* [PATCH v2 0/2] Add support for setting firmware property in FIT configuration
@ 2025-05-20 10:01 Jamin Lin
2025-05-20 10:01 ` [PATCH v2 1/2] uboot-sign: Fix unintended "-e" written into ITS Jamin Lin
2025-05-20 10:01 ` [PATCH v2 2/2] uboot-sign: Add support for setting firmware property in FIT configuration Jamin Lin
0 siblings, 2 replies; 3+ messages in thread
From: Jamin Lin @ 2025-05-20 10:01 UTC (permalink / raw)
To: openembedded-core; +Cc: troy_lee, jamin_lin, vince_chang
v1:
1. Fix unintended "-e" written into ITS
2. Add support for setting firmware property in FIT
configuration
v2:
Fix review issue
documentation:
https://patchwork.yoctoproject.org/project/docs/patch/20250520095457.3642012-1-jamin_lin@aspeedtech.com/
Jamin Lin (2):
uboot-sign: Fix unintended "-e" written into ITS
uboot-sign: Add support for setting firmware property in FIT
configuration
meta/classes-recipe/uboot-sign.bbclass | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--
2.43.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v2 1/2] uboot-sign: Fix unintended "-e" written into ITS
2025-05-20 10:01 [PATCH v2 0/2] Add support for setting firmware property in FIT configuration Jamin Lin
@ 2025-05-20 10:01 ` Jamin Lin
2025-05-20 10:01 ` [PATCH v2 2/2] uboot-sign: Add support for setting firmware property in FIT configuration Jamin Lin
1 sibling, 0 replies; 3+ messages in thread
From: Jamin Lin @ 2025-05-20 10:01 UTC (permalink / raw)
To: openembedded-core; +Cc: troy_lee, jamin_lin, vince_chang
An unintended "-e" string may be written into the generated ITS file when users
set the UBOOT_FIT_USER_SETTINGS variable to include custom binaries in the U-Boot
image.
This issue is caused by the use of 'echo -e', which behaves inconsistently across
different shells. While bash interprets '-e' as enabling escape sequences
(e.g., \n, \t), dash—the default /bin/sh on many systems—does not recognize
'-e' and treats it as a literal string. As a result, "-e" can be mistakenly
injected into the ITS file under certain build environments.
To ensure consistent and shell-agnostic behavior, replace 'echo -e' with
'printf', which is well-defined by POSIX and behaves reliably across all common
shells.
This change improves portability and prevents malformed ITS files caused by unintended
string injection.
Fixes: c12e013 ("uboot-sign: support to add users specific image tree source")
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
---
meta/classes-recipe/uboot-sign.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index e0771b5429..dcf94b7179 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -425,7 +425,7 @@ EOF
fi
if [ -n "${UBOOT_FIT_USER_SETTINGS}" ] ; then
- echo -e "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS}
+ printf "%b" "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS}
fi
if [ -n "${UBOOT_FIT_CONF_USER_LOADABLES}" ] ; then
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v2 2/2] uboot-sign: Add support for setting firmware property in FIT configuration
2025-05-20 10:01 [PATCH v2 0/2] Add support for setting firmware property in FIT configuration Jamin Lin
2025-05-20 10:01 ` [PATCH v2 1/2] uboot-sign: Fix unintended "-e" written into ITS Jamin Lin
@ 2025-05-20 10:01 ` Jamin Lin
1 sibling, 0 replies; 3+ messages in thread
From: Jamin Lin @ 2025-05-20 10:01 UTC (permalink / raw)
To: openembedded-core; +Cc: troy_lee, jamin_lin, vince_chang
Add the ability to set the "firmware" property in the FIT configuration node
by introducing the UBOOT_FIT_CONF_FIRMWARE variable.
This property defines the primary image to be executed during boot. If it is
set, its value will be written into the FIT configuration under the "firmware"
field. If not set, the bootloader will fall back to using the first entry in
the "loadables" list.
Using this property improves control over the boot sequence, especially in
multi-binary boot scenarios.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
---
meta/classes-recipe/uboot-sign.bbclass | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index dcf94b7179..283b68759d 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -101,6 +101,10 @@ UBOOT_FIT_TEE_IMAGE ?= "tee-raw.bin"
# User specific settings
UBOOT_FIT_USER_SETTINGS ?= ""
+# Sets the firmware property to select the image to boot first.
+# If not set, the first entry in "loadables" is used instead.
+UBOOT_FIT_CONF_FIRMWARE ?= ""
+
# Unit name containing a list of users additional binaries to be loaded.
# It is a comma-separated list of strings.
UBOOT_FIT_CONF_USER_LOADABLES ?= ''
@@ -361,6 +365,7 @@ EOF
# we want to sign it so that the SPL can verify it
uboot_fitimage_assemble() {
conf_loadables="\"uboot\""
+ conf_firmware=""
rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY}
# First we create the ITS script
@@ -432,6 +437,10 @@ EOF
conf_loadables="${conf_loadables}${UBOOT_FIT_CONF_USER_LOADABLES}"
fi
+ if [ -n "${UBOOT_FIT_CONF_FIRMWARE}" ] ; then
+ conf_firmware="firmware = \"${UBOOT_FIT_CONF_FIRMWARE}\";"
+ fi
+
cat << EOF >> ${UBOOT_ITS}
};
@@ -439,6 +448,7 @@ EOF
default = "conf";
conf {
description = "Boot with signed U-Boot FIT";
+ ${conf_firmware}
loadables = ${conf_loadables};
fdt = "fdt";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-05-20 10:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-20 10:01 [PATCH v2 0/2] Add support for setting firmware property in FIT configuration Jamin Lin
2025-05-20 10:01 ` [PATCH v2 1/2] uboot-sign: Fix unintended "-e" written into ITS Jamin Lin
2025-05-20 10:01 ` [PATCH v2 2/2] uboot-sign: Add support for setting firmware property in FIT configuration Jamin Lin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox