uboot-sign: change u-boot do_deploy concat_dtb() hook to postfuncs

Message ID 20190520174532.32158-1-mike@foundries.io
State New
Headers show
  • uboot-sign: change u-boot do_deploy concat_dtb() hook to postfuncs
Related show

Commit Message

Michael Scott May 20, 2019, 5:45 p.m.
The u-boot signing process consists of 3 actions which must happen in
the right order in order to generate a correct u-boot.dtb with the
public key information which is appended to the u-boot binary.

This process is described in a long comment at the top of

1. u-boot build generates initial version of u-boot binary and
   appended u-boot.dtb.  Then, via do_install_append() a copy of
   this file and a symlink are added to the datadir (part of
   do_install step)
2. Kernel build then picks up the u-boot dtb from the datadir and
   adds the public key information during mkimage call in "Step 7"
   of kernel-fitimage.bbclass::do_assemble_fitimage().  The build
   system makes sure that we add the signed version of the u-boot
   dtb by adding do_assemble_fitimage() as a dependency to u-boot's
   do_populate_sysroot() step.
3. u-boot do_deploy then executes a new *postfuncs* hook for
   "concat_dtb" which deploys a re-created u-boot binary (appended
   dtb now has public key).

However, the actual code which adds the handler to u-boot's do_deploy,
sets the hook addition as "prefuncs".  This ends up creating a very
racy build which for me was deploying the wrong u-boot binary because
concat_dtb was running before the fitimage was being assembled
(and adding the public key to the u-boot.dtb)

Let's set the concat_dtb step to "postfuncs" as the comment claims
which fixes the order of operations and generates the correct
u-boot.bin in the deploy directory.

Signed-off-by: Michael Scott <mike@foundries.io>

 meta/classes/uboot-sign.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Openembedded-core mailing list


diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 8beafff7c0..202b18502b 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -125,5 +125,5 @@  python () {
         # kernerl's do_deploy is a litle special, so we can't use
         # do_deploy_append, otherwise it would override
         # kernel_do_deploy.
-        d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb')
+        d.appendVarFlag('do_deploy', 'postfuncs', ' concat_dtb')