diff mbox series

[6/6] arm/classes: Add sstate support to tfm_sign_images

Message ID 20230222120441.2684534-6-peter.hoyes@arm.com
State New
Headers show
Series [1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release | expand

Commit Message

Peter Hoyes Feb. 22, 2023, 12:04 p.m. UTC
From: Peter Hoyes <Peter.Hoyes@arm.com>

Defining a task called do_deploy in an image recipe causes the
license_image bbclass in OE-core to think the recipe is not an image
recipe, which causes errors with license information collection if you
have an image recipe which depends on an image recipe using this
bbclass.

To fix this, and to add support for caching the signed binaries, use a
single task, do_sign_images (and its setscene task). The implementation
is based on deploy.bbclass, so the sstate is responsible for installing
the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name
so that license information collection still works as expected.

Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
---
 .../recipes-bsp/images/corstone1000-image.bb  |  3 +-
 meta-arm/classes/tfm_sign_image.bbclass       | 28 +++++++++----------
 2 files changed, 16 insertions(+), 15 deletions(-)
diff mbox series

Patch

diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index 932b1619..3a1639ea 100644
--- a/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -24,7 +24,8 @@  do_sign_images() {
 
     # Update BL2 in the FIP image
     cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
-    fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \
+    fiptool update --tb-fw \
+        ${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
         ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
 
     # Sign the FIP image
diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass
index 5ba57dc8..24df7682 100644
--- a/meta-arm/classes/tfm_sign_image.bbclass
+++ b/meta-arm/classes/tfm_sign_image.bbclass
@@ -6,28 +6,28 @@ 
 #  * Write the signing logic, which may call the function sign_host_image,
 #    described below
 
-inherit python3native deploy
+inherit python3native
 
 # The output and working directory
 TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images"
+TFM_IMAGE_SIGN_DEPLOY_DIR = "${WORKDIR}/deploy-tfm-signed-images"
 
+SSTATETASKS += "do_sign_images"
+do_sign_images[sstate-inputdirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR}"
+do_sign_images[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}"
+do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}"
+do_sign_images[cleandirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}"
+do_sign_images[stamp-extra-info] = "${MACHINE_ARCH}"
 tfm_sign_image_do_sign_images() {
     :
 }
-addtask sign_images after do_configure before do_compile
-do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}"
+addtask sign_images after do_prepare_recipe_sysroot before do_image
+EXPORT_FUNCTIONS do_sign_images
 
-tfm_sign_image_do_deploy() {
-    :
-}
-addtask deploy after do_sign_images
-
-deploy_signed_images() {
-    cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/
+python do_sign_images_setscene () {
+    sstate_setscene(d)
 }
-do_deploy[postfuncs] += "deploy_signed_images"
-
-EXPORT_FUNCTIONS do_sign_images do_deploy
+addtask do_sign_images_setscene
 
 DEPENDS += "trusted-firmware-m-scripts-native"
 
@@ -77,7 +77,7 @@  enum image_attributes {
 };
 EOF
 
-    host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")"
+    host_binary_signed="${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_$(basename "${1}")"
 
     ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
             ${TFM_IMAGE_SIGN_ARGS} \