From patchwork Mon May 20 17:45:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Scott X-Patchwork-Id: 164662 Delivered-To: patch@linaro.org Received: by 2002:a92:9e1a:0:0:0:0:0 with SMTP id q26csp572104ili; Mon, 20 May 2019 10:45:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqxubpHgRA+AvMCROyKfLxabKufyN35Q3ba8d3Tqsh6T0nJMoWr2cgMqs0YWkGy6yqRo+OUP X-Received: by 2002:a62:128a:: with SMTP id 10mr80840486pfs.225.1558374349837; Mon, 20 May 2019 10:45:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558374349; cv=none; d=google.com; s=arc-20160816; b=qOgE7QjWqM1a2E5xdXEhiPVEb1016uF+ppfsYch4Jz4xDQH9MTuJ3/0RcRy6ZARaJC A830/TonDzcIPgHSlIwC6V45wayIwRwC1TidBz1s+E+BiDQQdkZywUmmLDENhWoDI79N 3IhgiX0zA6qo/4HotxxSyE6QtOYjkZpvNTeDvhn672TLi1tV4XivusHWh7DhYtTBcYwI kkFn6YmOolNV6SVGLFi3woHL/uvrsdd35eBeNwAD8Uqgfq2SAhnP6OEDyKe3vtkbyPyi iccd5ZmR51D+p/3QjOHoxArrEF8rLyxNucc5UESJKXxkfZkoD0TSO75p6UqORDg2/oB+ um3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=L81SvCUh3MIGUYvYMbDI3RgDCy1+auqwGyZo+1jG1a4=; b=JNcsXLTuyehfAKWj/qplEdLAc6/fT3E/B0VDP5TU7V5DhjIoRG7RAYpRzQT284duTp 7LHS4qM3QbofXe0rAWms4/lBd1O9UrXUnIq/tOgNUld6COTKWB42AlSA0h9e75k+z+b7 i/m+2s8boICb3Gn2jboYeSiqHSMCpV940Z90Dfao6g/YMZIXfVsM8Icm9uqmQbkqhrfY gu1OD9tkr1kTIpyozD2GX3pIw7lsoMiQ7n1ClIhN4x/dwE04m4pMOPKzYaxOFsz2wfDh qEWPdJUViSUUem6u+9ULjUtVxf/nbe1HNau8H2Fq2EPCSoBqdVBc+LPTvEwdmB6vW6up b4qA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@foundries-io.20150623.gappssmtp.com header.s=20150623 header.b=ZOtoCy1p; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id o189si21108563pfg.216.2019.05.20.10.45.49; Mon, 20 May 2019 10:45:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@foundries-io.20150623.gappssmtp.com header.s=20150623 header.b=ZOtoCy1p; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 5BCF57E06E; Mon, 20 May 2019 17:45:47 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by mail.openembedded.org (Postfix) with ESMTP id 0CE837E064 for ; Mon, 20 May 2019 17:45:45 +0000 (UTC) Received: by mail-pf1-f196.google.com with SMTP id u17so7575301pfn.7 for ; Mon, 20 May 2019 10:45:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries-io.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=KWnunU4GQ3lWAKujB6obN6DOOKwpJVVJkcHaMAMTfuM=; b=ZOtoCy1pKFCVT/cSkMOvzThbJpRmHuDB2cJZ8DfMKIjn7Nz2GIqvyVGnOZzFTdVI2q GIIBSVHc3nZELtAGdCoijBbiQ8ADq2QpfoFT1UexLRrQbe3W1H4wDN5txTJxZjlbosny iXBjpArGxmz8HjvQi1zs/U0/186E1ve+NbZAjC7Kd8VOnElaQ0H4WNwmGVQCWP/OiUxU l7/N8Dn8XbfBhb7gWhAN9cN4QMUbGYOAWVb2sZJZI6VUNCm9zQ6a15H9CvWLYtq6UWOI +5IgSK9RNC/IeHIxnCVZkC31vlpldpyvrcO6xNtWmb8FlzCYkICZTrVk/6zeVSu5LMrQ hO8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=KWnunU4GQ3lWAKujB6obN6DOOKwpJVVJkcHaMAMTfuM=; b=O4eOdIXUiOWZ7EskN8PSUYAQKEVAu5C3+eeaKEQujCCgEHDZqPKZzqHNVGE/93Oz88 nSOiPGIa038/0kkLuuvhczIHiNhPp2CUk2dNkO7hnax2LJGHhkgrf7BWZfYiKOFHLzuM rIEkxjH+gdAmfvwExu9FbxDAg9Ir+IFAuwVLdhjR3o4B98w/+yVYco9FD4Dq7HqNKsMO iECc20TPfRXRNfOfBlEZeWjRre6++QW1chi37Iyw8e5ZSPKC7MdLggz7bxpUNGvzR4IG wl3pkKt9Bn/5AAtazyCK9hXOyMpeZx37jGfd248f+Gr6blZ7WAhAq17kzTJ0V0aTLDW4 RRDg== X-Gm-Message-State: APjAAAVL0xIogDMTLfDudpQ2yunFhntvtAlp8JPRRmxSssn1mPo6I+c/ qEAX0KxZGIE99kIpJQamST0Z/RjfvHItpQ== X-Received: by 2002:aa7:8186:: with SMTP id g6mr82348208pfi.126.1558374346922; Mon, 20 May 2019 10:45:46 -0700 (PDT) Received: from scottml-arch.lan (107-198-5-8.lightspeed.irvnca.sbcglobal.net. [107.198.5.8]) by smtp.googlemail.com with ESMTPSA id c76sm34897132pfc.43.2019.05.20.10.45.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 May 2019 10:45:46 -0700 (PDT) From: Michael Scott To: openembedded-core@lists.openembedded.org Date: Mon, 20 May 2019 10:45:32 -0700 Message-Id: <20190520174532.32158-1-mike@foundries.io> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Cc: Yannick Gicquel Subject: [OE-core] [PATCH] uboot-sign: change u-boot do_deploy concat_dtb() hook to postfuncs X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org The u-boot signing process consists of 3 actions which must happen in the right order in order to generate a correct u-boot.dtb with the public key information which is appended to the u-boot binary. This process is described in a long comment at the top of uboot-sign.bbclass: 1. u-boot build generates initial version of u-boot binary and appended u-boot.dtb. Then, via do_install_append() a copy of this file and a symlink are added to the datadir (part of do_install step) 2. Kernel build then picks up the u-boot dtb from the datadir and adds the public key information during mkimage call in "Step 7" of kernel-fitimage.bbclass::do_assemble_fitimage(). The build system makes sure that we add the signed version of the u-boot dtb by adding do_assemble_fitimage() as a dependency to u-boot's do_populate_sysroot() step. 3. u-boot do_deploy then executes a new *postfuncs* hook for "concat_dtb" which deploys a re-created u-boot binary (appended dtb now has public key). However, the actual code which adds the handler to u-boot's do_deploy, sets the hook addition as "prefuncs". This ends up creating a very racy build which for me was deploying the wrong u-boot binary because concat_dtb was running before the fitimage was being assembled (and adding the public key to the u-boot.dtb) Let's set the concat_dtb step to "postfuncs" as the comment claims which fixes the order of operations and generates the correct u-boot.bin in the deploy directory. Signed-off-by: Michael Scott --- meta/classes/uboot-sign.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.21.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass index 8beafff7c0..202b18502b 100644 --- a/meta/classes/uboot-sign.bbclass +++ b/meta/classes/uboot-sign.bbclass @@ -125,5 +125,5 @@ python () { # kernerl's do_deploy is a litle special, so we can't use # do_deploy_append, otherwise it would override # kernel_do_deploy. - d.appendVarFlag('do_deploy', 'prefuncs', ' concat_dtb') + d.appendVarFlag('do_deploy', 'postfuncs', ' concat_dtb') }