From c3b4cfa5d1b575b78a18adb72d98c340b8f04253 Mon Sep 17 00:00:00 2001 From: Mike Engel Date: Mon, 6 Jun 2022 10:59:02 +0200 Subject: [PATCH] swupdate: add u-boot image into SWU update image Signed-off-by: Mike Engel https://onedigi.atlassian.net/browse/DEL-7853 --- .../classes/image_types_digi.bbclass | 18 +- .../conf/machine/include/digi-defaults.inc | 3 + .../imx-mkimage/imx-boot_1.0.bbappend | 9 + .../swu-images/files/sw-description-uboot | 77 +++++++ .../swu-images/files/swupdate_uboot_mmc.sh | 211 ++++++++++++++++++ .../swu-images/files/swupdate_uboot_nand.sh | 96 ++++++++ meta-digi-dey/recipes-digi/swu-images/swu.inc | 30 ++- .../swupdate/swupdate_2022.05.bbappend | 2 + 8 files changed, 436 insertions(+), 10 deletions(-) create mode 100644 meta-digi-dey/recipes-digi/swu-images/files/sw-description-uboot create mode 100755 meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_mmc.sh create mode 100755 meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_nand.sh diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 9aef0aea5..f40dddc17 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -301,14 +301,18 @@ IMAGE_CMD:sdcard() { parted -s ${SDIMG} unit KiB print # Set u-boot image to flash depending on whether TRUSTFENCE_SIGN is enabled - if [ "${TRUSTFENCE_SIGN}" = "1" ]; then - if [ "${BOOTLOADER_IMAGE_RECIPE}" = "u-boot" ]; then - SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER} | sed -e 's,u-boot-,u-boot-dtb-signed-,g')" - else - SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER} | sed -e 's,imx-boot-,imx-boot-signed-,g')" - fi - else + if [ "${SWUPDATE_UBOOTIMG}" = "true" ]; then SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER})" + else + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + if [ "${BOOTLOADER_IMAGE_RECIPE}" = "u-boot" ]; then + SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER} | sed -e 's,u-boot-,u-boot-dtb-signed-,g')" + else + SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER} | sed -e 's,imx-boot-,imx-boot-signed-,g')" + fi + else + SDIMG_BOOT="$(readlink -e ${SDIMG_BOOTLOADER})" + fi fi # Decompress rootfs image diff --git a/meta-digi-arm/conf/machine/include/digi-defaults.inc b/meta-digi-arm/conf/machine/include/digi-defaults.inc index 62ce1c763..43c19eb62 100644 --- a/meta-digi-arm/conf/machine/include/digi-defaults.inc +++ b/meta-digi-arm/conf/machine/include/digi-defaults.inc @@ -85,3 +85,6 @@ DEY_SELINUX_POLICY ?= "1" # U-Boot scripts to include in 'linux' partition # (use the '+=' operator, since other layers may append scripts to this list) BOOT_SCRIPTS += "boot.scr:boot.scr" + +# This can be used to enable U-Boot update through swupdate +SWUPDATE_UBOOTIMG ?= "false" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend index 71d9e2392..de1672874 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend @@ -349,6 +349,15 @@ do_deploy:append () { trustfence-sign-uboot.sh ${DEPLOYDIR}/${UBOOT_PREFIX}-${MACHINE}-${rev}-${ramc}.bin-${target} ${DEPLOYDIR}/${UBOOT_PREFIX}-encrypted-${MACHINE}-${rev}-${ramc}.bin-${target} unset ENABLE_ENCRYPTION fi + if [ "${SWUPDATE_UBOOTIMG}" = "true" ]; then + if [ "${TRUSTFENCE_DEK_PATH}" != "0" ]; then + ln -sf ${UBOOT_PREFIX}-encrypted-${MACHINE}-${rev}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME} + elif [ "${TRUSTFENCE_SIGN}" = "1" ]; then + ln -sf ${UBOOT_PREFIX}-signed-${MACHINE}-${rev}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME} + else + ln -sf ${UBOOT_PREFIX}-${MACHINE}-${rev}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME} + fi + fi done done done diff --git a/meta-digi-dey/recipes-digi/swu-images/files/sw-description-uboot b/meta-digi-dey/recipes-digi/swu-images/files/sw-description-uboot new file mode 100644 index 000000000..6270310d6 --- /dev/null +++ b/meta-digi-dey/recipes-digi/swu-images/files/sw-description-uboot @@ -0,0 +1,77 @@ +software = +{ + version = "##SW_VERSION##"; + description = "##DESCRIPTION##"; + + mmc = { + platform: { + images: ( + { + filename = "##BOOTIMG_NAME##"; + device = "##BOOT_DEV##"; + type = "raw"; + sha256 = "$swupdate_get_sha256(##BOOTIMG_NAME##)"; + installed-directly = true; + }, + { + filename = "##ROOTIMG_NAME##"; + device = "##ROOTFS_DEV##"; + type = "raw"; + sha256 = "$swupdate_get_sha256(##ROOTIMG_NAME##)"; + compressed = "zlib"; + installed-directly = true; + } + ); + files: ( + { + filename = "##UBOOTIMG_NAME##"; + path = "##UBOOT_IMAGE_PATH##"; + sha256 = "$swupdate_get_sha256(##UBOOTIMG_NAME##)"; + } + ); + scripts: ( + { + filename = "##SWUPDATE_UBOOT_SCRIPT##"; + type = "preinstall"; + data = "##UBOOTIMG_NAME## ##UBOOTIMG_ENC## ##UBOOTIMG_OFFSET##; + sha256 = "$swupdate_get_sha256(##SWUPDATE_UBOOT_SCRIPT##)"; + } + ); + }; + }; + mtd = { + platform: { + images: ( + { + filename = "##BOOTIMG_NAME##"; + volume = "##BOOT_DEV##"; + type = "ubivol"; + sha256 = "$swupdate_get_sha256(##BOOTIMG_NAME##)"; + installed-directly = true; + }, + { + filename = "##ROOTIMG_NAME##"; + volume = "##ROOTFS_DEV##"; + type = "ubivol"; + sha256 = "$swupdate_get_sha256(##ROOTIMG_NAME##)"; + installed-directly = true; + } + ); + files: ( + { + filename = "##UBOOTIMG_NAME##"; + path = "##UBOOT_IMAGE_PATH##"; + sha256 = "$swupdate_get_sha256(##UBOOTIMG_NAME##)"; + } + ); + scripts: ( + { + filename = "##SWUPDATE_UBOOT_SCRIPT##"; + type = "postinstall"; + data = "##UBOOTIMG_NAME## ##UBOOTIMG_ENC##"; + sha256 = "$swupdate_get_sha256(##SWUPDATE_UBOOT_SCRIPT##)"; + } + ); + }; + }; +} diff --git a/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_mmc.sh b/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_mmc.sh new file mode 100755 index 000000000..b1e569875 --- /dev/null +++ b/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_mmc.sh @@ -0,0 +1,211 @@ +#!/bin/sh +#=============================================================================== +# +# Copyright (C) 2022 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# Description: +# Script will be called by swupdate to install a new u-boot within linux. +#=============================================================================== + +UBOOT_FILE="$1" +UBOOT_ENC="$2" +uboot_seek_kb="$3" + +echo "**** Start U-Boot update process *****" + +PLATFORM="$(cat /proc/device-tree/digi,machine,name)" +UBOOT_MMC_DEV="/dev/mmcblk0boot0" + +dump_dek () +{ + OUTPUT_FILE="/tmp/dek.bin" + KEY_SIZE_BYTES="32" + ENCRYPTED_UBOOT_DEK="u-boot-encrypted-with-dek.imx" + UBOOT_MMC_DUMP="/tmp/u-boot-dump.hex" + + # ConnectCore 8X + if [ "${PLATFORM}" = "ccimx8x-sbc-pro" ] || [ "${PLATFORM}" = "ccimx8x-sbc-express" ]; then + AHAB_AUTH_CONTAINER_TAG="87" + AHAB_AUTH_SIG_BLOCK_TAG="90" + AHAB_AUTH_BLOB_TAG="00 58 00 81" + AHAB_VERSION="00" + CONT_HEADER_OFFSET="0x400" + + dd if=${UBOOT_MMC_DEV} of=${UBOOT_MMC_DUMP} count=100 bs=1K skip=${uboot_seek_kb} 2>/dev/null + auth_container_tag=$(hexdump -C "${UBOOT_MMC_DUMP}" | grep -m 1 "${AHAB_AUTH_CONTAINER_TAG}" | awk '{print $2 $5}') + echo "auth_container_tag ${auth_container_tag}" + if [ "${auth_container_tag}" = "${AHAB_VERSION}${AHAB_AUTH_CONTAINER_TAG}" ]; then + sig_block_offset="0x$(hexdump -C "${UBOOT_MMC_DUMP}" | grep -m 1 "${AHAB_AUTH_CONTAINER_TAG}" | awk '{print $13 $14}')" + echo " ++++ signature block offset ${sig_block_offset} " + + nd_sig_block="$((CONT_HEADER_OFFSET + sig_block_offset))" + printf '++++ header offset 0x%x\n' ${nd_sig_block} + auth_sig_block_tag=$(hexdump -C -s "${nd_sig_block}" "${UBOOT_MMC_DUMP}" | grep -m 1 "${AHAB_AUTH_SIG_BLOCK_TAG}" | awk '{print $2 $5}') + echo "auth_sig_block_tag ${auth_sig_block_tag}" + if [ "${auth_sig_block_tag}" = "${AHAB_VERSION}${AHAB_AUTH_SIG_BLOCK_TAG}" ]; then + blob_offset="0x$(hexdump -C -s "${nd_sig_block}" "${UBOOT_MMC_DUMP}" -n 16 | awk '{print $13 $12}')" + printf " ++++ blob offset 0x%x\n" ${blob_offset} + dek_blob="$((nd_sig_block + blob_offset))" + printf " ++++ dek_blob offset 0x%x\n" ${dek_blob} + + # DEK blobs have an overhead of 56 bytes. + dek_blob_size=$((KEY_SIZE_BYTES + 56)) + + # Dump dek blob into to a file + dd of=${OUTPUT_FILE} if=${UBOOT_MMC_DUMP} count=${dek_blob_size} bs=1 skip=${dek_blob} 2>/dev/null + rc=$? + if [ $rc -ne 0 ]; then + echo "DEK dump to the output file failed." + return $rc + fi + echo "dump_dek: output file has been created." + # Validate DEK blob + if [ -z "$(dd if=${OUTPUT_FILE} bs=1 count=4 2>/dev/null | hexdump -C | grep "${AHAB_AUTH_BLOB_TAG}")" ]; then + echo "Could not find DEK blob" + rm -rf ${OUTPUT_FILE} + return 1 + fi + echo "DEK blob correctly dumped" + else + echo "## ERROR: AHAB authentication signature block tag not found." + fi + else + echo "## ERROR: AHAB authentication container tag not found." + return 1 + fi + else + #(The last byte lacks one digit on purpose, to match 40, 41 and 42; all HAB versions) + UBOOT_HEADER="d1 00 20 4" + if [ "${PLATFORM}" = "ccimx8mn-dvk" ] || [ "${PLATFORM}" = "ccimx8mm-dvk" ]; then + SKIP_BLOCKS="0" + DEK_BLOB_HEADER="81 00 48 4" + else + SKIP_BLOCKS="2" + DEK_BLOB_HEADER="81 00 58 4" + fi + + dd if=${UBOOT_MMC_DEV} of=${UBOOT_MMC_DUMP} count=1 skip=${SKIP_BLOCKS} 2>/dev/null + uboot_start="0x$(hexdump -C ${UBOOT_MMC_DUMP} | grep -m 1 "${UBOOT_HEADER}" | head -1 | cut -c -8)" + echo "++++ ${uboot_start} +++" + if [ "${uboot_start}" = "0x" ]; then + echo "Could not find U-Boot on MMC" + return 1 + fi + + uboot_size_offset="$((uboot_start + 36))" + uboot_size=$(hexdump -n 4 -s ${uboot_size_offset} -e '/4 "%d\t" "\n"' ${UBOOT_MMC_DUMP}) + + # DEK blobs have an overhead of 56 bytes. + dek_blob_size="$((KEY_SIZE_BYTES + 56))" + + # remove the output DEK file before creating it. + # Since this function is called twice. + # For the actual upgrade and then for the validation after the upgrade. + rm -f ${OUTPUT_FILE} + dump_size="$((uboot_size / 512))" + echo "++++ ${dump_size} +++" + dd if=${UBOOT_MMC_DEV} of=${UBOOT_MMC_DUMP} count=${dump_size} skip=${SKIP_BLOCKS} conv=fsync 2>/dev/null + dek_start=$(hexdump -C ${UBOOT_MMC_DUMP} | grep -m 1 "${DEK_BLOB_HEADER}" | head -1 | cut -c -8) + echo "++++ dek_start ${dek_start} +++" + dek_start="$((16#${dek_start} + 8))" + echo "++++ dek_start ${dek_start} +++" + dd of=${OUTPUT_FILE} if=${UBOOT_MMC_DUMP} count=${dek_blob_size} bs=1 skip=${dek_start} 2>/dev/null + rc=$? + if [ $rc -ne 0 ]; then + echo "DEK dump to the output file failed." + return $rc + fi + echo "dump_dek: output file has been created." + # Validate DEK blob + if [ -z "$(dd if=${OUTPUT_FILE} bs=1 count=4 2>/dev/null | hexdump -C | grep "${DEK_BLOB_HEADER}")" ]; then + echo "Could not find DEK blob" + rm -rf ${OUTPUT_FILE} + return 1 + fi + echo "DEK blob correctly dumped" + rm -f ${UBOOT_MMC_DUMP} + return 0 + fi +} + +if [ "${UBOOT_ENC}" = "enc" ]; then + dump_dek + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: DEK dump failed" + exit $rc + fi + if [ "${PLATFORM}" = "ccimx8x-sbc-pro" ] || [ "${PLATFORM}" = "ccimx8x-sbc-express" ]; then + cp /tmp/${UBOOT_FILE} /tmp/${ENCRYPTED_UBOOT_DEK} + # insert the dek_blob into the AHAB container + dd if=${OUTPUT_FILE} of=/tmp/${ENCRYPTED_UBOOT_DEK} bs=1 seek=${dek_blob} conv=notrunc 2>/dev/null + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: Merging DEK with U-Boot image failed (DEV/FILE = /tmp/$UBOOT_FILE)" + exit $rc + fi + elif [ "${PLATFORM}" = "ccimx8mn-dvk" ] || [ "${PLATFORM}" = "ccimx8mm-dvk" ]; then + FIT_DEK_BLOB_SIZE="96"; + cp /tmp/${UBOOT_FILE} /tmp/${ENCRYPTED_UBOOT_DEK} + # insert the dek_blob into the SPL + dd if=${OUTPUT_FILE} of=/tmp/${ENCRYPTED_UBOOT_DEK} bs=1 seek=${dek_start} conv=notrunc 2>/dev/null + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: Merging DEK with SPL image failed (DEV/FILE = /tmp/$UBOOT_FILE)" + exit $rc + fi + # get u-boot image file size + uboot_file_size="$(stat -L -c %s /tmp/${UBOOT_FILE})" + echo " ++++ uboot_file_size ${uboot_file_size} ***" + uboot_dek_blob_offset="$((uboot_file_size - FIT_DEK_BLOB_SIZE))" + echo " ----- uboot_dek_blob_offset ${uboot_dek_blob_offset} **" + # insert the dek_blob at the end of the bootloader + dd of=/tmp/${ENCRYPTED_UBOOT_DEK} if=${OUTPUT_FILE} bs=1 seek=${uboot_dek_blob_offset} conv=notrunc 2>/dev/null + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: Merging DEK with U-Boot image failed (DEV/FILE = /tmp/$UBOOT_FILE)" + exit $rc + fi + else + cat /tmp/${UBOOT_FILE} ${OUTPUT_FILE} > /tmp/${ENCRYPTED_UBOOT_DEK} + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: Merging DEK with U-Boot image failed (DEV/FILE = /tmp/$UBOOT_FILE)" + exit $rc + fi + fi + # enable write access + echo 0 > /sys/block/mmcblk0boot0/force_ro + UBOOT_FILE="/tmp/${ENCRYPTED_UBOOT_DEK}" + # write the encrypted u-boot into the MMC + dd if=${UBOOT_FILE} of=${UBOOT_MMC_DEV} seek=${uboot_seek_kb} bs=1K + rc=$? 2>/dev/null + if [ "$rc" -ne 0 ]; then + echo "u-boot: failed to write file ${UBOOT_FILE}" + else + echo "u-boot: successfully written file ${UBOOT_FILE}" + fi + # disable write access + echo 1 > /sys/block/mmcblk0boot0/force_ro + rm -f ${UBOOT_FILE} ${OUTPUT_FILE} +else + # enable write access + echo 0 > /sys/block/mmcblk0boot0/force_ro + # write the u-boot into the MMC + dd if=${UBOOT_FILE} of=${UBOOT_MMC_DEV} seek=${uboot_seek_kb} bs=1K 2>/dev/null + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: failed to write file ${UBOOT_FILE}" + else + echo "u-boot: successfully written file ${UBOOT_FILE}" + fi + # disable write access + echo 1 > /sys/block/mmcblk0boot0/force_ro + rm -f ${UBOOT_FILE} ${OUTPUT_FILE} +fi diff --git a/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_nand.sh b/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_nand.sh new file mode 100755 index 000000000..58f9b4de6 --- /dev/null +++ b/meta-digi-dey/recipes-digi/swu-images/files/swupdate_uboot_nand.sh @@ -0,0 +1,96 @@ +#!/bin/sh +#=============================================================================== +# +# Copyright (C) 2022 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# Description: +# Script will be called by swupdate to install a new u-boot within linux. +#=============================================================================== + +UBOOT_FILE="$1" +UBOOT_ENC="$2" + +echo "**** Start U-Boot update process *****" + +# need to mount debufs to remove some kobs-ng warnings +if ! grep -qs debugfs /proc/mounts; then + mount -t debugfs debugfs /sys/kernel/debug/ +fi + +dump_dek () +{ + echo "**** Get DEK and append to the new u-boot *****" + UBOOT_MTD_DEV="/dev/mtd0" + OUTPUT_FILE="/tmp/dek.bin" + KEY_SIZE_BYTES="32" + ENCRYPTED_UBOOT_DEK="u-boot-encrypted-with-dek.imx" + + #(The last byte lacks one digit on purpose, to match 40, 41 and 42; all HAB versions) + UBOOT_HEADER="d1 00 20 4" + DEK_BLOB_HEADER="81 00 58 4" + + uboot_start="0x$(nanddump ${UBOOT_MTD_DEV} | hexdump -C | grep -m 1 "${UBOOT_HEADER}" | head -1 | cut -c -8)" + if [ "${uboot_start}" = "0x" ]; then + echo "Could not find U-Boot on NAND" + return 78 + fi + + uboot_size_offset=$((uboot_start + 36)) + uboot_size=$(hexdump -n 4 -s ${uboot_size_offset} -e '/4 "0x%08x\t" "\n"' ${UBOOT_MTD_DEV}) + # dump start needs to be aligned (U-Boot always leaves 0x400 for DOS table) + dump_start=$((uboot_start - 0x400)) + # DEK blobs have an overhead of 56 bytes. + dek_blob_size=$((KEY_SIZE_BYTES + 56)) + + # remove the output DEK file before creating it. + # Since this function is called twice. + # For the actual upgrade and then for the validation after the upgrade. + rm -f ${OUTPUT_FILE} + # read the complete U-Boot (to skip alignment issues) and keep the dek_blob (which is at the end) + nanddump -s ${dump_start} -l ${uboot_size} ${UBOOT_MTD_DEV} | tail -c ${dek_blob_size} > ${OUTPUT_FILE} + rc=$? + if [ $rc -ne 0 ]; then + echo "DEK dump to the output file failed." + return $rc + fi + echo "dump_dek: output file has been created." + # Validate DEK blob + if [ -z "$(dd if=${OUTPUT_FILE} bs=1 count=4 2>/dev/null | hexdump -C | grep "${DEK_BLOB_HEADER}")" ]; then + echo "Could not find DEK blob" + rm -rf ${OUTPUT_FILE} + return 60 + fi + echo "DEK blob correctly dumped" + return 0 +} + +if [ "${UBOOT_ENC}" = "enc" ]; then + dump_dek + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: DEK dump failed" + exit $rc + fi + cat $UBOOT_FILE $OUTPUT_FILE > /tmp/$ENCRYPTED_UBOOT_DEK + rc=$? + if [ "$rc" -ne 0 ]; then + echo "u-boot: Merging DEK with U-Boot image failed (DEV/FILE = $UBOOT_FILE)" + exit $rc + fi + UBOOT_FILE="${ENCRYPTED_UBOOT_DEK}" +fi + +# install U-Boot onto the Nand Flash +kobs-ng init -x -v /mnt/update/${UBOOT_FILE} +rc=$? +if [ "$rc" -ne 0 ]; then + echo "u-Boot: Updating U-Boot partition failed" +else + echo "u-Boot: Updating U-Boot partition successful" +fi diff --git a/meta-digi-dey/recipes-digi/swu-images/swu.inc b/meta-digi-dey/recipes-digi/swu-images/swu.inc index a7d0f748e..54a29e30d 100644 --- a/meta-digi-dey/recipes-digi/swu-images/swu.inc +++ b/meta-digi-dey/recipes-digi/swu-images/swu.inc @@ -5,15 +5,22 @@ SECTION = "base" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -SRC_URI = "file://sw-description" - +SRC_URI = " \ + file://sw-description \ + file://sw-description-uboot \ + file://swupdate_uboot_nand.sh \ + file://swupdate_uboot_mmc.sh \ +" inherit swupdate IMAGE_DEPENDS = "${@get_baseimg_pn(d)}" IMG_NAME = "${IMAGE_DEPENDS}" -SWUPDATE_IMAGES = "${IMG_NAME}" +SWUPDATE_IMAGES = " \ + ${IMG_NAME} \ + ${@oe.utils.ifelse(d.getVar('SWUPDATE_UBOOTIMG', True) == 'true', '${UBOOT_PREFIX}', '')} \ +" SOFTWARE_VERSION ?= "0.0.1" DESCRIPTION = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', 'Encrypted rootfs ${IMG_NAME} update', '${IMG_NAME} update')}" @@ -24,7 +31,9 @@ BOOTFS_EXT:ccmp1 ?= ".boot.ubifs" ROOTFS_EXT ?= ".ext4.gz" ROOTFS_EXT:ccimx6ul ?= ".ubifs" ROOTFS_EXT:ccmp1 ?= ".ubifs" +UBOOT_EXT ?= ".${UBOOT_SUFFIX}" +UBOOTIMG_OFFSET ?= "${BOOTLOADER_SEEK_BOOT}" BOOT_DEV_NAME ?= "/dev/mmcblk0p1" BOOT_DEV_NAME:ccimx6ul ?= "linux" BOOT_DEV_NAME:ccmp1 ?= "linux" @@ -35,10 +44,14 @@ ROOTFS_ENC_DEV = "/dev/mapper/cryptrootfs" ROOTFS_ENC_DEV:ccimx6ul = "${ROOTFS_DEV_NAME}" ROOTFS_ENC_DEV:ccmp1 = "${ROOTFS_DEV_NAME}" ROOTFS_DEV_NAME_FINAL = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS', True) == '1', '${ROOTFS_ENC_DEV}', '${ROOTFS_DEV_NAME}')}" +SWUPDATE_STORAGE_MEDIA = "${@oe.utils.conditional('STORAGE_MEDIA', 'mmc', 'swupdate_uboot_mmc.sh', 'swupdate_uboot_nand.sh', d)}" python () { img_fstypes = d.getVar('BOOTFS_EXT', True) + " " + d.getVar('ROOTFS_EXT', True) d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", d.getVar('IMG_NAME', True), img_fstypes) + if (d.getVar('SWUPDATE_UBOOTIMG', True) == "true"): + uboot_fstypes = d.getVar('UBOOT_EXT', True) + d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", d.getVar('UBOOT_PREFIX', True), uboot_fstypes) } python do_swuimage:prepend() { @@ -55,6 +68,17 @@ def get_baseimg_pn(d): do_unpack[postfuncs] += "fill_description" fill_description() { + if [ "${SWUPDATE_UBOOTIMG}" = "true" ]; then + cp ${WORKDIR}/sw-description-uboot ${WORKDIR}/sw-description + if [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && [ "${TRUSTFENCE_DEK_PATH}" != "default" ]; then + sed -i -e "s,##UBOOTIMG_ENC##,enc,g" "${WORKDIR}/sw-description" + else + sed -i -e "s,##UBOOTIMG_ENC##,normal,g" "${WORKDIR}/sw-description" + fi + sed -i -e "s,##UBOOTIMG_NAME##,${UBOOT_PREFIX}-${MACHINE}${UBOOT_EXT},g" "${WORKDIR}/sw-description" + sed -i -e "s,##SWUPDATE_UBOOT_SCRIPT##,${SWUPDATE_STORAGE_MEDIA},g" "${WORKDIR}/sw-description" + sed -i -e "s,##UBOOTIMG_OFFSET##,${UBOOTIMG_OFFSET},g" "${WORKDIR}/sw-description" + fi sed -i -e "s,##BOOTIMG_NAME##,${IMG_NAME}-${MACHINE}${BOOTFS_EXT},g" "${WORKDIR}/sw-description" sed -i -e "s,##BOOT_DEV##,${BOOT_DEV_NAME},g" "${WORKDIR}/sw-description" sed -i -e "s,##ROOTIMG_NAME##,${IMG_NAME}-${MACHINE}${ROOTFS_EXT},g" "${WORKDIR}/sw-description" diff --git a/meta-digi-dey/recipes-support/swupdate/swupdate_2022.05.bbappend b/meta-digi-dey/recipes-support/swupdate/swupdate_2022.05.bbappend index baa0e7bfd..3d83e9df6 100644 --- a/meta-digi-dey/recipes-support/swupdate/swupdate_2022.05.bbappend +++ b/meta-digi-dey/recipes-support/swupdate/swupdate_2022.05.bbappend @@ -16,6 +16,8 @@ do_configure:append() { if [ "${TRUSTFENCE_SIGN}" = "1" ]; then echo "CONFIG_SIGNED_IMAGES=y" >> ${B}/.config fi + # add U-Booot handler to use uboot: type + echo "CONFIG_BOOTLOADERHANDLER=y" >> ${B}/.config cml1_do_configure }