Hi,
If SPL_SIGN_ENABLE is set to 1, the uboot-sign bbclass will sign the u-boot fit
image and add the public key to SPL dtb ('uboot_fitimage_assemble' function).
Before deployment, the class concat the SPL no-dtb binary with SPL dtb+pubkey
to produce the SPL binary ('concat_spl_dtb_helper' function).
However, this approach may produce an unbootable SPL binary for some target
since SPL no-dtb binary may not include the magic number.
For my target, a STM32 MPU, the first 256 bytes are missing.
For me, a better approach is to rebuild the SPL binary with the updated SPL
dtb. Here's my suggestion:
- Disable the SPL concate function:
concat_spl_dtb_helper() {
:
}
- Adds a rebuild task, get the SPL dtb+pubkey from shared deploy directory and
rebuild the SPL binary:
do_rebuild_uboot_spl_with_ signed_dtb() {
deployed_spl_dtb_binary='${ DEPLOY_DIR_IMAGE}/${SPL_DTB_ IMAGE}'
cp $deployed_spl_dtb_binary ${B}/spl/${SPL_DTB_BINARY}
oe_runmake -C ${S} O=${B} spl/u-boot-spl all
}
- Task depends on kernel do_deploy (deploy the SPL dtb+pubkey) :
python () {
if ((d.getVar('UBOOT_SIGN_ENABLE' ) == '1'
or d.getVar('UBOOT_FITIMAGE_ ENABLE') == '1')
and d.getVar('PN') == d.getVar('UBOOT_PN')
and d.getVar('UBOOT_DTB_BINARY')):
d.appendVarFlag('do_rebuild_ uboot_spl_with_signed_dtb', 'depends', '
%s:do_deploy' % d.getVar('KERNEL_PN'))
bb.build.addtask('do_rebuild_ uboot_spl_with_signed_dtb', 'do_deploy',
'do_uboot_assemble_fitimage', d)
}
Since I do not have a global view and this suggestion may not be a general
solution, I did not submit a patch.
Best regards,
Pierre-Loup
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#204619):
https://lists.openembedded.org/g/openembedded-core/message/204619
Mute This Topic: https://lists.openembedded.org/mt/108497881/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
