diff options
author | Jamin Lin <jamin_lin@aspeedtech.com> | 2021-12-17 10:45:25 +0300 |
---|---|---|
committer | Andrew Jeffery <andrew@aj.id.au> | 2022-02-16 05:25:47 +0300 |
commit | eed879f1c91475c24ba927bf997267bfec7aebe5 (patch) | |
tree | 4517f68501736b43e46ab1e029f2938ca7aabf70 | |
parent | 8c8fb8b83a78870c2555acc33ec4ed91183bcacd (diff) | |
download | openbmc-eed879f1c91475c24ba927bf997267bfec7aebe5.tar.xz |
meta-aspeed: otp: create otp image
1. Add otptool.bbclass to create otp image.
2. Update u-boot recipe to "inherit otptool.bbclass" for
otp image creation in the u-boot tasks.
3. Update socsec tool for SPL and OTP image verification if
verify failed u-boot should be built failed.
4. Use OE logging utilities.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: I0ba5da4d112b49d182bdf2751614afe62850eac3
-rw-r--r-- | meta-aspeed/classes/otptool.bbclass | 60 | ||||
-rw-r--r-- | meta-aspeed/classes/socsec-sign.bbclass | 10 | ||||
-rw-r--r-- | meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb | 1 |
3 files changed, 71 insertions, 0 deletions
diff --git a/meta-aspeed/classes/otptool.bbclass b/meta-aspeed/classes/otptool.bbclass new file mode 100644 index 0000000000..bb766c186c --- /dev/null +++ b/meta-aspeed/classes/otptool.bbclass @@ -0,0 +1,60 @@ +# ASPEED AST2600 devices can use Aspeed's utility 'otptool' +# to create OTP image +# The variables below carry default values to the create_otp() +# function below. +OTPTOOL_CONFIG ?= "" +OTPTOOL_KEY_DIR ?= "" +OTPTOOL_EXTRA_OPTS ?= "" +OTPTOOL_EXTRA_DEPENDS ?= " socsec-native" +DEPENDS += '${@oe.utils.conditional("SOCSEC_SIGN_ENABLE", "1", "${OTPTOOL_EXTRA_DEPENDS}", "", d)}' + +# Creates the OTP image +create_otp_helper() { + if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then + bbwarn "OTP creation is only supported on AST2600 boards" + elif [ ! -e "${OTPTOOL_CONFIG}" ] ; then + bbfatal "Invalid otptool config: ${OTPTOOL_CONFIG}" + elif [ ! -d "${OTPTOOL_KEY_DIR}" ] ; then + bbfatal "Invalid otptool signing key directory: ${OTPTOOL_KEY_DIR}" + else + otptool make_otp_image \ + --key_folder ${OTPTOOL_KEY_DIR} \ + ${OTPTOOL_CONFIG} \ + ${OTPTOOL_EXTRA_OPTS} + + if [ $? -ne 0 ]; then + bbfatal "Generated OTP image failed." + fi + + otptool \ + print \ + ${B}/${CONFIG_B_PATH}/otp-all.image + + if [ $? -ne 0 ]; then + bbfatal "Printed OTP image failed." + fi + + install -m 0644 ${B}/${CONFIG_B_PATH}/otp-* ${DEPLOYDIR} + fi +} + +create_otp() { + mkdir -p ${DEPLOYDIR} + if [ -n "${UBOOT_CONFIG}" ]; then + for config in ${UBOOT_MACHINE}; do + CONFIG_B_PATH="${config}" + cd ${B}/${config} + create_otp_helper + done + else + CONFIG_B_PATH="" + cd ${B} + create_otp_helper + fi +} + +do_deploy:prepend() { + if [ "${SOCSEC_SIGN_ENABLE}" = "1" ] ; then + create_otp + fi +} diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass index 5b90da1184..f46147d748 100644 --- a/meta-aspeed/classes/socsec-sign.bbclass +++ b/meta-aspeed/classes/socsec-sign.bbclass @@ -60,9 +60,19 @@ sign_spl() { fi } +verify_spl_otp() { + socsec verify \ + --sec_image ${DEPLOYDIR}/${SPL_IMAGE} \ + --otp_image ${DEPLOYDIR}/otp-all.image + + if [ $? -ne 0 ]; then + bbfatal "Verified OTP image failed." + fi +} do_deploy:append() { if [ "${SOCSEC_SIGN_ENABLE}" = "1" -a -n "${SPL_BINARY}" ] ; then sign_spl + verify_spl_otp fi } diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb index 575d3876c1..108f8489d2 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb @@ -20,6 +20,7 @@ SOCSEC_SIGN_ALGO ?= "RSA4096_SHA512" SOCSEC_SIGN_EXTRA_OPTS ?= "--stack_intersects_verification_region=false --rsa_key_order=big" inherit socsec-sign +inherit otptool UBOOT_ENV_SIZE:df-phosphor-mmc = "0x10000" UBOOT_ENV:df-phosphor-mmc = "u-boot-env" |