scottk/meta-tegra
1
0
Fork 0
mirror of https://github.com/lingble/meta-tegra.git synced 2025-10-29 19:42:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

tegra-helper-scripts: fix RCM boot blob signing

Browse Source 
With L4T R36.4, the odmsign.func script now supports signing
the RCM boot blob used for the initrd-based flashing process.
While the initrd-flash script was updated to handle this, more
changes are needed to handle signing all binaries during the
build.

* Update the flash helper script to run signing on the RCM
  boot blob when needed.

* Update the initrd-flash script to drop the extra helper
  invocation for signing the RCM boot blob, since that is
  now covered with the normal signing step for the internal
  flash. And when pre-signed, initrd-flash just looks for
  the RCM boot blob in the subdirectory now created during
  build-time signing.

Signed-off-by: Matt Madison <matt@madison.systems>
This commit is contained in:
Matt Madison
2025-01-11 09:05:56 -08:00
committed by Matt Madison
parent 09fdbac034
commit 1a91c5168d
2 changed files with 73 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
recipes-bsp/tegra-binaries/tegra-helper-scripts/initrd-flash.sh
View File

@@ -128,22 +128,7 @@ copy_signed_binaries() {
done < <("$here/nvflashxmlparse" -t boot "$signdir/$xmlfile"; "$here/nvflashxmlparse" -t rootfs "$signdir/$xmlfile") done < <("$here/nvflashxmlparse" -t boot "$signdir/$xmlfile"; "$here/nvflashxmlparse" -t rootfs "$signdir/$xmlfile")
} }
sign_binaries() { create_rcm_boot_script() {
if [ -n "$PRESIGNED" ]; then
cp doflash.sh flash_signed.sh
if ! copy_bootloader_files bootloader_staging; then
return 1
fi
return 0
fi
if [ -z "$BOARDID" -o -z "$FAB" ]; then
wait_for_rcm
fi
rm -rf rcmboot_blob
if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU serial_number=$serial_number \
BOOTCONTROL_OVERLAYS=L4TConfiguration-rcmboot.dtbo \
"$here/$FLASH_HELPER" --no-flash --rcm-boot -u "$keyfile" -v "$sbk_keyfile" $instance_args \
flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA initrd-flash.img $ROOTFS_IMAGE; then
ln -sf "$here/tegrarcm_v2" rcmboot_blob/ ln -sf "$here/tegrarcm_v2" rcmboot_blob/
cat > rcm-boot.sh <<EOF cat > rcm-boot.sh <<EOF
oldwd="\$PWD" oldwd="\$PWD"
@@ -154,16 +139,36 @@ EOF
cd "\$oldwd" cd "\$oldwd"
EOF EOF
chmod +x rcm-boot.sh chmod +x rcm-boot.sh
else }
sign_binaries() {
if [ -n "$PRESIGNED" ]; then
cp doflash.sh flash_signed.sh
if ! copy_bootloader_files bootloader_staging; then
return 1 return 1
fi fi
. ./boardvars.sh if [ -e rcm-boot.sh ]; then
return 0
fi
if [ ! -e rcmboot_blob/rcmbootcmd.txt ]; then
echo "ERR: missing RCM boot blob in pre-signed binaries" >&2
return 1
fi
create_rcm_boot_script
return 0
fi
if [ -z "$BOARDID" -o -z "$FAB" ]; then
wait_for_rcm
fi
rm -rf rcmboot_blob
if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU serial_number=$serial_number \ if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU serial_number=$serial_number \
"$here/$FLASH_HELPER" --no-flash --sign -u "$keyfile" -v "$sbk_keyfile" $instance_args \ "$here/$FLASH_HELPER" --no-flash --sign -u "$keyfile" -v "$sbk_keyfile" $instance_args \
flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then
cp flashcmd.txt flash_signed.sh cp flashcmd.txt flash_signed.sh
sed -i -e's,--cfg secureflash.xml,--cfg internal-secureflash.xml,g' flash_signed.sh sed -i -e's,--cfg secureflash.xml,--cfg internal-secureflash.xml,g' flash_signed.sh
mv secureflash.xml internal-secureflash.xml mv secureflash.xml internal-secureflash.xml
create_rcm_boot_script
else else
return 1 return 1
fi fi
@@ -171,6 +176,7 @@ EOF
return 1 return 1
fi fi
if [ -e external-flash.xml.in ]; then if [ -e external-flash.xml.in ]; then
. ./boardvars.sh
if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU \ if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU \
"$here/$FLASH_HELPER" --no-flash --sign --external-device -u "$keyfile" -v "$sbk_keyfile" $instance_args \ "$here/$FLASH_HELPER" --no-flash --sign --external-device -u "$keyfile" -v "$sbk_keyfile" $instance_args \
external-flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then external-flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then

84
recipes-bsp/tegra-binaries/tegra-helper-scripts/tegra-flash-helper.sh
View File

@@ -52,7 +52,7 @@ get_value_from_PT_table() {
echo "ERR: unsupported flash layout field: $field" >&2 echo "ERR: unsupported flash layout field: $field" >&2
return 1 return 1
fi fi
local value=$("$here/nvflashxmlparse" --get-filename "$partname" "$layoutfile") local value=$("$here/nvflashxmlparse" --get-filename "$partname" "$layoutfile" 2>/dev/null)
eval "$varname=\"$value\"" eval "$varname=\"$value\""
} }
@@ -176,28 +176,40 @@ if [ -z "$CHIPID" ]; then
exit 1 exit 1
fi fi
rcm_bootcontrol_overlay="L4TConfiguration-rcmboot.dtbo" [ -n "$RCMBOOT_KERNEL" ] || RCMBOOT_KERNEL="initrd-flash.img"
if [ $rcm_boot -eq 1 -a $to_sign -eq 0 ]; then
overlay_dtb_files="$rcm_bootcontrol_overlay" if [ $external_device -eq 0 ]; then
also_sign_rcmboot=1
else else
overlay_dtb_files="$BOOTCONTROL_OVERLAYS" also_sign_rcmboot=0
fi fi
if [ -z "$overlay_dtb_files" ]; then
overlay_dtb_files="$PLUGIN_MANAGER_OVERLAYS" rcm_bootcontrol_overlay="L4TConfiguration-rcmboot.dtbo"
elif [ -n "$PLUGIN_MANAGER_OVERLAYS" ]; then
overlay_dtb_files="$overlay_dtb_files,$PLUGIN_MANAGER_OVERLAYS" non_bootcontrol_overlays="$PLUGIN_MANAGER_OVERLAYS"
fi if [ -z "$non_bootcontrol_overlays" ]; then
if [ -z "$overlay_dtb_files" ]; then non_bootcontrol_overlays="$OVERLAY_DTB_FILE"
overlay_dtb_files="$OVERLAY_DTB_FILE"
elif [ -n "$OVERLAY_DTB_FILE" ]; then elif [ -n "$OVERLAY_DTB_FILE" ]; then
overlay_dtb_files="$overlay_dtb_files,$OVERLAY_DTB_FILE" non_bootcontrol_overlays="$non_bootcontrol_overlays,$OVERLAY_DTB_FILE"
fi fi
[ -z "$non_bootcontrol_overlays" ] || non_bootcontrol_overlays=",$non_bootcontrol_overlays"
if [ $rcm_boot -ne 0 -a $to_sign -eq 0 ]; then
overlay_dtb_files="$rcm_bootcontrol_overlay$non_bootcontrol_overlays"
also_sign_rcmboot=0
else
overlay_dtb_files="$BOOTCONTROL_OVERLAYS$non_bootcontrol_overlays"
fi
overlay_dtb_arg= overlay_dtb_arg=
rcm_overlay_dtb_arg=
if [ -n "$overlay_dtb_files" ]; then if [ -n "$overlay_dtb_files" ]; then
overlay_dtb_arg="--overlay_dtb $overlay_dtb_files" overlay_dtb_arg="--overlay_dtb $overlay_dtb_files"
rcm_overlay_dtb_arg="--overlay_dtb $rcmbootcontrol_overlay$non_bootcontrol_overlays"
fi fi
if [ -n "$DCE_OVERLAY" ]; then if [ -n "$DCE_OVERLAY" ]; then
overlay_dtb_arg="$overlay_dtb_arg --dce_overlay_dtb $DCE_OVERLAY" overlay_dtb_arg="$overlay_dtb_arg --dce_overlay_dtb $DCE_OVERLAY"
rcm_ovleray_dtb_arg="$rcm_overlay_dtb_arg --dce_overlay_dtb $DCE_OVERLAY"
fi fi
fuselevel="fuselevel_production" fuselevel="fuselevel_production"
@@ -573,8 +585,9 @@ if [ -f "$custinfo_out" ]; then
custinfo_args="--cust_info $custinfo_out" custinfo_args="--cust_info $custinfo_out"
fi fi
binsargs_params=
if [ "$CHIPID" = "0x23" ]; then if [ "$CHIPID" = "0x23" ]; then
BINSARGS="psc_fw pscfw_t234_prod.bin; \ binsargs_params="psc_fw pscfw_t234_prod.bin; \
mts_mce mce_flash_o10_cr_prod.bin; \ mts_mce mce_flash_o10_cr_prod.bin; \
mb2_applet applet_t234.bin; \ mb2_applet applet_t234.bin; \
mb2_bootloader mb2_t234.bin; \ mb2_bootloader mb2_t234.bin; \
@@ -606,12 +619,11 @@ eks eks.img"
--mb2bct_cfg $MB2BCT_CFG \ --mb2bct_cfg $MB2BCT_CFG \
--bldtb $TBCDTB_FILE \ --bldtb $TBCDTB_FILE \
--concat_cpubl_bldtb \ --concat_cpubl_bldtb \
--cpubl uefi_jetson.bin \ --cpubl uefi_jetson.bin"
$overlay_dtb_arg $custinfo_args"
fi fi
if [ $rcm_boot -ne 0 ]; then if [ $rcm_boot -ne 0 -a $to_sign -eq 0 ]; then
BINSARGS="$BINSARGS; kernel $kernfile; kernel_dtb $kernel_dtbfile" binsargs_params="$binsargs_params; kernel $kernfile; kernel_dtb $kernel_dtbfile"
fi fi
if [ $bup_blob -ne 0 -o $to_sign -ne 0 -o "$sdcard" = "yes" -o $external_device -eq 1 ]; then if [ $bup_blob -ne 0 -o $to_sign -ne 0 -o "$sdcard" = "yes" -o $external_device -eq 1 ]; then
@@ -659,7 +671,7 @@ if [ $want_signing -eq 1 ]; then
tbcdtbfilename="$TBCDTB_FILE" tbcdtbfilename="$TBCDTB_FILE"
bpfdtbfilename="$BPFDTB_FILE" bpfdtbfilename="$BPFDTB_FILE"
localbootfile="$kernfile" localbootfile="$kernfile"
BINSARGS="--bins \"$BINSARGS\"" BINSARGS="--bins \"$binsargs_params\""
BCT="--sdram_config" BCT="--sdram_config"
boot_chain_select="A" boot_chain_select="A"
if [ "$CHIPID" = "0x23" ]; then if [ "$CHIPID" = "0x23" ]; then
@@ -675,7 +687,7 @@ if [ $want_signing -eq 1 ]; then
BL_DIR="." BL_DIR="."
bctfilename=$(echo $sdramcfg_files | cut -d, -f1) bctfilename=$(echo $sdramcfg_files | cut -d, -f1)
bctfile1name=$(echo $sdramcfg_files | cut -d, -f2) bctfile1name=$(echo $sdramcfg_files | cut -d, -f2)
BCTARGS="$bctargs --bct_backup" BCTARGS="$bctargs $overlay_dtb_arg $custinfo_args --bct_backup"
L4T_CONF_DTBO="L4TConfiguration.dtbo" L4T_CONF_DTBO="L4TConfiguration.dtbo"
rootfs_ab=0 rootfs_ab=0
gen_rcmdump=0 gen_rcmdump=0
@@ -687,22 +699,24 @@ if [ $want_signing -eq 1 ]; then
--cfg flash.xml \ --cfg flash.xml \
--bct_backup \ --bct_backup \
--boot_chain A \ --boot_chain A \
$bctargs $ramcodeargs $extdevargs $sparseargs $BINSARGS" $bctargs $overlay_dtb_arg $custinfo_args $ramcodeargs $extdevargs $sparseargs $BINSARGS"
FBARGS="--cmd \"$tfcmd\"" FBARGS="--cmd \"$tfcmd\""
. "$here/odmsign.func" . "$here/odmsign.func"
(odmsign_ext_sign_and_flash) || exit 1 (odmsign_ext_sign_and_flash) || exit 1
if [ "$CHIPID" = "0x23" ]; then if [ $also_sign_rcmboot -ne 0 ]; then
cp uefi_jetson.bin rcmboot_uefi_jetson.bin BCTARGS="$bctargs $rcm_overlay_dtb_arg $custinfo_args --bct_backup"
rcm_overlay_dtbs="$rcm_bootcontrol_overlay" L4T_CONF_DTBO="$rcm_bootcontrol_overlay"
if [ -n "$PLUGIN_MANAGER_OVERLAYS" ]; then BINSARGS="--bins \"$binsargs_params; kernel $RCMBOOT_KERNEL; kernel_dtb $kernel_dtbfile\""
rcm_overlay_dtbs="$rcm_overlay_dtbs,$PLUGIN_MANAGER_OVERLAYS" FLASHARGS="--chip 0x23 --bl uefi_jetson_with_dtb.bin \
fi --sdram_config $sdramcfg_files \
if [ -n "$OVERLAY_DTB_FILE" ]; then --odmdata $odmdata \
rcm_overlay_dtbs="$rcm_overlay_dtbs,$OVERLAY_DTB_FILE" --applet mb1_t234_prod.bin \
fi --cmd \"$tfcmd\" $skipuid \
rcmbootsigncmd="python3 $flashappname $keyargs --chip 0x23 --odmdata $odmdata --bldtb $TBCDTB_FILE --concat_cpubl_bldtb --overlay_dtb $rcm_overlay_dtbs \ --cfg flash.xml \
--cmd \"sign rcmboot_uefi_jetson.bin bootloader_stage2 A_cpu-bootloader\"" --bct_backup \
eval $rcmbootsigncmd || exit 1 --boot_chain A \
$bctargs $rcm_overlay_dtb_arg $custinfo_args $ramcodeargs $extdevargs $sparseargs $BINSARGS"
(rcm_boot=1 odmsign_ext_sign_and_flash) || exit 1
fi fi
if [ $bup_blob -eq 0 -a $no_flash -ne 0 ]; then if [ $bup_blob -eq 0 -a $no_flash -ne 0 ]; then
if [ -f flashcmd.txt ]; then if [ -f flashcmd.txt ]; then
@@ -727,8 +741,8 @@ else
--cfg flash.xml \ --cfg flash.xml \
--bct_backup \ --bct_backup \
--boot_chain A \ --boot_chain A \
$bctargs $extdevargs $sparseargs \ $bctargs $overlay_dtb_arg $custinfo_args $extdevargs $sparseargs \
--bins \"$BINSARGS\"" --bins \"$binsargs_params\""
fi fi
if [ $bup_blob -ne 0 ]; then if [ $bup_blob -ne 0 ]; then