diff options
Diffstat (limited to 'classes')
-rw-r--r-- | classes/rmc-boot.bbclass | 17 | ||||
-rw-r--r-- | classes/rmc-db.bbclass | 92 | ||||
-rw-r--r-- | classes/uefi-comboapp.bbclass | 151 | ||||
-rw-r--r-- | classes/uefi-sign.bbclass | 50 |
4 files changed, 0 insertions, 310 deletions
diff --git a/classes/rmc-boot.bbclass b/classes/rmc-boot.bbclass deleted file mode 100644 index 37c3e30c..00000000 --- a/classes/rmc-boot.bbclass +++ /dev/null @@ -1,17 +0,0 @@ -# rmc-boot bbclass -# Deploy central RMC database file to ESP - -IMAGE_INSTALL_append = " rmc" -RMC_BOOTLOADER ?= "systemd-boot" - -inherit ${RMC_BOOTLOADER} - -do_bootimg[depends] += "${MLPREFIX}rmc-db:do_deploy" - -efi_populate_append() { - if [ -f ${DEPLOY_DIR_IMAGE}/rmc.db ]; then - install -m 0400 ${DEPLOY_DIR_IMAGE}/rmc.db ${DEST}/rmc.db - else - rm -f ${DEST}/rmc.db - fi -} diff --git a/classes/rmc-db.bbclass b/classes/rmc-db.bbclass deleted file mode 100644 index 72594d69..00000000 --- a/classes/rmc-db.bbclass +++ /dev/null @@ -1,92 +0,0 @@ -# RMC database bbclass -# provide functions to generate RMC database file on build host (native) - -DEPENDS += "rmc-native" - -# rmc_generate_db() -# $1: a list of directories. Each directory holds directories for a group of -# boards. -# $2: path_name of rmc generates database file and records -# -# WARNING: content of directory of database file will be removed. -# -# Each board directory shall contain a fingerprint file (*.fp) at least, with -# optional file blob(s) associated to the type of board. If a board directory -# has no file blob, no record is created for that board. -# -# An example of two directories each of which contains two boards for RMC: -# (All file and directory names are for illustration purpose.) -# -# dir_1/ -# board_1/ -# board_1_fingerprint.fp -# file_1.blob -# board_2/ -# board_2.fp -# dir_2/ -# board_3/ -# b3.fp -# file_1.blob -# file_2.conf -# board_4/ -# board_foo.fp -# mylib.config -# -# To generate a RMC database "rmc.db" with data of all (actually 3) of boards in -# a directory "deploy_dir": -# -# rmc_generate_db "dir_1 dir_2" "deploy_dir/rmc.db" -# -# The board_2 will be skipped. No record or any data for it is packed in -# generated database because it only contains a fingerprint file. -# - -rmc_generate_db () { - RMC_BOARD_DIRS=$1 - - if [ "$#" -ne 2 ]; then - echo "rmc_generate_db(): Wrong number of arguments: $#" - return 1 - fi - - RMC_DB_DIR=$(dirname "$2") - RMC_RECORDS="" - - rm -rf ${RMC_DB_DIR} - mkdir -p ${RMC_DB_DIR} - - # generate rmc database - for topdir in ${RMC_BOARD_DIRS}; do - # For all board dirs in a topdir: - CUR_BOARD_DIRS=$(find ${topdir}/* -type d) - for board_dir in ${CUR_BOARD_DIRS}; do - CUR_FINGERPRINT=$(find ${board_dir}/ -name "*.fp") - - # disallow a board directory without any fingerprint file in it. - if [ -z "${CUR_FINGERPRINT}" ]; then - echo "Cannot find RMC fingerprint file in ${board_dir}" - return 1 - fi - - CUR_FILES=$(find ${board_dir}/ -type f |grep -v '\.fp$' || true) - - # allow a directory only with fingerprint file. Developer may - # check in fingerprint for future use. - if [ -z "${CUR_FILES}" ]; then - continue - fi - - for fp in ${CUR_FINGERPRINT}; do - fullname=$(basename ${fp}) - CUR_TAG="${fullname%.*}" - CUR_RECORD=${RMC_DB_DIR}/${CUR_TAG}.rec - rmc -R -f ${fp} -b ${CUR_FILES} -o ${CUR_RECORD} - RMC_RECORDS="${RMC_RECORDS} ${CUR_RECORD}" - done - done - done - - if [ ! -z "${RMC_RECORDS}" ]; then - rmc -D ${RMC_RECORDS} -o "$2" - fi -} diff --git a/classes/uefi-comboapp.bbclass b/classes/uefi-comboapp.bbclass deleted file mode 100644 index 5c3ca8c9..00000000 --- a/classes/uefi-comboapp.bbclass +++ /dev/null @@ -1,151 +0,0 @@ -# This class brings a more generic version of the UEFI combo app from refkit to meta-intel. -# It uses a combo file, containing kernel, initramfs and -# command line, presented to the BIOS as UEFI application, by prepending -# it with the efi stub obtained from systemd-boot. - -# Don't add syslinux or build an ISO -PCBIOS_forcevariable = "0" -NOISO_forcevariable = "1" - -# image-live.bbclass will default INITRD_LIVE to the image INITRD_IMAGE creates. -# We want behavior to be consistent whether or not "live" is in IMAGE_FSTYPES, so -# we default INITRD_LIVE to the INITRD_IMAGE as well. -INITRD_IMAGE ?= "core-image-minimal-initramfs" -INITRD_LIVE ?= " ${@ ('${DEPLOY_DIR_IMAGE}/' + d.getVar('INITRD_IMAGE', expand=True) + '-${MACHINE}.cpio.gz') if d.getVar('INITRD_IMAGE', True) else ''}" - -do_uefiapp[depends] += " \ - intel-microcode:do_deploy \ - systemd-boot:do_deploy \ - virtual/kernel:do_deploy \ - " - -# INITRD_IMAGE is added to INITRD_LIVE, which we use to create our initrd, so depend on it if it is set -do_uefiapp[depends] += "${@ '${INITRD_IMAGE}:do_image_complete' if d.getVar('INITRD_IMAGE') else ''}" - -# The image does without traditional bootloader. -# In its place, instead, it uses a single UEFI executable binary, which is -# composed by: -# - an UEFI stub -# The linux kernel can generate a UEFI stub, however the one from systemd-boot can fetch -# the command line from a separate section of the EFI application, avoiding the need to -# rebuild the kernel. -# - the kernel -# - an initramfs (optional) - -def create_uefiapp(d, uuid=None, app_suffix=''): - import glob, re - from subprocess import check_call - - build_dir = d.getVar('B') - deploy_dir_image = d.getVar('DEPLOY_DIR_IMAGE') - image_link_name = d.getVar('IMAGE_LINK_NAME') - - cmdline = '%s/cmdline.txt' % build_dir - linux = '%s/%s' % (deploy_dir_image, d.getVar('KERNEL_IMAGETYPE')) - initrd = '%s/initrd' % build_dir - - stub_path = '%s/linux*.efi.stub' % deploy_dir_image - stub = glob.glob(stub_path)[0] - m = re.match(r"\S*(ia32|x64)(.efi)\S*", os.path.basename(stub)) - app = "boot%s%s%s" % (m.group(1), app_suffix, m.group(2)) - executable = '%s/%s.%s' % (deploy_dir_image, image_link_name, app) - - if d.getVar('INITRD_LIVE'): - with open(initrd, 'wb') as dst: - for cpio in d.getVar('INITRD_LIVE').split(): - with open(cpio, 'rb') as src: - dst.write(src.read()) - initrd_cmd = "--add-section .initrd=%s --change-section-vma .initrd=0x3000000 " % initrd - else: - initrd_cmd = "" - - root = 'root=PARTUUID=%s' % uuid if uuid else '' - - with open(cmdline, 'w') as f: - f.write('%s %s' % (d.getVar('APPEND'), root)) - - objcopy_cmd = ("objcopy " - "--add-section .cmdline=%s --change-section-vma .cmdline=0x30000 " - "--add-section .linux=%s --change-section-vma .linux=0x40000 " - "%s %s %s") % \ - (cmdline, linux, initrd_cmd, stub, executable) - - check_call(objcopy_cmd, shell=True) - -python create_uefiapps () { - # We must clean up anything that matches the expected output pattern, to ensure that - # the next steps do not accidentally use old files. - import glob - pattern = d.expand('${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.boot*.efi') - for old_efi in glob.glob(pattern): - os.unlink(old_efi) - uuid = d.getVar('DISK_SIGNATURE_UUID') - create_uefiapp(d, uuid=uuid) -} - -# This is intentionally split into different parts. This way, derived -# classes or images can extend the individual parts. We can also use -# whatever language (shell script or Python) is more suitable. -python do_uefiapp() { - bb.build.exec_func('create_uefiapps', d) -} - -do_uefiapp[vardeps] += "APPEND DISK_SIGNATURE_UUID INITRD_LIVE KERNEL_IMAGETYPE IMAGE_LINK_NAME" - -uefiapp_deploy_at() { - dest=$1 - for i in ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.boot*.efi; do - target=`basename $i` - target=`echo $target | sed -e 's/${IMAGE_LINK_NAME}.//'` - cp --preserve=timestamps -r $i $dest/$target - done -} - -do_uefiapp_deploy() { - rm -rf ${IMAGE_ROOTFS}/boot/* - dest=${IMAGE_ROOTFS}/boot/EFI/BOOT - mkdir -p $dest - uefiapp_deploy_at $dest -} - -do_uefiapp_deploy[depends] += "${PN}:do_uefiapp" - - -# This decides when/how we add our tasks to the image -python () { - image_fstypes = d.getVar('IMAGE_FSTYPES', True) - initramfs_fstypes = d.getVar('INITRAMFS_FSTYPES', True) - - # Don't add any of these tasks to initramfs images - if initramfs_fstypes not in image_fstypes: - bb.build.addtask('uefiapp', 'do_image', 'do_rootfs', d) - bb.build.addtask('uefiapp_deploy', 'do_image', 'do_rootfs', d) -} - -SIGN_AFTER ?= "do_uefiapp" -SIGN_BEFORE ?= "do_uefiapp_deploy" -SIGNING_DIR ?= "${DEPLOY_DIR_IMAGE}" -SIGNING_BINARIES ?= "${IMAGE_LINK_NAME}.boot*.efi" -inherit uefi-sign - -# Legacy hddimg support below this line -efi_hddimg_populate() { - uefiapp_deploy_at "$1" -} - -build_efi_cfg() { - # The command line is built into the combo app, so this is a null op - : -} - -populate_kernel_append() { - # The kernel and initrd are built into the app, so we don't need these - if [ -f $dest/initrd ]; then - rm $dest/initrd - fi - if [ -f $dest/vmlinuz ]; then - rm $dest/vmlinuz - fi -} - -IMAGE_FEATURES[validitems] += "secureboot" diff --git a/classes/uefi-sign.bbclass b/classes/uefi-sign.bbclass deleted file mode 100644 index e8f203b9..00000000 --- a/classes/uefi-sign.bbclass +++ /dev/null @@ -1,50 +0,0 @@ -# By default, sign all .efi binaries in ${B} after compiling and before deploying -SIGNING_DIR ?= "${B}" -SIGNING_BINARIES ?= "*.efi" -SIGN_AFTER ?= "do_compile" -SIGN_BEFORE ?= "do_deploy" - -python () { - import os - import hashlib - - # Ensure that if the signing key or cert change, we rerun the uefiapp process - if bb.utils.contains('IMAGE_FEATURES', 'secureboot', True, False, d): - for varname in ('SECURE_BOOT_SIGNING_CERT', 'SECURE_BOOT_SIGNING_KEY'): - filename = d.getVar(varname) - if filename is None: - bb.fatal('%s is not set.' % varname) - if not os.path.isfile(filename): - bb.fatal('%s=%s is not a file.' % (varname, filename)) - with open(filename, 'rb') as f: - data = f.read() - hash = hashlib.sha256(data).hexdigest() - d.setVar('%s_HASH' % varname, hash) - - # Must reparse and thus rehash on file changes. - bb.parse.mark_dependency(d, filename) - - bb.build.addtask('uefi_sign', d.getVar('SIGN_BEFORE'), d.getVar('SIGN_AFTER'), d) - - # Original binary needs to be regenerated if the hash changes since we overwrite it - # SIGN_AFTER isn't necessarily when it gets generated, but its our best guess - d.appendVarFlag(d.getVar('SIGN_AFTER'), 'vardeps', 'SECURE_BOOT_SIGNING_CERT_HASH SECURE_BOOT_SIGNING_KEY_HASH') -} - -do_uefi_sign() { - if [ -f ${SECURE_BOOT_SIGNING_KEY} ] && [ -f ${SECURE_BOOT_SIGNING_CERT} ]; then - for i in `find ${SIGNING_DIR}/ -name '${SIGNING_BINARIES}'`; do - sbsign --key ${SECURE_BOOT_SIGNING_KEY} --cert ${SECURE_BOOT_SIGNING_CERT} $i - sbverify --cert ${SECURE_BOOT_SIGNING_CERT} $i.signed - mv $i.signed $i - done - fi -} - -do_uefi_sign[depends] += "sbsigntool-native:do_populate_sysroot" - -do_uefi_sign[vardeps] += "SECURE_BOOT_SIGNING_CERT_HASH \ - SECURE_BOOT_SIGNING_KEY_HASH \ - SIGNING_BINARIES SIGNING_DIR \ - SIGN_BEFORE SIGN_AFTER \ - " |