diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-10-16 14:20:25 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2019-11-26 07:59:56 +0100 |
commit | 0cfba65d15e6ac025aebcce0e592ef98e9e1c8e4 (patch) | |
tree | bb48633998c4c90acef012408506e673b8b52187 /scripts | |
parent | 878157339fe9dce934dbf7dfdf0f1ebb6c1576d9 (diff) | |
download | ptxdist-0cfba65d15e6ac025aebcce0e592ef98e9e1c8e4.tar.gz ptxdist-0cfba65d15e6ac025aebcce0e592ef98e9e1c8e4.tar.xz |
image-kernel-fit: Add package
This adds a package which generates a FIT image from the kernel image
and all selected device trees in PTXCONF_DTC_OFTREE_DTS. The image will
be signed if desired.
** Note **
Currently the U-Boot mkimage tool supports PKCS#11, but there is no way
to specify the PIN in an environment variable like it is done in many
other tools. This means you will be prompted for a PIN each time a
signed FIT image is being built.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/lib/ptxd_make_fit_image.sh | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/scripts/lib/ptxd_make_fit_image.sh b/scripts/lib/ptxd_make_fit_image.sh new file mode 100644 index 000000000..761d6bf1e --- /dev/null +++ b/scripts/lib/ptxd_make_fit_image.sh @@ -0,0 +1,132 @@ +#!/bin/bash +# +# Copyright (C) 2019 Sascha Hauer <s.hauer@pengutronix.de> +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +ptxd_make_image_fit_its() { + local model compatible + + cat << EOF +/dts-v1/; +/ { + description = "Kernel Image"; + #address-cells = <1>; + + images { + kernel { + description = "kernel"; + data = /incbin/("${image_kernel}"); + type = "kernel"; + compression = "none"; + hash-1 { + algo = "sha256"; + }; + }; +EOF + if [ -n "${image_initramfs}" ]; then + cat << EOF + initramfs { + description = "initramfs"; + data = /incbin/("${image_initramfs}"); + type = "ramdisk"; + compression = "none"; + hash-1 { + algo = "sha256"; + }; + }; +EOF + fi + for i in ${image_dtb}; do + model=$(fdtget "${i}" / model) + compatible=$(set -- $(fdtget "${i}" / compatible); echo ${1}) + cat << EOF + fdt-${compatible} { + data = /incbin/("${i}"); + compression = "none"; + type = "flat_dt"; + hash-1 { + algo = "sha256"; + }; + }; +EOF + done + cat << EOF + }; + configurations { +EOF + for i in ${image_dtb}; do + model=$(fdtget "${i}" / model) + compatible=$(set -- $(fdtget "${i}" / compatible); echo ${1}) + cat << EOF + conf-${compatible} { + compatible = "${compatible}"; + kernel = "kernel"; +EOF + if [ -n "${image_initramfs}" ]; then + cat << EOF + ramdisk = "initramfs"; +EOF + fi + cat << EOF + fdt = "fdt-${compatible}"; +EOF + if [ -n "${image_sign_role}" ]; then + cat << EOF + signature-1 { + algo = "sha256,rsa4096"; + key-name-hint = "${image_key_name_hint}"; + sign-images = "fdt", "kernel"; + }; +EOF + fi + cat << EOF + }; +EOF + done + cat << EOF + }; +}; +EOF +} +export -f ptxd_make_image_fit_its + +ptxd_make_image_fit() { + local pkcs11_uri + local its=$(mktemp ${PTXDIST_TEMPDIR}/fitimage.XXXXXXXX) + local -a sign_args + + ptxd_make_image_init || return + + if [ -n "${image_sign_role}" ]; then + pkcs11_uri=$(cs_get_uri "${image_sign_role}") + + # + # It would have been too simple for mkimage to just take a + # PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot + # then adds again. Also mkimage adds "object=<key_name_hint>" + # to the URI which our URI already has. Well having it twice + # doesn't seem to hurt at least SoftHSM. + # + pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://") + sign_args=( -k "${pkcs11_uri}" ) + fi + + if [ -z "${image_image}" ]; then + ptxd_bailout "ptxd_make_image_fit: image_image not given" + fi + + if [ -z "${image_kernel}" ]; then + ptxd_bailout "ptxd_make_image_fit: image_kernel not given" + fi + + ptxd_make_image_fit_its > "${its}" && + if [ "${PTXDIST_VERBOSE}" == "1" ]; then + echo "Generated device-tree for the fit image:" + cat "${its}" + fi && + mkimage -N pkcs11 -f "${its}" "${image_image}" -r "${sign_args[@]}" +} +export -f ptxd_make_image_fit |