From bbe6bff1ae665ef6452e025e61e5fc00ee91f140 Mon Sep 17 00:00:00 2001 From: hanwckf Date: Mon, 17 Oct 2022 01:58:02 +0800 Subject: [PATCH] image: add hash info to itb --- include/image-commands.mk | 5 +- include/image.mk | 12 ++++- scripts/mkits.sh | 109 ++++++++++++++++++++++++++++++++++---- 3 files changed, 113 insertions(+), 13 deletions(-) diff --git a/include/image-commands.mk b/include/image-commands.mk index debfb5a98a..f5df8b7a0d 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -202,8 +202,9 @@ define Build/fit $(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \ -a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \ $(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \ - -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \ - -A $(LINUX_KARCH) -v $(LINUX_VERSION) + -c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \ + -A $(LINUX_KARCH) -v $(LINUX_VERSION) \ + $(if $(CONFIG_TARGET_ROOTFS_SQUASHFS),-R $(ROOTFS/squashfs/$(DEVICE_NAME))) PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new @mv $@.new $@ endef diff --git a/include/image.mk b/include/image.mk index 6c7f64561d..4ee7f1449b 100644 --- a/include/image.mk +++ b/include/image.mk @@ -554,6 +554,16 @@ define Device/Build/kernel ifdef CONFIG_IB install: $$(KDIR_KERNEL_IMAGE) endif + ifneq ($$(filter squashfs,$(2)),) + # Force squashfs to be built before generating kernel image + ROOTFS/squashfs/$(1) := \ + $(KDIR)/root.squashfs$$(strip \ + $$(if $$(FS_OPTIONS/squashfs),+fs=$$(call param_mangle,$$(FS_OPTIONS/squashfs))) \ + )$$(strip \ + $(if $(TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(1))) \ + ) + $$(KDIR_KERNEL_IMAGE): $$(ROOTFS/squashfs/$(1)) + endif $$(KDIR_KERNEL_IMAGE): $(KDIR)/$$(KERNEL_NAME) $(CURDIR)/Makefile $$(KERNEL_DEPENDS) image_prepare @rm -f $$@ $$(call concat_cmd,$$(KERNEL)) @@ -638,7 +648,7 @@ endef define Device/Build $(if $(CONFIG_TARGET_ROOTFS_INITRAMFS),$(call Device/Build/initramfs,$(1))) - $(call Device/Build/kernel,$(1)) + $(call Device/Build/kernel,$(1),$$(filter $(TARGET_FILESYSTEMS),$$(FILESYSTEMS))) $$(eval $$(foreach compile,$$(COMPILE), \ $$(call Device/Build/compile,$$(compile),$(1)))) diff --git a/scripts/mkits.sh b/scripts/mkits.sh index bb629d6fca..1c7f292618 100755 --- a/scripts/mkits.sh +++ b/scripts/mkits.sh @@ -17,6 +17,7 @@ usage() { printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")" printf " -v version -k kernel [-D name -n address -d dtb] -o its_file" + printf " [-s script] [-S key_name_hint] [-r ar_ver] [-R rootfs]" printf "\n\t-A ==> set architecture to 'arch'" printf "\n\t-C ==> set compression type 'comp'" @@ -28,13 +29,17 @@ usage() { printf "\n\t-D ==> human friendly Device Tree Blob 'name'" printf "\n\t-n ==> fdt unit-address 'address'" printf "\n\t-d ==> include Device Tree Blob 'dtb'" - printf "\n\t-o ==> create output file 'its_file'\n" + printf "\n\t-o ==> create output file 'its_file'" + printf "\n\t-s ==> include u-boot script 'script'" + printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'" + printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)" + printf "\n\t-R ==> specify rootfs file for embedding hash\n" exit 1 } FDTNUM=1 -while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION +while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:R:" OPTION do case $OPTION in A ) ARCH=$OPTARG;; @@ -48,6 +53,10 @@ do n ) FDTNUM=$OPTARG;; o ) OUTPUT=$OPTARG;; v ) VERSION=$OPTARG;; + s ) UBOOT_SCRIPT=$OPTARG;; + S ) KEY_NAME_HINT=$OPTARG;; + r ) AR_VER=$OPTARG;; + R ) ROOTFS_FILE=$OPTARG;; * ) echo "Invalid option passed to '$0' (options:$*)" usage;; esac @@ -65,21 +74,95 @@ ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]') # Conditionally create fdt information if [ -n "${DTB}" ]; then FDT_NODE=" - fdt@$FDTNUM { + fdt-$FDTNUM { description = \"${ARCH_UPPER} OpenWrt ${DEVICE} device tree blob\"; data = /incbin/(\"${DTB}\"); type = \"flat_dt\"; arch = \"${ARCH}\"; compression = \"none\"; - hash@1 { + hash-1 { algo = \"crc32\"; }; - hash@2 { + hash-2 { algo = \"sha1\"; }; }; " - FDT_PROP="fdt = \"fdt@$FDTNUM\";" + FDT_PROP="fdt = \"fdt-$FDTNUM\";" +fi + +# Conditionally create rootfs hash information +if [ -f "${ROOTFS_FILE}" ]; then + ROOTFS_SIZE=$(stat -c %s ${ROOTFS_FILE}) + + ROOTFS_SHA1=$(sha1sum ${ROOTFS_FILE} | awk '{print "<0x"substr($0,1,8) " 0x"substr($0,9,8) " 0x"substr($0,17,8) " 0x"substr($0,25,8) " 0x"substr($0,33,8) ">"}') + ROOTFS_CRC32=$(crc32sum ${ROOTFS_FILE}) + + ROOTFS=" + rootfs { + size = <${ROOTFS_SIZE}>; + + hash-1 { + value = <0x${ROOTFS_CRC32}>; + algo = \"crc32\"; + }; + + hash-2 { + value = ${ROOTFS_SHA1}; + algo = \"sha1\"; + }; + }; +" +fi + +# Conditionally create script information +if [ -n "${UBOOT_SCRIPT}" ]; then + SCRIPT="\ + script-1 { + description = \"U-Boot Script\"; + data = /incbin/(\"${UBOOT_SCRIPT}\"); + type = \"script\"; + arch = \"${ARCH}\"; + os = \"linux\"; + load = <0>; + entry = <0>; + compression = \"none\"; + hash-1 { + algo = \"crc32\"; + }; + hash-2 { + algo = \"sha1\"; + }; + };\ +" + LOADABLES="\ + loadables = \"script-1\";\ +" + SIGN_IMAGES="\ + sign-images = \"fdt\", \"kernel\", \"loadables\";\ +" +else + SIGN_IMAGES="\ + sign-images = \"fdt\", \"kernel\";\ +" +fi + +# Conditionally create signature information +if [ -n "${KEY_NAME_HINT}" ]; then + SIGNATURE="\ + signature { + algo = \"sha1,rsa2048\"; + key-name-hint = \"${KEY_NAME_HINT}\"; +${SIGN_IMAGES} + };\ +" +fi + +# Conditionally create anti-rollback version information +if [ -n "${AR_VER}" ]; then + FW_AR_VER="\ + fw_ar_ver = <${AR_VER}>;\ +" fi # Create a default, fully populated DTS file @@ -90,7 +173,7 @@ DATA="/dts-v1/; #address-cells = <1>; images { - kernel@1 { + kernel-1 { description = \"${ARCH_UPPER} OpenWrt Linux-${VERSION}\"; data = /incbin/(\"${KERNEL}\"); type = \"kernel\"; @@ -99,22 +182,28 @@ DATA="/dts-v1/; compression = \"${COMPRESS}\"; load = <${LOAD_ADDR}>; entry = <${ENTRY_ADDR}>; - hash@1 { + hash-1 { algo = \"crc32\"; }; - hash@2 { + hash-2 { algo = \"sha1\"; }; }; ${FDT_NODE} +${SCRIPT} }; +${ROOTFS} + configurations { default = \"${CONFIG}\"; ${CONFIG} { description = \"OpenWrt\"; - kernel = \"kernel@1\"; +${FW_AR_VER} +${LOADABLES} + kernel = \"kernel-1\"; ${FDT_PROP} +${SIGNATURE} }; }; };"