him411/gl-infra-builder-FUjr
1
0
Fork 0
mirror of https://github.com/FUjr/gl-infra-builder.git synced 2025-12-16 17:15:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7fc37226f3
gl-infra-builder-FUjr/patches-mt798x/0005-image-secure-boot-and-anti-rollback-support.patch
Jianhui Zhao 15eee0e27c gl-mt6000: new device 
```
python3 setup.py -c configs/config-mt798x.yml
cd mt798x
./scripts/gen_config.py target_mt7986_gl-mt6000 glinet_mt7986_wifi glinet_mt6000
make -j $(nproc)

```

Signed-off-by: Jianhui Zhao <jianhui.zhao@gl-inet.com>
2023-05-19 11:29:32 +08:00

142 lines
5.4 KiB
Diff
Raw Blame History

From 5d264e369565b38ca3ac4be8dac7a40912ebff8e Mon Sep 17 00:00:00 2001
From: Jianhui Zhao <jianhui.zhao@gl-inet.com>
Date: Wed, 17 May 2023 15:10:40 +0800
Subject: [PATCH 8/9] image: secure boot and anti rollback support
Signed-off-by: Jianhui Zhao <jianhui.zhao@gl-inet.com>
---
include/image-commands.mk | 7 +++---
include/image.mk | 48 ++++++++++++++++++++++++++++-----------
2 files changed, 39 insertions(+), 16 deletions(-)
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 4d54a14ba4..8d77d5dc80 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -87,7 +87,7 @@ define Build/append-ubi
$(if $(UBOOTENV_IN_UBI),--uboot-env) \
$(if $(KERNEL_IN_UBI),--kernel $(IMAGE_KERNEL)) \
$(foreach part,$(UBINIZE_PARTS),--part $(part)) \
- $(IMAGE_ROOTFS) \
+ $(call param_get_default,rootfs,$(1),$(IMAGE_ROOTFS)) \
$@.tmp \
-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
@@ -202,8 +202,9 @@ define Build/fit
$(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \
-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
- -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
- -A $(LINUX_KARCH) -v $(LINUX_VERSION)
+ -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
+ -A $(LINUX_KARCH) -v $(LINUX_VERSION) \
+ $(if $(CONFIG_TARGET_ROOTFS_SQUASHFS),-R $(ROOTFS/squashfs/$(DEVICE_NAME)))
PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
@mv $@.new $@
endef
diff --git a/include/image.mk b/include/image.mk
index b6e8ab3c84..92d343c6b7 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -227,8 +227,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))
define Image/mkfs/squashfs-common
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
-nopad -noappend -root-owned \
- -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
- -processors 1
+ -comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
endef
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
@@ -441,6 +440,9 @@ else
DEVICE_CHECK_PROFILE = $(CONFIG_TARGET_$(if $(CONFIG_TARGET_MULTI_PROFILE),DEVICE_)$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_$(1))
endif
+DEVICE_CHECK_FIT_KEY = $(if $(wildcard $(FIT_KEY_DIR)/$(FIT_KEY_NAME).key),install-images,install-disabled)
+DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-images)
+
DEVICE_EXTRA_PACKAGES = $(call qstrip,$(CONFIG_TARGET_DEVICE_PACKAGES_$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_DEVICE_$(1)))
define merge_packages
@@ -463,7 +465,7 @@ endef
define Device/Check
$(Device/Check/Common)
KDIR_KERNEL_IMAGE := $(KDIR)/$(1)$$(KERNEL_SUFFIX)
- _TARGET := $$(if $$(_PROFILE_SET),install-images,install-disabled)
+ _TARGET := $$(if $$(_PROFILE_SET),$$(DEVICE_CHECK_FIT_DIR),install-disabled)
ifndef IB
_COMPILE_TARGET := $$(if $(CONFIG_IB)$$(_PROFILE_SET),compile,compile-disabled)
endif
@@ -525,6 +527,21 @@ define Device/Build/compile
endef
+define Device/Build/per-device-fs
+ ROOTFS/$(1)/$(3) := \
+ $(KDIR)/root.$(1)$$(strip \
+ $$(if $$(FS_OPTIONS/$(1)),+fs=$$(call param_mangle,$$(FS_OPTIONS/$(1)))) \
+ )$$(strip \
+ $(if $(TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(3))) \
+ )
+ ifndef IB
+ $$(ROOTFS/$(1)/$(3)): $(if $(TARGET_PER_DEVICE_ROOTFS),target-dir-$$(ROOTFS_ID/$(3)))
+ endif
+
+ $$(KDIR_KERNEL_IMAGE): $$(ROOTFS/$(1)/$(3))
+
+endef
+
ifndef IB
define Device/Build/dtb
ifndef BUILD_DTS_$(1)
@@ -555,6 +572,16 @@ define Device/Build/kernel
ifdef CONFIG_IB
install: $$(KDIR_KERNEL_IMAGE)
endif
+ ifneq ($$(filter squashfs,$(2)),)
+ # Force squashfs to be built before generating kernel image
+ ROOTFS/squashfs/$(1) := \
+ $(KDIR)/root.squashfs$$(strip \
+ $$(if $$(FS_OPTIONS/squashfs),+fs=$$(call param_mangle,$$(FS_OPTIONS/squashfs))) \
+ )$$(strip \
+ $(if $(TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(1))) \
+ )
+ $$(KDIR_KERNEL_IMAGE): $$(ROOTFS/squashfs/$(1))
+ endif
$$(KDIR_KERNEL_IMAGE): $(KDIR)/$$(KERNEL_NAME) $(CURDIR)/Makefile $$(KERNEL_DEPENDS) image_prepare
@rm -f $$@
$$(call concat_cmd,$$(KERNEL))
@@ -569,15 +596,6 @@ define Device/Build/image
$(BIN_DIR)/$(call IMAGE_NAME,$(1),$(2))$$(GZ_SUFFIX))
$(eval $(call Device/Export,$(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2)),$(1)))
- ROOTFS/$(1)/$(3) := \
- $(KDIR)/root.$(1)$$(strip \
- $$(if $$(FS_OPTIONS/$(1)),+fs=$$(call param_mangle,$$(FS_OPTIONS/$(1)))) \
- )$$(strip \
- $(if $(TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(3))) \
- )
- ifndef IB
- $$(ROOTFS/$(1)/$(3)): $(if $(TARGET_PER_DEVICE_ROOTFS),target-dir-$$(ROOTFS_ID/$(3)))
- endif
$(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2)): $$(KDIR_KERNEL_IMAGE) $$(ROOTFS/$(1)/$(3))
@rm -f $$@
[ -f $$(word 1,$$^) -a -f $$(word 2,$$^) ]
@@ -638,8 +656,12 @@ define Device/Build/artifact
endef
define Device/Build
+ $$(eval $$(foreach image,$$(IMAGES), \
+ $$(foreach fs,$$(filter $(TARGET_FILESYSTEMS),$$(FILESYSTEMS)), \
+ $$(call Device/Build/per-device-fs,$$(fs),$$(image),$(1)))))
+
$(if $(CONFIG_TARGET_ROOTFS_INITRAMFS),$(call Device/Build/initramfs,$(1)))
- $(call Device/Build/kernel,$(1))
+ $(call Device/Build/kernel,$(1),$$(filter $(TARGET_FILESYSTEMS),$$(FILESYSTEMS)))
$$(eval $$(foreach compile,$$(COMPILE), \
$$(call Device/Build/compile,$$(compile),$(1))))
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink