From 19767152e3bfb427a135f5366fc5b496341f121d Mon Sep 17 00:00:00 2001 From: Peter Hoyes Date: Wed, 22 Feb 2023 12:04:41 +0000 Subject: [PATCH] arm/classes: Add sstate support to tfm_sign_images Defining a task called do_deploy in an image recipe causes the license_image bbclass in OE-core to think the recipe is not an image recipe, which causes errors with license information collection if you have an image recipe which depends on an image recipe using this bbclass. To fix this, and to add support for caching the signed binaries, use a single task, do_sign_images (and its setscene task). The implementation is based on deploy.bbclass, so the sstate is responsible for installing the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name so that license information collection still works as expected. Signed-off-by: Peter Hoyes Signed-off-by: Jon Mason --- .../recipes-bsp/images/corstone1000-image.bb | 3 +- meta-arm/classes/tfm_sign_image.bbclass | 28 +++++++++---------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb index 932b1619..3a1639ea 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb @@ -24,7 +24,8 @@ do_sign_images() { # Update BL2 in the FIP image cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} . - fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \ + fiptool update --tb-fw \ + ${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \ ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} # Sign the FIP image diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass index 5ba57dc8..24df7682 100644 --- a/meta-arm/classes/tfm_sign_image.bbclass +++ b/meta-arm/classes/tfm_sign_image.bbclass @@ -6,28 +6,28 @@ # * Write the signing logic, which may call the function sign_host_image, # described below -inherit python3native deploy +inherit python3native # The output and working directory TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images" +TFM_IMAGE_SIGN_DEPLOY_DIR = "${WORKDIR}/deploy-tfm-signed-images" +SSTATETASKS += "do_sign_images" +do_sign_images[sstate-inputdirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR}" +do_sign_images[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[cleandirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[stamp-extra-info] = "${MACHINE_ARCH}" tfm_sign_image_do_sign_images() { : } -addtask sign_images after do_configure before do_compile -do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}" +addtask sign_images after do_prepare_recipe_sysroot before do_image +EXPORT_FUNCTIONS do_sign_images -tfm_sign_image_do_deploy() { - : +python do_sign_images_setscene () { + sstate_setscene(d) } -addtask deploy after do_sign_images - -deploy_signed_images() { - cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/ -} -do_deploy[postfuncs] += "deploy_signed_images" - -EXPORT_FUNCTIONS do_sign_images do_deploy +addtask do_sign_images_setscene DEPENDS += "trusted-firmware-m-scripts-native" @@ -77,7 +77,7 @@ enum image_attributes { }; EOF - host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")" + host_binary_signed="${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_$(basename "${1}")" ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \ ${TFM_IMAGE_SIGN_ARGS} \