meta-digi: rework u-boot support

Instead of overriding the whole do_compile function, just to reconfigure u-boot for Trustfence, create a do_configure pre-function that takes care of that. This allows the removal of duplicated code. Also, disable the generation of u-boot environment artifacts. We are not using them and so many u-boot artifacts in the deploy directory are confusing. Finally, adjust the names of the TF u-boot artifacts in the do_deploy append function. Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2022-12-21 13:17:19 +01:00 · 2022-12-21 13:17:19 +01:00 · 9d40092ce5
parent 385884473e
commit 9d40092ce5
3 changed files with 27 additions and 103 deletions
--- a/meta-digi-arm/conf/machine/include/digi-defaults.inc
+++ b/meta-digi-arm/conf/machine/include/digi-defaults.inc
@ -63,10 +63,6 @@ USE_VT ?= "0"
 MACHINE_VARIANT ?= ""
 MACHINEOVERRIDES .= "${@['', ':${MACHINE_VARIANT}']['${MACHINE_VARIANT}' != '']}"

-# U-Boot symlink
-UBOOT_SYMLINK ?= "${UBOOT_PREFIX}-${MACHINE}.${UBOOT_SUFFIX}"
-BOOTABLE_ARTIFACTS ?= ""
-
 # Extra RDEPENDS
 MACHINE_EXTRA_RDEPENDS += " \
    ${@bb.utils.contains("MACHINE_FEATURES", "mca", "mca-tool", "", d)} \
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
@ -32,91 +32,21 @@ BUILD_UBOOT_SCRIPTS ?= "true"

 BOOTLOADER_IMAGE_RECIPE ?= "u-boot"

-LOCALVERSION ?= ""
-
-EXTRA_OEMAKE:append = " KCFLAGS=-fgnu89-inline"
-
-UBOOT_EXTRA_CONF ?= ""
-
-# Use default initial env name so userspace tools work as expected
-UBOOT_INITIAL_ENV = "u-boot-initial-env"
+# Disable u-boot environment artifacts
+UBOOT_INITIAL_ENV = ""

 python __anonymous() {
    if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in ["0", None]) and (d.getVar("TRUSTFENCE_SIGN", True) != "1"):
        bb.fatal("Only signed U-Boot images can be encrypted. Generate signed images (TRUSTFENCE_SIGN = \"1\") or remove encryption (TRUSTFENCE_DEK_PATH = \"0\")")
 }

-do_compile () {
-	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then
-		sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk
-	fi
-
-	unset LDFLAGS
-	unset CFLAGS
-	unset CPPFLAGS
-
-	if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]
-	then
-		echo ${UBOOT_LOCALVERSION} > ${B}/.scmversion
-		echo ${UBOOT_LOCALVERSION} > ${S}/.scmversion
-	fi
-
-	if [ -n "${UBOOT_CONFIG}" ]
-	then
-		unset i j k
-		for config in ${UBOOT_MACHINE}; do
-			i=$(expr $i + 1);
-			for type in ${UBOOT_CONFIG}; do
-				j=$(expr $j + 1);
-				if [ $j -eq $i ]
-				then
-					oe_runmake -C ${S} O=${B}/${config} ${config}
-					# Reconfigure U-Boot with Digi UBOOT_EXTRA_CONF
-					for var in ${UBOOT_EXTRA_CONF}; do
-						echo "${var}" >> ${B}/${config}/.config
-					done
-					oe_runmake -C ${S} O=${B}/${config} oldconfig
-
-					oe_runmake -C ${S} O=${B}/${config} ${UBOOT_MAKE_TARGET}
-					for binary in ${UBOOT_BINARIES}; do
-						k=$(expr $k + 1);
-						if [ $k -eq $i ]; then
-							cp ${B}/${config}/${binary} ${B}/${config}/u-boot-${type}.${UBOOT_SUFFIX}
-						fi
-					done
-
-					# Generate the uboot-initial-env
-					if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-						oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env
-						cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type}
-					fi
-
-					unset k
-
-					# Secure boot artifacts
-					if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${BOOTLOADER_IMAGE_RECIPE}" = "u-boot" ]
-					then
-						cp ${B}/${config}/u-boot-dtb-signed.imx ${B}/${config}/u-boot-dtb-signed-${type}.${UBOOT_SUFFIX}
-						cp ${B}/${config}/u-boot-dtb-usb-signed.imx ${B}/${config}/u-boot-dtb-usb-signed-${type}.${UBOOT_SUFFIX}
-						if [ "${TRUSTFENCE_DEK_PATH}" != "0" ]
-						then
-							cp ${B}/${config}/u-boot-dtb-encrypted.imx ${B}/${config}/u-boot-dtb-encrypted-${type}.${UBOOT_SUFFIX}
-						fi
-					fi
-				fi
-			done
-			unset  j
-		done
-		unset  i
-	else
-		oe_runmake -C ${S} O=${B} ${UBOOT_MACHINE}
-		oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET}
-
-		# Generate the uboot-initial-env
-		if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-			oe_runmake -C ${S} O=${B} u-boot-initial-env
-		fi
-	fi
+do_configure[prefuncs] += "${@oe.utils.ifelse(d.getVar('UBOOT_TF_CONF'), 'trustfence_config', '')}"
+python trustfence_config() {
+    config_path = d.expand('${WORKDIR}/uboot-trustfence.cfg')
+    with open(config_path, 'w') as f:
+        for cfg in d.getVar('UBOOT_TF_CONF').split():
+            f.write('%s\n' % cfg)
+    d.appendVar('SRC_URI', ' file://%s' % config_path)
 }

 TF_BOOTSCRIPT_SEDFILTER = "${@tf_bootscript_sedfilter(d)}"
@ -186,21 +116,21 @@ do_deploy:append() {
 				then
 					cd ${DEPLOYDIR}
 					rm -r ${UBOOT_BINARY}-${type}
-					ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-${type}.${UBOOT_SUFFIX}
+					ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
 					if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${BOOTLOADER_IMAGE_RECIPE}" = "u-boot" ]; then
 						install ${B}/${config}/SRK_efuses.bin SRK_efuses-${PV}-${PR}.bin
 						ln -sf SRK_efuses-${PV}-${PR}.bin SRK_efuses.bin

-						install ${B}/${config}/u-boot-dtb-signed-${type}.${UBOOT_SUFFIX} u-boot-dtb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
-						ln -sf u-boot-dtb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-dtb-signed-${type}.${UBOOT_SUFFIX}
+						install ${B}/${config}/${UBOOT_BINARYNAME}-dtb-signed.imx ${UBOOT_BINARYNAME}-dtb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
+						ln -sf ${UBOOT_BINARYNAME}-dtb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-dtb-signed-${type}.${UBOOT_SUFFIX}

-						install ${B}/${config}/u-boot-dtb-usb-signed-${type}.${UBOOT_SUFFIX} u-boot-dtb-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
-						ln -sf u-boot-dtb-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-dtb-usb-signed-${type}.${UBOOT_SUFFIX}
+						install ${B}/${config}/${UBOOT_BINARYNAME}-dtb-usb-signed.imx ${UBOOT_BINARYNAME}-dtb-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
+						ln -sf ${UBOOT_BINARYNAME}-dtb-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-dtb-usb-signed-${type}.${UBOOT_SUFFIX}

 						if [ "${TRUSTFENCE_DEK_PATH}" != "0" ]
 						then
-							install ${B}/${config}/u-boot-dtb-encrypted-${type}.${UBOOT_SUFFIX} u-boot-dtb-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
-							ln -sf u-boot-dtb-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-dtb-encrypted-${type}.${UBOOT_SUFFIX}
+							install ${B}/${config}/${UBOOT_BINARYNAME}-dtb-encrypted.imx ${UBOOT_BINARYNAME}-dtb-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
+							ln -sf ${UBOOT_BINARYNAME}-dtb-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-dtb-encrypted-${type}.${UBOOT_SUFFIX}
 						fi
 					fi
 				fi
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -34,8 +34,6 @@ TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-onl

 IMAGE_FEATURES += "dey-trustfence"

-UBOOT_EXTRA_CONF = ""
-
 python () {
    import binascii
    import hashlib
@ -43,12 +41,12 @@ python () {

    # Secure console configuration
    if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE", True) == "1"):
-        d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_CONSOLE_DISABLE=y ")
+        d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_DISABLE=y ")
        if d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE", True):
            passphrase_hash = hashlib.sha256(d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE", True).encode()).hexdigest()
-            d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_CONSOLE_ENABLE_PASSPHRASE=y CONFIG_CONSOLE_ENABLE_PASSPHRASE_KEY=\\"%s\\" ' % passphrase_hash)
+            d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_PASSPHRASE=y CONFIG_CONSOLE_ENABLE_PASSPHRASE_KEY="%s" ' % passphrase_hash)
        elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE", True):
-            d.appendVar("UBOOT_EXTRA_CONF", " CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE", True))
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE", True))

    # Secure boot configuration
    if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True) == "default"):
@ -58,21 +56,21 @@ python () {
        d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True) + "/dek.bin");

    if (d.getVar("TRUSTFENCE_SIGN", True) == "1"):
-        d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
+        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
        if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS", True) == "1"):
-            d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")
        if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True):
-            d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_SIGN_KEYS_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True))
+            d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_KEYS_PATH="%s" ' % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True))
        if (d.getVar("TRUSTFENCE_UNLOCK_KEY_REVOCATION", True) == "1"):
-            d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_UNLOCK_SRK_REVOKE=y ")
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_UNLOCK_SRK_REVOKE=y ")
        if d.getVar("TRUSTFENCE_KEY_INDEX", True):
-            d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX", True))
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX", True))
        if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in [None, "0"]):
-            d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_DEK_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_DEK_PATH", True))
+            d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH", True))
        if d.getVar("TRUSTFENCE_SIGN_MODE", True):
-            d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_SIGN_MODE=\\"%s\\" ' % d.getVar("TRUSTFENCE_SIGN_MODE", True))
+            d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE", True))
    if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"):
-        d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y')
+        d.appendVar("UBOOT_TF_CONF", "CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y ")

    # Provide sane default values for SWUPDATE class in case Trustfence is enabled
    if (d.getVar("TRUSTFENCE_SIGN", True) == "1"):