++ if (len >= size)
++ len = size - 1;
++ memcpy(str, start, len);
++ str[len] = '\0';
+ }
+
+ /**
+@@ -199,9 +207,9 @@ static void get_basename(char *str, int size, const char *fname)
+ */
+ static void add_crc_node(void *fdt)
+ {
+- fdt_begin_node(fdt, "hash-1");
+- fdt_property_string(fdt, FIT_ALGO_PROP, "crc32");
+- fdt_end_node(fdt);
++ fdt_begin_node(fdt, "hash-1");
++ fdt_property_string(fdt, FIT_ALGO_PROP, "crc32");
++ fdt_end_node(fdt);
+ }
+
+ /**
+@@ -212,84 +220,84 @@ static void add_crc_node(void *fdt)
+ */
+ static int fit_write_images(struct image_tool_params *params, char *fdt)
+ {
+- struct content_info *cont;
+- const char *typename;
+- char str[100];
+- int upto;
+- int ret;
+-
+- fdt_begin_node(fdt, "images");
+-
+- /* First the main image */
+- typename = genimg_get_type_short_name(params->fit_image_type);
+- snprintf(str, sizeof(str), "%s-1", typename);
+- fdt_begin_node(fdt, str);
+- fdt_property_string(fdt, FIT_DESC_PROP, params->imagename);
+- fdt_property_string(fdt, FIT_TYPE_PROP, typename);
+- fdt_property_string(fdt, FIT_ARCH_PROP,
+- genimg_get_arch_short_name(params->arch));
+- fdt_property_string(fdt, FIT_OS_PROP,
+- genimg_get_os_short_name(params->os));
+- fdt_property_string(fdt, FIT_COMP_PROP,
+- genimg_get_comp_short_name(params->comp));
+- fdt_property_u32(fdt, FIT_LOAD_PROP, params->addr);
+- fdt_property_u32(fdt, FIT_ENTRY_PROP, params->ep);
+-
+- /*
+- * Put data last since it is large. SPL may only load the first part
+- * of the DT, so this way it can access all the above fields.
+- */
+- ret = fdt_property_file(params, fdt, FIT_DATA_PROP, params->datafile);
+- if (ret)
+- return ret;
+- add_crc_node(fdt);
+- fdt_end_node(fdt);
+-
+- /* Now the device tree files if available */
+- upto = 0;
+- for (cont = params->content_head; cont; cont = cont->next) {
+- if (cont->type != IH_TYPE_FLATDT)
+- continue;
+- typename = genimg_get_type_short_name(cont->type);
+- snprintf(str, sizeof(str), "%s-%d", FIT_FDT_PROP, ++upto);
+- fdt_begin_node(fdt, str);
+-
+- get_basename(str, sizeof(str), cont->fname);
+- fdt_property_string(fdt, FIT_DESC_PROP, str);
+- ret = fdt_property_file(params, fdt, FIT_DATA_PROP,
+- cont->fname);
+- if (ret)
+- return ret;
+- fdt_property_string(fdt, FIT_TYPE_PROP, typename);
+- fdt_property_string(fdt, FIT_ARCH_PROP,
+- genimg_get_arch_short_name(params->arch));
+- fdt_property_string(fdt, FIT_COMP_PROP,
+- genimg_get_comp_short_name(IH_COMP_NONE));
+- add_crc_node(fdt);
+- fdt_end_node(fdt);
+- }
+-
+- /* And a ramdisk file if available */
+- if (params->fit_ramdisk) {
+- fdt_begin_node(fdt, FIT_RAMDISK_PROP "-1");
+-
+- fdt_property_string(fdt, FIT_TYPE_PROP, FIT_RAMDISK_PROP);
+- fdt_property_string(fdt, FIT_OS_PROP,
+- genimg_get_os_short_name(params->os));
+- fdt_property_string(fdt, FIT_ARCH_PROP,
+- genimg_get_arch_short_name(params->arch));
+-
+- ret = fdt_property_file(params, fdt, FIT_DATA_PROP,
+- params->fit_ramdisk);
+- if (ret)
+- return ret;
+- add_crc_node(fdt);
+- fdt_end_node(fdt);
+- }
+-
+- fdt_end_node(fdt);
+-
+- return 0;
++ struct content_info *cont;
++ const char *typename;
++ char str[100];
++ int upto;
++ int ret;
++
++ fdt_begin_node(fdt, "images");
++
++ /* First the main image */
++ typename = genimg_get_type_short_name(params->fit_image_type);
++ snprintf(str, sizeof(str), "%s-1", typename);
++ fdt_begin_node(fdt, str);
++ fdt_property_string(fdt, FIT_DESC_PROP, params->imagename);
++ fdt_property_string(fdt, FIT_TYPE_PROP, typename);
++ fdt_property_string(fdt, FIT_ARCH_PROP,
++ genimg_get_arch_short_name(params->arch));
++ fdt_property_string(fdt, FIT_OS_PROP,
++ genimg_get_os_short_name(params->os));
++ fdt_property_string(fdt, FIT_COMP_PROP,
++ genimg_get_comp_short_name(params->comp));
++ fdt_property_u32(fdt, FIT_LOAD_PROP, params->addr);
++ fdt_property_u32(fdt, FIT_ENTRY_PROP, params->ep);
++
++ /*
++ * Put data last since it is large. SPL may only load the first part
++ * of the DT, so this way it can access all the above fields.
++ */
++ ret = fdt_property_file(params, fdt, FIT_DATA_PROP, params->datafile);
++ if (ret)
++ return ret;
++ add_crc_node(fdt);
++ fdt_end_node(fdt);
++
++ /* Now the device tree files if available */
++ upto = 0;
++ for (cont = params->content_head; cont; cont = cont->next) {
++ if (cont->type != IH_TYPE_FLATDT)
++ continue;
++ typename = genimg_get_type_short_name(cont->type);
++ snprintf(str, sizeof(str), "%s-%d", FIT_FDT_PROP, ++upto);
++ fdt_begin_node(fdt, str);
++
++ get_basename(str, sizeof(str), cont->fname);
++ fdt_property_string(fdt, FIT_DESC_PROP, str);
++ ret = fdt_property_file(params, fdt, FIT_DATA_PROP,
++ cont->fname);
++ if (ret)
++ return ret;
++ fdt_property_string(fdt, FIT_TYPE_PROP, typename);
++ fdt_property_string(fdt, FIT_ARCH_PROP,
++ genimg_get_arch_short_name(params->arch));
++ fdt_property_string(fdt, FIT_COMP_PROP,
++ genimg_get_comp_short_name(IH_COMP_NONE));
++ add_crc_node(fdt);
++ fdt_end_node(fdt);
++ }
++
++ /* And a ramdisk file if available */
++ if (params->fit_ramdisk) {
++ fdt_begin_node(fdt, FIT_RAMDISK_PROP "-1");
++
++ fdt_property_string(fdt, FIT_TYPE_PROP, FIT_RAMDISK_PROP);
++ fdt_property_string(fdt, FIT_OS_PROP,
++ genimg_get_os_short_name(params->os));
++ fdt_property_string(fdt, FIT_ARCH_PROP,
++ genimg_get_arch_short_name(params->arch));
++
++ ret = fdt_property_file(params, fdt, FIT_DATA_PROP,
++ params->fit_ramdisk);
++ if (ret)
++ return ret;
++ add_crc_node(fdt);
++ fdt_end_node(fdt);
++ }
++
++ fdt_end_node(fdt);
++
++ return 0;
+ }
+
+ /**
+@@ -303,125 +311,125 @@ static int fit_write_images(struct image_tool_params *params, char *fdt)
+ */
+ static void fit_write_configs(struct image_tool_params *params, char *fdt)
+ {
+- struct content_info *cont;
+- const char *typename;
+- char str[100];
+- int upto;
+-
+- fdt_begin_node(fdt, "configurations");
+- fdt_property_string(fdt, FIT_DEFAULT_PROP, "conf-1");
+-
+- upto = 0;
+- for (cont = params->content_head; cont; cont = cont->next) {
+- if (cont->type != IH_TYPE_FLATDT)
+- continue;
+- typename = genimg_get_type_short_name(cont->type);
+- snprintf(str, sizeof(str), "conf-%d", ++upto);
+- fdt_begin_node(fdt, str);
+-
+- get_basename(str, sizeof(str), cont->fname);
+- fdt_property_string(fdt, FIT_DESC_PROP, str);
+-
+- typename = genimg_get_type_short_name(params->fit_image_type);
+- snprintf(str, sizeof(str), "%s-1", typename);
+- fdt_property_string(fdt, typename, str);
+- fdt_property_string(fdt, FIT_LOADABLE_PROP, str);
+-
+- if (params->fit_ramdisk)
+- fdt_property_string(fdt, FIT_RAMDISK_PROP,
+- FIT_RAMDISK_PROP "-1");
+-
+- snprintf(str, sizeof(str), FIT_FDT_PROP "-%d", upto);
+- fdt_property_string(fdt, FIT_FDT_PROP, str);
+- fdt_end_node(fdt);
+- }
+-
+- if (!upto) {
+- fdt_begin_node(fdt, "conf-1");
+- typename = genimg_get_type_short_name(params->fit_image_type);
+- snprintf(str, sizeof(str), "%s-1", typename);
+- fdt_property_string(fdt, typename, str);
+-
+- if (params->fit_ramdisk)
+- fdt_property_string(fdt, FIT_RAMDISK_PROP,
+- FIT_RAMDISK_PROP "-1");
+-
+- fdt_end_node(fdt);
+- }
+-
+- fdt_end_node(fdt);
++ struct content_info *cont;
++ const char *typename;
++ char str[100];
++ int upto;
++
++ fdt_begin_node(fdt, "configurations");
++ fdt_property_string(fdt, FIT_DEFAULT_PROP, "conf-1");
++
++ upto = 0;
++ for (cont = params->content_head; cont; cont = cont->next) {
++ if (cont->type != IH_TYPE_FLATDT)
++ continue;
++ typename = genimg_get_type_short_name(cont->type);
++ snprintf(str, sizeof(str), "conf-%d", ++upto);
++ fdt_begin_node(fdt, str);
++
++ get_basename(str, sizeof(str), cont->fname);
++ fdt_property_string(fdt, FIT_DESC_PROP, str);
++
++ typename = genimg_get_type_short_name(params->fit_image_type);
++ snprintf(str, sizeof(str), "%s-1", typename);
++ fdt_property_string(fdt, typename, str);
++ fdt_property_string(fdt, FIT_LOADABLE_PROP, str);
++
++ if (params->fit_ramdisk)
++ fdt_property_string(fdt, FIT_RAMDISK_PROP,
++ FIT_RAMDISK_PROP "-1");
++
++ snprintf(str, sizeof(str), FIT_FDT_PROP "-%d", upto);
++ fdt_property_string(fdt, FIT_FDT_PROP, str);
++ fdt_end_node(fdt);
++ }
++
++ if (!upto) {
++ fdt_begin_node(fdt, "conf-1");
++ typename = genimg_get_type_short_name(params->fit_image_type);
++ snprintf(str, sizeof(str), "%s-1", typename);
++ fdt_property_string(fdt, typename, str);
++
++ if (params->fit_ramdisk)
++ fdt_property_string(fdt, FIT_RAMDISK_PROP,
++ FIT_RAMDISK_PROP "-1");
++
++ fdt_end_node(fdt);
++ }
++
++ fdt_end_node(fdt);
+ }
+
+ static int fit_build_fdt(struct image_tool_params *params, char *fdt, int size)
+ {
+- int ret;
+-
+- ret = fdt_create(fdt, size);
+- if (ret)
+- return ret;
+- fdt_finish_reservemap(fdt);
+- fdt_begin_node(fdt, "");
+- fdt_property_strf(fdt, FIT_DESC_PROP,
+- "%s image with one or more FDT blobs",
+- genimg_get_type_name(params->fit_image_type));
+- fdt_property_strf(fdt, "creator", "U-Boot mkimage %s", PLAIN_VERSION);
+- fdt_property_u32(fdt, "#address-cells", 1);
+- ret = fit_write_images(params, fdt);
+- if (ret)
+- return ret;
+- fit_write_configs(params, fdt);
+- fdt_end_node(fdt);
+- ret = fdt_finish(fdt);
+- if (ret)
+- return ret;
+-
+- return fdt_totalsize(fdt);
++ int ret;
++
++ ret = fdt_create(fdt, size);
++ if (ret)
++ return ret;
++ fdt_finish_reservemap(fdt);
++ fdt_begin_node(fdt, "");
++ fdt_property_strf(fdt, FIT_DESC_PROP,
++ "%s image with one or more FDT blobs",
++ genimg_get_type_name(params->fit_image_type));
++ fdt_property_strf(fdt, "creator", "U-Boot mkimage %s", PLAIN_VERSION);
++ fdt_property_u32(fdt, "#address-cells", 1);
++ ret = fit_write_images(params, fdt);
++ if (ret)
++ return ret;
++ fit_write_configs(params, fdt);
++ fdt_end_node(fdt);
++ ret = fdt_finish(fdt);
++ if (ret)
++ return ret;
++
++ return fdt_totalsize(fdt);
+ }
+
+ static int fit_build(struct image_tool_params *params, const char *fname)
+ {
+- char *buf;
+- int size;
+- int ret;
+- int fd;
+-
+- size = fit_calc_size(params);
+- if (size < 0)
+- return -1;
+- buf = calloc(1, size);
+- if (!buf) {
+- fprintf(stderr, "%s: Out of memory (%d bytes)\n",
+- params->cmdname, size);
+- return -1;
+- }
+- ret = fit_build_fdt(params, buf, size);
+- if (ret < 0) {
+- fprintf(stderr, "%s: Failed to build FIT image\n",
+- params->cmdname);
+- goto err_buf;
+- }
+- size = ret;
+- fd = open(fname, O_RDWR | O_CREAT | O_TRUNC | O_BINARY, 0666);
+- if (fd < 0) {
+- fprintf(stderr, "%s: Can't open %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- goto err_buf;
+- }
+- ret = write(fd, buf, size);
+- if (ret != size) {
+- fprintf(stderr, "%s: Can't write %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- goto err;
+- }
+- close(fd);
+- free(buf);
+-
+- return 0;
++ char *buf;
++ int size;
++ int ret;
++ int fd;
++
++ size = fit_calc_size(params);
++ if (size < 0)
++ return -1;
++ buf = calloc(1, size);
++ if (!buf) {
++ fprintf(stderr, "%s: Out of memory (%d bytes)\n",
++ params->cmdname, size);
++ return -1;
++ }
++ ret = fit_build_fdt(params, buf, size);
++ if (ret < 0) {
++ fprintf(stderr, "%s: Failed to build FIT image\n",
++ params->cmdname);
++ goto err_buf;
++ }
++ size = ret;
++ fd = open(fname, O_RDWR | O_CREAT | O_TRUNC | O_BINARY, 0666);
++ if (fd < 0) {
++ fprintf(stderr, "%s: Can't open %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ goto err_buf;
++ }
++ ret = write(fd, buf, size);
++ if (ret != size) {
++ fprintf(stderr, "%s: Can't write %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ goto err;
++ }
++ close(fd);
++ free(buf);
++
++ return 0;
+ err:
+- close(fd);
++ close(fd);
+ err_buf:
+- free(buf);
+- return -1;
++ free(buf);
++ return -1;
+ }
+
+ /**
+@@ -437,276 +445,276 @@ err_buf:
+ */
+ static int fit_extract_data(struct image_tool_params *params, const char *fname)
+ {
+- void *buf = NULL;
+- int buf_ptr;
+- int fit_size, new_size;
+- int fd;
+- struct stat sbuf;
+- void *fdt;
+- int ret;
+- int images;
+- int node;
+- int image_number;
+- int align_size;
+-
+- align_size = params->bl_len ? params->bl_len : 4;
+- fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false, false);
+- if (fd < 0)
+- return -EIO;
+- fit_size = fdt_totalsize(fdt);
+-
+- images = fdt_path_offset(fdt, FIT_IMAGES_PATH);
+- if (images < 0) {
+- debug("%s: Cannot find /images node: %d\n", __func__, images);
+- ret = -EINVAL;
+- goto err_munmap;
+- }
+- image_number = fdtdec_get_child_count(fdt, images);
+-
+- /*
+- * Allocate space to hold the image data we will extract,
+- * extral space allocate for image alignment to prevent overflow.
+- */
+- buf = calloc(1, fit_size + (align_size * image_number));
+- if (!buf) {
+- ret = -ENOMEM;
+- goto err_munmap;
+- }
+- buf_ptr = 0;
+-
+- for (node = fdt_first_subnode(fdt, images);
+- node >= 0;
+- node = fdt_next_subnode(fdt, node)) {
+- const char *data;
+- int len;
+-
+- data = fdt_getprop(fdt, node, FIT_DATA_PROP, &len);
+- if (!data)
+- continue;
+- memcpy(buf + buf_ptr, data, len);
+- debug("Extracting data size %x\n", len);
+-
+- ret = fdt_delprop(fdt, node, FIT_DATA_PROP);
+- if (ret) {
+- ret = -EPERM;
+- goto err_munmap;
+- }
+- if (params->external_offset > 0) {
+- /* An external offset positions the data absolutely. */
+- fdt_setprop_u32(fdt, node, FIT_DATA_POSITION_PROP,
+- params->external_offset + buf_ptr);
+- } else {
+- fdt_setprop_u32(fdt, node, FIT_DATA_OFFSET_PROP,
+- buf_ptr);
+- }
+- fdt_setprop_u32(fdt, node, FIT_DATA_SIZE_PROP, len);
+- buf_ptr += ALIGN(len, align_size);
+- }
+-
+- /* Pack the FDT and place the data after it */
+- fdt_pack(fdt);
+-
+- new_size = fdt_totalsize(fdt);
+- new_size = ALIGN(new_size, align_size);
+- fdt_set_totalsize(fdt, new_size);
+- debug("Size reduced from %x to %x\n", fit_size, fdt_totalsize(fdt));
+- debug("External data size %x\n", buf_ptr);
+- munmap(fdt, sbuf.st_size);
+-
+- if (ftruncate(fd, new_size)) {
+- debug("%s: Failed to truncate file: %s\n", __func__,
+- strerror(errno));
+- ret = -EIO;
+- goto err;
+- }
+-
+- /* Check if an offset for the external data was set. */
+- if (params->external_offset > 0) {
+- if (params->external_offset < new_size) {
+- debug("External offset %x overlaps FIT length %x",
+- params->external_offset, new_size);
+- ret = -EINVAL;
+- goto err;
+- }
+- new_size = params->external_offset;
+- }
+- if (lseek(fd, new_size, SEEK_SET) < 0) {
+- debug("%s: Failed to seek to end of file: %s\n", __func__,
+- strerror(errno));
+- ret = -EIO;
+- goto err;
+- }
+- if (write(fd, buf, buf_ptr) != buf_ptr) {
+- debug("%s: Failed to write external data to file %s\n",
+- __func__, strerror(errno));
+- ret = -EIO;
+- goto err;
+- }
+- free(buf);
+- close(fd);
+- return 0;
++ void *buf = NULL;
++ int buf_ptr;
++ int fit_size, new_size;
++ int fd;
++ struct stat sbuf;
++ void *fdt;
++ int ret;
++ int images;
++ int node;
++ int image_number;
++ int align_size;
++
++ align_size = params->bl_len ? params->bl_len : 4;
++ fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false, false);
++ if (fd < 0)
++ return -EIO;
++ fit_size = fdt_totalsize(fdt);
++
++ images = fdt_path_offset(fdt, FIT_IMAGES_PATH);
++ if (images < 0) {
++ debug("%s: Cannot find /images node: %d\n", __func__, images);
++ ret = -EINVAL;
++ goto err_munmap;
++ }
++ image_number = fdtdec_get_child_count(fdt, images);
++
++ /*
++ * Allocate space to hold the image data we will extract,
++ * extral space allocate for image alignment to prevent overflow.
++ */
++ buf = calloc(1, fit_size + (align_size * image_number));
++ if (!buf) {
++ ret = -ENOMEM;
++ goto err_munmap;
++ }
++ buf_ptr = 0;
++
++ for (node = fdt_first_subnode(fdt, images);
++ node >= 0;
++ node = fdt_next_subnode(fdt, node)) {
++ const char *data;
++ int len;
++
++ data = fdt_getprop(fdt, node, FIT_DATA_PROP, &len);
++ if (!data)
++ continue;
++ memcpy(buf + buf_ptr, data, len);
++ debug("Extracting data size %x\n", len);
++
++ ret = fdt_delprop(fdt, node, FIT_DATA_PROP);
++ if (ret) {
++ ret = -EPERM;
++ goto err_munmap;
++ }
++ if (params->external_offset > 0) {
++ /* An external offset positions the data absolutely. */
++ fdt_setprop_u32(fdt, node, FIT_DATA_POSITION_PROP,
++ params->external_offset + buf_ptr);
++ } else {
++ fdt_setprop_u32(fdt, node, FIT_DATA_OFFSET_PROP,
++ buf_ptr);
++ }
++ fdt_setprop_u32(fdt, node, FIT_DATA_SIZE_PROP, len);
++ buf_ptr += ALIGN(len, align_size);
++ }
++
++ /* Pack the FDT and place the data after it */
++ fdt_pack(fdt);
++
++ new_size = fdt_totalsize(fdt);
++ new_size = ALIGN(new_size, align_size);
++ fdt_set_totalsize(fdt, new_size);
++ debug("Size reduced from %x to %x\n", fit_size, fdt_totalsize(fdt));
++ debug("External data size %x\n", buf_ptr);
++ munmap(fdt, sbuf.st_size);
++
++ if (ftruncate(fd, new_size)) {
++ debug("%s: Failed to truncate file: %s\n", __func__,
++ strerror(errno));
++ ret = -EIO;
++ goto err;
++ }
++
++ /* Check if an offset for the external data was set. */
++ if (params->external_offset > 0) {
++ if (params->external_offset < new_size) {
++ debug("External offset %x overlaps FIT length %x",
++ params->external_offset, new_size);
++ ret = -EINVAL;
++ goto err;
++ }
++ new_size = params->external_offset;
++ }
++ if (lseek(fd, new_size, SEEK_SET) < 0) {
++ debug("%s: Failed to seek to end of file: %s\n", __func__,
++ strerror(errno));
++ ret = -EIO;
++ goto err;
++ }
++ if (write(fd, buf, buf_ptr) != buf_ptr) {
++ debug("%s: Failed to write external data to file %s\n",
++ __func__, strerror(errno));
++ ret = -EIO;
++ goto err;
++ }
++ free(buf);
++ close(fd);
++ return 0;
+
+ err_munmap:
+- munmap(fdt, sbuf.st_size);
++ munmap(fdt, sbuf.st_size);
+ err:
+- free(buf);
+- close(fd);
+- return ret;
++ free(buf);
++ close(fd);
++ return ret;
+ }
+
+ static int fit_import_data(struct image_tool_params *params, const char *fname)
+ {
+- void *fdt, *old_fdt;
+- int fit_size, new_size, size, data_base;
+- int fd;
+- struct stat sbuf;
+- int ret;
+- int images;
+- int node;
+-
+- fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false, false);
+- if (fd < 0)
+- return -EIO;
+- fit_size = fdt_totalsize(old_fdt);
+- data_base = ALIGN(fit_size, 4);
+-
+- /* Allocate space to hold the new FIT */
+- size = sbuf.st_size + 16384;
+- fdt = calloc(1, size);
+- if (!fdt) {
+- fprintf(stderr, "%s: Failed to allocate memory (%d bytes)\n",
+- __func__, size);
+- ret = -ENOMEM;
+- goto err_munmap;
+- }
+- ret = fdt_open_into(old_fdt, fdt, size);
+- if (ret) {
+- debug("%s: Failed to expand FIT: %s\n", __func__,
+- fdt_strerror(errno));
+- ret = -EINVAL;
+- goto err_munmap;
+- }
+-
+- images = fdt_path_offset(fdt, FIT_IMAGES_PATH);
+- if (images < 0) {
+- debug("%s: Cannot find /images node: %d\n", __func__, images);
+- ret = -EINVAL;
+- goto err_munmap;
+- }
+-
+- for (node = fdt_first_subnode(fdt, images);
+- node >= 0;
+- node = fdt_next_subnode(fdt, node)) {
+- int buf_ptr;
+- int len;
+-
+- buf_ptr = fdtdec_get_int(fdt, node, "data-offset", -1);
+- len = fdtdec_get_int(fdt, node, "data-size", -1);
+- if (buf_ptr == -1 || len == -1)
+- continue;
+- debug("Importing data size %x\n", len);
+-
+- ret = fdt_setprop(fdt, node, "data",
+- old_fdt + data_base + buf_ptr, len);
+- if (ret) {
+- debug("%s: Failed to write property: %s\n", __func__,
+- fdt_strerror(ret));
+- ret = -EINVAL;
+- goto err_munmap;
+- }
+- }
+-
+- munmap(old_fdt, sbuf.st_size);
+-
+- /* Close the old fd so we can re-use it. */
+- close(fd);
+-
+- /* Pack the FDT and place the data after it */
+- fdt_pack(fdt);
+-
+- new_size = fdt_totalsize(fdt);
+- debug("Size expanded from %x to %x\n", fit_size, new_size);
+-
+- fd = open(fname, O_RDWR | O_CREAT | O_TRUNC | O_BINARY, 0666);
+- if (fd < 0) {
+- fprintf(stderr, "%s: Can't open %s: %s\n",
+- params->cmdname, fname, strerror(errno));
+- ret = -EIO;
+- goto err;
+- }
+- if (write(fd, fdt, new_size) != new_size) {
+- debug("%s: Failed to write external data to file %s\n",
+- __func__, strerror(errno));
+- ret = -EIO;
+- goto err;
+- }
+-
+- free(fdt);
+- close(fd);
+- return 0;
++ void *fdt, *old_fdt;
++ int fit_size, new_size, size, data_base;
++ int fd;
++ struct stat sbuf;
++ int ret;
++ int images;
++ int node;
++
++ fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false, false);
++ if (fd < 0)
++ return -EIO;
++ fit_size = fdt_totalsize(old_fdt);
++ data_base = ALIGN(fit_size, 4);
++
++ /* Allocate space to hold the new FIT */
++ size = sbuf.st_size + 16384;
++ fdt = calloc(1, size);
++ if (!fdt) {
++ fprintf(stderr, "%s: Failed to allocate memory (%d bytes)\n",
++ __func__, size);
++ ret = -ENOMEM;
++ goto err_munmap;
++ }
++ ret = fdt_open_into(old_fdt, fdt, size);
++ if (ret) {
++ debug("%s: Failed to expand FIT: %s\n", __func__,
++ fdt_strerror(errno));
++ ret = -EINVAL;
++ goto err_munmap;
++ }
++
++ images = fdt_path_offset(fdt, FIT_IMAGES_PATH);
++ if (images < 0) {
++ debug("%s: Cannot find /images node: %d\n", __func__, images);
++ ret = -EINVAL;
++ goto err_munmap;
++ }
++
++ for (node = fdt_first_subnode(fdt, images);
++ node >= 0;
++ node = fdt_next_subnode(fdt, node)) {
++ int buf_ptr;
++ int len;
++
++ buf_ptr = fdtdec_get_int(fdt, node, "data-offset", -1);
++ len = fdtdec_get_int(fdt, node, "data-size", -1);
++ if (buf_ptr == -1 || len == -1)
++ continue;
++ debug("Importing data size %x\n", len);
++
++ ret = fdt_setprop(fdt, node, "data",
++ old_fdt + data_base + buf_ptr, len);
++ if (ret) {
++ debug("%s: Failed to write property: %s\n", __func__,
++ fdt_strerror(ret));
++ ret = -EINVAL;
++ goto err_munmap;
++ }
++ }
++
++ munmap(old_fdt, sbuf.st_size);
++
++ /* Close the old fd so we can re-use it. */
++ close(fd);
++
++ /* Pack the FDT and place the data after it */
++ fdt_pack(fdt);
++
++ new_size = fdt_totalsize(fdt);
++ debug("Size expanded from %x to %x\n", fit_size, new_size);
++
++ fd = open(fname, O_RDWR | O_CREAT | O_TRUNC | O_BINARY, 0666);
++ if (fd < 0) {
++ fprintf(stderr, "%s: Can't open %s: %s\n",
++ params->cmdname, fname, strerror(errno));
++ ret = -EIO;
++ goto err;
++ }
++ if (write(fd, fdt, new_size) != new_size) {
++ debug("%s: Failed to write external data to file %s\n",
++ __func__, strerror(errno));
++ ret = -EIO;
++ goto err;
++ }
++
++ free(fdt);
++ close(fd);
++ return 0;
+
+ err_munmap:
+- munmap(old_fdt, sbuf.st_size);
++ munmap(old_fdt, sbuf.st_size);
+ err:
+- free(fdt);
+- close(fd);
+- return ret;
++ free(fdt);
++ close(fd);
++ return ret;
+ }
+
+ static int copyfile(const char *src, const char *dst)
+ {
+- int fd_src = -1, fd_dst = -1;
+- void *buf = NULL;
+- ssize_t size;
+- size_t count;
+- int ret = -1;
+-
+- fd_src = open(src, O_RDONLY);
+- if (fd_src < 0) {
+- printf("Can't open file %s (%s)\n", src, strerror(errno));
+- goto out;
+- }
+-
+- fd_dst = open(dst, O_WRONLY | O_CREAT, 0666);
+- if (fd_dst < 0) {
+- printf("Can't open file %s (%s)\n", dst, strerror(errno));
+- goto out;
+- }
+-
+- buf = calloc(1, 512);
+- if (!buf) {
+- printf("Can't allocate buffer to copy file\n");
+- goto out;
+- }
+-
+- while (1) {
+- size = read(fd_src, buf, 512);
+- if (size < 0) {
+- printf("Can't read file %s\n", src);
+- goto out;
+- }
+- if (!size)
+- break;
+-
+- count = size;
+- size = write(fd_dst, buf, count);
+- if (size < 0) {
+- printf("Can't write file %s\n", dst);
+- goto out;
+- }
+- }
+-
+- ret = 0;
++ int fd_src = -1, fd_dst = -1;
++ void *buf = NULL;
++ ssize_t size;
++ size_t count;
++ int ret = -1;
++
++ fd_src = open(src, O_RDONLY);
++ if (fd_src < 0) {
++ printf("Can't open file %s (%s)\n", src, strerror(errno));
++ goto out;
++ }
++
++ fd_dst = open(dst, O_WRONLY | O_CREAT, 0666);
++ if (fd_dst < 0) {
++ printf("Can't open file %s (%s)\n", dst, strerror(errno));
++ goto out;
++ }
++
++ buf = calloc(1, 512);
++ if (!buf) {
++ printf("Can't allocate buffer to copy file\n");
++ goto out;
++ }
++
++ while (1) {
++ size = read(fd_src, buf, 512);
++ if (size < 0) {
++ printf("Can't read file %s\n", src);
++ goto out;
++ }
++ if (!size)
++ break;
++
++ count = size;
++ size = write(fd_dst, buf, count);
++ if (size < 0) {
++ printf("Can't write file %s\n", dst);
++ goto out;
++ }
++ }
++
++ ret = 0;
+
+ out:
+- if (fd_src >= 0)
+- close(fd_src);
+- if (fd_dst >= 0)
+- close(fd_dst);
+- if (buf)
+- free(buf);
+-
+- return ret;
++ if (fd_src >= 0)
++ close(fd_src);
++ if (fd_dst >= 0)
++ close(fd_dst);
++ if (buf)
++ free(buf);
++
++ return ret;
+ }
+
+ /**
+@@ -723,115 +731,115 @@ static int copyfile(const char *src, const char *dst)
+ */
+ static int fit_handle_file(struct image_tool_params *params)
+ {
+- char tmpfile[MKIMAGE_MAX_TMPFILE_LEN];
+- char bakfile[MKIMAGE_MAX_TMPFILE_LEN + 4] = {0};
+- char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN];
+- size_t size_inc;
+- int ret;
+-
+- /* Flattened Image Tree (FIT) format handling */
+- debug ("FIT format handling\n");
+-
+- /* call dtc to include binary properties into the tmp file */
+- if (strlen (params->imagefile) +
+- strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
+- fprintf (stderr, "%s: Image file name (%s) too long, "
+- "can't create tmpfile",
+- params->imagefile, params->cmdname);
+- return (EXIT_FAILURE);
+- }
+- sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
+-
+- /* We either compile the source file, or use the existing FIT image */
+- if (params->auto_its) {
+- if (fit_build(params, tmpfile)) {
+- fprintf(stderr, "%s: failed to build FIT\n",
+- params->cmdname);
+- return EXIT_FAILURE;
+- }
+- *cmd = '\0';
+- } else if (params->datafile) {
+- /* dtc -I dts -O dtb -p 500 -o tmpfile datafile */
+- snprintf(cmd, sizeof(cmd), "%s %s -o \"%s\" \"%s\"",
+- MKIMAGE_DTC, params->dtc, tmpfile, params->datafile);
+- debug("Trying to execute \"%s\"\n", cmd);
+- } else {
+- snprintf(cmd, sizeof(cmd), "cp \"%s\" \"%s\"",
+- params->imagefile, tmpfile);
+- }
+- if (strlen(cmd) >= MKIMAGE_MAX_DTC_CMDLINE_LEN - 1) {
+- fprintf(stderr, "WARNING: command-line for FIT creation might be truncated and will probably fail.\n");
+- }
+-
+- if (*cmd && system(cmd) == -1) {
+- fprintf (stderr, "%s: system(%s) failed: %s\n",
+- params->cmdname, cmd, strerror(errno));
+- goto err_system;
+- }
+-
+- /* Move the data so it is internal to the FIT, if needed */
+- ret = fit_import_data(params, tmpfile);
+- if (ret)
+- goto err_system;
+-
+- /*
+- * Copy the tmpfile to bakfile, then in the following loop
+- * we copy bakfile to tmpfile. So we always start from the
+- * beginning.
+- */
+- sprintf(bakfile, "%s%s", tmpfile, ".bak");
+- rename(tmpfile, bakfile);
+-
+- /*
+- * Set hashes for images in the blob. Unfortunately we may need more
+- * space in either FDT, so keep trying until we succeed.
+- *
+- * Note: this is pretty inefficient for signing, since we must
+- * calculate the signature every time. It would be better to calculate
+- * all the data and then store it in a separate step. However, this
+- * would be considerably more complex to implement. Generally a few
+- * steps of this loop is enough to sign with several keys.
+- */
+- for (size_inc = 0; size_inc < 64 * 1024; size_inc += 1024) {
+- if (copyfile(bakfile, tmpfile) < 0) {
+- printf("Can't copy %s to %s\n", bakfile, tmpfile);
+- ret = -EIO;
+- break;
+- }
+- ret = fit_add_file_data(params, size_inc, tmpfile);
+- if (!ret || ret != -ENOSPC)
+- break;
+- }
+-
+- if (ret) {
+- fprintf(stderr, "%s Can't add hashes to FIT blob: %d\n",
+- params->cmdname, ret);
+- goto err_system;
+- }
+-
+- /* Move the data so it is external to the FIT, if requested */
+- if (params->external_data) {
+- ret = fit_extract_data(params, tmpfile);
+- if (ret)
+- goto err_system;
+- }
+-
+- if (rename (tmpfile, params->imagefile) == -1) {
+- fprintf (stderr, "%s: Can't rename %s to %s: %s\n",
+- params->cmdname, tmpfile, params->imagefile,
+- strerror (errno));
+- unlink (tmpfile);
+- unlink(bakfile);
+- unlink (params->imagefile);
+- return EXIT_FAILURE;
+- }
+- unlink(bakfile);
+- return EXIT_SUCCESS;
++ char tmpfile[MKIMAGE_MAX_TMPFILE_LEN];
++ char bakfile[MKIMAGE_MAX_TMPFILE_LEN + 4] = {0};
++ char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN];
++ size_t size_inc;
++ int ret;
++
++ /* Flattened Image Tree (FIT) format handling */
++ debug ("FIT format handling\n");
++
++ /* call dtc to include binary properties into the tmp file */
++ if (strlen (params->imagefile) +
++ strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
++ fprintf (stderr, "%s: Image file name (%s) too long, "
++ "can't create tmpfile",
++ params->imagefile, params->cmdname);
++ return (EXIT_FAILURE);
++ }
++ sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
++
++ /* We either compile the source file, or use the existing FIT image */
++ if (params->auto_its) {
++ if (fit_build(params, tmpfile)) {
++ fprintf(stderr, "%s: failed to build FIT\n",
++ params->cmdname);
++ return EXIT_FAILURE;
++ }
++ *cmd = '\0';
++ } else if (params->datafile) {
++ /* dtc -I dts -O dtb -p 500 -o tmpfile datafile */
++ snprintf(cmd, sizeof(cmd), "%s %s -o \"%s\" \"%s\"",
++ MKIMAGE_DTC, params->dtc, tmpfile, params->datafile);
++ debug("Trying to execute \"%s\"\n", cmd);
++ } else {
++ snprintf(cmd, sizeof(cmd), "cp \"%s\" \"%s\"",
++ params->imagefile, tmpfile);
++ }
++ if (strlen(cmd) >= MKIMAGE_MAX_DTC_CMDLINE_LEN - 1) {
++ fprintf(stderr, "WARNING: command-line for FIT creation might be truncated and will probably fail.\n");
++ }
++
++ if (*cmd && system(cmd) == -1) {
++ fprintf (stderr, "%s: system(%s) failed: %s\n",
++ params->cmdname, cmd, strerror(errno));
++ goto err_system;
++ }
++
++ /* Move the data so it is internal to the FIT, if needed */
++ ret = fit_import_data(params, tmpfile);
++ if (ret)
++ goto err_system;
++
++ /*
++ * Copy the tmpfile to bakfile, then in the following loop
++ * we copy bakfile to tmpfile. So we always start from the
++ * beginning.
++ */
++ sprintf(bakfile, "%s%s", tmpfile, ".bak");
++ rename(tmpfile, bakfile);
++
++ /*
++ * Set hashes for images in the blob. Unfortunately we may need more
++ * space in either FDT, so keep trying until we succeed.
++ *
++ * Note: this is pretty inefficient for signing, since we must
++ * calculate the signature every time. It would be better to calculate
++ * all the data and then store it in a separate step. However, this
++ * would be considerably more complex to implement. Generally a few
++ * steps of this loop is enough to sign with several keys.
++ */
++ for (size_inc = 0; size_inc < 64 * 1024; size_inc += 2048) {
++ if (copyfile(bakfile, tmpfile) < 0) {
++ printf("Can't copy %s to %s\n", bakfile, tmpfile);
++ ret = -EIO;
++ break;
++ }
++ ret = fit_add_file_data(params, size_inc, tmpfile);
++ if (!ret || ret != -ENOSPC)
++ break;
++ }
++
++ if (ret) {
++ fprintf(stderr, "%s Can't add hashes to FIT blob: %d\n",
++ params->cmdname, ret);
++ goto err_system;
++ }
++
++ /* Move the data so it is external to the FIT, if requested */
++ if (params->external_data) {
++ ret = fit_extract_data(params, tmpfile);
++ if (ret)
++ goto err_system;
++ }
++
++ if (rename (tmpfile, params->imagefile) == -1) {
++ fprintf (stderr, "%s: Can't rename %s to %s: %s\n",
++ params->cmdname, tmpfile, params->imagefile,
++ strerror (errno));
++ unlink (tmpfile);
++ unlink(bakfile);
++ unlink (params->imagefile);
++ return EXIT_FAILURE;
++ }
++ unlink(bakfile);
++ return EXIT_SUCCESS;
+
+ err_system:
+- unlink(tmpfile);
+- unlink(bakfile);
+- return -1;
++ unlink(tmpfile);
++ unlink(bakfile);
++ return -1;
+ }
+
+ /**
+@@ -844,23 +852,23 @@ err_system:
+ * zero in case of success or a negative value if fail.
+ */
+ static int fit_image_extract(
+- const void *fit,
+- int image_noffset,
+- const char *file_name)
++ const void *fit,
++ int image_noffset,
++ const char *file_name)
+ {
+- const void *file_data;
+- size_t file_size = 0;
+- int ret;
+-
+- /* get the data address and size of component at offset "image_noffset" */
+- ret = fit_image_get_data_and_size(fit, image_noffset, &file_data, &file_size);
+- if (ret) {
+- fprintf(stderr, "Could not get component information\n");
+- return ret;
+- }
+-
+- /* save the "file_data" into the file specified by "file_name" */
+- return imagetool_save_subimage(file_name, (ulong) file_data, file_size);
++ const void *file_data;
++ size_t file_size = 0;
++ int ret;
++
++ /* get the data address and size of component at offset "image_noffset" */
++ ret = fit_image_get_data_and_size(fit, image_noffset, &file_data, &file_size);
++ if (ret) {
++ fprintf(stderr, "Could not get component information\n");
++ return ret;
++ }
++
++ /* save the "file_data" into the file specified by "file_name" */
++ return imagetool_save_subimage(file_name, (ulong) file_data, file_size);
+ }
+
+ /**
+@@ -873,83 +881,83 @@ static int fit_image_extract(
+ */
+ static int fit_extract_contents(void *ptr, struct image_tool_params *params)
+ {
+- int images_noffset;
+- int noffset;
+- int ndepth;
+- const void *fit = ptr;
+- int count = 0;
+- const char *p;
+-
+- /* Indent string is defined in header image.h */
+- p = IMAGE_INDENT_STRING;
+-
+- if (fit_check_format(fit, IMAGE_SIZE_INVAL)) {
+- printf("Bad FIT image format\n");
+- return -1;
+- }
+-
+- /* Find images parent node offset */
+- images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
+- if (images_noffset < 0) {
+- printf("Can't find images parent node '%s' (%s)\n",
+- FIT_IMAGES_PATH, fdt_strerror(images_noffset));
+- return -1;
+- }
+-
+- /* Avoid any overrun */
+- count = fit_get_subimage_count(fit, images_noffset);
+- if ((params->pflag < 0) || (count <= params->pflag)) {
+- printf("No such component at '%d'\n", params->pflag);
+- return -1;
+- }
+-
+- /* Process its subnodes, extract the desired component from image */
+- for (ndepth = 0, count = 0,
+- noffset = fdt_next_node(fit, images_noffset, &ndepth);
+- (noffset >= 0) && (ndepth > 0);
+- noffset = fdt_next_node(fit, noffset, &ndepth)) {
+- if (ndepth == 1) {
+- /*
+- * Direct child node of the images parent node,
+- * i.e. component image node.
+- */
+- if (params->pflag == count) {
+- printf("Extracted:\n%s Image %u (%s)\n", p,
+- count, fit_get_name(fit, noffset, NULL));
+-
+- fit_image_print(fit, noffset, p);
+-
+- return fit_image_extract(fit, noffset,
+- params->outfile);
+- }
+-
+- count++;
+- }
+- }
+-
+- return 0;
++ int images_noffset;
++ int noffset;
++ int ndepth;
++ const void *fit = ptr;
++ int count = 0;
++ const char *p;
++
++ /* Indent string is defined in header image.h */
++ p = IMAGE_INDENT_STRING;
++
++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) {
++ printf("Bad FIT image format\n");
++ return -1;
++ }
++
++ /* Find images parent node offset */
++ images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
++ if (images_noffset < 0) {
++ printf("Can't find images parent node '%s' (%s)\n",
++ FIT_IMAGES_PATH, fdt_strerror(images_noffset));
++ return -1;
++ }
++
++ /* Avoid any overrun */
++ count = fit_get_subimage_count(fit, images_noffset);
++ if ((params->pflag < 0) || (count <= params->pflag)) {
++ printf("No such component at '%d'\n", params->pflag);
++ return -1;
++ }
++
++ /* Process its subnodes, extract the desired component from image */
++ for (ndepth = 0, count = 0,
++ noffset = fdt_next_node(fit, images_noffset, &ndepth);
++ (noffset >= 0) && (ndepth > 0);
++ noffset = fdt_next_node(fit, noffset, &ndepth)) {
++ if (ndepth == 1) {
++ /*
++ * Direct child node of the images parent node,
++ * i.e. component image node.
++ */
++ if (params->pflag == count) {
++ printf("Extracted:\n%s Image %u (%s)\n", p,
++ count, fit_get_name(fit, noffset, NULL));
++
++ fit_image_print(fit, noffset, p);
++
++ return fit_image_extract(fit, noffset,
++ params->outfile);
++ }
++
++ count++;
++ }
++ }
++
++ return 0;
+ }
+
+ static int fit_check_params(struct image_tool_params *params)
+ {
+- if (params->auto_its)
+- return 0;
+- return ((params->dflag && params->fflag) ||
+- (params->fflag && params->lflag) ||
+- (params->lflag && params->dflag));
++ if (params->auto_its)
++ return 0;
++ return ((params->dflag && params->fflag) ||
++ (params->fflag && params->lflag) ||
++ (params->lflag && params->dflag));
+ }
+
+ U_BOOT_IMAGE_TYPE(
+- fitimage,
+- "FIT Image support",
+- sizeof(image_header_t),
+- (void *)&header,
+- fit_check_params,
+- fit_verify_header,
+- fit_print_contents,
+- NULL,
+- fit_extract_contents,
+- fit_check_image_types,
+- fit_handle_file,
+- NULL /* FIT images use DTB header */
++ fitimage,
++ "FIT Image support",
++ sizeof(image_header_t),
++ (void *)&header,
++ fit_check_params,
++ fit_verify_header,
++ fit_print_contents,
++ NULL,
++ fit_extract_contents,
++ fit_check_image_types,
++ fit_handle_file,
++ NULL /* FIT images use DTB header */
+ );
+diff --git a/tools/image-host.c b/tools/image-host.c
+index 22d19a4a2b..c2c9119c63 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -214,13 +214,15 @@ static int fit_image_setup_sig(struct image_sign_info *info,
+ * @comment: Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
++ * @cmdname: cmdname
++ * @params: Image tool params
+ * @return 0 if ok, -1 on error
+ */
+ static int fit_image_process_sig(const char *keydir, void *keydest,
+ void *fit, const char *image_name,
+ int noffset, const void *data, size_t size,
+ const char *comment, int require_keys, const char *engine_id,
+- const char *cmdname)
++ const char *cmdname, const struct image_tool_params *params)
+ {
+ struct image_sign_info info;
+ struct image_region region;
+@@ -260,6 +262,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
++ info.tkc_tier_flag = params->tkc_tier_flag;
+
+ /*
+ * Write the public key into the supplied FDT file; this might fail
+@@ -605,11 +608,14 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
+ * @comment: Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
++ * @cmdname: cmdname
++ * @params: Image tool params
+ * @return: 0 on success, <0 on failure
+ */
+ int fit_image_add_verification_data(const char *keydir, void *keydest,
+ void *fit, int image_noffset, const char *comment,
+- int require_keys, const char *engine_id, const char *cmdname)
++ int require_keys, const char *engine_id, const char *cmdname,
++ const struct image_tool_params *params)
+ {
+ const char *image_name;
+ const void *data;
+@@ -646,7 +652,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest,
+ strlen(FIT_SIG_NODENAME))) {
+ ret = fit_image_process_sig(keydir, keydest,
+ fit, image_name, noffset, data, size,
+- comment, require_keys, engine_id, cmdname);
++ comment, require_keys, engine_id, cmdname, params);
+ }
+ if (ret)
+ return ret;
+@@ -930,7 +936,8 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
+ static int fit_config_process_sig(const char *keydir, void *keydest,
+ void *fit, const char *conf_name, int conf_noffset,
+ int noffset, const char *comment, int require_keys,
+- const char *engine_id, const char *cmdname)
++ const char *engine_id, const char *cmdname,
++ const struct image_tool_params *params)
+ {
+ struct image_sign_info info;
+ const char *node_name;
+@@ -978,6 +985,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+
+ /* Get keyname again, as FDT has changed and invalidated our pointer */
+ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
++ info.tkc_tier_flag = params->tkc_tier_flag;
+
+ /* Write the public key into the supplied FDT file */
+ if (keydest) {
+@@ -994,7 +1002,8 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+
+ static int fit_config_add_verification_data(const char *keydir, void *keydest,
+ void *fit, int conf_noffset, const char *comment,
+- int require_keys, const char *engine_id, const char *cmdname)
++ int require_keys, const char *engine_id, const char *cmdname,
++ const struct image_tool_params *params)
+ {
+ const char *conf_name;
+ int noffset;
+@@ -1013,7 +1022,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
+ strlen(FIT_SIG_NODENAME))) {
+ ret = fit_config_process_sig(keydir, keydest,
+ fit, conf_name, conf_noffset, noffset, comment,
+- require_keys, engine_id, cmdname);
++ require_keys, engine_id, cmdname, params);
+ }
+ if (ret)
+ return ret;
+@@ -1059,11 +1068,12 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
+
+ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ const char *comment, int require_keys,
+- const char *engine_id, const char *cmdname)
++ const char *engine_id, const char *cmdname, const void *param_ptr)
+ {
+ int images_noffset, confs_noffset;
+ int noffset;
+ int ret;
++ const struct image_tool_params *params = (const struct image_tool_params *)param_ptr;
+
+ /* Find images parent node offset */
+ images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
+@@ -1083,7 +1093,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ */
+ ret = fit_image_add_verification_data(keydir, keydest,
+ fit, noffset, comment, require_keys, engine_id,
+- cmdname);
++ cmdname, params);
+ if (ret)
+ return ret;
+ }
+@@ -1107,7 +1117,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ ret = fit_config_add_verification_data(keydir, keydest,
+ fit, noffset, comment,
+ require_keys,
+- engine_id, cmdname);
++ engine_id, cmdname, params);
+ if (ret)
+ return ret;
+ }
+@@ -1115,6 +1125,210 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ return 0;
+ }
+
++/*
++ Only handle the two nodes
++ /trusted-key-certificate/sign-node and
++ /trusted-key-certificate/sign-node/trusted-key
++ Refer to fit_config_check_sig
++*/
++static int fit_tkc_get_hash_data(void *fit,
++ struct image_region **regionp, int *region_countp)
++{
++ int count = 2;
++ char node_name_0[] = "/trusted-key-certificate/sign-node";
++ char node_name_1[] = "/trusted-key-certificate/sign-node/trusted-key";
++ char *node_inc[] = {node_name_0, node_name_1};
++ int max_regions;
++ char path[200];
++ char * const exc_prop[] = {"data"};
++ struct image_region *region;
++
++ /*
++ * Each node can generate one region for each sub-node.
++ */
++ max_regions = 20;
++ struct fdt_region fdt_regions[max_regions];
++
++ /* Get a list of regions to hash */
++ count = fdt_find_regions(fit, node_inc, count,
++ exc_prop, ARRAY_SIZE(exc_prop),
++ fdt_regions, max_regions - 1,
++ path, sizeof(path), 0);
++
++ if (count < 0) {
++ fprintf(stderr, "Failed to hash node\n");
++ return -1;
++ }
++ if (count == 0) {
++ fprintf(stderr, "No data to hash\n");
++ return -1;
++ }
++ if (count >= max_regions - 1) {
++ fprintf(stderr, "Too many hash regions\n");
++ return -1;
++ }
++
++ /* Build our list of data blocks */
++ region = fit_region_make_list(fit, fdt_regions, count, NULL);
++ if (!region) {
++ printf("Out of memory hashing TKC node\n");
++ return -ENOMEM;
++ }
++
++ *region_countp = count;
++ *regionp = region;
++
++ return 0;
++}
++
++static int fit_tkc_add_verification_data(const char *keydir, void *keydest,
++ void *fit, int tkc_noffset, struct image_sign_info *info)
++{
++ int noffset;
++ int ret = 0;
++ struct image_region *region = NULL;
++ int region_count;
++ uint8_t *value;
++ uint value_len;
++
++ /* If there are no keys, we can't sign configurations */
++ if (!IMAGE_ENABLE_SIGN || !keydir) {
++ return 0;
++ }
++
++ /* Process all subnodes of the sign-node node */
++ for (noffset = fdt_first_subnode(fit, tkc_noffset);
++ noffset >= 0;
++ noffset = fdt_next_subnode(fit, noffset)) {
++ const char *node_name;
++
++ node_name = fit_get_name(fit, noffset, NULL);
++
++ if (!strncmp(node_name, FIT_TKC_KEY_NODENAME,
++ strlen(FIT_TKC_KEY_NODENAME))) {
++ if (keydest) {
++ ret = info->crypto->add_tkc_data(info, keydest);
++ }
++ }
++
++ if (ret) {
++ printf("Can't add TKC data\n");
++ return ret;
++ }
++ }
++
++ /* Calculate the hash of
++ /trusted-key-certificate/sign-node and
++ /trusted-key-certificate/sign-node/trusted-key */
++ /* Sign */
++ ret = fit_tkc_get_hash_data(fit, ®ion, ®ion_count);
++ if (ret) {
++ printf("Can't get TKC hash data\n");
++ return ret;
++ }
++
++ ret = info->crypto->sign(info, region, region_count, &value, &value_len);
++ if (ret) {
++ printf("Can't sign TKC node\n");
++ return ret;
++ }
++
++ /* Put into /trusted-key-certificate/ */
++ if (keydest) {
++ // keydest. The sign-value is not the final one.
++ noffset = fdt_subnode_offset(keydest, 0, FIT_TKC_NODENAME);
++ ret = fdt_setprop(keydest, noffset, FIT_TKC_SIGN_PROP, value, value_len);
++ } else {
++ // Write to fit
++ noffset = fdt_subnode_offset(fit, 0, FIT_TKC_NODENAME);
++ ret = fdt_setprop(fit, noffset, FIT_TKC_SIGN_PROP, value, value_len);
++ }
++
++ free(value);
++ free(region);
++
++ if (ret) {
++ printf("Can't write TKC sign\n");
++ return ret;
++ }
++
++ return ret;
++}
++
++static int fit_config_get_sign_info(const char *keydir,
++ void *fit, int conf_noffset, struct image_sign_info *info)
++{
++ int noffset;
++
++ /* Process all hash subnodes of the configuration node */
++ for (noffset = fdt_first_subnode(fit, conf_noffset);
++ noffset >= 0;
++ noffset = fdt_next_subnode(fit, noffset)) {
++ const char *node_name;
++ int ret = 0;
++
++ node_name = fit_get_name(fit, noffset, NULL);
++ if (!strncmp(node_name, FIT_SIG_NODENAME,
++ strlen(FIT_SIG_NODENAME))) {
++ ret = fit_image_setup_sig(info, keydir, fit, node_name, noffset,
++ NULL, NULL);
++ }
++ if (ret)
++ return ret;
++ }
++
++ return 0;
++}
++
++int fit_add_tkc_data(const char *keydir, void *keydest, void *fit)
++{
++ struct image_sign_info info;
++ int tkc_noffset, confs_noffset;
++ int noffset;
++ int ret;
++
++ /* Find configurations parent node offset */
++ confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
++ if (confs_noffset < 0) {
++ printf("Can't find configurations parent node '%s' (%s)\n",
++ FIT_CONFS_PATH, fdt_strerror(confs_noffset));
++ return -ENOENT;
++ }
++
++ /* Find trusted-key-certificate parent node offset */
++ tkc_noffset = fdt_path_offset(fit, FIT_TKC_PATH);
++ if (tkc_noffset < 0) {
++ printf("Can't find TKC parent node '%s' (%s)\n",
++ FIT_TKC_PATH, fdt_strerror(tkc_noffset));
++ return -ENOENT;
++ }
++
++ /* To get info from configuration */
++ /* Process its subnodes, print out component images details */
++ for (noffset = fdt_first_subnode(fit, confs_noffset);
++ noffset >= 0;
++ noffset = fdt_next_subnode(fit, noffset)) {
++ ret = fit_config_get_sign_info(keydir,
++ fit, noffset, &info);
++ if (ret) {
++ return ret;
++ }
++ }
++
++ /* Process its subnodes, print out component details */
++ for (noffset = fdt_first_subnode(fit, tkc_noffset);
++ noffset >= 0;
++ noffset = fdt_next_subnode(fit, noffset)) {
++ ret = fit_tkc_add_verification_data(keydir, keydest,
++ fit, noffset, &info);
++ if (ret) {
++ return ret;
++ }
++ }
++
++ return 0;
++}
++
+ #ifdef CONFIG_FIT_SIGNATURE
+ int fit_check_sign(const void *fit, const void *key,
+ const char *fit_uname_config)
+diff --git a/tools/imagetool.h b/tools/imagetool.h
+index 2801ea9e9f..ff5427245e 100644
+--- a/tools/imagetool.h
++++ b/tools/imagetool.h
+@@ -23,18 +23,18 @@
+
+ #include "fdt_host.h"
+
+-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
++#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+-#define __ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask))
+-#define ALIGN(x, a) __ALIGN_MASK((x), (typeof(x))(a) - 1)
++#define __ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask))
++#define ALIGN(x, a) __ALIGN_MASK((x), (typeof(x))(a) - 1)
+
+-#define IH_ARCH_DEFAULT IH_ARCH_INVALID
++#define IH_ARCH_DEFAULT IH_ARCH_INVALID
+
+ /* Information about a file that needs to be placed into the FIT */
+ struct content_info {
+- struct content_info *next;
+- int type; /* File type (IH_TYPE_...) */
+- const char *fname;
++ struct content_info *next;
++ int type; /* File type (IH_TYPE_...) */
++ const char *fname;
+ };
+
+ /*
+@@ -43,116 +43,120 @@ struct content_info {
+ * type specific functions
+ */
+ struct image_tool_params {
+- int dflag;
+- int eflag;
+- int fflag;
+- int iflag;
+- int lflag;
+- int pflag;
+- int vflag;
+- int xflag;
+- int skipcpy;
+- int os;
+- int arch;
+- int type;
+- int comp;
+- char *dtc;
+- unsigned int addr;
+- unsigned int ep;
+- char *imagename;
+- char *imagename2;
+- char *datafile;
+- char *imagefile;
+- char *cmdname;
+- const char *outfile; /* Output filename */
+- const char *keydir; /* Directory holding private keys */
+- const char *keydest; /* Destination .dtb for public key */
+- const char *comment; /* Comment to add to signature node */
+- int require_keys; /* 1 to mark signing keys as 'required' */
+- int file_size; /* Total size of output file */
+- int orig_file_size; /* Original size for file before padding */
+- bool auto_its; /* Automatically create the .its file */
+- int fit_image_type; /* Image type to put into the FIT */
+- char *fit_ramdisk; /* Ramdisk file to include */
+- struct content_info *content_head; /* List of files to include */
+- struct content_info *content_tail;
+- bool external_data; /* Store data outside the FIT */
+- bool quiet; /* Don't output text in normal operation */
+- unsigned int external_offset; /* Add padding to external data */
+- int bl_len; /* Block length in byte for external data */
+- const char *engine_id; /* Engine to use for signing */
+- bool reset_timestamp; /* Reset the timestamp on an existing image */
++ int dflag;
++ int eflag;
++ int fflag;
++ int iflag;
++ int lflag;
++ int pflag;
++ int vflag;
++ int xflag;
++ int skipcpy;
++ int os;
++ int arch;
++ int type;
++ int comp;
++ char *dtc;
++ unsigned int addr;
++ unsigned int ep;
++ char *imagename;
++ char *imagename2;
++ char *datafile;
++ char *imagefile;
++ char *cmdname;
++ const char *outfile; /* Output filename */
++ const char *keydir; /* Directory holding private keys */
++ const char *keydest; /* Destination .dtb for public key */
++ const char *comment; /* Comment to add to signature node */
++ int require_keys; /* 1 to mark signing keys as 'required' */
++ int file_size; /* Total size of output file */
++ int orig_file_size; /* Original size for file before padding */
++ bool auto_its; /* Automatically create the .its file */
++ int fit_image_type; /* Image type to put into the FIT */
++ char *fit_ramdisk; /* Ramdisk file to include */
++ struct content_info *content_head; /* List of files to include */
++ struct content_info *content_tail;
++ bool external_data; /* Store data outside the FIT */
++ bool quiet; /* Don't output text in normal operation */
++ unsigned int external_offset; /* Add padding to external data */
++ int bl_len; /* Block length in byte for external data */
++ const char *engine_id; /* Engine to use for signing */
++ bool reset_timestamp; /* Reset the timestamp on an existing image */
++ int tkc_oem_flag; /* Handle in OEM part */
++ int tkc_tier_flag; /* Handle in Tier-1 part */
++ char *tkc_oem_pubkey_file; /* TKC: Tier-1 need the public key of OEM */
++ char *tkc_tier_pubkey_file; /* TKC: OEM need the public key of Tier-1 */
+ };
+
+ /*
+ * image type specific variables and callback functions
+ */
+ struct image_type_params {
+- /* name is an identification tag string for added support */
+- char *name;
+- /*
+- * header size is local to the specific image type to be supported,
+- * mkimage core treats this as number of bytes
+- */
+- uint32_t header_size;
+- /* Image type header pointer */
+- void *hdr;
+- /*
+- * There are several arguments that are passed on the command line
+- * and are registered as flags in image_tool_params structure.
+- * This callback function can be used to check the passed arguments
+- * are in-lined with the image type to be supported
+- *
+- * Returns 1 if parameter check is successful
+- */
+- int (*check_params) (struct image_tool_params *);
+- /*
+- * This function is used by list command (i.e. mkimage -l <filename>)
+- * image type verification code must be put here
+- *
+- * Returns 0 if image header verification is successful
+- * otherwise, returns respective negative error codes
+- */
+- int (*verify_header) (unsigned char *, int, struct image_tool_params *);
+- /* Prints image information abstracting from image header */
+- void (*print_header) (const void *);
+- /*
+- * The header or image contents need to be set as per image type to
+- * be generated using this callback function.
+- * further output file post processing (for ex. checksum calculation,
+- * padding bytes etc..) can also be done in this callback function.
+- */
+- void (*set_header) (void *, struct stat *, int,
+- struct image_tool_params *);
+- /*
+- * This function is used by the command to retrieve a component
+- * (sub-image) from the image (i.e. dumpimage -p <position>
+- * -o <component-outfile> <image>). Thus the code to extract a file
+- * from an image must be put here.
+- *
+- * Returns 0 if the file was successfully retrieved from the image,
+- * or a negative value on error.
+- */
+- int (*extract_subimage)(void *, struct image_tool_params *);
+- /*
+- * Some image generation support for ex (default image type) supports
+- * more than one type_ids, this callback function is used to check
+- * whether input (-T <image_type>) is supported by registered image
+- * generation/list low level code
+- */
+- int (*check_image_type) (uint8_t);
+- /* This callback function will be executed if fflag is defined */
+- int (*fflag_handle) (struct image_tool_params *);
+- /*
+- * This callback function will be executed for variable size record
+- * It is expected to build this header in memory and return its length
+- * and a pointer to it by using image_type_params.header_size and
+- * image_type_params.hdr. The return value shall indicate if an
+- * additional padding should be used when copying the data image
+- * by returning the padding length.
+- */
+- int (*vrec_header) (struct image_tool_params *,
+- struct image_type_params *);
++ /* name is an identification tag string for added support */
++ char *name;
++ /*
++ * header size is local to the specific image type to be supported,
++ * mkimage core treats this as number of bytes
++ */
++ uint32_t header_size;
++ /* Image type header pointer */
++ void *hdr;
++ /*
++ * There are several arguments that are passed on the command line
++ * and are registered as flags in image_tool_params structure.
++ * This callback function can be used to check the passed arguments
++ * are in-lined with the image type to be supported
++ *
++ * Returns 1 if parameter check is successful
++ */
++ int (*check_params) (struct image_tool_params *);
++ /*
++ * This function is used by list command (i.e. mkimage -l <filename>)
++ * image type verification code must be put here
++ *
++ * Returns 0 if image header verification is successful
++ * otherwise, returns respective negative error codes
++ */
++ int (*verify_header) (unsigned char *, int, struct image_tool_params *);
++ /* Prints image information abstracting from image header */
++ void (*print_header) (const void *);
++ /*
++ * The header or image contents need to be set as per image type to
++ * be generated using this callback function.
++ * further output file post processing (for ex. checksum calculation,
++ * padding bytes etc..) can also be done in this callback function.
++ */
++ void (*set_header) (void *, struct stat *, int,
++ struct image_tool_params *);
++ /*
++ * This function is used by the command to retrieve a component
++ * (sub-image) from the image (i.e. dumpimage -p <position>
++ * -o <component-outfile> <image>). Thus the code to extract a file
++ * from an image must be put here.
++ *
++ * Returns 0 if the file was successfully retrieved from the image,
++ * or a negative value on error.
++ */
++ int (*extract_subimage)(void *, struct image_tool_params *);
++ /*
++ * Some image generation support for ex (default image type) supports
++ * more than one type_ids, this callback function is used to check
++ * whether input (-T <image_type>) is supported by registered image
++ * generation/list low level code
++ */
++ int (*check_image_type) (uint8_t);
++ /* This callback function will be executed if fflag is defined */
++ int (*fflag_handle) (struct image_tool_params *);
++ /*
++ * This callback function will be executed for variable size record
++ * It is expected to build this header in memory and return its length
++ * and a pointer to it by using image_type_params.header_size and
++ * image_type_params.hdr. The return value shall indicate if an
++ * additional padding should be used when copying the data image
++ * by returning the padding length.
++ */
++ int (*vrec_header) (struct image_tool_params *,
++ struct image_type_params *);
+ };
+
+ /**
+@@ -179,10 +183,10 @@ struct image_type_params *imagetool_get_type(int type);
+ * any of supported image types
+ */
+ int imagetool_verify_print_header(
+- void *ptr,
+- struct stat *sbuf,
+- struct image_type_params *tparams,
+- struct image_tool_params *params);
++ void *ptr,
++ struct stat *sbuf,
++ struct image_type_params *tparams,
++ struct image_tool_params *params);
+
+ /*
+ * imagetool_verify_print_header_by_type() - verifies the image header
+@@ -198,10 +202,10 @@ int imagetool_verify_print_header(
+ * the given image type
+ */
+ int imagetool_verify_print_header_by_type(
+- void *ptr,
+- struct stat *sbuf,
+- struct image_type_params *tparams,
+- struct image_tool_params *params);
++ void *ptr,
++ struct stat *sbuf,
++ struct image_type_params *tparams,
++ struct image_tool_params *params);
+
+ /**
+ * imagetool_save_subimage - store data into a file
+@@ -216,9 +220,9 @@ int imagetool_verify_print_header_by_type(
+ * zero in case of success or a negative value if fail.
+ */
+ int imagetool_save_subimage(
+- const char *file_name,
+- ulong file_data,
+- ulong file_len);
++ const char *file_name,
++ ulong file_data,
++ ulong file_len);
+
+ /**
+ * imagetool_get_filesize() - Utility function to obtain the size of a file
+@@ -226,8 +230,8 @@ int imagetool_save_subimage(
+ * This function prints a message if an error occurs, showing the error that
+ * was obtained.
+ *
+- * @params: mkimage parameters
+- * @fname: filename to check
++ * @params: mkimage parameters
++ * @fname: filename to check
+ * @return size of file, or -ve value on error
+ */
+ int imagetool_get_filesize(struct image_tool_params *params, const char *fname);
+@@ -240,13 +244,13 @@ int imagetool_get_filesize(struct image_tool_params *params, const char *fname);
+ * an error message if SOURCE_DATE_EPOCH contains an invalid value and returns
+ * 0.
+ *
+- * @cmdname: command name
+- * @fallback: timestamp to use if SOURCE_DATE_EPOCH isn't set
++ * @cmdname: command name
++ * @fallback: timestamp to use if SOURCE_DATE_EPOCH isn't set
+ * @return timestamp based on SOURCE_DATE_EPOCH
+ */
+ time_t imagetool_get_source_date(
+- const char *cmdname,
+- time_t fallback);
++ const char *cmdname,
++ time_t fallback);
+
+ /*
+ * There is a c file associated with supported image type low level code
+@@ -271,15 +275,15 @@ int rockchip_copy_image(int fd, struct image_tool_params *mparams);
+ #if defined(__MACH__)
+ #include <mach-o/getsect.h>
+
+-#define INIT_SECTION(name) do { \
+- unsigned long name ## _len; \
+- char *__cat(pstart_, name) = getsectdata("__DATA", \
+- #name, &__cat(name, _len)); \
+- char *__cat(pstop_, name) = __cat(pstart_, name) + \
+- __cat(name, _len); \
+- __cat(__start_, name) = (void *)__cat(pstart_, name); \
+- __cat(__stop_, name) = (void *)__cat(pstop_, name); \
+- } while (0)
++#define INIT_SECTION(name) do { \
++ unsigned long name ## _len; \
++ char *__cat(pstart_, name) = getsectdata("__DATA", \
++ #name, &__cat(name, _len)); \
++ char *__cat(pstop_, name) = __cat(pstart_, name) + \
++ __cat(name, _len); \
++ __cat(__start_, name) = (void *)__cat(pstart_, name); \
++ __cat(__stop_, name) = (void *)__cat(pstop_, name); \
++ } while (0)
+ #define SECTION(name) __attribute__((section("__DATA, " #name)))
+
+ struct image_type_params **__start_image_type, **__stop_image_type;
+@@ -294,41 +298,41 @@ extern struct image_type_params *__start_image_type[], *__stop_image_type[];
+
+ #if !defined(__used)
+ # if __GNUC__ == 3 && __GNUC_MINOR__ < 3
+-# define __used __attribute__((__unused__))
++# define __used __attribute__((__unused__))
+ # else
+-# define __used __attribute__((__used__))
++# define __used __attribute__((__used__))
+ # endif
+ #endif
+
+ #define U_BOOT_IMAGE_TYPE( \
+- _id, \
+- _name, \
+- _header_size, \
+- _header, \
+- _check_params, \
+- _verify_header, \
+- _print_header, \
+- _set_header, \
+- _extract_subimage, \
+- _check_image_type, \
+- _fflag_handle, \
+- _vrec_header \
+- ) \
+- static struct image_type_params __cat(image_type_, _id) = \
+- { \
+- .name = _name, \
+- .header_size = _header_size, \
+- .hdr = _header, \
+- .check_params = _check_params, \
+- .verify_header = _verify_header, \
+- .print_header = _print_header, \
+- .set_header = _set_header, \
+- .extract_subimage = _extract_subimage, \
+- .check_image_type = _check_image_type, \
+- .fflag_handle = _fflag_handle, \
+- .vrec_header = _vrec_header \
+- }; \
+- static struct image_type_params *SECTION(image_type) __used \
+- __cat(image_type_ptr_, _id) = &__cat(image_type_, _id)
++ _id, \
++ _name, \
++ _header_size, \
++ _header, \
++ _check_params, \
++ _verify_header, \
++ _print_header, \
++ _set_header, \
++ _extract_subimage, \
++ _check_image_type, \
++ _fflag_handle, \
++ _vrec_header \
++ ) \
++ static struct image_type_params __cat(image_type_, _id) = \
++ { \
++ .name = _name, \
++ .header_size = _header_size, \
++ .hdr = _header, \
++ .check_params = _check_params, \
++ .verify_header = _verify_header, \
++ .print_header = _print_header, \
++ .set_header = _set_header, \
++ .extract_subimage = _extract_subimage, \
++ .check_image_type = _check_image_type, \
++ .fflag_handle = _fflag_handle, \
++ .vrec_header = _vrec_header \
++ }; \
++ static struct image_type_params *SECTION(image_type) __used \
++ __cat(image_type_ptr_, _id) = &__cat(image_type_, _id)
+
+ #endif /* _IMAGETOOL_H_ */
+diff --git a/tools/mkimage.c b/tools/mkimage.c
+index 68d5206cb4..cd179394c5 100644
+--- a/tools/mkimage.c
++++ b/tools/mkimage.c
+@@ -105,14 +105,16 @@ static void usage(const char *msg)
+ " -B => align size in hex for FIT structure and header\n");
+ #ifdef CONFIG_FIT_SIGNATURE
+ fprintf(stderr,
+- "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
++ "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine] [-g Tier_pubkey] [-u OEM_pubkey]\n"
+ " -k => set directory containing private keys\n"
+ " -K => write public keys to this .dtb file\n"
+ " -c => add comment in signature node\n"
+ " -F => re-sign existing FIT image\n"
+ " -p => place external data at a static position\n"
+ " -r => mark keys used as 'required' in dtb\n"
+- " -N => openssl engine to use for signing\n");
++ " -N => openssl engine to use for signing\n"
++ " -g => indicate to handle TKC in OEM part\n"
++ " -u => indicate to handle TKC in Tier-1 part\n");
+ #else
+ fprintf(stderr,
+ "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
+@@ -151,7 +153,7 @@ static void process_args(int argc, char **argv)
+ int opt;
+
+ while ((opt = getopt(argc, argv,
+- "a:A:b:B:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qstT:vVx")) != -1) {
++ "a:A:b:B:c:C:d:D:e:Ef:Fk:g:i:K:ln:N:p:O:rR:qstT:u:vVx")) != -1) {
+ switch (opt) {
+ case 'a':
+ params.addr = strtoull(optarg, &ptr, 16);
+@@ -226,6 +228,10 @@ static void process_args(int argc, char **argv)
+ params.type = IH_TYPE_FLATDT;
+ params.fflag = 1;
+ break;
++ case 'g':
++ params.tkc_oem_flag = 1;
++ params.tkc_tier_pubkey_file = optarg;
++ break;
+ case 'i':
+ params.fit_ramdisk = optarg;
+ break;
+@@ -289,6 +295,10 @@ static void process_args(int argc, char **argv)
+ usage("Invalid image type");
+ }
+ break;
++ case 'u':
++ params.tkc_tier_flag = 1;
++ params.tkc_oem_pubkey_file = optarg;
++ break;
+ case 'v':
+ params.vflag++;
+ break;
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0008-tools-image-add-configurations-node-to-hashed-node.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0008-tools-image-add-configurations-node-to-hashed-node.patch
new file mode 100755
index 0000000..6010b32
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0008-tools-image-add-configurations-node-to-hashed-node.patch
@@ -0,0 +1,129 @@
+From 07619c610ff9389bf2ff72f1571ee5dcbc0fe397 Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Fri, 4 Jun 2021 18:23:10 +0800
+Subject: [PATCH 8/8] tools: image: add /configurations node to hashed-node
+
+For CVE-2020-10648, fix fit signature bypass problem.
+---
+ tools/image-host.c | 13 +++++++++----
+ tools/imagetool.h | 1 +
+ tools/mkimage.c | 23 +++++++++++++++++++++++
+ 3 files changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/tools/image-host.c b/tools/image-host.c
+index c2c9119c63..56424f6e01 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -787,7 +787,8 @@ err_path:
+ }
+
+ static int fit_config_get_hash_list(void *fit, int conf_noffset,
+- int sig_offset, struct strlist *node_inc)
++ int sig_offset, struct strlist *node_inc,
++ const struct image_tool_params *params)
+ {
+ int allow_missing;
+ const char *prop, *iname, *end;
+@@ -806,6 +807,7 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset,
+ strlist_init(node_inc);
+ snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, conf_name);
+ if (strlist_add(node_inc, "/") ||
++ (params->brom_flag && strlist_add(node_inc, FIT_CONFS_PATH)) ||
+ strlist_add(node_inc, name))
+ goto err_mem;
+
+@@ -863,7 +865,8 @@ err_mem:
+
+ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
+ struct image_region **regionp, int *region_countp,
+- char **region_propp, int *region_proplen)
++ char **region_propp, int *region_proplen,
++ const struct image_tool_params *params)
+ {
+ char * const exc_prop[] = {"data"};
+ struct strlist node_inc;
+@@ -880,7 +883,8 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
+ debug("%s: conf='%s', sig='%s'\n", __func__, conf_name, sig_name);
+
+ /* Get a list of nodes we want to hash */
+- ret = fit_config_get_hash_list(fit, conf_noffset, noffset, &node_inc);
++ ret = fit_config_get_hash_list(fit, conf_noffset, noffset, &node_inc,
++ params);
+ if (ret)
+ return ret;
+
+@@ -951,7 +955,8 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
+
+ node_name = fit_get_name(fit, noffset, NULL);
+ if (fit_config_get_data(fit, conf_noffset, noffset, ®ion,
+- ®ion_count, ®ion_prop, ®ion_proplen))
++ ®ion_count, ®ion_prop, ®ion_proplen,
++ params))
+ return -1;
+
+ if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset,
+diff --git a/tools/imagetool.h b/tools/imagetool.h
+index ff5427245e..e67b5e98c2 100644
+--- a/tools/imagetool.h
++++ b/tools/imagetool.h
+@@ -86,6 +86,7 @@ struct image_tool_params {
+ int tkc_tier_flag; /* Handle in Tier-1 part */
+ char *tkc_oem_pubkey_file; /* TKC: Tier-1 need the public key of OEM */
+ char *tkc_tier_pubkey_file; /* TKC: OEM need the public key of Tier-1 */
++ bool brom_flag; /* Generate FIT for bootrom parsing */
+ };
+
+ /*
+diff --git a/tools/mkimage.c b/tools/mkimage.c
+index cd179394c5..1ff5ca56a9 100644
+--- a/tools/mkimage.c
++++ b/tools/mkimage.c
+@@ -11,8 +11,12 @@
+ #include "mkimage.h"
+ #include "imximage.h"
+ #include <image.h>
++#include <libgen.h>
++#include <string.h>
+ #include <version.h>
+
++const char *brom_mkimage_basename = "brom-mkimage";
++
+ static void copy_file(int, const char *, int);
+
+ /* parameters initialized by core will be used by the image type code */
+@@ -152,6 +156,23 @@ static void process_args(int argc, char **argv)
+ char *datafile = NULL;
+ int opt;
+
++ /*
++ * If the base name of the program is "brom-mkimage", set brom_flag to
++ * indicate special handling is needed for the fit image
++ */
++ ptr = strdup(params.cmdname);
++ if (ptr) {
++ char *bname = basename(ptr);
++ if (strncmp(brom_mkimage_basename, bname, strlen(bname)) == 0)
++ params.brom_flag = true;
++ free(ptr);
++ ptr = NULL;
++ } else {
++ fprintf(stderr, "%s: not enough memory for strdup '%s'\n",
++ params.cmdname, params.cmdname);
++ exit(EXIT_FAILURE);
++ }
++
+ while ((opt = getopt(argc, argv,
+ "a:A:b:B:c:C:d:D:e:Ef:Fk:g:i:K:ln:N:p:O:rR:qstT:u:vVx")) != -1) {
+ switch (opt) {
+@@ -303,6 +324,8 @@ static void process_args(int argc, char **argv)
+ params.vflag++;
+ break;
+ case 'V':
++ if (params.brom_flag)
++ printf("Image tool for BL2 FIT construction\n");
+ printf("mkimage version %s\n", PLAIN_VERSION);
+ exit(EXIT_SUCCESS);
+ case 'x':
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0009-tools-image-add-images-node-to-hashed-nodes.patch b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0009-tools-image-add-images-node-to-hashed-nodes.patch
new file mode 100755
index 0000000..540c50e
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2021.04/0009-tools-image-add-images-node-to-hashed-nodes.patch
@@ -0,0 +1,31 @@
+From eb6460e9c6488028c25718bce6b34e393b0349b0 Mon Sep 17 00:00:00 2001
+From: Jimmy Huang <jimmy.huang@mediatek.com>
+Date: Thu, 10 Jun 2021 04:12:52 +0800
+Subject: [PATCH 9/9] tools: image: add /images node to hashed-nodes
+
+This patch adds '/images' node to hashed-nodes. It means the '/images'
+node is part of the data for signature generation. Thus adding malicious
+sub images to '/images' node become impossible.
+---
+ tools/image-host.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tools/image-host.c b/tools/image-host.c
+index 56424f6e01..66595bd254 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -807,8 +807,9 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset,
+ strlist_init(node_inc);
+ snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, conf_name);
+ if (strlist_add(node_inc, "/") ||
+- (params->brom_flag && strlist_add(node_inc, FIT_CONFS_PATH)) ||
+- strlist_add(node_inc, name))
++ (params->brom_flag && strlist_add(node_inc, FIT_CONFS_PATH)) ||
++ strlist_add(node_inc, name) ||
++ (params->brom_flag && strlist_add(node_inc, FIT_IMAGES_PATH)))
+ goto err_mem;
+
+ /* Get a list of images that we intend to sign */
+--
+2.18.0
+
diff --git a/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage_2021.04.bb b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage_2021.04.bb
new file mode 100755
index 0000000..325bb25
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage_2021.04.bb
@@ -0,0 +1,15 @@
+require u-boot-common_${PV}.inc
+require u-boot-mkimage-common.inc
+
+SRC_URI += "file://0001-libfdt-fix-fdt_find_regions-incorrectly-adding-paren.patch \
+ file://0002-rsa-add-rsa3072-crypto-algorithm.patch \
+ file://0003-rsa-add-pss-padding-scheme-support-for-Mediatek.patch \
+ file://0004-rsa-extend-bits-of-n0-inverse.patch \
+ file://0005-add-u-boot-support-hsm_sign_tool.patch \
+ file://0006-Add-secure-boot-ECC-support.patch \
+ file://0007-Support-trusted-key-certificate.patch \
+ file://0008-tools-image-add-configurations-node-to-hashed-node.patch \
+ file://0009-tools-image-add-images-node-to-hashed-nodes.patch \
+"
+
+RDEPENDS_${PN} += "dtc"
diff --git a/meta/meta-mediatek-gpl/recipes-devtools/datool/fbtool.bb b/meta/meta-mediatek-gpl/recipes-devtools/datool/fbtool.bb
old mode 100644
new mode 100755
index 655b3a6..394a86a
--- a/meta/meta-mediatek-gpl/recipes-devtools/datool/fbtool.bb
+++ b/meta/meta-mediatek-gpl/recipes-devtools/datool/fbtool.bb
@@ -15,7 +15,7 @@
do_deploy () {
install -d ${DEPLOYDIR}
install -m 0644 fbtool.py -t ${DEPLOYDIR}
- cp -af pyserial ${DEPLOYDIR}
+ cp -af serial ${DEPLOYDIR}
}
addtask deploy before do_build after do_compile
diff --git a/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman/0033-connman-fix-ipv6-tethering_for_2735.patch b/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman/0033-connman-fix-ipv6-tethering_V2.patch
old mode 100644
new mode 100755
similarity index 100%
rename from meta/meta-mediatek-ivt/recipes-connectivity/connman/connman/0033-connman-fix-ipv6-tethering_for_2735.patch
rename to meta/meta-mediatek-ivt/recipes-connectivity/connman/connman/0033-connman-fix-ipv6-tethering_V2.patch
diff --git a/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman_%.bbappend b/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman_%.bbappend
old mode 100644
new mode 100755
index 79cc984..61c5b78
--- a/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman_%.bbappend
+++ b/meta/meta-mediatek-ivt/recipes-connectivity/connman/connman_%.bbappend
@@ -31,8 +31,8 @@
file://0030-connman-fix-crash.patch \
file://0031-connman-change-message-type.patch \
file://0032-connman-fix-ipv6-tethering.patch \
- file://0033-connman-fix-ipv6-tethering_for_2735.patch \
- file://0034-connman-change-default-rule.patch \
+ file://0033-connman-fix-ipv6-tethering_V2.patch \
+ file://0034-connman-change-default-rule.patch \
"
EXTRA_OECONF += "\
diff --git a/meta/meta-mediatek-ivt/recipes-devtools/packer/packer_1.0.0.bb b/meta/meta-mediatek-ivt/recipes-devtools/packer/packer_1.0.0.bb
old mode 100644
new mode 100755
index 10028ee..123c389
--- a/meta/meta-mediatek-ivt/recipes-devtools/packer/packer_1.0.0.bb
+++ b/meta/meta-mediatek-ivt/recipes-devtools/packer/packer_1.0.0.bb
@@ -13,8 +13,4 @@
install -d ${D}${datadir}/packer
install -m 644 ${S}/${TARGET_PLATFORM}/mipack.py ${D}${datadir}/packer
install -m 644 ${S}/${TARGET_PLATFORM}/cryptoSB.py ${D}${datadir}/packer
- if [ "${TARGET_PLATFORM}" = "mt2735" ]; then
- install -m 644 ${S}/${TARGET_PLATFORM}/test_pkcs1_15_mytest.py ${D}${datadir}/packer
- install -m 644 ${S}/${TARGET_PLATFORM}/test_pkcs1_pss_mytest.py ${D}${datadir}/packer
- fi
}
diff --git a/meta/meta-mediatek-ivt/recipes-hsm/hsm/hsm-efuse_1.0.0.bb b/meta/meta-mediatek-ivt/recipes-hsm/hsm/hsm-efuse_1.0.0.bb
old mode 100644
new mode 100755
index 5c0272b..49d7779
--- a/meta/meta-mediatek-ivt/recipes-hsm/hsm/hsm-efuse_1.0.0.bb
+++ b/meta/meta-mediatek-ivt/recipes-hsm/hsm/hsm-efuse_1.0.0.bb
@@ -4,7 +4,7 @@
inherit workonsrc toolchain-arc
WORKONSRC = "${TOPDIR}/../src/bsp/hsm/private/efuse/${TARGET_PLATFORM}"
-EXTRA_OEMAKE = "ARC_GNU_PATH=STAGING_DIR_HOST}${prefix}"
+EXTRA_OEMAKE = "ARC_GNU_PATH=${STAGING_DIR_HOST}${prefix}"
FILES_${PN}-dev = "${includedir}"
FILES_${PN}-staticdev = "${libdir}/*.a"
@@ -17,22 +17,18 @@
if [ -d "${WORKONSRC}" ]; then
# install header
install -d ${D}/${includedir}
- install -m 644 include/efuse*.h ${D}/${includedir}
+ install -m 644 ${S}include/efuse*.h ${D}/${includedir}
# install lib
install -d ${D}/${libdir}
- install -m 644 efuse.a ${D}/${libdir}
+ install -m 644 ${S}efuse.a ${D}/${libdir}
else
# install header
install -d ${D}/${includedir}
- install -m 644 usr/include/efuse*.h ${D}/${includedir}
+ install -m 644 ${S}usr/include/efuse*.h ${D}/${includedir}
# install lib
install -d ${D}/${libdir}
- if [ "${TARGET_PLATFORM}" = "mt2731" ]; then
- install -m 644 usr/lib/efuse.a ${D}/${libdir}
- else
- install -m 644 usr/lib64/efuse.a ${D}/${libdir}
- fi
+ install -m 644 ${S}${libdir}/efuse.a ${D}/${libdir}
fi
}
diff --git a/meta/meta-mediatek-ivt/recipes-platform/platform-libs/platform-libs.bb b/meta/meta-mediatek-ivt/recipes-platform/platform-libs/platform-libs.bb
old mode 100644
new mode 100755
index 827b2cd..8182512
--- a/meta/meta-mediatek-ivt/recipes-platform/platform-libs/platform-libs.bb
+++ b/meta/meta-mediatek-ivt/recipes-platform/platform-libs/platform-libs.bb
@@ -2,7 +2,7 @@
inherit autotools systemd
-DEPENDS += "${@bb.utils.contains("TARGET_PLATFORM","mt2735", "openssl libnl platform-libs-header libuciwrapper platform-libs-common","openssl libnl platform-libs-header libsncfg platform-libs-common",d)}"
+DEPENDS += "openssl libnl platform-libs-header libuciwrapper platform-libs-common"
S = "${WORKDIR}/platform"
@@ -11,7 +11,7 @@
FILES_${PN} += "${systemd_unitdir}/system/netd.service ${bindir}"
CPPFLAGS += "-I${STAGING_INCDIR}/libnl3"
-LDFLAGS += "${@bb.utils.contains("TARGET_PLATFORM","mt2735", "-lnl-3 -lcrypto -luciwrapper -luci -lpthread -llog -lbase","-lnl-3 -lcrypto -lsncfg -lpthread -llog -lbase",d)}"
+LDFLAGS += "-lnl-3 -lcrypto -luciwrapper -luci -lpthread -llog -lbase"
FLAGS = "${@bb.utils.contains("KERNEL_ARCH","arm","-Wall -Wextra -Wunused -Werror=pointer-to-int-cast -Werror=int-to-pointer-cast -Werror=type-limits","-D__ARCH_WANT_SYSCALL_DEPRECATED -D__WORDSIZE='64' -Wall -Wextra -Wunused",d)}"
ARCH = "${@bb.utils.contains("KERNEL_ARCH","arm", "arch-arm","arch-arm64",d)}"
diff --git a/meta/meta-mediatek-ivt/recipes-yummy/audio_xml_parser/audio-xml-parser.bb b/meta/meta-mediatek-ivt/recipes-yummy/audio_xml_parser/audio-xml-parser.bb
old mode 100644
new mode 100755
index 075a1d7..7c330d1
--- a/meta/meta-mediatek-ivt/recipes-yummy/audio_xml_parser/audio-xml-parser.bb
+++ b/meta/meta-mediatek-ivt/recipes-yummy/audio_xml_parser/audio-xml-parser.bb
@@ -1,5 +1,5 @@
DESCRIPTION = "Audio Xml Parameter Parser"
-LICENSE = "MediaTekProprietary"
+LICENSE = "MediaTekProprietary & Apache-2.0 & MIT & GPL-2.0+"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e1696b147d49d491bcb4da1a57173fff"
DEPENDS = "libxml2 alsa-lib platform-libs"
INCLUDE_ADD = "-I${STAGING_DIR_HOST}/usr/include -I${STAGING_DIR_HOST}/usr/include/libxml2 -I${STAGING_DIR_HOST}/usr/include/logger"
diff --git a/meta/meta-mediatek-mt2735/classes/md-fitimage.bbclass b/meta/meta-mediatek-mt2735/classes/md-fitimage.bbclass
old mode 100644
new mode 100755
index 36ff321..1a48a6e
--- a/meta/meta-mediatek-mt2735/classes/md-fitimage.bbclass
+++ b/meta/meta-mediatek-mt2735/classes/md-fitimage.bbclass
@@ -63,7 +63,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- md1img@1 {
+ md1img_1 {
description = "LK based MD Image";
data = /incbin/("${1}");
type = "kernel";
@@ -72,7 +72,7 @@
compression = "none";
load = <${MD_LOADADDRESS}>;
entry = <${MD_ENTRYPOINT}>;
- hash@1 {
+ hash_1 {
algo = "${md_csum}";
};
};
@@ -94,11 +94,11 @@
conf_desc="${MTK_PROJECT} configuration"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
- kernel = "md1img@1";
- signature@1 {
+ kernel = "md1img_1";
+ signature_1 {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images = "kernel";
@@ -140,9 +140,9 @@
${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${WORKDIR}/${MD_IMAGE}
if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then
- mkdir -p ./mykeys
- cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt
- cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key
- ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${MD_IMAGE}
+ mkdir -p ${WORKDIR}/mykeys
+ cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ${WORKDIR}/mykeys/dev.crt
+ cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ${WORKDIR}/mykeys/dev.key
+ ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ${WORKDIR}/mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${MD_IMAGE}
fi
}
\ No newline at end of file
diff --git a/meta/meta-mediatek-mt2735/classes/mddsp-fitimage.bbclass b/meta/meta-mediatek-mt2735/classes/mddsp-fitimage.bbclass
old mode 100644
new mode 100755
index b1665de..593df1c
--- a/meta/meta-mediatek-mt2735/classes/mddsp-fitimage.bbclass
+++ b/meta/meta-mediatek-mt2735/classes/mddsp-fitimage.bbclass
@@ -63,7 +63,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- md1dsp@1 {
+ md1dsp_1 {
description = "LK based MD dsp Image";
data = /incbin/("${1}");
type = "kernel";
@@ -72,7 +72,7 @@
compression = "none";
load = <${MDDSP_LOADADDRESS}>;
entry = <${MDDSP_ENTRYPOINT}>;
- hash@1 {
+ hash_1 {
algo = "${md_csum}";
};
};
@@ -94,11 +94,11 @@
conf_desc="${MTK_PROJECT} configuration"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
- kernel = "md1dsp@1";
- signature@1 {
+ kernel = "md1dsp_1";
+ signature_1 {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images = "kernel";
@@ -139,9 +139,9 @@
${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${WORKDIR}/${MDDSP_IMAGE}
if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then
- mkdir -p ./mykeys
- cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt
- cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key
- ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${MDDSP_IMAGE}
+ mkdir -p ${WORKDIR}/mykeys
+ cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ${WORKDIR}/mykeys/dev.crt
+ cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ${WORKDIR}/mykeys/dev.key
+ ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ${WORKDIR}/mykeys -f ${WORKDIR}/fit-image.its -r ${WORKDIR}/${MDDSP_IMAGE}
fi
}
\ No newline at end of file
diff --git a/meta/meta-mediatek-mt2735/classes/mkmcf.bbclass b/meta/meta-mediatek-mt2735/classes/mkmcf.bbclass
new file mode 100755
index 0000000..915ae45
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/classes/mkmcf.bbclass
@@ -0,0 +1,61 @@
+IMAGE_FSTYPES_NO_WHITESPACE="$(echo "${IMAGE_FSTYPES}" | tr -d '[:space:]')"
+MCF_FS_PARTITION = "mcf_fs.ubi"
+
+DEPENDS += "mtd-utils-native coreutils-native"
+
+mk_mcf_image() {
+ if test -f ${DEPLOY_DIR_IMAGE}/MCF_OTA_FILES.tar.gz; then
+ cd ${WORKDIR}
+
+ # Create empty directory for MCF_OTA_1
+ rm -rf MCF_OTA_1
+ mkdir MCF_OTA_1
+
+ # Extract tar to MCF_OTA_2
+ rm -rf MCF_OTA_2
+ mkdir MCF_OTA_2
+ tar zxvf ${DEPLOY_DIR_IMAGE}/MCF_OTA_FILES.tar.gz -C MCF_OTA_2
+
+ if test "${IMAGE_FSTYPES_NO_WHITESPACE}" = "ubi" || test "${IMAGE_FSTYPES_NO_WHITESPACE}" = "squashfs"; then
+ echo \[ubifs\] > ubinize_mcf.cfg
+ echo mode=ubi >> ubinize_mcf.cfg
+ echo image=${MCF_FS_PARTITION} >> ubinize_mcf.cfg
+ echo vol_id=0 >> ubinize_mcf.cfg
+ echo vol_type=dynamic >> ubinize_mcf.cfg
+ echo vol_name=mcf >> ubinize_mcf.cfg
+ echo vol_flags=autoresize >> ubinize_mcf.cfg
+
+ # MCF_OTA_1
+ echo mkfs.ubifs -r MCF_OTA_1 ${MKUBIFS_MCF_ARGS} -o ${MCF_FS_PARTITION}
+ mkfs.ubifs -r MCF_OTA_1 ${MKUBIFS_MCF_ARGS} -o ${MCF_FS_PARTITION}
+
+ echo ubinize -o MCF_MOD_OTA.img ${UBINIZE_ARGS} ubinize_mcf.cfg
+ ubinize -o ${DEPLOY_DIR_IMAGE}/MCF_MOD_OTA.img ${UBINIZE_ARGS} ubinize_mcf.cfg
+
+ rm ${MCF_FS_PARTITION}
+
+ # MCF_OTA_2
+ echo mkfs.ubifs -r MCF_OTA_2 ${MKUBIFS_MCF_ARGS} -o ${MCF_FS_PARTITION}
+ mkfs.ubifs -r MCF_OTA_2 ${MKUBIFS_MCF_ARGS} -o ${MCF_FS_PARTITION}
+
+ echo ubinize -o MCF_OEM_OTA.img ${UBINIZE_ARGS} ubinize_mcf.cfg
+ ubinize -o ${DEPLOY_DIR_IMAGE}/MCF_OEM_OTA.img ${UBINIZE_ARGS} ubinize_mcf.cfg
+
+ elif test "${IMAGE_FSTYPES_NO_WHITESPACE}" = "ext4"; then
+ # MCF_OTA_1
+ dd if=/dev/zero of=${DEPLOY_DIR_IMAGE}/MCF_MOD_OTA.img seek=4096 count=0 bs=1k
+ mkfs.ext4 -F -i 4096 ${DEPLOY_DIR_IMAGE}/MCF_MOD_OTA.img -d MCF_OTA_1
+
+ # MCF_OTA_2
+ dd if=/dev/zero of=${DEPLOY_DIR_IMAGE}/MCF_OEM_OTA.img seek=4096 count=0 bs=1k
+ mkfs.ext4 -F -i 4096 ${DEPLOY_DIR_IMAGE}/MCF_OEM_OTA.img -d MCF_OTA_2
+ else
+ echo "This type of file system is not supported for MCF image: ${IMAGE_FSTYPES_NO_WHITESPACE}"
+ fi
+
+ cd -
+ fi
+}
+
+ROOTFS_POSTPROCESS_COMMAND += " mk_mcf_image;"
+
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-base.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-base.conf
old mode 100644
new mode 100755
index 2b8d222..ab6374b
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-base.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-base.conf
@@ -6,6 +6,7 @@
MTK_PROJECT = "mt2735evb-ivt-base"
TARGET_PLATFORM = "mt2735"
BUILD_TYPE = "eng"
+MT2735_LITE_CONFIG = "no"
LINUX_KERNEL = "linux-4.19.98"
KERNELDIR = "../kernel/linux/v4.19"
MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += "kernel-modules"
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-lite.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-lite.conf
old mode 100644
new mode 100755
index 88b0726..dc4efa8
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-lite.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-lite.conf
@@ -7,8 +7,15 @@
# Project
MTK_PROJECT = "mt2735evb-ivt-lite"
BUILD_TYPE = "user"
+MT2735_LITE_CONFIG = "yes"
AEE_SUPPORT = "no"
+# DRAM
+MEMORY_SIZE = "512"
+
+# TEE
+TEE_SUPPORT = "none"
+
# Modem
MODEM_PROJECT = "mt2735_ivt_nlwg_wide_temp_custom"
MODEM_DIR = "${MODEM_CUSTOM}/${MODEM_PROJECT}"
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-main-user.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-main-user.conf
old mode 100644
new mode 100755
index 96e0709..221b769
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-main-user.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-main-user.conf
@@ -4,24 +4,14 @@
require conf/machine/auto2735evb-ivt-base.conf
-
# Project
-MTK_PROJECT = "mt2735evb-ivt-main"
-# lynq
-YK_SRC = "${TOPDIR}/../src/lynq"
+MTK_PROJECT = "mt2735evb-ivt-main-user"
BUILD_TYPE = "user"
AEE_SUPPORT = "no"
# Modem
-
-MODEM_PROJECT = "MT2735_MP1_GA_NLWG_20210915"
-MODEM_INT = "${TOPDIR}/../prebuilt/modem/mt2735_internal"
-MODEM_CUSTOM = "${TOPDIR}/../prebuilt/modem/mt2735"
-MODEM_INT_EXIST = "${@ os.path.exists('${MODEM_INT}')}"
-MODEM_CUSTOM_EXIST = "${@ os.path.exists('${MODEM_CUSTOM}')}"
-MODEM_DIR = "${@'${MODEM_INT}/${MODEM_PROJECT}' if ${MODEM_INT_EXIST} == True else '${MODEM_CUSTOM}/${MODEM_PROJECT}'}"
-EXTRA_IMAGEDEPENDS += "${@'modem' if ${MODEM_INT_EXIST} == True or ${MODEM_CUSTOM_EXIST} == True else ''}"
-
+MODEM_PROJECT = "mt2735_ivt_nlwg_wide_temp_custom"
+MODEM_DIR = "${MODEM_CUSTOM}/${MODEM_PROJECT}"
# MIPC
MIPC_DIR = "${MIPC_REL}/${MODEM_PROJECT}"
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp1.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp1.conf
old mode 100644
new mode 100755
index 76847b4..30323a5
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp1.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp1.conf
@@ -7,15 +7,12 @@
# Project
MTK_PROJECT = "mt2735evb-ivt-vp1"
-# RGMII
-PHY_RGMII_INTERFACE = "yes"
-
-# SGMII
-PHY_SGMII_INTERFACE = "no"
-
# CPU Core
CORE_NUM = "2"
+# Modem
+MODEM_PROJECT = "mt2735_ivt_nlwg_wide_temp_b30rx"
+
# Secure Boot
SECURE_BOOT_ENABLE = "yes"
SECURE_BOOT_TYPE = "avb"
@@ -25,3 +22,7 @@
# A/B update
AB_OTA_PARTITIONS += "vbmeta"
+
+# SGMII
+SGMII_SNPS_INTERFACE = "no"
+SGMII_NETSYS_INTERFACE = "no"
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2-user.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2-user.conf
old mode 100644
new mode 100755
index 47f84c7..c25c531
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2-user.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2-user.conf
@@ -33,7 +33,7 @@
KERNEL_DEVICETREE = "mediatek/auto2735evb-ivt-emmc.dtb"
# Modem
-MODEM_PROJECT = "mt2735_ivt_nlwg_custom"
+MODEM_PROJECT = "mt2735_ivt_nlwg_wide_temp_custom"
MODEM_DIR = "${MODEM_CUSTOM}/${MODEM_PROJECT}"
# MIPC
@@ -45,3 +45,7 @@
BOARD_AVB_ENABLE = "true"
NATA_SERIAL_NUMBER = "MT-A479690DD302E82A"
+
+# SGMII
+SGMII_SNPS_INTERFACE = "yes"
+SGMII_NETSYS_INTERFACE = "yes"
diff --git a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2.conf b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2.conf
old mode 100644
new mode 100755
index babe8ed..78d346d
--- a/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2.conf
+++ b/meta/meta-mediatek-mt2735/conf/machine/auto2735evb-ivt-vp2.conf
@@ -30,9 +30,6 @@
# Kernel
KERNEL_DEVICETREE = "mediatek/auto2735evb-ivt-emmc.dtb"
-# Modem
-MODEM_PROJECT = "mt2735_ivt_nlwg"
-
# Secure Boot
SECURE_BOOT_ENABLE = "yes"
SECURE_BOOT_TYPE = "avb"
@@ -43,3 +40,7 @@
#LK_PROG_RPMB_KEY = "yes"
NATA_SERIAL_NUMBER = "MT-A479690DD302E82A"
+
+# SGMII
+SGMII_SNPS_INTERFACE = "yes"
+SGMII_NETSYS_INTERFACE = "yes"
diff --git a/meta/meta-mediatek-mt2735/recipes-bsp/lk/lk_2.0.0.bbappend b/meta/meta-mediatek-mt2735/recipes-bsp/lk/lk_2.0.0.bbappend
old mode 100644
new mode 100755
index 3963613..d095cbd
--- a/meta/meta-mediatek-mt2735/recipes-bsp/lk/lk_2.0.0.bbappend
+++ b/meta/meta-mediatek-mt2735/recipes-bsp/lk/lk_2.0.0.bbappend
@@ -6,6 +6,18 @@
DEPENDS += "packer-native"
do_compile () {
+ if [ "${MT2735_LITE_CONFIG}" = "yes" ]; then
+ # Set CCB buffer size to 0 on lite project
+ CCCI_FILE="${EXTERNALSRC}/platform/mt2735/drivers/md/ccci_lk_load_img_plat.c"
+ sed -i 's/define CCCI_SMEM_SIZE_CCB_DHL/define CCCI_SMEM_SIZE_CCB_DHL (0) \/\//g' ${CCCI_FILE}
+ sed -i 's/define CCCI_SMEM_SIZE_RAW_DHL/define CCCI_SMEM_SIZE_RAW_DHL (0) \/\//g' ${CCCI_FILE}
+
+ RAM_FILE="${EXTERNALSRC}/platform/mt2735/include/platform/ram_console_def.h"
+ sed -i 's/define RAM_CONSOLE_DRAM_SIZE/define RAM_CONSOLE_DRAM_SIZE (0) \/\//g' ${RAM_FILE}
+ sed -i 's/define MINIRDUMP_MEM_SIZE/define MINIRDUMP_MEM_SIZE (0) \/\//g' ${RAM_FILE}
+ sed -i 's/define LOG_STORE_MEM_SIZE/define LOG_STORE_MEM_SIZE (0) \/\//g' ${RAM_FILE}
+ fi
+
if [ "${DEFAULTTUNE}" = "aarch64" ]; then
oe_runmake ARCH_arm64_TOOLCHAIN_PREFIX=${TOOLCHAIN_PREFIX} \
NOECHO="" \
diff --git a/meta/meta-mediatek-mt2735/recipes-bsp/medmcu/medmcu.bb b/meta/meta-mediatek-mt2735/recipes-bsp/medmcu/medmcu.bb
old mode 100644
new mode 100755
index 26346c9..9979527
--- a/meta/meta-mediatek-mt2735/recipes-bsp/medmcu/medmcu.bb
+++ b/meta/meta-mediatek-mt2735/recipes-bsp/medmcu/medmcu.bb
@@ -16,20 +16,20 @@
do_compile[nostamp] = "1"
python __anonymous () {
- secure_boot_enable = d.getVar('SECURE_BOOT_ENABLE', True)
- if secure_boot_enable == 'yes':
- d.setVar("MEDMCU_BINARY_SELECT", '${MEDMCU_BINARY}')
- else:
- d.setVar("MEDMCU_BINARY_SELECT", '${MEDMCU_BINARY}')
+ secure_boot_enable = d.getVar('SECURE_BOOT_ENABLE', True)
+ if secure_boot_enable == 'yes':
+ d.setVar("MEDMCU_BINARY_SELECT", '${MEDMCU_BINARY}')
+ else:
+ d.setVar("MEDMCU_BINARY_SELECT", '${MEDMCU_BINARY}')
}
do_compile () {
- mkdir -p ${MEDMCU_OUT}
- cp ${MEDMCU_PREBUILT}/${MEDMCU_BINARY} ${MEDMCU_OUT}/${MEDMCU_BINARY}
+ mkdir -p ${MEDMCU_OUT}
+ cp ${MEDMCU_PREBUILT}/${MEDMCU_BINARY} ${MEDMCU_OUT}/${MEDMCU_BINARY}
}
do_deploy () {
- install -d ${DEPLOYDIR}
+ install -d ${DEPLOYDIR}
install ${MEDMCU_OUT}/${MEDMCU_BINARY} ${DEPLOYDIR}/${MEDMCU_BINARY}
}
diff --git a/meta/meta-mediatek-mt2735/recipes-bsp/uboot/u-boot-mkimage_2021.04.bbappend b/meta/meta-mediatek-mt2735/recipes-bsp/uboot/u-boot-mkimage_2021.04.bbappend
new file mode 100755
index 0000000..4fc0f7e
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-bsp/uboot/u-boot-mkimage_2021.04.bbappend
@@ -0,0 +1,3 @@
+do_install_append() {
+ ln -sf uboot-mkimage ${D}${bindir}/brom-mkimage
+}
diff --git a/meta/meta-mediatek-mt2735/recipes-connectivity/agps/agps_2.0.0.bb b/meta/meta-mediatek-mt2735/recipes-connectivity/agps/agps_2.0.0.bb
old mode 100644
new mode 100755
index efbe992..15aefdf
--- a/meta/meta-mediatek-mt2735/recipes-connectivity/agps/agps_2.0.0.bb
+++ b/meta/meta-mediatek-mt2735/recipes-connectivity/agps/agps_2.0.0.bb
@@ -22,7 +22,7 @@
FILES_${PN} += "${bindir}/mtk_agpsd"
FILES_${PN} += "${datadir}/agps/agps_profiles_conf2.xml"
FILES_${PN} += "/data/agps_supl/"
-FILES_${PN} += "/system/etc/security/"
+FILES_${PN} += "/system/etc/security/cacerts"
do_compile() {
if [ -d "${WORKONSRC}" ]; then
@@ -38,14 +38,13 @@
install -d ${D}/system
install -d ${D}/system/etc
install -d ${D}/system/etc/security
+ install -d ${D}/system/etc/security/cacerts
if [ -d "${WORKONSRC}" ]; then
install -m 0755 ${B}mtk_agpsd ${D}${bindir}
- install -m 0664 ${WORKDIR}/agps_profiles_conf2.xml ${D}${datadir}/agps
- install -m 0644 ${WORKDIR}/cacerts/* ${D}/system/etc/security
else
install -m 0755 ${S}usr/bin/mtk_agpsd ${D}${bindir}
- install -m 0664 ${S}usr/share/agps/agps_profiles_conf2.xml ${D}${datadir}/agps
- install -m 0644 ${S}system/etc/security/* ${D}/system/etc/security
fi
+ install -m 0664 ${WORKDIR}/agps_profiles_conf2.xml ${D}${datadir}/agps
+ install -m 0644 ${WORKDIR}/cacerts/* ${D}/system/etc/security/cacerts
}
\ No newline at end of file
diff --git a/meta/meta-mediatek-mt2735/recipes-core/images/mtk-image-2735.bb b/meta/meta-mediatek-mt2735/recipes-core/images/mtk-image-2735.bb
old mode 100644
new mode 100755
index 9493e5c..c445c43
--- a/meta/meta-mediatek-mt2735/recipes-core/images/mtk-image-2735.bb
+++ b/meta/meta-mediatek-mt2735/recipes-core/images/mtk-image-2735.bb
@@ -23,6 +23,7 @@
inherit avb_sign_image
inherit make_ota_full-package
inherit mknvram
+inherit mkmcf
EXTRA_IMAGECMD_ext4 := "-i 4096 -b 4096"
@@ -59,7 +60,7 @@
mtk-alsa-ucm \
pulseaudio-server \
pulseaudio-misc \
- android-tools \
+ adbd \
bash \
ubus \
uci \
@@ -80,13 +81,14 @@
python3-cffi \
tel-demo \
libvendor-ril \
- tele-fwk \
- mtkfusionrild \
+ ${@bb.utils.contains("MT2735_LITE_CONFIG", "yes", "", "tele-fwk", d)} \
+ ${@bb.utils.contains("MT2735_LITE_CONFIG", "yes", "", "mtkfusionrild", d)} \
multi-user-test \
meta \
mdlogger \
thermal-core \
hw-nat \
+ mii-mgr \
iproute2 \
iproute2-tc \
linuxptp \
@@ -103,8 +105,6 @@
${@bb.utils.contains("BOOTDEV_TYPE", "nand", "mtd-utils-ubifs", "", d)} \
${@bb.utils.contains("AUTOTEST_ENABLE", "1", "property", "", d)} \
e2fsprogs \
- met-driver \
- ${@'met-driver-internal' if os.path.exists('${TOPDIR}/../src/devtools/met_drv_secure_v2') else ''} \
dtbo \
${@'md-db' if ${MODEM_INT_EXIST} == True or ${MODEM_CUSTOM_EXIST} == True else ''} \
${@bb.utils.contains("MTK_GNSS_CHIP_TYPE", "MT6635", "mt66xx-conninfra-drv", "", d)} \
@@ -126,10 +126,8 @@
${@bb.utils.contains("TEE_SUPPORT", "optee", "optee-example", "", d)} \
${@bb.utils.contains("TEE_SUPPORT", "optee", "optee-services", "", d)} \
lsb \
-"
-
-IMAGE_INSTALL_remove = " \
- ${@bb.utils.contains("MTK_MET_SUPPORT", "yes", "", "met-driver met-driver-internal", d)} \
+ libtrm \
+ mcf-cmd \
"
do_populate_sdk_prepend() {
@@ -164,6 +162,10 @@
addtask make_otafull_package after do_squashfs_gen_image before do_build
gen_feature_property() {
+ if [ ! -d "${IMAGE_ROOTFS}/vendor" ]; then
+ mkdir ${IMAGE_ROOTFS}/vendor
+ fi
+
echo "" >> ${VENDOR_PROP_FILE}
echo "###### FO <=> property mapping start ######" >> ${VENDOR_PROP_FILE}
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/emdlogger1.service b/meta/meta-mediatek-mt2735/recipes-core/initial/files/emdlogger1.service
old mode 100644
new mode 100755
index 1c53969..23d8a76
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/files/emdlogger1.service
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/emdlogger1.service
@@ -1,7 +1,7 @@
[Unit]
Description=emdlogger1 Daemon
-Requires=android-tools-adbd.service ccci_fsd.service ccci_mdinit.service
-After=android-tools-adbd.service ccci_fsd.service ccci_mdinit.service
+Requires=init_usb.service ccci_fsd.service ccci_mdinit.service
+After=init_usb.service ccci_fsd.service ccci_mdinit.service
[Service]
Type=simple
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount
old mode 100644
new mode 100755
index 6b22a47..b88034c
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount
@@ -96,6 +96,7 @@
# mount nvram and link it
mnt_folder nvdata $NVDATA_PATH
mkdir -p /data/nvram
+[ ! -f "/mnt/vendor/nvram/raw" ] && /bin/dd if=/dev/zero of=/mnt/vendor/nvram/raw bs=1024 count=16384
mnt_folder protect_a $PROTECT1_PATH
mnt_folder protect_b $PROTECT2_PATH
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount_nand b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount_nand
old mode 100644
new mode 100755
index 2f21111..ccbf483
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount_nand
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_mount_nand
@@ -127,6 +127,8 @@
mnt_folder nvdata $NVDATA_PATH
mkdir -p /data/nvram
+ [ ! -f "/mnt/vendor/nvram/raw" ] && /bin/dd if=/dev/zero of=/mnt/vendor/nvram/raw bs=1024 count=16384
+
mnt_folder protect_a $PROTECT1_PATH
mnt_folder protect_b $PROTECT2_PATH
}
@@ -163,6 +165,10 @@
ln -s ../../mtd17 md1img_b
ln -s ../../mtd18 md1dsp_a
ln -s ../../mtd19 md1dsp_b
+ ln -s ../../mtd20 mcf1_a
+ ln -s ../../mtd21 mcf1_b
+ ln -s ../../mtd22 mcf2_a
+ ln -s ../../mtd23 mcf2_b
ln -s ../../mtd24 misc
ln -s ../../mtd25 tee_a
ln -s ../../mtd26 tee_b
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb
new file mode 100755
index 0000000..8c2463e
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb
@@ -0,0 +1,99 @@
+#!/bin/busybox sh
+
+if [ "$1" == "pre" ]; then
+ echo "=== Initial: USB Configuration Start ===" > /dev/kmsg
+
+ if [ -e "/dev/usb-ffs" ] ; then
+ echo "=== Bypass Pre Configuration ===" > /dev/kmsg
+ else # first boot
+ mkdir -p /dev/usb-ffs
+ mkdir -p /dev/usb-ffs/adb
+ mount none /sys/kernel/config -t configfs
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/ffs.adb
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/rndis.gs4
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/ncm.f0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/ecm.f0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/eem.f0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/mass_storage.usb0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/acm.gs0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/acm.gs1
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/acm.gs2
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/acm.gs3
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/via_modem.gs0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/via_ets.gs0
+ mkdir -p /sys/kernel/config/usb_gadget/g1/functions/via_atc.gs0
+ mount adb /dev/usb-ffs/adb -t functionfs -o uid=2000,gid=2000
+ fi
+
+elif [ "$1" == "post" ];then
+
+ echo "=== Initial: USB Configuration post Start ===" > /dev/kmsg
+
+ while [[ ! "$( findmnt -M /etc/config)" ]]; do
+ echo "=== Initial: USB Configuration Wait config dir mounted ===" > /dev/kmsg
+ sleep 2
+ done
+
+ echo 0x0e8d > /sys/kernel/config/usb_gadget/g1/idVendor
+ echo 0x0223 > /sys/kernel/config/usb_gadget/g1/bcdDevice
+ echo 0x0200 > /sys/kernel/config/usb_gadget/g1/bcdUSB
+ mkdir -p /sys/kernel/config/usb_gadget/g1/strings/0x409
+
+ if [ "$(cat /sys/kernel/config/usb_gadget/g1/strings/0x409/serialnumber)" == "" ]; then
+ if [[ "$(cat /etc/hostname)" == "auto2735evb-ivt-vp1" || "$(cat /etc/hostname)" == "auto2735evb-ivt-vp2" ]]; then
+ echo "MT-96533493F01B518C" > /sys/kernel/config/usb_gadget/g1/strings/0x409/serialnumber
+ else
+ echo 0123456789ABCDEF > /sys/kernel/config/usb_gadget/g1/strings/0x409/serialnumber
+ fi
+ else
+ echo "=== usb serial number exist, keep it ===" > /dev/kmsg
+ fi
+
+ echo MediaTek > /sys/kernel/config/usb_gadget/g1/strings/0x409/manufacturer
+ echo auto2735-ivt > /sys/kernel/config/usb_gadget/g1/strings/0x409/product
+
+ mkdir -p /sys/kernel/config/usb_gadget/g1/configs/b.1
+ mkdir -p /sys/kernel/config/usb_gadget/g1/configs/b.1/strings/0x409
+ echo 500 > /sys/kernel/config/usb_gadget/g1/configs/b.1/MaxPower
+
+ if [ -n "$(cat /proc/boot_mode | grep META)" ] ; then # META mode: META_BOOT_SKIP_PRELOADER
+
+ # ADB + CDC-ACM*2 (META mode)
+ #setprop sys.usb.config adb,meta,elt
+ #################### START ####################
+ sleep 1
+ echo meta_elt_adb > /sys/kernel/config/usb_gadget/g1/configs/b.1/strings/0x409/configuration
+ echo 0x2040 > /sys/kernel/config/usb_gadget/g1/idProduct
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/mass_storage.usb0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f1
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ffs.adb /sys/kernel/config/usb_gadget/g1/configs/b.1/f2
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f3
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs3 /sys/kernel/config/usb_gadget/g1/configs/b.1/f4
+ echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
+ #################### END ####################
+ sleep 1
+ echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
+
+ else # Normal mode
+
+ # ADB + CDC-ACM*3 (normal mode)
+ #setprop sys.usb.config adb,acm
+ #################### START ####################
+ sleep 1
+ echo gs1gs3_dual_acm > /sys/kernel/config/usb_gadget/g1/configs/b.1/strings/0x409/configuration
+ echo 0x202f > /sys/kernel/config/usb_gadget/g1/idProduct
+ echo 1 > /sys/devices/platform/soc/mt_usb/saving
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ffs.adb /sys/kernel/config/usb_gadget/g1/configs/b.1/f1
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f2
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs1 /sys/kernel/config/usb_gadget/g1/configs/b.1/f3
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs3 /sys/kernel/config/usb_gadget/g1/configs/b.1/f4
+ #################### END ####################
+ sleep 1
+ echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
+ fi
+
+ if [ -e "/proc/bootprof" ] ; then
+ echo usb_active > /proc/bootprof
+ fi
+
+ echo "=== Initial: USB Configuration End ===" > /dev/kmsg
+fi
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb.service b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb.service
new file mode 100755
index 0000000..f9dad60
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/init_usb.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=UBS Init
+DefaultDependencies=no
+Requires=init_mount.service
+After=init_mount.service
+
+[Service]
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/data/usr/sbin:/data/usr/bin
+Type=simple
+Restart=always
+ExecStartPre=/bin/sh /usr/share/init/init_usb pre
+ExecStart=/usr/bin/adbd
+ExecStartPost=/bin/sh /usr/share/init/init_usb post
+StandardOutput=null
+
+[Install]
+WantedBy=basic.target
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/meta_tst.service b/meta/meta-mediatek-mt2735/recipes-core/initial/files/meta_tst.service
old mode 100644
new mode 100755
index 39126d9..ec91601
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/files/meta_tst.service
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/meta_tst.service
@@ -1,7 +1,7 @@
[Unit]
Description=META TST Script
-Requires=android-tools-adbd.service ccci_fsd.service ccci_mdinit.service
-After=android-tools-adbd.service ccci_fsd.service ccci_mdinit.service
+Requires=init_usb.service ccci_fsd.service ccci_mdinit.service
+After=init_usb.service ccci_fsd.service ccci_mdinit.service
[Service]
Type=oneshot
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.rules b/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.rules
new file mode 100755
index 0000000..dd34b9c
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.rules
@@ -0,0 +1 @@
+SUBSYSTEM=="net", ACTION=="add" RUN+="/usr/share/init/smp.sh"
\ No newline at end of file
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.sh b/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.sh
new file mode 100755
index 0000000..fc7da74
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/smp.sh
@@ -0,0 +1,461 @@
+#!/bin/sh
+
+OPTIMIZED_FOR="$1"
+CPU_LIST=`cat /proc/interrupts | sed -n '1p'`
+NUM_OF_CPU=0; for i in $CPU_LIST; do NUM_OF_CPU=`expr $NUM_OF_CPU + 1`; done;
+DEFAULT_RPS=0
+
+# $1: CPU#
+# $2: irq list for added.
+CPU_AFFINITY_ADD()
+{
+ eval oval=\$CPU${1}_AFFINITY
+ eval CPU${1}_AFFINITY=\"\$CPU${1}_AFFINITY $2\"
+}
+
+# $1: CPU#
+# $2: Interface name for added.
+CPU_RPS_ADD()
+{
+ eval oval=\$CPU${1}_RPS
+ eval CPU${1}_RPS=\"\$CPU${1}_RPS $2\"
+ dbg2 "CPU${1}_RPS=\"\$CPU${1}_RPS $2\""
+}
+
+MT6890_CPE()
+{
+ num_of_wifi=$1
+ storage=$2
+ DEFAULT_RPS=0
+
+ #Physical IRQ# setting
+ eth_tx=426
+ eth_rx=434
+ eth_e0rx0=422
+ eth_e1rx0=424
+ CCIF_AP_DATA=226
+ MMC=131
+ wifi1_irq=438
+ wifi2_irq=439
+ MBOX_ISR=454
+ usb_11201000=128
+ DPMAIF_AP=241
+
+
+ # Please update the CPU binding in each cases.
+ # CPU#_AFFINITY="add binding irq number here"
+ # CPU#_RPS="add binding interface name here"
+ dbg "[MT6890_CPE]"
+ if [ "$num_of_wifi" = "0" ]; then
+ CPU0_AFFINITY="$MMC $usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx"
+ CPU2_AFFINITY="$eth_tx $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$ethif1 $ethif2"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2"
+ CPU3_RPS="$ethif1 $ethif2"
+ elif [ "$num_of_wifi" = "1" ]; then
+ CPU0_AFFINITY="$MMC $usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx"
+ CPU2_AFFINITY="$wifi1_irq $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $eth_tx $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$ethif1 $ethif2"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $wifi1"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2"
+ CPU3_RPS="$wifi1"
+ elif [ "$num_of_wifi" = "2" ]; then
+ CPU0_AFFINITY="$MMC $usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx $wifi1_irq"
+ CPU2_AFFINITY="$wifi2_irq $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $eth_tx $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$ethif1 $ethif2 $wifi2"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2 $wifi1"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2 $wifi2"
+ CPU3_RPS="$ethif1 $ethif2 $wifi1"
+ elif [ "$num_of_wifi" = "3" ]; then
+ CPU0_AFFINITY="$MMC $usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx"
+ CPU2_AFFINITY="$wifi1_irq $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $eth_tx $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$ethif1 $ethif2 $wifi1 $wifi1_apcli0"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $wifi1 $wifi2 $wifi3 $wifi1_apcli0 $wifi2_apcli0 $wifi3_apcli0"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $ethif1 $ethif2 $wifi2 $wifi2_apcli0"
+ CPU3_RPS="$ethif1 $ethif2 $wifi3 $wifi3_apcli0"
+ else
+ dbg "MT6890_CPE with $NUM_OF_WIFI Wi-Fi bands is not support"
+ fi
+}
+
+
+MT6890_MIFI()
+{
+ num_of_wifi=$1
+ storage=$2
+ DEFAULT_RPS=0
+
+ #Physical IRQ# setting
+ eth_tx=426
+ eth_rx=434
+ eth_e0rx0=422
+ eth_e1rx0=424
+ CCIF_AP_DATA=226
+ MMC=131
+ wifi1_irq=438
+ MBOX_ISR=454
+ usb_11201000=128
+ DPMAIF_AP=241
+
+
+ # Please update the CPU binding in each cases.
+ # CPU#_AFFINITY="add binding irq number here"
+ # CPU#_RPS="add binding interface name here"
+ dbg "[MT6890_MIFI]"
+ if [ "$num_of_wifi" = "0" ]; then
+ CPU0_AFFINITY="$usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx"
+ CPU2_AFFINITY="$MMC $eth_tx $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $MBOX_ISR $eth_e1rx0"
+
+ elif [ "$num_of_wifi" = "1" ]; then
+ CPU0_AFFINITY="$usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$MMC $eth_rx"
+ CPU2_AFFINITY="$wifi1_irq $eth_e0rx0"
+ CPU3_AFFINITY="$CCIF_AP_DATA $MBOX_ISR $eth_tx $eth_e1rx0"
+
+ CPU0_RPS="$wifi1"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $wifi1"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $wifi1"
+ CPU3_RPS="$wifi1"
+ elif [ "$num_of_wifi" = "2" ]; then
+ CPU0_AFFINITY="$usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx $MMC"
+ CPU2_AFFINITY="$wifi1_irq $eth_e0rx0"
+ CPU3_AFFINITY="$eth_tx $CCIF_AP_DATA $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$wifi1"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $wifi2"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $wifi1"
+ CPU3_RPS="$wifi2"
+ elif [ "$num_of_wifi" = "3" ]; then
+ CPU0_AFFINITY="$usb_11201000 $DPMAIF_AP"
+ CPU1_AFFINITY="$eth_rx $MMC"
+ CPU2_AFFINITY="$wifi1_irq $eth_e0rx0"
+ CPU3_AFFINITY="$eth_tx $CCIF_AP_DATA $MBOX_ISR $eth_e1rx0"
+
+ CPU0_RPS="$wifi1 $wifi1_apcli0"
+ CPU1_RPS="ccmni0 ccmni1 rndis0 $wifi1 $wifi2 $wifi3 $wifi1_apcli0 $wifi2_apcli0 $wifi3_apcli0"
+ CPU2_RPS="ccmni0 ccmni1 rndis0 $wifi2 $wifi2_apcli0"
+ CPU3_RPS="$wifi3 $wifi3_apcli0"
+ else
+ dbg "MT6890_MIFI with $NUM_OF_WIFI Wi-Fi bands is not support"
+ fi
+}
+
+
+# $1: The prefix of vifs
+# $2: The number of vifs
+gen_vifs_to_rps_if()
+{
+ if [ $# -lt 2 ]; then
+ dbg "gen_vifs_to_rps_if requires 2 parameters"
+ return
+ fi
+
+ vif=$1
+ total=$2
+ #dbg "gen_vifs_to_rps_if $vif $total"
+ i=0
+ while [ "$i" -lt "$total" ]; do
+ eval prefix=\$$vif
+ eval $vif$i=$prefix$i
+
+ RPS_IF_LIST="$RPS_IF_LIST $prefix$i"
+
+ dbg2 "\$$vif$i=$prefix$i"
+
+ i=`expr $i + 1`
+ done
+}
+
+get_eth_if_name()
+{
+ ethif1="eth0"
+ ethif2="eth1"
+ dbg2 "# Ethernet interface list"
+ dbg2 "\$ethif1=$ethif1\n\$ethif2=$ethif2"
+ RPS_IF_LIST="$RPS_IF_LIST $ethif1 $ethif2"
+}
+
+# Try to get Wi-Fi interface name from l1profile
+get_wifi_if_name()
+{
+ l1dat_exist=`l1dat 2>/dev/null`
+ if [ -z "$l1dat_exist" ]; then
+ dbg "Layer 1 profile does not exist."
+ dbg "Please check l1dat "
+
+ wifi1="ra0"
+ wifi1_prefix="ra"
+ wifi1_apcli="apcli"
+ wifi1_wds="wds"
+ wifi1_mesh="mesh"
+ wifi2="rai0"
+ wifi2_prefix="rai"
+ wifi2_apcli="apclii"
+ wifi2_wds="wdsi"
+ wifi2_mesh="meshi"
+ wifi3="rae0"
+ wifi3_prefix="rae"
+ wifi3_apcli="apclie"
+ wifi3_wds="wdse"
+ wifi3_mesh="meshe"
+
+ else
+ #wifi_if1s=`l1dat idx2if 1`
+ #wifi_if2s=`l1dat idx2if 2`
+ #wifi_if3s=`l1dat idx2if 3`
+ wifi_if1s=`l1dat zone2if dev1`
+ wifi_if2s=`l1dat zone2if dev2`
+ wifi_if3s=`l1dat zone2if dev3`
+
+ wifi1=`echo $wifi_if1s | awk '{print $1}'`
+ wifi1_prefix=`echo $wifi_if1s | awk '{print $2}'`
+ wifi1_apcli=`echo $wifi_if1s | awk '{print $3}'`
+ wifi1_wds=`echo $wifi_if1s | awk '{print $4}'`
+ wifi1_mesh=`echo $wifi_if1s | awk '{print $5}'`
+
+ wifi2=`echo $wifi_if2s | awk '{print $1}'`
+ wifi2_prefix=`echo $wifi_if2s | awk '{print $2}'`
+ wifi2_apcli=`echo $wifi_if2s | awk '{print $3}'`
+ wifi2_wds=`echo $wifi_if2s | awk '{print $4}'`
+ wifi2_mesh=`echo $wifi_if2s | awk '{print $5}'`
+
+ wifi3=`echo $wifi_if3s | awk '{print $1}'`
+ wifi3_prefix=`echo $wifi_if3s | awk '{print $2}'`
+ wifi3_apcli=`echo $wifi_if3s | awk '{print $3}'`
+ wifi3_wds=`echo $wifi_if3s | awk '{print $4}'`
+ wifi3_mesh=`echo $wifi_if3s | awk '{print $5}'`
+
+ # idx = 0 : not a DBDC interface
+ # idx = 1 : main(physical) interface of 1st Wi-Fi band
+ # idx > 1 : virtual interface of other Wi-Fi band
+ # idx = "": Wi-Fi interface does not exist in l1profile
+ wifi1_dbdc_idx=`l1dat if2dbdcidx $wifi1`
+ wifi2_dbdc_idx=`l1dat if2dbdcidx $wifi2`
+ wifi3_dbdc_idx=`l1dat if2dbdcidx $wifi3`
+ fi
+
+ dbg2 "# Wi-Fi interface list"
+ dbg2 "\$wifi1=$wifi1"
+ dbg2 "\$wifi2=$wifi2"
+ dbg2 "\$wifi3=$wifi3"
+
+ RPS_IF_LIST="$RPS_IF_LIST $wifi1 $wifi2 $wifi3 ccmni0 ccmni1 rndis0"
+
+ gen_vifs_to_rps_if "wifi1_apcli" 1
+ gen_vifs_to_rps_if "wifi2_apcli" 1
+ gen_vifs_to_rps_if "wifi3_apcli" 1
+ gen_vifs_to_rps_if "wifi1_mesh" 1
+ gen_vifs_to_rps_if "wifi2_mesh" 1
+ gen_vifs_to_rps_if "wifi3_mesh" 1
+ gen_vifs_to_rps_if "wifi1_wds" 4
+ gen_vifs_to_rps_if "wifi2_wds" 4
+ gen_vifs_to_rps_if "wifi3_wds" 4
+
+ scan_wifi_num
+}
+
+scan_wifi_num()
+{
+ NUM_OF_WIFI=0
+ if [ -n $wifi1 -a -d "/sys/class/net/$wifi1" ]; then
+ NUM_OF_WIFI=`expr $NUM_OF_WIFI + 1`
+ fi
+
+ if [ -n $wifi2 -a -d "/sys/class/net/$wifi2" ];then
+ NUM_OF_WIFI=`expr $NUM_OF_WIFI + 1`
+ fi
+
+ if [ -n $wifi3 -a -d "/sys/class/net/$wifi3" ];then
+ NUM_OF_WIFI=`expr $NUM_OF_WIFI + 1`
+ fi
+
+ dbg "# NUM_OF_WIFI=$NUM_OF_WIFI band(s)"
+}
+
+get_wifi_num()
+{
+ echo $NUM_OF_WIFI
+}
+
+# $1: module name
+# return value
+# 1: if the module named $1 is built-in or inserted.
+# 0: if the module exists but has not been inserted.
+# -1: if the module does not exist.
+module_exist()
+{
+ mpath="/lib/modules/`uname -r`"
+ retval=-1
+
+ mod_in_lib=`find $mpath -name "$1".ko > /dev/null 2>&1`
+ #echo "find $mpath -name "$1".ko" > /dev/console
+ if [ ! -z $mod_in_lib ]; then
+ retval=0
+ fi
+
+ # TODO find out a way in OpenWRT
+ mod_builtin=`grep $1 $mpath/modules.builtin 2>/dev/null`
+ if [ ! -z "$mod_builtin" ]; then
+ retval=1
+ fi
+
+ mod_inserted=`lsmod | grep $1 2>/dev/null`
+ if [ ! -z "$mod_inserted" ]; then
+ retval=1
+ fi
+
+ echo $retval
+}
+
+setup_model()
+{
+ num_of_wifi=$(get_wifi_num)
+
+ if [ "$NUM_OF_CPU" = "4" ]; then
+ if [ -e "/etc/wireless/mediatek/DBDC_card0.dat" ]; then
+ dbg "setup_model:MT6890_MIFI wifi#=$num_of_wifi"
+ MT6890_MIFI $num_of_wifi
+ else
+ dbg "setup_model:MT6890_CPE wifi#=$num_of_wifi"
+ MT6890_CPE $num_of_wifi
+ fi
+ fi
+}
+
+get_virtual_irq()
+{
+ PHY_POS=`expr $NUM_OF_CPU + 3` #physical irq # position in /proc/interrups may vary with the number of CPU up
+ target_phy_irq=$1
+ cat /proc/interrupts | sed 's/:/ /g'| awk '$1 ~ /^[0-9]+$/' | while read line
+ do
+ set -- $line
+ phy_irq=$(eval "echo \$$PHY_POS")
+ if [ $phy_irq == $target_phy_irq ]; then
+ echo $1
+ return
+ fi
+ done
+}
+
+
+set_rps_cpu_bitmap()
+{
+ dbg2 "# Scan binding interfaces of each cpu"
+ # suppose the value of interface_var is null or hex
+ num=0
+ while [ "$num" -lt "$NUM_OF_CPU" ];do
+ cpu_bit=$((2 ** $num))
+ eval rps_list=\$CPU${num}_RPS
+ dbg2 "# CPU$num: rps_list=$rps_list"
+ for i in $rps_list; do
+ var=${VAR_PREFIX}_${i//-/_}
+ eval ifval=\$$var
+ dbg2 "[var val before] \$$var=$ifval"
+ if [ -z "$ifval" ]; then
+ eval $var=$cpu_bit
+ else
+ eval $var=`expr $ifval + $cpu_bit`
+ fi
+ eval ifval=\$$var
+ dbg2 "[rps val after]$i=$ifval"
+ done
+ num=`expr $num + 1`
+ done
+}
+
+# $1: The default rps value. If rps of the interface is not setup, set $1 to it
+set_rps_cpus()
+{
+ dbg2 "# Setup rps of the interfaces, $RPS_IF_LIST."
+ for i in $RPS_IF_LIST; do
+ var=${VAR_PREFIX}_${i//-/_}
+ eval cpu_map=\$$var
+ if [ -d /sys/class/net/$i ]; then
+ if [ ! -z $cpu_map ]; then
+ cpu_map=`printf '%x' $cpu_map`
+ dbg "echo $cpu_map > /sys/class/net/$i/queues/rx-0/rps_cpus"
+ echo $cpu_map > /sys/class/net/$i/queues/rx-0/rps_cpus
+ elif [ ! -z $1 ]; then
+ dbg "echo $1 > /sys/class/net/$i/queues/rx-0/rps_cpus"
+ echo $1 > /sys/class/net/$i/queues/rx-0/rps_cpus
+ fi
+ fi
+ done
+}
+
+set_smp_affinity()
+{
+ dbg2 "# Setup affinity of each physical irq."
+ num=0
+ while [ "$num" -lt "$NUM_OF_CPU" ];do
+ eval smp_list=\$CPU${num}_AFFINITY
+ for i in $smp_list; do
+ cpu_bit=$((2 ** $num))
+ virq=$(get_virtual_irq $i)
+ dbg2 "irq p2v $i --> $virq"
+ if [ ! -z $virq ]; then
+ dbg "echo $cpu_bit > /proc/irq/$virq/smp_affinity"
+ echo $cpu_bit > /proc/irq/$virq/smp_affinity
+ fi
+ done
+ num=`expr $num + 1`
+ done
+}
+
+if [ "$1" = "dbg" ]; then
+ DBG=1
+elif [ "$1" = "dbg2" ]; then
+ DBG=2
+else
+ DBG=0
+fi
+
+# Usage: dbg "the output string"
+dbg()
+{
+ if [ "$DBG" -ge "1" ]; then
+ echo -e $1
+ fi
+}
+
+# Usage: dbg2 "the output string"
+dbg2()
+{
+ if [ "$DBG" -ge "2" ]; then
+ echo -e $1
+ fi
+}
+
+#NUM_OF_CPU=2 #7622
+#NUM_OF_CPU=4 #7623
+dbg "# RPS and AFFINITY Setting"
+dbg "# NUM_OF_CPU=$NUM_OF_CPU"
+VAR_PREFIX="autogen"
+#IRQ_LIST="" # setup by every model
+RPS_IF_LIST="" # setup by getEthIfName/getWiFiIfName/every model
+sleep 20
+get_eth_if_name
+get_wifi_if_name # It will add all wifi interfaces into $RPS_IF_LIST
+dbg2 "# default RPS_IF_LIST=$RPS_IF_LIST"
+setup_model
+set_rps_cpu_bitmap
+set_rps_cpus $DEFAULT_RPS
+set_smp_affinity
+
+#end of file
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/files/usb_switch b/meta/meta-mediatek-mt2735/recipes-core/initial/files/usb_switch
old mode 100644
new mode 100755
index 7a3af48..cc82d6c
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/files/usb_switch
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/files/usb_switch
@@ -8,6 +8,7 @@
function funCleanConfig(){
echo "clean old configuration" > /dev/kmsg
+ systemctl stop init_usb
killall adbd
killall agetty
echo none > /sys/kernel/config/usb_gadget/g1/UDC
@@ -54,6 +55,30 @@
ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f3
ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs1 /sys/kernel/config/usb_gadget/g1/configs/b.1/f4
echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
+elif [ $1 = "ecm,adb,acm" ]; then
+ funCleanConfig
+ ########################################
+ adbd &
+ sleep 1
+ echo rndis_adb_acm > /sys/kernel/config/usb_gadget/g1/configs/b.1/strings/0x409/configuration
+ echo 0x2028 > /sys/kernel/config/usb_gadget/g1/idProduct
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ecm.f0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f1
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ffs.adb /sys/kernel/config/usb_gadget/g1/configs/b.1/f2
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f3
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs1 /sys/kernel/config/usb_gadget/g1/configs/b.1/f4
+ echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
+elif [ $1 = "ncm,adb,acm" ]; then
+ funCleanConfig
+ ########################################
+ adbd &
+ sleep 1
+ echo rndis_adb_acm > /sys/kernel/config/usb_gadget/g1/configs/b.1/strings/0x409/configuration
+ echo 0x2028 > /sys/kernel/config/usb_gadget/g1/idProduct
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ncm.f0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f1
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/ffs.adb /sys/kernel/config/usb_gadget/g1/configs/b.1/f2
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs0 /sys/kernel/config/usb_gadget/g1/configs/b.1/f3
+ ln -sf /sys/kernel/config/usb_gadget/g1/functions/acm.gs1 /sys/kernel/config/usb_gadget/g1/configs/b.1/f4
+ echo 11201000.usb > /sys/kernel/config/usb_gadget/g1/UDC
elif [ $1 = "rndis,acm" ]; then
funCleanConfig
########################################
diff --git a/meta/meta-mediatek-mt2735/recipes-core/initial/init-2735_1.0.0.bb b/meta/meta-mediatek-mt2735/recipes-core/initial/init-2735_1.0.0.bb
index f2b6340..46cca95 100755
--- a/meta/meta-mediatek-mt2735/recipes-core/initial/init-2735_1.0.0.bb
+++ b/meta/meta-mediatek-mt2735/recipes-core/initial/init-2735_1.0.0.bb
@@ -19,9 +19,15 @@
SRC_URI += "file://emdlogger1.service"
SRC_URI += "file://thermal_core.service"
SRC_URI += "${@bb.utils.contains('MTK_SMT_BUILD', 'yes', ' file://meta_tst_tmp', ' file://meta_tst', d)}"
-SRC_URI += "file://init_atci"
-SRC_URI += "file://init_atci.service"
+SRC_URI += "${@bb.utils.contains('BUILD_TYPE', 'user', ' ', ' file://init_atci', d)}"
+SRC_URI += "${@bb.utils.contains('BUILD_TYPE', 'user', ' ', ' file://init_atci.service', d)}"
SRC_URI += "file://agps.service"
+SRC_URI += "file://init_usb"
+SRC_URI += "file://init_usb.service"
+SRC_URI += "file://smp.sh"
+SRC_URI += "file://smp.rules"
+
+DEPENDS+= "udev"
S = "${WORKDIR}"
@@ -33,7 +39,10 @@
${datadir}/init/usb_switch \
${datadir}/init/meta_tst \
${datadir}/init/init_speech \
- ${datadir}/init/init_atci"
+ ${datadir}/init/init_usb \
+ ${datadir}/init/smp.sh \
+ /etc/udev/rules.d/smp.rules \
+ ${@bb.utils.contains('BUILD_TYPE', 'user', ' ', ' ${datadir}/init/init_atci', d)}"
inherit systemd
@@ -48,7 +57,8 @@
emdlogger1.service \
thermal_core.service \
agps.service \
- init_atci.service"
+ init_usb.service \
+ ${@bb.utils.contains('BUILD_TYPE', 'user', ' ', 'init_atci.service', d)}"
FILES_${PN} += "${systemd_unitdir}/system/init_network.service \
${systemd_unitdir}/system/init_mount.service \
@@ -60,13 +70,19 @@
${systemd_unitdir}/system/emdlogger1.service \
${systemd_unitdir}/system/thermal_core.service \
${systemd_unitdir}/system/agps.service \
- ${systemd_unitdir}/system/init_atci.service"
+ ${systemd_unitdir}/system/init_usb.service \
+ ${@bb.utils.contains('BUILD_TYPE', 'user', ' ', ' ${systemd_unitdir}/system/init_atci.service', d)}"
do_install_append() {
install -d ${D}${datadir}/init
install -m 0755 init_network ${D}${datadir}/init/init_network
install -m 0755 usb_switch ${D}${datadir}/init/usb_switch
install -m 0755 init_speech ${D}${datadir}/init/init_speech
+ install -m 0755 init_usb ${D}${datadir}/init/init_usb
+ install -m 0755 smp.sh ${D}${datadir}/init/smp.sh
+
+ install -d ${D}/etc/udev/rules.d/
+ install -m 0755 smp.rules ${D}/etc/udev/rules.d/smp.rules
if [ "${MTK_SMT_BUILD}" = "yes" ]; then
install -m 0755 meta_tst_tmp ${D}${datadir}/init/meta_tst
@@ -92,8 +108,13 @@
install -m 0644 emdlogger1.service ${D}${systemd_unitdir}/system
install -m 0644 thermal_core.service ${D}${systemd_unitdir}/system
install -m 0644 agps.service ${D}${systemd_unitdir}/system
- install -m 0644 init_atci.service ${D}${systemd_unitdir}/system
+ install -m 0644 init_usb.service ${D}${systemd_unitdir}/system
+ if [ "${BUILD_TYPE}" = "eng" ]; then
+ install -m 0644 init_atci.service ${D}${systemd_unitdir}/system
+ fi
fi
- install -m 0755 init_atci ${D}${datadir}/init/init_atci
+ if [ "${BUILD_TYPE}" = "eng" ]; then
+ install -m 0755 init_atci ${D}${datadir}/init/init_atci
+ fi
}
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/adbd/adbd_5.0.0_r1.bb b/meta/meta-mediatek-mt2735/recipes-devtools/adbd/adbd_5.0.0_r1.bb
new file mode 100755
index 0000000..cf743e1
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/adbd/adbd_5.0.0_r1.bb
@@ -0,0 +1,36 @@
+DESCRIPTION = "adbd binary"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://NOTICE;md5=720f14959428458dd19787dbf1e02b95"
+FILESEXTRAPATHS_append := ":${THISDIR}/files"
+SRC_URI = "file://usb.config"
+
+inherit workonsrc
+WORKONSRC = "${TOPDIR}/../src/devtools/adb/"
+
+DEPENDS += "uci platform-libs-common"
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+EXTRA_OEMAKE = "'BB_SYSROOT_ADD=${STAGING_DIR_HOST}'"
+EXTRA_OEMAKE += "'PACKAGE_ARCH=${PACKAGE_ARCH}'"
+EXTRA_OEMAKE += "'TOP_ROOT=${B}'"
+
+INSANE_SKIP_${PN} += "already-stripped"
+
+FILES_${PN} += "${bindir}/adbd"
+FILES_${PN} += "/etc/config/usb"
+
+do_compile() {
+ oe_runmake all -f ${B}/Makefile
+}
+
+do_install() {
+ install -d ${D}${bindir}
+ install -m 0755 ${B}adbd ${D}${bindir}
+ install -d ${D}/etc/config
+ install -m 0644 ${WORKDIR}/usb.config ${D}/etc/config/usb
+}
+
+do_install_append() {
+ install -d ${D}${bindir}
+ ln -sf /usr/share/init/usb_switch ${D}${bindir}
+}
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/adbd/files/usb.config b/meta/meta-mediatek-mt2735/recipes-devtools/adbd/files/usb.config
new file mode 100755
index 0000000..cbcd995
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/adbd/files/usb.config
@@ -0,0 +1,5 @@
+config usb 'adb'
+ option serial '0123456789ABCDEF'
+
+config usb 'config'
+ option mipcboot '0'
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-lite/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-lite/flashproc.py
old mode 100644
new mode 100755
index ddc8d15..01b70e2
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-lite/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-lite/flashproc.py
@@ -39,6 +39,10 @@
['fastboot', 'flash', 'md1img_b', 'md1img.img'],
['fastboot', 'flash', 'md1dsp_a', 'md1dsp.img'],
['fastboot', 'flash', 'md1dsp_b', 'md1dsp.img'],
+ ['fastboot', 'flash', 'mcf1_a', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf1_b', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_a', 'MCF_OEM_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_b', 'MCF_OEM_OTA.img'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'flash', 'tee_b', 'tee.img'],
['fastboot', 'flash', 'nvram', 'nvram.ubi'],
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main-user/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main-user/flashproc.py
index d8b50a8..a77ba9d 100755
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main-user/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main-user/flashproc.py
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MediaTekProprietary
+
#!/usr/bin/python
import os
@@ -38,6 +40,10 @@
['fastboot', 'flash', 'md1img_b', 'md1img.img'],
['fastboot', 'flash', 'md1dsp_a', 'md1dsp.img'],
['fastboot', 'flash', 'md1dsp_b', 'md1dsp.img'],
+ ['fastboot', 'flash', 'mcf1_a', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf1_b', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_a', 'MCF_OEM_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_b', 'MCF_OEM_OTA.img'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'flash', 'tee_b', 'tee.img'],
['fastboot', 'flash', 'nvram', 'nvram.ubi'],
@@ -45,9 +51,7 @@
['fastboot', 'flash', 'medmcu', 'medmcu.img'],
['fastboot', 'flash', 'sspm', 'sspm.img'],
['fastboot', 'flash', 'dpm', 'dpm.img'],
- ['fastboot', 'flash', 'userdata', 'userdata.img'],
- ['fastboot', 'flash', 'vbmeta_a', 'vbmeta.img'],
- ['fastboot', 'flash', 'vbmeta_b', 'vbmeta.img']]
+ ['fastboot', 'flash', 'userdata', 'userdata.img']]
}
userprocedures = {
@@ -125,11 +129,7 @@
['fastboot', 'erase', 'tee_a'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'erase', 'tee_b'],
- ['fastboot', 'flash', 'tee_b', 'tee.img'],
- ['fastboot', 'erase', 'vbmeta_a'],
- ['fastboot', 'flash', 'vbmeta_a', 'vbmeta.img'],
- ['fastboot', 'erase', 'vbmeta_b'],
- ['fastboot', 'flash', 'vbmeta_b', 'vbmeta.img']]
+ ['fastboot', 'flash', 'tee_b', 'tee.img']]
}
# return procedure list
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main/flashproc.py
index d8b50a8..714a0ad 100755
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-main/flashproc.py
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MediaTekProprietary
+
#!/usr/bin/python
import os
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp1/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp1/flashproc.py
old mode 100644
new mode 100755
index 0adebaf..bc1bd55
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp1/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp1/flashproc.py
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MediaTekProprietary
+
#!/usr/bin/python
import os
@@ -38,6 +40,10 @@
['fastboot', 'flash', 'md1img_b', 'md1img.img'],
['fastboot', 'flash', 'md1dsp_a', 'md1dsp.img'],
['fastboot', 'flash', 'md1dsp_b', 'md1dsp.img'],
+ ['fastboot', 'flash', 'mcf1_a', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf1_b', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_a', 'MCF_OEM_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_b', 'MCF_OEM_OTA.img'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'flash', 'tee_b', 'tee.img'],
['fastboot', 'flash', 'nvram', 'nvram.ubi'],
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2-user/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2-user/flashproc.py
old mode 100644
new mode 100755
index f871ff0..a7740bd
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2-user/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2-user/flashproc.py
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MediaTekProprietary
+
#!/usr/bin/python
import os
@@ -40,6 +42,10 @@
['fastboot', 'flash', 'md1img_b', 'md1img.img'],
['fastboot', 'flash', 'md1dsp_a', 'md1dsp.img'],
['fastboot', 'flash', 'md1dsp_b', 'md1dsp.img'],
+ ['fastboot', 'flash', 'mcf1_a', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf1_b', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_a', 'MCF_OEM_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_b', 'MCF_OEM_OTA.img'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'flash', 'tee_b', 'tee.img'],
['fastboot', 'flash', 'nvram', 'nvram.ext4'],
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2/flashproc.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2/flashproc.py
old mode 100644
new mode 100755
index f871ff0..a7740bd
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2/flashproc.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/auto2735evb-ivt-vp2/flashproc.py
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MediaTekProprietary
+
#!/usr/bin/python
import os
@@ -40,6 +42,10 @@
['fastboot', 'flash', 'md1img_b', 'md1img.img'],
['fastboot', 'flash', 'md1dsp_a', 'md1dsp.img'],
['fastboot', 'flash', 'md1dsp_b', 'md1dsp.img'],
+ ['fastboot', 'flash', 'mcf1_a', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf1_b', 'MCF_MOD_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_a', 'MCF_OEM_OTA.img'],
+ ['fastboot', 'flash', 'mcf2_b', 'MCF_OEM_OTA.img'],
['fastboot', 'flash', 'tee_a', 'tee.img'],
['fastboot', 'flash', 'tee_b', 'tee.img'],
['fastboot', 'flash', 'nvram', 'nvram.ext4'],
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/flashimage.py b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/flashimage.py
old mode 100644
new mode 100755
index 280c68b..8f37048
--- a/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/flashimage.py
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/flashtool/files/flashimage.py
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: MediaTekProprietary
#!/usr/bin/python
import os
@@ -148,9 +149,9 @@
print('')
print('datool - device detected: ')
break
- if ret == None:
- print('No device detected. Please ensure that datool is running')
- exit(1)
+ if i == secs - 1:
+ print('No device detected. Please ensure that datool is running')
+ exit(1)
def fbWait(secs=60):
@@ -165,9 +166,9 @@
print('')
print('Fastboot - device detected: %s' % (ret.split())[0])
break
- if ret == None:
- print('No device detected. Please ensure that fastboot is running on the target device')
- exit(1)
+ if i == secs - 1:
+ print('No device detected. Please ensure that fastboot is running on the target device')
+ exit(1)
def cmdReboot(toBootloader=True):
@@ -378,6 +379,7 @@
if args.nata:
#RELEASE DOWNLOAD KEY
print ('[AT] DOWNLOAD KEY:0, %s' %time.ctime())
+ sys.stdout.flush()
time.sleep(2)
time.sleep(2)
cmdReboot(False)
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/packer/packer_1.0.0.bbappend b/meta/meta-mediatek-mt2735/recipes-devtools/packer/packer_1.0.0.bbappend
old mode 100644
new mode 100755
index 93b934f..84c6ee5
--- a/meta/meta-mediatek-mt2735/recipes-devtools/packer/packer_1.0.0.bbappend
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/packer/packer_1.0.0.bbappend
@@ -1,4 +1,9 @@
+do_install_append () {
+ install -m 644 ${S}/${TARGET_PLATFORM}/test_pkcs1_15_mytest.py ${D}${datadir}/packer
+ install -m 644 ${S}/${TARGET_PLATFORM}/test_pkcs1_pss_mytest.py ${D}${datadir}/packer
+}
+
DEPLOY_DIR_IMAGE_ROOT = "${DEPLOY_DIR}/images"
do_gensdk() {
diff --git a/meta/meta-mediatek-mt2735/recipes-devtools/property/property.bb b/meta/meta-mediatek-mt2735/recipes-devtools/property/property.bb
old mode 100644
new mode 100755
index 0dd34ae..2936393
--- a/meta/meta-mediatek-mt2735/recipes-devtools/property/property.bb
+++ b/meta/meta-mediatek-mt2735/recipes-devtools/property/property.bb
@@ -1,10 +1,10 @@
DESCRIPTION = "getprop/setprop"
-LICENSE = "MediaTekProprietary & GPL-2.0+ & LGPL-2.1+"
+LICENSE = "MediaTekProprietary"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e1696b147d49d491bcb4da1a57173fff"
PN='property'
inherit workonsrc
-WORKONSRC = "${TOPDIR}/../auto/testapp/property"
+WORKONSRC = "${TOPDIR}/../src/devtools/nata_property"
inherit autotools
do_compile() {
diff --git a/meta/meta-mediatek-mt2735/recipes-extended/mii_mgr/mii-mgr.bb b/meta/meta-mediatek-mt2735/recipes-extended/mii_mgr/mii-mgr.bb
new file mode 100755
index 0000000..7b367fe
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-extended/mii_mgr/mii-mgr.bb
@@ -0,0 +1,41 @@
+DESCRIPTION = "mii_mgr"
+LICENSE = "MediaTekProprietary"
+
+DEPENDS += "mipc"
+
+inherit workonsrc systemd
+SRC = "${TOPDIR}/../src/extended/mii_mgr"
+WORKONSRC = "${SRC}"
+
+FILESEXTRAPATHS_append := ":${THISDIR}/${PN}"
+
+EXTRA_OEMAKE = "PACKAGE_ARCH=${PACKAGE_ARCH}"
+EXTRA_OEMAKE += "CONFIG_SUPPORT_OPENWRT=y"
+EXTRA_OEMAKE += "CONFIG_COLGIN_SUPPORT=y"
+
+FILES_${PN} = "/usr/bin/mii_mgr"
+FILES_${PN} += "/usr/bin/mii_mgr_cl45"
+
+CFLAGS_append += "-Wall -D_LINUX -fPIC"
+CFLAGS_append += "-DCONFIG_SUPPORT_OPENWRT=1"
+CFLAGS_append += "-DCONFIG_COLGIN_SUPPORT=1"
+CFLAGS_append += "-I${TOPDIR}/../src/kernel/modules/netsys_driver/nat/include"
+
+LDFLAGS_append += "-lmipc_msg -lpthread"
+
+do_compile() {
+ oe_runmake
+}
+
+do_install() {
+ install -d ${D}/usr/bin/
+ if [ -d "${WORKONSRC}" ]; then
+ install -m 0755 ${S}mii_mgr ${D}/usr/bin/
+ install -m 0755 ${S}mii_mgr_cl45 ${D}/usr/bin/
+ else
+ install -m 0755 ${S}usr/bin/mii_mgr ${D}/usr/bin/
+ install -m 0755 ${S}usr/bin/mii_mgr_cl45 ${D}/usr/bin/
+ fi
+}
+
+INSANE_SKIP_${PN} += "already-stripped"
\ No newline at end of file
diff --git a/meta/meta-mediatek-mt2735/recipes-hsm/hsm/files/bootloader.json b/meta/meta-mediatek-mt2735/recipes-hsm/hsm/files/bootloader.json
old mode 100644
new mode 100755
index 26f657e..5f9a70a
--- a/meta/meta-mediatek-mt2735/recipes-hsm/hsm/files/bootloader.json
+++ b/meta/meta-mediatek-mt2735/recipes-hsm/hsm/files/bootloader.json
@@ -62,6 +62,13 @@
/* images information */
"images": [
{
+ /* cert */
+ "img_file": "cert.bin",
+ "img_enc_inf": 0,
+ "img_enc_alg": 0,
+ "img_iv": "0xa5a5a5a5c1c1c1c1e2e2e2e298989898",
+ },
+ {
/* bootloader */
"img_file": "bootloader.bin",
@@ -88,6 +95,12 @@
"load_srcipt_cmd": [
{
+ /* cert */
+ "cmd": "LOAD",
+ "img_file": "cert.bin",
+ "addr": "0x00040000"
+ },
+ {
/* HSM bootloader */
"cmd": "LOAD",
"img_file": "bootloader.bin",
diff --git a/meta/meta-mediatek-mt2735/recipes-hsm/hsm/hsm_1.0.0.bbappend b/meta/meta-mediatek-mt2735/recipes-hsm/hsm/hsm_1.0.0.bbappend
old mode 100644
new mode 100755
index 4cff310..c32c7d2
--- a/meta/meta-mediatek-mt2735/recipes-hsm/hsm/hsm_1.0.0.bbappend
+++ b/meta/meta-mediatek-mt2735/recipes-hsm/hsm/hsm_1.0.0.bbappend
@@ -3,11 +3,21 @@
SRC_URI += "file://bootloader.json \
file://hsm.json"
+do_addcert() {
+ # add secure JTAG certificate
+ mkdir -p ${B}out
+ touch ${B}out/cert.bin
+ if [ -f "${B}src/application/bootloader/mt2735/cert/cert.bin" ]; then
+ cp ${B}src/application/bootloader/mt2735/cert/cert.bin ${B}out
+ fi
+}
+
do_deploy() {
install -m 755 ${B}out/bootloader.bin ${DEPLOYDIR}/hsm_bl.img
install -m 755 ${B}out/hsm.bin ${DEPLOYDIR}/hsm_os.img
}
+addtask addcert before do_compile after do_configure
addtask deploy before do_build after do_compile
do_genheader () {
${WORKDIR}/recipe-sysroot-native${bindir}/python-native/python2 ${WORKDIR}/recipe-sysroot-native${datadir}/packer/mipack.py -d ${B}out/ -o ${B}out/bootloader.bin ${WORKDIR}/bootloader.json
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/dtbo.bbappend b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/dtbo.bbappend
new file mode 100755
index 0000000..a1d212b
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/dtbo.bbappend
@@ -0,0 +1 @@
+FILESEXTRAPATHS_append := ":${THISDIR}/files"
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/Makefile b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/Makefile
new file mode 100755
index 0000000..b84a2c6
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/Makefile
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: MediaTekProprietary
+DTBO := $(patsubst %.dts,%.dtbo,$(wildcard *.dts))
+
+all: $(DTBO)
+
+%.dtbo: %.dts
+ dtc -@ -O dtb -o $@ $<
+
+clean:
+ rm -rf *.dtbo
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/combo.dts b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/combo.dts
new file mode 100755
index 0000000..71493da
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/dtbo/files/combo.dts
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: MediaTekProprietary
+/dts-v1/;
+/plugin/;
+
+/ {
+ fragment@0 {
+ target-path = "/";
+ __overlay__ {
+ combo:connectivity-combo@0 {
+ aucMacAddress = [00 00 00 00 00 00];
+ btAddr = [00 00 46 66 30 01];
+ btRadio = [06 80 00 06 05 06];
+ aucEFUSE144 = [00 00 00 00 00 00 00 00
+ 00 00
+ 00 20 22 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 60 60 60
+ 00
+ 00
+ 00 00 00 00 00 00 00 00 00 00 00
+ 00 30 00 00 00 00 00 10
+ 00
+ 00 00 00 00 00 00 00
+ 23 23 23 23 23 20 1E 00 00 00 00
+ 01
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00];
+ };
+ };
+ };
+ fragment@1 {
+ target-path = "/";
+ __overlay__ {
+ snps_mac: ethernet@11021000 {
+ /* mac-address = [00 0A 00 00 00 01]; */
+ };
+ eth: ethernet@15100000 {
+ gmac0: mac@0 {
+ /* mac-address = [00 0A 00 00 00 02]; */
+ };
+ gmac1: mac@1 {
+ /* mac-address = [00 0A 00 00 00 03]; */
+ };
+ };
+ };
+ };
+};
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/disable_aee.cfg b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/disable_aee.cfg
new file mode 100755
index 0000000..0c8eb05
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/disable_aee.cfg
@@ -0,0 +1,4 @@
+# CONFIG_MTK_AEE_FEATURE is not set
+# CONFIG_MTK_AEE_AED is not set
+# CONFIG_MTK_AEE_IPANIC is not set
+# CONFIG_MTK_HANG_DETECT is not set
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_squashfs.cfg b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_squashfs.cfg
old mode 100644
new mode 100755
index 642a354..1d81e1c
--- a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_squashfs.cfg
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_squashfs.cfg
@@ -1,2 +1,3 @@
-CONFIG_CMDLINE=" rootfstype=squashfs "
+CONFIG_CMDLINE=" rootfstype=squashfs root=/dev/ubiblock0_0 "
CONFIG_CMDLINE_EXTEND=y
+CONFIG_MTD_UBI_BLOCK=y
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_ubifs.cfg b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_ubifs.cfg
old mode 100644
new mode 100755
index 606a825..fcf7a04
--- a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_ubifs.cfg
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/rootfstype_ubifs.cfg
@@ -1,2 +1,3 @@
-CONFIG_CMDLINE=" rootfstype=ubifs "
+CONFIG_CMDLINE=" rootfstype=ubifs root=ubi0_0 "
CONFIG_CMDLINE_EXTEND=y
+CONFIG_MTD_UBI_BLOCK=n
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_netsys.cfg b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_netsys.cfg
new file mode 100755
index 0000000..16dbfee
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_netsys.cfg
@@ -0,0 +1 @@
+CONFIG_MTK_SGMII_NETSYS=y
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_snps.cfg b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_snps.cfg
new file mode 100755
index 0000000..ac11b31
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/files/sgmii_snps.cfg
@@ -0,0 +1 @@
+CONFIG_MTK_SGMII_SNPS=y
diff --git a/meta/meta-mediatek-mt2735/recipes-kernel/linux/linux-mtk-extension_4.19.bbappend b/meta/meta-mediatek-mt2735/recipes-kernel/linux/linux-mtk-extension_4.19.bbappend
old mode 100644
new mode 100755
index ebc4507..6d172d5
--- a/meta/meta-mediatek-mt2735/recipes-kernel/linux/linux-mtk-extension_4.19.bbappend
+++ b/meta/meta-mediatek-mt2735/recipes-kernel/linux/linux-mtk-extension_4.19.bbappend
@@ -12,13 +12,10 @@
"
SRC_URI += "\
- file://auto2735evb_ivt_optee.cfg \
- "
-
-SRC_URI += "\
${@bb.utils.contains('NAND_TYPE', 'slc', ' file://slc_nand.cfg', '', d)} \
${@bb.utils.contains('NAND_TYPE', 'spi', ' file://spi_nand.cfg', '', d)} \
${@bb.utils.contains('BOOTDEV_TYPE', 'emmc', ' file://emmc.cfg', '', d)} \
+ ${@bb.utils.contains('TEE_SUPPORT', 'optee', ' file://auto2735evb_ivt_optee.cfg', '', d)} \
"
SRC_URI += "\
@@ -38,11 +35,6 @@
"
SRC_URI += "\
- ${@bb.utils.contains('PHY_RGMII_INTERFACE', 'yes', ' file://snps_1g.cfg', '', d)} \
- ${@bb.utils.contains('PHY_SGMII_INTERFACE', 'yes', ' file://snps_2.5g.cfg', '', d)} \
-"
-
-SRC_URI += "\
${@bb.utils.contains('SECURE_BOOT_ENABLE', 'yes', ' file://dm_verity.cfg', '', d)} \
${@bb.utils.contains('IMAGE_FSTYPES', 'squashfs', ' file://rootfstype_squashfs.cfg', '', d)} \
${@bb.utils.contains('IMAGE_FSTYPES', 'ubi', ' file://rootfstype_ubifs.cfg', '', d)} \
@@ -52,6 +44,15 @@
${@bb.utils.contains('HSM_OS_SUPPORT', 'yes', ' file://hsm.cfg', '', d)} \
"
+SRC_URI += "\
+ ${@bb.utils.contains('SGMII_SNPS_INTERFACE', 'yes', ' file://sgmii_snps.cfg', '', d)} \
+ ${@bb.utils.contains('SGMII_NETSYS_INTERFACE', 'yes', ' file://sgmii_netsys.cfg', '', d)} \
+"
+
+SRC_URI += "\
+ ${@bb.utils.contains('AEE_SUPPORT', 'yes', '', ' file://disable_aee.cfg', d)} \
+"
+
def find_cfg(d):
sources=src_patches(d, True)
sources_list=[]
@@ -70,12 +71,6 @@
}
do_configure_prepend () {
- if [ "${KBUILD_DEFCONFIG}" = "auto2735evb_defconfig" ]; then
- if [ "${TEE_SUPPORT}" = "optee" ]; then
- merge_config.sh -O ${TOPDIR}/../src/kernel/linux/v4.19/arch/${KERNEL_ARCH}/configs/ -m ${TOPDIR}/../src/kernel/linux/v4.19/arch/${KERNEL_ARCH}/configs/${KBUILD_DEFCONFIG} ${WORKDIR}/auto2735evb_ivt_optee.cfg
- fi
- fi
-
if [ "${MTK_SMT_BUILD}" = "yes" ]; then
cp -rf ${TOPDIR}/../meta/meta-mediatek-mt2735/recipes-kernel/linux/files/mt2735.dtsi ${KERNEL_SRC}/arch/arm64/boot/dts/mediatek/
fi
diff --git a/meta/meta-mediatek-mt2735/recipes-telephonyware/atcid/atci-service_1.0.0.bb b/meta/meta-mediatek-mt2735/recipes-telephonyware/atcid/atci-service_1.0.0.bb
index 7088b21..2f74668 100755
--- a/meta/meta-mediatek-mt2735/recipes-telephonyware/atcid/atci-service_1.0.0.bb
+++ b/meta/meta-mediatek-mt2735/recipes-telephonyware/atcid/atci-service_1.0.0.bb
@@ -13,7 +13,7 @@
-I${STAGING_DIR_HOST}/usr/include/mipc/common \
-I${STAGING_DIR_HOST}/usr/include/mipc/msg \
-I${STAGING_DIR_HOST}/usr/include \
- -D_LINUX -fPIC \
+ -D_LINUX -DTELEMATICS -fPIC \
"
CFLAGS_append = "${ATCID_CFLAGS_ADD}"
diff --git a/meta/meta-mediatek-mt2735/recipes-telephonyware/mcf-cmd/mcf-cmd_1.0.0.bb b/meta/meta-mediatek-mt2735/recipes-telephonyware/mcf-cmd/mcf-cmd_1.0.0.bb
new file mode 100755
index 0000000..bd15d3a
--- /dev/null
+++ b/meta/meta-mediatek-mt2735/recipes-telephonyware/mcf-cmd/mcf-cmd_1.0.0.bb
@@ -0,0 +1,24 @@
+DESCRIPTION = "This module to configure MCF"
+LICENSE = "MediaTekProprietary"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=33021e5683364ac70382851bdf2e4dbd"
+
+inherit workonsrc
+WORKONSRC = "${TOPDIR}/../src/telephonyware/3.0/mcf_cmd"
+
+FILES_${PN} = "${bindir}/mcf_cmd"
+
+DEPENDS += " mipc"
+
+MCF_CFLAGS_ADD = " -I${STAGING_DIR_HOST}/usr/include/mipc/api \
+ -I${STAGING_DIR_HOST}/usr/include/mipc/common \
+ -I${STAGING_DIR_HOST}/usr/include/mipc/msg \
+ -D_LINUX \
+"
+
+CFLAGS_append = "${MCF_CFLAGS_ADD}"
+LDFLAGS_append = " -lmipc_msg -lpthread"
+
+do_install() {
+ install -d ${D}${bindir}
+ install -m 0755 mcf_cmd ${D}${bindir}
+}
diff --git a/meta/meta-mediatek/classes/bl33-fitimage.bbclass b/meta/meta-mediatek/classes/bl33-fitimage.bbclass
old mode 100644
new mode 100755
index d74bb58..3643003
--- a/meta/meta-mediatek/classes/bl33-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/bl33-fitimage.bbclass
@@ -63,7 +63,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- bl33@1 {
+ bl33_1 {
description = "LK based BL33 Image";
data = /incbin/("${1}");
type = "kernel";
@@ -72,7 +72,7 @@
compression = "${2}";
load = <${BL33_LOADADDRESS}>;
entry = <${BL33_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${bl33_csum}";
};
};
@@ -94,11 +94,11 @@
conf_desc="${MTK_PROJECT} configuration"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
- kernel = "bl33@1";
- signature@1 {
+ kernel = "bl33_1";
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images = "kernel";
diff --git a/meta/meta-mediatek/classes/kernel-fitimage-extension.bbclass b/meta/meta-mediatek/classes/kernel-fitimage-extension.bbclass
old mode 100644
new mode 100755
index 4bb8c1b..3844a05
--- a/meta/meta-mediatek/classes/kernel-fitimage-extension.bbclass
+++ b/meta/meta-mediatek/classes/kernel-fitimage-extension.bbclass
@@ -92,7 +92,7 @@
fi
cat << EOF >> fit-image.its
- kernel@${1} {
+ kernel_${1} {
description = "Linux kernel";
data = /incbin/("${2}");
type = "kernel";
@@ -101,7 +101,7 @@
compression = "${3}";
load = <${UBOOT_LOADADDRESS}>;
entry = <${ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${kernel_csum}";
};
};
@@ -122,14 +122,14 @@
fi
cat << EOF >> fit-image.its
- fdt@${1} {
+ fdt_${1} {
description = "Flattened Device Tree blob";
data = /incbin/("${2}");
type = "flat_dt";
arch = "${UBOOT_ARCH}";
compression = "none";
load = <${DTB_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${dtb_csum}";
};
};
@@ -156,17 +156,17 @@
fdt_line=""
else
conf_desc="Boot Linux kernel with FDT blob"
- fdt_line="fdt = \"fdt@${2}\";"
+ fdt_line="fdt = \"fdt_${2}\";"
fi
- kernel_line="kernel = \"kernel@${1}\";"
+ kernel_line="kernel = \"kernel_${1}\";"
cat << EOF >> fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${kernel_line}
${fdt_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images="fdt","kernel";
diff --git a/meta/meta-mediatek/classes/lk-image.bbclass b/meta/meta-mediatek/classes/lk-image.bbclass
old mode 100644
new mode 100755
index f7e0ec6..86960a2
--- a/meta/meta-mediatek/classes/lk-image.bbclass
+++ b/meta/meta-mediatek/classes/lk-image.bbclass
@@ -60,7 +60,7 @@
cat << EOF >> $1
images {
- bl@1 {
+ bl_1 {
description = "bl";
padding = /incbin/("${2}");
data = /incbin/("${3}");
@@ -68,7 +68,7 @@
compression = "none";
load = <${4}>;
entry = <${5}>;
- hash@1 {
+ hash {
algo = "${6}";
};
};
@@ -95,12 +95,12 @@
cat << EOF >> $1
configurations {
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "bl";
- kernel = "bl@1";
+ kernel = "bl_1";
${ack_iv_prop}
- signature@1 {
+ signature {
algo = "${2},${3}";
key-name-hint = "${4}";
sign-images = "kernel";
diff --git a/meta/meta-mediatek/classes/ramdisk-fitimage-extension.bbclass b/meta/meta-mediatek/classes/ramdisk-fitimage-extension.bbclass
old mode 100644
new mode 100755
index ed7e413..cc37b05
--- a/meta/meta-mediatek/classes/ramdisk-fitimage-extension.bbclass
+++ b/meta/meta-mediatek/classes/ramdisk-fitimage-extension.bbclass
@@ -94,7 +94,7 @@
fi
cat << EOF >> fit-image.its
- kernel@${1} {
+ kernel_${1} {
description = "Linux kernel";
data = /incbin/("${2}");
type = "kernel";
@@ -103,7 +103,7 @@
compression = "${3}";
load = <${UBOOT_LOADADDRESS}>;
entry = <${ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${kernel_csum}";
};
};
@@ -124,7 +124,7 @@
fi
cat << EOF >> fit-image.its
- ramdisk@${1} {
+ ramdisk_${1} {
description = "Ramdisk Image";
data = /incbin/("${2}");
type = "ramdisk";
@@ -133,7 +133,7 @@
compression = "none";
load = <${RAMDISK_LOADADDRESS}>;
entry = <${RAMDISK_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${ramdisk_csum}";
};
};
@@ -154,14 +154,14 @@
fi
cat << EOF >> fit-image.its
- fdt@${1} {
+ fdt_${1} {
description = "Flattened Device Tree blob";
data = /incbin/("${2}");
type = "flat_dt";
arch = "${UBOOT_ARCH}";
compression = "none";
load = <${DTB_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${dtb_csum}";
};
};
@@ -189,25 +189,25 @@
fdt_line=""
else
conf_desc="Boot Linux kernel with FDT blob"
- fdt_line="fdt = \"fdt@${2}\";"
+ fdt_line="fdt = \"fdt_${2}\";"
fi
- kernel_line="kernel = \"kernel@${1}\";"
+ kernel_line="kernel = \"kernel_${1}\";"
# Test if we have ramdisk image
if [ -z "${3}" ] ; then
ramdisk_line=""
else
- ramdisk_line="ramdisk = \"ramdisk@${3}\";"
+ ramdisk_line="ramdisk = \"ramdisk_${3}\";"
fi
cat << EOF >> fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${kernel_line}
${ramdisk_line}
${fdt_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images="fdt","kernel";
diff --git a/meta/meta-mediatek/classes/recovery-kernel-fitimage.bbclass b/meta/meta-mediatek/classes/recovery-kernel-fitimage.bbclass
old mode 100644
new mode 100755
index b4c9bd4..e822659
--- a/meta/meta-mediatek/classes/recovery-kernel-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/recovery-kernel-fitimage.bbclass
@@ -90,7 +90,7 @@
fi
cat << EOF >> fit-recovery-image.its
- kernel@${1} {
+ kernel_${1} {
description = "Linux kernel";
data = /incbin/("${2}");
type = "kernel";
@@ -99,7 +99,7 @@
compression = "${3}";
load = <${UBOOT_LOADADDRESS}>;
entry = <${ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${kernel_csum}";
};
};
@@ -120,14 +120,14 @@
fi
cat << EOF >> fit-recovery-image.its
- fdt@${1} {
+ fdt_${1} {
description = "Flattened Device Tree blob";
data = /incbin/("${2}");
type = "flat_dt";
arch = "${UBOOT_ARCH}";
compression = "none";
load = <${DTB_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${dtb_csum}";
};
};
@@ -154,17 +154,17 @@
fdt_line=""
else
conf_desc="Boot Linux kernel with FDT blob"
- fdt_line="fdt = \"fdt@${2}\";"
+ fdt_line="fdt = \"fdt_${2}\";"
fi
- kernel_line="kernel = \"kernel@${1}\";"
+ kernel_line="kernel = \"kernel_${1}\";"
cat << EOF >> fit-recovery-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${kernel_line}
${fdt_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images="fdt","kernel";
diff --git a/meta/meta-mediatek/classes/recovery-ramdisk-kernel-fitimage.bbclass b/meta/meta-mediatek/classes/recovery-ramdisk-kernel-fitimage.bbclass
index ff61d4c..391f6b7 100755
--- a/meta/meta-mediatek/classes/recovery-ramdisk-kernel-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/recovery-ramdisk-kernel-fitimage.bbclass
@@ -75,7 +75,7 @@
fi
cat << EOF >> fit-recovery-ramdisk-image.its
- kernel@${1} {
+ kernel_${1} {
description = "Linux kernel";
data = /incbin/("${2}");
type = "kernel";
@@ -84,7 +84,7 @@
compression = "${3}";
load = <${UBOOT_LOADADDRESS}>;
entry = <${UBOOT_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${kernel_csum}";
};
};
@@ -105,7 +105,7 @@
fi
cat << EOF >> fit-recovery-ramdisk-image.its
- ramdisk@${1} {
+ ramdisk_${1} {
description = "Ramdisk Image";
data = /incbin/("${2}");
type = "ramdisk";
@@ -114,7 +114,7 @@
compression = "none";
load = <${RECOVERY_RAMDISK_LOADADDRESS}>;
entry = <${RECOVERY_RAMDISK_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${ramdisk_csum}";
};
};
@@ -135,14 +135,14 @@
fi
cat << EOF >> fit-recovery-ramdisk-image.its
- fdt@${1} {
+ fdt_${1} {
description = "Flattened Device Tree blob";
data = /incbin/("${2}");
type = "flat_dt";
arch = "${ARCH}";
compression = "none";
load = <${DTB_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${dtb_csum}";
};
};
@@ -170,25 +170,25 @@
fdt_line=""
else
conf_desc="Boot Linux kernel with FDT blob"
- fdt_line="fdt = \"fdt@${2}\";"
+ fdt_line="fdt = \"fdt_${2}\";"
fi
- kernel_line="kernel = \"kernel@${1}\";"
+ kernel_line="kernel = \"kernel_${1}\";"
# Test if we have ramdisk image
if [ -z "${3}" ] ; then
ramdisk_line=""
else
- ramdisk_line="ramdisk = \"ramdisk@${3}\";"
+ ramdisk_line="ramdisk = \"ramdisk_${3}\";"
fi
cat << EOF >> fit-recovery-ramdisk-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${kernel_line}
${ramdisk_line}
${fdt_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images="fdt","kernel";
diff --git a/meta/meta-mediatek/classes/scpsys-fitimage.bbclass b/meta/meta-mediatek/classes/scpsys-fitimage.bbclass
old mode 100644
new mode 100755
index 9b3c8b0..8789169
--- a/meta/meta-mediatek/classes/scpsys-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/scpsys-fitimage.bbclass
@@ -116,13 +116,13 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- ${3}@1 {
- description = "${4}";
+ ${3}_1 {
+ description = "scp firmware";
data = /incbin/("${1}");
type = "${7}";
compression = "${2}";
- load = <${5} ${6}>;
- hash@1 {
+ load = <0x00 0x130000>;
+ hash {
algo = "sha256";
};
};
@@ -138,13 +138,13 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- ${3}@1 {
+ ${3}_1 {
description = "${3}";
data = /incbin/("${1}");
type = "loadable";
compression = "${2}";
- load = <${4} ${5}>;
- hash@1 {
+ load = <${4}>;
+ hash {
algo = "sha256";
};
};
@@ -173,12 +173,11 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
- kernel = "scpsys@1";
- ${dram_node}
- signature@1 {
+ kernel = "scpsys_1";
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images = "kernel"${dram_img_type}
diff --git a/meta/meta-mediatek/classes/spmfw-fitimage.bbclass b/meta/meta-mediatek/classes/spmfw-fitimage.bbclass
old mode 100644
new mode 100755
index 54df817..4e6a362
--- a/meta/meta-mediatek/classes/spmfw-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/spmfw-fitimage.bbclass
@@ -70,7 +70,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- spmfw@1 {
+ spmfw_1 {
description = "SPM firmware";
data = /incbin/("${1}");
type = "kernel";
@@ -79,7 +79,7 @@
compression = "${2}";
load = <${SPMFW_LOADADDRESS}>;
entry = <${SPMFW_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${spmfw_csum}";
};
};
@@ -100,15 +100,15 @@
conf_key_name="dev"
conf_desc="spmfw configuration"
- spmfw_line="kernel = \"spmfw@1\";"
+ spmfw_line="kernel = \"spmfw_1\";"
sign_images_line="sign-images = \"kernel\";"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${spmfw_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
${sign_images_line}
diff --git a/meta/meta-mediatek/classes/sspm-fitimage.bbclass b/meta/meta-mediatek/classes/sspm-fitimage.bbclass
old mode 100644
new mode 100755
index 75fca59..575b79a
--- a/meta/meta-mediatek/classes/sspm-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/sspm-fitimage.bbclass
@@ -68,7 +68,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- sspm@1 {
+ sspm_1 {
description = "SSPM firmware";
data = /incbin/("${1}");
type = "kernel";
@@ -98,15 +98,15 @@
conf_key_name="dev"
conf_desc="sspm configuration"
- sspm_line="kernel = \"sspm@1\";"
+ sspm_line="kernel = \"sspm_1\";"
sign_images_line="sign-images = \"kernel\";"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${sspm_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
${sign_images_line}
diff --git a/meta/meta-mediatek/classes/tinysys-fitimage.bbclass b/meta/meta-mediatek/classes/tinysys-fitimage.bbclass
old mode 100644
new mode 100755
index f348265..0a21806
--- a/meta/meta-mediatek/classes/tinysys-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/tinysys-fitimage.bbclass
@@ -63,7 +63,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- tinysys@1 {
+ tinysys_1 {
description = "TINYSYS Image";
data = /incbin/("${1}");
type = "kernel";
@@ -72,7 +72,7 @@
compression = "${2}";
load = <${TINYSYS_LOADADDRESS}>;
entry = <${TINYSYS_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${tinysys_csum}";
};
};
@@ -94,11 +94,11 @@
conf_desc="${MTK_PROJECT} configuration"
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
- kernel = "tinysys@1";
- signature@1 {
+ kernel = "tinysys_1";
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images = "kernel";
diff --git a/meta/meta-mediatek/classes/trustzone-fitimage.bbclass b/meta/meta-mediatek/classes/trustzone-fitimage.bbclass
old mode 100644
new mode 100755
index 0572ee4..b6e37b8
--- a/meta/meta-mediatek/classes/trustzone-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/trustzone-fitimage.bbclass
@@ -63,7 +63,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- trustedos@1 {
+ trustedos_1 {
description = "Trusted OS Image";
data = /incbin/("${1}");
type = "tee";
@@ -72,7 +72,7 @@
compression = "${2}";
load = <${TRUSTEDOS_LOADADDRESS}>;
entry = <${TRUSTEDOS_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${trustedos_csum}";
};
};
@@ -94,7 +94,7 @@
if [ -d ${TL_SRC} ]; then
cat << EOF >> ${WORKDIR}/fit-image.its
- tee@1 {
+ tee_1 {
description = "Tee Image";
data = /incbin/("${1}");
type = "kernel";
@@ -103,14 +103,14 @@
compression = "${2}";
load = <${TEE_LOADADDRESS}>;
entry = <${TEE_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${trustzone_csum}";
};
};
EOF
else
cat << EOF >> ${WORKDIR}/fit-image.its
- tee@1 {
+ tee_1 {
description = "Tee Image";
data = /incbin/("${1}");
type = "kernel";
@@ -119,7 +119,7 @@
compression = "${2}";
load = <${TRUSTZONE_LOADADDRESS}>;
entry = <${TRUSTZONE_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${trustzone_csum}";
};
};
@@ -142,9 +142,9 @@
conf_desc="${MTK_PROJECT} configuration"
- trustzone_line="kernel = \"tee@1\";"
+ trustzone_line="kernel = \"tee_1\";"
if [ -n "${TRUSTEDOS_ENTRYPOINT}" ] && [ -n "${TRUSTEDOS_LOADADDRESS}" ] ; then
- trustedos_line="tee = \"trustedos@1\";"
+ trustedos_line="tee = \"trustedos_1\";"
sign_images_line="sign-images = \"kernel\", \"tee\";"
else
trustedos_line=""
@@ -152,12 +152,12 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${trustzone_line}
${trustedos_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
${sign_images_line}
@@ -213,10 +213,10 @@
${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -f ${WORKDIR}/fit-image.its ${TZ_ASSEMBLE_OUT}/${TZ_BINARY}
if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${STANDALONE_SIGN_PREPARE}" != "yes" ]; then
- mkdir -p ./mykeys
- cp -f ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ./mykeys/dev.crt
- cp -f ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ./mykeys/dev.key
- ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ./mykeys -f ${WORKDIR}/fit-image.its -r ${TZ_ASSEMBLE_OUT}/${TZ_BINARY}
+ mkdir -p ${WORKDIR}/mykeys
+ cp -f ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ${WORKDIR}/mykeys/dev.crt
+ cp -f ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ${WORKDIR}/mykeys/dev.key
+ ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ${WORKDIR}/mykeys -f ${WORKDIR}/fit-image.its -r ${TZ_ASSEMBLE_OUT}/${TZ_BINARY}
fi
}
diff --git a/meta/meta-mediatek/classes/u-boot-fitimage.bbclass b/meta/meta-mediatek/classes/u-boot-fitimage.bbclass
old mode 100644
new mode 100755
index ffdc171..a166df8
--- a/meta/meta-mediatek/classes/u-boot-fitimage.bbclass
+++ b/meta/meta-mediatek/classes/u-boot-fitimage.bbclass
@@ -67,7 +67,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- kernel@1 {
+ kernel_1 {
description = "U-Boot";
data = /incbin/("${1}");
type = "kernel";
@@ -76,7 +76,7 @@
compression = "${2}";
load = <${UBOOT_FIT_LOADADDRESS}>;
entry = <${UBOOT_FIT_ENTRYPOINT}>;
- hash@1 {
+ hash {
algo = "${uboot_csum}";
};
};
@@ -97,7 +97,7 @@
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- fdt@1 {
+ fdt_1 {
description = "sig blob for u-boot verified boot";
data = /incbin/("${1}");
type = "kernel";
@@ -106,7 +106,7 @@
compression = "${2}";
load = <${UBOOT_DTB_LOADADDRESS}>;
entry = <${UBOOT_DTB_LOADADDRESS}>;
- hash@1 {
+ hash {
algo = "${dtb_csum}";
};
};
@@ -128,20 +128,20 @@
conf_desc="${MTK_PROJECT} configuration"
- uboot_line="kernel = \"kernel@1\";"
+ uboot_line="kernel = \"kernel_1\";"
if [ "${SECURE_BOOT_ENABLE}" = "yes" ]; then
- fdt_line="fdt = \"fdt@1\";"
+ fdt_line="fdt = \"fdt_1\";"
else
fdt_line=""
fi
cat << EOF >> ${WORKDIR}/fit-image.its
- default = "conf@1";
- conf@1 {
+ default = "conf_1";
+ conf_1 {
description = "${conf_desc}";
${uboot_line}
${fdt_line}
- signature@1 {
+ signature {
algo = "${conf_csum}";
key-name-hint="${conf_key_name}";
sign-images="fdt","kernel";
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/bl33_1.0.bb b/meta/meta-mediatek/recipes-bsp/bl33/bl33_1.0.bb
old mode 100644
new mode 100755
index 6a04014..0d2a833
--- a/meta/meta-mediatek/recipes-bsp/bl33/bl33_1.0.bb
+++ b/meta/meta-mediatek/recipes-bsp/bl33/bl33_1.0.bb
@@ -4,7 +4,7 @@
MTK_SRC = "${TOPDIR}/../src/bsp/lk"
BL33_OUT = "${WORKDIR}/out"
LIC_FILES_CHKSUM = "file://${MTK_SRC}/LICENSE;md5=25394d472e4c06f4d61140e88861fb5b"
-SRC_URI = "file://dev_info file://pbp file://key file://lk_dts file://dummy_img file://fit-lk"
+SRC_URI = "file://dev_info file://pbp file://key file://lk_dts file://fit-lk"
#S = "${WORKDIR}"
DEPENDS += "u-boot-mkimage-native bc-native dtc-native"
@@ -19,7 +19,6 @@
PBP_DIR = "${WORKDIR}/pbp"
KEY_DIR = "${WORKDIR}/key"
DTS_DIR = "${WORKDIR}/lk_dts"
-DUMMY_IMG_DIR="${WORKDIR}/dummy_img"
IC_NAME="$(echo ${TARGET_PLATFORM}|tr '[a-z]' '[A-Z]')"
DEV_INFO_HDR_TOOL = "${TOPDIR}/../src/bsp/scatter/scripts/dev-info-hdr-tool.py"
@@ -35,13 +34,17 @@
dtc -p 0x3ff ${DTS_DIR}/lk.dts -O dtb -o ${DTS_DIR}/lk.dtb
cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ${WORKDIR}/mykeys/dev.crt
cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ${WORKDIR}/mykeys/dev.key
- ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -F -k ${WORKDIR}/mykeys -K ${DTS_DIR}/lk.dtb -r ${DUMMY_IMG_DIR}/fitImage
+
+ echo -n -e \\xde\\xed\\xbe\\xef > ${DTS_DIR}/dummy.bin
+ ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ${WORKDIR}/mykeys -K ${DTS_DIR}/lk.dtb -r -f ${DTS_DIR}/dummy.its ${DTS_DIR}/dummyfit.img
OFF_DT_STRINGS="`fdtdump ${DTS_DIR}/lk.dtb | grep off_dt_strings | sed "s,^\/\/.*:\s*0x,,"`"
SIZE_DT_STRINGS="`fdtdump ${DTS_DIR}/lk.dtb | grep size_dt_strings | sed "s,^\/\/.*:\s*0x,,"`"
KEYNODE_LEN="`echo "obase=16;ibase=16;${OFF_DT_STRINGS} + ${SIZE_DT_STRINGS}" | bc`"
python ${WORKDIR}/dev_info/dtb-transfer-array.py ${DTS_DIR}/lk.dtb ${DTS_DIR}/blob.h ${KEYNODE_LEN}
cp ${DTS_DIR}/blob.h ${BL33_OUT}/include/blob.h
rm -rf ${WORKDIR}/mykeys
+ rm -f ${DTS_DIR}/dummy.bin
+ rm -f ${DTS_DIR}/dummyfit.img
else
cp ${DTS_DIR}/tmp_blob.txt ${BL33_OUT}/include/blob.h
fi
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage b/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage
deleted file mode 100644
index 036ed1b..0000000
--- a/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage
+++ /dev/null
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/dummy.its b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/dummy.its
new file mode 100755
index 0000000..edb199d
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/dummy.its
@@ -0,0 +1,33 @@
+/dts-v1/;
+
+/ {
+ description = "Dummy its for key dtb generation";
+ #address-cells = <1>;
+
+ images {
+ kernel_1 {
+ description = "dummy image";
+ data = /incbin/("dummy.bin");
+ type = "kernel";
+ compression = "none";
+ load = <0x80008000>;
+ entry = <0x80008000>;
+ hash {
+ algo = "sha256";
+ };
+ };
+ };
+
+ configurations {
+ default = "conf_1";
+ conf_1 {
+ description = "Dummy kernel conf";
+ kernel = "kernel_1";
+ signature {
+ algo = "sha256,rsa2048";
+ key-name-hint="dev";
+ sign-images = "kernel";
+ };
+ };
+ };
+};
diff --git a/meta/meta-mediatek/recipes-bsp/lk/files/dummy_img/fitImage b/meta/meta-mediatek/recipes-bsp/lk/files/dummy_img/fitImage
deleted file mode 100644
index 036ed1b..0000000
--- a/meta/meta-mediatek/recipes-bsp/lk/files/dummy_img/fitImage
+++ /dev/null
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/lk/files/lk_dts/dummy.its b/meta/meta-mediatek/recipes-bsp/lk/files/lk_dts/dummy.its
new file mode 100755
index 0000000..edb199d
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/lk/files/lk_dts/dummy.its
@@ -0,0 +1,33 @@
+/dts-v1/;
+
+/ {
+ description = "Dummy its for key dtb generation";
+ #address-cells = <1>;
+
+ images {
+ kernel_1 {
+ description = "dummy image";
+ data = /incbin/("dummy.bin");
+ type = "kernel";
+ compression = "none";
+ load = <0x80008000>;
+ entry = <0x80008000>;
+ hash {
+ algo = "sha256";
+ };
+ };
+ };
+
+ configurations {
+ default = "conf_1";
+ conf_1 {
+ description = "Dummy kernel conf";
+ kernel = "kernel_1";
+ signature {
+ algo = "sha256,rsa2048";
+ key-name-hint="dev";
+ sign-images = "kernel";
+ };
+ };
+ };
+};
diff --git a/meta/meta-mediatek/recipes-bsp/lk/lk_2.0.0.bb b/meta/meta-mediatek/recipes-bsp/lk/lk_2.0.0.bb
old mode 100644
new mode 100755
index fd3f1ca..b2dbb08
--- a/meta/meta-mediatek/recipes-bsp/lk/lk_2.0.0.bb
+++ b/meta/meta-mediatek/recipes-bsp/lk/lk_2.0.0.bb
@@ -4,7 +4,7 @@
MTK_SRC = "${TOPDIR}/../src/bsp/lk"
LK_OUT = "${WORKDIR}/out"
LIC_FILES_CHKSUM = "file://${MTK_SRC}/LICENSE;md5=25394d472e4c06f4d61140e88861fb5b"
-SRC_URI = "file://gfh file://dev_info file://pbp file://key file://lk_dts file://dummy_img file://fit-lk"
+SRC_URI = "file://gfh file://dev_info file://pbp file://key file://lk_dts file://fit-lk"
#S = "${WORKDIR}"
DEPENDS += "u-boot-mkimage-native bc-native dtc-native"
@@ -19,7 +19,6 @@
PBP_DIR = "${WORKDIR}/pbp"
KEY_DIR = "${WORKDIR}/key"
DTS_DIR = "${WORKDIR}/lk_dts"
-DUMMY_IMG_DIR="${WORKDIR}/dummy_img"
FIT_IMG_TOOL ?= "uboot-mkimage"
IC_NAME="$(echo ${TARGET_PLATFORM}|tr '[a-z]' '[A-Z]')"
@@ -37,7 +36,9 @@
dtc -p 0x3ff ${DTS_DIR}/lk.dts -O dtb -o ${DTS_DIR}/lk.dtb
cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.crt ${WORKDIR}/mykeys/dev.crt
cp ${MTK_KEY_DIR}/${VERIFIED_KEY}.pem ${WORKDIR}/mykeys/dev.key
- ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -F -k ${WORKDIR}/mykeys -K ${DTS_DIR}/lk.dtb -r ${DUMMY_IMG_DIR}/fitImage
+
+ echo -n -e \\xde\\xed\\xbe\\xef > ${DTS_DIR}/dummy.bin
+ ${HSM_ENV} HSM_KEY_NAME=${VERIFIED_KEY} uboot-mkimage -D "-I dts -O dtb -p 1024" -k ${WORKDIR}/mykeys -K ${DTS_DIR}/lk.dtb -r -f ${DTS_DIR}/dummy.its ${DTS_DIR}/dummyfit.img
OFF_DT_STRINGS="`fdtdump ${DTS_DIR}/lk.dtb | grep off_dt_strings | sed "s,^\/\/.*:\s*0x,,"`"
SIZE_DT_STRINGS="`fdtdump ${DTS_DIR}/lk.dtb | grep size_dt_strings | sed "s,^\/\/.*:\s*0x,,"`"
KEYNODE_LEN="`echo "obase=16;ibase=16;${OFF_DT_STRINGS} + ${SIZE_DT_STRINGS}" | bc`"
@@ -45,6 +46,8 @@
cp ${DTS_DIR}/blob.h ${LK_OUT}/include/blob.h
cp ${DTS_DIR}/lk.dtb ${TOPDIR}/lk.dtb
rm -rf ${WORKDIR}/mykeys
+ rm -f ${DTS_DIR}/dummy.bin
+ rm -f ${DTS_DIR}/fummyfit.img
else
cp ${DTS_DIR}/tmp_blob.txt ${LK_OUT}/include/blob.h
fi
diff --git a/meta/meta-mediatek/recipes-connectivity/mnld/mnld6635.bb b/meta/meta-mediatek/recipes-connectivity/mnld/mnld6635.bb
old mode 100644
new mode 100755
index 102f5cb..42d3cb07
--- a/meta/meta-mediatek/recipes-connectivity/mnld/mnld6635.bb
+++ b/meta/meta-mediatek/recipes-connectivity/mnld/mnld6635.bb
@@ -17,6 +17,7 @@
FILES_${PN} += "/data/agps_supl"
FILES_${PN} += "/usr/share/gps"
FILES_${PN} += "/usr/share/gps/mpe_mnl"
+FILES_${PN} += "/etc/MNL_Config.xml"
DEPENDS += "openssl curl"
@@ -51,6 +52,8 @@
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${B}/mnld.service ${D}${systemd_unitdir}/system
fi
+ install -d ${D}/etc
+ install -m 0755 ${WORKONSRC}files/MNL_Config.xml ${D}/etc
}
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2731/Makefile b/prebuilt/bsp/hsm/private/crypto/mt2731/Makefile
old mode 100644
new mode 100755
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2731/hsm-crypto-dev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm b/prebuilt/bsp/hsm/private/crypto/mt2731/hsm-crypto-dev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm
old mode 100644
new mode 100755
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2731/hsm-crypto-staticdev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm b/prebuilt/bsp/hsm/private/crypto/mt2731/hsm-crypto-staticdev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm
old mode 100644
new mode 100755
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2735/Makefile b/prebuilt/bsp/hsm/private/crypto/mt2735/Makefile
old mode 100644
new mode 100755
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-dev-1.0.0-r0.aarch64.rpm b/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-dev-1.0.0-r0.aarch64.rpm
old mode 100644
new mode 100755
index 2d32bb6..6cde435
--- a/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-dev-1.0.0-r0.aarch64.rpm
+++ b/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-dev-1.0.0-r0.aarch64.rpm
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-staticdev-1.0.0-r0.aarch64.rpm b/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-staticdev-1.0.0-r0.aarch64.rpm
old mode 100644
new mode 100755
index 35a9305..bf59647
--- a/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-staticdev-1.0.0-r0.aarch64.rpm
+++ b/prebuilt/bsp/hsm/private/crypto/mt2735/hsm-crypto-staticdev-1.0.0-r0.aarch64.rpm
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2731/Makefile b/prebuilt/bsp/hsm/private/efuse/mt2731/Makefile
old mode 100644
new mode 100755
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2731/hsm-efuse-dev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm b/prebuilt/bsp/hsm/private/efuse/mt2731/hsm-efuse-dev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm
old mode 100644
new mode 100755
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2731/hsm-efuse-staticdev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm b/prebuilt/bsp/hsm/private/efuse/mt2731/hsm-efuse-staticdev-1.0.0-r0.cortexa7hf_neon_vfpv4.rpm
old mode 100644
new mode 100755
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2735/Makefile b/prebuilt/bsp/hsm/private/efuse/mt2735/Makefile
old mode 100644
new mode 100755
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-dev-1.0.0-r0.aarch64.rpm b/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-dev-1.0.0-r0.aarch64.rpm
old mode 100644
new mode 100755
index 50ef232..7409016
--- a/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-dev-1.0.0-r0.aarch64.rpm
+++ b/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-dev-1.0.0-r0.aarch64.rpm
Binary files differ
diff --git a/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-staticdev-1.0.0-r0.aarch64.rpm b/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-staticdev-1.0.0-r0.aarch64.rpm
old mode 100644
new mode 100755
index b58f3e6..41bc793
--- a/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-staticdev-1.0.0-r0.aarch64.rpm
+++ b/prebuilt/bsp/hsm/private/efuse/mt2735/hsm-efuse-staticdev-1.0.0-r0.aarch64.rpm
Binary files differ
diff --git a/prebuilt/devtools/aee/aee-1.0-r0.aarch64_prop_gcc_glibc_2.28.rpm b/prebuilt/devtools/aee/aee-1.0-r0.aarch64_prop_gcc_glibc_2.28.rpm
new file mode 100755
index 0000000..fd5ad8f
--- /dev/null
+++ b/prebuilt/devtools/aee/aee-1.0-r0.aarch64_prop_gcc_glibc_2.28.rpm
Binary files differ
diff --git a/prebuilt/devtools/aee/makefile b/prebuilt/devtools/aee/makefile
old mode 100644
new mode 100755
index 6e1dade..f7cd30c
--- a/prebuilt/devtools/aee/makefile
+++ b/prebuilt/devtools/aee/makefile
@@ -1,4 +1,9 @@
package_arch = $(subst -,_,${PACKAGE_ARCH})
+rpm_bin=${bindir}/rpm2cpio
+
+ifeq ("$(wildcard $(rpm_bin))","")
+ rpm_bin=rpm2cpio
+endif
#default toolchain is gcc
toolchain = gcc
@@ -14,6 +19,11 @@
property = sncfg
endif
+ifneq ($(findstring mt2735, ${TARGET_PLATFORM}),)
+# only 2735 use glibc 2.28
+toolchain = gcc_glibc_2.28
+endif
+
lib_path = usr/lib
ifneq ($(findstring aarch64, ${package_arch}),)
@@ -25,7 +35,7 @@
all:
install:
- find -name "*.$(package_arch)_$(property)_$(toolchain).rpm" | while read i; do echo $${i}; ${bindir}/rpm2cpio $${i} | cpio -idmv ; done
+ find -name "*.$(package_arch)_$(property)_$(toolchain).rpm" | while read i; do echo $${i}; ${rpm_bin} $${i} | cpio -idmv ; done
install -d $(DESTDIR)/usr/bin/
install -m 0755 usr/bin/aee_aed $(DESTDIR)/usr/bin
diff --git a/prebuilt/firmware/sspm/mt2735/sspm.img b/prebuilt/firmware/sspm/mt2735/sspm.img
old mode 100644
new mode 100755
index e611581..8f5ae5c
--- a/prebuilt/firmware/sspm/mt2735/sspm.img
+++ b/prebuilt/firmware/sspm/mt2735/sspm.img
Binary files differ
diff --git a/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/dsp.bin b/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/dsp.bin
new file mode 100755
index 0000000..3b805ba
--- /dev/null
+++ b/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/dsp.bin
Binary files differ
diff --git a/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/modem.img b/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/modem.img
new file mode 100755
index 0000000..16ea29e
--- /dev/null
+++ b/prebuilt/modem/mt2735/MT2735_MR1_GA_NLWG_20220110/modem.img
Binary files differ