From patchwork Tue May 20 10:01:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jamin Lin X-Patchwork-Id: 63303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73E91C3ABDD for ; Tue, 20 May 2025 10:01:41 +0000 (UTC) Received: from TWMBX01.aspeed.com (TWMBX01.aspeed.com [211.20.114.72]) by mx.groups.io with SMTP id smtpd.web10.17048.1747735291141590457 for ; Tue, 20 May 2025 03:01:32 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: aspeedtech.com, ip: 211.20.114.72, mailfrom: jamin_lin@aspeedtech.com) Received: from TWMBX01.aspeed.com (192.168.0.62) by TWMBX01.aspeed.com (192.168.0.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Tue, 20 May 2025 18:01:28 +0800 Received: from mail.aspeedtech.com (192.168.10.10) by TWMBX01.aspeed.com (192.168.0.62) with Microsoft SMTP Server id 15.2.1748.10 via Frontend Transport; Tue, 20 May 2025 18:01:28 +0800 From: Jamin Lin To: CC: , , Subject: [PATCH v2 1/2] uboot-sign: Fix unintended "-e" written into ITS Date: Tue, 20 May 2025 18:01:27 +0800 Message-ID: <20250520100128.4019721-2-jamin_lin@aspeedtech.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520100128.4019721-1-jamin_lin@aspeedtech.com> References: <20250520100128.4019721-1-jamin_lin@aspeedtech.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 10:01:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216897 An unintended "-e" string may be written into the generated ITS file when users set the UBOOT_FIT_USER_SETTINGS variable to include custom binaries in the U-Boot image. This issue is caused by the use of 'echo -e', which behaves inconsistently across different shells. While bash interprets '-e' as enabling escape sequences (e.g., \n, \t), dash—the default /bin/sh on many systems—does not recognize '-e' and treats it as a literal string. As a result, "-e" can be mistakenly injected into the ITS file under certain build environments. To ensure consistent and shell-agnostic behavior, replace 'echo -e' with 'printf', which is well-defined by POSIX and behaves reliably across all common shells. This change improves portability and prevents malformed ITS files caused by unintended string injection. Fixes: c12e013 ("uboot-sign: support to add users specific image tree source") Signed-off-by: Jamin Lin --- meta/classes-recipe/uboot-sign.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass index e0771b5429..dcf94b7179 100644 --- a/meta/classes-recipe/uboot-sign.bbclass +++ b/meta/classes-recipe/uboot-sign.bbclass @@ -425,7 +425,7 @@ EOF fi if [ -n "${UBOOT_FIT_USER_SETTINGS}" ] ; then - echo -e "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS} + printf "%b" "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS} fi if [ -n "${UBOOT_FIT_CONF_USER_LOADABLES}" ] ; then From patchwork Tue May 20 10:01:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jamin Lin X-Patchwork-Id: 63304 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DEA2C3DA6D for ; Tue, 20 May 2025 10:01:41 +0000 (UTC) Received: from TWMBX01.aspeed.com (TWMBX01.aspeed.com [211.20.114.72]) by mx.groups.io with SMTP id smtpd.web10.17048.1747735291141590457 for ; Tue, 20 May 2025 03:01:32 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: aspeedtech.com, ip: 211.20.114.72, mailfrom: jamin_lin@aspeedtech.com) Received: from TWMBX01.aspeed.com (192.168.0.62) by TWMBX01.aspeed.com (192.168.0.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Tue, 20 May 2025 18:01:28 +0800 Received: from mail.aspeedtech.com (192.168.10.10) by TWMBX01.aspeed.com (192.168.0.62) with Microsoft SMTP Server id 15.2.1748.10 via Frontend Transport; Tue, 20 May 2025 18:01:28 +0800 From: Jamin Lin To: CC: , , Subject: [PATCH v2 2/2] uboot-sign: Add support for setting firmware property in FIT configuration Date: Tue, 20 May 2025 18:01:28 +0800 Message-ID: <20250520100128.4019721-3-jamin_lin@aspeedtech.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520100128.4019721-1-jamin_lin@aspeedtech.com> References: <20250520100128.4019721-1-jamin_lin@aspeedtech.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 10:01:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216898 Add the ability to set the "firmware" property in the FIT configuration node by introducing the UBOOT_FIT_CONF_FIRMWARE variable. This property defines the primary image to be executed during boot. If it is set, its value will be written into the FIT configuration under the "firmware" field. If not set, the bootloader will fall back to using the first entry in the "loadables" list. Using this property improves control over the boot sequence, especially in multi-binary boot scenarios. Signed-off-by: Jamin Lin --- meta/classes-recipe/uboot-sign.bbclass | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass index dcf94b7179..283b68759d 100644 --- a/meta/classes-recipe/uboot-sign.bbclass +++ b/meta/classes-recipe/uboot-sign.bbclass @@ -101,6 +101,10 @@ UBOOT_FIT_TEE_IMAGE ?= "tee-raw.bin" # User specific settings UBOOT_FIT_USER_SETTINGS ?= "" +# Sets the firmware property to select the image to boot first. +# If not set, the first entry in "loadables" is used instead. +UBOOT_FIT_CONF_FIRMWARE ?= "" + # Unit name containing a list of users additional binaries to be loaded. # It is a comma-separated list of strings. UBOOT_FIT_CONF_USER_LOADABLES ?= '' @@ -361,6 +365,7 @@ EOF # we want to sign it so that the SPL can verify it uboot_fitimage_assemble() { conf_loadables="\"uboot\"" + conf_firmware="" rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY} # First we create the ITS script @@ -432,6 +437,10 @@ EOF conf_loadables="${conf_loadables}${UBOOT_FIT_CONF_USER_LOADABLES}" fi + if [ -n "${UBOOT_FIT_CONF_FIRMWARE}" ] ; then + conf_firmware="firmware = \"${UBOOT_FIT_CONF_FIRMWARE}\";" + fi + cat << EOF >> ${UBOOT_ITS} }; @@ -439,6 +448,7 @@ EOF default = "conf"; conf { description = "Boot with signed U-Boot FIT"; + ${conf_firmware} loadables = ${conf_loadables}; fdt = "fdt"; };