Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
meta-digi/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc

366 lines
14 KiB
PHP
Raw Blame History

# Copyright (C) 2018-2026, Digi International Inc.
require recipes-bsp/u-boot/u-boot.inc
DESCRIPTION = "Bootloader for Digi platforms"
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://Licenses/README;md5=a2c678cfd4a4d97135585cad908541c6"
SECTION = "bootloaders"
DEPENDS += "bc-native dtc-native u-boot-mkimage-native"
DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
PROVIDES += "u-boot"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
# Select internal or Github U-Boot repo
UBOOT_URI_STASH = "${DIGI_MTK_GIT}/uboot/u-boot-denx.git;protocol=ssh"
UBOOT_URI_GITHUB = "${DIGI_GITHUB_GIT}/u-boot.git;protocol=https"
UBOOT_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${UBOOT_URI_STASH}', '${UBOOT_URI_GITHUB}', d)}"
INSTALL_FW_UBOOT_SCRIPTS = " \
file://install_linux_fw_sd.txt \
file://install_linux_fw_usb.txt \
file://install_linux_fw_uuu.sh \
"
SRC_URI = " \
${UBOOT_GIT_URI};branch=${SRCBRANCH} \
file://boot.txt \
file://install_linux_fw_media.txt \
file://install_linux_fw_uuu.sh \
file://fit-install-template.its \
"
BUILD_UBOOT_SCRIPTS ?= "true"
UBOOT_LOGO_BMP ?= ""
LOCALVERSION ?= ""
inherit ${@oe.utils.conditional('DEY_SOC_VENDOR', 'NXP', 'fsl-u-boot-localversion uuu_bootloader_tag', '', d)}
EXTRA_OEMAKE:append = "${@' LOGO_BMP=%s' % d.getVar('UBOOT_LOGO_BMP') if d.getVar('UBOOT_LOGO_BMP') else ''}"
# Disable u-boot tagging for imx8/9, as the boot image is imx-boot
UUU_BOOTLOADER:mx8-generic-bsp = ""
UUU_BOOTLOADER:mx9-generic-bsp = ""
# Disable u-boot environment artifacts
UBOOT_INITIAL_ENV = ""
python __anonymous() {
if (d.getVar("TRUSTFENCE_ENCRYPT") == "1") and (d.getVar("TRUSTFENCE_SIGN") != "1"):
bb.fatal("Only signed U-Boot images can be encrypted. Generate signed images (TRUSTFENCE_SIGN = \"1\") or remove encryption (TRUSTFENCE_ENCRYPT = \"0\")")
}
do_configure[prefuncs] += "${@oe.utils.ifelse(d.getVar('UBOOT_TF_CONF'), 'trustfence_config', '')}"
python trustfence_config() {
import shlex
config_path = d.expand('${WORKDIR}/uboot-trustfence.cfg')
with open(config_path, 'w') as f:
for cfg in shlex.split(d.getVar('UBOOT_TF_CONF'), posix=False):
# strip quotes for "is not set" options
if 'is not set' in cfg:
cfg = cfg.strip('"\'')
f.write('%s\n' % cfg)
d.appendVar('SRC_URI', ' file://%s' % config_path)
}
TF_BOOTSCRIPT_SEDFILTER = "${@tf_bootscript_sedfilter(d)}"
def tf_bootscript_sedfilter(d):
tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE') or ""
return "s,\(^[[:blank:]]*\)true.*,\\1setenv boot_initrd true\\n\\1setenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf,g" % tf_initramfs if tf_initramfs else ""
SIGN_UBOOT ?= ""
SIGN_UBOOT:ccimx6 = "sign_uboot"
SIGN_UBOOT:ccimx6ul = "sign_uboot"
do_deploy[postfuncs] += " \
${@oe.utils.ifelse(d.getVar('BUILD_UBOOT_SCRIPTS') == 'true', 'build_uboot_scripts', '')} \
${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', '${SIGN_UBOOT}', '', d)} \
"
build_uboot_scripts() {
# Generate USB installer from media template
sed -e 's,##INSTALL_MEDIA##,usb,g' \
-e 's,##INSTALL_MEDIA_INDEX##,${UBOOT_INSTALL_USB_INDEX},g' \
${WORKDIR}/install_linux_fw_media.txt > ${WORKDIR}/install_linux_fw_usb.txt
# Generate microSD installer from media template
sed -e 's,##INSTALL_MEDIA##,mmc,g' \
-e 's,##INSTALL_MEDIA_INDEX##,${UBOOT_INSTALL_SD_INDEX},g' \
${WORKDIR}/install_linux_fw_media.txt > ${WORKDIR}/install_linux_fw_sd.txt
for f in $(echo ${INSTALL_FW_UBOOT_SCRIPTS} | sed -e 's,file\:\/\/,,g'); do
f_ext="${f##*.}"
TMP_INSTALL_SCR="$(mktemp ${WORKDIR}/${f}.XXXXXX)"
sed -e 's,##GRAPHICAL_BACKEND##,${GRAPHICAL_BACKEND},g' \
-e 's,##MACHINE##,${MACHINE},g' \
-e 's,##GRAPHICAL_IMAGES##,${GRAPHICAL_IMAGES},g' \
-e 's,##DEFAULT_IMAGE_NAME##,${DEFAULT_IMAGE_NAME},g' \
${WORKDIR}/${f} > ${TMP_INSTALL_SCR}
if [ "${DEY_SOC_VENDOR}" = "STM" ]; then
sed -i -e 's,##BOOTSCHEME_DEFAULT##,${BOOTSCHEME_DEFAULT},g' ${TMP_INSTALL_SCR}
fi
# Change the u-boot name when TrustFence is enabled
if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
if [ "${TRUSTFENCE_ENCRYPT}" = "1" ]; then
sed -i -e 's,##SIGNED##,encrypted,g' ${TMP_INSTALL_SCR}
else
sed -i -e 's,##SIGNED##,signed,g' ${TMP_INSTALL_SCR}
fi
else
if [ "${TRUSTFENCE_ENCRYPT}" = "1" ]; then
sed -i -e 's,##SIGNED##,_Encrypted_Signed,g' ${TMP_INSTALL_SCR}
else
sed -i -e 's,##SIGNED##,_Signed,g' ${TMP_INSTALL_SCR}
fi
fi
else
sed -i -e 's,-##SIGNED##,,g' -e 's,##SIGNED##,,g' ${TMP_INSTALL_SCR}
fi
if [ "${f_ext}" = "txt" ]; then
mkimage -T script -n "DEY firmware install script" -C none -d ${TMP_INSTALL_SCR} ${DEPLOYDIR}/${f%.*}.scr
else
install -m 775 ${TMP_INSTALL_SCR} ${DEPLOYDIR}/${f}
fi
# Create FIT image installer when Trustfence is enabled
if [ "${TRUSTFENCE_SIGN_FIT_STM}" = "1" ] || [ "${TRUSTFENCE_SIGN_FIT_NXP}" = "1" ]; then
# We only need the txt scripts
if [ "${f_ext}" = "txt" ]; then
cp ${TMP_INSTALL_SCR} ${WORKDIR}/${f%.*}.fit
INSTALL_LINUX_FW="${f%.*}"
INSTALL_LINUX_FW_DEV="${INSTALL_LINUX_FW##*_}"
TMP_FIT_ITS="$(mktemp ${WORKDIR}/fit-install-template.its.XXXXXX)"
sed -e 's,##INSTALL_LINUX_FW##,'${INSTALL_LINUX_FW}',g' \
-e 's,##INSTALL_LINUX_FW_DEV##,'${INSTALL_LINUX_FW_DEV}',g' \
-e 's,##INSTALL_LINUX_FW_FILE##,'${f%.*}',g' \
${WORKDIR}/fit-install-template.its > ${TMP_FIT_ITS}
# Generate the signed FIT image
mkimage -f ${TMP_FIT_ITS} ${DEPLOYDIR}/install_linux_fw.scr
mkimage -F -k ${TRUSTFENCE_SIGN_KEYS_PATH}/fit -r ${DEPLOYDIR}/install_linux_fw.scr
# copy FIT image installer using the same names we use for the normal script
cp ${DEPLOYDIR}/install_linux_fw.scr ${DEPLOYDIR}/${f%.*}.scr
rm -f ${TMP_FIT_ITS}
fi
fi
rm -f ${TMP_INSTALL_SCR}
done
# Boot script for DEY images (reconfigure on-the-fly if TRUSTFENCE is enabled)
TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)"
sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR}
mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr
rm -f ${TMP_BOOTSCR}
# Sign the boot script if not contained in a FIT image
if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ] && [ "${TRUSTFENCE_SIGN_FIT_NXP}" = "0" ]; then
export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_KEYS_PATH}"
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_SRK_REVOKE_MASK}" ] && export SRK_REVOKE_MASK="${TRUSTFENCE_SRK_REVOKE_MASK}"
[ "${TRUSTFENCE_ENCRYPT}" = "1" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_KEYS_PATH}/${TRUSTFENCE_DEK_ENCRYPT_KEYNAME}"
# Sign boot script
TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)"
trustfence-sign-artifact.sh -p "${DIGI_SOM}" -b "${DEPLOYDIR}/boot.scr" "${TMP_SIGNED_BOOTSCR}"
mv "${TMP_SIGNED_BOOTSCR}" "${DEPLOYDIR}/boot.scr"
# Sign USB installer script
TMP_SIGN_INSTALLSCR="$(mktemp ${WORKDIR}/install_linux_fw_usb-signed.XXXXXX)"
trustfence-sign-artifact.sh -p "${DIGI_SOM}" -b "${DEPLOYDIR}/install_linux_fw_usb.scr" "${TMP_SIGN_INSTALLSCR}"
mv "${TMP_SIGN_INSTALLSCR}" "${DEPLOYDIR}/install_linux_fw_usb.scr"
# Sign uSD installer script
TMP_SIGN_INSTALLSCR="$(mktemp ${WORKDIR}/install_linux_fw_sd-signed.XXXXXX)"
trustfence-sign-artifact.sh -p "${DIGI_SOM}" -b "${DEPLOYDIR}/install_linux_fw_sd.scr" "${TMP_SIGN_INSTALLSCR}"
mv "${TMP_SIGN_INSTALLSCR}" "${DEPLOYDIR}/install_linux_fw_sd.scr"
fi
}
#
# Clean Yocto generated u-boot symlinks.
#
# Left:
# u-boot-<defconfig>.<ext>
# u-boot-<platform>.<ext>-<defconfig> (needed for imx-boot)
# u-boot-spl.bin-<platform>-<defconfig> (needed for imx-boot)
#
uboot_deploy_config:append() {
if [ "${MACHINE}" != "ccimx6sbc" ] && [ "${MACHINE}" != "ccimx6qpsbc" ]; then
# U-Boot symlink is only required for ccimx6/ccimx6qp platforms during
# SD card image generation
rm -f ${DEPLOYDIR}/${UBOOT_SYMLINK}
fi
rm -f ${DEPLOYDIR}/${UBOOT_BINARY}-${type}
ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
}
uboot_deploy_spl_config:append() {
rm -f ${DEPLOYDIR}/${SPL_BINARYFILE}-${type} \
${DEPLOYDIR}/${SPL_BINARYFILE} \
${DEPLOYDIR}/${SPL_SYMLINK}
}
# Further cleaning for platforms not generating imx-boot
uboot_deploy_config:append:ccimx6ul() {
rm -f ${DEPLOYDIR}/${UBOOT_SYMLINK}-${type}
}
uboot_deploy_spl_config:append:ccimx6ul() {
rm -f ${DEPLOYDIR}/${SPL_SYMLINK}-${type}
}
sign_uboot() {
# This function only applies to CC6, CC6Plus and CC6UL
[ -z "${UBOOT_CONFIG}" ] && return
for config in ${UBOOT_MACHINE}; do
i=$(expr $i + 1)
for type in ${UBOOT_CONFIG}; do
j=$(expr $j + 1)
if [ $j -eq $i ]; then
cd ${DEPLOYDIR}
cp -fp ${B}/${config}/SRK_efuses.bin SRK_efuses-${PV}-${PR}.bin
ln -sf SRK_efuses-${PV}-${PR}.bin SRK_efuses.bin
cp -fp ${B}/${config}/${UBOOT_BINARYNAME}-dtb-signed.imx ${UBOOT_BINARYNAME}-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
ln -sf ${UBOOT_BINARYNAME}-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-signed-${type}.${UBOOT_SUFFIX}
cp -fp ${B}/${config}/${UBOOT_BINARYNAME}-dtb-usb-signed.imx ${UBOOT_BINARYNAME}-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
ln -sf ${UBOOT_BINARYNAME}-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-usb-signed-${type}.${UBOOT_SUFFIX}
if [ "${TRUSTFENCE_ENCRYPT}" = "1" ]; then
cp -fp ${B}/${config}/${UBOOT_BINARYNAME}-dtb-encrypted.imx ${UBOOT_BINARYNAME}-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
ln -sf ${UBOOT_BINARYNAME}-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-encrypted-${type}.${UBOOT_SUFFIX}
fi
fi
done
unset j
done
}
# -----------------------------------------------------------------------------
# Append compile to handle specific device tree compilation
#
do_compile:append:ccmp1() {
if [ -n "${UBOOT_DEVICETREE}" ]; then
unset i j
for config in ${UBOOT_MACHINE}; do
i=$(expr $i + 1);
for devicetree in ${UBOOT_DEVICETREE}; do
# Cleanup previous build artifact
[ -f "${B}/${config}/dts/dt.dtb" ] && rm "${B}/${config}/dts/dt.dtb"
# Build target for specific device tree
oe_runmake -C ${S} O=${B}/${config} DEVICE_TREE=${devicetree} DEVICE_TREE_EXT=${devicetree}.dtb
# Install specific binary
for binary in ${UBOOT_BINARIES}; do
j=$(expr $j + 1);
if [ $j -eq $i ]; then
binarysuffix=$(echo ${binary} | cut -d'.' -f2)
install -m 644 ${B}/${config}/${binary} ${B}/${config}/u-boot-${devicetree}.${binarysuffix}
fi
done
unset j
done
done
fi
}
BOOT_TOOLS = "imx-boot-tools"
BOOT_TOOLS:stm32mpcommon = "u-boot"
do_deploy:append:ccimx8m() {
# Deploy u-boot-nodtb.bin and ccimx8m[m|n]-dvk.dtb, to be packaged in boot binary by imx-boot
if [ -n "${UBOOT_CONFIG}" ]
then
for config in ${UBOOT_MACHINE}; do
i=$(expr $i + 1);
for type in ${UBOOT_CONFIG}; do
j=$(expr $j + 1);
if [ $j -eq $i ]
then
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0777 ${B}/${config}/arch/arm/dts/${UBOOT_DTB_NAME} ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0777 ${B}/${config}/u-boot-nodtb.bin ${DEPLOYDIR}/${BOOT_TOOLS}/u-boot-nodtb.bin-${MACHINE}-${UBOOT_CONFIG}
fi
done
unset j
done
unset i
fi
}
do_deploy:append:stm32mpcommon() {
# Deploy u-boot-nodtb.bin and ccmp1x-dvk-xxxx.dtb, to be packaged in fip binary by tf-a
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
if [ -n "${UBOOT_DEVICETREE}" ]; then
for devicetree in ${UBOOT_DEVICETREE}; do
# Install u-boot dtb
install -m 644 ${B}/${config}/arch/arm/dts/${devicetree}.dtb ${DEPLOYDIR}/${BOOT_TOOLS}/${FIP_UBOOT_DTB}-${devicetree}.dtb
if [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
# Keep u-boot devicetree without signature
ubootdevicetree="${B}/${config}/arch/arm/dts/${devicetree}.dtb"
namewithoutsignature=`echo $ubootdevicetree | sed "s/\.dtb/-without-signature.dtb/g"`
# Install unsigned U-Boot dtb
install -m 644 ${namewithoutsignature} ${DEPLOYDIR}/${BOOT_TOOLS}/${FIP_UBOOT_DTB}-${devicetree}-without-signature.dtb
fi
done
fi
install -m 0777 ${B}/${config}/u-boot-nodtb.bin ${DEPLOYDIR}/${BOOT_TOOLS}/u-boot-nodtb.bin
}
do_uboot_assemble_fitimage:append:stm32mpcommon() {
for config in ${UBOOT_MACHINE}; do
if [ -n "${UBOOT_DEVICETREE}" ] && [ "${UBOOT_SIGN_ENABLE}" = "1" ]; then
for devicetree in ${UBOOT_DEVICETREE}; do
# Keep u-boot devicetree without signature
ubootdevicetree="${B}/${config}/arch/arm/dts/${devicetree}.dtb"
namewithoutsignature=`echo $ubootdevicetree | sed "s/\.dtb/-without-signature.dtb/g"`
cp $ubootdevicetree $namewithoutsignature
# Add image public key in U-Boot dtb file
fdt_add_pubkey -a "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
-k "${UBOOT_SIGN_KEYDIR}" \
-n "${UBOOT_SIGN_IMG_KEYNAME}" \
-r "image" \
"${ubootdevicetree}"
# Add configuration public key in U-Boot dtb file
fdt_add_pubkey -a "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
-k "${UBOOT_SIGN_KEYDIR}" \
-n "${UBOOT_SIGN_KEYNAME}" \
-r "conf" \
"${ubootdevicetree}"
done
fi
done
}
# Add dependency to make sure that RSA keys generated to sign fitImage are available for u-boot
do_uboot_assemble_fitimage[depends] += " \
${@'virtual/kernel:do_kernel_generate_rsa_keys' \
if "stm32mpcommon" in d.getVar('MACHINEOVERRIDES') \
and "fitImage" in d.getVar('KERNEL_IMAGETYPE') else ''} \
"
FIP_DIR_UBOOT ?= "/u-boot"
# Deploy u-boot artifacts, to be packaged in fip binary by fip-stm32mp recipe
u_boot_sysroot_populate() {
local dest="${SYSROOT_DESTDIR}/${FIP_DIR_UBOOT}"
install -d ${dest}
for config in ${UBOOT_MACHINE}; do
if [ -n "${UBOOT_DEVICETREE}" ]; then
for devicetree in ${UBOOT_DEVICETREE}; do
# Install u-boot dtb
install -m 644 ${B}/${config}/arch/arm/dts/${devicetree}.dtb ${dest}/${FIP_UBOOT_DTB}-${devicetree}.dtb
# Install u-boot binary
install -m 0777 ${B}/${config}/u-boot-nodtb.bin ${dest}/u-boot-nodtb-${devicetree}.bin
done
fi
done
}
SYSROOT_PREPROCESS_FUNCS:stm32mpcommon =+ "u_boot_sysroot_populate"
SYSROOT_DIRS:append:stm32mpcommon = " ${FIP_DIR_UBOOT}"
SYSROOT_DIRS += "/boot"
Reference in New Issue View Git Blame Copy Permalink