From af5e4ef732faedf66c6dc1756432e9de2ac72988 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Fri, 16 Oct 2020 10:22:50 -0500
Subject: poky: subtree update:b23aa6b753..ad30a6d470

Armin Kuster (1):
      timezone: update to 2020b

Bruce Ashfield (7):
      linux-yocto/5.4: fix kprobes build warning
      linux-yocto/5.4: update to v5.4.67
      linux-yocto/5.8: update to v5.8.11
      linux-yocto/5.4: update to v5.4.68
      linux-yocto/5.8: update to v5.8.12
      linux-yocto/5.4: update to v5.4.69
      linux-yocto/5.8: update to v5.8.13

Fabio Berton (1):
      weston-init: Add environment file support for systemd unit file

Jon Mason (5):
      armv8/tunes: Move TUNECONFLICTS
      armv8/tunes: reference parent's TUNE_FEATURES
      armv8/tunes: Add tunes for supported ARMv8a cores
      armv8/tunes: Add tunes for supported ARMv8.2a cores
      tune-cortexa32: fix cortexa32 tune

Joshua Watt (2):
      classes/sanity: Bump minimum python version to 3.5
      classes/waf: Add build and install arguments

Khem Raj (3):
      systemd: Use ROOTPREFIX without suffixed slash in systemd.pc.in
      musl: Update to master
      strace: Fix value of IPPROTO_MAX

Martin Jansa (3):
      base.bbclass: use os.path.normpath instead of just comparing WORKDIR and S as strings
      mtd-utils: don't use trailing slash in S
      base.bbclass: warn when there is trailing slash in S or B variables

Michael Thalmeier (1):
      IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation

Naoki Hayama (3):
      uninative: Fix typo in error message
      local.conf.sample: Fix comment typo
      local.conf.sample.extended: Fix comment typo

Naveen Saini (2):
      linux-yocto: update genericx86* SRCREV for 5.4
      linux-yocto: update genericx86* SRCREV for 5.8

Nicolas Dechesne (8):
      bitbake: docs: ref-variables: add links to terms in glossary
      bitbake: docs: sphinx: replace special quotes with double quotes
      bitbake: docs: update README file after migrationg to Sphinx
      bitbake: docs: sphinx: report errors when dependencies are not met
      bitbake: sphinx: remove DocBook files
      bitbake: sphinx: rename Makefile.sphinx
      sphinx: remove DocBook files
      sphinx: rename Makefile.sphinx

Peter Kjellerstedt (1):
      tune-cortexa65.inc: Correct TUNE_FEATURES_tune-cortexa65

Quentin Schulz (4):
      docs: ref-manual: ref-variables: fix one-letter pointer links in glossary
      docs: ref-manual: ref-variables: fix alphabetical order in glossary
      docs: ref-manual: ref-variables: add links to terms in glossary
      bitbake: docs: static: theme_overrides.css: fix responsive design on <640px screens

Richard Purdie (25):
      glibc: do_stash_locale must not delete files from ${D}
      libtools-cross/shadow-sysroot: Use nopackages inherit
      pseudo: Ignore mismatched inodes from the db
      pseudo: Add support for ignoring paths from the pseudo DB
      pseudo: Abort on mismatch patch
      psuedo: Add tracking of linked files for fds
      pseudo: Fix xattr segfault
      pseudo: Add may unlink patch
      pseudo: Add pathfix patch
      base/bitbake.conf: Enable pseudo path filtering
      wic: Handle new PSEUDO_IGNORE_PATHS variable
      pseudo: Fix statx function usage
      bitbake.conf: Extend PSEUDO_IGNORE_PATHS to ${COREBASE}/meta
      docs: Fix license CC-BY-2.0-UK -> CC-BY-SA-2.0-UK
      abi_version,sanity: Tell users TMPDIR must be clean after pseudo changes
      pseudo: Update to account for patches merged on branch
      pseudo: Upgrade to include mkostemp64 wrapper
      poky.conf: Drop OELAYOUT_ABI poking
      bitbake: command: Ensure exceptions inheriting from BBHandledException are visible
      bitbake: tinfoil: When sending commands we need to process events
      scripts/oe-build-perf-report: Allow operation with no buildstats
      oe-build-perf-report: Ensure correct data is shown for multiple branch options
      skeleton/baremetal-helloworld: Fix trailing slash
      oeqa/selftest/runtime_test: Exclude gpg directory from pseudo database
      bitbake: process: Show command exceptions in the server log as well

Ross Burton (10):
      bjam-native: don't do debug builds
      coreutils: improve coreutils-ptest RDEPENDS
      parted: improve ptest
      devtool: remove unused variable
      selftest: skip npm tests if nodejs-native isn't available
      selftest: add test for recipes with patches in overrides
      devtool: fix modify with patches in override directories
      boost: build a standalone boost.build
      boost: don't specify gcc version
      boost: consolidate and update library list

Usama Arif (1):
      kernel-fitimage: generate openssl RSA keys for signing fitimage

Victor Kamensky (2):
      qemu: add 34Kf-64tlb fictitious cpu type
      qemumips: use 34Kf-64tlb CPU emulation

Yann Dirson (1):
      rngd: fix --debug to also filter syslog() calls

Yoann Congal (1):
      bitbake-bblayers/create: Make the example recipe print its message

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I7139cb04b43f722a2118df5346a7a22a13c6a240
---
 poky/meta/classes/kernel-fitimage.bbclass | 44 +++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'poky/meta/classes/kernel-fitimage.bbclass')

diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass
index fa4ea6fee..bb2f3c4cc 100644
--- a/poky/meta/classes/kernel-fitimage.bbclass
+++ b/poky/meta/classes/kernel-fitimage.bbclass
@@ -56,6 +56,22 @@ FIT_HASH_ALG ?= "sha256"
 # fitImage Signature Algo
 FIT_SIGN_ALG ?= "rsa2048"
 
+# Generate keys for signing fitImage
+FIT_GENERATE_KEYS ?= "0"
+
+# Size of private key in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
 #
 # Emit the fitImage ITS header
 #
@@ -522,6 +538,34 @@ do_assemble_fitimage_initramfs() {
 
 addtask assemble_fitimage_initramfs before do_deploy after do_bundle_initramfs
 
+do_generate_rsa_keys() {
+	if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
+		bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they won't be used."
+	fi
+
+	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then
+
+		# Generate keys only if they don't already exist
+		if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \
+			[ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt]; then
+
+			# make directory if it does not already exist
+			mkdir -p "${UBOOT_SIGN_KEYDIR}"
+
+			echo "Generating RSA private key for signing fitImage"
+			openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
+				"${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+				"${FIT_SIGN_NUMBITS}"
+
+			echo "Generating certificate for signing fitImage"
+			openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
+				-key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+				-out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
+		fi
+	fi
+}
+
+addtask generate_rsa_keys before do_assemble_fitimage after do_compile
 
 kernel_do_deploy[vardepsexclude] = "DATETIME"
 kernel_do_deploy_append() {
-- 
cgit v1.2.3