1#!/usr/bin/make -f
2#
3# Sign/encrypt a Linux Kernel zImage, a DTB file, and a rootfs (to be used
4# as an initramfs) into a FIT image tree blob for loading through U-Boot on a
5# TI High Security (HS) SoC.
6#
7# Copyright (C) 2016-2017, Texas Instruments, Incorporated - http://www.ti.com/
8#	Andreas Dannenberg <dannenberg@ti.com>
9#	Andrew F. Davis <afd@ti.com>
10#
11# This program is free software; you can redistribute it and/or modify
12# it under the terms of the GNU General Public License version 2 as
13# published by the Free Software Foundation.
14#
15
16ITB ?= fitImage
17ITS ?= $(ITB:=.its)
18
19SEC_IMAGES := $(shell sed -n 's/.*\/incbin\/.*\"\(.*\.sec\)\".*/\1/p' $(ITS))
20
21.PHONY: all
22all: $(ITB)
23
24# Invoke signing tool from the TI Secure Dev package to sign and optionally
25# encrypt a binary blob. This tool is accessed through the use of the
26# TI_SECURE_DEV_PKG environmental variable in the same fashion as it is used
27# when building secure U-Boot for TI devices.
28%.sec: %
29ifneq ($(TI_SECURE_DEV_PKG),)
30ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
31	$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh $(patsubst %.sec,%,$@) $@
32else
33	@echo "ERROR: $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
34	      "$@ was NOT created!"; exit 1
35endif
36else
37	@echo "ERROR: TI_SECURE_DEV_PKG environment variable must be defined" \
38	      "for TI secure devices. $@ was NOT created!"; exit 1
39endif
40
41# Compile a FIT image tree source file describing the final image tree blob.
42# Use the mkimage tool that comes with U-Boot to make sure we have the latest/
43# greatest as we are using advanced features such as FIT...
44MKIMAGE ?= mkimage
45$(ITB): $(ITS) $(SEC_IMAGES)
46	$(MKIMAGE) -f $< -r $@
47
48.PHONY: clean
49clean:
50	-$(RM) -v $(SEC_IMAGES)
51	-$(RM) -v $(ITB)
52