From 2b9be0d6c60df895f1e09723bcbc4075def40b4d Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Tue, 19 Jul 2022 03:17:51 +0800 Subject: [PATCH 01/37] Remove old usb installer zip image before a new zip Tracked-On: OAM-102953 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 2fcae357..36ad0bcd 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -412,7 +412,8 @@ usb_image: flashfiles $(hide)mcopy -Q -i $(BOOT_IMG) $(PRODUCT_OUT)/efi_images_tmp/* ::; $(hide)dd if=$(BOOT_IMG) of=$(USB_INSTALL_IMG) bs=512 seek=2048 conv=notrunc; @echo "Zipping USB installer image $(USB_INSTALL_IMG_ZIP) ..." - $(hide)zip -r $(USB_INSTALL_IMG_ZIP) $(USB_INSTALL_IMG) + $(hide)rm -rf $(USB_INSTALL_IMG_ZIP) + $(hide)zip -r -j $(USB_INSTALL_IMG_ZIP) $(USB_INSTALL_IMG) $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(BOOT_IMG) From 7762ab0def8f655647510d71e56ca85167bb487a Mon Sep 17 00:00:00 2001 From: swaroopb Date: Thu, 21 Jul 2022 09:49:09 +0530 Subject: [PATCH 02/37] remove unwanted file from caas-use Tracked-On: OAM-102944 Signed-off-by: swaroopb --- tasks/flashfiles.mk | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 36ad0bcd..3e3ae9b8 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -288,16 +288,16 @@ flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKA ifneq (,$(wildcard vendor/intel/utils_vertical)) ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) @echo "vertical_keybox_provisioning included" - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip *provisioning + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip *provisioning else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip endif else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) - $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/*-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files + $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @echo "Release files are published" ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) @@ -334,16 +334,16 @@ flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_mkdir_dest publish_vertic ifneq (,$(wildcard vendor/intel/utils_vertical)) ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) @echo "vertical_keybox_provisioning included" - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip *provisioning + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip *provisioning else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip endif else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches *-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) - $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/*-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files + $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @echo "Release files are published" ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) From cb39fe8b3b3a6504759a1dbbebdc30477eb33fc2 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Wed, 7 Sep 2022 14:53:40 +0800 Subject: [PATCH 03/37] Make celadon as ISO file format image Support build celadon images as ISO format. The image is ISO format bootable image which can be burned to a bootable CD/DVD or clone to USB pendrive. The image can be flashed to CIV and BM. It is independence on UEFI Shell. Tracked-On: OAM-103805 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 85 ++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 32 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 3e3ae9b8..86f7c528 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -374,18 +374,29 @@ publish_ifwi: @echo "Warning: Unable to fulfill publish_ifwi makefile request" endif -.PHONY: usb_image +.PHONY: civ_iso -USB_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-usb-install-$(TARGET_BUILD_VARIANT).img -USB_INSTALL_IMG_ZIP = $(USB_INSTALL_IMG).zip -BOOT_IMG = $(PRODUCT_OUT)/efi_tmp.img +ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(TARGET_BUILD_VARIANT).iso +ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip +ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz +ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi -usb_image: flashfiles - @echo "Generating USB installer image $(USB_INSTALL_IMG) ..." - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ - @$(hide)unzip $(PRODUCT_OUT)/caas*-flashfiles-*.zip -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null +civ_iso: flashfiles + @echo "Generating ISO image $(ISO_INSTALL_IMG) ..."; + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/releasefile_tmp; + $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_ZIP) + $(hide)mkdir -p $(PRODUCT_OUT)/releasefile_tmp; + $(hide)mkdir -p $(PRODUCT_OUT)/efi_images_tmp; - G_size=`echo "$$((1 << 32))"`;\ + $(hide)tar -xvzf $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz -C $(PRODUCT_OUT)/releasefile_tmp >/dev/null; + $(hide)unzip $(PRODUCT_OUT)/releasefile_tmp/*-flashfiles-*.zip -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; + $(hide)rm $(PRODUCT_OUT)/releasefile_tmp/$(TARGET_PRODUCT)-flashfiles*; + + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/system.img; + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/vendor.img; + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/product.img; + + G_size=`echo "$$((1 << 32))"`; \ for img in `ls $(PRODUCT_OUT)/efi_images_tmp/`;do \ size=`stat -c %s $(PRODUCT_OUT)/efi_images_tmp/$${img}`; \ if [[ $${size} -gt $${G_size} ]]; then \ @@ -395,26 +406,36 @@ usb_image: flashfiles fi;\ done; - $(hide)rm -rf $(USB_INSTALL_IMG) $(BOOT_IMG) $(PRODUCT_OUT)/efi_images_tmp/system.img; \ - flashfile_size=`du -sh ${PRODUCT_OUT}/efi_images_tmp/ | awk '{print $$1}'`; \ - flashfile_size=`echo $${flashfile_size} | cut -d '.' -f1`; \ - flashfile_size=`expr $${flashfile_size} + 1`; \ - total_count=`expr 16 \* $${flashfile_size} + 16`; \ - dd if=/dev/zero of=$(USB_INSTALL_IMG) bs=63M count=$${total_count}; \ - sgdisk --new EFI::+$${flashfile_size}G --typecode EFI:ef00 --change-name=EFI:'EFI System' $(USB_INSTALL_IMG) > /dev/null; \ - flashfile_count=$(shell expr $${flashfile_size} \* 1024 \* 1024 \* 1024 \/ 512); \ - dd if=/dev/zero of=$(BOOT_IMG) bs=512 count=$${flashfile_count}; - - $(hide)mkdosfs -F32 -n EFI $(BOOT_IMG); - $(hide)mmd -i $(BOOT_IMG) ::EFI; - $(hide)mmd -i $(BOOT_IMG) ::EFI/BOOT; - $(hide)mcopy -Q -i $(BOOT_IMG) $(PRODUCT_OUT)/efi_images_tmp/installer.efi ::EFI/BOOT/bootx64.efi; - $(hide)mcopy -Q -i $(BOOT_IMG) $(PRODUCT_OUT)/efi_images_tmp/* ::; - $(hide)dd if=$(BOOT_IMG) of=$(USB_INSTALL_IMG) bs=512 seek=2048 conv=notrunc; - @echo "Zipping USB installer image $(USB_INSTALL_IMG_ZIP) ..." - $(hide)rm -rf $(USB_INSTALL_IMG_ZIP) - $(hide)zip -r -j $(USB_INSTALL_IMG_ZIP) $(USB_INSTALL_IMG) - - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(BOOT_IMG) - - @echo "make USB installer image done ---" + $(hide)rm -rf $(ISO_EFI); \ + flashfile_size=`du -s ${PRODUCT_OUT}/efi_images_tmp/ | awk '{print $$1}'`; \ + flashfile_size=`expr $${flashfile_size} + 102400`; \ + flashfile_size=`expr $${flashfile_size} / 63 + 1 `; \ + flashfile_size=`expr $${flashfile_size} \* 63 `; \ + dd if=/dev/zero of=$(ISO_EFI) bs=1024 count=$${flashfile_size}; + + $(hide)mkdosfs -F32 -n EFI $(ISO_EFI); + $(hide)mmd -i $(ISO_EFI) ::EFI; + $(hide)mmd -i $(ISO_EFI) ::EFI/BOOT; + $(hide)mcopy -Q -i $(ISO_EFI) $(PRODUCT_OUT)/efi_images_tmp/installer.efi ::EFI/BOOT/bootx64.efi; + $(hide)mcopy -Q -i $(ISO_EFI) $(PRODUCT_OUT)/efi_images_tmp/* ::; + + $(hide)rm -rf $(PRODUCT_OUT)/iso + $(hide)mkdir -p $(PRODUCT_OUT)/iso + $(hide)xorriso -as mkisofs -iso-level 3 -r -V "Civ ISO" -J -joliet-long -append_partition 2 0xef $(ISO_EFI) \ + -partition_cyl_align all -o $(ISO_INSTALL_IMG) $(PRODUCT_OUT)/iso/ + + @echo "Zipping ISO image $(ISO_INSTALL_IMG_ZIP) ..." + $(hide)zip -r -j $(ISO_INSTALL_IMG_ZIP) $(ISO_INSTALL_IMG) + + @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." + $(hide)rm -rf $(ISO_RELEASE_TAR) + $(hide)cp $(ISO_INSTALL_IMG) $(PRODUCT_OUT)/releasefile_tmp + $(hide)tar --exclude=*.git -czf $(ISO_RELEASE_TAR) -C $(PRODUCT_OUT)/releasefile_tmp/ . + + @echo "make ISO image done ---" + $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) + $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) + + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/releasefile_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) + + @echo "ISO Release files are published" From fca3afb0d9c30d1ce554da13171f9e9dce293120 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Wed, 14 Sep 2022 14:22:03 +0800 Subject: [PATCH 04/37] Change ISO build target from civ_iso to iso civ is default name Tracked-On: OAM-103807 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 86f7c528..5728d4ce 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -374,14 +374,14 @@ publish_ifwi: @echo "Warning: Unable to fulfill publish_ifwi makefile request" endif -.PHONY: civ_iso +.PHONY: iso ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(TARGET_BUILD_VARIANT).iso ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi -civ_iso: flashfiles +iso: flashfiles @echo "Generating ISO image $(ISO_INSTALL_IMG) ..."; $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/releasefile_tmp; $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_ZIP) From 365a4d32ed772befae8962272cd77c78352f1e92 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Tue, 20 Sep 2022 22:01:32 +0800 Subject: [PATCH 05/37] Remove unnecessary images from flashfiles.zip and change iso target 1. system.img vendor.img and product.img are covered by super.img, remove them to reduce image size 2. iso images will be generate while executing "make flashfiles" Tracked-On: OAM-104014 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 57 +++++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 5728d4ce..f455eade 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -40,6 +40,7 @@ tos_image := none endif $(gpt_name):$(BUILT_RELEASE_FLASH_FILES_PACKAGE) + rm -rf $(GPT_DIR) mkdir -p $(GPT_DIR) unzip $< -d $(GPT_DIR) $(SIMG2IMG) $(GPT_DIR)/super.img $(GPT_DIR)/super.img.raw @@ -65,6 +66,8 @@ $(gpt_name):$(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_SUPER_IMAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(BUILT_RELEASE_SUPER_IMAGE) $(BUILT_RELEASE_TARGET_FILES_PACKAGE) $@ + #remove system.img vendor.img product.img from flashfiles.zip + $(hide)zip -d $@ "system.img" "product.img" "vendor.img"; else $(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) @@ -138,6 +141,8 @@ ifeq ($(SUPER_IMG_IN_FLASHZIP),true) $(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(INTERNAL_SUPERIMAGE_DIST_TARGET) $(hide) mkdir -p $(dir $@) $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(INTERNAL_SUPERIMAGE_DIST_TARGET) $(BUILT_TARGET_FILES_PACKAGE) $@ + #remove system.img vendor.img product.img from flashfiles.zip + $(hide)zip -d $@ "system.img" "product.img" "vendor.img"; else $(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) @@ -271,6 +276,15 @@ publish_vertical: $(hide) rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files endif +ifeq ($(RELEASE_BUILD),true) +ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-sign-flashfile-$(FILE_NAME_TAG).iso +else +ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(FILE_NAME_TAG).iso +endif +ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip +ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz +ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi + LOCAL_TOOL:= \ PATH="/bin:$$PATH" @@ -278,7 +292,7 @@ LOCAL_TOOL:= \ ifeq ($(RELEASE_BUILD),true) flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(gpt_name) publish_mkdir_dest publish_vertical host-pkg @$(ACP) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(publish_dest) - @echo "Publishing Release files started" + @echo "Publishing Release files started ..." $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/scripts $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -297,7 +311,6 @@ else endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) - $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @echo "Release files are published" ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) @@ -343,7 +356,6 @@ else endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) - $(hide) rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @echo "Release files are published" ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) @@ -374,28 +386,17 @@ publish_ifwi: @echo "Warning: Unable to fulfill publish_ifwi makefile request" endif -.PHONY: iso - -ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(TARGET_BUILD_VARIANT).iso -ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip -ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz -ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi - -iso: flashfiles @echo "Generating ISO image $(ISO_INSTALL_IMG) ..."; - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/releasefile_tmp; + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/; $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_ZIP) - $(hide)mkdir -p $(PRODUCT_OUT)/releasefile_tmp; $(hide)mkdir -p $(PRODUCT_OUT)/efi_images_tmp; - $(hide)tar -xvzf $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz -C $(PRODUCT_OUT)/releasefile_tmp >/dev/null; - $(hide)unzip $(PRODUCT_OUT)/releasefile_tmp/*-flashfiles-*.zip -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; - $(hide)rm $(PRODUCT_OUT)/releasefile_tmp/$(TARGET_PRODUCT)-flashfiles*; - - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/system.img; - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/vendor.img; - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/product.img; +ifeq ($(RELEASE_BUILD),true) + $(hide)unzip $(BUILT_RELEASE_FLASH_FILES_PACKAGE) -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; +else + $(hide)unzip $(INTEL_FACTORY_FLASHFILES_TARGET) -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; +endif G_size=`echo "$$((1 << 32))"`; \ for img in `ls $(PRODUCT_OUT)/efi_images_tmp/`;do \ size=`stat -c %s $(PRODUCT_OUT)/efi_images_tmp/$${img}`; \ @@ -429,13 +430,23 @@ iso: flashfiles @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." $(hide)rm -rf $(ISO_RELEASE_TAR) - $(hide)cp $(ISO_INSTALL_IMG) $(PRODUCT_OUT)/releasefile_tmp - $(hide)tar --exclude=*.git -czf $(ISO_RELEASE_TAR) -C $(PRODUCT_OUT)/releasefile_tmp/ . + $(hide)cp $(ISO_INSTALL_IMG) $(TOP)/ +ifneq (,$(wildcard vendor/intel/utils_vertical)) +ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) + @echo "vertical_keybox_provisioning included" + $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso *provisioning +else + $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso +endif +else + $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso +endif @echo "make ISO image done ---" $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) - $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/releasefile_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) + $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) + $(hide)rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(TOP)/*-flashfile-*.iso @echo "ISO Release files are published" From 603e1ab1953c803e7685cd3a1f3ebb15b1c337e4 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Mon, 26 Sep 2022 21:27:03 +0800 Subject: [PATCH 06/37] Gptimage will not be built by default Remove caas.img/caas.img.gz from the CIV build and create new make command for Users in need. Right now each and every build generates caas.img as part of build process and it is uploaded to artifactory, consuming space and processing time. Since not all users need it, we can allow it to be created only as part of additional make commands that user can pass while running an engineering build. This should improve build time in CI and friendly to developer. Developer can use "make publish_gptimage" to generate caas.img.gz Tracked-On: OAM-104383 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 11 ++++++++++- tasks/publish.mk | 13 +++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index f455eade..4c80b78d 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -39,6 +39,7 @@ ifeq ($(tos_bin),none) tos_image := none endif +ifeq ($(BUILD_GPTIMAGE), true) $(gpt_name):$(BUILT_RELEASE_FLASH_FILES_PACKAGE) rm -rf $(GPT_DIR) mkdir -p $(GPT_DIR) @@ -62,6 +63,10 @@ $(gpt_name):$(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(hide) rm -f $@.gz $(hide) gzip -f $@ $(hide) rm -rf $(GPT_DIR) +else +$(gpt_name): + @echo "skip build gptimages" +endif $(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_SUPER_IMAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) @@ -318,7 +323,9 @@ ifneq (,$(wildcard out/dist)) $(hide)rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/ $(hide)rm -rf $(PRODUCT_OUT)/RELEASE $(hide)mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb +ifeq ($(BUILD_GPTIMAGE), true) $(hide)cp -r $(PRODUCT_OUT)/release_sign/caas*.img.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb +endif $(hide)mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/DEBIAN $(hide)cp -r device/intel/mixins/groups/device-specific/caas_dev/addon/debian/* $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/DEBIAN/ $(hide)cp -r $(PRODUCT_OUT)/scripts $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb @@ -336,7 +343,7 @@ else $(hide)rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release endif else -flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_mkdir_dest publish_vertical host-pkg +flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_gptimage_var publish_mkdir_dest publish_vertical host-pkg @echo "Publishing Release files started" $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -363,7 +370,9 @@ ifneq (,$(wildcard out/dist)) $(hide)rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/ $(hide)rm -rf $(PRODUCT_OUT)/RELEASE $(hide)mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb +ifeq ($(BUILD_GPTIMAGE), true) $(hide)cp -r $(PRODUCT_OUT)/caas*.img.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb +endif $(hide)mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/DEBIAN $(hide)cp -r device/intel/mixins/groups/device-specific/caas_dev/addon/debian/* $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/DEBIAN/ $(hide)cp -r $(PRODUCT_OUT)/scripts $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release/Release_Deb diff --git a/tasks/publish.mk b/tasks/publish.mk index 080b73a7..d4c981e9 100644 --- a/tasks/publish.mk +++ b/tasks/publish.mk @@ -170,6 +170,15 @@ publish_gptimage: @echo "Warning: Unable to fulfill publish_gptimage makefile request" endif # GPTIMAGE_BIN +.PHONY: publish_gptimage_var +ifeq ($(BUILD_GPTIMAGE), true) +publish_gptimage_var: publish_gptimage + @echo "building gptimages ..." +else # GPTIMAGE_BIN is not defined +publish_gptimage_var: + @echo "skip build gptimage" +endif # GPTIMAGE_BIN + .PHONY: publish_androidia_image ifdef ANDROID_IA_IMAGE publish_androidia_image: publish_mkdir_dest $(ANDROID_IA_IMAGE) @@ -225,7 +234,7 @@ publish_windows_tools: $(PLATFORM_RMA_TOOLS_CROSS_ZIP) @$(hide) mkdir -p $(publish_tool_destw) @$(hide) $(ACP) $(PLATFORM_RMA_TOOLS_CROSS_ZIP) $(publish_tool_destw) else -publish_ci: publish_liveimage publish_ota_flashfile publish_gptimage publish_grubinstaller publish_ifwi publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) $(PUB_CMCC_ZIP) +publish_ci: publish_liveimage publish_ota_flashfile publish_gptimage_var publish_grubinstaller publish_ifwi publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) $(PUB_CMCC_ZIP) $(if $(wildcard $(publish_dest)), \ $(foreach f,$(PUBLISH_CI_FILES), \ $(if $(wildcard $(f)),$(ACP) $(f) $(publish_dest);,)),) @@ -277,6 +286,6 @@ publish: aic $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp $(PRODUCT_OUT)/$(TARGET_AIC_FILE_NAME) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) else # ANDROID_AS_GUEST -publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4abl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller +publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage_var publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4abl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller @$(ACP) out/dist/* $(publish_dest) endif # ANDROID_AS_GUEST From e10b11363786873feff9515475085f567344b5e8 Mon Sep 17 00:00:00 2001 From: Marichandran <116162409+Marichandran@users.noreply.github.com> Date: Wed, 29 Mar 2023 14:28:14 +0530 Subject: [PATCH 07/37] Updated Runchecks script --- .github/workflows/Runchecks.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Runchecks.yaml b/.github/workflows/Runchecks.yaml index 63e287c4..f4f51242 100644 --- a/.github/workflows/Runchecks.yaml +++ b/.github/workflows/Runchecks.yaml @@ -10,8 +10,9 @@ on: branches: "**" jobs: TriggerWorkfows: - uses: projectceladon/celadonworkflows/.github/workflows/Triggerall.yml@main + uses: projectceladon/celadonworkflows/.github/workflows/Triggerall.yml@github-workflows-text with: PR_EVENT: ${{ github.event.action }} PR_URL: https://github.com/${{github.repository}}/pull/${{ github.event.pull_request.number }} PR_LABEL: ${{ github.event.label.name }} + EVENT: ${{ toJSON(github.event) }} From 290175c4c21fdc1456d2bba853510be24a0592b4 Mon Sep 17 00:00:00 2001 From: "Mastan, ShaikX Shahbaz" Date: Tue, 25 Apr 2023 15:13:37 +0530 Subject: [PATCH 08/37] Added Github Workflows --- .github/workflows/run_ci_checks.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/run_ci_checks.yaml diff --git a/.github/workflows/run_ci_checks.yaml b/.github/workflows/run_ci_checks.yaml new file mode 100644 index 00000000..5fe53af7 --- /dev/null +++ b/.github/workflows/run_ci_checks.yaml @@ -0,0 +1,15 @@ +--- +name: Run CI checks + +on: + pull_request: + types: [opened, synchronize, reopened, labeled] + branches: "**" + pull_request_review: + types: [submitted] + branches: "**" +jobs: + TriggerWorkfows: + uses: projectceladon/celadonworkflows/.github/workflows/trigger_ci.yml@v1.0 + with: + EVENT: ${{ toJSON(github.event) }} From e3b56e065247cfc29dcfaffaac81170233440f67 Mon Sep 17 00:00:00 2001 From: "Mastan, ShaikX Shahbaz" Date: Fri, 2 Jun 2023 15:26:20 +0530 Subject: [PATCH 09/37] Added Github Workflows --- .github/workflows/run_ci_checks.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_ci_checks.yaml b/.github/workflows/run_ci_checks.yaml index 5fe53af7..38c38464 100644 --- a/.github/workflows/run_ci_checks.yaml +++ b/.github/workflows/run_ci_checks.yaml @@ -3,10 +3,10 @@ name: Run CI checks on: pull_request: - types: [opened, synchronize, reopened, labeled] + types: "**" branches: "**" pull_request_review: - types: [submitted] + types: "**" branches: "**" jobs: TriggerWorkfows: From feac8fd53d1f2575320c4ff77b0e684ee5bba39c Mon Sep 17 00:00:00 2001 From: "Mastan, ShaikX Shahbaz" Date: Fri, 2 Jun 2023 15:26:22 +0530 Subject: [PATCH 10/37] Added Github Workflows --- .github/workflows/Runchecks.yaml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .github/workflows/Runchecks.yaml diff --git a/.github/workflows/Runchecks.yaml b/.github/workflows/Runchecks.yaml deleted file mode 100644 index f4f51242..00000000 --- a/.github/workflows/Runchecks.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Run CheckApproval CheckBug CheckLint tasks - -on: - pull_request: - types: [opened, synchronize, reopened, labeled] - branches: "**" - pull_request_review: - types: [submitted] - branches: "**" -jobs: - TriggerWorkfows: - uses: projectceladon/celadonworkflows/.github/workflows/Triggerall.yml@github-workflows-text - with: - PR_EVENT: ${{ github.event.action }} - PR_URL: https://github.com/${{github.repository}}/pull/${{ github.event.pull_request.number }} - PR_LABEL: ${{ github.event.label.name }} - EVENT: ${{ toJSON(github.event) }} From 0dfa59593f6b9d06082f1ebcf7e8086aea5ff74b Mon Sep 17 00:00:00 2001 From: swaroopb Date: Tue, 13 Jun 2023 09:39:12 +0530 Subject: [PATCH 11/37] Copy License file for device-intel-build Tracked-On: OAM-110714 Signed-off-by: swaroopb --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..157b6ab3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From a1aedee5c7a59097dd13e4434b5b8cd648c6f0a6 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Fri, 16 Jun 2023 20:48:18 +0800 Subject: [PATCH 12/37] Add scripts that build ELF as container image The image started by SBL OSloader payload should be signed as container format Tracked-On: OAM-110589 Signed-off-by: Chen, Gang G --- containertool/CommonUtility.py | 456 +++++++++++++ containertool/GenContainer.py | 884 ++++++++++++++++++++++++++ containertool/SingleSign.py | 301 +++++++++ testkeys/OS1_TestKey_Priv_RSA2048.pem | 27 + 4 files changed, 1668 insertions(+) create mode 100644 containertool/CommonUtility.py create mode 100755 containertool/GenContainer.py create mode 100644 containertool/SingleSign.py create mode 100644 testkeys/OS1_TestKey_Priv_RSA2048.pem diff --git a/containertool/CommonUtility.py b/containertool/CommonUtility.py new file mode 100644 index 00000000..d1cce6a4 --- /dev/null +++ b/containertool/CommonUtility.py @@ -0,0 +1,456 @@ +#!/usr/bin/env python +## @ CommonUtility.py +# Common utility script +# +# Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +## +# Import Modules +# +import os +import sys +import re +import shutil +import subprocess +import struct +import hashlib +import string +from ctypes import * +from functools import reduce +from importlib.machinery import SourceFileLoader +from SingleSign import * + + +# Key types defined should match with cryptolib.h +PUB_KEY_TYPE = { + # key_type : key_val + "RSA" : 1, + "ECC" : 2, + "DSA" : 3, + } + +# Signing type schemes defined should match with cryptolib.h +SIGN_TYPE_SCHEME = { + # sign_type : key_val + "RSA_PKCS1" : 1, + "RSA_PSS" : 2, + "ECC" : 3, + "DSA" : 4, + } + +# Hash values defined should match with cryptolib.h +HASH_TYPE_VALUE = { + # Hash_string : Hash_Value + "SHA2_256" : 1, + "SHA2_384" : 2, + "SHA2_512" : 3, + "SM3_256" : 4, + } + +# Hash values defined should match with cryptolib.h +HASH_VAL_STRING = dict(map(reversed, HASH_TYPE_VALUE.items())) + +AUTH_TYPE_HASH_VALUE = { + # Auth_type : Hash_type + "SHA2_256" : 1, + "SHA2_384" : 2, + "SHA2_512" : 3, + "SM3_256" : 4, + "RSA2048SHA256" : 1, + "RSA3072SHA384" : 2, + } + +HASH_DIGEST_SIZE = { + # Hash_string : Hash_Size + "SHA2_256" : 32, + "SHA2_384" : 48, + "SHA2_512" : 64, + "SM3_256" : 32, + } + +class PUB_KEY_HDR (Structure): + _pack_ = 1 + _fields_ = [ + ('Identifier', ARRAY(c_char, 4)), #signature ('P', 'U', 'B', 'K') + ('KeySize', c_uint16), #Length of Public Key + ('KeyType', c_uint8), #RSA or ECC + ('Reserved', ARRAY(c_uint8, 1)), + ('KeyData', ARRAY(c_uint8, 0)), #Pubic key data with KeySize bytes for RSA_KEY() format + ] + + def __init__(self): + self.Identifier = b'PUBK' + +class SIGNATURE_HDR (Structure): + _pack_ = 1 + _fields_ = [ + ('Identifier', ARRAY(c_char, 4)), #signature Identifier('S', 'I', 'G', 'N') + ('SigSize', c_uint16), #Length of signature 2K and 3K in bytes + ('SigType', c_uint8), #PKCSv1.5 or RSA-PSS or ECC + ('HashAlg', c_uint8), #Hash Alg for signingh SHA256, 384 + ('Signature', ARRAY(c_uint8, 0)), #Signature length defined by SigSize bytes + ] + + def __init__(self): + self.Identifier = b'SIGN' + +class LZ_HEADER(Structure): + _pack_ = 1 + _fields_ = [ + ('signature', ARRAY(c_char, 4)), + ('compressed_len', c_uint32), + ('length', c_uint32), + ('version', c_uint16), + ('svn', c_uint8), + ('attribute', c_uint8) + ] + _compress_alg = { + b'LZDM' : 'Dummy', + b'LZ4 ' : 'Lz4', + b'LZMA' : 'Lzma', + } + +def print_bytes (data, indent=0, offset=0, show_ascii = False): + bytes_per_line = 16 + printable = ' ' + string.ascii_letters + string.digits + string.punctuation + str_fmt = '{:s}{:04x}: {:%ds} {:s}' % (bytes_per_line * 3) + bytes_per_line + data_array = bytearray(data) + for idx in range(0, len(data_array), bytes_per_line): + hex_str = ' '.join('%02X' % val for val in data_array[idx:idx + bytes_per_line]) + asc_str = ''.join('%c' % (val if (chr(val) in printable) else '.') + for val in data_array[idx:idx + bytes_per_line]) + print (str_fmt.format(indent * ' ', offset + idx, hex_str, ' ' + asc_str if show_ascii else '')) + +def get_bits_from_bytes (bytes, start, length): + if length == 0: + return 0 + byte_start = (start) // 8 + byte_end = (start + length - 1) // 8 + bit_start = start & 7 + mask = (1 << length) - 1 + val = bytes_to_value (bytes[byte_start:byte_end + 1]) + val = (val >> bit_start) & mask + return val + +def set_bits_to_bytes (bytes, start, length, bvalue): + if length == 0: + return + byte_start = (start) // 8 + byte_end = (start + length - 1) // 8 + bit_start = start & 7 + mask = (1 << length) - 1 + val = bytes_to_value (bytes[byte_start:byte_end + 1]) + val &= ~(mask << bit_start) + val |= ((bvalue & mask) << bit_start) + bytes[byte_start:byte_end+1] = value_to_bytearray (val, byte_end + 1 - byte_start) + +def value_to_bytes (value, length): + return value.to_bytes(length, 'little') + +def bytes_to_value (bytes): + return int.from_bytes (bytes, 'little') + +def value_to_bytearray (value, length): + return bytearray(value_to_bytes(value, length)) + +def value_to_bytearray (value, length): + return bytearray(value_to_bytes(value, length)) + +def get_aligned_value (value, alignment = 4): + if alignment != (1 << (alignment.bit_length() - 1)): + raise Exception ('Alignment (0x%x) should to be power of 2 !' % alignment) + value = (value + (alignment - 1)) & ~(alignment - 1) + return value + +def get_padding_length (data_len, alignment = 4): + new_data_len = get_aligned_value (data_len, alignment) + return new_data_len - data_len + +def get_file_data (file, mode = 'rb'): + return open(file, mode).read() + +def gen_file_from_object (file, object): + open (file, 'wb').write(object) + +def gen_file_with_size (file, size): + open (file, 'wb').write(b'\xFF' * size); + +def check_files_exist (base_name_list, dir = '', ext = ''): + for each in base_name_list: + if not os.path.exists (os.path.join (dir, each + ext)): + return False + return True + +def load_source (name, filepath): + mod = SourceFileLoader (name, filepath).load_module() + return mod + +def get_openssl_path (): + if os.name == 'nt': + if 'OPENSSL_PATH' not in os.environ: + openssl_dir = "C:\\Openssl\\bin\\" + if os.path.exists (openssl_dir): + os.environ['OPENSSL_PATH'] = openssl_dir + else: + os.environ['OPENSSL_PATH'] = "C:\\Openssl\\" + if 'OPENSSL_CONF' not in os.environ: + openssl_cfg = "C:\\Openssl\\openssl.cfg" + if os.path.exists(openssl_cfg): + os.environ['OPENSSL_CONF'] = openssl_cfg + openssl = os.path.join(os.environ.get ('OPENSSL_PATH', ''), 'openssl.exe') + else: + # Get openssl path for Linux cases + openssl = shutil.which('openssl') + + return openssl + +def run_process (arg_list, print_cmd = False, capture_out = False): + sys.stdout.flush() + if os.name == 'nt' and os.path.splitext(arg_list[0])[1] == '' and \ + os.path.exists (arg_list[0] + '.exe'): + arg_list[0] += '.exe' + if print_cmd: + print (' '.join(arg_list)) + + exc = None + result = 0 + output = '' + try: + if capture_out: + output = subprocess.check_output(arg_list).decode() + else: + result = subprocess.call (arg_list) + except Exception as ex: + result = 1 + exc = ex + + if result: + if not print_cmd: + print ('Error in running process:\n %s' % ' '.join(arg_list)) + if exc is None: + sys.exit(1) + else: + raise exc + + return output + +# Adjust hash type algorithm based on Public key file +def adjust_hash_type (pub_key_file): + key_type = get_key_type (pub_key_file) + if key_type == 'RSA2048': + hash_type = 'SHA2_256' + elif key_type == 'RSA3072': + hash_type = 'SHA2_384' + else: + hash_type = None + + return hash_type + +def rsa_sign_file (priv_key, pub_key, hash_type, sign_scheme, in_file, out_file, inc_dat = False, inc_key = False): + + bins = bytearray() + if inc_dat: + bins.extend(get_file_data(in_file)) + + single_sign_file(priv_key, hash_type, sign_scheme, in_file, out_file) + + out_data = get_file_data(out_file) + + sign = SIGNATURE_HDR() + sign.SigSize = len(out_data) + sign.SigType = SIGN_TYPE_SCHEME[sign_scheme] + sign.HashAlg = HASH_TYPE_VALUE[hash_type] + + bins.extend(bytearray(sign) + out_data) + if inc_key: + key = gen_pub_key (priv_key, pub_key) + bins.extend(key) + + if len(bins) != len(out_data): + gen_file_from_object (out_file, bins) + +def get_key_type (in_key): + + # Check in_key is file or key Id + if not os.path.exists(in_key): + key = bytearray(gen_pub_key (in_key)) + else: + # Check for public key in binary format. + key = bytearray(get_file_data(in_key)) + + pub_key_hdr = PUB_KEY_HDR.from_buffer(key) + if pub_key_hdr.Identifier != b'PUBK': + pub_key = gen_pub_key (in_key) + pub_key_hdr = PUB_KEY_HDR.from_buffer(pub_key) + + key_type = next((key for key, value in PUB_KEY_TYPE.items() if value == pub_key_hdr.KeyType)) + return '%s%d' % (key_type, (pub_key_hdr.KeySize - 4) * 8) + + +def get_auth_hash_type (key_type, sign_scheme): + if key_type == "RSA2048" and sign_scheme == "RSA_PKCS1": + hash_type = 'SHA2_256' + auth_type = 'RSA2048_PKCS1_SHA2_256' + elif key_type == "RSA3072" and sign_scheme == "RSA_PKCS1": + hash_type = 'SHA2_384' + auth_type = 'RSA3072_PKCS1_SHA2_384' + elif key_type == "RSA2048" and sign_scheme == "RSA_PSS": + hash_type = 'SHA2_256' + auth_type = 'RSA2048_PSS_SHA2_256' + elif key_type == "RSA3072" and sign_scheme == "RSA_PSS": + hash_type = 'SHA2_384' + auth_type = 'RSA3072_PSS_SHA2_384' + else: + hash_type = '' + auth_type = '' + return auth_type, hash_type + +def gen_pub_key (in_key, pub_key = None): + + keydata = single_sign_gen_pub_key (in_key, pub_key) + + publickey = PUB_KEY_HDR() + publickey.KeySize = len(keydata) + publickey.KeyType = PUB_KEY_TYPE['RSA'] + + key = bytearray(publickey) + keydata + + if pub_key: + gen_file_from_object (pub_key, key) + + return key + +def decompress (in_file, out_file, tool_dir = ''): + if not os.path.isfile(in_file): + raise Exception ("Invalid input file '%s' !" % in_file) + + # Remove the Lz Header + fi = open(in_file,'rb') + di = bytearray(fi.read()) + fi.close() + + lz_hdr = LZ_HEADER.from_buffer (di) + offset = sizeof (lz_hdr) + if lz_hdr.signature == b"LZDM" or lz_hdr.compressed_len == 0: + fo = open(out_file,'wb') + fo.write(di[offset:offset + lz_hdr.compressed_len]) + fo.close() + return + + temp = os.path.splitext(out_file)[0] + '.tmp' + if lz_hdr.signature == b"LZMA": + alg = "Lzma" + elif lz_hdr.signature == b"LZ4 ": + alg = "Lz4" + else: + raise Exception ("Unsupported compression '%s' !" % lz_hdr.signature) + + fo = open(temp, 'wb') + fo.write(di[offset:offset + lz_hdr.compressed_len]) + fo.close() + + compress_tool = "%sCompress" % alg + if alg == "Lz4": + try: + cmdline = [ + os.path.join (tool_dir, compress_tool), + "-d", + "-o", out_file, + temp] + run_process (cmdline, False, True) + except: + print("Could not find/use CompressLz4 tool, trying with python lz4...") + try: + import lz4.block + if lz4.VERSION != '3.1.1': + print("Recommended lz4 module version is '3.1.1', '%s' is currently installed." % lz4.VERSION) + except ImportError: + print("Could not import lz4, use 'python -m pip install lz4==3.1.1' to install it.") + exit(1) + decompress_data = lz4.block.decompress(get_file_data(temp)) + with open(out_file, "wb") as lz4bin: + lz4bin.write(decompress_data) + else: + cmdline = [ + os.path.join (tool_dir, compress_tool), + "-d", + "-o", out_file, + temp] + run_process (cmdline, False, True) + os.remove(temp) + +def compress (in_file, alg, svn=0, out_path = '', tool_dir = ''): + if not os.path.isfile(in_file): + raise Exception ("Invalid input file '%s' !" % in_file) + + basename, ext = os.path.splitext(os.path.basename (in_file)) + if out_path: + if os.path.isdir (out_path): + out_file = os.path.join(out_path, basename + '.lz') + else: + out_file = os.path.join(out_path) + else: + out_file = os.path.splitext(in_file)[0] + '.lz' + + if alg == "Lzma": + sig = "LZMA" + elif alg == "Tiano": + sig = "LZUF" + elif alg == "Lz4": + sig = "LZ4 " + elif alg == "Dummy": + sig = "LZDM" + else: + raise Exception ("Unsupported compression '%s' !" % alg) + + in_len = os.path.getsize(in_file) + if in_len > 0: + compress_tool = "%sCompress" % alg + if sig == "LZDM": + shutil.copy(in_file, out_file) + compress_data = get_file_data(out_file) + elif sig == "LZ4 ": + try: + cmdline = [ + os.path.join (tool_dir, compress_tool), + "-e", + "-o", out_file, + in_file] + run_process (cmdline, False, True) + compress_data = get_file_data(out_file) + except: + print("Could not find/use CompressLz4 tool, trying with python lz4...") + try: + import lz4.block + if lz4.VERSION != '3.1.1': + print("Recommended lz4 module version is '3.1.1', '%s' is currently installed." % lz4.VERSION) + except ImportError: + print("Could not import lz4, use 'python -m pip install lz4==3.1.1' to install it.") + exit(1) + compress_data = lz4.block.compress(get_file_data(in_file), mode='high_compression') + elif sig == "LZMA": + cmdline = [ + os.path.join (tool_dir, compress_tool), + "-e", + "-o", out_file, + in_file] + run_process (cmdline, False, True) + compress_data = get_file_data(out_file) + else: + compress_data = bytearray() + + lz_hdr = LZ_HEADER () + lz_hdr.signature = sig.encode() + lz_hdr.svn = svn + lz_hdr.compressed_len = len(compress_data) + lz_hdr.length = os.path.getsize(in_file) + data = bytearray () + data.extend (lz_hdr) + data.extend (compress_data) + gen_file_from_object (out_file, data) + + return out_file diff --git a/containertool/GenContainer.py b/containertool/GenContainer.py new file mode 100755 index 00000000..98c9f1aa --- /dev/null +++ b/containertool/GenContainer.py @@ -0,0 +1,884 @@ +#!/usr/bin/env python +## @ GenContainer.py +# Tools to operate on a container image +# +# Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +import sys +import argparse +import re +sys.dont_write_bytecode = True +from ctypes import * +from CommonUtility import * + + + +class COMPONENT_ENTRY (Structure): + _pack_ = 1 + _fields_ = [ + ('name', ARRAY(c_char, 4)), # SBL pod entry name + ('offset', c_uint32), # Component offset in byte from the payload (data) ('size', c_uint32), # Region/Component size in byte + ('size', c_uint32), # Region/Component size in byte + ('attribute', c_uint8), # Attribute: BIT7 Reserved component entry + ('alignment', c_uint8), # This image need to be loaded to memory in (1 << Alignment) address + ('auth_type', c_uint8), # Refer AUTH_TYPE_VALUE: 0 - "NONE"; 1- "SHA2_256"; 2- "SHA2_384"; 3- "RSA2048_PKCS1_SHA2_256"; 4 - RSA3072_PKCS1_SHA2_384; + # 5 - RSA2048_PSS_SHA2_256; 6 - RSA3072_PSS_SHA2_384 + ('hash_size', c_uint8) # Hash data size, it could be image hash or public key hash + ] + + _attr = { + 'RESERVED' : 0x80 + } + + def __new__(cls, buf = None): + if buf is None: + return Structure.__new__(cls) + else: + return cls.from_buffer_copy(buf) + + def __init__(self, buf = None): + if buf is None: + self.hash_data = bytearray() + else: + off = sizeof(COMPONENT_ENTRY) + self.hash_data = bytearray(buf[off : off + self.hash_size]) + self.data = bytearray() + self.auth_data = bytearray() + + +class CONTAINER_HDR (Structure): + _pack_ = 1 + _fields_ = [ + ('signature', ARRAY(c_char, 4)), # Identifies structure + ('version', c_uint8), # Header version + ('svn', c_uint8), # Security version number + ('data_offset', c_uint16), # Offset of payload (data) from header in byte + ('data_size', c_uint32), # Size of payload (data) in byte + ('auth_type', c_uint8), # Refer AUTH_TYPE_VALUE: 0 - "NONE"; 1- "SHA2_256"; 2- "SHA2_384"; 3- "RSA2048_PKCS1_SHA2_256"; 4 - RSA3072_PKCS1_SHA2_384; + # 5 - RSA2048_PSS_SHA2_256; 6 - RSA3072_PSS_SHA2_384 + ('image_type', c_uint8), # 0: Normal + ('flags', c_uint8), # BIT0: monolithic signing + ('entry_count', c_uint8), # Number of entry in the header + ] + + _flags = { + 'MONO_SIGNING' : 0x01 + } + + _image_type = { + 'NORMAL' : 0x00, # Used for boot images in FV, regular ELF, PE32, etc. formats + 'CLASSIC' : 0xF3, # Used for booting Linux with bzImage, cmdline, initrd, etc. + 'MULTIBOOT' : 0xF4, # Multiboot compliant ELF images + } + + def __new__(cls, buf = None): + if buf is None: + return Structure.__new__(cls) + else: + return cls.from_buffer_copy(buf) + + def __init__(self, buf = None): + self.priv_key = '' + self.alignment = 0x1000 + self.auth_data = bytearray() + self.comp_entry = [] + + if buf is not None: + # construct CONTAINER_HDR from existing buffer + offset = sizeof(self) + alignment = None + for i in range(self.entry_count): + component = COMPONENT_ENTRY(buf[offset:]) + if alignment is None: + alignment = 1 << component.alignment + offset += (sizeof(component) + component.hash_size) + comp_offset = component.offset + self.data_offset + lz_hdr = LZ_HEADER.from_buffer(bytearray(buf[comp_offset:comp_offset + sizeof(LZ_HEADER)])) + auth_offset = comp_offset + lz_hdr.compressed_len + sizeof(lz_hdr) + component.data = bytearray (buf[comp_offset:auth_offset]) + auth_offset = get_aligned_value (auth_offset, 4) + auth_size = CONTAINER.get_auth_size (component.auth_type, True) + component.auth_data = bytearray (buf[auth_offset:auth_offset + auth_size]) + self.comp_entry.append (component) + auth_size = CONTAINER.get_auth_size (self.auth_type, True) + auth_offset = get_aligned_value (offset, 4) + self.auth_data = bytearray (buf[auth_offset:auth_offset + auth_size]) + if alignment is not None: + self.alignment = alignment + +class CONTAINER (): + _struct_display_indent = 18 + _auth_type_value = { + "NONE" : 0, + "SHA2_256" : 1, + "SHA2_384" : 2, + "RSA2048_PKCS1_SHA2_256" : 3, + "RSA3072_PKCS1_SHA2_384" : 4, + "RSA2048_PSS_SHA2_256" : 5, + "RSA3072_PSS_SHA2_384" : 6, + } + + _auth_to_hashalg_str = { + "NONE" : "NONE", + "SHA2_256" : "SHA2_256", + "SHA2_384" : "SHA2_384", + "RSA2048_PKCS1_SHA2_256" : "SHA2_256", + "RSA3072_PKCS1_SHA2_384" : "SHA2_384", + "RSA2048_PSS_SHA2_256" : "SHA2_256", + "RSA3072_PSS_SHA2_384" : "SHA2_384", + } + + + _auth_to_signscheme_str = { + "NONE" : "", + "SHA2_256" : "", + "SHA2_384" : "", + "RSA2048_PKCS1_SHA2_256" : "RSA_PKCS1", + "RSA3072_PKCS1_SHA2_384" : "RSA_PKCS1", + "RSA2048_PSS_SHA2_256" : "RSA_PSS", + "RSA3072_PSS_SHA2_384" : "RSA_PSS", + } + + def __init__(self, buf = None): + self.out_dir = '.' + self.input_dir = '.' + self.key_dir = '.' + self.tool_dir = '.' + if buf is None: + self.header = CONTAINER_HDR () + else: + self.header = CONTAINER_HDR (buf) + # Check if image type is valid + image_type_str = CONTAINER.get_image_type_str(self.header.image_type) + + def init_header (self, signature, alignment, image_type = 'NORMAL'): + self.header.signature = signature + self.header.version = 1 + self.header.alignment = alignment + self.header.flags = 0 + if image_type not in CONTAINER_HDR._image_type.keys(): + raise Exception ("Invalid image type '%s' specified !" % image_type) + self.header.image_type = CONTAINER_HDR._image_type[image_type] + + @staticmethod + def get_image_type_str (image_type_val): + try: + image_type_str = next((key for key, value in CONTAINER_HDR._image_type.items() if value == image_type_val)) + except StopIteration: + raise Exception ("Unknown image type value 0x%x in container header !" % image_type_val) + return image_type_str + + @staticmethod + def get_auth_type_val (auth_type_str): + return CONTAINER._auth_type_value[auth_type_str] + + @staticmethod + def get_auth_type_str (auth_type_val): + try: + auth_type_str = next(k for k, v in CONTAINER._auth_type_value.items() if v == auth_type_val) + except StopIteration: + raise Exception ("Unknown auth type value 0x%x !" % auth_type_val) + return auth_type_str + + @staticmethod + def get_auth_size (auth_type, signed = False): + # calculate the length for the required authentication info + if type(auth_type) is type(1): + auth_type_str = CONTAINER.get_auth_type_str (auth_type) + else: + auth_type_str = auth_type + if auth_type_str == 'NONE': + auth_len = 0 + elif auth_type_str.startswith ('RSA'): + auth_len = int(auth_type_str[3:7]) >> 3 + if signed: + auth_len = auth_len * 2 + sizeof(PUB_KEY_HDR) + sizeof(SIGNATURE_HDR) + 4 + elif auth_type_str.startswith ('SHA2_'): + auth_len = int(auth_type_str[5:]) >> 3 + if signed: + auth_len = 0 + else: + raise Exception ("Unsupported authentication type '%s' !" % auth_type) + return auth_len + + @staticmethod + def decode_field (name, val): + # decode auth type into readable string + extra = '' + if name in ['CONTAINER_HDR.auth_type', 'COMPONENT_ENTRY.auth_type']: + auth_type = next(k for k, v in CONTAINER._auth_type_value.items() if v == val) + extra = '%d : %s' % (val, auth_type) + return extra + + @staticmethod + def hex_str (data, name = ''): + # convert bytearray to hex string + dlen = len(data) + if dlen == 0: + hex_str = '' + else: + if dlen <= 16: + hex_str = ' '.join(['%02x' % x for x in data]) + else: + hex_str = ' '.join(['%02x' % x for x in data[:8]]) + \ + ' .... ' + ' '.join(['%02x' % x for x in data[-8:]]) + hex_str = ' %s %s [%s]' % (name, ' ' * (CONTAINER._struct_display_indent - len(name) + 1), hex_str) + if len(data) > 0: + hex_str = hex_str + ' (len=0x%x)' % len(data) + return hex_str + + @staticmethod + def output_struct (obj, indent = 0, plen = 0): + # print out a struct info + body = '' if indent else (' ' * indent + '<%s>:\n') % obj.__class__.__name__ + if plen == 0: + plen = sizeof(obj) + pstr = (' ' * (indent + 1) + '{0:<%d} = {1}\n') % CONTAINER._struct_display_indent + for field in obj._fields_: + key = field[0] + val = getattr(obj, key) + rep = '' + if type(val) is str: + rep = "0x%X ('%s')" % (bytes_to_value(bytearray(val)), val) + elif type(val) in [int]: + rep = CONTAINER.decode_field ('%s.%s' % (obj.__class__.__name__, key), val) + if not rep: + rep = '0x%X' % (val) + else: + rep = str(val) + plen -= sizeof(field[1]) + body += pstr.format(key, rep) + if plen <= 0: + break + return body.strip() + + @staticmethod + def get_pub_key_hash (key, hash_type): + # calculate publish key hash + dh = bytearray (key)[sizeof(PUB_KEY_HDR):] + if hash_type == 'SHA2_256': + return bytearray(hashlib.sha256(dh).digest()) + elif hash_type == 'SHA2_384': + return bytearray(hashlib.sha384(dh).digest()) + else: + raise Exception ("Unsupported hash type in get_pub_key_hash!") + + @staticmethod + def calculate_auth_data (file, auth_type, priv_key, out_dir): + # calculate auth info for a given file + hash_data = bytearray() + auth_data = bytearray() + basename = os.path.basename (file) + if auth_type in ['NONE']: + pass + elif auth_type in ["SHA2_256"]: + data = get_file_data (file) + hash_data.extend (hashlib.sha256(data).digest()) + elif auth_type in ["SHA2_384"]: + data = get_file_data (file) + hash_data.extend (hashlib.sha384(data).digest()) + elif auth_type in ['RSA2048_PKCS1_SHA2_256', 'RSA3072_PKCS1_SHA2_384', 'RSA2048_PSS_SHA2_256', 'RSA3072_PSS_SHA2_384' ]: + auth_type = adjust_auth_type (auth_type, priv_key) + pub_key = os.path.join(out_dir, basename + '.pub') + di = gen_pub_key (priv_key, pub_key) + key_hash = CONTAINER.get_pub_key_hash (di, CONTAINER._auth_to_hashalg_str[auth_type]) + hash_data.extend (key_hash) + out_file = os.path.join(out_dir, basename + '.sig') + rsa_sign_file (priv_key, pub_key, CONTAINER._auth_to_hashalg_str[auth_type], CONTAINER._auth_to_signscheme_str[auth_type], file, out_file, False, True) + auth_data.extend (get_file_data(out_file)) + else: + raise Exception ("Unsupport AuthType '%s' !" % auth_type) + return hash_data, auth_data + + + def set_dir_path(self, out_dir, inp_dir, key_dir, tool_dir): + self.out_dir = out_dir + self.inp_dir = inp_dir + self.key_dir = key_dir + self.tool_dir = tool_dir + + def set_header_flags (self, flags, overwrite = False): + if overwrite: + self.header.flags = flags + else: + self.header.flags |= flags + + def set_header_svn_info (self, svn): + self.header.svn = svn + + def set_header_auth_info (self, auth_type_str = None, priv_key = None): + if priv_key is not None: + self.header.priv_key = priv_key + + if auth_type_str is not None: + self.header.auth_type = CONTAINER.get_auth_type_val (auth_type_str) + auth_size = CONTAINER.get_auth_size (self.header.auth_type, True) + self.header.auth_data = b'\xff' * auth_size + + def get_header_size (self): + length = sizeof (self.header) + for comp in self.header.comp_entry: + length += comp.hash_size + length += sizeof(COMPONENT_ENTRY) * len(self.header.comp_entry) + length += len(self.header.auth_data) + return length + + def get_auth_data (self, comp_file, auth_type_str): + # calculate auth info for a give component file with specified auth type + auth_size = CONTAINER.get_auth_size (auth_type_str, True) + file_data = bytearray(get_file_data (comp_file)) + auth_data = None + hash_data = bytearray() + + if len(file_data) < sizeof (LZ_HEADER): + return file_data, hash_data, auth_data + + lz_header = LZ_HEADER.from_buffer(file_data) + data = bytearray() + if lz_header.signature in LZ_HEADER._compress_alg: + offset = sizeof(lz_header) + get_aligned_value (lz_header.compressed_len) + if len(file_data) == auth_size + offset: + auth_data = file_data[offset:offset+auth_size] + data = file_data[:sizeof(lz_header) + lz_header.compressed_len] + if auth_type_str in ["SHA2_256"]: + hash_data.extend (hashlib.sha256(data).digest()) + if auth_type_str in ["SHA2_384"]: + hash_data.extend (hashlib.sha384(data).digest()) + elif auth_type_str in ['RSA2048', 'RSA3072']: + offset += ((CONTAINER.get_auth_size (auth_type_str))) + key_hash = self.get_pub_key_hash (file_data[offset:]) + hash_data.extend (key_hash) + else: + raise Exception ("Unsupport AuthType '%s' !" % auth_type) + return data, hash_data, auth_data + + def adjust_header (self): + # finalize the container + header = self.header + header.entry_count = len(header.comp_entry) + alignment = header.alignment - 1 + header.data_offset = (self.get_header_size() + alignment) & ~alignment + if header.entry_count > 0: + length = header.comp_entry[-1].offset + header.comp_entry[-1].size + header.data_size = (length + alignment) & ~alignment + else: + header.data_size = 0 + auth_type = self.get_auth_type_str (header.auth_type) + basename = header.signature.decode() + hdr_file = os.path.join(self.out_dir, basename + '.hdr') + hdr_data = bytearray (header) + for component in header.comp_entry: + hdr_data.extend (component) + hdr_data.extend (component.hash_data) + gen_file_from_object (hdr_file, hdr_data) + hash_data, auth_data = CONTAINER.calculate_auth_data (hdr_file, auth_type, header.priv_key, self.out_dir) + if len(auth_data) != len(header.auth_data): + print (len(auth_data) , len(header.auth_data)) + raise Exception ("Unexpected authentication data length for container header !") + header.auth_data = auth_data + + def get_data (self): + # Prepare data buffer + header = self.header + data = bytearray(header) + for component in header.comp_entry: + data.extend (component) + data.extend (component.hash_data) + padding = b'\xff' * get_padding_length (len(data)) + data.extend(padding + header.auth_data) + for component in header.comp_entry: + offset = component.offset + header.data_offset + data.extend (b'\xff' * (offset - len(data))) + comp_data = bytearray(component.data) + padding = b'\xff' * get_padding_length (len(comp_data)) + comp_data.extend (padding + component.auth_data) + if len(comp_data) > component.size: + raise Exception ("Component '%s' needs space 0x%X, but region size is 0x%X !" % (component.name.decode(), len(comp_data), component.size)) + data.extend (comp_data) + offset = header.data_offset + header.data_size + data.extend (b'\xff' * (offset - len(data))) + return data + + def locate_component (self, comp_name): + component = None + for each in self.header.comp_entry: + if each.name.decode() == comp_name.upper(): + component = each + break; + return component + + def dump (self): + print ('%s' % self.output_struct (self.header)) + print (self.hex_str (self.header.auth_data, 'auth_data')) + for component in self.header.comp_entry: + print ('%s' % self.output_struct (component)) + print (self.hex_str (component.hash_data, 'hash_data')) + print (self.hex_str (component.auth_data, 'auth_data')) + print (self.hex_str (component.data, 'data') + ' %s' % str(component.data[:4].decode())) + + def create (self, layout): + + # for monolithic signing, need to add a reserved _SG_ entry to hold the auth info + mono_sig = '_SG_' + is_mono_signing = True if layout[-1][0] == mono_sig else False + + # get the first entry in layout as CONTAINER_HDR + container_sig, container_file, image_type, auth_type, key_file, alignment, region_size, svn = layout[0] + + if alignment == 0: + alignment = 0x1000 + + if auth_type == '': + auth_type = 'NONE' + + if image_type == '': + image_type = 'NORMAL' + + if container_file == '': + container_file = container_sig + '.bin' + key_path = os.path.join(self.key_dir, key_file) + if os.path.isfile (key_path): + auth_type = adjust_auth_type (auth_type, key_path) + + # build header + self.init_header (container_sig.encode(), alignment, image_type) + self.set_header_auth_info (auth_type, key_path) + self.set_header_svn_info (svn) + + name_set = set() + is_last_entry = False + for name, file, compress_alg, auth_type, key_file, alignment, region_size, svn in layout[1:]: + if is_last_entry: + raise Exception ("'%s' must be the last entry in layout for monolithic signing!" % mono_sig) + if compress_alg == '': + compress_alg = 'Dummy' + if auth_type == '': + auth_type = 'NONE' + + # build a component entry + component = COMPONENT_ENTRY () + component.name = name.encode() + if alignment == 0: + component.alignment = self.header.alignment.bit_length() - 1 + else: + component.alignment = alignment.bit_length() - 1 + component.attribute = 0 + component.auth_type = self.get_auth_type_val (auth_type) + key_file = os.path.join (self.key_dir, key_file) + if file: + if os.path.isabs(file): + in_file = file + else: + for tst in [self.inp_dir, self.out_dir]: + in_file = os.path.join(tst, file) + if os.path.isfile(in_file): + break + if not os.path.isfile(in_file): + raise Exception ("Component file path '%s' is invalid !" % file) + else: + in_file = os.path.join(self.out_dir, component.name.decode() + '.bin') + gen_file_with_size (in_file, 0) + if component.name == mono_sig.encode(): + component.attribute = COMPONENT_ENTRY._attr['RESERVED'] + compress_alg = 'Dummy' + is_last_entry = True + + # compress the component + lz_file = compress (in_file, compress_alg, svn, self.out_dir, self.tool_dir) + component.data = bytearray(get_file_data (lz_file)) + + # calculate the component auth info + component.hash_data, component.auth_data = CONTAINER.calculate_auth_data (lz_file, auth_type, key_file, self.out_dir) + component.hash_size = len(component.hash_data) + if region_size == 0: + # arrange the region size automatically + region_size = len(component.data) + region_size = get_aligned_value (region_size, 4) + len(component.auth_data) + if is_mono_signing: + region_size = get_aligned_value (region_size, self.header.alignment) + else: + region_size = get_aligned_value (region_size, (1 << component.alignment)) + component.size = region_size + name_set.add (component.name) + self.header.comp_entry.append (component) + + if len(name_set) != len(self.header.comp_entry): + raise Exception ("Found duplicated component names in a container !") + + # calculate the component offset based on alignment requirement + base_offset = None + offset = self.get_header_size () + for component in self.header.comp_entry: + alignment = (1 << component.alignment) - 1 + next_offset = (offset + alignment) & ~alignment + if is_mono_signing and (next_offset - offset >= sizeof(LZ_HEADER)): + offset = next_offset - sizeof(LZ_HEADER) + else: + offset = next_offset + if base_offset is None: + base_offset = offset + component.offset = offset - base_offset + offset += component.size + + if is_mono_signing: + # for monolithic signing, set proper flags and update header + self.set_header_flags (CONTAINER_HDR._flags['MONO_SIGNING']) + self.adjust_header () + + # update auth info for last _SG_ entry + data = self.get_data ()[self.header.data_offset:] + pods_comp = self.header.comp_entry[-1] + pods_data = data[:pods_comp.offset] + gen_file_from_object (in_file, pods_data) + pods_comp.hash_data, pods_comp.auth_data = CONTAINER.calculate_auth_data (in_file, auth_type, key_file, self.out_dir) + + self.adjust_header () + data = self.get_data () + + out_file = os.path.join(self.out_dir, container_file) + gen_file_from_object (out_file, data) + + return out_file + + def replace (self, comp_name, comp_file, comp_alg, key_file, svn, new_name): + if self.header.flags & CONTAINER_HDR._flags['MONO_SIGNING']: + raise Exception ("Counld not replace component for monolithically signed container!") + + component = self.locate_component (comp_name) + if not component: + raise Exception ("Counld not locate component '%s' in container !" % comp_name) + if comp_alg == '': + # reuse the original compression alg + lz_header = LZ_HEADER.from_buffer(component.data) + comp_alg = LZ_HEADER._compress_alg[lz_header.signature] + else: + comp_alg = comp_alg[0].upper() + comp_alg[1:] + + # verify the new component hash does match the hash stored in the container header + auth_type_str = self.get_auth_type_str (component.auth_type) + data, hash_data, auth_data = self.get_auth_data (comp_file, auth_type_str) + if auth_data is None: + lz_file = compress (comp_file, comp_alg, svn, self.out_dir, self.tool_dir) + if auth_type_str.startswith ('RSA') and key_file == '': + raise Exception ("Signing key needs to be specified !") + hash_data, auth_data = CONTAINER.calculate_auth_data (lz_file, auth_type_str, key_file, self.out_dir) + data = get_file_data (lz_file) + component.data = bytearray(data) + component.auth_data = bytearray(auth_data) + if component.hash_data != bytearray(hash_data): + raise Exception ('Compoent hash does not match the one stored in container header !') + + # create the final output file + data = self.get_data () + if new_name == '': + new_name = self.header.signature + '.bin' + out_file = os.path.join(self.out_dir, new_name) + gen_file_from_object (out_file, data) + + return out_file + + def extract (self, name = '', file_path = ''): + if name == '': + # extract all components inside a container + # so creat a layout file first + if file_path == '': + file_name = self.header.signature + '.bin' + else: + file_name = os.path.splitext(os.path.basename (file_path))[0] + '.bin' + + # create header entry + auth_type_str = self.get_auth_type_str (self.header.auth_type) + match = re.match('RSA(\d+)_', auth_type_str) + if match: + key_file = 'KEY_ID_CONTAINER_RSA%s' % match.group(1) + else: + key_file = '' + alignment = self.header.alignment + image_type_str = CONTAINER.get_image_type_str(self.header.image_type) + header = ['%s' % self.header.signature.decode(), file_name, image_type_str, auth_type_str, key_file] + layout = [(' Name', ' ImageFile', ' CompAlg', ' AuthType', ' KeyFile', ' Alignment', ' Size', 'Svn')] + layout.append(tuple(["'%s'" % x for x in header] + ['0x%x' % alignment, '0', '0x%x' % self.header.svn])) + # create component entry + for component in self.header.comp_entry: + auth_type_str = self.get_auth_type_str (component.auth_type) + match = re.match('RSA(\d+)_', auth_type_str) + if match: + key_file = 'KEY_ID_CONTAINER_COMP_RSA%s' % match.group(1) + else: + key_file = '' + lz_header = LZ_HEADER.from_buffer(component.data) + alg = LZ_HEADER._compress_alg[lz_header.signature] + svn = lz_header.svn + if component.attribute & COMPONENT_ENTRY._attr['RESERVED']: + comp_file = '' + else: + comp_file = component.name.decode() + '.bin' + comp = [component.name.decode(), comp_file, alg, auth_type_str, key_file] + layout.append(tuple(["'%s'" % x for x in comp] + ['0x%x' % (1 << component.alignment), '0x%x' % component.size, '0x%x' % svn])) + + # write layout file + layout_file = os.path.join(self.out_dir, self.header.signature.decode() + '.txt') + fo = open (layout_file, 'w') + fo.write ('# Container Layout File\n#\n') + for idx, each in enumerate(layout): + line = ' %-6s, %-16s, %-10s, %-24s, %-32s, %-10s, %-10s, %-10s' % each + if idx == 0: + line = '# %s\n' % line + else: + line = ' (%s),\n' % line + fo.write (line) + if idx == 0: + line = '# %s\n' % ('=' * 136) + fo.write (line) + fo.close() + + for component in self.header.comp_entry: + if component.attribute & COMPONENT_ENTRY._attr['RESERVED']: + continue + # creat individual component region and image binary + if (component.name.decode() == name) or (name == ''): + basename = os.path.join(self.out_dir, '%s' % component.name.decode()) + sig_file = basename + '.rgn' + sig_data = component.data + b'\xff' * get_padding_length (len(component.data)) + component.auth_data + gen_file_from_object (sig_file, sig_data) + + bin_file = basename + '.bin' + lz_header = LZ_HEADER.from_buffer(component.data) + signature = lz_header.signature + if signature in [b'LZDM']: + offset = sizeof(lz_header) + data = component.data[offset : offset + lz_header.compressed_len] + gen_file_from_object (bin_file, data) + elif signature in [b'LZMA', b'LZ4 ']: + decompress (sig_file, bin_file, self.tool_dir) + else: + raise Exception ("Unknown LZ format!") + +def gen_container_bin (container_list, out_dir, inp_dir, key_dir = '.', tool_dir = ''): + for each in container_list: + container = CONTAINER () + container.set_dir_path (out_dir, inp_dir, key_dir, tool_dir) + out_file = container.create (each) + print ("Container '%s' was created successfully at: \n %s" % (container.header.signature.decode(), out_file)) + +def adjust_auth_type (auth_type_str, key_path): + if os.path.exists(key_path): + sign_key_type = get_key_type(key_path) + if auth_type_str != '': + sign_scheme = CONTAINER._auth_to_signscheme_str[auth_type_str] + else: + # Set to default signing scheme if auth type is generated. + sign_scheme = 'RSA_PSS' + auth_type, hash_type = get_auth_hash_type (sign_key_type, sign_scheme) + if auth_type_str and (auth_type != auth_type_str): + print ("Override auth type to '%s' in order to match the private key type !" % auth_type) + auth_type_str = auth_type + + return auth_type_str + +def gen_layout (comp_list, img_type, auth_type_str, svn, out_file, key_dir, key_file): + hash_type = CONTAINER._auth_to_hashalg_str[auth_type_str] if auth_type_str else '' + auth_type = auth_type_str + key_path = os.path.join(key_dir, key_file) + auth_type = adjust_auth_type (auth_type, key_path) + if auth_type == '': + raise Exception ("'auth' parameter is expected !") + + # prepare the layout from individual components from '-cl' + if img_type not in CONTAINER_HDR._image_type.keys(): + raise Exception ("Invalid Container Type '%s' !" % img_type) + layout = "('BOOT', '%s', '%s', '%s' , '%s', 0x10, 0, %s),\n" % (out_file, img_type, auth_type, key_file, svn) + end_layout = "('_SG_', '', 'Dummy', '%s', '', 0, 0, %s)," % (hash_type, svn) + for idx, each in enumerate(comp_list): + parts = each.split(':') + comp_name = parts[0] + if len(comp_name) != 4: + raise Exception ("Invalid component string format '%s' !" % each) + + if (len(parts)) > 2: + comp_file = ':'.join(parts[1:2]) + com_svn = ':'.join(parts[2:]) + else: + comp_file = ':'.join(parts[1:]) + com_svn = 0 # set to default svn + + if comp_name == 'INRD': + align = 0x1000 + else: + align = 0 + layout += "('%s', '%s', 'Dummy', 'NONE', '', %s, 0, %s),\n" % (comp_name, comp_file, align, com_svn) + layout += end_layout + return layout + +def create_container (args): + layout = "" + # if '-l', get the layout content directly + # if '-cl' prepare the layout + + #extract key dir and file + key_path = os.path.abspath(args.key_path) + if os.path.isdir(key_path): + key_dir = key_path + key_file = '' + else: + key_dir = os.path.dirname(key_path) + key_file = os.path.basename(key_path) + + #extract out dir and file + out_path = os.path.abspath(args.out_path) + if os.path.isdir(out_path): + out_dir = out_path + out_file = '' + else: + out_dir = os.path.dirname(out_path) + out_file = os.path.basename(out_path) + + if args.layout: + # Using layout file + layout = get_file_data(args.layout, 'r') + else: + # Using component list + if not key_file: + raise Exception ("key_path expects a key file path !") + layout = gen_layout (args.comp_list, args.img_type, args.auth, args.svn, out_file, key_dir, key_file) + container_list = eval ('[[%s]]' % layout.replace('\\', '/')) + + comp_dir = os.path.abspath(args.comp_dir) + if not os.path.isdir(comp_dir): + raise Exception ("'comp_dir' expects a directory path !") + tool_dir = os.path.abspath(args.tool_dir) + if not os.path.isdir(tool_dir): + raise Exception ("'tool_dir' expects a directory path !") + + if out_file: + # override the output file name + hdr_entry = list (container_list[0][0]) + hdr_entry[1] = out_file + container_list[0][0] = tuple(hdr_entry) + + if args.layout and args.auth: + # override auth + hdr_entry = list (container_list[0][0]) + hdr_entry[3] = args.auth + container_list[0][0] = tuple(hdr_entry) + + gen_container_bin (container_list, out_dir, comp_dir, key_dir, tool_dir) + +def extract_container (args): + tool_dir = args.tool_dir if args.tool_dir else '.' + data = get_file_data (args.image) + container = CONTAINER (data) + container.set_dir_path (args.out_dir, '.', '.', tool_dir) + container.extract (args.comp_name, args.image) + print ("Components were extraced successfully at:\n %s" % args.out_dir) + +def replace_component (args): + tool_dir = args.tool_dir if args.tool_dir else '.' + data = get_file_data (args.image) + container = CONTAINER (data) + out_path = os.path.abspath(args.out_image) + out_dir = os.path.dirname(out_path) + out_file = os.path.basename(out_path) + container.set_dir_path (out_dir, '.', '.', tool_dir) + file = container.replace (args.comp_name, args.comp_file, args.compress, args.key_file, args.svn, out_file) + print ("Component '%s' was replaced successfully at:\n %s" % (args.comp_name, file)) + +def sign_component (args): + compress_alg = args.compress + compress_alg = compress_alg[0].upper() + compress_alg[1:] + + #extract out dir and file + sign_file = os.path.abspath(args.out_file) + out_dir = os.path.dirname(sign_file) + + lz_file = compress (args.comp_file, compress_alg, args.svn, out_dir, args.tool_dir) + data = bytearray(get_file_data (lz_file)) + hash_data, auth_data = CONTAINER.calculate_auth_data (lz_file, args.auth, args.key_file, out_dir) + + data.extend (b'\xff' * get_padding_length(len(data))) + data.extend (auth_data) + gen_file_from_object (sign_file, data) + print ("Component file was signed successfully at:\n %s" % sign_file) + +def display_container (args): + data = get_file_data (args.image) + container = CONTAINER (data) + container.dump () + +def main(): + parser = argparse.ArgumentParser() + sub_parser = parser.add_subparsers(help='command') + + # Command for display + cmd_display = sub_parser.add_parser('view', help='display a container image') + cmd_display.add_argument('-i', dest='image', type=str, required=True, help='Container input image') + cmd_display.set_defaults(func=display_container) + + # Command for create + cmd_display = sub_parser.add_parser('create', help='create a container image') + group = cmd_display.add_mutually_exclusive_group (required=True) + # '-l' or '-cl', one of them is mandatory + group.add_argument('-l', dest='layout', type=str, help='Container layout input file if no -cl') + group.add_argument('-cl', dest='comp_list',nargs='+', help='List of each component files, following XXXX:FileName format') + cmd_display.add_argument('-t', dest='img_type', type=str, default='CLASSIC', help='Container Image Type : [NORMAL, CLASSIC, MULTIBOOT]') + cmd_display.add_argument('-o', dest='out_path', type=str, default='.', help='Container output directory/file') + cmd_display.add_argument('-k', dest='key_path', type=str, default='', help='Input key directory/file. Use key directoy path when container layout -l option is used \ + Use Key Id or key file path when component files with -cl option is specified') + cmd_display.add_argument('-a', dest='auth', choices=['SHA2_256', 'SHA2_384', 'RSA2048_PKCS1_SHA2_256', + 'RSA3072_PKCS1_SHA2_384', 'RSA2048_PSS_SHA2_256', 'RSA3072_PSS_SHA2_384', 'NONE'], default='', help='authentication algorithm') + cmd_display.add_argument('-cd', dest='comp_dir', type=str, default='', help='Componet image input directory') + cmd_display.add_argument('-td', dest='tool_dir', type=str, default='', help='Compression tool directory') + cmd_display.add_argument('-s', dest='svn', type=int, default=0, help='Security version number for Container header') + cmd_display.set_defaults(func=create_container) + + # Command for extract + cmd_display = sub_parser.add_parser('extract', help='extract a component image') + cmd_display.add_argument('-i', dest='image', type=str, required=True, help='Container input image path') + cmd_display.add_argument('-n', dest='comp_name', type=str, default='', help='Component name to extract') + cmd_display.add_argument('-od', dest='out_dir', type=str, default='.', help='Output directory') + cmd_display.add_argument('-td', dest='tool_dir', type=str, default='', help='Compression tool directory') + cmd_display.set_defaults(func=extract_container) + + # Command for replace + cmd_display = sub_parser.add_parser('replace', help='replace a component image') + cmd_display.add_argument('-i', dest='image', type=str, required=True, help='Container input image path') + cmd_display.add_argument('-o', dest='out_image', type=str, default='', help='Container new output image path') + cmd_display.add_argument('-n', dest='comp_name', type=str, required=True, help='Component name to replace') + cmd_display.add_argument('-f', dest='comp_file', type=str, required=True, help='Component input file path') + cmd_display.add_argument('-c', dest='compress', choices=['lz4', 'lzma', 'dummy'], default='dummy', help='compression algorithm') + cmd_display.add_argument('-k', dest='key_file', type=str, default='', help='Key Id or Private key file path to sign component') + cmd_display.add_argument('-td', dest='tool_dir', type=str, default='', help='Compression tool directory') + cmd_display.add_argument('-s', dest='svn', type=int, default=0, help='Security version number for Component') + cmd_display.set_defaults(func=replace_component) + + # Command for sign + cmd_display = sub_parser.add_parser('sign', help='compress and sign a component image') + cmd_display.add_argument('-f', dest='comp_file', type=str, required=True, help='Component input file path') + cmd_display.add_argument('-o', dest='out_file', type=str, default='', help='Signed output image path') + cmd_display.add_argument('-c', dest='compress', choices=['lz4', 'lzma', 'dummy'], default='dummy', help='compression algorithm') + cmd_display.add_argument('-a', dest='auth', choices=['SHA2_256', 'SHA2_384', 'RSA2048_PKCS1_SHA2_256', + 'RSA3072_PKCS1_SHA2_384', 'RSA2048_PSS_SHA2_256', 'RSA3072_PSS_SHA2_384', 'NONE'], default='NONE', help='authentication algorithm') + cmd_display.add_argument('-k', dest='key_file', type=str, default='', help='Key Id or Private key file path to sign component') + cmd_display.add_argument('-td', dest='tool_dir', type=str, default='', help='Compression tool directory') + cmd_display.add_argument('-s', dest='svn', type=int, default=0, help='Security version number for Component') + cmd_display.set_defaults(func=sign_component) + + # Parse arguments and run sub-command + args = parser.parse_args() + try: + func = args.func + except AttributeError: + parser.error("too few arguments") + + # Additional check + if args.func == sign_component: + if args.auth.startswith('RSA') and args.key_file == '': + parser.error("the following arguments are required: -k") + + func(args) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/containertool/SingleSign.py b/containertool/SingleSign.py new file mode 100644 index 00000000..5baacbde --- /dev/null +++ b/containertool/SingleSign.py @@ -0,0 +1,301 @@ +#!/usr/bin/env python +## @ SingleSign.py +# Single signing script +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +## +# Import Modules +# +import os +import sys +import re +import shutil +import subprocess +import struct +import hashlib +import string + +SIGNING_KEY = { + # Key Id | Key File Name start | + # ================================================================= + # KEY_ID_MASTER is used for signing Slimboot Key Hash Manifest container (KEYH Component) + "KEY_ID_MASTER_RSA2048" : "MasterTestKey_Priv_RSA2048.pem", + "KEY_ID_MASTER_RSA3072" : "MasterTestKey_Priv_RSA3072.pem", + + # KEY_ID_CFGDATA is used for signing external Config data blob) + "KEY_ID_CFGDATA_RSA2048" : "ConfigTestKey_Priv_RSA2048.pem", + "KEY_ID_CFGDATA_RSA3072" : "ConfigTestKey_Priv_RSA3072.pem", + + # KEY_ID_FIRMWAREUPDATE is used for signing capsule firmware update image) + "KEY_ID_FIRMWAREUPDATE_RSA2048" : "FirmwareUpdateTestKey_Priv_RSA2048.pem", + "KEY_ID_FIRMWAREUPDATE_RSA3072" : "FirmwareUpdateTestKey_Priv_RSA3072.pem", + + # KEY_ID_CONTAINER is used for signing container header with mono signature + "KEY_ID_CONTAINER_RSA2048" : "ContainerTestKey_Priv_RSA2048.pem", + "KEY_ID_CONTAINER_RSA3072" : "ContainerTestKey_Priv_RSA3072.pem", + + # CONTAINER_COMP1_KEY_ID is used for signing container components + "KEY_ID_CONTAINER_COMP_RSA2048" : "ContainerCompTestKey_Priv_RSA2048.pem", + "KEY_ID_CONTAINER_COMP_RSA3072" : "ContainerCompTestKey_Priv_RSA3072.pem", + + # KEY_ID_OS1_PUBLIC, KEY_ID_OS2_PUBLIC is used for referencing Boot OS public keys + "KEY_ID_OS1_PUBLIC_RSA2048" : "OS1_TestKey_Pub_RSA2048.pem", + "KEY_ID_OS1_PUBLIC_RSA3072" : "OS1_TestKey_Pub_RSA3072.pem", + + "KEY_ID_OS2_PUBLIC_RSA2048" : "OS2_TestKey_Pub_RSA2048.pem", + "KEY_ID_OS2_PUBLIC_RSA3072" : "OS2_TestKey_Pub_RSA3072.pem", + + } + +MESSAGE_SBL_KEY_DIR = ( + "!!! PRE-REQUISITE: Path to SBL_KEY_DIR has to be set with SBL KEYS DIRECTORY !!! \n" + "!!! Generate keys using GenerateKeys.py available in BootloaderCorePkg/Tools directory !!! \n" + "!!! Run $python BootloaderCorePkg/Tools/GenerateKeys.py -k $PATH_TO_SBL_KEY_DIR !!!\n" + "!!! Set SBL_KEY_DIR environ with path to SBL KEYS DIR !!!\n" + "!!! Windows $set SBL_KEY_DIR=$PATH_TO_SBL_KEY_DIR !!!\n" + "!!! Linux $export SBL_KEY_DIR=$PATH_TO_SBL_KEY_DIR !!!\n" + ) + +def get_openssl_path (): + if os.name == 'nt': + if 'OPENSSL_PATH' not in os.environ: + openssl_dir = "C:\\Openssl\\bin\\" + if os.path.exists (openssl_dir): + os.environ['OPENSSL_PATH'] = openssl_dir + else: + os.environ['OPENSSL_PATH'] = "C:\\Openssl\\" + if 'OPENSSL_CONF' not in os.environ: + openssl_cfg = "C:\\Openssl\\openssl.cfg" + if os.path.exists(openssl_cfg): + os.environ['OPENSSL_CONF'] = openssl_cfg + openssl = os.path.join(os.environ.get ('OPENSSL_PATH', ''), 'openssl.exe') + else: + # Get openssl path for Linux cases + openssl = shutil.which('openssl') + + return openssl + +def run_process (arg_list, print_cmd = False, capture_out = False): + sys.stdout.flush() + if print_cmd: + print (' '.join(arg_list)) + + exc = None + result = 0 + output = '' + try: + if capture_out: + output = subprocess.check_output(arg_list).decode() + else: + result = subprocess.call (arg_list) + except Exception as ex: + result = 1 + exc = ex + + if result: + if not print_cmd: + print ('Error in running process:\n %s' % ' '.join(arg_list)) + if exc is None: + sys.exit(1) + else: + raise exc + + return output + +def check_file_pem_format (priv_key): + # Check for file .pem format + key_name = os.path.basename(priv_key) + if os.path.splitext(key_name)[1] == ".pem": + return True + else: + return False + +def get_key_id (priv_key): + # Extract base name if path is provided. + key_name = os.path.basename(priv_key) + # Check for KEY_ID in key naming. + if key_name.startswith('KEY_ID'): + return key_name + else: + return None + +def get_sbl_key_dir (): + # Check Key store setting SBL_KEY_DIR path + if 'SBL_KEY_DIR' not in os.environ: + raise Exception ("ERROR: SBL_KEY_DIR is not defined. Set SBL_KEY_DIR with SBL Keys directory!!\n" + + MESSAGE_SBL_KEY_DIR) + + sbl_key_dir = os.environ.get('SBL_KEY_DIR') + if not os.path.exists(sbl_key_dir): + raise Exception (("ERROR:SBL_KEY_DIR set %s is not valid. Set the correct SBL_KEY_DIR path !!\n" + + MESSAGE_SBL_KEY_DIR) % sbl_key_dir) + else: + return sbl_key_dir + +def get_key_from_store (in_key): + + #Check in_key is path to key + if os.path.exists(in_key): + return in_key + + # Get Slimboot key dir path + sbl_key_dir = get_sbl_key_dir() + + # Extract if in_key is key_id + priv_key = get_key_id (in_key) + if priv_key is not None: + if (priv_key in SIGNING_KEY): + # Generate key file name from key id + priv_key_file = SIGNING_KEY[priv_key] + else: + raise Exception('KEY_ID %s is not found in supported KEY IDs!!' % priv_key) + elif check_file_pem_format(in_key) == True: + # check if file name is provided in pem format + priv_key_file = in_key + else: + priv_key_file = None + raise Exception('key provided %s is not valid!' % in_key) + + # Create a file path + # Join Key Dir and priv_key_file + try: + priv_key = os.path.join (sbl_key_dir, priv_key_file) + except: + raise Exception('priv_key is not found %s!' % priv_key) + + # Check for priv_key construted based on KEY ID exists in specified path + if not os.path.isfile(priv_key): + raise Exception (("!!! ERROR: Key file corresponding to '%s' do not exist in Sbl key directory at '%s' !!! \n" + MESSAGE_SBL_KEY_DIR) % (in_key, sbl_key_dir)) + + return priv_key + +# +# Sign an file using openssl +# +# priv_key [Input] Key Id or Path to Private key +# hash_type [Input] Signing hash +# sign_scheme[Input] Sign/padding scheme +# in_file [Input] Input file to be signed +# out_file [Input/Output] Signed data file +# + +def single_sign_file (priv_key, hash_type, sign_scheme, in_file, out_file): + + _hash_type_string = { + "SHA2_256" : 'sha256', + "SHA2_384" : 'sha384', + "SHA2_512" : 'sha512', + } + + _hash_digest_Size = { + # Hash_string : Hash_Size + "SHA2_256" : 32, + "SHA2_384" : 48, + "SHA2_512" : 64, + "SM3_256" : 32, + } + + _sign_scheme_string = { + "RSA_PKCS1" : 'pkcs1', + "RSA_PSS" : 'pss', + } + + priv_key = get_key_from_store(priv_key) + + # Temporary files to store hash generated + hash_file_tmp = out_file+'.hash.tmp' + hash_file = out_file+'.hash' + + # Generate hash using openssl dgst in hex format + cmdargs = [get_openssl_path(), 'dgst', '-'+'%s' % _hash_type_string[hash_type], '-out', '%s' % hash_file_tmp, '%s' % in_file] + run_process (cmdargs) + + # Extract hash form dgst command output and convert to ascii + with open(hash_file_tmp, 'r') as fin: + hashdata = fin.read() + fin.close() + + try: + hashdata = hashdata.rsplit('=', 1)[1].strip() + except: + raise Exception('Hash Data not found for signing!') + + if len(hashdata) != (_hash_digest_Size[hash_type] * 2): + raise Exception('Hash Data size do match with for hash type!') + + hashdata_bytes = bytearray.fromhex(hashdata) + open (hash_file, 'wb').write(hashdata_bytes) + + print ("Key used for Singing %s !!" % priv_key) + + # sign using Openssl pkeyutl + cmdargs = [get_openssl_path(), 'pkeyutl', '-sign', '-in', '%s' % hash_file, '-inkey', '%s' % priv_key, + '-out', '%s' % out_file, '-pkeyopt', 'digest:%s' % _hash_type_string[hash_type], + '-pkeyopt', 'rsa_padding_mode:%s' % _sign_scheme_string[sign_scheme]] + + run_process (cmdargs) + + return + +# +# Extract public key using openssl +# +# in_key [Input] Private key or public key in pem format +# pub_key_file [Input/Output] Public Key to a file +# +# return keydata (mod, exp) in bin format +# + +def single_sign_gen_pub_key (in_key, pub_key_file = None): + + in_key = get_key_from_store(in_key) + + # Expect key to be in PEM format + is_prv_key = False + cmdline = [get_openssl_path(), 'rsa', '-pubout', '-text', '-noout', '-in', '%s' % in_key] + # Check if it is public key or private key + text = open(in_key, 'r').read() + if '-BEGIN RSA PRIVATE KEY-' in text or '-BEGIN PRIVATE KEY-' in text: + is_prv_key = True + elif '-BEGIN PUBLIC KEY-' in text: + cmdline.extend (['-pubin']) + else: + raise Exception('Unknown key format "%s" !' % in_key) + + if pub_key_file: + cmdline.extend (['-out', '%s' % pub_key_file]) + capture = False + else: + capture = True + + output = run_process (cmdline, capture_out = capture) + if not capture: + output = text = open(pub_key_file, 'r').read() + data = output.replace('\r', '') + data = data.replace('\n', '') + data = data.replace(' ', '') + + # Extract the modulus + if is_prv_key: + match = re.search('modulus(.*)publicExponent:\s+(\d+)\s+', data) + else: + match = re.search('Modulus(?:.*?):(.*)Exponent:\s+(\d+)\s+', data) + if not match: + raise Exception('Public key not found!') + modulus = match.group(1).replace(':', '') + exponent = int(match.group(2)) + + mod = bytearray.fromhex(modulus) + # Remove the '00' from the front if the MSB is 1 + if mod[0] == 0 and (mod[1] & 0x80): + mod = mod[1:] + exp = bytearray.fromhex('{:08x}'.format(exponent)) + + keydata = mod + exp + + return keydata + diff --git a/testkeys/OS1_TestKey_Priv_RSA2048.pem b/testkeys/OS1_TestKey_Priv_RSA2048.pem new file mode 100644 index 00000000..3aab5f16 --- /dev/null +++ b/testkeys/OS1_TestKey_Priv_RSA2048.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAzLiDFGCKzj/TfsxpIxtQ1f2YI/5/7tmyPj23Zy/7bbnqrsfR +CQyBbDElte1R9cCAYhK9aN5JTuparnsh3eFIhq9DeuyFtQtjo54t3AQ6cUVx+wyP +8D8gFjC0TlIhin0xW/xwmMptXdxjxv44mEfI1ioIvGHSMNtic0jA9WRimlL+qIJ/ +P4fWisU24x5yoPDjGM5C3h5LWvcqGi1HGtyH0I6l74NcPahJl/dVV0di1s6eURXT +gCSwJx2zL/H4Xf/qy5uh3fGKod4ay8MwaHOlVHc2CxnkoBjoj9mEUhNasVOiOmjY +W7yxi9WDdSlDoZDrCyiGHtKmLnTBuTLJlU6pcQIDAQABAoIBAQCEm/CsvmyrdUS2 +mgpwpz0RoJdwmWadfX6sOqYWvUoMpaWTWfPZ/LPJNXzL/9Jbcjq3TJRM3dB2we/D +nhct9sRYGieH9LYXtCzyy3/BSSviO629hUGnyfwq45moMiNv5fCXOUpmbpmxdxVa +zUozuiwqLkhCXsscwr9fFf2H92K3u2md8xSeqEqgcz5eDWRryAB12jndQICJvpvb +mS9yvhfZnZS3s66Pqfcf4MEUeKkxLgs7F0gTPxKSD5wwurjWd9p48b10YphH9B3S +vjKIvrbwd4rRQdDIeHspJ+evhhXU/MIjsx3DwFJgCOOIghwqriEAd/BNhurS0qXS +YrlhhekBAoGBAPfNk7E3lkRPC7laz24Co9effrPOSHfdAO6fRjLqu/5Cg6MSxT6K +d/JC6hlv8kuFRr2hVC8GzaopmNLzgTq5/CEFDADdnirJ9kJDj+toicQL3+ntN2sT +usk1I2Ym+RnuJFw5himq4/t7MP1BOlfRd6MhEuupWSvFcvn1IUu9qv7JAoGBANN+ +HBCq+XN/iuUgOfgj+p7kdz18j2GHeIa5tVirQeGsBGl3gLzVH9l0sxxeoEqdDzIv +j3Nxstero1PfMZsRTfSomd2zsRshYH17FAAjue28MJGbBcCGEHpg5GCmeP5Wemqw +dRDreRTPwroOLGcFILZTiYzSTFhQ8vdHW4upkmFpAoGBAOMPUPx6lcsjrvd5eUYx +TxXdhIiXRRnnvNnpwbYYFohFRD9hjLDgykWHAOCsDhUbGxXZRL0Oe9cm5GyvSUOZ +dah/6l7EsxA8HNTc+XvYPxwPUW4Uucn4uxdxBG2u2mPjLRgAcamud9ZQLDRy11Xu +jrRAMwkTFK0h8FePQKIZOhzZAoGBAJqxY1XNuSgB4lY1fDFEH8yYz57pvPZZYI8q +xrpUiZvHdnKuNjvop6Mm+NuHWzc4KiVLJGIMiAO4R37RgjcqMRsDN4gyJxjxEOK3 +Y6m2eAir3dqiyVJIvUTGGkWXfmiKWIAxEW+OzMGsNYJhW5j+5y51a+bU64Ktswmr +6An/vlIBAoGBAO44DdQRrqmndVjXu/+yMLYmRxG7CCzUyxgxUeaR2fco1Qss/2Me +fgk3T85tnFM4rq3gvSL4oyjUgMZJ8vtnWl+6IppSru9zzmEZ+aqT+GsHWsK6Tkcv +SvZswG++MVPfOLAveappYkaSLhbbBi3ARfM7G90RG0SK3JLQNXVAX2Q1 +-----END RSA PRIVATE KEY----- From bf287064f3020d5473143790a2cb3101d38bdb37 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Fri, 16 Jun 2023 21:14:06 +0800 Subject: [PATCH 13/37] build: Support build kernelflinger with Slim Bootloader Build kernelflinger as ELF file Tracked-On: OAM-110589 Signed-off-by: Chen, Gang G --- core/definitions.mk | 49 +++++++++++++++++++++++++++++++++-- core/elf_ia32_sbl.lds | 58 ++++++++++++++++++++++++++++++++++++++++++ core/sbl_executable.mk | 55 +++++++++++++++++++++++++++++++++++++++ tasks/publish.mk | 14 +++++----- 4 files changed, 167 insertions(+), 9 deletions(-) create mode 100644 core/elf_ia32_sbl.lds create mode 100755 core/sbl_executable.mk diff --git a/core/definitions.mk b/core/definitions.mk index 5a4a9f8a..83a2f872 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -5,6 +5,7 @@ IAFW_BUILD_SYSTEM := $(INTEL_PATH_BUILD)/core BUILD_EFI_STATIC_LIBRARY := $(IAFW_BUILD_SYSTEM)/iafw_static_library.mk BUILD_IAFW_STATIC_LIBRARY := $(IAFW_BUILD_SYSTEM)/iafw_static_library.mk BUILD_EFI_EXECUTABLE := $(IAFW_BUILD_SYSTEM)/efi_executable.mk +BUILD_SBL_EXECUTABLE := $(IAFW_BUILD_SYSTEM)/sbl_executable.mk # Override default definition CLEAR_VARS := $(IAFW_BUILD_SYSTEM)/clear_vars.mk @@ -15,19 +16,36 @@ GENERATE_VERITY_KEY := $(HOST_OUT_EXECUTABLES)/generate_verity_key$(HOST_EXECUTA OPENSSL := openssl SBSIGN := sbsign MKDOSFS := mkdosfs -MKEXT2IMG := $(HOST_OUT_EXECUTABLES)/mkext2img -DUMPEXT2IMG := $(HOST_OUT_EXECUTABLES)/dumpext2img +#MKEXT2IMG := $(HOST_OUT_EXECUTABLES)/mkext2img +#DUMPEXT2IMG := $(HOST_OUT_EXECUTABLES)/dumpext2img MCOPY := mcopy SESL := sign-efi-sig-list$(HOST_EXECUTABLE_SUFFIX) CTESL := cert-to-efi-sig-list$(HOST_EXECUTABLE_SUFFIX) IASL := $(INTEL_PATH_BUILD)/acpi-tools/linux64/bin/iasl +# Generation +KF4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/kf4sbl_symbols.zip +FB4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/fb4sbl_symbols.zip + # Extra host tools we need built to use our *_from_target_files # or sign_target_files_* scripts INTEL_OTATOOLS := \ $(GENERATE_VERITY_KEY) \ $(AVBTOOL) +ifeq ($(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),true) +# NON UEFI platform +INTEL_OTATOOLS += \ + # $(MKEXT2IMG) \ + # $(DUMPEXT2IMG) \ + $(FASTBOOT) \ + $(IASL) +endif + +ifeq ($(BOARD_USE_SBL),true) +INTEL_OTATOOLS += abl_toolchain +endif + otatools: $(INTEL_OTATOOLS) # FIXME: may be unsafe to omit -no-sse @@ -73,6 +91,7 @@ GNU_EFI_CRT0 := crt0-efi-$(TARGET_IAFW_ARCH_NAME) LIBPAYLOAD_CRT0 := crt0-libpayload-$(TARGET_IAFW_ARCH_NAME) TARGET_EFI_LDS := $(IAFW_BUILD_SYSTEM)/elf_$(TARGET_IAFW_ARCH_NAME)_efi.lds +TARGET_SBL_LDS := $(IAFW_BUILD_SYSTEM)/elf_$(TARGET_IAFW_ARCH_NAME)_sbl.lds TARGET_IAFW_GLOBAL_OBJCOPY_FLAGS := \ -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel \ @@ -125,6 +144,32 @@ $(hide) $(IAFW_OBJCOPY) $(PRIVATE_OBJCOPY_FLAGS) \ $(hide) $(SBSIGN) --key $1 --cert $2 --output $@ $(@:.efi=.efiunsigned) endef +define transform-o-to-sbl-executable +@echo "target SBL Executable: $(PRIVATE_MODULE) ($@)" +$(hide) mkdir -p $(dir $@) +$(hide) $(IAFW_LD) $1 \ + --defsym=CONFIG_LP_BASE_ADDRESS=$(LIBPAYLOAD_BASE_ADDRESS) \ + --defsym=CONFIG_LP_HEAP_SIZE=$(LIBPAYLOAD_HEAP_SIZE) \ + --defsym=CONFIG_LP_STACK_SIZE=$(LIBPAYLOAD_STACK_SIZE) \ + --whole-archive $(call module-built-files,$(LIBPAYLOAD_CRT0)) --no-whole-archive \ + $(PRIVATE_ALL_OBJECTS) --start-group $(PRIVATE_ALL_STATIC_LIBRARIES) --end-group $(IAFW_LIBCLANG) \ + -Map $(@:.sbl=.map) -o $(@:.sbl=.sym.elf) +$(hide)$(IAFW_STRIP) --strip-all $(@:.sbl=.sym.elf) -o $(@:.sbl=.elf) + +$(hide) cp $(@:.sbl=.elf) $@ + + +python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t NORMAL -cl ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA2048.pem -o $(PRODUCT_OUT)/sbl_os + + +$(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ + zip -juy $(FB4SBL_SYMBOLS_ZIP) $(@:.sbl=.map) $(@:.sbl=.sym.elf); \ + zip -juy $(FB4SBL_SYMBOLS_ZIP) $@; \ +elif [ "$(PRIVATE_MODULE:debug=)" = kf4sbl-user ]; then \ + zip -juy $(KF4SBL_SYMBOLS_ZIP) $(@:.sbl=.map) $(@:.sbl=.sym.elf); \ +fi +endef + # Hook up the prebuilts generation mechanism include $(INTEL_PATH_COMMON)/external/external.mk diff --git a/core/elf_ia32_sbl.lds b/core/elf_ia32_sbl.lds new file mode 100644 index 00000000..8c013931 --- /dev/null +++ b/core/elf_ia32_sbl.lds @@ -0,0 +1,58 @@ +OUTPUT_FORMAT(elf32-i386) +OUTPUT_ARCH(i386) + +ENTRY(_entry) + +SECTIONS +{ + . = CONFIG_LP_BASE_ADDRESS; + + . = ALIGN(16); + _start = .; + + .text : { + *(.text._entry) + *(.text) + *(.text.*) + } + + .rodata : { + *(.rodata) + *(.rodata.*) + } + + .data : { + *(.data) + *(.data.*) + } + + _edata = .; + + .bss : { + *(.sbss) + *(.sbss.*) + *(.bss) + *(.bss.*) + *(COMMON) + + /* Stack and heap */ + + . = ALIGN(16); + _heap = .; + . += CONFIG_LP_HEAP_SIZE; + . = ALIGN(16); + _eheap = .; + + _estack = .; + . += CONFIG_LP_STACK_SIZE; + . = ALIGN(16); + _stack = .; + } + + _end = .; + + /DISCARD/ : { + *(.comment) + *(.note*) + } +} diff --git a/core/sbl_executable.mk b/core/sbl_executable.mk new file mode 100755 index 00000000..b2f9046b --- /dev/null +++ b/core/sbl_executable.mk @@ -0,0 +1,55 @@ +ifeq ($(strip $(LOCAL_MODULE_CLASS)),) +LOCAL_MODULE_CLASS := SBL +endif + +ifeq ($(strip $(LOCAL_MODULE_SUFFIX)),) +LOCAL_MODULE_SUFFIX := .sbl +endif + +ifeq ($(strip $(LOCAL_MODULE_PATH)),) +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/sbl +endif + +LOCAL_CC := $(IAFW_CC) +LOCAL_CLANG := true +LOCAL_SANITIZE := never +LOCAL_NO_DEFAULT_COMPILER_FLAGS := true +LOCAL_CFLAGS += $(TARGET_IAFW_GLOBAL_CFLAGS) +LOCAL_ASFLAGS += $(TARGET_IAFW_ASFLAGS) +LOCAL_LDFLAGS := $(TARGET_IAFW_GLOBAL_LDFLAGS) -static \ + -T $(TARGET_SBL_LDS) $(LOCAL_LDFLAGS) +# If kernel enforce superpages the .text section gets aligned at +# offset 0x200000 which break multiboot compliance. +LOCAL_LDFLAGS += -z max-page-size=0x1000 +LOCAL_SBL_LDFALGS := $(LOCAL_LDFLAGS) +LOCAL_OBJCOPY_FLAGS := $(TARGET_IAFW_GLOBAL_OBJCOPY_FLAGS) $(LOCAL_OBJCOPY_FLAGS) + +skip_build_from_source := +ifdef LOCAL_PREBUILT_MODULE_FILE +ifeq (,$(call if-build-from-source,$(LOCAL_MODULE),$(LOCAL_PATH))) +include $(BUILD_SYSTEM)/prebuilt_internal.mk +skip_build_from_source := true +endif +endif + +ifndef skip_build_from_source + +ifdef LOCAL_IS_HOST_MODULE +$(error This file should not be used to build host binaries. Included by (or near) $(lastword $(filter-out config/%,$(MAKEFILE_LIST)))) +endif + +WITHOUT_LIBCOMPILER_RT := true +include $(BUILD_SYSTEM)/binary.mk +WITHOUT_LIBCOMPILER_RT := + +LIBPAYLOAD_CRT0_LIB := $(call intermediates-dir-for,STATIC_LIBRARIES,$(LIBPAYLOAD_CRT0))/$(LIBPAYLOAD_CRT0).a +all_objects += $(LIBPAYLOAD_CRT0_LIB) + +$(LOCAL_BUILT_MODULE): PRIVATE_OBJCOPY_FLAGS := $(LOCAL_OBJCOPY_FLAGS) + +#$(LOCAL_BUILT_MODULE): $(all_objects) $(all_libraries) $(SBLIMAGE) $(SBLSIGN) +$(LOCAL_BUILT_MODULE): $(all_objects) $(all_libraries) + $(call transform-o-to-sbl-executable,$(LOCAL_SBL_LDFALGS)) + +endif # skip_build_from_source + diff --git a/tasks/publish.mk b/tasks/publish.mk index d4c981e9..2c02d833 100644 --- a/tasks/publish.mk +++ b/tasks/publish.mk @@ -94,14 +94,14 @@ $(PUB_OSAGNOSTIC_TAG): publish_mkdir_dest $(OS_AGNOSTIC_INFO) $(hide)($(ACP) $(OS_AGNOSTIC_INFO) $@) endif -# Publish kf4abl symbols files -.PHONY: publish_kf4abl_symbols +# Publish kf4sbl symbols files +.PHONY: publish_kf4sbl_symbols ifeq ($(TARGET_BUILD_VARIANT:debug=)|$(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),user|true) -publish_kf4abl_symbols: publish_mkdir_dest kf4abl-$(TARGET_BUILD_VARIANT) fb4abl-$(TARGET_BUILD_VARIANT) - $(hide)($(ACP) $(KF4ABL_SYMBOLS_ZIP) $(FB4ABL_SYMBOLS_ZIP) $(publish_dest)) +publish_kf4sbl_symbols: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) fb4sbl-$(TARGET_BUILD_VARIANT) + $(hide)($(ACP) $(KF4SBL_SYMBOLS_ZIP) $(FB4SBL_SYMBOLS_ZIP) $(publish_dest)) else -publish_kf4abl_symbols: - @echo "Publish kf4abl symbols: skipped" +publish_kf4sbl_symbols: + @echo "Publish kf4sbl symbols: skipped" endif # Publish Firmware symbols @@ -286,6 +286,6 @@ publish: aic $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp $(PRODUCT_OUT)/$(TARGET_AIC_FILE_NAME) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) else # ANDROID_AS_GUEST -publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage_var publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4abl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller +publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage_var publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4sbl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller @$(ACP) out/dist/* $(publish_dest) endif # ANDROID_AS_GUEST From 06ffbded1da98d7ed3c5b97f9ea706e8ee53c08b Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Sun, 2 Jul 2023 13:51:03 +0800 Subject: [PATCH 14/37] Change signing method according to new SBL requirement SBL requires commandline image while builidng container image Tracked-On: OAM-110987 Signed-off-by: Chen, Gang G --- core/definitions.mk | 6 ++-- testkeys/OS1_TestKey_Priv_RSA3072.pem | 40 +++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 testkeys/OS1_TestKey_Priv_RSA3072.pem diff --git a/core/definitions.mk b/core/definitions.mk index 83a2f872..13a7cb4d 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -158,9 +158,9 @@ $(hide)$(IAFW_STRIP) --strip-all $(@:.sbl=.sym.elf) -o $(@:.sbl=.elf) $(hide) cp $(@:.sbl=.elf) $@ - -python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t NORMAL -cl ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA2048.pem -o $(PRODUCT_OUT)/sbl_os - +$(hide)rm -rf $(PRODUCT_OUT)/cmdline1 +$(hide)touch $(PRODUCT_OUT)/cmdline1 +python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT -cl CMD1:$(PRODUCT_OUT)/cmdline1 ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_os $(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ zip -juy $(FB4SBL_SYMBOLS_ZIP) $(@:.sbl=.map) $(@:.sbl=.sym.elf); \ diff --git a/testkeys/OS1_TestKey_Priv_RSA3072.pem b/testkeys/OS1_TestKey_Priv_RSA3072.pem new file mode 100644 index 00000000..eede1778 --- /dev/null +++ b/testkeys/OS1_TestKey_Priv_RSA3072.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCRwOwudCNiJugn +G+6tcVwqO40dr6srJnGPC6pt3Fdv4GOXnaHclJWcTlHs9UABTsKIhBltBpkDtOo9 +s8s5ZTPff3bhbzEPBAU4IAFwl4W+9A2djelb49r/gljzzpefZdh5Ys97o5UmnvOM +d4LgSfbsF/nOSsmS/hM/3XuitKLjVMqCMPgtGXZTdySmN1hyyX/yT27dBp+QryFo +1PvYDoWfC+69EzjCF74MxBsbRP8f5NjJJ2lqaU/D2uFK9oVvNwUshlmcYAbOgW9p +BxJ6oI/UKVUuuDnwdxv33UIgPX3Ic1JA6IN1hdKkF9gq6CcQHjN4zJHvFyhqDCy0 +BG+2fHBeO6ZZ/OrdC3ym0CEf7MA9GYkRiZFAyUHkK/kb8TvzQn8RY8IRJ0AiBMPh +4SmCcuEe0VYehQ7zuCatUTGxzGIyR+rPON9C68axFwNRZPI0nbXlNXvOI9oI/zIW +qGHGUwi1GWnsa8RwfdeHURrrGqJ48TDX4LJQWdAjmcBbAsKnQ30CAwEAAQKCAYBA +/rczVd3LcI8YlYee90yClrCsWsApC0kbYTfcKqQhAv5WR1g8/VMj8vbshEbI7n6o +EsQlzongUcYcwraufvcdRIFWMNe/Guta5kbOFvtwtfL2XaiArgBj7RPOkMMjNO7N +3maoez9RDBOOAWMusjz2dhCS0d3Gex9JXPI7kXKLji2J1d1tewu9V4VTy51Y/orc +GljVHhV8luP+k+9EHuGuFUueK9qlDqJUngR6ag+cgNe9B6Kl7ZVAwLOzUnAZMn6j +X998x5O5YHYM0CijoOpYc1/asFJWTZQzJE5zpFGlL8CjNpaxnm09GAX90/m6MLT1 +4WIjZwvMLyrztE+WpKJijTrOgkecWF1YtdMx/l/N/uflKy4Kj99+n3RN+ylztH25 +sok49quEsLvxdmedx4qcAgvNU+pEwVibIOWJsIXMBGoElbYiRF0DTj0fdgqDyl0I +Xcxz32Ut4SfP0ih+Z5lHWxJjO4/BvZuhkD8TQYWG1jkv/+s3NtamsG6fhc5BlA8C +gcEAwSKALUVpxRsf1Ufm5Jfjj5r0oBslt/5MFjWJn857i8Hdod5ypwCCbTf39UUk +hMsgG1S+vuGkW9HST+yYN+nJNb1YHbD6uOUGfPp7QxZWzoBZ1M2etRrOTBmXzckv +sllepuljJvKbv/CX2H7zsgyaxH/K/US/joI1DLCNqjFOY28j+d+FX81GHGKxF+jT +daKbBiKRWUl2i4pHmFRl/CL44Z0TZD4r7dc2X/0gpBMF37DseDWlkKLhuEBYJa3+ +gQ/rAoHBAMEyQLJ/KHdoW12KGX6fdsFpYuiVbDc/DNEgGv89+25Bwt9i+mkZWtFg +ieM73hSJxlS1rFTzRu2ISr9FdKrEsoJb4GYmazyhME7Vl3+KfP+EqmvAaKEv/Hcs +xz9rHP/AZy4blPrt0cuFuUpopMFGPcWtTKSlWnCfqrIGPm/+1pKMCm/cVGh7ev2b +9fycmx5m89TZLEn+Kt+M0vlDUvdtQYiqV5tSsqa4b1OXnXIcBP6WFzuOGMv6UAv4 +28Wj52iINwKBwFHNORjzo372pB8D20nLA3lZmm8N0IYD0Vo+xtHG9REWxba/rzQI +xTVZVU6vQG52Ul0BIeFbVPAHCNsNTNOx06VNUzsQMMGLT5ozxW1+0rmYJ3Q4uxXe +Cq600FU691bE/5AWngZrD4jWcJoj+zfYmtzLe8CWE8RaZfm/9eC2DYuUEVrOT4Fq +Ql3Xd0a3OIlEnACXN5TnxqwHn5dnd+K5NUzp6MK2ioisdL1nSyHzZLOADkhEAKIo +Ow59QliDP56OjQKBwQCa8cPDpIn+4lpMdeKmlBv5WJ0z7gsBb/bGjho41SwerG0v +HcG5otUckXFlJnGhRTIkZCQXaZlcDe/s4TaFcwW72RXqtytQT/Jfd5xudNJ1V6Aa +lREVHVg8+FPAgBac42GdMA/XA/87XD9T9wMT41LNhISwk9Ep/FQ5PRq8VcUfeWMx +faLQvR/R4FBzzeH2ixlJfvevTEJ0UgwuT5ltyVlC02M5tiSD4+2dPD7Q8rnquNNf +N0KZ7WJfh7IzG5YPVxcCgcEAn87fnMpa5bx2GM/9tCilYF94p9ImuTAmz1x9PrZd +qnKbxWo1Cd6L8Y6Ph3xo8w/ir93RvzpoTJVwZF7yfYvLzrfR/mFamNII82lq4HbS +kulfZW7HtIlLE0FBf68WwlCWYjqtzlbTnEQqTPSS1LoEEorw3qfYtQcpufnVCUom +8DlLxs5hg2oDIqlramtRSAx30/4Y3wItrGI1YshzUVYm5NBI0iYJd3gX9V6G93ZY +1WormZkhXCKHlSkcRsbpqTZD +-----END PRIVATE KEY----- From 0d59a229a8417acef392561b1d8ee64160d91e88 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Sun, 16 Jul 2023 11:04:18 +0800 Subject: [PATCH 15/37] Remove fb4sbl image from publish target fb4sbl feature is not ready yet, remove to make "dist publish" build pass Tracked-On: OAM-111199 Signed-off-by: Chen, Gang G --- tasks/publish.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/publish.mk b/tasks/publish.mk index 2c02d833..cd3ac54f 100644 --- a/tasks/publish.mk +++ b/tasks/publish.mk @@ -97,8 +97,8 @@ endif # Publish kf4sbl symbols files .PHONY: publish_kf4sbl_symbols ifeq ($(TARGET_BUILD_VARIANT:debug=)|$(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),user|true) -publish_kf4sbl_symbols: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) fb4sbl-$(TARGET_BUILD_VARIANT) - $(hide)($(ACP) $(KF4SBL_SYMBOLS_ZIP) $(FB4SBL_SYMBOLS_ZIP) $(publish_dest)) +publish_kf4sbl_symbols: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) + $(hide)($(ACP) $(KF4SBL_SYMBOLS_ZIP) $(publish_dest)) else publish_kf4sbl_symbols: @echo "Publish kf4sbl symbols: skipped" From 1f11cece8e07fb643a1006146031a811a5895565 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Sun, 16 Jul 2023 21:38:42 +0800 Subject: [PATCH 16/37] Support fastboot with slim bootloader Fastboot is used to flash Android images. Build fastboot as ELF format to support SBL boot Tracked-On: OAM-111201 Signed-off-by: Chen, Gang G --- core/definitions.mk | 14 +++++++++++--- tasks/publish.mk | 4 ++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/core/definitions.mk b/core/definitions.mk index 13a7cb4d..e215b4e3 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -158,9 +158,17 @@ $(hide)$(IAFW_STRIP) --strip-all $(@:.sbl=.sym.elf) -o $(@:.sbl=.elf) $(hide) cp $(@:.sbl=.elf) $@ -$(hide)rm -rf $(PRODUCT_OUT)/cmdline1 -$(hide)touch $(PRODUCT_OUT)/cmdline1 -python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT -cl CMD1:$(PRODUCT_OUT)/cmdline1 ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_os +$(eval SBL_DIR := $(dir $@)) +$(hide)rm -rf $(SBL_DIR)/cmdline1 +$(hide)touch $(SBL_DIR)/cmdline1 +python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT -cl CMD1:$(SBL_DIR)/cmdline1 \ +ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(SBL_DIR)/sbl_os + +if [ $(findstring kf4sbl,$(PRIVATE_MODULE) ) ]; then \ + cp $(SBL_DIR)/sbl_os $(PRODUCT_OUT)/sbl_os; \ +elif [ $(findstring fb4sbl,$(PRIVATE_MODULE) ) ]; then \ + cp $(SBL_DIR)/sbl_os $(PRODUCT_OUT)/sbl_fb; \ +fi $(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ zip -juy $(FB4SBL_SYMBOLS_ZIP) $(@:.sbl=.map) $(@:.sbl=.sym.elf); \ diff --git a/tasks/publish.mk b/tasks/publish.mk index cd3ac54f..2c02d833 100644 --- a/tasks/publish.mk +++ b/tasks/publish.mk @@ -97,8 +97,8 @@ endif # Publish kf4sbl symbols files .PHONY: publish_kf4sbl_symbols ifeq ($(TARGET_BUILD_VARIANT:debug=)|$(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),user|true) -publish_kf4sbl_symbols: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) - $(hide)($(ACP) $(KF4SBL_SYMBOLS_ZIP) $(publish_dest)) +publish_kf4sbl_symbols: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) fb4sbl-$(TARGET_BUILD_VARIANT) + $(hide)($(ACP) $(KF4SBL_SYMBOLS_ZIP) $(FB4SBL_SYMBOLS_ZIP) $(publish_dest)) else publish_kf4sbl_symbols: @echo "Publish kf4sbl symbols: skipped" From 5f1747b78ea41157a43b1dd14f09c42707659936 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Mon, 31 Jul 2023 21:38:13 +0800 Subject: [PATCH 17/37] Remove release files to optimize compile speed and save storage Release files are mainly used for CIV host setup. They are useless for IVI target. Tracked-On: OAM-111035 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 4c80b78d..5ddcd251 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -297,6 +297,7 @@ LOCAL_TOOL:= \ ifeq ($(RELEASE_BUILD),true) flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(gpt_name) publish_mkdir_dest publish_vertical host-pkg @$(ACP) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(publish_dest) +ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) @echo "Publishing Release files started ..." $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -317,6 +318,7 @@ endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) @echo "Release files are published" +endif ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) @echo "Publish the CaaS image as debian_package" @@ -344,6 +346,7 @@ else endif else flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_gptimage_var publish_mkdir_dest publish_vertical host-pkg +ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) @echo "Publishing Release files started" $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -364,6 +367,7 @@ endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) @echo "Release files are published" +endif ifneq (,$(filter caas_dev caas_cfc,$(TARGET_PRODUCT))) ifneq (,$(wildcard out/dist)) @echo "Publish the CaaS image as debian package" @@ -436,7 +440,7 @@ endif @echo "Zipping ISO image $(ISO_INSTALL_IMG_ZIP) ..." $(hide)zip -r -j $(ISO_INSTALL_IMG_ZIP) $(ISO_INSTALL_IMG) - +ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." $(hide)rm -rf $(ISO_RELEASE_TAR) $(hide)cp $(ISO_INSTALL_IMG) $(TOP)/ @@ -450,9 +454,11 @@ endif else $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso endif - +endif @echo "make ISO image done ---" +ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) +endif $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) From ceb83c7a473cac524da031b661270302319653f7 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Mon, 31 Jul 2023 22:20:21 +0800 Subject: [PATCH 18/37] Add iso_image option to enable/disable building of iso images make flashfiles takes long time. In order to reduce image generation time provided option to skip building of ISO image. If user wants to skip building of ISO image make command to use is "make flashfiles iso_image=false" Tracked-On: OAM-111036 Signed-off-by: Chen, Gang G --- tasks/flashfiles.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 5ddcd251..f1d81431 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -399,6 +399,7 @@ publish_ifwi: @echo "Warning: Unable to fulfill publish_ifwi makefile request" endif +ifneq ($(iso_image),false) @echo "Generating ISO image $(ISO_INSTALL_IMG) ..."; $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/; $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_ZIP) @@ -462,6 +463,7 @@ endif $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) - $(hide)rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(TOP)/*-flashfile-*.iso @echo "ISO Release files are published" +endif + $(hide)rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(TOP)/*-flashfile-*.iso From 94cc75b931784bd1ca9ec62faec3d18d6d3d2765 Mon Sep 17 00:00:00 2001 From: swaroopb Date: Tue, 12 Sep 2023 13:01:20 +0530 Subject: [PATCH 19/37] Adding new Lunch target for Development Purpose Tracked-On: OAM-112188 Signed-off-by: swaroopb --- tasks/flashfiles.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index f1d81431..ce2c179a 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -297,7 +297,7 @@ LOCAL_TOOL:= \ ifeq ($(RELEASE_BUILD),true) flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(gpt_name) publish_mkdir_dest publish_vertical host-pkg @$(ACP) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(publish_dest) -ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) @echo "Publishing Release files started ..." $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -346,7 +346,7 @@ else endif else flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_gptimage_var publish_mkdir_dest publish_vertical host-pkg -ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) @echo "Publishing Release files started" $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -441,7 +441,7 @@ endif @echo "Zipping ISO image $(ISO_INSTALL_IMG_ZIP) ..." $(hide)zip -r -j $(ISO_INSTALL_IMG_ZIP) $(ISO_INSTALL_IMG) -ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." $(hide)rm -rf $(ISO_RELEASE_TAR) $(hide)cp $(ISO_INSTALL_IMG) $(TOP)/ @@ -457,7 +457,7 @@ else endif endif @echo "make ISO image done ---" -ifeq (,$(filter celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) endif $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) From 9489d802b08dca6405498666ac8ca749b17e02ba Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Fri, 8 Sep 2023 15:22:27 +0800 Subject: [PATCH 20/37] Add ACRN hypervisor support Build ACRN hypervisor as container format image required by Slim Bootloader firmware Tracked-On: OAM-112144 Signed-off-by: Chen, Gang G --- core/definitions.mk | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/core/definitions.mk b/core/definitions.mk index e215b4e3..82b5b846 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -162,12 +162,26 @@ $(eval SBL_DIR := $(dir $@)) $(hide)rm -rf $(SBL_DIR)/cmdline1 $(hide)touch $(SBL_DIR)/cmdline1 python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT -cl CMD1:$(SBL_DIR)/cmdline1 \ -ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(SBL_DIR)/sbl_os +ELF1:$@ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(SBL_DIR)/sbl_bm if [ $(findstring kf4sbl,$(PRIVATE_MODULE) ) ]; then \ - cp $(SBL_DIR)/sbl_os $(PRODUCT_OUT)/sbl_os; \ + cp $(SBL_DIR)/sbl_bm $(PRODUCT_OUT)/sbl_bm; \ elif [ $(findstring fb4sbl,$(PRIVATE_MODULE) ) ]; then \ - cp $(SBL_DIR)/sbl_os $(PRODUCT_OUT)/sbl_fb; \ + cp $(SBL_DIR)/sbl_bm $(PRODUCT_OUT)/sbl_fb; \ +fi + +if [ $(findstring true, $(ACRN_HV)) ]; then \ +if [ $(findstring kf4sbl,$(PRIVATE_MODULE) ) ]; then \ + rm -rf $(SBL_DIR)/cmdline-acrn; \ + rm -rf $(SBL_DIR)/cmdline-kf; \ + rm -rf $(SBL_DIR)/acrn.32.out; \ + echo -ne "serail_baseaddr=0x3f8 serail_type=1 serail_regwidth=1\0" > $(SBL_DIR)/cmdline-acrn; \ + echo -ne "kernelflinger\0" > $(SBL_DIR)/cmdline-kf; \ + cp $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out $(SBL_DIR)/acrn.32.out; \ + python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ + -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ + -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ +fi \ fi $(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ From 39414e13b4977241299e00a7828e65665d9ae50e Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Sat, 7 Oct 2023 01:35:49 +0000 Subject: [PATCH 21/37] Update GenContainer.py Update GenContainer.py to slimbootloader/slimbootloader@ebc9ae062574 for multi-container boot support. Tracked-On: OAM-112552 Signed-off-by: Jiaqing Zhao --- containertool/GenContainer.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/containertool/GenContainer.py b/containertool/GenContainer.py index 98c9f1aa..35e83e0c 100755 --- a/containertool/GenContainer.py +++ b/containertool/GenContainer.py @@ -71,6 +71,7 @@ class CONTAINER_HDR (Structure): 'NORMAL' : 0x00, # Used for boot images in FV, regular ELF, PE32, etc. formats 'CLASSIC' : 0xF3, # Used for booting Linux with bzImage, cmdline, initrd, etc. 'MULTIBOOT' : 0xF4, # Multiboot compliant ELF images + 'MULTIBOOT_MODULE' : 0xF5, # Multiboot compliant ELF images } def __new__(cls, buf = None): @@ -592,7 +593,10 @@ def extract (self, name = '', file_path = ''): auth_type_str = self.get_auth_type_str (self.header.auth_type) match = re.match('RSA(\d+)_', auth_type_str) if match: - key_file = 'KEY_ID_CONTAINER_RSA%s' % match.group(1) + if self.header.signature.decode() == 'BOOT': + key_file = 'KEY_ID_OS1_PRIVATE_RSA%s' % match.group(1) + else: + key_file = 'KEY_ID_CONTAINER_RSA%s' % match.group(1) else: key_file = '' alignment = self.header.alignment @@ -822,7 +826,7 @@ def main(): # '-l' or '-cl', one of them is mandatory group.add_argument('-l', dest='layout', type=str, help='Container layout input file if no -cl') group.add_argument('-cl', dest='comp_list',nargs='+', help='List of each component files, following XXXX:FileName format') - cmd_display.add_argument('-t', dest='img_type', type=str, default='CLASSIC', help='Container Image Type : [NORMAL, CLASSIC, MULTIBOOT]') + cmd_display.add_argument('-t', dest='img_type', type=str, default='CLASSIC', help='Container Image Type : [NORMAL, CLASSIC, MULTIBOOT, MULTIBOOT_MODULE]') cmd_display.add_argument('-o', dest='out_path', type=str, default='.', help='Container output directory/file') cmd_display.add_argument('-k', dest='key_path', type=str, default='', help='Input key directory/file. Use key directoy path when container layout -l option is used \ Use Key Id or key file path when component files with -cl option is specified') From 747a651af1c7a37af9e1965df924f67bdda137b0 Mon Sep 17 00:00:00 2001 From: "Yan, Shaopu" Date: Tue, 17 Oct 2023 22:07:58 +0800 Subject: [PATCH 22/37] pack optee prebuilt binary into bootloader this will happen only when the mixin of tee is set as "optee" Tracked-On: OAM-112796 Signed-off-by: Yan, Shaopu --- core/definitions.mk | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/core/definitions.mk b/core/definitions.mk index 82b5b846..6e7982d7 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -178,10 +178,21 @@ if [ $(findstring kf4sbl,$(PRIVATE_MODULE) ) ]; then \ echo -ne "serail_baseaddr=0x3f8 serail_type=1 serail_regwidth=1\0" > $(SBL_DIR)/cmdline-acrn; \ echo -ne "kernelflinger\0" > $(SBL_DIR)/cmdline-kf; \ cp $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out $(SBL_DIR)/acrn.32.out; \ +if [ $(findstring optee,$(TEE) ) ]; then \ + rm -rf $(SBL_DIR)/cmdline-tee; \ + rm -rf $(SBL_DIR)/tee.elf; \ + echo -ne "tee_elf\0" > $(SBL_DIR)/cmdline-tee; \ + cp $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf $(SBL_DIR)/tee.elf; \ + python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ + -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ + CMD3:$(SBL_DIR)/cmdline-tee ELF3:$(SBL_DIR)/tee.elf \ + -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ +else \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ fi \ +fi \ fi $(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ From c5850ed5e07e9c3e6249a6067b624d52d9b0b801 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Tue, 10 Oct 2023 01:33:20 +0000 Subject: [PATCH 23/37] Build separate boot containers for SBL Create boot container separately for boot from multiple containers in SBL. This is controlled by "acrn" option. Tracked-On: OAM-112952 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 6 ++++++ create_gpt_image.py | 1 + 2 files changed, 7 insertions(+) diff --git a/core/definitions.mk b/core/definitions.mk index 6e7982d7..09a2690c 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -191,6 +191,12 @@ else \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ + python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ + -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out \ + -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_mod_acrn; \ + python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT_MODULE \ + -cl CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ + -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_mod_kf; \ fi \ fi \ fi diff --git a/create_gpt_image.py b/create_gpt_image.py index 16ad8505..23fc46cb 100755 --- a/create_gpt_image.py +++ b/create_gpt_image.py @@ -874,6 +874,7 @@ class GPTImage(object): 'config', 'tos', 'mfos', + 'tee', 'teedata', 'super', 'reserved' From cb627903e35bd272ac49eed089fc6864e0eebee6 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Fri, 3 Nov 2023 08:17:12 +0000 Subject: [PATCH 24/37] Fix build failure when tee is enabled Commit c5850ed5e07e ("Build separate boot containers for SBL") conflicts with 747a651af1c7 ("pack optee prebuilt binary into bootloader"), causing build failure when "tee" is enabled in mixins.spec. Tracked-On: OAM-113156 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/definitions.mk b/core/definitions.mk index 09a2690c..f2de5f19 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -191,14 +191,14 @@ else \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ +fi; \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_mod_acrn; \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT_MODULE \ -cl CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_mod_kf; \ -fi \ -fi \ +fi; \ fi $(hide) if [ "$(PRIVATE_MODULE:debug=)" = fb4sbl-user ]; then \ From e13c3c79f82e815c8eb21f88aee9eab4b3b10a0e Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Thu, 9 Nov 2023 08:01:45 +0000 Subject: [PATCH 25/37] Use acrn release binary in user build Tracked-On: OAM-113406 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/core/definitions.mk b/core/definitions.mk index f2de5f19..8389dc99 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -27,6 +27,12 @@ IASL := $(INTEL_PATH_BUILD)/acpi-tools/linux64/bin/iasl KF4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/kf4sbl_symbols.zip FB4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/fb4sbl_symbols.zip +ifeq ($(TARGET_BUILD_VARIANT),user) +ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out.release +else +ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out +endif + # Extra host tools we need built to use our *_from_target_files # or sign_target_files_* scripts INTEL_OTATOOLS := \ @@ -177,7 +183,7 @@ if [ $(findstring kf4sbl,$(PRIVATE_MODULE) ) ]; then \ rm -rf $(SBL_DIR)/acrn.32.out; \ echo -ne "serail_baseaddr=0x3f8 serail_type=1 serail_regwidth=1\0" > $(SBL_DIR)/cmdline-acrn; \ echo -ne "kernelflinger\0" > $(SBL_DIR)/cmdline-kf; \ - cp $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out $(SBL_DIR)/acrn.32.out; \ + cp $(ACRN_BIN) $(SBL_DIR)/acrn.32.out; \ if [ $(findstring optee,$(TEE) ) ]; then \ rm -rf $(SBL_DIR)/cmdline-tee; \ rm -rf $(SBL_DIR)/tee.elf; \ From 4064edbfb3a5c6ff808b45c999e59f003f503d5c Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Thu, 16 Nov 2023 08:29:50 +0000 Subject: [PATCH 26/37] Use debug version of optee in userdebug build Tracked-On: OAM-113426 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/core/definitions.mk b/core/definitions.mk index 8389dc99..76dad498 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -33,6 +33,12 @@ else ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out endif +ifeq ($(TARGET_BUILD_VARIANT),user) +OPTEE_BIN := $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf +else +OPTEE_BIN := $(TOP)/vendor/intel/optee/optee_release_binaries/debug/tee.elf +endif + # Extra host tools we need built to use our *_from_target_files # or sign_target_files_* scripts INTEL_OTATOOLS := \ @@ -188,7 +194,7 @@ if [ $(findstring optee,$(TEE) ) ]; then \ rm -rf $(SBL_DIR)/cmdline-tee; \ rm -rf $(SBL_DIR)/tee.elf; \ echo -ne "tee_elf\0" > $(SBL_DIR)/cmdline-tee; \ - cp $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf $(SBL_DIR)/tee.elf; \ + cp $(OPTEE_BIN) $(SBL_DIR)/tee.elf; \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ CMD3:$(SBL_DIR)/cmdline-tee ELF3:$(SBL_DIR)/tee.elf \ From 47ec849579e45c9128bee517388bfac84dcc0671 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Thu, 9 Nov 2023 08:01:45 +0000 Subject: [PATCH 27/37] Use optee-enabled ACRN binary for optee-enabled build Also rename OPTEE_BIN to OPTEE_ELF to resolve naming conflict. Tests Done: * Build with optee as TEE * Build with TEE disabled * Boot with single sbl_os * Boot with multiple container files (acrn.sbl/kf.sbl/tee.sbl) Tracked-On: OAM-113418 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/core/definitions.mk b/core/definitions.mk index 76dad498..d051babd 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -28,15 +28,23 @@ KF4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/kf4sbl_symbols.zip FB4SBL_SYMBOLS_ZIP := $(PRODUCT_OUT)/fb4sbl_symbols.zip ifeq ($(TARGET_BUILD_VARIANT),user) +ifeq ($(TEE),optee) +ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out.tee.release +else ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out.release +endif +else +ifeq ($(TEE),optee) +ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out.tee else ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out endif +endif ifeq ($(TARGET_BUILD_VARIANT),user) -OPTEE_BIN := $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf +OPTEE_ELF := $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf else -OPTEE_BIN := $(TOP)/vendor/intel/optee/optee_release_binaries/debug/tee.elf +OPTEE_ELF := $(TOP)/vendor/intel/optee/optee_release_binaries/debug/tee.elf endif # Extra host tools we need built to use our *_from_target_files @@ -194,7 +202,7 @@ if [ $(findstring optee,$(TEE) ) ]; then \ rm -rf $(SBL_DIR)/cmdline-tee; \ rm -rf $(SBL_DIR)/tee.elf; \ echo -ne "tee_elf\0" > $(SBL_DIR)/cmdline-tee; \ - cp $(OPTEE_BIN) $(SBL_DIR)/tee.elf; \ + cp $(OPTEE_ELF) $(SBL_DIR)/tee.elf; \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ CMD3:$(SBL_DIR)/cmdline-tee ELF3:$(SBL_DIR)/tee.elf \ From b1cb0aa6ccf12f02d564be5b93522c2d836e8a89 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Thu, 23 Nov 2023 06:10:51 +0000 Subject: [PATCH 28/37] Build separate container file for TEE Build a separate container file sbl_mod_tee for booting from multiple partitions feature. Tests Done: * Build with optee as TEE * Build with TEE disabled * Boot with single sbl_os * Boot with multiple container files (acrn.sbl/kf.sbl/tee.sbl) Tracked-On: OAM-113549 Signed-off-by: Jiaqing Zhao --- core/definitions.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/definitions.mk b/core/definitions.mk index d051babd..11295012 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -207,6 +207,9 @@ if [ $(findstring optee,$(TEE) ) ]; then \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ CMD3:$(SBL_DIR)/cmdline-tee ELF3:$(SBL_DIR)/tee.elf \ -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_acrn; \ + python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT_MODULE \ + -cl CMD3:$(SBL_DIR)/cmdline-tee ELF3:$(SBL_DIR)/tee.elf \ + -k $(INTEL_PATH_BUILD)/testkeys/OS1_TestKey_Priv_RSA3072.pem -o $(PRODUCT_OUT)/sbl_mod_tee; \ else \ python3 $(INTEL_PATH_BUILD)/containertool/GenContainer.py create -t MULTIBOOT \ -cl CMD1:$(SBL_DIR)/cmdline-acrn ELF1:$(SBL_DIR)/acrn.32.out CMD2:$(SBL_DIR)/cmdline-kf ELF2:$@ \ From 04a54994b80eb87ed8e3ba267ace27410f31fff8 Mon Sep 17 00:00:00 2001 From: nitishat9 Date: Fri, 28 Oct 2022 08:01:55 +0530 Subject: [PATCH 29/37] Add a new partition share_data /data partition cannot be used for mounting overlayfs. Created a new partition share_data to mount overlayfs for docker related files. Tracked-On: OAM-104201 Change-Id: Ibfd792e0cea68d8114ad8c56e60da7bb82d09c6a Signed-off-by: nitishat9 --- create_gpt_image.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/create_gpt_image.py b/create_gpt_image.py index 23fc46cb..71417da3 100755 --- a/create_gpt_image.py +++ b/create_gpt_image.py @@ -520,6 +520,7 @@ def write(self, img_file, offset, entry_info): 'mfos':'4f33cfe4-a0c1-448b-aec4-40f10a0cef3f', 'teedata': '0fc63daf-8483-4772-8e79-3d69d8477de4', 'super': '0fc63daf-8483-4772-8e79-3d69d8477de4', + 'share_data': '0fc63daf-8483-4772-8e79-3d69d8477de4', 'reserved': '0fc63daf-8483-4772-8e79-3d69d8477de4' } } @@ -877,6 +878,7 @@ class GPTImage(object): 'tee', 'teedata', 'super', + 'share_data', 'reserved' ] From d4dcacbd800cc40fb98169b07c9cc766c58a906d Mon Sep 17 00:00:00 2001 From: swaroopb Date: Fri, 8 Dec 2023 08:31:50 +0530 Subject: [PATCH 30/37] Created new target base_aaos This is a common target for Common Base Line Test done : Boot check done Tracked-On: OAM-114053 Signed-off-by: swaroopb --- tasks/flashfiles.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index ce2c179a..0130a6b5 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -297,7 +297,7 @@ LOCAL_TOOL:= \ ifeq ($(RELEASE_BUILD),true) flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(gpt_name) publish_mkdir_dest publish_vertical host-pkg @$(ACP) $(BUILT_RELEASE_FLASH_FILES_PACKAGE) $(publish_dest) -ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Publishing Release files started ..." $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -346,7 +346,7 @@ else endif else flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_gptimage_var publish_mkdir_dest publish_vertical host-pkg -ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Publishing Release files started" $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files @@ -441,7 +441,7 @@ endif @echo "Zipping ISO image $(ISO_INSTALL_IMG_ZIP) ..." $(hide)zip -r -j $(ISO_INSTALL_IMG_ZIP) $(ISO_INSTALL_IMG) -ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." $(hide)rm -rf $(ISO_RELEASE_TAR) $(hide)cp $(ISO_INSTALL_IMG) $(TOP)/ @@ -457,7 +457,7 @@ else endif endif @echo "make ISO image done ---" -ifeq (,$(filter apollo_ivi blizzard_ivi celadon_ivi,$(TARGET_PRODUCT))) +ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) endif $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) From f45f2769a6265c6c981e4ec2e75199200ff6d30f Mon Sep 17 00:00:00 2001 From: Jingdong Lu Date: Thu, 28 Dec 2023 16:15:19 +0800 Subject: [PATCH 31/37] Change the source of OPTEE_ELF OPTEE_ELF is changed to optee binary built in Android. Tests done: * OP-TEE can boot and work properly in userdebug build. * OP-TEE can boot and work properly in user build. Tracked-On: OAM-114532 Signed-off-by: Jingdong Lu --- core/definitions.mk | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/core/definitions.mk b/core/definitions.mk index 11295012..142b8403 100755 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -41,11 +41,7 @@ ACRN_BIN := $(TOP)/vendor/intel/acrn/sample_a/acrn.32.out endif endif -ifeq ($(TARGET_BUILD_VARIANT),user) -OPTEE_ELF := $(TOP)/vendor/intel/optee/optee_release_binaries/release/tee.elf -else -OPTEE_ELF := $(TOP)/vendor/intel/optee/optee_release_binaries/debug/tee.elf -endif +OPTEE_ELF := $(PRODUCT_OUT)/optee/x86_64-plat-standalonevm/core/tee.elf # Extra host tools we need built to use our *_from_target_files # or sign_target_files_* scripts From 27fc3a155dab47be122f4478ed67e970b53c9aba Mon Sep 17 00:00:00 2001 From: sgnanase Date: Mon, 11 Dec 2023 10:31:55 +0530 Subject: [PATCH 32/37] Enable provision to compile vm1-2 and vm3 separately Tracked-On: OAM-114149 Signed-off-by: sgnanase --- tasks/flashfiles.mk | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 0130a6b5..fb8d69f1 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -10,7 +10,11 @@ flash_name := $(name)-sign-flashfiles-$(FILE_NAME_TAG) target_name := $(name)-sign-targetfile-$(FILE_NAME_TAG) gpt_name := $(PRODUCT_OUT)/release_sign/$(name).img endif +ifeq ($(VM3),true) +name := $(name)-flashfiles-vm3-$(FILE_NAME_TAG) +else name := $(name)-flashfiles-$(FILE_NAME_TAG) +endif BUILDNUM := $(shell $(DATE) +%H%M%3S) ifeq ($(RELEASE_BUILD),true) BUILT_RELEASE_FLASH_FILES_PACKAGE := $(PRODUCT_OUT)/$(flash_name).zip @@ -284,8 +288,12 @@ endif ifeq ($(RELEASE_BUILD),true) ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-sign-flashfile-$(FILE_NAME_TAG).iso else +ifeq ($(VM3),true) +ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-vm3-$(FILE_NAME_TAG).iso +else ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(FILE_NAME_TAG).iso endif +endif ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi From 8423487a868d4dde22b06708645d7b3d82166079 Mon Sep 17 00:00:00 2001 From: sgnanase Date: Thu, 23 Nov 2023 08:25:20 +0530 Subject: [PATCH 33/37] Improve compilation speed for android build Currently FFTF python script is used for creating flashfiles.zip. It uses ZipWrite python api which is time consuming and adds overhead to build time. Say, flash.json generation, unpacking of target files, installer.cmd generation, etc. This fix helps to optimize build time and involves below changes: - Use tar + pigz combo for faster flashfiles generation. - Make FFTF a bash script as python doesn't directly support tar + pigz - Add use_tar=true flag to "make flashfiles" to enable it. e,g, "make flashfiles -j use_tar=true" - The new script still supports all old functionalities, say, generation of installer.cmd, flash.json, repacking of bootloader.img, etc. Tracked-On: OAM-112083 Signed-off-by: sgnanase Signed-off-by: Chen, Gang G --- releasetools/bootloader_from_target_files | 7 +- releasetools/flashfiles_from_target_files.sh | 83 +++++++++++++++ tasks/flashfiles.mk | 100 +++++++++++++------ 3 files changed, 158 insertions(+), 32 deletions(-) create mode 100755 releasetools/flashfiles_from_target_files.sh diff --git a/releasetools/bootloader_from_target_files b/releasetools/bootloader_from_target_files index 50618f54..4162b00a 100755 --- a/releasetools/bootloader_from_target_files +++ b/releasetools/bootloader_from_target_files @@ -62,9 +62,10 @@ def main(argv): sys.exit(1) print "unzipping target-files..." - OPTIONS.input_tmp = common.UnzipTemp(args[0]) - input_zip = zipfile.ZipFile(args[0], "r") - OPTIONS.info_dict = common.LoadInfoDict(input_zip) + #OPTIONS.input_tmp = common.UnzipTemp(args[0]) + OPTIONS.input_tmp = args[0] + #input_zip = zipfile.ZipFile(args[0], "r") + #OPTIONS.info_dict = common.LoadInfoDict(input_zip) extras = [] if OPTIONS.bootable: diff --git a/releasetools/flashfiles_from_target_files.sh b/releasetools/flashfiles_from_target_files.sh new file mode 100755 index 00000000..62c5bc59 --- /dev/null +++ b/releasetools/flashfiles_from_target_files.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +echo "========================" +echo "Preparing flashfiles - New Method" +echo "No more Zip. We use tar + pigz" +echo "========================" + +## PRE-REQUISITE +flashfile=`basename $1` +flashfile_dir=`echo $flashfile | sed 's/\.tar\.gz//g'` +PRODUCT_OUT=`dirname $1` +VARIANT=`grep -i "ro.system.build.type=" $PRODUCT_OUT/system/build.prop | cut -d '=' -f2` +TARGET=`grep -i "ro.build.product=" $PRODUCT_OUT/system/build.prop | cut -d '=' -f2` +ANDROID_ROOT=${PWD} + +echo "========================" +echo "Images / Files to be packed" +echo "========================" +IMAGES_TUPLE=`./device/intel/build/releasetools/flash_cmd_generator.py device/intel/project-celadon/$TARGET/flashfiles.ini $TARGET $VARIANT | tail -1` +c=-2 +for i in $IMAGES_TUPLE +do + if [[ $c -gt 0 && `expr $c % 2` == 1 ]]; then + i=`echo ${i::-3} | sed "s/'//g"` + echo $i + j="$j $i" + fi + c=$((c+1)) +done + +IMAGES=`echo $j | xargs -n1 | sort -u` +echo "========================" +echo "Generating Tar ..." +echo "========================" +cd $PRODUCT_OUT +rm -rf $flashfile_dir +mkdir $flashfile_dir + +for i in $IMAGES +do + echo "Adding $i" + if [[ $i == "super.img" ]]; then + SUPER_IMG=true + cp ./obj/PACKAGING/super.img_intermediates/super.img $flashfile_dir/. + else + if [[ $i == "installer.efi" ]]; then + cp efi/installer.efi $flashfile_dir/. + else + if [[ $i == "startup.nsh" ]]; then + cp efi/startup.nsh $flashfile_dir/. + else + if [[ $i == "system.img" || $i == "odm.img" || $i == "vbmeta.img" || $i == "vendor_boot.img" ]]; then + cp obj/PACKAGING/target_files_intermediates/$TARGET-target_files-*/IMAGES/$i $flashfile_dir/. + else + cp $i $flashfile_dir/. + fi + fi + fi + fi +done + +cd $ANDROID_ROOT +echo "========================" +echo "Generate installer.cmd" +echo "========================" +device/intel/build/releasetools/flash_cmd_generator.py device/intel/project-celadon/$TARGET/flashfiles.ini $TARGET $VARIANT | sed '$d' | sed '$d' | sed -n '/installer.cmd/,$p' | sed '1d' > $PRODUCT_OUT/$flashfile_dir/installer.cmd +sed -i 's/flash super super.img/flash super super.img.part00 super.img.part01/g' $PRODUCT_OUT/$flashfile_dir/installer.cmd + +echo "========================" +echo "Generate flash.json" +echo "========================" +device/intel/build/releasetools/flash_cmd_generator.py device/intel/project-celadon/$TARGET/flashfiles.ini $TARGET $VARIANT | sed -n '/installer.cmd/q;p' | sed '1d' > $PRODUCT_OUT/$flashfile_dir/flash.json + +if [[ $SUPER_IMG == "true" ]]; then + cd $PRODUCT_OUT + rm -f $flashfile_dir/system.img $flashfile_dir/vendor.img $flashfile_dir/product.img +fi + +tar -cvf - $flashfile_dir/ | /usr/bin/pigz > $flashfile + +echo "========================" +echo "Flashfiles Tar $PRODUCT_OUT/$flashfile_dir/$flashfile created" +echo "========================" diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index fb8d69f1..36de49e4 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -72,22 +72,29 @@ $(gpt_name): @echo "skip build gptimages" endif -$(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_SUPER_IMAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) +$(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_SUPER_IMAGE) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) - $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(BUILT_RELEASE_SUPER_IMAGE) $(BUILT_RELEASE_TARGET_FILES_PACKAGE) $@ + $(legacy_fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(BUILT_RELEASE_SUPER_IMAGE) $(BUILT_RELEASE_TARGET_FILES_PACKAGE) $@ #remove system.img vendor.img product.img from flashfiles.zip $(hide)zip -d $@ "system.img" "product.img" "vendor.img"; else -$(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) +$(BUILT_RELEASE_FLASH_FILES_PACKAGE):$(BUILT_RELEASE_TARGET_FILES_PACKAGE) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) - $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_RELEASE_TARGET_FILES_PACKAGE) $@ + $(legacy_fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_RELEASE_TARGET_FILES_PACKAGE) $@ endif endif ifeq ($(USE_INTEL_FLASHFILES),true) -fftf := $(INTEL_PATH_BUILD)/releasetools/flashfiles_from_target_files +fftf := $(INTEL_PATH_BUILD)/releasetools/flashfiles_from_target_files.sh +legacy_fftf := $(INTEL_PATH_BUILD)/releasetools/flashfiles_from_target_files odf := $(INTEL_PATH_BUILD)/releasetools/ota_deployment_fixup +ifeq ($(use_tar),true) + fn_compress_format := tar.gz +else + fn_compress_format := zip +endif + ifneq ($(FLASHFILE_VARIANTS),) # Generate variant specific flashfiles if VARIANT_SPECIFIC_FLASHFILES is True ifeq ($(VARIANT_SPECIFIC_FLASHFILES),true) @@ -96,17 +103,17 @@ ifneq ($(FLASHFILE_VARIANTS),) $(info Adding $(var)) \ $(eval fn_prefix := $(PRODUCT_OUT)/$(TARGET_PRODUCT)) \ $(eval fn_suffix := $(var)-$(FILE_NAME_TAG)) \ - $(eval ff_zip := $(fn_prefix)-flashfiles-$(fn_suffix).zip) \ + $(eval ff_zip := $(fn_prefix)-flashfiles-$(fn_suffix).$(fn_compress_format)) \ $(eval INTEL_FACTORY_FLASHFILES_TARGET += $(ff_zip)) \ $(call dist-for-goals,droidcore,$(ff_zip):$(notdir $(ff_zip)))) - $(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) + $(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) $(eval y = $(subst -, ,$(basename $(@F)))) $(eval DEV = $(word 3, $(y))) $(eval mvcfg_dev = $(MV_CONFIG_DEFAULT_TYPE.$(DEV))) $(if $(mvcfg_dev), $(eval mvcfg_default_arg = $(mvcfg_dev)),$(eval mvcfg_default_arg = $(MV_CONFIG_DEFAULT_TYPE))) - $(hide) $(fftf) --variant=$(DEV) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_TARGET_FILES_PACKAGE) $@ + $(hide) $(legacy_fftf) --variant=$(DEV) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_TARGET_FILES_PACKAGE) $@ endif ifneq ($(TARGET_SKIP_OTA_PACKAGE), true) @@ -138,7 +145,11 @@ ifneq ($(FLASHFILE_VARIANTS),) FLASHFILES_ADD_ARGS := '--unified-variants' endif -INTEL_FACTORY_FLASHFILES_TARGET := $(PRODUCT_OUT)/$(name).zip +ifeq ($(use_tar),true) + INTEL_FACTORY_FLASHFILES_TARGET := $(PRODUCT_OUT)/$(name).tar.gz +else + INTEL_FACTORY_FLASHFILES_TARGET := $(PRODUCT_OUT)/$(name).zip +endif ifneq ($(SOFIA_FIRMWARE_VARIANTS),) mvcfg_default_arg = $(MV_CONFIG_DEFAULT_TYPE.$(firstword $(SOFIA_FIRMWARE_VARIANTS))) @@ -146,16 +157,22 @@ else mvcfg_default_arg = $(MV_CONFIG_DEFAULT_TYPE) endif +########################################## +########################################## ifeq ($(SUPER_IMG_IN_FLASHZIP),true) -$(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(INTERNAL_SUPERIMAGE_DIST_TARGET) +$(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(INTERNAL_SUPERIMAGE_DIST_TARGET) $(hide) mkdir -p $(dir $@) - $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(INTERNAL_SUPERIMAGE_DIST_TARGET) $(BUILT_TARGET_FILES_PACKAGE) $@ +ifeq ($(use_tar),true) + $(fftf) $@ +else + $(legacy_fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --add_image=$(INTERNAL_SUPERIMAGE_DIST_TARGET) $(BUILT_TARGET_FILES_PACKAGE) $@ #remove system.img vendor.img product.img from flashfiles.zip $(hide)zip -d $@ "system.img" "product.img" "vendor.img"; +endif else -$(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(fftf) $(UEFI_ADDITIONAL_TOOLS) +$(INTEL_FACTORY_FLASHFILES_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(hide) mkdir -p $(dir $@) - $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_TARGET_FILES_PACKAGE) $@ + $(legacy_fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) $(BUILT_TARGET_FILES_PACKAGE) $@ endif ifeq ($(PUBLISH_CMCC_IMG),true) @@ -185,10 +202,10 @@ FAST_FLASHFILES_DEPS := \ $(USERFASTBOOT_BOOTIMAGE) \ $(INSTALLED_VBMETAIMAGE_TARGET) \ -fast_flashfiles: $(fftf) $(UEFI_ADDITIONAL_TOOLS) $(FAST_FLASHFILES_DEPS) | $(ACP) +fast_flashfiles: $(fftf) $(legacy_fftf) $(UEFI_ADDITIONAL_TOOLS) $(FAST_FLASHFILES_DEPS) | $(ACP) $(hide) rm -rf $(FAST_FLASHFILES_DIR) $(hide) mkdir -p $(FAST_FLASHFILES_DIR) - $(fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --fast $(PRODUCT_OUT) $(FAST_FLASHFILES_DIR) + $(legacy_fftf) $(FLASHFILES_ADD_ARGS) --mv_config_default=$(notdir $(mvcfg_default_arg)) --fast $(PRODUCT_OUT) $(FAST_FLASHFILES_DIR) # add dependencies droid: fast_flashfiles @@ -294,7 +311,12 @@ else ISO_INSTALL_IMG = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfile-$(FILE_NAME_TAG).iso endif endif -ISO_INSTALL_IMG_ZIP = $(ISO_INSTALL_IMG).zip + +ifeq ($(use_tar),true) +ISO_INSTALL_IMG_COMP = $(ISO_INSTALL_IMG).tar.gz +else +ISO_INSTALL_IMG_COMP = $(ISO_INSTALL_IMG).zip +endif ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi @@ -308,7 +330,7 @@ flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) $(BUILT_RELEASE_FLASH_FILES_PACKA ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Publishing Release files started ..." $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files - $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files + $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.$(fn_compress_format) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/scripts $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r vendor/intel/utils/host $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) mv $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files/host $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files/patches @@ -316,12 +338,12 @@ ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) ifneq (,$(wildcard vendor/intel/utils_vertical)) ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) @echo "vertical_keybox_provisioning included" - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip *provisioning + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) *provisioning else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) endif else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip + $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) @@ -357,7 +379,7 @@ flashfiles: $(INTEL_FACTORY_FLASHFILES_TARGET) publish_gptimage_var publish_mkdi ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Publishing Release files started" $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files - $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.zip $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files + $(hide) cp -r $(PRODUCT_OUT)/*-flashfiles-*.$(fn_compress_format) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r $(PRODUCT_OUT)/scripts $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) cp -r vendor/intel/utils/host $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(hide) mv $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files/host $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files/patches @@ -365,12 +387,12 @@ ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) ifneq (,$(wildcard vendor/intel/utils_vertical)) ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) @echo "vertical_keybox_provisioning included" - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip *provisioning + $(hide) tar --exclude=*.git -cvf - scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) *provisioning | /usr/bin/pigz > $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip + $(hide) tar --exclude=*.git -cvf - scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) | /usr/bin/pigz > $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz endif else - $(hide) tar --exclude=*.git -czf $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz scripts *patches $(TARGET_PRODUCT)-flashfiles-*.zip + $(hide) tar --exclude=*.git -cvf - scripts *patches $(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) | /usr/bin/pigz > $(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz endif $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp -r $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz $(PRODUCT_OUT) @@ -410,14 +432,18 @@ endif ifneq ($(iso_image),false) @echo "Generating ISO image $(ISO_INSTALL_IMG) ..."; $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/; - $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_ZIP) + $(hide)rm -rf $(ISO_INSTALL_IMG) $(ISO_INSTALL_IMG_COMP) $(hide)mkdir -p $(PRODUCT_OUT)/efi_images_tmp; +ifeq ($(use_tar),true) + cp -r $(PRODUCT_OUT)/$(TARGET_PRODUCT)-flashfiles-*/* $(PRODUCT_OUT)/efi_images_tmp/. +else ifeq ($(RELEASE_BUILD),true) $(hide)unzip $(BUILT_RELEASE_FLASH_FILES_PACKAGE) -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; else $(hide)unzip $(INTEL_FACTORY_FLASHFILES_TARGET) -d $(PRODUCT_OUT)/efi_images_tmp/ > /dev/null; +endif endif G_size=`echo "$$((1 << 32))"`; \ for img in `ls $(PRODUCT_OUT)/efi_images_tmp/`;do \ @@ -447,8 +473,12 @@ endif $(hide)xorriso -as mkisofs -iso-level 3 -r -V "Civ ISO" -J -joliet-long -append_partition 2 0xef $(ISO_EFI) \ -partition_cyl_align all -o $(ISO_INSTALL_IMG) $(PRODUCT_OUT)/iso/ - @echo "Zipping ISO image $(ISO_INSTALL_IMG_ZIP) ..." - $(hide)zip -r -j $(ISO_INSTALL_IMG_ZIP) $(ISO_INSTALL_IMG) + @echo "Compress ISO image $(ISO_INSTALL_IMG_COMP) ..." +ifeq ($(use_tar),true) + $(hide) tar -cvf - $(ISO_INSTALL_IMG) | /usr/bin/pigz > $(ISO_INSTALL_IMG_COMP) +else + $(hide)zip -r -j $(ISO_INSTALL_IMG_COMP) $(ISO_INSTALL_IMG) +endif ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) @echo "Zipping ISO release image $(ISO_RELEASE_TAR) ..." $(hide)rm -rf $(ISO_RELEASE_TAR) @@ -456,22 +486,34 @@ ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) ifneq (,$(wildcard vendor/intel/utils_vertical)) ifneq (,$(wildcard vendor/intel/fw/keybox_provisioning)) @echo "vertical_keybox_provisioning included" +ifeq ($(use_tar),true) + $(hide) tar --exclude=*.git -cvf - scripts *patches *-flashfile-*.iso *provisioning | /usr/bin/pigz > $(ISO_RELEASE_TAR) +else $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso *provisioning +endif +else +ifeq ($(use_tar),true) + $(hide) tar --exclude=*.git -cvf - scripts *patches *-flashfile-*.iso | /usr/bin/pigz > $(ISO_RELEASE_TAR) else $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso endif +endif +else +ifeq ($(use_tar),true) + $(hide) tar --exclude=*.git -cvf - scripts *patches *-flashfile-*.iso | /usr/bin/pigz > $(ISO_RELEASE_TAR) else $(hide) tar --exclude=*.git -czf $(ISO_RELEASE_TAR) scripts *patches *-flashfile-*.iso endif +endif endif @echo "make ISO image done ---" ifeq (,$(filter apollo_ivi blizzard_ivi base_aaos,$(TARGET_PRODUCT))) $(hide) cp -r $(ISO_RELEASE_TAR) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) endif - $(hide) cp -r $(ISO_INSTALL_IMG_ZIP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) + $(hide) cp -r $(ISO_INSTALL_IMG_COMP) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide)rm -rf $(PRODUCT_OUT)/efi_images_tmp/ $(PRODUCT_OUT)/iso $(ISO_EFI) @echo "ISO Release files are published" endif - $(hide)rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.zip && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(TOP)/*-flashfile-*.iso + $(hide)rm -rf $(TOP)/$(TARGET_PRODUCT)-releasefiles-$(TARGET_BUILD_VARIANT).tar.gz && rm -rf $(TOP)/Release_Files && rm -rf $(TOP)/$(TARGET_PRODUCT)-flashfiles-*.$(fn_compress_format) && rm -rf $(TOP)/scripts && rm -rf $(TOP)/*patches && rm -rf $(TOP)/*provisioning && rm -rf $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT)/Release_Files $(TOP)/*-flashfile-*.iso From d37476c60669a767542dbc330f544d1357003087 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Fri, 19 Jan 2024 08:18:57 +0000 Subject: [PATCH 34/37] Add kernelflinger binary to publish_ci/publish maketarget kernelflinger binary (kf4sbl.sbl) may be used as the bootloader of Android VM. Add it to pub directory of both publish_ci and publish maketarget so that it will be uploaded to artifactory. Tracked-On: OAM-115247 Signed-off-by: Jiaqing Zhao --- tasks/publish.mk | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tasks/publish.mk b/tasks/publish.mk index 2c02d833..6efec43d 100644 --- a/tasks/publish.mk +++ b/tasks/publish.mk @@ -94,6 +94,16 @@ $(PUB_OSAGNOSTIC_TAG): publish_mkdir_dest $(OS_AGNOSTIC_INFO) $(hide)($(ACP) $(OS_AGNOSTIC_INFO) $@) endif +# Publish kf4sbl +.PHONY: publish_kf4sbl +ifeq ($(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),true) +publish_kf4sbl: publish_mkdir_dest kf4sbl-$(TARGET_BUILD_VARIANT) + $(hide)($(ACP) $(BOARD_BOOTLOADER_IASIMAGE) $(publish_dest)) +else +publish_kf4sbl: + @echo "Publish kf4sbl: skipped" +endif + # Publish kf4sbl symbols files .PHONY: publish_kf4sbl_symbols ifeq ($(TARGET_BUILD_VARIANT:debug=)|$(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),user|true) @@ -234,7 +244,7 @@ publish_windows_tools: $(PLATFORM_RMA_TOOLS_CROSS_ZIP) @$(hide) mkdir -p $(publish_tool_destw) @$(hide) $(ACP) $(PLATFORM_RMA_TOOLS_CROSS_ZIP) $(publish_tool_destw) else -publish_ci: publish_liveimage publish_ota_flashfile publish_gptimage_var publish_grubinstaller publish_ifwi publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) $(PUB_CMCC_ZIP) +publish_ci: publish_liveimage publish_ota_flashfile publish_gptimage_var publish_grubinstaller publish_ifwi publish_kf4sbl publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) $(PUB_CMCC_ZIP) $(if $(wildcard $(publish_dest)), \ $(foreach f,$(PUBLISH_CI_FILES), \ $(if $(wildcard $(f)),$(ACP) $(f) $(publish_dest);,)),) @@ -286,6 +296,6 @@ publish: aic $(hide) mkdir -p $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) $(hide) cp $(PRODUCT_OUT)/$(TARGET_AIC_FILE_NAME) $(TOP)/pub/$(TARGET_PRODUCT)/$(TARGET_BUILD_VARIANT) else # ANDROID_AS_GUEST -publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage_var publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4sbl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller +publish: publish_mkdir_dest $(PUBLISH_GOALS) publish_ifwi publish_gptimage_var publish_firmware_symbols $(PUB_OSAGNOSTIC_TAG) publish_kf4sbl publish_kf4sbl_symbols $(PUB_CMCC_ZIP) publish_androidia_image publish_grubinstaller @$(ACP) out/dist/* $(publish_dest) endif # ANDROID_AS_GUEST From 99d86636aa60724a8d1db9f88cc4cacf05c6cd98 Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Mon, 22 Jan 2024 14:13:13 +0800 Subject: [PATCH 35/37] Remove directory while compressing android images directory is not required in final release packages Test done: make flashfiles use_tar=true uzip flashfile.tar.gz and iso.tar.gz, no directory in extracted files Tracked-On: OAM-115260 Signed-off-by: Chen, Gang G --- releasetools/flashfiles_from_target_files.sh | 2 +- tasks/flashfiles.mk | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/releasetools/flashfiles_from_target_files.sh b/releasetools/flashfiles_from_target_files.sh index 62c5bc59..f29f941a 100755 --- a/releasetools/flashfiles_from_target_files.sh +++ b/releasetools/flashfiles_from_target_files.sh @@ -76,7 +76,7 @@ if [[ $SUPER_IMG == "true" ]]; then rm -f $flashfile_dir/system.img $flashfile_dir/vendor.img $flashfile_dir/product.img fi -tar -cvf - $flashfile_dir/ | /usr/bin/pigz > $flashfile +tar -cvf - -C $flashfile_dir/ . | /usr/bin/pigz > $flashfile echo "========================" echo "Flashfiles Tar $PRODUCT_OUT/$flashfile_dir/$flashfile created" diff --git a/tasks/flashfiles.mk b/tasks/flashfiles.mk index 36de49e4..d4a12a47 100755 --- a/tasks/flashfiles.mk +++ b/tasks/flashfiles.mk @@ -319,6 +319,8 @@ ISO_INSTALL_IMG_COMP = $(ISO_INSTALL_IMG).zip endif ISO_RELEASE_TAR = $(PRODUCT_OUT)/$(TARGET_PRODUCT)-releasefile-$(TARGET_BUILD_VARIANT).iso.tar.gz ISO_EFI = $(PRODUCT_OUT)/iso_tmp.efi +iso_basename = $(shell basename $(ISO_INSTALL_IMG)) +iso_path = $(shell dirname $(ISO_INSTALL_IMG)) LOCAL_TOOL:= \ PATH="/bin:$$PATH" @@ -475,7 +477,7 @@ endif @echo "Compress ISO image $(ISO_INSTALL_IMG_COMP) ..." ifeq ($(use_tar),true) - $(hide) tar -cvf - $(ISO_INSTALL_IMG) | /usr/bin/pigz > $(ISO_INSTALL_IMG_COMP) + $(hide) tar -cvf - -C $(iso_path) $(iso_basename) | /usr/bin/pigz > $(ISO_INSTALL_IMG_COMP) else $(hide)zip -r -j $(ISO_INSTALL_IMG_COMP) $(ISO_INSTALL_IMG) endif From 9f5c9863682a07c32aa005b8636913792baeb24d Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Thu, 29 Feb 2024 10:08:06 +0800 Subject: [PATCH 36/37] Add gpt.ini to flashfiles gpt.ini is used to flash android images, add it to flashfiles to optimize the flash steps Test done: make flashfiles make flashfiles use_tar=true Tracked-On: OAM-115800 Signed-off-by: Chen, Gang G --- releasetools/flashfiles_from_target_files.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/releasetools/flashfiles_from_target_files.sh b/releasetools/flashfiles_from_target_files.sh index f29f941a..f4abc48f 100755 --- a/releasetools/flashfiles_from_target_files.sh +++ b/releasetools/flashfiles_from_target_files.sh @@ -48,6 +48,8 @@ do else if [[ $i == "startup.nsh" ]]; then cp efi/startup.nsh $flashfile_dir/. + elif [[ $i == "gpt.ini" ]]; then + cp obj/PACKAGING/flashfiles_intermediates/root/$i $flashfile_dir/. else if [[ $i == "system.img" || $i == "odm.img" || $i == "vbmeta.img" || $i == "vendor_boot.img" ]]; then cp obj/PACKAGING/target_files_intermediates/$TARGET-target_files-*/IMAGES/$i $flashfile_dir/. @@ -79,5 +81,5 @@ fi tar -cvf - -C $flashfile_dir/ . | /usr/bin/pigz > $flashfile echo "========================" -echo "Flashfiles Tar $PRODUCT_OUT/$flashfile_dir/$flashfile created" +echo "Flashfiles Tar $PRODUCT_OUT/$flashfile created" echo "========================" From 1bbb68a58ee0ec895f7cd8e8a5a4fbd6c5688dcf Mon Sep 17 00:00:00 2001 From: Austin Sun Date: Mon, 4 Mar 2024 05:43:36 +0000 Subject: [PATCH 37/37] IASW SBL testkey Tracked-On: OAM-115864 Signed-off-by: Austin Sun --- testkeys/OS1_TestKey_Priv_RSA3072.pem | 67 +++++++++++---------------- 1 file changed, 27 insertions(+), 40 deletions(-) diff --git a/testkeys/OS1_TestKey_Priv_RSA3072.pem b/testkeys/OS1_TestKey_Priv_RSA3072.pem index eede1778..3aab5f16 100644 --- a/testkeys/OS1_TestKey_Priv_RSA3072.pem +++ b/testkeys/OS1_TestKey_Priv_RSA3072.pem @@ -1,40 +1,27 @@ ------BEGIN PRIVATE KEY----- -MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCRwOwudCNiJugn -G+6tcVwqO40dr6srJnGPC6pt3Fdv4GOXnaHclJWcTlHs9UABTsKIhBltBpkDtOo9 -s8s5ZTPff3bhbzEPBAU4IAFwl4W+9A2djelb49r/gljzzpefZdh5Ys97o5UmnvOM -d4LgSfbsF/nOSsmS/hM/3XuitKLjVMqCMPgtGXZTdySmN1hyyX/yT27dBp+QryFo -1PvYDoWfC+69EzjCF74MxBsbRP8f5NjJJ2lqaU/D2uFK9oVvNwUshlmcYAbOgW9p -BxJ6oI/UKVUuuDnwdxv33UIgPX3Ic1JA6IN1hdKkF9gq6CcQHjN4zJHvFyhqDCy0 -BG+2fHBeO6ZZ/OrdC3ym0CEf7MA9GYkRiZFAyUHkK/kb8TvzQn8RY8IRJ0AiBMPh -4SmCcuEe0VYehQ7zuCatUTGxzGIyR+rPON9C68axFwNRZPI0nbXlNXvOI9oI/zIW -qGHGUwi1GWnsa8RwfdeHURrrGqJ48TDX4LJQWdAjmcBbAsKnQ30CAwEAAQKCAYBA -/rczVd3LcI8YlYee90yClrCsWsApC0kbYTfcKqQhAv5WR1g8/VMj8vbshEbI7n6o -EsQlzongUcYcwraufvcdRIFWMNe/Guta5kbOFvtwtfL2XaiArgBj7RPOkMMjNO7N -3maoez9RDBOOAWMusjz2dhCS0d3Gex9JXPI7kXKLji2J1d1tewu9V4VTy51Y/orc -GljVHhV8luP+k+9EHuGuFUueK9qlDqJUngR6ag+cgNe9B6Kl7ZVAwLOzUnAZMn6j -X998x5O5YHYM0CijoOpYc1/asFJWTZQzJE5zpFGlL8CjNpaxnm09GAX90/m6MLT1 -4WIjZwvMLyrztE+WpKJijTrOgkecWF1YtdMx/l/N/uflKy4Kj99+n3RN+ylztH25 -sok49quEsLvxdmedx4qcAgvNU+pEwVibIOWJsIXMBGoElbYiRF0DTj0fdgqDyl0I -Xcxz32Ut4SfP0ih+Z5lHWxJjO4/BvZuhkD8TQYWG1jkv/+s3NtamsG6fhc5BlA8C -gcEAwSKALUVpxRsf1Ufm5Jfjj5r0oBslt/5MFjWJn857i8Hdod5ypwCCbTf39UUk -hMsgG1S+vuGkW9HST+yYN+nJNb1YHbD6uOUGfPp7QxZWzoBZ1M2etRrOTBmXzckv -sllepuljJvKbv/CX2H7zsgyaxH/K/US/joI1DLCNqjFOY28j+d+FX81GHGKxF+jT -daKbBiKRWUl2i4pHmFRl/CL44Z0TZD4r7dc2X/0gpBMF37DseDWlkKLhuEBYJa3+ -gQ/rAoHBAMEyQLJ/KHdoW12KGX6fdsFpYuiVbDc/DNEgGv89+25Bwt9i+mkZWtFg -ieM73hSJxlS1rFTzRu2ISr9FdKrEsoJb4GYmazyhME7Vl3+KfP+EqmvAaKEv/Hcs -xz9rHP/AZy4blPrt0cuFuUpopMFGPcWtTKSlWnCfqrIGPm/+1pKMCm/cVGh7ev2b -9fycmx5m89TZLEn+Kt+M0vlDUvdtQYiqV5tSsqa4b1OXnXIcBP6WFzuOGMv6UAv4 -28Wj52iINwKBwFHNORjzo372pB8D20nLA3lZmm8N0IYD0Vo+xtHG9REWxba/rzQI -xTVZVU6vQG52Ul0BIeFbVPAHCNsNTNOx06VNUzsQMMGLT5ozxW1+0rmYJ3Q4uxXe -Cq600FU691bE/5AWngZrD4jWcJoj+zfYmtzLe8CWE8RaZfm/9eC2DYuUEVrOT4Fq -Ql3Xd0a3OIlEnACXN5TnxqwHn5dnd+K5NUzp6MK2ioisdL1nSyHzZLOADkhEAKIo -Ow59QliDP56OjQKBwQCa8cPDpIn+4lpMdeKmlBv5WJ0z7gsBb/bGjho41SwerG0v -HcG5otUckXFlJnGhRTIkZCQXaZlcDe/s4TaFcwW72RXqtytQT/Jfd5xudNJ1V6Aa -lREVHVg8+FPAgBac42GdMA/XA/87XD9T9wMT41LNhISwk9Ep/FQ5PRq8VcUfeWMx -faLQvR/R4FBzzeH2ixlJfvevTEJ0UgwuT5ltyVlC02M5tiSD4+2dPD7Q8rnquNNf -N0KZ7WJfh7IzG5YPVxcCgcEAn87fnMpa5bx2GM/9tCilYF94p9ImuTAmz1x9PrZd -qnKbxWo1Cd6L8Y6Ph3xo8w/ir93RvzpoTJVwZF7yfYvLzrfR/mFamNII82lq4HbS -kulfZW7HtIlLE0FBf68WwlCWYjqtzlbTnEQqTPSS1LoEEorw3qfYtQcpufnVCUom -8DlLxs5hg2oDIqlramtRSAx30/4Y3wItrGI1YshzUVYm5NBI0iYJd3gX9V6G93ZY -1WormZkhXCKHlSkcRsbpqTZD ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAzLiDFGCKzj/TfsxpIxtQ1f2YI/5/7tmyPj23Zy/7bbnqrsfR +CQyBbDElte1R9cCAYhK9aN5JTuparnsh3eFIhq9DeuyFtQtjo54t3AQ6cUVx+wyP +8D8gFjC0TlIhin0xW/xwmMptXdxjxv44mEfI1ioIvGHSMNtic0jA9WRimlL+qIJ/ +P4fWisU24x5yoPDjGM5C3h5LWvcqGi1HGtyH0I6l74NcPahJl/dVV0di1s6eURXT +gCSwJx2zL/H4Xf/qy5uh3fGKod4ay8MwaHOlVHc2CxnkoBjoj9mEUhNasVOiOmjY +W7yxi9WDdSlDoZDrCyiGHtKmLnTBuTLJlU6pcQIDAQABAoIBAQCEm/CsvmyrdUS2 +mgpwpz0RoJdwmWadfX6sOqYWvUoMpaWTWfPZ/LPJNXzL/9Jbcjq3TJRM3dB2we/D +nhct9sRYGieH9LYXtCzyy3/BSSviO629hUGnyfwq45moMiNv5fCXOUpmbpmxdxVa +zUozuiwqLkhCXsscwr9fFf2H92K3u2md8xSeqEqgcz5eDWRryAB12jndQICJvpvb +mS9yvhfZnZS3s66Pqfcf4MEUeKkxLgs7F0gTPxKSD5wwurjWd9p48b10YphH9B3S +vjKIvrbwd4rRQdDIeHspJ+evhhXU/MIjsx3DwFJgCOOIghwqriEAd/BNhurS0qXS +YrlhhekBAoGBAPfNk7E3lkRPC7laz24Co9effrPOSHfdAO6fRjLqu/5Cg6MSxT6K +d/JC6hlv8kuFRr2hVC8GzaopmNLzgTq5/CEFDADdnirJ9kJDj+toicQL3+ntN2sT +usk1I2Ym+RnuJFw5himq4/t7MP1BOlfRd6MhEuupWSvFcvn1IUu9qv7JAoGBANN+ +HBCq+XN/iuUgOfgj+p7kdz18j2GHeIa5tVirQeGsBGl3gLzVH9l0sxxeoEqdDzIv +j3Nxstero1PfMZsRTfSomd2zsRshYH17FAAjue28MJGbBcCGEHpg5GCmeP5Wemqw +dRDreRTPwroOLGcFILZTiYzSTFhQ8vdHW4upkmFpAoGBAOMPUPx6lcsjrvd5eUYx +TxXdhIiXRRnnvNnpwbYYFohFRD9hjLDgykWHAOCsDhUbGxXZRL0Oe9cm5GyvSUOZ +dah/6l7EsxA8HNTc+XvYPxwPUW4Uucn4uxdxBG2u2mPjLRgAcamud9ZQLDRy11Xu +jrRAMwkTFK0h8FePQKIZOhzZAoGBAJqxY1XNuSgB4lY1fDFEH8yYz57pvPZZYI8q +xrpUiZvHdnKuNjvop6Mm+NuHWzc4KiVLJGIMiAO4R37RgjcqMRsDN4gyJxjxEOK3 +Y6m2eAir3dqiyVJIvUTGGkWXfmiKWIAxEW+OzMGsNYJhW5j+5y51a+bU64Ktswmr +6An/vlIBAoGBAO44DdQRrqmndVjXu/+yMLYmRxG7CCzUyxgxUeaR2fco1Qss/2Me +fgk3T85tnFM4rq3gvSL4oyjUgMZJ8vtnWl+6IppSru9zzmEZ+aqT+GsHWsK6Tkcv +SvZswG++MVPfOLAveappYkaSLhbbBi3ARfM7G90RG0SK3JLQNXVAX2Q1 +-----END RSA PRIVATE KEY-----