Lubancat2/device_rockchip
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "build.sh: add security condition check"

Browse Source
This commit is contained in:
Caesar Wang
2022-02-21 09:58:44 +08:00
committed by Gerrit Code Review
parent 291846dbc7 5ad99ab04e
commit ed1b48cff7
1 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
common/build.sh
View File

@ -246,6 +246,7 @@ function usage()
echo "app/<pkg> -build packages in the dir of app/*" echo "app/<pkg> -build packages in the dir of app/*"
echo "external/<pkg> -build packages in the dir of external/*" echo "external/<pkg> -build packages in the dir of external/*"
echo "" echo ""
echo "createkeys -create secureboot root keys"
echo "security-rootfs -build rootfs and some relevant images with security paramter" echo "security-rootfs -build rootfs and some relevant images with security paramter"
echo "security-boot -build boot with security paramter" echo "security-boot -build boot with security paramter"
echo "" echo ""
@ -789,6 +790,47 @@ function build_pcba(){
finish_build finish_build
} }
BOOT_FIXED_CONFIGS="
CONFIG_BLK_DEV_DM
CONFIG_DM_CRYPT
CONFIG_BLK_DEV_CRYPTOLOOP
CONFIG_DM_VERITY"
UBOOT_FIXED_CONFIGS="
CONFIG_FIT_SIGNATURE
CONFIG_SPL_FIT_SIGNATURE"
function defconfig_check() {
# 1. defconfig 2. fixed config
echo debug-$1
for i in $2
do
echo "look for $i"
result=$(cat $1 | grep "${i}=y" -w || echo "No found")
if [ "$result" = "No found" ]; then
echo "${i} Not found"
return -1;
fi
done
return 0
}
function check_security_condition(){
# check security enabled
test -z "$RK_SYSTEM_CHECK_METHOD" && return 0
if [ ! -d u-boot/keys ]; then
echo "ERROR: No root keys(u-boot/keys) found in u-boot"
echo " Create it by ./build.sh createkeys or move your key to it"
return -1
fi
echo "check kernel defconfig"
defconfig_check kernel/arch/$RK_ARCH/configs/$RK_KERNEL_DEFCONFIG "$BOOT_FIXED_CONFIGS"
echo "check uboot defconfig"
defconfig_check u-boot/configs/${RK_UBOOT_DEFCONFIG}_defconfig "$UBOOT_FIXED_CONFIGS"
}
function build_all(){ function build_all(){
echo "============================================" echo "============================================"
echo "TARGET_ARCH=$RK_ARCH" echo "TARGET_ARCH=$RK_ARCH"
@ -817,6 +859,7 @@ function build_all(){
fi fi
fi fi
check_security_condition
build_loader build_loader
build_kernel build_kernel
build_toolchain build_toolchain
@ -1005,6 +1048,16 @@ function build_allsave(){
finish_build finish_build
} }
function create_keys() {
test -d u-boot/keys && echo "ERROR: u-boot/keys has existed" && return -1
mkdir u-boot/keys -p
./rkbin/tools/rk_sign_tool kk --bits 2048 --out u-boot/keys
ln -s privateKey.pem u-boot/keys/dev.key
ln -s publicKey.pem u-boot/keys/dev.pubkey
openssl req -batch -new -x509 -key u-boot/keys/dev.key -out u-boot/keys/dev.crt
}
#========================= #=========================
# build targets # build targets
#========================= #=========================
@ -1063,6 +1116,7 @@ for option in ${OPTIONS}; do
multi-npu_boot) build_multi-npu_boot ;; multi-npu_boot) build_multi-npu_boot ;;
info) build_info ;; info) build_info ;;
app/*|external/*) build_pkg $option ;; app/*|external/*) build_pkg $option ;;
createkeys) create_keys ;;
security-rootfs) security-rootfs)
if [ "$RK_RAMDISK_SECURITY_BOOTUP" != "true" ]; then if [ "$RK_RAMDISK_SECURITY_BOOTUP" != "true" ]; then
echo "No security paramter found in .BoardConfig.mk" echo "No security paramter found in .BoardConfig.mk"