image: add hash info to itb

include/image-commands.mk

@@ -202,8 +202,9 @@ define Build/fit
 		$(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \
 		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
 		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
-		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
+		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
+		-A $(LINUX_KARCH) -v $(LINUX_VERSION) \
+		$(if $(CONFIG_TARGET_ROOTFS_SQUASHFS),-R $(ROOTFS/squashfs/$(DEVICE_NAME)))
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef

include/image.mk

@@ -554,6 +554,16 @@ define Device/Build/kernel
     ifdef CONFIG_IB
       install: $$(KDIR_KERNEL_IMAGE)
     endif
+    ifneq ($$(filter squashfs,$(2)),)
+      # Force squashfs to be built before generating kernel image
+      ROOTFS/squashfs/$(1) := \
+	$(KDIR)/root.squashfs$$(strip \
+		$$(if $$(FS_OPTIONS/squashfs),+fs=$$(call param_mangle,$$(FS_OPTIONS/squashfs))) \
+	)$$(strip \
+		$(if $(TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(1))) \
+	)
+      $$(KDIR_KERNEL_IMAGE): $$(ROOTFS/squashfs/$(1))
+    endif
     $$(KDIR_KERNEL_IMAGE): $(KDIR)/$$(KERNEL_NAME) $(CURDIR)/Makefile $$(KERNEL_DEPENDS) image_prepare
 	@rm -f $$@
 	$$(call concat_cmd,$$(KERNEL))
@@ -638,7 +648,7 @@ endef
 
 define Device/Build
   $(if $(CONFIG_TARGET_ROOTFS_INITRAMFS),$(call Device/Build/initramfs,$(1)))
-  $(call Device/Build/kernel,$(1))
+  $(call Device/Build/kernel,$(1),$$(filter $(TARGET_FILESYSTEMS),$$(FILESYSTEMS)))
 
   $$(eval $$(foreach compile,$$(COMPILE), \
     $$(call Device/Build/compile,$$(compile),$(1))))

scripts/mkits.sh

@@ -17,6 +17,7 @@
 usage() {
 	printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")"
 	printf " -v version -k kernel [-D name -n address -d dtb] -o its_file"
+	printf " [-s script] [-S key_name_hint] [-r ar_ver] [-R rootfs]"
 
 	printf "\n\t-A ==> set architecture to 'arch'"
 	printf "\n\t-C ==> set compression type 'comp'"
@@ -28,13 +29,17 @@ usage() {
 	printf "\n\t-D ==> human friendly Device Tree Blob 'name'"
 	printf "\n\t-n ==> fdt unit-address 'address'"
 	printf "\n\t-d ==> include Device Tree Blob 'dtb'"
-	printf "\n\t-o ==> create output file 'its_file'\n"
+	printf "\n\t-o ==> create output file 'its_file'"
+	printf "\n\t-s ==> include u-boot script 'script'"
+	printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'"
+	printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)"
+	printf "\n\t-R ==> specify rootfs file for embedding hash\n"
 	exit 1
 }
 
 FDTNUM=1
 
-while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION
+while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:R:" OPTION
 do
 	case $OPTION in
 		A ) ARCH=$OPTARG;;
@@ -48,6 +53,10 @@ do
 		n ) FDTNUM=$OPTARG;;
 		o ) OUTPUT=$OPTARG;;
 		v ) VERSION=$OPTARG;;
+		s ) UBOOT_SCRIPT=$OPTARG;;
+		S ) KEY_NAME_HINT=$OPTARG;;
+		r ) AR_VER=$OPTARG;;
+		R ) ROOTFS_FILE=$OPTARG;;
 		* ) echo "Invalid option passed to '$0' (options:$*)"
 		usage;;
 	esac
@@ -65,21 +74,95 @@ ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
 # Conditionally create fdt information
 if [ -n "${DTB}" ]; then
 	FDT_NODE="
-		fdt@$FDTNUM {
+		fdt-$FDTNUM {
 			description = \"${ARCH_UPPER} OpenWrt ${DEVICE} device tree blob\";
 			data = /incbin/(\"${DTB}\");
 			type = \"flat_dt\";
 			arch = \"${ARCH}\";
 			compression = \"none\";
-			hash@1 {
+			hash-1 {
 				algo = \"crc32\";
 			};
-			hash@2 {
+			hash-2 {
 				algo = \"sha1\";
 			};
 		};
 "
-	FDT_PROP="fdt = \"fdt@$FDTNUM\";"
+	FDT_PROP="fdt = \"fdt-$FDTNUM\";"
+fi
+
+# Conditionally create rootfs hash information
+if [ -f "${ROOTFS_FILE}" ]; then
+	ROOTFS_SIZE=$(stat -c %s ${ROOTFS_FILE})
+
+	ROOTFS_SHA1=$(sha1sum ${ROOTFS_FILE} | awk '{print "<0x"substr($0,1,8) " 0x"substr($0,9,8) " 0x"substr($0,17,8) " 0x"substr($0,25,8) " 0x"substr($0,33,8) ">"}')
+	ROOTFS_CRC32=$(crc32sum ${ROOTFS_FILE})
+
+	ROOTFS="
+	rootfs {
+		size = <${ROOTFS_SIZE}>;
+
+		hash-1 {
+			value = <0x${ROOTFS_CRC32}>;
+			algo = \"crc32\";
+		};
+
+		hash-2 {
+			value = ${ROOTFS_SHA1};
+			algo = \"sha1\";
+		};
+	};
+"
+fi
+
+# Conditionally create script information
+if [ -n "${UBOOT_SCRIPT}" ]; then
+	SCRIPT="\
+		script-1 {
+			description = \"U-Boot Script\";
+			data = /incbin/(\"${UBOOT_SCRIPT}\");
+			type = \"script\";
+			arch = \"${ARCH}\";
+			os = \"linux\";
+			load = <0>;
+			entry = <0>;
+			compression = \"none\";
+			hash-1 {
+				algo = \"crc32\";
+			};
+			hash-2 {
+				algo = \"sha1\";
+			};
+		};\
+"
+	LOADABLES="\
+			loadables = \"script-1\";\
+"
+	SIGN_IMAGES="\
+				sign-images = \"fdt\", \"kernel\", \"loadables\";\
+"
+else
+	SIGN_IMAGES="\
+				sign-images = \"fdt\", \"kernel\";\
+"
+fi
+
+# Conditionally create signature information
+if [ -n "${KEY_NAME_HINT}" ]; then
+	SIGNATURE="\
+			signature {
+				algo = \"sha1,rsa2048\";
+				key-name-hint = \"${KEY_NAME_HINT}\";
+${SIGN_IMAGES}
+			};\
+"
+fi
+
+# Conditionally create anti-rollback version information
+if [ -n "${AR_VER}" ]; then
+	FW_AR_VER="\
+			fw_ar_ver = <${AR_VER}>;\
+"
 fi
 
 # Create a default, fully populated DTS file
@@ -90,7 +173,7 @@ DATA="/dts-v1/;
 	#address-cells = <1>;
 
 	images {
-		kernel@1 {
+		kernel-1 {
 			description = \"${ARCH_UPPER} OpenWrt Linux-${VERSION}\";
 			data = /incbin/(\"${KERNEL}\");
 			type = \"kernel\";
@@ -99,22 +182,28 @@ DATA="/dts-v1/;
 			compression = \"${COMPRESS}\";
 			load = <${LOAD_ADDR}>;
 			entry = <${ENTRY_ADDR}>;
-			hash@1 {
+			hash-1 {
 				algo = \"crc32\";
 			};
-			hash@2 {
+			hash-2 {
 				algo = \"sha1\";
 			};
 		};
 ${FDT_NODE}
+${SCRIPT}
 	};
 
+${ROOTFS}
+
 	configurations {
 		default = \"${CONFIG}\";
 		${CONFIG} {
 			description = \"OpenWrt\";
-			kernel = \"kernel@1\";
+${FW_AR_VER}
+${LOADABLES}
+			kernel = \"kernel-1\";
 			${FDT_PROP}
+${SIGNATURE}
 		};
 	};
 };"