tegra-helper-scripts: fix RCM boot blob signing

With L4T R36.4, the odmsign.func script now supports signing
the RCM boot blob used for the initrd-based flashing process.
While the initrd-flash script was updated to handle this, more
changes are needed to handle signing all binaries during the
build.

* Update the flash helper script to run signing on the RCM
  boot blob when needed.

* Update the initrd-flash script to drop the extra helper
  invocation for signing the RCM boot blob, since that is
  now covered with the normal signing step for the internal
  flash. And when pre-signed, initrd-flash just looks for
  the RCM boot blob in the subdirectory now created during
  build-time signing.

Signed-off-by: Matt Madison <matt@madison.systems>

recipes-bsp/tegra-binaries/tegra-helper-scripts/initrd-flash.sh

@@ -128,42 +128,47 @@ copy_signed_binaries() {
     done < <("$here/nvflashxmlparse" -t boot "$signdir/$xmlfile"; "$here/nvflashxmlparse" -t rootfs "$signdir/$xmlfile")
 }
 
+create_rcm_boot_script() {
+    ln -sf "$here/tegrarcm_v2" rcmboot_blob/
+    cat > rcm-boot.sh <<EOF
+oldwd="\$PWD"
+cd rcmboot_blob
+EOF
+    cat rcmboot_blob/rcmbootcmd.txt >> rcm-boot.sh
+    cat >> rcm-boot.sh <<EOF
+cd "\$oldwd"
+EOF
+    chmod +x rcm-boot.sh
+}
+
 sign_binaries() {
     if [ -n "$PRESIGNED" ]; then
 	cp doflash.sh flash_signed.sh
 	if ! copy_bootloader_files bootloader_staging; then
 	    return 1
 	fi
+	if [ -e rcm-boot.sh ]; then
+	    return 0
+	fi
+	if [ ! -e rcmboot_blob/rcmbootcmd.txt ]; then
+	    echo "ERR: missing RCM boot blob in pre-signed binaries" >&2
+	    return 1
+	fi
+	create_rcm_boot_script
 	return 0
     fi
+
     if [ -z "$BOARDID" -o -z "$FAB" ]; then
 	wait_for_rcm
     fi
     rm -rf rcmboot_blob
-    if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU serial_number=$serial_number \
-	      BOOTCONTROL_OVERLAYS=L4TConfiguration-rcmboot.dtbo \
-	      "$here/$FLASH_HELPER" --no-flash --rcm-boot -u "$keyfile" -v "$sbk_keyfile" $instance_args \
-	      flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA initrd-flash.img $ROOTFS_IMAGE; then
-	    ln -sf "$here/tegrarcm_v2" rcmboot_blob/
-	    cat > rcm-boot.sh <<EOF
-oldwd="\$PWD"
-cd rcmboot_blob
-EOF
-	    cat rcmboot_blob/rcmbootcmd.txt >> rcm-boot.sh
-	    cat >> rcm-boot.sh <<EOF
-cd "\$oldwd"
-EOF
-	    chmod +x rcm-boot.sh
-    else
-	return 1
-    fi
-    . ./boardvars.sh
     if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU serial_number=$serial_number \
 	      "$here/$FLASH_HELPER" --no-flash --sign -u "$keyfile" -v "$sbk_keyfile" $instance_args \
 	      flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then
 	cp flashcmd.txt flash_signed.sh
 	sed -i -e's,--cfg secureflash.xml,--cfg internal-secureflash.xml,g' flash_signed.sh
 	mv secureflash.xml internal-secureflash.xml
+	create_rcm_boot_script
     else
 	return 1
     fi
@@ -171,6 +176,7 @@ EOF
 	return 1
     fi
     if [ -e external-flash.xml.in ]; then
+	. ./boardvars.sh
         if MACHINE=$MACHINE BOARDID=$BOARDID FAB=$FAB BOARDSKU=$BOARDSKU BOARDREV=$BOARDREV CHIPREV=$CHIPREV CHIP_SKU=$CHIP_SKU \
 		  "$here/$FLASH_HELPER" --no-flash --sign --external-device -u "$keyfile" -v "$sbk_keyfile" $instance_args \
 		  external-flash.xml.in $DTBFILE $EMMC_BCTS $ODMDATA $LNXFILE $ROOTFS_IMAGE; then

recipes-bsp/tegra-binaries/tegra-helper-scripts/tegra-flash-helper.sh

@@ -52,7 +52,7 @@ get_value_from_PT_table() {
 	echo "ERR: unsupported flash layout field: $field" >&2
 	return 1
     fi
-    local value=$("$here/nvflashxmlparse" --get-filename "$partname" "$layoutfile")
+    local value=$("$here/nvflashxmlparse" --get-filename "$partname" "$layoutfile" 2>/dev/null)
     eval "$varname=\"$value\""
 }
 
@@ -176,28 +176,40 @@ if [ -z "$CHIPID" ]; then
     exit 1
 fi
 
-rcm_bootcontrol_overlay="L4TConfiguration-rcmboot.dtbo"
+[ -n "$RCMBOOT_KERNEL" ] || RCMBOOT_KERNEL="initrd-flash.img"
-if [ $rcm_boot -eq 1 -a $to_sign -eq 0 ]; then
+
-    overlay_dtb_files="$rcm_bootcontrol_overlay"
+if [ $external_device -eq 0 ]; then
+    also_sign_rcmboot=1
 else
-    overlay_dtb_files="$BOOTCONTROL_OVERLAYS"
+    also_sign_rcmboot=0
 fi
-if [ -z "$overlay_dtb_files" ]; then
+
-    overlay_dtb_files="$PLUGIN_MANAGER_OVERLAYS"
+rcm_bootcontrol_overlay="L4TConfiguration-rcmboot.dtbo"
-elif [ -n "$PLUGIN_MANAGER_OVERLAYS" ]; then
+
-    overlay_dtb_files="$overlay_dtb_files,$PLUGIN_MANAGER_OVERLAYS"
+non_bootcontrol_overlays="$PLUGIN_MANAGER_OVERLAYS"
-fi
+if [ -z "$non_bootcontrol_overlays" ]; then
-if [ -z "$overlay_dtb_files" ]; then
+    non_bootcontrol_overlays="$OVERLAY_DTB_FILE"
-    overlay_dtb_files="$OVERLAY_DTB_FILE"
 elif [ -n "$OVERLAY_DTB_FILE" ]; then
-    overlay_dtb_files="$overlay_dtb_files,$OVERLAY_DTB_FILE"
+    non_bootcontrol_overlays="$non_bootcontrol_overlays,$OVERLAY_DTB_FILE"
 fi
+[ -z "$non_bootcontrol_overlays" ] || non_bootcontrol_overlays=",$non_bootcontrol_overlays"
+
+if [ $rcm_boot -ne 0 -a $to_sign -eq 0 ]; then
+    overlay_dtb_files="$rcm_bootcontrol_overlay$non_bootcontrol_overlays"
+    also_sign_rcmboot=0
+else
+    overlay_dtb_files="$BOOTCONTROL_OVERLAYS$non_bootcontrol_overlays"
+fi
+
 overlay_dtb_arg=
+rcm_overlay_dtb_arg=
 if [ -n "$overlay_dtb_files" ]; then
     overlay_dtb_arg="--overlay_dtb $overlay_dtb_files"
+    rcm_overlay_dtb_arg="--overlay_dtb $rcmbootcontrol_overlay$non_bootcontrol_overlays"
 fi
 if [ -n "$DCE_OVERLAY" ]; then
     overlay_dtb_arg="$overlay_dtb_arg --dce_overlay_dtb $DCE_OVERLAY"
+    rcm_ovleray_dtb_arg="$rcm_overlay_dtb_arg --dce_overlay_dtb $DCE_OVERLAY"
 fi
 
 fuselevel="fuselevel_production"
@@ -573,8 +585,9 @@ if [ -f "$custinfo_out" ]; then
     custinfo_args="--cust_info $custinfo_out"
 fi
 
+binsargs_params=
 if [ "$CHIPID" = "0x23" ]; then
-    BINSARGS="psc_fw pscfw_t234_prod.bin; \
+    binsargs_params="psc_fw pscfw_t234_prod.bin; \
 mts_mce mce_flash_o10_cr_prod.bin; \
 mb2_applet applet_t234.bin; \
 mb2_bootloader mb2_t234.bin; \
@@ -606,12 +619,11 @@ eks eks.img"
          --mb2bct_cfg $MB2BCT_CFG \
          --bldtb $TBCDTB_FILE \
          --concat_cpubl_bldtb \
-         --cpubl uefi_jetson.bin \
+         --cpubl uefi_jetson.bin"
-         $overlay_dtb_arg $custinfo_args"
 fi
 
-if [ $rcm_boot -ne 0 ]; then
+if [ $rcm_boot -ne 0 -a $to_sign -eq 0 ]; then
-    BINSARGS="$BINSARGS; kernel $kernfile; kernel_dtb $kernel_dtbfile"
+    binsargs_params="$binsargs_params; kernel $kernfile; kernel_dtb $kernel_dtbfile"
 fi
 
 if [ $bup_blob -ne 0 -o $to_sign -ne 0 -o "$sdcard" = "yes" -o $external_device -eq 1 ]; then
@@ -659,7 +671,7 @@ if [ $want_signing -eq 1 ]; then
     tbcdtbfilename="$TBCDTB_FILE"
     bpfdtbfilename="$BPFDTB_FILE"
     localbootfile="$kernfile"
-    BINSARGS="--bins \"$BINSARGS\""
+    BINSARGS="--bins \"$binsargs_params\""
     BCT="--sdram_config"
     boot_chain_select="A"
     if [ "$CHIPID" = "0x23" ]; then
@@ -675,7 +687,7 @@ if [ $want_signing -eq 1 ]; then
     BL_DIR="."
     bctfilename=$(echo $sdramcfg_files | cut -d, -f1)
     bctfile1name=$(echo $sdramcfg_files | cut -d, -f2)
-    BCTARGS="$bctargs --bct_backup"
+    BCTARGS="$bctargs $overlay_dtb_arg $custinfo_args --bct_backup"
     L4T_CONF_DTBO="L4TConfiguration.dtbo"
     rootfs_ab=0
     gen_rcmdump=0
@@ -687,22 +699,24 @@ if [ $want_signing -eq 1 ]; then
           --cfg flash.xml \
           --bct_backup \
           --boot_chain A \
-          $bctargs $ramcodeargs $extdevargs $sparseargs $BINSARGS"
+          $bctargs $overlay_dtb_arg $custinfo_args $ramcodeargs $extdevargs $sparseargs $BINSARGS"
     FBARGS="--cmd \"$tfcmd\""
     . "$here/odmsign.func"
     (odmsign_ext_sign_and_flash) || exit 1
-    if [ "$CHIPID" = "0x23" ]; then
+    if [ $also_sign_rcmboot -ne 0 ]; then
-        cp uefi_jetson.bin rcmboot_uefi_jetson.bin
+	BCTARGS="$bctargs $rcm_overlay_dtb_arg $custinfo_args --bct_backup"
-        rcm_overlay_dtbs="$rcm_bootcontrol_overlay"
+	L4T_CONF_DTBO="$rcm_bootcontrol_overlay"
-        if [ -n "$PLUGIN_MANAGER_OVERLAYS" ]; then
+	BINSARGS="--bins \"$binsargs_params; kernel $RCMBOOT_KERNEL; kernel_dtb $kernel_dtbfile\""
-            rcm_overlay_dtbs="$rcm_overlay_dtbs,$PLUGIN_MANAGER_OVERLAYS"
+	FLASHARGS="--chip 0x23 --bl uefi_jetson_with_dtb.bin \
-        fi
+          --sdram_config $sdramcfg_files \
-        if [ -n "$OVERLAY_DTB_FILE" ]; then
+          --odmdata $odmdata \
-            rcm_overlay_dtbs="$rcm_overlay_dtbs,$OVERLAY_DTB_FILE"
+          --applet mb1_t234_prod.bin \
-        fi
+          --cmd \"$tfcmd\" $skipuid \
-        rcmbootsigncmd="python3 $flashappname $keyargs --chip 0x23 --odmdata $odmdata --bldtb $TBCDTB_FILE --concat_cpubl_bldtb --overlay_dtb $rcm_overlay_dtbs \
+          --cfg flash.xml \
-                    --cmd \"sign rcmboot_uefi_jetson.bin bootloader_stage2 A_cpu-bootloader\""
+          --bct_backup \
-        eval $rcmbootsigncmd || exit 1
+          --boot_chain A \
+          $bctargs $rcm_overlay_dtb_arg $custinfo_args $ramcodeargs $extdevargs $sparseargs $BINSARGS"
+	(rcm_boot=1 odmsign_ext_sign_and_flash) || exit 1
     fi
     if [ $bup_blob -eq 0 -a $no_flash -ne 0 ]; then
         if [ -f flashcmd.txt ]; then
@@ -727,8 +741,8 @@ else
           --cfg flash.xml \
           --bct_backup \
           --boot_chain A \
-          $bctargs $extdevargs $sparseargs \
+          $bctargs $overlay_dtb_arg $custinfo_args $extdevargs $sparseargs \
-          --bins \"$BINSARGS\""
+          --bins \"$binsargs_params\""
 fi
 
 if [ $bup_blob -ne 0 ]; then