diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2021-02-15 14:37:17 +0000 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2021-02-24 01:35:20 +0000 |
| commit | e6aac8d98f5663be99163f9e61dad23ad657b7ed (patch) | |
| tree | e380522a134bab0afe6d9058d5cd8613fb2d4cf7 /scripts | |
| parent | fb83efb626491e4e0de79429041ea7792db337d4 (diff) | |
| download | upstream-e6aac8d98f5663be99163f9e61dad23ad657b7ed.tar.gz upstream-e6aac8d98f5663be99163f9e61dad23ad657b7ed.tar.bz2 upstream-e6aac8d98f5663be99163f9e61dad23ad657b7ed.zip | |
image: add support for building FIT image with filesystem
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/mkits.sh | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/scripts/mkits.sh b/scripts/mkits.sh index bb629d6fca..59ff3a2d15 100755 --- a/scripts/mkits.sh +++ b/scripts/mkits.sh @@ -23,18 +23,24 @@ usage() { printf "\n\t-c ==> set config name 'config'" printf "\n\t-a ==> set load address to 'addr' (hex)" printf "\n\t-e ==> set entry point to 'entry' (hex)" + printf "\n\t-f ==> set device tree compatible string" printf "\n\t-v ==> set kernel version to 'version'" printf "\n\t-k ==> include kernel image 'kernel'" printf "\n\t-D ==> human friendly Device Tree Blob 'name'" printf "\n\t-n ==> fdt unit-address 'address'" printf "\n\t-d ==> include Device Tree Blob 'dtb'" + printf "\n\t-r ==> include RootFS blob 'rootfs'" + printf "\n\t-H ==> specify hash algo instead of SHA1" printf "\n\t-o ==> create output file 'its_file'\n" exit 1 } FDTNUM=1 +ROOTFSNUM=1 +HASH=sha1 +LOADABLES= -while getopts ":A:a:c:C:D:d:e:k:n:o:v:" OPTION +while getopts ":A:a:c:C:D:d:e:f:k:n:o:v:r:S" OPTION do case $OPTION in A ) ARCH=$OPTARG;; @@ -44,9 +50,12 @@ do D ) DEVICE=$OPTARG;; d ) DTB=$OPTARG;; e ) ENTRY_ADDR=$OPTARG;; + f ) COMPATIBLE=$OPTARG;; k ) KERNEL=$OPTARG;; n ) FDTNUM=$OPTARG;; o ) OUTPUT=$OPTARG;; + r ) ROOTFS=$OPTARG;; + S ) HASH=$OPTARG;; v ) VERSION=$OPTARG;; * ) echo "Invalid option passed to '$0' (options:$*)" usage;; @@ -62,11 +71,16 @@ fi ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]') +if [ -n "${COMPATIBLE}" ]; then + COMPATIBLE_PROP="compatible = \"${COMPATIBLE}\";" +fi + # Conditionally create fdt information if [ -n "${DTB}" ]; then FDT_NODE=" fdt@$FDTNUM { description = \"${ARCH_UPPER} OpenWrt ${DEVICE} device tree blob\"; + ${COMPATIBLE_PROP} data = /incbin/(\"${DTB}\"); type = \"flat_dt\"; arch = \"${ARCH}\"; @@ -75,13 +89,34 @@ if [ -n "${DTB}" ]; then algo = \"crc32\"; }; hash@2 { - algo = \"sha1\"; + algo = \"${HASH}\"; }; }; " FDT_PROP="fdt = \"fdt@$FDTNUM\";" fi +if [ -n "${ROOTFS}" ]; then + dd if="${ROOTFS}" of="${ROOTFS}.pagesync" bs=4096 conv=sync + ROOTFS_NODE=" + rootfs@$ROOTFSNUM { + description = \"${ARCH_UPPER} OpenWrt ${DEVICE} rootfs\"; + ${COMPATIBLE_PROP} + data = /incbin/(\"${ROOTFS}.pagesync\"); + type = \"filesystem\"; + arch = \"${ARCH}\"; + compression = \"none\"; + hash@1 { + algo = \"crc32\"; + }; + hash@2 { + algo = \"${HASH}\"; + }; + }; +" + LOADABLES="${LOADABLES:+$LOADABLES, }\"rootfs@${ROOTFSNUM}\"" +fi + # Create a default, fully populated DTS file DATA="/dts-v1/; @@ -103,18 +138,21 @@ DATA="/dts-v1/; algo = \"crc32\"; }; hash@2 { - algo = \"sha1\"; + algo = \"$HASH\"; }; }; ${FDT_NODE} +${ROOTFS_NODE} }; configurations { default = \"${CONFIG}\"; ${CONFIG} { - description = \"OpenWrt\"; + description = \"OpenWrt ${DEVICE}\"; kernel = \"kernel@1\"; ${FDT_PROP} + ${LOADABLES:+loadables = ${LOADABLES};} + ${COMPATIBLE_PROP} }; }; };" |