From 2986626843658bffc5ca1a0cbe5d8c9fbac7a260 Mon Sep 17 00:00:00 2001
From: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Date: Fri, 22 Nov 2024 08:00:00 -0700
Subject: [PATCH] uboot-sign: fix U-Boot binary with public key

Fixes [YOCTO #15649]

The U-Boot binary in the "deploy" directory is missing the public key
when the removed logic branch is used.

The simple concatenation of the binary and DTB with public key works as
expected on a BeagleBone Black.

Given:
MACHINE = beaglebone-yocto
UBOOT_SIGN_KEYNAME = "dev"

Post-patch (poky/build/tmp/deploy/images/beaglebone-yocto):
$ hexdump -e "16 \"%_p\" \"\\n\"" u-boot-beaglebone-yocto.dtb \
| tr -d '\n' | grep -o 'key-dev'
key-dev

$ hexdump -e "16 \"%_p\" \"\\n\"" u-boot.img \
| tr -d '\n' | grep -o 'key-dev'
key-dev

Non-Poky BeagleBone Black testing (Scarthgap):
U-Boot 2024.01 [...]
[...]
Using 'conf-ti_omap_am335x-boneblack.dtb' configuration
Verifying Hash Integrity ... sha256,rsa4096:dev+ OK
Trying 'kernel-1' kernel subimage
[...]

(From OE-Core rev: 0d14e99aa18ee38293df63d585fafc270a4538be)

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes-recipe/uboot-sign.bbclass | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index a17be745ce..7ee73b872a 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -122,13 +122,7 @@ concat_dtb() {
 	# If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB
 	# with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble)
 	if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then
-		if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \
-			[ -e "${UBOOT_DTB_BINARY}" ]; then
-			oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET}
-			if [ -n "${binary}" ]; then
-				cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
-			fi
-		elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then
+		if [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then
 			if [ -n "${binary}" ]; then
 				cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \
 					${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}