* [PATCH 0/1 V2] uboot-sign.bbclass: fix signature and deployment @ 2018-11-30 2:26 Robert Yang 2018-11-30 2:26 ` [PATCH 1/1] " Robert Yang 2018-11-30 2:33 ` ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) Patchwork 0 siblings, 2 replies; 9+ messages in thread From: Robert Yang @ 2018-11-30 2:26 UTC (permalink / raw) To: openembedded-core * V2 Rebase to master-next and resend. * V1 Initial version The following changes since commit e821100b1ee2a023b813adb20e56fe1ccc352d42: musl: Update to latest trunk (2018-11-29 23:34:46 +0000) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/uboot http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/uboot Robert Yang (1): uboot-sign.bbclass: fix signature and deployment meta/classes/kernel-fitimage.bbclass | 17 ++++++- meta/classes/uboot-sign.bbclass | 95 ++++++++++++++++++++---------------- meta/recipes-bsp/u-boot/u-boot.inc | 2 +- 3 files changed, 69 insertions(+), 45 deletions(-) -- 2.7.4 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-30 2:26 [PATCH 0/1 V2] uboot-sign.bbclass: fix signature and deployment Robert Yang @ 2018-11-30 2:26 ` Robert Yang 2018-11-30 2:33 ` ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) Patchwork 1 sibling, 0 replies; 9+ messages in thread From: Robert Yang @ 2018-11-30 2:26 UTC (permalink / raw) To: openembedded-core Fixed: MACHINE = "beaglebone-yocto" KERNEL_CLASSES += "kernel-fitimage" KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" UBOOT_SIGN_KEYNAME = "dev" UBOOT_SIGN_ENABLE = "1" IMAGE_INSTALL_remove = "kernel-image-zimage" $ cd conf $ openssl genrsa -F4 -out dev.key 2048 $ openssl req -batch -new -x509 -key dev.key -out dev.crt $ cd ../ $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches And there would be no signature info when rebuild from sstate: $ bitbake u-boot linux-yocto -cclean $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb No result This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified info is not in sstate, and would be lost when rebuild from sstate. There are other problems in previouse code: - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so it should be deployed by kernel rather than u-boot. - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. - It seems that it assumes do_deploy depends on do_install according the comments, but they have no relationships: # do_concat_dtb is scheduled _before_ do_install as it overwrite the # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. - The do_concat_dtb should be run after do_compile, but it doesn't have this dependency. Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. [YOCTO #12112] Reported-by: Christian Andersen <c.andersen@kostal.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- meta/classes/kernel-fitimage.bbclass | 17 ++++++- meta/classes/uboot-sign.bbclass | 95 ++++++++++++++++++++---------------- meta/recipes-bsp/u-boot/u-boot.inc | 2 +- 3 files changed, 69 insertions(+), 45 deletions(-) diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 328bef4..5f6380f 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -35,7 +35,7 @@ python __anonymous () { # the fitImage: if d.getVar('UBOOT_SIGN_ENABLE') == "1": uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' - d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_deploy' % uboot_pn) + d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) } # Options for the device tree compiler passed to mkimage '-D' feature: @@ -456,10 +456,17 @@ fitimage_assemble() { # Step 7: Sign the image and add public key to U-Boot dtb # if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then + add_key_to_u_boot="" + if [ -n "${UBOOT_DTB_BINARY}" ]; then + # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy + # both of them, and don't dereference the symlink. + cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} + add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" + fi uboot-mkimage \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -F -k "${UBOOT_SIGN_KEYDIR}" \ - ${@'-K "${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_BINARY}"' if len('${UBOOT_DTB_BINARY}') else ''} \ + $add_key_to_u_boot \ -r arch/${ARCH}/boot/${2} fi } @@ -505,5 +512,11 @@ kernel_do_deploy_append() { install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME} fi + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then + # UBOOT_DTB_IMAGE is a realfile, but we can't use + # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed + # for u-boot, but we are in kernel env now. + install -m 0644 ${B}/u-boot-${MACHINE}*.dtb ${DEPLOYDIR}/ + fi fi } diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index afaf46f..03100b8 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass @@ -19,11 +19,15 @@ # The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to # treat the device tree blob: # -# u-boot:do_deploy_dtb -# u-boot:do_deploy -# virtual/kernel:do_assemble_fitimage -# u-boot:do_concat_dtb -# u-boot:do_install +# * u-boot:do_install_append +# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for +# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. +# +# * virtual/kernel:do_assemble_fitimage +# Sign the image +# +# * u-boot:do_deploy[postfuncs] +# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others. # # For more details on signature process, please refer to U-Boot documentation. @@ -38,58 +42,65 @@ UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" UBOOT_NODTB_BINARY ?= "u-boot-nodtb.${UBOOT_SUFFIX}" UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.${UBOOT_SUFFIX}" -# -# Following is relevant only for u-boot recipes: -# +# Functions in this bbclass is for u-boot only +UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}" -do_deploy_dtb () { - mkdir -p ${DEPLOYDIR} - cd ${DEPLOYDIR} +concat_dtb() { + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" ]; then + mkdir -p ${DEPLOYDIR} + if [ -e ${B}/${UBOOT_DTB_BINARY} ]; then + ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY} + ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK} + fi - if [ -f ${B}/${UBOOT_DTB_BINARY} ]; then - install ${B}/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/${UBOOT_DTB_IMAGE} - rm -f ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SYMLINK} - ln -sf ${UBOOT_DTB_IMAGE} ${UBOOT_DTB_SYMLINK} - ln -sf ${UBOOT_DTB_IMAGE} ${UBOOT_DTB_BINARY} - fi - if [ -f ${B}/${UBOOT_NODTB_BINARY} ]; then - install ${B}/${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} - rm -f ${UBOOT_NODTB_BINARY} ${UBOOT_NODTB_SYMLINK} - ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_SYMLINK} - ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_BINARY} - fi -} + if [ -f ${B}/${UBOOT_NODTB_BINARY} ]; then + install ${B}/${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} + ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_SYMLINK} + ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_BINARY} + fi -do_concat_dtb () { - # Concatenate U-Boot w/o DTB & DTB with public key - # (cf. kernel-fitimage.bbclass for more details) - if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ]; then + # Concatenate U-Boot w/o DTB & DTB with public key + # (cf. kernel-fitimage.bbclass for more details) + deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}' if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ - [ -e "${DEPLOYDIR}/${UBOOT_DTB_IMAGE}" ]; then + [ -e "$deployed_uboot_dtb_binary" ]; then cd ${B} - oe_runmake EXT_DTB=${DEPLOYDIR}/${UBOOT_DTB_IMAGE} + oe_runmake EXT_DTB=$deployed_uboot_dtb_binary install ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} - install ${B}/${UBOOT_BINARY} ${DEPLOY_DIR_IMAGE}/${UBOOT_IMAGE} - elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "${DEPLOYDIR}/${UBOOT_DTB_IMAGE}" ]; then + elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then cd ${DEPLOYDIR} - cat ${UBOOT_NODTB_IMAGE} ${UBOOT_DTB_IMAGE} | tee ${B}/${UBOOT_BINARY} > ${UBOOT_IMAGE} + cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${UBOOT_BINARY} > ${UBOOT_IMAGE} else bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available." fi fi } +# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for +# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. +do_install_append() { + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" ]; then + if [ -f ${B}/${UBOOT_DTB_BINARY} ]; then + install -d ${D}${datadir} + # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we + # need both of them. + install ${B}/${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE} + ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY} + else + bbwarn "${B}/${UBOOT_DTB_BINARY} not found" + fi + fi +} + python () { - uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' - if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn: + if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == d.getVar('UBOOT_PN'): kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel') - # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy - # Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR - bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d) + # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb + d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % kernel_pn) - # do_concat_dtb is scheduled _before_ do_install as it overwrite the - # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. - bb.build.addtask('do_concat_dtb', 'do_install', None, d) - d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn) + # kernerl's do_deploy is a litle special, so we can't use + # do_deploy_append, otherwise it would override + # kernel_do_deploy. + d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb') } diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc index 48fbc57..bbdbc25 100644 --- a/meta/recipes-bsp/u-boot/u-boot.inc +++ b/meta/recipes-bsp/u-boot/u-boot.inc @@ -201,7 +201,7 @@ do_install () { } -FILES_${PN} = "/boot ${sysconfdir}" +FILES_${PN} = "/boot ${sysconfdir} ${datadir}" do_deploy () { if [ -n "${UBOOT_CONFIG}" ] -- 2.7.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) 2018-11-30 2:26 [PATCH 0/1 V2] uboot-sign.bbclass: fix signature and deployment Robert Yang 2018-11-30 2:26 ` [PATCH 1/1] " Robert Yang @ 2018-11-30 2:33 ` Patchwork 2018-11-30 3:32 ` Robert Yang 1 sibling, 1 reply; 9+ messages in thread From: Patchwork @ 2018-11-30 2:33 UTC (permalink / raw) To: Robert Yang; +Cc: openembedded-core == Series Details == Series: uboot-sign.bbclass: fix signature and deployment (rev2) Revision: 2 URL : https://patchwork.openembedded.org/series/15013/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Series does not apply on top of target branch [test_series_merge_on_head] Suggested fix Rebase your series on top of targeted branch Targeted branch master (currently at 21387613fe) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) 2018-11-30 2:33 ` ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) Patchwork @ 2018-11-30 3:32 ` Robert Yang 0 siblings, 0 replies; 9+ messages in thread From: Robert Yang @ 2018-11-30 3:32 UTC (permalink / raw) To: openembedded-core This patch is for master-next, not master, so I think that we can ignore this issue. // Robert On 11/30/18 10:33 AM, Patchwork wrote: > == Series Details == > > Series: uboot-sign.bbclass: fix signature and deployment (rev2) > Revision: 2 > URL : https://patchwork.openembedded.org/series/15013/ > State : failure > > == Summary == > > > Thank you for submitting this patch series to OpenEmbedded Core. This is > an automated response. Several tests have been executed on the proposed > series by patchtest resulting in the following failures: > > > > * Issue Series does not apply on top of target branch [test_series_merge_on_head] > Suggested fix Rebase your series on top of targeted branch > Targeted branch master (currently at 21387613fe) > > > > If you believe any of these test results are incorrect, please reply to the > mailing list (openembedded-core@lists.openembedded.org) raising your concerns. > Otherwise we would appreciate you correcting the issues and submitting a new > version of the patchset if applicable. Please ensure you add/increment the > version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> > [PATCH v3] -> ...). > > --- > Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines > Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest > Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 0/1] uboot-sign.bbclass: fix signature and deployment @ 2018-11-21 6:24 Robert Yang 2018-11-21 6:24 ` [PATCH 1/1] " Robert Yang 0 siblings, 1 reply; 9+ messages in thread From: Robert Yang @ 2018-11-21 6:24 UTC (permalink / raw) To: openembedded-core; +Cc: c.andersen The following changes since commit 19c9842644b7b0a599437fd394111f161c8b1f1e: apt: Improve SRC_URI (2018-11-20 10:11:24 +0000) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/uboot http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/uboot Robert Yang (1): uboot-sign.bbclass: fix signature and deployment meta/classes/kernel-fitimage.bbclass | 17 ++++++- meta/classes/uboot-sign.bbclass | 95 ++++++++++++++++++++---------------- meta/recipes-bsp/u-boot/u-boot.inc | 2 +- 3 files changed, 69 insertions(+), 45 deletions(-) -- 2.7.4 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-21 6:24 [PATCH 0/1] uboot-sign.bbclass: fix signature and deployment Robert Yang @ 2018-11-21 6:24 ` Robert Yang 2018-11-21 17:20 ` Otavio Salvador 0 siblings, 1 reply; 9+ messages in thread From: Robert Yang @ 2018-11-21 6:24 UTC (permalink / raw) To: openembedded-core; +Cc: c.andersen Fixed: MACHINE = "beaglebone-yocto" KERNEL_CLASSES += "kernel-fitimage" KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" UBOOT_SIGN_KEYNAME = "dev" UBOOT_SIGN_ENABLE = "1" IMAGE_INSTALL_remove = "kernel-image-zimage" $ cd conf $ openssl genrsa -F4 -out dev.key 2048 $ openssl req -batch -new -x509 -key dev.key -out dev.crt $ cd ../ $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches And there would be no signature info when rebuild from sstate: $ bitbake u-boot linux-yocto -cclean $ bitbake u-boot linux-yocto $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb No result This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified info is not in sstate, and would be lost when rebuild from sstate. There are other problems in previouse code: - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so it should be deployed by kernel rather than u-boot. - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. - It seems that it assumes do_deploy depends on do_install according the comments, but they have no relationships: # do_concat_dtb is scheduled _before_ do_install as it overwrite the # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. - The do_concat_dtb should be run after do_compile, but it doesn't have this dependency. Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. [YOCTO #12112] Reported-by: Christian Andersen <c.andersen@kostal.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- meta/classes/kernel-fitimage.bbclass | 17 ++++++- meta/classes/uboot-sign.bbclass | 95 ++++++++++++++++++++---------------- meta/recipes-bsp/u-boot/u-boot.inc | 2 +- 3 files changed, 69 insertions(+), 45 deletions(-) diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 4c4fd99..7c5bcd0 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -35,7 +35,7 @@ python __anonymous () { # the fitImage: if d.getVar('UBOOT_SIGN_ENABLE') == "1": uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' - d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_deploy' % uboot_pn) + d.appendVarFlag('do_assemble_fitimage', 'depends', ' %s:do_populate_sysroot' % uboot_pn) } # Options for the device tree compiler passed to mkimage '-D' feature: @@ -456,10 +456,17 @@ fitimage_assemble() { # Step 7: Sign the image and add public key to U-Boot dtb # if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then + add_key_to_u_boot="" + if [ -n "${UBOOT_DTB_BINARY}" ]; then + # The u-boot.dtb is a symlink to UBOOT_DTB_IMAGE, so we need copy + # both of them, and don't dereference the symlink. + cp -P ${STAGING_DATADIR}/u-boot*.dtb ${B} + add_key_to_u_boot="-K ${B}/${UBOOT_DTB_BINARY}" + fi uboot-mkimage \ ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \ -F -k "${UBOOT_SIGN_KEYDIR}" \ - ${@'-K "${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_BINARY}"' if len('${UBOOT_DTB_BINARY}') else ''} \ + $add_key_to_u_boot \ -r arch/${ARCH}/boot/${2} fi } @@ -505,5 +512,11 @@ kernel_do_deploy_append() { install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME} fi + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then + # UBOOT_DTB_IMAGE is a realfile, but we can't use + # ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed + # for u-boot, but we are in kernel env now. + install -m 0644 ${B}/u-boot-${MACHINE}*.dtb ${DEPLOYDIR}/ + fi fi } diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index 8ee904e..0e5e1b1 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass @@ -19,11 +19,15 @@ # The tasks sequence is set as below, using DEPLOY_IMAGE_DIR as common place to # treat the device tree blob: # -# u-boot:do_deploy_dtb -# u-boot:do_deploy -# virtual/kernel:do_assemble_fitimage -# u-boot:do_concat_dtb -# u-boot:do_install +# * u-boot:do_install_append +# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for +# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. +# +# * virtual/kernel:do_assemble_fitimage +# Sign the image +# +# * u-boot:do_deploy[postfuncs] +# Deploy files like UBOOT_DTB_IMAGE, UBOOT_DTB_SYMLINK and others. # # For more details on signature process, please refer to U-Boot documentation. @@ -38,58 +42,65 @@ UBOOT_NODTB_IMAGE ?= "u-boot-nodtb-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" UBOOT_NODTB_BINARY ?= "u-boot-nodtb.${UBOOT_SUFFIX}" UBOOT_NODTB_SYMLINK ?= "u-boot-nodtb-${MACHINE}.${UBOOT_SUFFIX}" -# -# Following is relevant only for u-boot recipes: -# +# Functions in this bbclass is for u-boot only +UBOOT_PN = "${@d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'}" -do_deploy_dtb () { - mkdir -p ${DEPLOYDIR} - cd ${DEPLOYDIR} +concat_dtb() { + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" ]; then + mkdir -p ${DEPLOYDIR} + if [ -e ${B}/${UBOOT_DTB_BINARY} ]; then + ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_BINARY} + ln -sf ${UBOOT_DTB_IMAGE} ${DEPLOYDIR}/${UBOOT_DTB_SYMLINK} + fi - if [ -f ${B}/${UBOOT_DTB_BINARY} ]; then - install ${B}/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/${UBOOT_DTB_IMAGE} - rm -f ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SYMLINK} - ln -sf ${UBOOT_DTB_IMAGE} ${UBOOT_DTB_SYMLINK} - ln -sf ${UBOOT_DTB_IMAGE} ${UBOOT_DTB_BINARY} - fi - if [ -f ${B}/${UBOOT_NODTB_BINARY} ]; then - install ${B}/${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} - rm -f ${UBOOT_NODTB_BINARY} ${UBOOT_NODTB_SYMLINK} - ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_SYMLINK} - ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_BINARY} - fi -} + if [ -f ${B}/${UBOOT_NODTB_BINARY} ]; then + install ${B}/${UBOOT_NODTB_BINARY} ${DEPLOYDIR}/${UBOOT_NODTB_IMAGE} + ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_SYMLINK} + ln -sf ${UBOOT_NODTB_IMAGE} ${UBOOT_NODTB_BINARY} + fi -do_concat_dtb () { - # Concatenate U-Boot w/o DTB & DTB with public key - # (cf. kernel-fitimage.bbclass for more details) - if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ]; then + # Concatenate U-Boot w/o DTB & DTB with public key + # (cf. kernel-fitimage.bbclass for more details) + deployed_uboot_dtb_binary='${DEPLOY_DIR_IMAGE}/${UBOOT_DTB_IMAGE}' if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ - [ -e "${DEPLOYDIR}/${UBOOT_DTB_IMAGE}" ]; then + [ -e "$deployed_uboot_dtb_binary" ]; then cd ${B} - oe_runmake EXT_DTB=${DEPLOYDIR}/${UBOOT_DTB_IMAGE} + oe_runmake EXT_DTB=$deployed_uboot_dtb_binary install ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} - install ${B}/${UBOOT_BINARY} ${DEPLOY_DIR_IMAGE}/${UBOOT_IMAGE} - elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "${DEPLOYDIR}/${UBOOT_DTB_IMAGE}" ]; then + elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then cd ${DEPLOYDIR} - cat ${UBOOT_NODTB_IMAGE} ${UBOOT_DTB_IMAGE} | tee ${B}/${UBOOT_BINARY} > ${UBOOT_IMAGE} + cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${UBOOT_BINARY} > ${UBOOT_IMAGE} else bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available." fi fi } +# Install UBOOT_DTB_BINARY to datadir, so that kernel can use it for +# signing, and kernel will deploy UBOOT_DTB_BINARY after signs it. +do_install_append() { + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${PN}" = "${UBOOT_PN}" ]; then + if [ -f ${B}/${UBOOT_DTB_BINARY} ]; then + install -d ${D}${datadir} + # UBOOT_DTB_BINARY is a symlink to UBOOT_DTB_IMAGE, so we + # need both of them. + install ${B}/${UBOOT_DTB_BINARY} ${D}${datadir}/${UBOOT_DTB_IMAGE} + ln -sf ${UBOOT_DTB_IMAGE} ${D}${datadir}/${UBOOT_DTB_BINARY} + else + bbwarn "${B}/${UBOOT_DTB_BINARY} not found" + fi + fi +} + python () { - uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot' - if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn: + if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == d.getVar('UBOOT_PN'): kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel') - # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy - # Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR - bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d) + # Make "bitbake u-boot -cdeploy" deploys the signed u-boot.dtb + d.appendVarFlag('do_deploy', 'depends', ' %s:do_deploy' % kernel_pn) - # do_concat_dtb is scheduled _before_ do_install as it overwrite the - # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. - bb.build.addtask('do_concat_dtb', 'do_install', None, d) - d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn) + # kernerl's do_deploy is a litle special, so we can't use + # do_deploy_append, otherwise it would override + # kernel_do_deploy. + d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb') } diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc index 48fbc57..bbdbc25 100644 --- a/meta/recipes-bsp/u-boot/u-boot.inc +++ b/meta/recipes-bsp/u-boot/u-boot.inc @@ -201,7 +201,7 @@ do_install () { } -FILES_${PN} = "/boot ${sysconfdir}" +FILES_${PN} = "/boot ${sysconfdir} ${datadir}" do_deploy () { if [ -n "${UBOOT_CONFIG}" ] -- 2.7.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-21 6:24 ` [PATCH 1/1] " Robert Yang @ 2018-11-21 17:20 ` Otavio Salvador 2018-11-22 1:47 ` Robert Yang 0 siblings, 1 reply; 9+ messages in thread From: Otavio Salvador @ 2018-11-21 17:20 UTC (permalink / raw) To: Robert Yang; +Cc: c.andersen, Patches and discussions about the oe-core layer Hello, On Wed, Nov 21, 2018 at 4:08 AM Robert Yang <liezhi.yang@windriver.com> wrote: > > Fixed: > MACHINE = "beaglebone-yocto" > KERNEL_CLASSES += "kernel-fitimage" > KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" > UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" > UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" > UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" > UBOOT_SIGN_KEYNAME = "dev" > UBOOT_SIGN_ENABLE = "1" > IMAGE_INSTALL_remove = "kernel-image-zimage" > > $ cd conf > $ openssl genrsa -F4 -out dev.key 2048 > $ openssl req -batch -new -x509 -key dev.key -out dev.crt > $ cd ../ > $ bitbake u-boot linux-yocto > $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb > Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches > Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches > Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches > > And there would be no signature info when rebuild from sstate: > $ bitbake u-boot linux-yocto -cclean > $ bitbake u-boot linux-yocto > $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb > No result > > This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it > is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified > info is not in sstate, and would be lost when rebuild from sstate. > > There are other problems in previouse code: > - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so > it should be deployed by kernel rather than u-boot. > > - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, > this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. > > - It seems that it assumes do_deploy depends on do_install according the comments, > but they have no relationships: > # do_concat_dtb is scheduled _before_ do_install as it overwrite the > # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. > > - The do_concat_dtb should be run after do_compile, but it doesn't have this > dependency. > > Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from > ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. > > [YOCTO #12112] > > Reported-by: Christian Andersen <c.andersen@kostal.com> > Signed-off-by: Robert Yang <liezhi.yang@windriver.com> The change itself looks good, I noticed that the script part is not using 4 spaces for indenting and as this is being changed, it might make sense to address this as well. Acked-by: Otavio Salvador <otavio@ossystems.com.br> -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9 9981-7854 Mobile: +1 (347) 903-9750 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-21 17:20 ` Otavio Salvador @ 2018-11-22 1:47 ` Robert Yang 2018-11-29 13:15 ` Burton, Ross 0 siblings, 1 reply; 9+ messages in thread From: Robert Yang @ 2018-11-22 1:47 UTC (permalink / raw) To: Otavio Salvador Cc: c.andersen, Patches and discussions about the oe-core layer On 11/22/18 1:20 AM, Otavio Salvador wrote: > Hello, > > On Wed, Nov 21, 2018 at 4:08 AM Robert Yang <liezhi.yang@windriver.com> wrote: >> >> Fixed: >> MACHINE = "beaglebone-yocto" >> KERNEL_CLASSES += "kernel-fitimage" >> KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" >> UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" >> UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" >> UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" >> UBOOT_SIGN_KEYNAME = "dev" >> UBOOT_SIGN_ENABLE = "1" >> IMAGE_INSTALL_remove = "kernel-image-zimage" >> >> $ cd conf >> $ openssl genrsa -F4 -out dev.key 2048 >> $ openssl req -batch -new -x509 -key dev.key -out dev.crt >> $ cd ../ >> $ bitbake u-boot linux-yocto >> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches >> >> And there would be no signature info when rebuild from sstate: >> $ bitbake u-boot linux-yocto -cclean >> $ bitbake u-boot linux-yocto >> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb >> No result >> >> This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it >> is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified >> info is not in sstate, and would be lost when rebuild from sstate. >> >> There are other problems in previouse code: >> - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so >> it should be deployed by kernel rather than u-boot. >> >> - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, >> this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. >> >> - It seems that it assumes do_deploy depends on do_install according the comments, >> but they have no relationships: >> # do_concat_dtb is scheduled _before_ do_install as it overwrite the >> # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. >> >> - The do_concat_dtb should be run after do_compile, but it doesn't have this >> dependency. >> >> Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from >> ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. >> >> [YOCTO #12112] >> >> Reported-by: Christian Andersen <c.andersen@kostal.com> >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > > The change itself looks good, I noticed that the script part is not > using 4 spaces for indenting and as this is being changed, it might > make sense to address this as well. Thanks, sounds good to me, I will make another patch for it after this is merged. // Robert > > Acked-by: Otavio Salvador <otavio@ossystems.com.br> > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-22 1:47 ` Robert Yang @ 2018-11-29 13:15 ` Burton, Ross 2018-11-30 2:11 ` Robert Yang 0 siblings, 1 reply; 9+ messages in thread From: Burton, Ross @ 2018-11-29 13:15 UTC (permalink / raw) To: Robert Yang; +Cc: c.andersen, Otavio Salvador, OE-core This didn't get merged before other pieces did, so can you please rebase and resend? Ross On Thu, 22 Nov 2018 at 01:43, Robert Yang <liezhi.yang@windriver.com> wrote: > > > > On 11/22/18 1:20 AM, Otavio Salvador wrote: > > Hello, > > > > On Wed, Nov 21, 2018 at 4:08 AM Robert Yang <liezhi.yang@windriver.com> wrote: > >> > >> Fixed: > >> MACHINE = "beaglebone-yocto" > >> KERNEL_CLASSES += "kernel-fitimage" > >> KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" > >> UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" > >> UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" > >> UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" > >> UBOOT_SIGN_KEYNAME = "dev" > >> UBOOT_SIGN_ENABLE = "1" > >> IMAGE_INSTALL_remove = "kernel-image-zimage" > >> > >> $ cd conf > >> $ openssl genrsa -F4 -out dev.key 2048 > >> $ openssl req -batch -new -x509 -key dev.key -out dev.crt > >> $ cd ../ > >> $ bitbake u-boot linux-yocto > >> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb > >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches > >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches > >> Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches > >> > >> And there would be no signature info when rebuild from sstate: > >> $ bitbake u-boot linux-yocto -cclean > >> $ bitbake u-boot linux-yocto > >> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb > >> No result > >> > >> This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it > >> is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified > >> info is not in sstate, and would be lost when rebuild from sstate. > >> > >> There are other problems in previouse code: > >> - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so > >> it should be deployed by kernel rather than u-boot. > >> > >> - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, > >> this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. > >> > >> - It seems that it assumes do_deploy depends on do_install according the comments, > >> but they have no relationships: > >> # do_concat_dtb is scheduled _before_ do_install as it overwrite the > >> # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. > >> > >> - The do_concat_dtb should be run after do_compile, but it doesn't have this > >> dependency. > >> > >> Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from > >> ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. > >> > >> [YOCTO #12112] > >> > >> Reported-by: Christian Andersen <c.andersen@kostal.com> > >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > > > > The change itself looks good, I noticed that the script part is not > > using 4 spaces for indenting and as this is being changed, it might > > make sense to address this as well. > > Thanks, sounds good to me, I will make another patch for it after this is merged. > > // Robert > > > > > Acked-by: Otavio Salvador <otavio@ossystems.com.br> > > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/1] uboot-sign.bbclass: fix signature and deployment 2018-11-29 13:15 ` Burton, Ross @ 2018-11-30 2:11 ` Robert Yang 0 siblings, 0 replies; 9+ messages in thread From: Robert Yang @ 2018-11-30 2:11 UTC (permalink / raw) To: Burton, Ross; +Cc: c.andersen, Otavio Salvador, OE-core Hi Ross, On 11/29/18 9:15 PM, Burton, Ross wrote: > This didn't get merged before other pieces did, so can you please > rebase and resend? Thanks, I will rebase to master-next and resend. BTW, the Christian Andersen (the reporter) has replied that the patch works for him: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12112 // Robert > > Ross > On Thu, 22 Nov 2018 at 01:43, Robert Yang <liezhi.yang@windriver.com> wrote: >> >> >> >> On 11/22/18 1:20 AM, Otavio Salvador wrote: >>> Hello, >>> >>> On Wed, Nov 21, 2018 at 4:08 AM Robert Yang <liezhi.yang@windriver.com> wrote: >>>> >>>> Fixed: >>>> MACHINE = "beaglebone-yocto" >>>> KERNEL_CLASSES += "kernel-fitimage" >>>> KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" >>>> UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" >>>> UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" >>>> UBOOT_SIGN_KEYDIR = "${TOPDIR}/conf" >>>> UBOOT_SIGN_KEYNAME = "dev" >>>> UBOOT_SIGN_ENABLE = "1" >>>> IMAGE_INSTALL_remove = "kernel-image-zimage" >>>> >>>> $ cd conf >>>> $ openssl genrsa -F4 -out dev.key 2048 >>>> $ openssl req -batch -new -x509 -key dev.key -out dev.crt >>>> $ cd ../ >>>> $ bitbake u-boot linux-yocto >>>> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb >>>> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto-2018.07-r0.dtb matches >>>> Binary file tmp/deploy/images/beaglebone-yocto/u-boot-beaglebone-yocto.dtb matches >>>> Binary file tmp/deploy/images/beaglebone-yocto/u-boot.dtb matches >>>> >>>> And there would be no signature info when rebuild from sstate: >>>> $ bitbake u-boot linux-yocto -cclean >>>> $ bitbake u-boot linux-yocto >>>> $ grep signature tmp/deploy/images/beaglebone-yocto/*.dtb >>>> No result >>>> >>>> This s because kernel directly edit ${DEPLOY_DIR_IMAGE}/u-boot.dtb, (Note, it >>>> is global ${DEPLOY_DIR_IMAGE}, not recipe's DEPLOYDIR), so that the modified >>>> info is not in sstate, and would be lost when rebuild from sstate. >>>> >>>> There are other problems in previouse code: >>>> - The u-boot.dtb is provided by u-boot, but edited by kernel during signing, so >>>> it should be deployed by kernel rather than u-boot. >>>> >>>> - The u-boot.do_concat_dtb directly install files to global ${DEPLOY_DIR_IMAGE}, >>>> this is incorrect, the ${DEPLOY_DIR_IMAGE} should be installed by do_deploy. >>>> >>>> - It seems that it assumes do_deploy depends on do_install according the comments, >>>> but they have no relationships: >>>> # do_concat_dtb is scheduled _before_ do_install as it overwrite the >>>> # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR. >>>> >>>> - The do_concat_dtb should be run after do_compile, but it doesn't have this >>>> dependency. >>>> >>>> Make u-boot install u-boot.dtb to ${datadir}, kernel copies u-boot.dtb from >>>> ${STAGING_DATADIR} to ${B} and deploy it can fix the problem. >>>> >>>> [YOCTO #12112] >>>> >>>> Reported-by: Christian Andersen <c.andersen@kostal.com> >>>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> >>> >>> The change itself looks good, I noticed that the script part is not >>> using 4 spaces for indenting and as this is being changed, it might >>> make sense to address this as well. >> >> Thanks, sounds good to me, I will make another patch for it after this is merged. >> >> // Robert >> >>> >>> Acked-by: Otavio Salvador <otavio@ossystems.com.br> >>> >> -- >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.openembedded.org/mailman/listinfo/openembedded-core > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-11-30 3:27 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-11-30 2:26 [PATCH 0/1 V2] uboot-sign.bbclass: fix signature and deployment Robert Yang 2018-11-30 2:26 ` [PATCH 1/1] " Robert Yang 2018-11-30 2:33 ` ✗ patchtest: failure for uboot-sign.bbclass: fix signature and deployment (rev2) Patchwork 2018-11-30 3:32 ` Robert Yang -- strict thread matches above, loose matches on Subject: below -- 2018-11-21 6:24 [PATCH 0/1] uboot-sign.bbclass: fix signature and deployment Robert Yang 2018-11-21 6:24 ` [PATCH 1/1] " Robert Yang 2018-11-21 17:20 ` Otavio Salvador 2018-11-22 1:47 ` Robert Yang 2018-11-29 13:15 ` Burton, Ross 2018-11-30 2:11 ` Robert Yang
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.