[OE-core] [PATCH 5/6] uboot-sign: Split off kernel-fitimage variables

Sean Anderson via lists.openembedded.org Fri, 21 Oct 2022 16:38:01 -0700

In preparation for the next commit, split off several

Signed-off-by: Sean Anderson <sean.ander...@seco.com>
---


 meta/classes-recipe/kernel-fitimage.bbclass | 25 +++++++++++++++++++++
 meta/classes-recipe/uboot-config.bbclass    |  3 +++
 meta/classes-recipe/uboot-sign.bbclass      | 19 ++++------------
 3 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/meta/classes-recipe/kernel-fitimage.bbclass 
b/meta/classes-recipe/kernel-fitimage.bbclass
index 8ddebf8dd8..e4a130a0f2 100644
--- a/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -65,6 +65,31 @@ python __anonymous () {
 # Description string
 FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
 
+# Kernel fitImage Hash Algo
+FIT_HASH_ALG ?= "sha256"
+
+# Kernel fitImage Signature Algo
+FIT_SIGN_ALG ?= "rsa2048"
+
+# Kernel / U-Boot fitImage Padding Algo
+FIT_PAD_ALG ?= "pkcs-1.5"
+
+# Generate keys for signing Kernel fitImage
+FIT_GENERATE_KEYS ?= "0"
+
+# Size of private keys in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
 # Sign individual images as well
 FIT_SIGN_INDIVIDUAL ?= "0"
 
diff --git a/meta/classes-recipe/uboot-config.bbclass 
b/meta/classes-recipe/uboot-config.bbclass
index 7ab006a20d..73dc464444 100644
--- a/meta/classes-recipe/uboot-config.bbclass
+++ b/meta/classes-recipe/uboot-config.bbclass
@@ -80,6 +80,9 @@ SPL_MKIMAGE_DTCOPTS ??= ""
 UBOOT_MKIMAGE ?= "uboot-mkimage"
 UBOOT_MKIMAGE_SIGN ?= "${UBOOT_MKIMAGE}"
 
+# Signature activation - this requires KERNEL_IMAGETYPE = "fitImage"
+UBOOT_SIGN_ENABLE ?= "0"
+
 # Arguments passed to mkimage for signing
 UBOOT_MKIMAGE_SIGN_ARGS ?= ""
 SPL_MKIMAGE_SIGN_ARGS ?= ""
diff --git a/meta/classes-recipe/uboot-sign.bbclass 
b/meta/classes-recipe/uboot-sign.bbclass
index 85e23b963f..569907fa68 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -43,8 +43,7 @@ inherit uboot-config
 # Enable use of a U-Boot fitImage
 UBOOT_FITIMAGE_ENABLE ?= "0"
 
-# Signature activation - these require their respective fitImages
-UBOOT_SIGN_ENABLE ?= "0"
+# Signature activation - this requires UBOOT_FITIMAGE_ENABLE = "1"
 SPL_SIGN_ENABLE ?= "0"
 
 # Default value for deployment filenames.
@@ -71,36 +70,26 @@ SPL_NODTB_SYMLINK ?= "u-boot-spl-nodtb-${MACHINE}.bin"
 # U-Boot fitImage description
 UBOOT_FIT_DESC ?= "U-Boot fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
 
-# Kernel / U-Boot fitImage Hash Algo
-FIT_HASH_ALG ?= "sha256"
+# U-Boot fitImage Hash Algo
 UBOOT_FIT_HASH_ALG ?= "sha256"
 
-# Kernel / U-Boot fitImage Signature Algo
-FIT_SIGN_ALG ?= "rsa2048"
+# U-Boot fitImage Signature Algo
 UBOOT_FIT_SIGN_ALG ?= "rsa2048"
 
-# Kernel / U-Boot fitImage Padding Algo
-FIT_PAD_ALG ?= "pkcs-1.5"
-
-# Generate keys for signing Kernel / U-Boot fitImage
-FIT_GENERATE_KEYS ?= "0"
+# Generate keys for signing U-Boot fitImage
 UBOOT_FIT_GENERATE_KEYS ?= "0"
 
 # Size of private keys in number of bits
-FIT_SIGN_NUMBITS ?= "2048"
 UBOOT_FIT_SIGN_NUMBITS ?= "2048"
 
 # args to openssl genrsa (Default is just the public exponent)
-FIT_KEY_GENRSA_ARGS ?= "-F4"
 UBOOT_FIT_KEY_GENRSA_ARGS ?= "-F4"
 
 # args to openssl req (Default is -batch for non interactive mode and
 # -new for new certificate)
-FIT_KEY_REQ_ARGS ?= "-batch -new"
 UBOOT_FIT_KEY_REQ_ARGS ?= "-batch -new"
 
 # Standard format for public key certificate
-FIT_KEY_SIGN_PKCS ?= "-x509"
 UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
 
 # Functions on this bbclass can apply to either U-boot or Kernel,
-- 
2.35.1.1320.gc452695387.dirty

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#172054): 
https://lists.openembedded.org/g/openembedded-core/message/172054
Mute This Topic: https://lists.openembedded.org/mt/94487630/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/6] uboot-sign: Split off kernel-fitimage variables

Reply via email to