webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f5b9dcd1ccc930255aca4992023097cf1ef496cf
bpfire/lfs/u-boot
Peter Müller 9a7e4d8506 Switch checksums from MD5 to BLAKE2 
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.

While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.

Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.

In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
2022-04-02 14:19:25 +00:00

256 lines
12 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 2021.07
THISAPP = u-boot-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)-$(MKIMAGE)
SUP_ARCH = armv6l aarch64
CFLAGS := $(patsubst -fstack-protector-strong,,$(CFLAGS))
ATF_VER = 2.6
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) arm-trusted-firmware-$(ATF_VER).tar.gz arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
arm-trusted-firmware-$(ATF_VER).tar.gz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER).tar.gz
arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz
$(DL_FILE)_BLAKE2 = 1a209a604e0f30264781a14ca855bbb777e8f1c031de60d28de397084fc9bfc4a3771ad00ec22f5cdcfa721f22707a533b9b59004ac0b107df927f23dc5ab0a6
arm-trusted-firmware-$(ATF_VER).tar.gz_BLAKE2 = 1d0caff9ea6d97276d1377483e3f81901c935f9af784b7a735636c75b00106935a7e301c21ecec7b9fd9a97dcf873ac1b12169bf7211dae3d975b78d379eba74
arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz_BLAKE2 = bc5245c1af911eb8ce8def743339102bb46d6aa854fbe916584775479dc97c9a9176c1d1615afc7ede496c7ca9da78db52d9c2eaf1290a4d06e53dbb1933e658
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
dist:
@$(PAK)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
ifneq "$(MKIMAGE)" "1"
ifeq "${BUILD_ARCH}" "armv6l"
# Pandaboard
-mkdir -pv /usr/share/u-boot/pandaboard
cd $(DIR_APP) && make CROSS_COMPILE="" omap4_panda_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Pandaboard - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 MLO u-boot.img \
/usr/share/u-boot/pandaboard
# Install pandaboard uboot as default
cd $(DIR_APP) && install MLO /boot/
cd $(DIR_APP) && install u-boot.img /boot/
cd $(DIR_APP) && make distclean
# Wandboard
-mkdir -pv /usr/share/u-boot/wandboard
cd $(DIR_APP) && make CROSS_COMPILE="" wandboard_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Wandboard - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" u-boot.imx
cd $(DIR_APP) && install -v -m 644 u-boot.imx \
/usr/share/u-boot/wandboard
cd $(DIR_APP) && make distclean
# Raspberry Pi
-mkdir -pv /usr/share/u-boot/rpi
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" RPi1 - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot.bin \
/usr/share/u-boot/rpi/u-boot-rpi1.bin
cd $(DIR_APP) && install u-boot.bin /boot/u-boot-rpi1.bin
cd $(DIR_APP) && make distclean
# Raspberry Pi 2
-mkdir -pv /usr/share/u-boot/rpi
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_2_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" RPi2 - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot.bin \
/usr/share/u-boot/rpi/u-boot-rpi2.bin
cd $(DIR_APP) && install u-boot.bin /boot/u-boot-rpi2.bin
cd $(DIR_APP) && make distclean
# Raspberry Pi 3 32bit
-mkdir -pv /usr/share/u-boot/rpi
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_3_32b_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" RPi3 32bit - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot.bin \
/usr/share/u-boot/rpi/u-boot-rpi3.bin
cd $(DIR_APP) && install u-boot.bin /boot/u-boot-rpi3.bin
cd $(DIR_APP) && make distclean
# Orange Pi Zero
-mkdir -pv /usr/share/u-boot/orangepi_zero
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/u-boot/sunxi/orangepi-zero-add-macs.diff
cd $(DIR_APP) && make CROSS_COMPILE="" orangepi_zero_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" OrangePi Zero - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-sunxi-with-spl.bin \
/usr/share/u-boot/orangepi_zero
cd $(DIR_APP) && make distclean
# Orange Pi PC
-mkdir -pv /usr/share/u-boot/orangepi_pc
cd $(DIR_APP) && make CROSS_COMPILE="" orangepi_pc_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" OrangePi PC - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-sunxi-with-spl.bin \
/usr/share/u-boot/orangepi_pc
cd $(DIR_APP) && make distclean
# LeMaker Banana Pi
-mkdir -pv /usr/share/u-boot/banana_pi
cd $(DIR_APP) && make CROSS_COMPILE="" Bananapi_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" BananaPi - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-sunxi-with-spl.bin \
/usr/share/u-boot/banana_pi
cd $(DIR_APP) && make distclean
else
# Raspberry Pi 3
-mkdir -pv /usr/share/u-boot/rpi
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_3_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" RPi3 - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot.bin \
/usr/share/u-boot/rpi/u-boot-rpi3.bin
cd $(DIR_APP) && install u-boot.bin /boot/u-boot-rpi3.bin
cd $(DIR_APP) && make distclean
# Raspberry Pi 4
-mkdir -pv /usr/share/u-boot/rpi
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_4_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" RPi4 - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot.bin \
/usr/share/u-boot/rpi/u-boot-rpi4.bin
cd $(DIR_APP) && install u-boot.bin /boot/u-boot-rpi4.bin
cd $(DIR_APP) && make distclean
# OrangePi Zero Plus
cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER)
cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER).tar.gz
cd $(DIR_APP)/arm-trusted-firmware-$(ATF_VER) && make PLAT=sun50i_a64 DEBUG=0 bl31
cd $(DIR_APP) && cp arm-trusted-firmware-$(ATF_VER)/build/sun50i_a64/release/bl31.bin bl31.bin
cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER)
-mkdir -pv /usr/share/u-boot/orangepi_zero_plus
cd $(DIR_APP) && make CROSS_COMPILE="" orangepi_zero_plus_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" OrangePi Zero+ - IPFire.org"!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-sunxi-with-spl.bin \
/usr/share/u-boot/orangepi_zero_plus
cd $(DIR_APP) && make distclean
cd $(DIR_APP) && rm -f bl31.bin
# Nanopi R2S
cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER)
cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER).tar.gz
cd $(DIR_APP)/arm-trusted-firmware-$(ATF_VER) && make PLAT=rk3328 ARCH=aarch64 DEBUG=0 bl31
cd $(DIR_APP) && cp arm-trusted-firmware-$(ATF_VER)/build/rk3328/release/bl31/bl31.elf bl31.elf
cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER)
-mkdir -pv /usr/share/u-boot/nanopi_r2s
cd $(DIR_APP) && make CROSS_COMPILE="" nanopi-r2s-rk3328_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R2S - IPFire.org"!' .config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config
cd $(DIR_APP) && sed -i -e 's!.*CONFIG_MISC_INIT_R.*!# CONFIG_MISC_INIT_R is not set!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \
/usr/share/u-boot/nanopi_r2s/u-boot-rockchip.bin
cd $(DIR_APP) && make distclean
# Nanopi R4S
# arm trusted firmware for rk3399 cannot build without cortex m0 gcc crosscompiler
cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz
-mkdir -pv /usr/share/u-boot/nanopi_r4s
cd $(DIR_APP) && make CROSS_COMPILE="" nanopi-r4s-rk3399_config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R4S - IPFire.org"!' .config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config
cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)"
cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \
/usr/share/u-boot/nanopi_r4s/u-boot-rockchip.bin
cd $(DIR_APP) && make distclean
endif
# create an empty 128 KB File for the u-boot env
dd if=/dev/zero of=/boot/uboot.env bs=1K count=128
# config (uEnv.txt and boot.*)
cp -vf $(DIR_SRC)/config/u-boot/* /boot/
# patch real Kernel version to uEnv.txt
sed -e "s/xxxKVERxxx/$(KVER)/g" -i /boot/uEnv.txt
else
# mkimage
ifeq "${BUILD_ARCH}" "armv6l"
cd $(DIR_APP) && make CROSS_COMPILE="" omap4_panda_config
else
cd $(DIR_APP) && make CROSS_COMPILE="" rpi_3_config
endif
cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" tools
cd $(DIR_APP) && install -v -m 755 tools/mkimage /usr/bin
endif
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink