blob: 041c5b80341d1444dcc8b9187fa3b12520472ab9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
#!/bin/bash
#
# Copyright (C) 2019 Sascha Hauer <s.hauer@pengutronix.de>
#
# For further information about the PTXdist project and license conditions
# see the README file.
#
ptxd_make_image_fit_its() {
local model compatible
cat << EOF
/dts-v1/;
/ {
description = "Kernel Image";
#address-cells = <1>;
images {
kernel {
description = "kernel";
data = /incbin/("${image_kernel}");
type = "kernel";
compression = "none";
hash-1 {
algo = "sha256";
};
};
EOF
if [ -n "${image_initramfs}" ]; then
cat << EOF
initramfs {
description = "initramfs";
data = /incbin/("${image_initramfs}");
type = "ramdisk";
compression = "none";
hash-1 {
algo = "sha256";
};
};
EOF
fi
for i in ${image_dtb}; do
model=$(fdtget "${i}" / model)
compatible=$(set -- $(fdtget "${i}" / compatible); echo ${1})
cat << EOF
fdt-${compatible} {
data = /incbin/("${i}");
compression = "none";
type = "flat_dt";
hash-1 {
algo = "sha256";
};
};
EOF
done
cat << EOF
};
configurations {
EOF
for i in ${image_dtb}; do
model=$(fdtget "${i}" / model)
compatible=$(set -- $(fdtget "${i}" / compatible); echo ${1})
cat << EOF
conf-${compatible} {
compatible = "${compatible}";
kernel = "kernel";
EOF
if [ -n "${image_initramfs}" ]; then
cat << EOF
ramdisk = "initramfs";
EOF
fi
cat << EOF
fdt = "fdt-${compatible}";
EOF
if [ -n "${image_sign_role}" ]; then
cat << EOF
signature-1 {
algo = "sha256,rsa4096";
key-name-hint = "${image_key_name_hint}";
sign-images = "fdt", "kernel";
};
EOF
fi
cat << EOF
};
EOF
done
cat << EOF
};
};
EOF
}
export -f ptxd_make_image_fit_its
ptxd_make_image_fit() {
local pkcs11_uri
local its=$(mktemp ${PTXDIST_TEMPDIR}/fitimage.XXXXXXXX)
local -a sign_args
ptxd_make_image_init || return
if [ -n "${image_sign_role}" ]; then
pkcs11_uri=$(cs_get_uri "${image_sign_role}")
#
# It would have been too simple for mkimage to just take a
# PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot
# then adds again. Also mkimage adds "object=<key_name_hint>"
# to the URI which our URI already has. Well having it twice
# doesn't seem to hurt at least SoftHSM.
#
pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://")
sign_args=( -k "${pkcs11_uri}" )
fi
if [ -z "${image_image}" ]; then
ptxd_bailout "ptxd_make_image_fit: image_image not given"
fi
if [ -z "${image_kernel}" ]; then
ptxd_bailout "ptxd_make_image_fit: image_kernel not given"
fi
ptxd_make_image_fit_its > "${its}" &&
if [ "${PTXDIST_VERBOSE}" == "1" ]; then
echo "Generated device-tree for the fit image:"
cat "${its}"
fi &&
ptxd_exec mkimage -N pkcs11 -f "${its}" "${image_image}" -r "${sign_args[@]}"
}
export -f ptxd_make_image_fit
|