[OE-core] [PATCH] uboot-sign: change u-boot do_deploy concat_dtb() hook to postfuncs
Michael Scott
mike at foundries.io
Mon May 20 17:45:32 UTC 2019
The u-boot signing process consists of 3 actions which must happen in
the right order in order to generate a correct u-boot.dtb with the
public key information which is appended to the u-boot binary.
This process is described in a long comment at the top of
uboot-sign.bbclass:
1. u-boot build generates initial version of u-boot binary and
appended u-boot.dtb. Then, via do_install_append() a copy of
this file and a symlink are added to the datadir (part of
do_install step)
2. Kernel build then picks up the u-boot dtb from the datadir and
adds the public key information during mkimage call in "Step 7"
of kernel-fitimage.bbclass::do_assemble_fitimage(). The build
system makes sure that we add the signed version of the u-boot
dtb by adding do_assemble_fitimage() as a dependency to u-boot's
do_populate_sysroot() step.
3. u-boot do_deploy then executes a new *postfuncs* hook for
"concat_dtb" which deploys a re-created u-boot binary (appended
dtb now has public key).
However, the actual code which adds the handler to u-boot's do_deploy,
sets the hook addition as "prefuncs". This ends up creating a very
racy build which for me was deploying the wrong u-boot binary because
concat_dtb was running before the fitimage was being assembled
(and adding the public key to the u-boot.dtb)
Let's set the concat_dtb step to "postfuncs" as the comment claims
which fixes the order of operations and generates the correct
u-boot.bin in the deploy directory.
Signed-off-by: Michael Scott <mike at foundries.io>
---
meta/classes/uboot-sign.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 8beafff7c0..202b18502b 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -125,5 +125,5 @@ python () {
# kernerl's do_deploy is a litle special, so we can't use
# do_deploy_append, otherwise it would override
# kernel_do_deploy.
- d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb')
+ d.appendVarFlag('do_deploy', 'postfuncs', ' concat_dtb')
}
--
2.21.0
More information about the Openembedded-core
mailing list