[meta-freescale] [PATCH 23/29] secure-boot-qoriq : add recipes
Chunrong Guo
B40290 at freescale.com
Wed Sep 27 22:34:04 PDT 2017
From: Chunrong Guo <chunrong.guo at nxp.com>
Signed-off-by: Chunrong Guo <chunrong.guo at nxp.com>>
---
recipes-bsp/u-boot/secure-boot-qoriq.bb | 177 ++++++++++++++++++++++++++++++++
1 file changed, 177 insertions(+)
create mode 100644 recipes-bsp/u-boot/secure-boot-qoriq.bb
diff --git a/recipes-bsp/u-boot/secure-boot-qoriq.bb b/recipes-bsp/u-boot/secure-boot-qoriq.bb
new file mode 100644
index 0000000..d4ba2dc
--- /dev/null
+++ b/recipes-bsp/u-boot/secure-boot-qoriq.bb
@@ -0,0 +1,177 @@
+DESCRIPTION = "NXP secure bootloader for qoriq devices"
+SECTION = "bootloaders"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+inherit deploy
+
+DEPENDS = "u-boot-mkimage-native cst-native"
+
+do_deploy[nostamp] = "1"
+do_deploy[depends] += "virtual/kernel:do_build u-boot:do_build"
+
+S = "${WORKDIR}"
+
+do_patch[noexec] = "1"
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_deploy () {
+ if [ -n "${UBOOT_SCR}" ] ; then
+ if [ -n "${SECUREVALIDATE}" ]; then
+ if [ "${ENCAP}" = "1" ] ; then
+ if [ "${BOOTSCRIPT_DEC}" != null ] ; then
+ echo ${SECUREVALIDATE_DEC} > ${BOOTSCRIPT_DEC}.tmp
+ echo ${DISTROBOOT} >> ${BOOTSCRIPT_DEC}.tmp
+ mkimage -A arm64 -O linux -T script -C none -a 0 -e 0 -n "boot.scr" -d ${BOOTSCRIPT_DEC}.tmp ${BOOTSCRIPT_DEC}
+ rm -f ${BOOTSCRIPT_DEC}.tmp
+ install ${B}/${BOOTSCRIPT_DEC} ${DEPLOY_DIR_IMAGE}/
+ fi
+ echo ${SECUREVALIDATE_ENC} > ${UBOOT_SCR}.tmp
+ else
+ echo ${SECUREVALIDATE} > ${UBOOT_SCR}.tmp
+ fi
+ fi
+ echo ${DISTROBOOT} >> ${UBOOT_SCR}.tmp
+ mkimage -A arm64 -O linux -T script -C none -a 0 -e 0 -n "boot.scr" -d ${UBOOT_SCR}.tmp ${UBOOT_SCR}
+ rm -f ${UBOOT_SCR}.tmp
+ install ${B}/${UBOOT_SCR} ${DEPLOY_DIR_IMAGE}/
+ install ${B}/${UBOOT_SCR} ${DEPLOY_DIR_IMAGE}/bootscript
+ fi
+
+ if [ "x${UBOOT_SECURE_ENABLE}" = "x1" ]; then
+ echo ${DISTROBOOT} >> bootscript
+ cp bootscript ${DEPLOY_DIR_IMAGE}/
+ fi
+
+ if [ -n "${KERNEL_IMG}" ]; then
+ cd ${DEPLOY_DIR_IMAGE}
+ rm -rf ${KERNEL_IMG}.bin.gz ${KERNEL_IMG}.bin
+ cp ${KERNEL_IMG} ${KERNEL_IMG}.bin
+ gzip ${KERNEL_IMG}.bin
+ mkimage -A arm64 -O linux -T kernel -C gzip -a 0x80080000 -e 0x80080000 -n Linux -d ${KERNEL_IMG}.bin.gz ${KERNEL_UIMG}
+ fi
+
+ cd ${RECIPE_SYSROOT_NATIVE}/usr/bin/cst
+ ./gen_keys 1024
+ if [ "${ENCAP}" = "1" ]; then
+ cp ${DEPLOY_DIR_IMAGE}/${BOOTSCRIPT_DEC} ./
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/bootscript ./
+ if [ ${MACHINE} = ls1021atwr ]; then
+ cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG}-${MACHINE}.bin uImage.bin
+ cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG}-${DEVICE_TREE} uImage.dtb
+ cp ${DEPLOY_DIR_IMAGE}/itbImage-${MACHINE}.bin kernel.itb
+ else
+ cp ${DEPLOY_DIR_IMAGE}/${KERNEL_IMG}-${DEVICE_TREE} uImage.dtb
+ cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG} uImage.bin
+ cp ${DEPLOY_DIR_IMAGE}/itbImage-${MACHINE}.bin kernel.itb
+ fi
+
+
+ if [ -n "${UBOOT_CONFIG}" ]
+ then
+ for type in ${UBOOT_CONFIG}; do
+ if echo ${type} | grep -iE 'nor-secure-boot'; then
+ type_tmp=nor
+ if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
+ if [ -z "${RCW_NOR}" -o "${RCW_NOR}" = "null" ]; then
+ echo boot nor on board not unsupported!
+ exit
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${RCW_NOR} rcw.bin
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${UBOOT_NORBOOT_SEC} u-boot-dtb.bin
+ elif echo ${type} | grep -iE 'qspi-secure-boot'; then
+ type_tmp=qspi
+ if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
+ if [ -z "${RCW_QSPI}" -o "${RCW_QSPI}" = "null" ]; then
+ echo boot qspi on board not unsupported!
+ exit
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${RCW_QSPI} rcw.bin
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${UBOOT_QSPIBOOT_SEC} u-boot-dtb.bin
+ elif echo ${type} | grep -iE 'sdcard-secure-boot'; then
+ type_tmp=sd
+ if [ ${MACHINE} = ls1088ardb -o ${MACHINE} = ls2088ardb ] ; then
+ if [ -z "${RCW_SD}" -o "${RCW_SD}" = "null" ]; then
+ echo boot sd on board not unsupported!
+ exit
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${RCW_SD} rcw.bin
+ fi
+ if [ "${UBOOT_SDBOOT_SEC}" = "null" -o -z "${UBOOT_SDBOOT_SEC}" ]; then
+ echo sd sec boot on board for secureboot unsupported
+ exit
+ fi
+ cp ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC} u-boot-with-spl-pbl.bin
+ cp ${DEPLOY_DIR_IMAGE}/${UBOOT_SPL} u-boot-spl.bin
+ cp ${DEPLOY_DIR_IMAGE}/${UBOOT_DTB} u-boot-dtb.bin
+ else
+ type_tmp=nand
+ fi
+
+ if [ ${type_tmp} = nand ]; then
+ continue;
+ fi
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/ppa.itb ] ; then
+ cp ${DEPLOY_DIR_IMAGE}/ppa.itb ppa.itb
+ fi
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_FW} ] ; then
+ cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_FW} mc.itb
+ fi
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPC} ] ; then
+ cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPC} dpc.dtb
+ fi
+
+ if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPL} ] ; then
+ cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPL} dpl.dtb
+ fi
+
+ if echo ${type} | grep -iE 'nand'; then
+ . ${NAND_SCRIPT}
+ elif echo ${type} | grep -iE 'sd'; then
+ . ${SD_SCRIPT}
+ elif echo ${type} | grep -iE 'nor'; then
+ . ${NOR_SCRIPT}
+ elif echo ${type} | grep -iE 'qspi'; then
+ . ${QSPI_SCRIPT}
+ fi
+
+ if echo ${type} | grep -iE 'sd'; then
+ if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
+ cp rcw_sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC}
+ else
+ cp u-boot-with-spl-pbl-sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC}
+ fi
+ elif echo ${type} | grep -iE 'nand'; then
+ cp u-boot-with-spl-pbl-sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_NANDBOOT_SEC}
+ else
+ if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] && [ -f ${DEPLOY_DIR_IMAGE}/rcw_sec.bin ]; then
+ cp rcw_sec.bin ${DEPLOY_DIR_IMAGE}/$rcwimg_sec
+ fi
+ fi
+
+ install -d ${DEPLOYDIR}/secboot_hdrs
+ install -m 755 hdr_dtb.out ${DEPLOYDIR}/secboot_hdrs/
+ install -m 755 hdr_linux.out ${DEPLOYDIR}/secboot_hdrs/
+ install -m 755 hdr_bs.out ${DEPLOYDIR}/secboot_hdrs/hrd_${MACHINE}_bs.out
+ install -m 755 secboot_hdrs.bin ${DEPLOYDIR}/secboot_hdrs
+ install -m 755 srk_hash.txt ${DEPLOYDIR}/secboot_hdrs
+ install -m 755 srk.pri ${DEPLOYDIR}/secboot_hdrs
+ install -m 755 srk.pub ${DEPLOYDIR}/secboot_hdrs
+ if [ "$ENCAP" = "1" ]; then
+ install -m 755 hdr_bs_dec.out ${DEPLOYDIR}/secboot_hdrs/hdr_${MACHINE}_bs_dec.out
+ fi
+ done
+ fi
+}
+
+addtask deploy before do_build after do_compile
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
--
1.9.0
More information about the meta-freescale
mailing list