diff options
author | Ed Tanous <ed.tanous@intel.com> | 2019-07-31 20:43:37 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-08-01 18:19:38 +0300 |
commit | d0f63ef62c76c932a2003eaa42c0b250065ae06f (patch) | |
tree | 4c0e3cb32dc80f80460bdbf82ff6d401d4ff194f /meta-openbmc-mods/meta-common/recipes-intel/intel-pfr | |
parent | b4f66bacb1b8e661d794fa7a189e2f66f5092e2e (diff) | |
download | openbmc-d0f63ef62c76c932a2003eaa42c0b250065ae06f.tar.xz |
Update to internal 7-31-19
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-intel/intel-pfr')
11 files changed, 552 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/blocksign b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/blocksign Binary files differnew file mode 100755 index 000000000..69d51d2ba --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/blocksign diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml new file mode 100644 index 000000000..89c3d30ca --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML file for Block Sign Tool -->
+<blocksign>
+ <!-- Block 0 -->
+ <block0>
+ <magic>0xB6EAFD19</magic>
+ <pctype>4</pctype>
+ </block0>
+ <!-- Block 1 -->
+ <block1>
+ <magic>0xF27F28D7</magic>
+ <!-- Root key -->
+ <rkey>
+ <magic>0xA757A046</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>-1</permissions>
+ <keyid>-1</keyid>
+ <pubkey>rk_pub.pem</pubkey>
+ </rkey>
+ <!-- Code signing key -->
+ <cskey>
+ <magic>0x14711C2F</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>8</permissions>
+ <keyid>1</keyid>
+ <pubkey>csk_pub.pem</pubkey>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>rk_prv.pem</signkey>
+ <!--<script>./sign_external.sh</script>-->
+ </cskey>
+ <!-- Signature over Block 0 -->
+ <b0_sig>
+ <magic>0x15364367</magic>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>csk_prv.pem</signkey>
+ </b0_sig>
+ </block1>
+ <!-- CPLD Bitstream Specific -->
+ <padding>
+ <!-- Pad block1 such that combined block length is 1024b -->
+ <blockpad>1024</blockpad>
+ <!-- Align total package to 128 bytes -->
+ <align>128</align>
+ </padding>
+</blocksign>
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem new file mode 100644 index 000000000..a46fa2a2b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFjPqxcb6tfFWyFVaQCVjeN9MtcISpYIbNlkQoODrHTUoAoGCCqGSM49 +AwEHoUQDQgAERGJveRnhIp7I5cvmjO74MJLbUJjTfvTDKlzK0hJB0WRBEFScpb9d +xWLrwj9TNcO+EexnNcjEkF1RYNs6lHavRQ== +-----END EC PRIVATE KEY----- diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem new file mode 100644 index 000000000..cc70d6e28 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERGJveRnhIp7I5cvmjO74MJLbUJjT +fvTDKlzK0hJB0WRBEFScpb9dxWLrwj9TNcO+EexnNcjEkF1RYNs6lHavRQ== +-----END PUBLIC KEY----- diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml new file mode 100644 index 000000000..215fe8783 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML file for Block Sign Tool -->
+<blocksign>
+ <!-- Block 0 -->
+ <block0>
+ <magic>0xB6EAFD19</magic>
+ <pctype>3</pctype>
+ </block0>
+ <!-- Block 1 -->
+ <block1>
+ <magic>0xF27F28D7</magic>
+ <!-- Root key -->
+ <rkey>
+ <magic>0xA757A046</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>-1</permissions>
+ <keyid>-1</keyid>
+ <pubkey>rk_pub.pem</pubkey>
+ </rkey>
+ <!-- Code signing key -->
+ <cskey>
+ <magic>0x14711C2F</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>4</permissions>
+ <keyid>1</keyid>
+ <pubkey>csk_pub.pem</pubkey>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>rk_prv.pem</signkey>
+ <!--<script>./sign_external.sh</script>-->
+ </cskey>
+ <!-- Signature over Block 0 -->
+ <b0_sig>
+ <magic>0x15364367</magic>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>csk_prv.pem</signkey>
+ </b0_sig>
+ </block1>
+ <!-- CPLD Bitstream Specific -->
+ <padding>
+ <!-- Pad block1 such that combined block length is 1024b -->
+ <blockpad>1024</blockpad>
+ <!-- Align total package to 128 bytes -->
+ <align>128</align>
+ </padding>
+</blocksign>
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image-manifest.json b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image-manifest.json new file mode 100644 index 000000000..7890aa700 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image-manifest.json @@ -0,0 +1,63 @@ +{
+ "image-parts": [{
+ "name": "u-boot",
+ "index": 0,
+ "offset": "0",
+ "size": "0x80000",
+ "prot_mask": 31,
+ "pfm": 1,
+ "hash": 1,
+ "compress": 1
+ },
+ {
+ "name": "pfm",
+ "index": 1,
+ "offset": "0x80000",
+ "size": "0x20000",
+ "prot_mask": 31,
+ "pfm": 1,
+ "hash": 0,
+ "compress": 0
+ },
+ {
+ "name": "u-boot-env",
+ "index": 2,
+ "offset": "0xa0000",
+ "size": "0x20000",
+ "prot_mask": 29,
+ "pfm": 1,
+ "hash": 0,
+ "compress": 0
+ },
+ {
+ "name": "sofs",
+ "index": 3,
+ "offset": "0xc0000",
+ "size": "0x200000",
+ "prot_mask": 29,
+ "pfm": 1,
+ "hash": 0,
+ "compress": 0
+ },
+ {
+ "name": "rwfs",
+ "index": 4,
+ "offset": "0x2c0000",
+ "size": "0x840000",
+ "prot_mask": 29,
+ "pfm": 1,
+ "hash": 0,
+ "compress": 0
+ },
+ {
+ "name": "fit-image-a",
+ "index": 5,
+ "offset": "0xb00000",
+ "size": "0x1f00000",
+ "prot_mask": 31,
+ "pfm": 1,
+ "hash": 1,
+ "compress": 1
+ }
+ ]
+}
\ No newline at end of file diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py new file mode 100755 index 000000000..e1a23c172 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py @@ -0,0 +1,311 @@ +#/usr/bin/env python3 +# coding: utf-8 +# our image is contained as parts, including the hash +# then it gets zipped up and signed again + +# this internal signature is for boot and recovery, but +# will be checked prior to writing to flash as well. + +# the internal signature format is a PFR-specific block +# including a hash bitmap, certificates (public keys), +# and the actual signature data as well, for both active +# and recovery images + +# TODO: figure out if active and recovery actually have different sigs +# TODO: build hashmap from payload manifest +# TODO: figure out exact struct layout for PFR metadata + +import os, hashlib, struct, json, sys, subprocess, mmap, io, array, binascii, copy, shutil, re +from array import array +from binascii import unhexlify +from six import b, print_, binary_type +from hashlib import sha1, sha256, sha512 +from shutil import copyfile +# Flash Map +# ----------------------------------------------- +# Start addr Contents +# 0x00000000 S U-Boot +# 0x00080000 S+ PFM +# 0x000a0000 U U-boot Env +# 0x000C0000 U SOFS +# 0x002c0000 U RWFS +# 0x00b00000 S fit-image +# 0x02a00000 S+ rc-image +# 0x04a00000 U staging-image +# * partially signed (not full 64k page) +# + unsigned, owned by pfr + +# TODO: The below defines should go to manifest files. +# Keeping it here hard coded for now. +# The pages to be skipped for HASH and PBC +# Pages: 0x80 to 0xaff - starting PFM region until fit-image +# Pages: 0x2a00 to 0x7FFF - starting RC-image until end of flash +EXCLUDE_PAGES =[[0x80, 0xaff],[0x2a00,0x7fff]] + +# SPI PFM globals +PFM_OFFSET = 0x80000 +PFM_SPI = 0x1 +SHA256 = 0x1 +SHA256_SIZE = 32 +PFM_DEF_SIZE = 16 +PFM_SPI_SIZE_DEF = 16 # 16 bytes of SPI PFM +PFM_SPI_SIZE_HASH = 32 # 32 bytes of SPI region HASH + +PAGE_SIZE = 0x1000 # 4KB size of page + +def load_manifest(fname): + manifest = {} + with open(fname, 'r') as fd: + manifest = json.load(fd) + return manifest + +class pfm_spi(object): + + def __init__(self, prot_mask, start_addr, end_addr, hash, hash_pres): + self.pfm = PFM_SPI + self.prot_mask = prot_mask + self.hash_pres = hash_pres + if hash_pres == 1: + self.spi_hash = hash + self.pfm_rsvd = 0xffffffff #b'\xff'*4 + self.start_addr = start_addr + self.end_addr = end_addr + + +class pfr_bmc_image(object): + +# json_file, update_file + def __init__(self, manifest, update_file, build_ver, build_num, build_hash): + + self.manifest = load_manifest(manifest) + self.update_file = update_file + self.build_version = build_ver + self.build_number = build_num + self.build_hash = build_hash + + self.pfr_rom_file = 'image-mtd-pfr' + open(self.pfr_rom_file, 'a').close() + + self.page_size = PAGE_SIZE + self.empty = b'\xff' * self.page_size + + self.image_parts = [] + for p in self.manifest['image-parts']: + # the json should have in the order- filename, index, offset, size and protection byte + self.image_parts.append((p['name'], p['index'], p['offset'], p['size'], p['prot_mask'], p['pfm'], p['hash'], p['compress'])) + print(self.image_parts) + + self.act_dgst = hashlib.sha256() + + # SPI regions PFM array + self.pfm_spi_regions = [] + self.pfm_bytes = PFM_DEF_SIZE # PFM definition bytes (SPI regions + SMBUS) + + # hash, erase and compression bit maps for 128MB + self.pbc_erase_bitmap = bytearray(4096) + self.pbc_comp_bitmap = bytearray(4096) + + self.pbc_comp_payload = 0 + self.sec_rev = 1 + + # fill in the calculated data + self.hash_and_map() + + def hash_compress_regions(self, p, upd): + + # JSON format as below + # 0. "name": <image region name> + # 1. "index": 1, + # 2. "offset": <start addr>, + # 3. "size": <size of the region>, + # 4. "prot_mask": <PFR protection mask>, + # 5. "pfm": <1|0 -add in PFM or not>, + # 6. "hash": <hashing of the region needed>, + # 7. "compress": <region to be compressed> + + image_name = p[0] + start_addr = int(p[2],16) #image part start address + size = int(p[3],16) #size of the image part + pfm_prot_mask = p[4] # pfm protection mask + pfm_flag = p[5] # pfm needed? + hash_flag = p[6] #to be hashed? + compress = p[7] #compress flag + index = p[1] # image part index + # 1 page is 4KB + page = start_addr >> 12 + + if hash_flag == 1: + with open(self.update_file, "rb") as f: + f.seek(start_addr) + skip = False + # HASH for the region + hash_dgst = hashlib.sha256() + for chunk in iter(lambda: f.read(self.page_size), b''): + chunk_len = len(chunk) + if chunk_len != self.page_size: + chunk = b''.join([chunk, b'\xff' * (self.page_size - chunk_len)]) + + for p in EXCLUDE_PAGES: + if (page >= p[0]) and (page <= p[1]): + print("Exclude page={}".format(page)) + skip = True + break + + if not skip: + # add to the hash + self.act_dgst.update(chunk) + hash_dgst.update(chunk) + self.pbc_erase_bitmap[page >> 3] |= 1 << (7- (page % 8)) # Big endian bit map + + if compress == 1: + # add to the pbc map + if chunk != self.empty: + print("compressed page ={}".format(page)) + upd.write(chunk) + self.pbc_comp_bitmap[page >> 3] |= 1 << (7- (page % 8)) # Big Endian bit map + self.pbc_comp_payload += chunk_len # compressed payload bytes + + page += 1 + + if (page * self.page_size) >= (size + start_addr): + break + + if pfm_flag == 1: + self.pfm_bytes += PFM_SPI_SIZE_DEF + + hash = b'\x00' * 32 + hash_pres = 0 + + if hash_flag == 1: + # region's hash + hash = hash_dgst.hexdigest() + hash_pres = SHA256 + self.pfm_bytes += PFM_SPI_SIZE_HASH + + # append to SPI regions in PFM + self.pfm_spi_regions.append(pfm_spi(pfm_prot_mask, start_addr, (start_addr+size), hash, hash_pres)) + + def hash_and_map(self): + + # have copy of the update file for appending with PFR meta and compression + copyfile(self.update_file, self.pfr_rom_file) + with open("bmc_compressed.bin", "wb+") as upd: + for p in self.image_parts: + #filename, index, offset, size, protection. + print(p[0], p[1], p[2], p[3], p[4]) + self.hash_compress_regions(p, upd) + + # Generate PFM region binary - pfm.bin + self.build_pfm() + print("PFM build done") + + # Generate PBC region - pbc.bin + self.pbc_hdr() + print("PBC build done") + + def pbc_hdr(self): + ''' + typedef struct { + uint8_t tag[4]; /* PBC tag */ + uint32_t version; /* PBC Version- 0x0000_0002 */ + uint32_t page_size; /* NOR Flash page size = 0x0000_1000 */ + uint32_t pattern_size; /* 0xFF as pattern 1byte = 0x0000_0001 */ + uint32_t pattern; /* 0xFF pattern = 0x0000_00FF */ + uint32_t bitmap_size; /* 32768 pages for 128MB- 0x0000_8000 */ + uint32_t payload_length /* payload */ + uint8_t reserved[100]; /* Reserved 100bytes */ + uint8_t erase_bitmap[4096]; /* erase bit map for 32768 pages */ + uint8_t comp_bitmap[4096]; /* compression bit map for 32768 pages */ + uint8_t comp_payload; /* compressed payload */ + ''' + names = [ + 'tag', 'pbc_ver', 'page_sz', 'pattern_sz', 'pattern', 'bitmap_sz', + 'payload_size', 'resvd0', 'erase_bitmap', 'comp_bitmap', + ] + parts = { + 'tag': b'CBP_', + 'pbc_ver': struct.pack('<i',0x00000002), + 'page_sz': struct.pack('<i',0x00001000), + 'pattern_sz': struct.pack('<i',0x00000001), + 'pattern': struct.pack('<i',0x000000FF), + 'bitmap_sz': struct.pack('<i',0x00008000), + 'payload_size': struct.pack('<i',self.pbc_comp_payload), + 'resvd0' : b'\x00'*100, + 'erase_bitmap': bytes(self.pbc_erase_bitmap), + 'comp_bitmap': bytes(self.pbc_comp_bitmap), + } + + with open("pbc.bin", "wb+") as pbf: + pbf.write(b''.join([parts[n] for n in names])) + pbf.seek(0) # rewind to beginning of PBC file + self.act_dgst.update(pbf.read()) # add up PBC data for hashing + + def build_pfm(self): + ''' + typedef struct { + uint32_t tag; /* PFM_HDR_TAG above, no terminating null */ + uint8_t sec_revision; /* SVN- security revision of associated image data */ + uint8_t pfm_ver_major; /* PFM revision */ + uint8_t pfm_ver_minor; + uint8_t build_num; + uint8_t build_hash[3]; + uint8_t reserved0; /* reserved */ + uint32_t pfm_length; /* PFM size in bytes */ + pfm_spi pfm_spi[2]; /* PFM SPI regions - u-boot & fit-image */ + pfm_smbus pfm_smbus[4]; /* defined smbus rules for PSUs and HSBP */ + } __attribute__((packed)) pfm_hdr; + ''' + names = [ + 'tag', 'sec_rev', 'pfm_ver_major', 'pfm_ver_minor', 'build_num', 'build_hash1', 'build_hash2', 'build_hash3', 'resvd0', 'pfm_len', + ] + parts = { + 'tag': struct.pack("<I", 0x02b3ce1d), + 'sec_rev': struct.pack('<B', self.sec_rev), + 'pfm_ver_major': struct.pack('<B', ((int(self.build_version) >> 8) & 0xff)), + 'pfm_ver_minor': struct.pack('<B', (int(self.build_version) & 0x00ff)), + 'build_num': struct.pack('<B', int(self.build_number,16)), + 'build_hash1': struct.pack('<B', int(self.build_hash) & 0xff), + 'build_hash2': struct.pack('<B', (int(self.build_hash) >> 8) & 0xff), + 'build_hash3': struct.pack('<B', (int(self.build_hash) >> 16) & 0xff), + 'resvd0': b'\xff'* 1, + 'pfm_len': '' + } + + # PFM should be 128bytes aligned, find the padding bytes + padding_bytes = 128 - (self.pfm_bytes % 128) + self.pfm_bytes += padding_bytes + parts['pfm_len'] = struct.pack('<I', self.pfm_bytes) + print("PFM size={}".format(self.pfm_bytes)) + + with open("pfm.bin", "wb+") as f: + f.write(b''.join([parts[n] for n in names])) + for i in self.pfm_spi_regions: + f.write(struct.pack('b', int(i.pfm))) + f.write(struct.pack('b', int(i.prot_mask))) + f.write(struct.pack('h', int(i.hash_pres))) + f.write(struct.pack('<I', int(i.pfm_rsvd))) + f.write(struct.pack('<I', int(i.start_addr))) + f.write(struct.pack('<I', int(i.end_addr))) + + if i.hash_pres == 1: + f.write(i.spi_hash.decode('hex')) + + # write the padding bytes at the end + f.write(b'\xff' * padding_bytes) + +def main(): + if len(sys.argv) != 6: #< pfr_image.py manifest.json> <update.bin> <build_version> <build_number> <build_hash> + print('usage: {} <manifest.json> <update.bin> <build_version> <build_number> <build_hash>'.format(sys.argv[0])) + return + + json_file = sys.argv[1] + update_file = sys.argv[2] + build_ver = sys.argv[3] + build_num = sys.argv[4] + build_hash = sys.argv[5] + + # function to generate BMC PFM, PBC header and BMC compressed image + pfr_bmc_image(json_file, update_file, build_ver, build_num, build_hash) + +if __name__ == '__main__': + main() diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem new file mode 100644 index 000000000..9e8616795 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHVbq5CmT4Vr4Jb0eJK0+KhUxDOWy1kh9QYAClV5MH1GoAoGCCqGSM49 +AwEHoUQDQgAEZUL6ZcF0YN590Pq/bKPYjfa3F4E44XiKcqvS6+l2GfSdCLRhXWHw +iV803vFkTsZ1CfpzFdZGwfbwg7nvG5UpSQ== +-----END EC PRIVATE KEY----- diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem new file mode 100644 index 000000000..117e08bae --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZUL6ZcF0YN590Pq/bKPYjfa3F4E4 +4XiKcqvS6+l2GfSdCLRhXWHwiV803vFkTsZ1CfpzFdZGwfbwg7nvG5UpSQ== +-----END PUBLIC KEY----- diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/intel-pfr-manager_git.bb b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/intel-pfr-manager_git.bb new file mode 100644 index 000000000..ebebe43bb --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/intel-pfr-manager_git.bb @@ -0,0 +1,22 @@ +SUMMARY = "Intel PFR Manager Service" +DESCRIPTION = "Daemon to handle all PFR functionalities" + +PV = "1.0+git${SRCPV}" + +S = "${WORKDIR}/git/intel-pfr-manager" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" + +SRC_URI = "git://git@github.com/Intel-BMC/provingground.git;protocol=ssh" +SRCREV = "4611d8dcba0c0dc92156bbafdb50607aaff122ab" + +inherit cmake systemd +SYSTEMD_SERVICE_${PN} = "xyz.openbmc_project.Intel.PFR.Manager.service" + +DEPENDS += " \ + sdbusplus \ + phosphor-logging \ + boost \ + i2c-tools \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bb b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bb new file mode 100644 index 000000000..ee2cc3934 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bb @@ -0,0 +1,38 @@ +SUMMARY = "Intel PFR manifest and signing key for development and testing"
+DESCRIPTION = "Do not use this signing keys to sign CI and release images."
+
+PR = "r1"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658"
+
+inherit native
+
+PFR_KEY_NAME ?= "pfr-dev-key"
+PFR_SIGN_UTIL ?= "blocksign"
+
+SRC_URI = " \
+ file://pfr_image-manifest.json \
+ file://pfr_image.py \
+ file://blocksign \
+ file://pfm_config.xml \
+ file://bmc_config.xml \
+ file://csk_prv.pem \
+ file://csk_pub.pem \
+ file://rk_pub.pem \
+ file://rk_prv.pem \
+ "
+
+do_install() {
+ bbplain "Copying the intel pfr image generation scripts and image signing keys"
+
+ install -d ${STAGING_DIR}/intel-pfr-files
+ install -m 400 ${WORKDIR}/pfr_image-manifest.json ${STAGING_DIR}/intel-pfr-files
+ install -m 775 ${WORKDIR}/blocksign ${STAGING_DIR}/intel-pfr-files
+ install -m 400 ${WORKDIR}/pfm_config.xml ${STAGING_DIR}/intel-pfr-files
+ install -m 400 ${WORKDIR}/bmc_config.xml ${STAGING_DIR}/intel-pfr-files
+ install -m 775 ${WORKDIR}/pfr_image.py ${STAGING_DIR}/intel-pfr-files
+ install -m 400 ${WORKDIR}/csk_prv.pem ${STAGING_DIR}/intel-pfr-files/
+ install -m 400 ${WORKDIR}/csk_pub.pem ${STAGING_DIR}/intel-pfr-files/
+ install -m 400 ${WORKDIR}/rk_pub.pem ${STAGING_DIR}/intel-pfr-files/
+ install -m 400 ${WORKDIR}/rk_prv.pem ${STAGING_DIR}/intel-pfr-files/
+}
|