[meta-freescale] [PATCH 23/29] secure-boot-qoriq : add recipes
Otavio Salvador
otavio.salvador at ossystems.com.br
Sat Sep 30 06:06:44 PDT 2017
On Thu, Sep 28, 2017 at 2:34 AM, Chunrong Guo <B40290 at freescale.com> wrote:
> From: Chunrong Guo <chunrong.guo at nxp.com>
>
> Signed-off-by: Chunrong Guo <chunrong.guo at nxp.com>>
This seems complex and has a lot of indirection that can be
simplified. Why instead of using the script in variables you don't use
text files which has indenting and allow for easier reading?
> ---
> recipes-bsp/u-boot/secure-boot-qoriq.bb | 177 ++++++++++++++++++++++++++++++++
> 1 file changed, 177 insertions(+)
> create mode 100644 recipes-bsp/u-boot/secure-boot-qoriq.bb
>
> diff --git a/recipes-bsp/u-boot/secure-boot-qoriq.bb b/recipes-bsp/u-boot/secure-boot-qoriq.bb
> new file mode 100644
> index 0000000..d4ba2dc
> --- /dev/null
> +++ b/recipes-bsp/u-boot/secure-boot-qoriq.bb
> @@ -0,0 +1,177 @@
> +DESCRIPTION = "NXP secure bootloader for qoriq devices"
> +SECTION = "bootloaders"
> +LICENSE = "GPLv2"
> +
> +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
> +
> +inherit deploy
> +
> +DEPENDS = "u-boot-mkimage-native cst-native"
> +
> +do_deploy[nostamp] = "1"
> +do_deploy[depends] += "virtual/kernel:do_build u-boot:do_build"
> +
> +S = "${WORKDIR}"
> +
> +do_patch[noexec] = "1"
> +do_configure[noexec] = "1"
> +do_compile[noexec] = "1"
> +
> +do_deploy () {
> + if [ -n "${UBOOT_SCR}" ] ; then
> + if [ -n "${SECUREVALIDATE}" ]; then
> + if [ "${ENCAP}" = "1" ] ; then
> + if [ "${BOOTSCRIPT_DEC}" != null ] ; then
> + echo ${SECUREVALIDATE_DEC} > ${BOOTSCRIPT_DEC}.tmp
> + echo ${DISTROBOOT} >> ${BOOTSCRIPT_DEC}.tmp
> + mkimage -A arm64 -O linux -T script -C none -a 0 -e 0 -n "boot.scr" -d ${BOOTSCRIPT_DEC}.tmp ${BOOTSCRIPT_DEC}
> + rm -f ${BOOTSCRIPT_DEC}.tmp
> + install ${B}/${BOOTSCRIPT_DEC} ${DEPLOY_DIR_IMAGE}/
> + fi
> + echo ${SECUREVALIDATE_ENC} > ${UBOOT_SCR}.tmp
> + else
> + echo ${SECUREVALIDATE} > ${UBOOT_SCR}.tmp
> + fi
> + fi
> + echo ${DISTROBOOT} >> ${UBOOT_SCR}.tmp
> + mkimage -A arm64 -O linux -T script -C none -a 0 -e 0 -n "boot.scr" -d ${UBOOT_SCR}.tmp ${UBOOT_SCR}
> + rm -f ${UBOOT_SCR}.tmp
> + install ${B}/${UBOOT_SCR} ${DEPLOY_DIR_IMAGE}/
> + install ${B}/${UBOOT_SCR} ${DEPLOY_DIR_IMAGE}/bootscript
> + fi
> +
> + if [ "x${UBOOT_SECURE_ENABLE}" = "x1" ]; then
> + echo ${DISTROBOOT} >> bootscript
> + cp bootscript ${DEPLOY_DIR_IMAGE}/
> + fi
> +
> + if [ -n "${KERNEL_IMG}" ]; then
> + cd ${DEPLOY_DIR_IMAGE}
> + rm -rf ${KERNEL_IMG}.bin.gz ${KERNEL_IMG}.bin
> + cp ${KERNEL_IMG} ${KERNEL_IMG}.bin
> + gzip ${KERNEL_IMG}.bin
> + mkimage -A arm64 -O linux -T kernel -C gzip -a 0x80080000 -e 0x80080000 -n Linux -d ${KERNEL_IMG}.bin.gz ${KERNEL_UIMG}
> + fi
> +
> + cd ${RECIPE_SYSROOT_NATIVE}/usr/bin/cst
> + ./gen_keys 1024
> + if [ "${ENCAP}" = "1" ]; then
> + cp ${DEPLOY_DIR_IMAGE}/${BOOTSCRIPT_DEC} ./
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/bootscript ./
> + if [ ${MACHINE} = ls1021atwr ]; then
> + cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG}-${MACHINE}.bin uImage.bin
> + cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG}-${DEVICE_TREE} uImage.dtb
> + cp ${DEPLOY_DIR_IMAGE}/itbImage-${MACHINE}.bin kernel.itb
> + else
> + cp ${DEPLOY_DIR_IMAGE}/${KERNEL_IMG}-${DEVICE_TREE} uImage.dtb
> + cp ${DEPLOY_DIR_IMAGE}/${KERNEL_UIMG} uImage.bin
> + cp ${DEPLOY_DIR_IMAGE}/itbImage-${MACHINE}.bin kernel.itb
> + fi
> +
> +
> + if [ -n "${UBOOT_CONFIG}" ]
> + then
> + for type in ${UBOOT_CONFIG}; do
> + if echo ${type} | grep -iE 'nor-secure-boot'; then
> + type_tmp=nor
> + if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
> + if [ -z "${RCW_NOR}" -o "${RCW_NOR}" = "null" ]; then
> + echo boot nor on board not unsupported!
> + exit
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${RCW_NOR} rcw.bin
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${UBOOT_NORBOOT_SEC} u-boot-dtb.bin
> + elif echo ${type} | grep -iE 'qspi-secure-boot'; then
> + type_tmp=qspi
> + if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
> + if [ -z "${RCW_QSPI}" -o "${RCW_QSPI}" = "null" ]; then
> + echo boot qspi on board not unsupported!
> + exit
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${RCW_QSPI} rcw.bin
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${UBOOT_QSPIBOOT_SEC} u-boot-dtb.bin
> + elif echo ${type} | grep -iE 'sdcard-secure-boot'; then
> + type_tmp=sd
> + if [ ${MACHINE} = ls1088ardb -o ${MACHINE} = ls2088ardb ] ; then
> + if [ -z "${RCW_SD}" -o "${RCW_SD}" = "null" ]; then
> + echo boot sd on board not unsupported!
> + exit
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${RCW_SD} rcw.bin
> + fi
> + if [ "${UBOOT_SDBOOT_SEC}" = "null" -o -z "${UBOOT_SDBOOT_SEC}" ]; then
> + echo sd sec boot on board for secureboot unsupported
> + exit
> + fi
> + cp ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC} u-boot-with-spl-pbl.bin
> + cp ${DEPLOY_DIR_IMAGE}/${UBOOT_SPL} u-boot-spl.bin
> + cp ${DEPLOY_DIR_IMAGE}/${UBOOT_DTB} u-boot-dtb.bin
> + else
> + type_tmp=nand
> + fi
> +
> + if [ ${type_tmp} = nand ]; then
> + continue;
> + fi
> +
> + if [ -f ${DEPLOY_DIR_IMAGE}/ppa.itb ] ; then
> + cp ${DEPLOY_DIR_IMAGE}/ppa.itb ppa.itb
> + fi
> +
> + if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_FW} ] ; then
> + cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_FW} mc.itb
> + fi
> +
> + if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPC} ] ; then
> + cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPC} dpc.dtb
> + fi
> +
> + if [ -f ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPL} ] ; then
> + cp ${DEPLOY_DIR_IMAGE}/${DPAA2_MC_DPL} dpl.dtb
> + fi
> +
> + if echo ${type} | grep -iE 'nand'; then
> + . ${NAND_SCRIPT}
> + elif echo ${type} | grep -iE 'sd'; then
> + . ${SD_SCRIPT}
> + elif echo ${type} | grep -iE 'nor'; then
> + . ${NOR_SCRIPT}
> + elif echo ${type} | grep -iE 'qspi'; then
> + . ${QSPI_SCRIPT}
> + fi
> +
> + if echo ${type} | grep -iE 'sd'; then
> + if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] ; then
> + cp rcw_sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC}
> + else
> + cp u-boot-with-spl-pbl-sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_SDBOOT_SEC}
> + fi
> + elif echo ${type} | grep -iE 'nand'; then
> + cp u-boot-with-spl-pbl-sec.bin ${DEPLOY_DIR_IMAGE}/${UBOOT_NANDBOOT_SEC}
> + else
> + if [ ${MACHINE} = ls2088ardb -o ${MACHINE} = ls1088ardb ] && [ -f ${DEPLOY_DIR_IMAGE}/rcw_sec.bin ]; then
> + cp rcw_sec.bin ${DEPLOY_DIR_IMAGE}/$rcwimg_sec
> + fi
> + fi
> +
> + install -d ${DEPLOYDIR}/secboot_hdrs
> + install -m 755 hdr_dtb.out ${DEPLOYDIR}/secboot_hdrs/
> + install -m 755 hdr_linux.out ${DEPLOYDIR}/secboot_hdrs/
> + install -m 755 hdr_bs.out ${DEPLOYDIR}/secboot_hdrs/hrd_${MACHINE}_bs.out
> + install -m 755 secboot_hdrs.bin ${DEPLOYDIR}/secboot_hdrs
> + install -m 755 srk_hash.txt ${DEPLOYDIR}/secboot_hdrs
> + install -m 755 srk.pri ${DEPLOYDIR}/secboot_hdrs
> + install -m 755 srk.pub ${DEPLOYDIR}/secboot_hdrs
> + if [ "$ENCAP" = "1" ]; then
> + install -m 755 hdr_bs_dec.out ${DEPLOYDIR}/secboot_hdrs/hdr_${MACHINE}_bs_dec.out
> + fi
> + done
> + fi
> +}
> +
> +addtask deploy before do_build after do_compile
> +
> +PACKAGE_ARCH = "${MACHINE_ARCH}"
> --
> 1.9.0
>
> --
> _______________________________________________
> meta-freescale mailing list
> meta-freescale at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-freescale
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
More information about the meta-freescale
mailing list