common: support build ramdisk security firmware
Signed-off-by: Weiwen Chen <cww@rock-chips.com> Change-Id: I641a364263a61ded19b6c9603a4048cdba8205c5
This commit is contained in:
Weiwen Chen
@ -93,6 +93,13 @@ do
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$RK_RAMDISK_SECURITY_BOOTUP" = "true" ];then
|
||||
if echo $line | grep -wq "uboot-ignore"; then
|
||||
echo "Enable Security boot, Skip uboot-ignore ..."
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$line" >> $target_its_file
|
||||
done < $src_its_file
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
COMMON_DIR=$(cd `dirname $0`; pwd)
|
||||
if [ -h $0 ]
|
||||
then
|
||||
@ -79,6 +80,33 @@ fi
|
||||
|
||||
echo -n "pack $RAMDISK_IMG..."
|
||||
if [ -f "$TOP_DIR/device/rockchip/$RK_TARGET_PRODUCT/$RK_RECOVERY_FIT_ITS" ];then
|
||||
if [ "$RK_RAMDISK_SECURITY_BOOTUP" = "true" ];then
|
||||
echo "[$0] Build ramdisk with sha256 digest"
|
||||
ROOTFS_IMAGE_DIGEST=$(dirname $ROOTFS_IMAGE)/ramdisk.gz.digest
|
||||
|
||||
openssl dgst -sha256 -binary -out $ROOTFS_IMAGE_DIGEST $ROOTFS_IMAGE || exit 1
|
||||
rootfs_image_digest_size=$(du -b $ROOTFS_IMAGE |sed -r -e 's/[[:space:]]+.*$//')
|
||||
|
||||
if [ "$RK_ARCH" == "arm" ]; then
|
||||
kernel_dts_file="kernel/arch/arm/boot/dts/$RK_KERNEL_DTS.dts"
|
||||
else
|
||||
kernel_dts_file="kernel/arch/arm64/boot/dts/rockchip/$RK_KERNEL_DTS.dts"
|
||||
fi
|
||||
|
||||
cp $kernel_dts_file ${kernel_dts_file}.backup
|
||||
cat << EOF >> ${kernel_dts_file}
|
||||
&ramdisk_c {
|
||||
size = <$rootfs_image_digest_size>;
|
||||
hash {
|
||||
algo = "sha256";
|
||||
value = /incbin/("$ROOTFS_IMAGE_DIGEST");
|
||||
};
|
||||
};
|
||||
EOF
|
||||
./build.sh kernel
|
||||
mv ${kernel_dts_file}.backup $kernel_dts_file
|
||||
fi
|
||||
|
||||
$COMMON_DIR/mk-fitimage.sh $TARGET_IMAGE $TOP_DIR/device/rockchip/$RK_TARGET_PRODUCT/$RK_RECOVERY_FIT_ITS $ROOTFS_IMAGE $KERNEL_IMAGE
|
||||
else
|
||||
$TOP_DIR/kernel/scripts/mkbootimg --kernel $KERNEL_IMAGE --ramdisk $ROOTFS_IMAGE --second $KERNEL_DTB -o $TARGET_IMAGE
|
||||
|
||||
@ -332,6 +332,17 @@ then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$RK_RAMDISK_SECURITY_BOOTUP" = "true" ];then
|
||||
if [ -f $TOP_DIR/u-boot/boot.img ]
|
||||
then
|
||||
echo -n "Enable ramdisk security bootup, create boot.img..."
|
||||
ln -rsf $TOP_DIR/u-boot/boot.img $ROCKDEV/boot.img
|
||||
echo "done."
|
||||
else
|
||||
echo "warning: $TOP_DIR/u-boot/boot.img not found!"
|
||||
fi
|
||||
fi
|
||||
|
||||
check_partition_size
|
||||
|
||||
echo -e "\e[36m Image: image in rockdev is ready \e[0m"
|
||||
|
||||
Reference in New Issue
Block a user