[OE-core] [PATCH] uboot-sign: change u-boot do_deploy concat_dtb() hook to postfuncs

Michael Scott mike at foundries.io
Mon May 20 17:45:32 UTC 2019 

The u-boot signing process consists of 3 actions which must happen in
the right order in order to generate a correct u-boot.dtb with the
public key information which is appended to the u-boot binary.

This process is described in a long comment at the top of
uboot-sign.bbclass:

1. u-boot build generates initial version of u-boot binary and
   appended u-boot.dtb.  Then, via do_install_append() a copy of
   this file and a symlink are added to the datadir (part of
   do_install step)
2. Kernel build then picks up the u-boot dtb from the datadir and
   adds the public key information during mkimage call in "Step 7"
   of kernel-fitimage.bbclass::do_assemble_fitimage().  The build
   system makes sure that we add the signed version of the u-boot
   dtb by adding do_assemble_fitimage() as a dependency to u-boot's
   do_populate_sysroot() step.
3. u-boot do_deploy then executes a new *postfuncs* hook for
   "concat_dtb" which deploys a re-created u-boot binary (appended
   dtb now has public key).

However, the actual code which adds the handler to u-boot's do_deploy,
sets the hook addition as "prefuncs".  This ends up creating a very
racy build which for me was deploying the wrong u-boot binary because
concat_dtb was running before the fitimage was being assembled
(and adding the public key to the u-boot.dtb)

Let's set the concat_dtb step to "postfuncs" as the comment claims
which fixes the order of operations and generates the correct
u-boot.bin in the deploy directory.

Signed-off-by: Michael Scott <mike at foundries.io>
---
 meta/classes/uboot-sign.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 8beafff7c0..202b18502b 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -125,5 +125,5 @@ python () {
         # kernerl's do_deploy is a litle special, so we can't use
         # do_deploy_append, otherwise it would override
         # kernel_do_deploy.
-        d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb')
+        d.appendVarFlag('do_deploy', 'postfuncs', ' concat_dtb')
 }
-- 
2.21.0

More information about the Openembedded-core mailing list