| author | Xindong Xu <xindong.xu@amlogic.com> | 2019-06-20 07:06:34 (GMT) |
|---|---|---|
| committer | Ben Cheng <bccheng@google.com> | 2019-07-19 11:54:07 (GMT) |
| commit | b5e51661985ac79f8359602e0f6411a0160d0c62 (patch) | |
| tree | 09addf0b897d9bf48ee65783f290e3e57e87844c | |
| parent | e3d699d0f9d652bba762ed1162c7a494b2c36510 (diff) | |
| download | common-b5e51661985ac79f8359602e0f6411a0160d0c62.zip common-b5e51661985ac79f8359602e0f6411a0160d0c62.tar.gz common-b5e51661985ac79f8359602e0f6411a0160d0c62.tar.bz2 | |
[Sabrina] generate signed uboot [1/2]
PD#SWPL-10133
Problem:
sabrina secure boot board can not bringup
Solution:
generate signed bootloader
Verify:
BUG: 137927498
Test: image runs on Sabrina P1 devices
Test: local
Change-Id: I7191c447bb89800c0ea24db846c5ad77182b3bbd
| -rwxr-xr-x | factory.mk | 68 |
1 files changed, 65 insertions, 3 deletions
@@ -4,9 +4,15 @@ AML_EMMC_BIN_GENERATOR := $(BOARD_AML_VENDOR_PATH)/tools/aml_upgrade/amlogic_emm PRODUCT_COMMON_DIR := device/amlogic/common/products/$(PRODUCT_TYPE) ifeq ($(TARGET_NO_RECOVERY),true) -BUILT_IMAGES := boot.img bootloader.img dt.img +BUILT_IMAGES := boot.img dt.img else -BUILT_IMAGES := boot.img recovery.img bootloader.img dt.img +BUILT_IMAGES := boot.img recovery.img dt.img +endif + +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) +BUILT_IMAGES += bootloader.img.encrypt +else +BUILT_IMAGES += bootloader.img endif VB_CHECK_IMAGES := vendor.img system.img vbmeta.img boot.img product.img @@ -177,9 +183,14 @@ INSTALLED_AML_ENC_RADIOIMAGE_TARGET = $(addprefix $(PRODUCT_OUT)/,$(filter %.img BOARD_PACK_RADIOIMAGES += $(basename $(filter %.img.encrypt,$(BUILT_IMAGES))) $(warning echo "radio add $(filter %.img.encrypt,$(BUILT_IMAGES))") else +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) +INSTALLED_RADIOIMAGE_TARGET += $(addprefix $(PRODUCT_OUT)/,$(filter dt.img bootloader.img.encrypt,$(BUILT_IMAGES))) +BOARD_PACK_RADIOIMAGES += $(filter dt.img bootloader.img.encrypt,$(BUILT_IMAGES)) +else INSTALLED_RADIOIMAGE_TARGET += $(addprefix $(PRODUCT_OUT)/,$(filter dt.img bootloader.img,$(BUILT_IMAGES))) BOARD_PACK_RADIOIMAGES += $(filter dt.img bootloader.img,$(BUILT_IMAGES)) $(warning echo "radio add dt and bootloader") +endif endif#ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) # BOARD_PACK_RADIOIMAGES += $(filter system.img vendor.img,$(BUILT_IMAGES)) @@ -216,6 +227,10 @@ ifeq ($(BUILD_WITH_AVB),true) endif PACKAGE_CONFIG_FILE := $(TARGET_DEVICE_DIR)/upgrade/$(PACKAGE_CONFIG_FILE).conf +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) +PACKAGE_CONFIG_FILE := $(TARGET_DEVICE_DIR)/upgrade/aml_upgrade_package_enc_avb.conf +endif + ifeq ($(wildcard $(PACKAGE_CONFIG_FILE)),) PACKAGE_CONFIG_FILE := $(PRODUCT_COMMON_DIR)/upgrade_4.9/$(notdir $(PACKAGE_CONFIG_FILE)) endif ## ifeq ($(wildcard $(TARGET_DEVICE_DIR)/upgrade/$(PACKAGE_CONFIG_FILE))) @@ -295,19 +310,54 @@ INSTALLED_AMLOGIC_BOOTLOADER_TARGET := $(PRODUCT_OUT)/bootloader.img ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) INSTALLED_AMLOGIC_BOOTLOADER_TARGET := $(INSTALLED_AMLOGIC_BOOTLOADER_TARGET).encrypt endif# ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) + INSTALLED_AMLOGIC_BOOTLOADER_TARGET := $(PRODUCT_OUT)/bootloader.img.encrypt +endif .PHONY: aml_bootloader aml_bootloader : $(INSTALLED_AMLOGIC_BOOTLOADER_TARGET) +.PHONY: build_always +build_always: + BOOTLOADER_INPUT := $(TARGET_DEVICE_DIR)/bootloader.img ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) ifeq ($(PRODUCT_AML_SECURE_BOOT_VERSION3),true) BOOTLOADER_INPUT := $(BOOTLOADER_INPUT).zip endif #ifeq ($(PRODUCT_AML_SECURE_BOOT_VERSION3),true) endif # ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) +$(INSTALLED_AMLOGIC_BOOTLOADER_TARGET): build_always +# Google internal tree might not have the bootloader source +ifneq ($(wildcard ~/bootloader/.*),) + cd bootloader/uboot-repo && ./mk sm1_sabrina_v1 --bl32 ../../vendor/amlogic/common/tdk/secureos/g12a/bl32.img --systemroot --avb2 + cp bootloader/uboot-repo/fip/_tmp/bl2_new.bin $(TARGET_DEVICE_DIR)/prebuilt/bootloader/ + cp bootloader/uboot-repo/fip/_tmp/bl30_new.bin $(TARGET_DEVICE_DIR)/prebuilt/bootloader/ + cp bootloader/uboot-repo/fip/_tmp/bl31.img $(TARGET_DEVICE_DIR)/prebuilt/bootloader/ + cp bootloader/uboot-repo/fip/_tmp/bl32.img $(TARGET_DEVICE_DIR)/prebuilt/bootloader/ + cp bootloader/uboot-repo/fip/_tmp/bl33.bin $(TARGET_DEVICE_DIR)/prebuilt/bootloader/ +endif + + bash $(PRODUCT_SABRINA_SECURE_BOOT_TOOL) + mkdir -p $(PRODUCT_OUT)/upgrade/ + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.signed $(PRODUCT_OUT)/bootloader.img.encrypt + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.signed $(PRODUCT_OUT)/upgrade/bootloader.img.encrypt + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.usb.bl2.signed $(PRODUCT_OUT)/upgrade/ + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.usb.tpl.signed $(PRODUCT_OUT)/upgrade/ + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.sd.signed $(PRODUCT_OUT)/upgrade/ + + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin $(PRODUCT_OUT)/bootloader.img + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin $(PRODUCT_OUT)/upgrade/bootloader.img + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.usb.bl2 $(PRODUCT_OUT)/upgrade/ + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.usb.tpl $(PRODUCT_OUT)/upgrade/ + cp $(TARGET_DEVICE_DIR)/prebuilt/bootloader/u-boot.bin.sd $(PRODUCT_OUT)/upgrade/ + + @echo "make secure bootloader.img: bootloader installed end" +else $(INSTALLED_AMLOGIC_BOOTLOADER_TARGET) : $(BOOTLOADER_INPUT) $(hide) cp $< $(PRODUCT_OUT)/$(notdir $<) $(hide) $(call aml-secureboot-sign-bootloader, $@,$(PRODUCT_OUT)/$(notdir $<)) @echo "make $@: bootloader installed end" +endif $(call dist-for-goals, droidcore, $(INSTALLED_AMLOGIC_BOOTLOADER_TARGET)) @@ -459,6 +509,13 @@ FASTBOOT_IMAGES := boot.img dt.img ifneq ($(TARGET_NO_RECOVERY),true) FASTBOOT_IMAGES += recovery.img endif + +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) +FASTBOOT_IMAGES += bootloader.img.encrypt +else +FASTBOOT_IMAGES += bootloader.img +endif + ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) FASTBOOT_IMAGES := $(addsuffix .encrypt, $(FASTBOOT_IMAGES)) endif#ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) @@ -486,7 +543,6 @@ endif .PHONY:aml_fastboot_zip aml_fastboot_zip:$(INSTALLED_AML_FASTBOOT_ZIP) $(INSTALLED_AML_FASTBOOT_ZIP): $(addprefix $(PRODUCT_OUT)/,$(FASTBOOT_IMAGES)) \ - $(addprefix $(PRODUCT_OUT)/,bootloader.img) \ $(INSTALLED_AML_LOGO) \ $(BUILT_ODMIMAGE_TARGET) echo "install $@" @@ -528,6 +584,9 @@ else cp $(PRODUCT_OUT)/bootloader.img $(PRODUCT_OUT)/fastboot_auto/ cp $(PRODUCT_OUT)/dt.img $(PRODUCT_OUT)/fastboot_auto/ endif +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) + cp $(PRODUCT_OUT)/bootloader.img.encrypt $(PRODUCT_OUT)/fastboot_auto/bootloader.img +endif cp $(PRODUCT_OUT)/odm.img $(PRODUCT_OUT)/fastboot_auto/ cp $(PRODUCT_OUT)/upgrade/logo.img $(PRODUCT_OUT)/fastboot_auto/ ifeq ($(AB_OTA_UPDATER),true) @@ -582,6 +641,9 @@ ifneq ($(INSTALLED_AMLOGIC_BOOTLOADER_TARGET),) mkdir -p $(AML_TARGET)/IMAGES cp $(INSTALLED_AMLOGIC_BOOTLOADER_TARGET) $(AML_TARGET)/IMAGES/bootloader.img endif +ifeq ($(PRODUCT_SABRINA_SECURE_BOOT),true) + cp $(PRODUCT_OUT)/bootloader.img.encrypt $(AML_TARGET)/IMAGES/bootloader.img +endif ifneq ($(INSTALLED_AML_LOGO),) @echo "copy $(INSTALLED_AML_LOGO)" mkdir -p $(AML_TARGET)/IMAGES |