diff options
author | Lei YU <mine260309@gmail.com> | 2018-05-23 09:01:14 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-07-16 05:12:29 +0300 |
commit | a467494a2ebf94a0145ada9b8b2d85fc92b90b9d (patch) | |
tree | 207b8e2fb28062dd26abddf085a4224f748e125b /meta-phosphor/classes/image_types_phosphor.bbclass | |
parent | c763ceb45a0012c46345090690f018c1e8d8d7f5 (diff) | |
download | openbmc-a467494a2ebf94a0145ada9b8b2d85fc92b90b9d.tar.xz |
Add manifest and signature for fixed flash layout
In generated fixed flash layout tarball, add manifest and signature
which can be used for code update by phosphor-software-manager.
Tested: Verify the generated static tar contains image(s), manifest,
public key and their signatures.
Verify that all.tar can be used to do code update by both
legacy method (org.openbmc.control.BmcFlash.service) and
phosphor-software-manager.
Change-Id: Ib6880c8a6d456cce6b0fd47116960d1d448d5d50
Signed-off-by: Lei YU <mine260309@gmail.com>
Diffstat (limited to 'meta-phosphor/classes/image_types_phosphor.bbclass')
-rw-r--r-- | meta-phosphor/classes/image_types_phosphor.bbclass | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/meta-phosphor/classes/image_types_phosphor.bbclass b/meta-phosphor/classes/image_types_phosphor.bbclass index 97b0bafce..16e47dd7b 100644 --- a/meta-phosphor/classes/image_types_phosphor.bbclass +++ b/meta-phosphor/classes/image_types_phosphor.bbclass @@ -223,8 +223,17 @@ do_generate_static[depends] += " \ " do_generate_static_alltar() { + ln -sf ${S}/MANIFEST MANIFEST + ln -sf ${S}/publickey publickey ln -sf ${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.static.mtd image-bmc - tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.static.mtd.all.tar image-bmc + + for file in image-bmc MANIFEST publickey; do + openssl dgst -sha256 -sign ${SIGNING_KEY} -out "${file}.sig" $file + signature_files="${signature_files} ${file}.sig" + done + + tar -h -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}.static.mtd.all.tar \ + image-bmc MANIFEST publickey ${signature_files} cd ${IMGDEPLOYDIR} @@ -234,9 +243,15 @@ do_generate_static_alltar() { # Maintain non-standard legacy link. ln -sf ${IMAGE_NAME}.static.mtd.all.tar \ ${IMGDEPLOYDIR}/${MACHINE}-${DATETIME}.all.tar + } do_generate_static_alltar[vardepsexclude] = "DATETIME" do_generate_static_alltar[dirs] = "${S}/static" +do_generate_static_alltar[depends] += " \ + openssl-native:do_populate_sysroot \ + ${SIGNING_KEY_DEPENDS} \ + ${PN}:do_copy_signing_pubkey \ + " make_image_links() { rwfs=$1 @@ -266,8 +281,14 @@ make_tar_of_images() { } do_generate_static_tar() { + ln -sf ${S}/MANIFEST MANIFEST + ln -sf ${S}/publickey publickey make_image_links ${OVERLAY_BASETYPE} ${IMAGE_BASETYPE} - make_tar_of_images static + for file in image-u-boot image-kernel image-rofs image-rwfs MANIFEST publickey; do + openssl dgst -sha256 -sign ${SIGNING_KEY} -out "${file}.sig" $file + signature_files="${signature_files} ${file}.sig" + done + make_tar_of_images static MANIFEST publickey ${signature_files} # Maintain non-standard legacy link. cd ${IMGDEPLOYDIR} @@ -278,6 +299,9 @@ do_generate_static_tar[depends] += " \ ${PN}:do_image_${@d.getVar('IMAGE_BASETYPE', True).replace('-', '_')} \ virtual/kernel:do_deploy \ u-boot:do_populate_sysroot \ + openssl-native:do_populate_sysroot \ + ${SIGNING_KEY_DEPENDS} \ + ${PN}:do_copy_signing_pubkey \ " do_generate_static_tar[vardepsexclude] = "DATETIME" @@ -357,12 +381,12 @@ python() { bb.build.addtask( 'do_generate_static_alltar', 'do_image_complete', - 'do_generate_static', d) + 'do_generate_static do_generate_phosphor_manifest', d) if 'mtd-static-tar' in types: bb.build.addtask( 'do_generate_static_tar', 'do_image_complete', - 'do_generate_rwfs_static', d) + 'do_generate_rwfs_static do_generate_phosphor_manifest', d) if 'mtd-ubi' in types: bb.build.addtask( |