mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-07 16:59:30 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp/corstone1000: Refactor image signing to use new bbclass

Browse Source 
The prevoius commit refactored trusted-firmware-m-sign-host-images.inc
into tfm_sign_image.bbclass.

Move the image signing logic from the TF-M bbappend to
corstone1000-image.bb, using the new bbclass.

Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ib76dce2ba9102e343d0611d929250d1d8aee518b
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Peter Hoyes
2022-10-03 12:29:59 +01:00
committed by Jon Mason
parent 97c7e9f08e
commit fc26f65b1c
4 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm-bsp/conf/machine/include/corstone1000.inc
+1 -1
View File
@@ -18,7 +18,7 @@ TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${S}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
RE_IMAGE_OFFSET = "0x1000"
# u-boot
meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+20 -1
View File
@@ -6,8 +6,27 @@ LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
inherit image
inherit wic_nopt
inherit wic_nopt tfm_sign_image
PACKAGE_INSTALL = ""
IMAGE_FSTYPES += "wic wic.nopt"
do_sign_images() {
# Sign TF-A BL2
sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
# Update BL2 in the FIP image
cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \
${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
# Sign the FIP image
sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
}
do_sign_images[depends] = "\
trusted-firmware-a:do_populate_sysroot \
fiptool-native:do_populate_sysroot \
"
meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
-3
View File
@@ -37,6 +37,3 @@ EXTRA_OEMAKE:append = " \
BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
LOG_LEVEL=50 \
"
# trigger TF-M build so TF-A binaries get signed
do_deploy[depends]+= "virtual/trusted-firmware-m:do_prepare_recipe_sysroot"
meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
-17
View File
@@ -25,25 +25,8 @@ SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam
SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${WORKDIR}/git/openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
DEPENDS += "trusted-firmware-a"
# adding host images signing support
require trusted-firmware-m-sign-host-images.inc
do_install() {
install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin
install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin
#
# Signing TF-A BL2 and the FIP image
#
sign_host_image ${TFA_BL2_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
fiptool update \
--tb-fw ${D}/firmware/signed_${TFA_BL2_BINARY} \
${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY}
sign_host_image ${TFA_FIP_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
}