By: fu linux
E-mail: fulinux@sina.com
Blog: https://blog.csdn.net/fulinus
喜欢的盆友欢迎点赞和订阅!
你的喜欢就是我写作的动力!
开始制作lk或aboot
今天开始制作
bootloader(lk)
,又名aboot。
标题准备工作
首先我们要有源码,
lk
是开源的项目,我们可以从android代码或者github等地方中获取,并将其拷贝到相应的目录中,比如我们将其放在recipe-kernel目录中,参考如下:
meta-mybsp]$ cd recipes-kernel/
recipes-kernel]$ mkdir -p lk/files
recipes-kernel]$ cp -rf <your source path>/lk/ lk/files/
recipes-kernel]$ ls lk/files/lk/
AndroidBoot.mk(这个是android编译用的我们用不上) app arch dev include kernel lib LICENSE make makefile(我们用的是这个) platform project scripts target
- 1
- 2
- 3
- 4
- 5
我的lk已经是一个可以在高通平台上正常运行的项目了,我这里没有做什么改动,直接就复制过来了。
编写lk的bb文件
创建
lk_git.bb
文件:
recipes-kernel]$ vim lk/lk_git.bb
- 1
现在,慢慢的往bb文件中添加配置了,首先添加摘要、License和源码位置等信息:
# Little Kernel bootloader
SUMMARY = "Little Kernel bootloader" #摘要信息
LICENSE = "CLOSED" #不进行license检验
PROVIDES = "virtual/bootloader" #定义一个别名,msm8909.conf中要用到。
# The architecture of the resulting package
PACKAGE_ARCH = "${MACHINE_ARCH}" #因为lk是针对特定的machine的, 需要指定在build/tmp/work/msm8909-poky-linux-gnueabi下面生成构建目录,默认是armv7ahf-neon-poky-linux-gnueabi目录,所以要改。
#下面是指定源码路径。
FILESEXTRAPATHS_prepend := "${THISDIR}/:"
SRC_DIR = "files/lk"
SRC_URI = "file://lk/"
S = "${WORKDIR}/lk"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
解决编译问题
添加上面代码的基本信息后我们就可以开始尝试编译了,注定不是一番丰顺的,下面列举一些遇到的问题。
问题1:PROJECT没有指定
build]$ bitbake lk
...
| makefile:27: *** No project specified. Use "make projectname" or put "PROJECT := projectname" in local.mk. Stop.
| ERROR: oe_runmake failed
- 1
- 2
- 3
- 4
查看源码根目录下的
makefile
文件中的
PROJECT
变量:
project-name := $(firstword $(MAKECMDGOALS))
ifneq ($(project-name),)
ifneq ($(wildcard project/$(project-name).mk),)
do-nothing := 1
$(MAKECMDGOALS) _all: make-make
make-make:
@PROJECT=$(project-name) $(MAKE) $(filter-out $(project-name), $(MAKECMDGOALS))
endif
endif
ifeq ($(do-nothing),)
ifeq ($(PROJECT),)
$(error No project specified. Use "make projectname" or put "PROJECT := projectname" in local.mk)
endif
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
小知识点:
make在执行时会设置一个特殊变量 – “MAKECMDGOALS
” ,该变量记录了命令行参数指定的终极目标列表。
下面对应的目录和文件
lk]$ ls project/
...
msm8909.mk
msm8953.mk
...
- 1
- 2
- 3
- 4
- 5
我们这里用到的就是
msm8909.mk
出错提示有两个解决方法:
- make msm8909
- PROJECT:=projectname
问:如何在bb文件中为make命令的传递参数呢?
答:用EXTRA_OEMAKE
那么这里我们可以这样讲平台目标传进去:
EXTRA_OEMAKE := "PROJECT:=${MACHINE}"
- 1
问题2:指定交叉编译器
再次编译,又出现了下面问题:
build]$ bitbake lk
NOTE: make -j 8 PROJECT:=msm8909
make: arm-eabi-gcc: Command not found
- 1
- 2
- 3
是不是奇怪怎么会出现
arm-eabi-gcc
呢?看下
makefile
文件中:
TOOLCHAIN_PREFIX ?= arm-eabi-
...
CC := $(CCACHE) $(TOOLCHAIN_PREFIX)gcc
- 1
- 2
- 3
说明默认指定了交叉编译器前缀
TOOLCHAIN_PREFIX
,所以要在bb文件中更正:
EXTRA_OEMAKE_append = "TOOLCHAIN_PREFIX='${TARGET_PREFIX}'"
- 1
又出现了新问题:
| NOTE: make PROJECT:=msm8909TOOLCHAIN_PREFIX=arm-poky-linux-gnueabi- clean
| makefile:161: project/msm8909TOOLCHAIN_PREFIX=arm-poky-linux-gnueabi-.mk: No such file or directory
| makefile:163: target//tools/makefile: No such file or directory
| makefile:165: arch//rules.mk: No such file or directory
- 1
- 2
- 3
- 4
注意
msm8909TOOLCHAIN_PREFIX=arm-poky-linux-gnueabi-
连在一起了,所以我们需要纠正上面的赋值(前面加空格):
EXTRA_OEMAKE_append = " TOOLCHAIN_PREFIX='${TARGET_PREFIX}'"
- 1
其他问题汇总
凡此种种,都需要看makefile文件,然后通过
EXTRA_OEMAKE
变量传入相应的变量值,下面我将lk_git.bb文件内容贴出来:
LIBGCC = "${STAGING_LIBDIR}/${TARGET_SYS}/*/libgcc.a"
emmc_bootloader = "${@bb.utils.contains('DISTRO_FEATURES', 'emmc-boot', '1', '0', d)}"
EXTRA_OEMAKE := "PROJECT:=${MACHINE}"
EXTRA_OEMAKE_append = " TOOLCHAIN_PREFIX='${TARGET_PREFIX}'"
EXTRA_OEMAKE_append = " LIBGCC='${LIBGCC}'"
# Disable display for nodisplay products
DISPLAY_SCREEN_msm8909 = "0"
EXTRA_OEMAKE_append = " DISPLAY_SCREEN=${DISPLAY_SCREEN} ENABLE_DISPLAY=${DISPLAY_SCREEN}"
EXTRA_OEMAKE_append = " VERIFIED_BOOT=0 DEFAULT_UNLOCK=true EMMC_BOOT=${emmc_bootloader}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ab-support', '', 'APPEND_CMDLINE=1', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'USE_LE_SYSTEMD=true', '', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'vble', 'VERIFIED_BOOT_LE=1', '', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'dm-verity', 'VERITY_LE=1', '', d)}"
EXTRA_OEMAKE_append_msm8909 = " TARGET_USE_QSEECOM_V4=1"
#enable hardfloat
EXTRA_OEMAKE_append = " ${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'ENABLE_HARD_FPU=1', '', d)}"
#add more cflags to lk, if GCC6.3 version
EXTRA_OEMAKE_append = " 'LKLE_CFLAGS=-Wno-shift-negative-value -Wno-misleading-indentation -Wunused-const-
variable=0 -DINIT_BIN_LE=\"/sbin/init\"' "
# Disable debug logs for non debug variant builds.
EXTRA_OEMAKE_append = " ${@bb.utils.contains('VARIANT', 'debug', '', 'DISABLE_LOGGING_BL=1', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('VARIANT', 'user', 'TARGET_BUILD_VARIANT=user', '', d)}"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
bb.utils.contains函数
yocto 给某些变量赋值时可能需要用到条件语句, 判断某个变量中是否包含某个值可以调用
bb.utils.contains
函数,使用方法参考下面举例:
ABC = "${@bb.utils.contains('val', '1', 'true', 'false ', d)}"
#如果val包含1时 则 ABC 赋值 true,否则 ABC 赋值 false
#例如:
CFLAGS_prepend = "${@bb.utils.contains('GCCVERSION', '4.6.3', ' -std=c99', ' ', d)}"
#如果'GCCVERSION' 包含(等于) '4.6.3' 则CFLAGS_prepend赋值为' -std=c99' ,否则CFLAGS_prepend 赋值为空。
- 1
- 2
- 3
- 4
- 5
综上,上面的
lk_git.bb
文件中有些变量也是需要根据某些变量选择不同的赋值,比如user和debug版本是log是否开启log打印等。
msm8909.conf追加配置
上面用到了一些没见过的变量,因此需要在msm8909.conf或者DISTRO相关的配置中去定义。
这里我们在msm8909.conf中进行配置:
multiple definition of `__stack_chk_guard’
报错了:
...
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/openssl/crypto/x509v3/v3_utl.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/zutil.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/adler32.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/inftrees.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/inflate.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/inffast.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| arm-poky-linux-gnueabi-ld: ./build-msm8909/lib/zlib_inflate/decompress.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: multiple definition of `__stack_chk_guard'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/include/debug.h:74: first defined here
| make/build.mk:15: recipe for target 'build-msm8909/lk' failed
| make: *** [build-msm8909/lk] Error 1
| ERROR: oe_runmake failed
| WARNING: /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108:191 exit 1 from 'exit 1'
| WARNING: Backtrace (BB generated script):
| #1: bbfatal_log, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 191
| #2: die, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 166
| #3: oe_runmake, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 171
| #4: base_do_compile, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 149
| #5: do_compile, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 143
| #6: main, /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/run.do_compile.1108, line 191
| ERROR: '_sre.SRE_Match' object is not subscriptable
ERROR: Task (/home/peeta/poky/meta-mybsp/recipes-kernel/lk/lk_git.bb:do_compile) failed with exit code '1'
NOTE: Tasks Summary: Attempted 499 tasks of which 491 didn't need to be rerun and 1 failed.
Summary: 1 task failed:
/home/peeta/poky/meta-mybsp/recipes-kernel/lk/lk_git.bb:do_compile
Summary: There was 1 WARNING message shown.
Summary: There were 2 ERROR messages shown, returning a non-zero exit code.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
说真的出现这个错误后我花了很长时间去想办法解决,但是都没有好的方法,包括在
https://gcc.gnu.org/bugzilla/
https://stackoverflow.com/questions/27290086/gcc-canaries-undefined-reference-to-stack-chk-guard
但是不管怎么都没有找到相关的解决方法,我都认为是我的gcc版本太高,与我这个lk完全不兼容导致。
后面我想是在这个debug.h文件中定义
__stack_chk_guard
这个,其他地方有重复应用debug.h头文件(按理说开头位置已经定义的#ifndef __DEBUG_H,是不应该出现重复定义的才对啊),导致很多上面那种警告。于是我想了一个本方法。因为
__stack_chk_guard_setup()
函数只在main.c中使用,那我放到
kernel/main.c
文件中好了。于是:
...
uintptr_t __stack_chk_guard;
/*
* Initialize the stack protector canary value.
*/
#define __stack_chk_guard_setup() do { __stack_chk_guard = get_canary(); } while(0)
/* called from crt0.S */
void kmain(void) __NO_RETURN __EXTERNALLY_VISIBLE;
void kmain(void)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
于是再次编译就没有问题了。编译通过~
first defined here问题
错误现象:
| arm-oe-linux-gnueabi-ld: ./build-msm8909/dev/gcdb/display/gcdb_display.o:/home/peeta/poky/build/tmp-msm8909-glibc/work/msm8909-oe-linux-gnueabi/lk/git-r0/lk/./platform/msm_shared/include/gpio.h:80: multiple definition of `tlmm_ebi2_drv_ctrl'; ./build-msm8909/target/msm8909/init.o:/home/peeta/poky/build/tmp-msm8909-glibc/work/msm8909-oe-linux-gnueabi/lk/git-r0/lk/./platform/msm_shared/include/gpio.h:80: first defined here
- 1
这个类似下面这样修改:
enum {
TLMM_PULL_UP = 0x3,
TLMM_PULL_DOWN = 0x1,
TLMM_NO_PULL = 0x0,
} tlmm_pull_values;
//改成:
enum tlmm_pull_values {
TLMM_PULL_UP = 0x3,
TLMM_PULL_DOWN = 0x1,
TLMM_NO_PULL = 0x0,
};
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
类似上面这样的错误还有很多。逐一修改,后面我可能会提供一个补丁。
使用fastboot刷入我们的aboot镜像,镜像文件位于:
build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/build-msm8909/emmc_appsboot.mbn
- 1
进入fastboot模式,然后使用下面的命令刷固件:
fastboot flash aboot <your path>/emmc_appsboot.mbn
fastboot reboot
- 1
- 2
但是很遗憾,出错了,如下节所示:
Error code 302e
刷了自己的aboot后,没有正常运行起来,参考如串口log如下:
B - 1567 - PBL, Start
B - 4546 - bootable_media_detect_entry, Start
B - 59577 - bootable_media_detect_success, Start
B - 59581 - elf_loader_entry, Start
B - 60663 - auth_hash_seg_entry, Start
B - 60923 - auth_hash_seg_exit, Start
B - 74546 - elf_segs_hash_verify_entry, Start
B - 133990 - PBL, End
B - 146247 - SBL1, Start
B - 204411 - boot_flash_init, Start
D - 30 - boot_flash_init, Delta
B - 211029 - boot_config_data_table_init, Start
D - 7259 - boot_config_data_table_init, Delta - (0 Bytes)
B - 222863 - CDT version:3,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B - 229024 - pm_device_init, Start
B - 232349 - pm_device_init, TEST - MSM8909 detected
B - 237717 - pm_device_init, INFO - PM8909 is selected
B - 252052 - PM_SET_VAL:Skip
D - 21380 - pm_device_init, Delta
B - 253455 - sbl1_ddr_set_params, Start
B - 255834 - cpr_init, Start
D - 0 - cpr_init, Delta
B - 261476 - Pre_DDR_clock_init, Start
D - 183 - Pre_DDR_clock_init, Delta
D - 0 - sbl1_ddr_set_params, Delta
B - 274469 - pm_driver_init, Start
B - 280996 - --> Charge init
B - 281210 - battery good, boot up
B - 282369 - boot up
B - 10 - Current status
D - 11224 - pm_driver_init, Delta
B - 297619 - clock_init, Start
D - 152 - clock_init, Delta
B - 298015 - Image Load, Start
D - 25956 - QSEE Image Loaded, Delta - (505472 Bytes)
B - 324001 - Image Load, Start
D - 244 - SEC Image Loaded, Delta - (2048 Bytes)
B - 332419 - sbl1_efs_handle_cookies, Start
D - 610 - sbl1_efs_handle_cookies, Delta
B - 339007 - Image Load, Start
D - 12780 - RPM Image Loaded, Delta - (157136 Bytes)
B - 351817 - Image Load, Start
B - 353769 - Error code 302e at boot_config.c Line 285
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
最后一行出错提示,我在sbl1代码中查找boot_config.c文件找到285行,有这样一段代码:
/* Authenticate the image */
error_status = boot_auth_image(bl_shared_data,
(uint32)boot_config_entry->target_img_sec_type);
BL_VERIFY( error_status == BL_ERR_NONE, error_status );
- 1
- 2
- 3
- 4
鉴定aboot镜像的时候出错了。要开始瞎折腾了~
后记:这个折腾了很久,下面简要记录下过程
折腾过程简述
我通过github上面lk的提示下载了一个linaro官网下载低版本的toolchain下来编译:
#参考下面的文件,其实这里lk的recipe最后也就形成了这一条命令编译:
poky]$ vim build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/temp/log.do_compile
make -j 8 msm8909 TOOLCHAIN_PREFIX=arm-poky-linux-gnueabi- LIBGCC=/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/recipe-sysroot/usr/lib/arm-poky-linux-gnueabi/*/libgcc.a DISPLAY_SCREEN=0 ENABLE_DISPLAY=0 VERIFIED_BOOT=0 DEFAULT_UNLOCK=true EMMC_BOOT=1 APPEND_CMDLINE=1 TARGET_USE_QSEECOM_V4=1 ENABLE_HARD_FPU=1 LKLE_CFLAGS=-Wno-shift-negative-value -Wno-misleading-indentation -Wunused-const-variable=0 -DINIT_BIN_LE=\"/sbin/init\" -D TARGET_LIBC_PROVIDES_SSP=1 SIGNED_KERNEL=1
- 1
- 2
- 3
使用linaro的toolchain时,参考下面的命令:
$ export PATH="~/code/gcc-linaro-6.4.1-2018.05-x86_64_arm-linux-gnueabihf/bin/:$PATH"
~]$ arm-linux-gnueabihf-gcc -v
...
gcc version 6.4.1 20180425 [linaro-6.4-2018.05 revision 7b15d0869c096fe39603ad63dc19ab7cf035eb70] (Linaro GCC 6.4-2018.05)
lk]$ make -j 8 msm8909 TOOLCHAIN_PREFIX=arm-linux-gnueabihf- DISPLAY_SCREEN=0 ENABLE_DISPLAY=0 VERIFIED_BOOT=0 DEFAULT_UNLOCK=true EMMC_BOOT=1 APPEND_CMDLINE=1 TARGET_USE_QSEECOM_V4=1 ENABLE_HARD_FPU=1 LKLE_CFLAGS=-Wno-shift-negative-value -Wno-misleading-indentation -Wunused-const-variable=0 -DINIT_BIN_LE=/sbin/init -D TARGET_LIBC_PROVIDES_SSP=1 SIGNED_KERNEL=1
- 1
- 2
- 3
- 4
- 5
正常也是可以编译生成镜像的,但是刷入之后还是相同的问题。
解决过程
参考在android中有一段给lk/aboot签名语句:
vendor/qcom/proprietary/common/scripts/Android.mk
ifeq ($(USESECIMAGETOOL), true)
ifeq ($(USE_SOC_HW_VERSION), true)
# XML_FILE : this file will be used for singing abl and it might be different for each target
ifeq ($(SECIMAGE_BASE), vendor/qcom/proprietary/sectools)
XML_FILE := secimagev3.xml
else
XML_FILE := secimagev2.xml
endif
define sec-image-generate
@echo Generating signed appsbl using secimage tool for $(strip $(QTI_GENSECIMAGE_MSM_IDS))
@rm -rf $(PRODUCT_OUT)/signed
$(hide) SECIMAGE_LOCAL_DIR=$(SECIMAGE_BASE)
USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN=$(USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN) \
USES_SEC_POLICY_DEFAULT_SUBFOLDER_SIGN=$(USES_SEC_POLICY_DEFAULT_SUBFOLDER_SIGN) \
USES_SEC_POLICY_INTEGRITY_CHECK=$(USES_SEC_POLICY_INTEGRITY_CHECK) python $(SECIMAGE_BASE)/sectools_builder.py \
-i $(TARGET_EMMC_BOOTLOADER) \
-t $(PRODUCT_OUT)/signed \
-g $(SIGN_ID) \
--soc_hw_version $(soc_hw_version) \
--soc_vers $(soc_vers) \
--config=$(SECIMAGE_BASE)/config/integration/$(XML_FILE) \
--install_base_dir=$(PRODUCT_OUT) \
> $(PRODUCT_OUT)/secimage.log 2>&1
@echo Completed secimage signed appsbl \(logs in $(PRODUCT_OUT)/secimage.log\)
endef
else
define sec-image-generate
@echo Generating signed appsbl using secimage tool for $(strip $(QTI_GENSECIMAGE_MSM_IDS))
@rm -rf $(PRODUCT_OUT)/signed
$(hide) SECIMAGE_LOCAL_DIR=$(SECIMAGE_BASE)
USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN=$(USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN) \
USES_SEC_POLICY_DEFAULT_SUBFOLDER_SIGN=$(USES_SEC_POLICY_DEFAULT_SUBFOLDER_SIGN) \
USES_SEC_POLICY_INTEGRITY_CHECK=$(USES_SEC_POLICY_INTEGRITY_CHECK) python $(SECIMAGE_BASE)/
sectools_builder.py \
-i $(TARGET_EMMC_BOOTLOADER) \
-t $(PRODUCT_OUT)/signed \
-g $(SIGN_ID) \
--config=$(SECIMAGE_BASE)/config/integration/secimage.xml \
--install_base_dir=$(PRODUCT_OUT) \
> $(PRODUCT_OUT)/secimage.log 2>&1
@echo Completed secimage signed appsbl \(logs in $(PRODUCT_OUT)/secimage.log\)
endef
endif
else
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
结合apq8909的yocto项目,需要先提供sectools工具来签名,那就先添加这个sectools。
首先创建recipe目录,将SecImage复制到我们的
meta-mybsp/recipe-devtools/sectools/
目录中
meta-mybsp]$ cd recipes-devtools/
recipes-devtools]$ mkdir sectools/sectools
recipes-devtools]$ cp -rf <your path>/vendor/qcom/proprietary/common/scripts/SecImage/* sectools/sectools/
- 1
- 2
- 3
创建bb文件,内容如下:
# Sectools: Image signing tools
SUMMARY = "Sectools: Image signing tools"
LICENSE = "CLOSED"
inherit native
# keep this in-sync
SIGNING_TOOLS_DIR = "${TMPDIR}/work-shared/signing_tools"
PR = "r1"
FILESEXTRAPATHS_prepend := "${THISDIR}/:"
SRC_DIR = "sectools/"
SRC_URI = "file://sectools/"
S = "${WORKDIR}/sectools"
do_unpack[cleandirs] += " ${S} ${SIGNING_TOOLS_DIR}"
do_clean[cleandirs] += " ${S} ${SIGNING_TOOLS_DIR}"
# don't run these functions
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install () {
install -d ${SIGNING_TOOLS_DIR}/SecImage
cp -rf ${S}/* ${SIGNING_TOOLS_DIR}/SecImage
}
FILES_${PN} += "${SIGNING_TOOLS_DIR}/SecImage"
PACKAGE_STRIP = "no"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
编译和验证:
build]$ bitbake sectools
build]$ ls tmp-msm8909/work-shared/signing_tools/SecImage/
bin ext pack README.txt sectools Sectools.inf
config Notice.txt plugin resources sectools_builder.py sectools.py
- 1
- 2
- 3
- 4
上面的结果是在work-shared目录下创建了相应的目录和复制了SecImage相应的内容。后面需要被lk使用到。
修改lk的bb文件,
lk_git.bb
全文内容如下:
meta-mybsp]$ cat recipes-kernel/lk/lk_git.bb
# Little Kernel bootloader
SUMMARY = "Little Kernel bootloader"
LICENSE = "CLOSED"
DEPENDS += "sectools openssl-native"
PROVIDES = "virtual/bootloader"
# The architecture of the resulting package
PACKAGE_ARCH = "${MACHINE_ARCH}"
FILESEXTRAPATHS_prepend := "${THISDIR}/:"
SRC_DIR = "files/lk"
SRC_URI = "file://lk/"
#SRC_URI = "git://source.codeaurora.org/quic/la/kernel/lk;protocol=https;branch=LA.BR.1.2.9.c26 file://lk.patch"
#LA.BR.1.2.9.c26-00600-8x09.0
#SRCREV = "05453227f4113f724e8698e0927e55dce6db6abf"
#SRC_URI += "file://libgcc.a"
S = "${WORKDIR}/lk"
#CFLAGS += " -fPIC -D_FORTIFY_SOURCE=2 -Wa,--noexecstack "
LIBGCC = "${STAGING_LIBDIR}/${TARGET_SYS}/*/libgcc.a"
#LIBGCC = "${WORKDIR}/libgcc.a"
BOOTLOADER_NAME = "${@bb.utils.contains('DISTRO_FEATURES', 'emmc-boot', 'emmc_appsboot', 'appsboot', d)}"
emmc_bootloader = "${@bb.utils.contains('DISTRO_FEATURES', 'emmc-boot', '1', '0', d)}"
EXTRA_OEMAKE := "${MACHINE}"
EXTRA_OEMAKE_append = " TOOLCHAIN_PREFIX='${TARGET_PREFIX}'"
EXTRA_OEMAKE_append = " LIBGCC='${LIBGCC}'"
# Disable display for nodisplay products
DISPLAY_SCREEN_msm8909 = "0"
EXTRA_OEMAKE_append = " DISPLAY_SCREEN=${DISPLAY_SCREEN} ENABLE_DISPLAY=${DISPLAY_SCREEN}"
EXTRA_OEMAKE_append = " VERIFIED_BOOT=0 DEFAULT_UNLOCK=true EMMC_BOOT=${emmc_bootloader}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ab-support', '', 'APPEND_CMDLINE=1', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'USE_LE_SYSTEMD=true', '', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'vble', 'VERIFIED_BOOT_LE=1', '', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'dm-verity', 'VERITY_LE=1', '', d)}"
EXTRA_OEMAKE_append = " TARGET_USE_QSEECOM_V4=1"
#enable hardfloat
EXTRA_OEMAKE_append = " ${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'ENABLE_HARD_FPU=1', '', d)}"
#add more cflags to lk, if GCC6.3 version
EXTRA_OEMAKE_append = " 'LKLE_CFLAGS=-Wno-shift-negative-value -Wno-misleading-indentation -Wunused-const-variable=0 -DINIT_BIN_LE=\"/sbin/init\" -D TARGET_LIBC_PROVIDES_SSP=1' "
# Disable debug logs for non debug variant builds.
EXTRA_OEMAKE_append = " ${@bb.utils.contains('VARIANT', 'debug', '', 'DISABLE_LOGGING_BL=1', d)}"
EXTRA_OEMAKE_append = " ${@bb.utils.contains('VARIANT', 'user', 'TARGET_BUILD_VARIANT=user', '', d)}"
EXTRA_OEMAKE_append = " SIGNED_KERNEL=1"
SIGNING_TOOLS_DIR="${TMPDIR}/work-shared/signing_tools"
# This install overrides the one in base recipe. In this we perform image signing
# using the tools located in signing_tools_dir.
# This performs signing the image at lk/build folder. The final image
# gets written in the folder image/boot/. Subsequently deploy stage in the
# main recipe installs to the DEPLOYDIR where rest of the system images are located.
do_install_append () {
install -d ${D}/boot
install -m 0644 build-${MACHINE}/*.mbn ${D}/boot
SECIMAGE_LOCAL_DIR=${SIGNING_TOOLS_DIR}/SecImage \
USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN=1 \
USES_SEC_POLICY_INTEGRITY_CHECK=1 \
${HOSTTOOLS_DIR}/python ${SIGNING_TOOLS_DIR}/SecImage/sectools_builder.py \
-i build-${MACHINE}/${BOOTLOADER_NAME}.mbn \
-t build-${MACHINE}/signd \
-g appsbl \
--install_base_dir=build-${MACHINE}/signd \
> ${S}/secimage.log
install -m 0644 ${D}/boot/*.mbn build-${MACHINE}/
}
do_deploy() {
install -d ${DEPLOY_DIR_IMAGE}
install -m 0644 ${D}/boot/*.mbn ${DEPLOY_DIR_IMAGE}
}
addtask deploy after do_install
FILES_${PN} = "/boot/*.mbn"
PACKAGE_STRIP = "no"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
这次出现的问题解决方法在
do_install_append()
函数中。
找不到python命令
编译lk有出现了新的问题,由于我们的yocto是只有python3的,python2.7是被删除了的。所以就出现了找不到python命令的问题。
python3运行python代码出错
既然python没有了我们改成python3命令看看能不能执行吧,可是有出现了下面的问题:
Traceback (most recent call last):
File "/home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage/sectools_builder.py", line 23, in <module>
from sectools.common.utils import c_path
File "/home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage/sectools/__init__.py", line 31, in <module>
from sectools.common.core import chain
File "/home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage/sectools/common/core/chain.py", line 17, in <module>
from sectools.common.utils.c_logging import logger
File "/home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage/sectools/common/utils/__init__.py", line 15, in <module>
import __secfile__
ImportError: No module named '__secfile__'
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
反正我也尝试修改SecImage里面的代码,但是改了很多,还是出现了一大堆的找不到moude的问题。可真是折腾人呐~
解决找不到python命令的方法
庆幸的是我的ubuntu是有python(python2.7)程序的。我可以将上面的前面过程,直接按照下面的命令执行签名:
lk]$ pwd #我当前的路径,镜像已经是编译成功了的
/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk
[peeta@peeta-OptiPlex-7050 lk]$ ls build-msm8909/
app config.h emmc_appsboot.mbn lib lk.bin lk.lst lk.size platform system-onesegment.ld
arch dev kernel lk lk.debug.lst lk_s.elf lk.sym signd target
/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk
lk]$ SECIMAGE_LOCAL_DIR=/home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN=1 USES_SEC_POLICY_INTEGRITY_CHECK=1 python /home/peeta/poky/build/tmp-msm8909/work-shared/signing_tools/SecImage/sectools_builder.py -i build-msm8909/emmc_appsboot.mbn -t /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/image/boot -g appsbl --install_base_dir=/home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/image/boot > /home/peeta/poky/build/tmp-msm8909/work/msm8909-poky-linux-gnueabi/lk/git-r0/lk/secimage.log
- 1
- 2
- 3
- 4
- 5
- 6
- 7
刷入签名之后的emmc_appsboot.mbn (aboot),是可以正常引导内核启动的:
fastboot flash aboot U:\poky\build\tmp-msm8909\deploy\images\msm8909\emmc_appsboot.mbn
fastboot reboot
- 1
- 2
参考截图:
我现在有两个方案,一个是编译成功后执行上面的签名操作,制作镜像,然后放到lk的recipe中去,通过
do_install()
来安装,另外一个是解决python命令找不到的问题。
可能你就会想为什么我不能直接在
do_install()
函数中直接调用系统的python来帮我完成这个工作呢?
不错,这确实是一个解决思路,于是我就开始着实解决这个问题。
经过一番研究发现:bitbake在构建过程中会将系统的PATH变量清空,主要是为了避免系统程序和native程序出现混乱,污染了构建过程。
那我加上python程序的绝对路径呢?这样:
do_install_append () {
install -d ${D}/boot
install -m 0644 build-${MACHINE}/*.mbn ${D}/boot
SECIMAGE_LOCAL_DIR=${SIGNING_TOOLS_DIR}/SecImage \
USES_SEC_POLICY_MULTIPLE_DEFAULT_SIGN=1 \
USES_SEC_POLICY_INTEGRITY_CHECK=1 \
/usr/bin/python ${SIGNING_TOOLS_DIR}/SecImage/sectools_builder.py \
-i build-${MACHINE}/${BOOTLOADER_NAME}.mbn \
-t build-${MACHINE}/signd \
-g appsbl \
--install_base_dir=build-${MACHINE}/signd \
> ${S}/secimage.log
install -m 0644 ${D}/boot/*.mbn build-${MACHINE}/
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
但是很遗憾,仍旧不行。但是我在参考其他bb文件的实例是看到了这个
HOSTTOOLS_DIR
变量。这个变量指向的路径如下:
ls tmp-msm8909/hosttools/
[ chown diff fgrep git join mknod perl rm sha256sum strings uname
ar chrpath diffstat file gpg ld mktemp pr rmdir sha384sum strip uniq
as cmp dirname find grep ld.bfd mv printf rpcgen sha512sum sudo wc
awk comm du flock gunzip ldd nc pwd scp size tail wget
basename cp echo g++ gzip ld.gold nl python3 sed sleep tar which
...
- 1
- 2
- 3
- 4
- 5
- 6
- 7
可见这个下面是有python3的,但是没有python。而且重要的是这个python3是指向ubuntu系统中的python3出现的:
build]$ ls -l tmp-msm8909/hosttools/python3
lrwxrwxrwx 1 peeta peeta 16 3月 17 19:16 tmp-msm8909/hosttools/python3 -> /usr/bin/python3
- 1
- 2
我最擅长逆向工程了,既然这个目录可以有python3和其他系统程序就一定也可以有python。
HOSTTOOLS或HOSTTOOLS_NONFATAL变量
通过一番查找,发现这个线索:
#在poky/meta/conf/bitbake.conf文件中有这样一段内容:
# Tools needed to run builds with OE-Core
HOSTTOOLS += " \
[ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp comm cp cpio \
cpp cut date dd diff diffstat dirname du echo egrep env expand expr false \
fgrep file find flock g++ gawk gcc getconf getopt git grep gunzip gzip \
head hostname iconv id install ld ldd ln ls make md5sum mkdir mknod \
mktemp mv nm objcopy objdump od patch perl pr printf pwd \
python3 ranlib readelf readlink realpath rm rmdir rpcgen sed seq sh \
sha1sum sha224sum sha256sum sha384sum sha512sum \
sleep sort split stat strings strip tail tar tee test touch tr true uname \
uniq wc wget which xargs \
"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
这个也是和上面的
build/tmp/hosttools/
目录下的内容对的上的,因此我们可以在这个里面加上python。但是我们本着不污染
poky
目录的原则上,在我们自己的配置文件上加上这个:
meta-mybsp]$ cat conf/machine/msm8909.conf
...
#HOSTTOOLS_NONFATAL_append = " python" #这个是ubuntu系统没有python的时候不报错
HOSTTOOLS_append = " python" #这个是系统没有python的时候报错,因为我们这里必须要有python。
- 1
- 2
- 3
- 4
HOSTTOOLS相关知识点很重要 ---- 他可以让我们系统具备某些工具的情况下,不必重复在yocto中去添加相应的工具,极大的简化了我们开发工作,当然是对于哪些目标机器不依赖的工具可以这样操作。
OK~,加上这个之后我们的工作基本上就完成了,可以正常编译和运行了。
lk这个项目我折腾了很久很久,希望这篇文章能帮助到我的读者朋友~
至此,我们的lk/bootloader制作过程告一段落了!
给我点个赞加个关注呗!万分感谢!