You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
119 lines
2.9 KiB
119 lines
2.9 KiB
#!/bin/bash
|
|
#
|
|
# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
set -e
|
|
|
|
# [Keys]
|
|
# mkdir -p keys
|
|
# openssl genpkey -algorithm RSA -out keys/dev.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
|
|
# openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
|
|
# openssl rsa -in keys/dev.key -pubout -out keys/dev.pubkey
|
|
# [Sign]
|
|
# openssl dgst -sha256 -sign keys/dev.key -sigopt rsa_padding_mode:pss -out sha256-rsa2048.sign fit/boot.data2sign
|
|
|
|
IMG_UBOOT="uboot.img"
|
|
IMG_BOOT="boot.img"
|
|
|
|
function usage_resign()
|
|
{
|
|
echo
|
|
echo "usage:"
|
|
echo " $0 -f [itb] -s [sig]"
|
|
echo
|
|
}
|
|
|
|
function fit_resign()
|
|
{
|
|
if [ $# -ne 4 ]; then
|
|
usage_resign
|
|
exit 1
|
|
fi
|
|
|
|
while [ $# -gt 0 ]; do
|
|
case $1 in
|
|
-f)
|
|
ITB=$2
|
|
shift 2
|
|
;;
|
|
-s)
|
|
SIG=$2
|
|
shift 2
|
|
;;
|
|
*)
|
|
usage_resign
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ ! -f ${ITB} ]; then
|
|
echo "ERROR: No ${ITB}"
|
|
exit 1
|
|
elif ! file ${ITB} | grep 'Device Tree Blob' ; then
|
|
echo "ERROR: ${ITB} is not FIT image"
|
|
exit 1
|
|
elif [ ! -f ${SIG} ]; then
|
|
echo "ERROR: No ${SIG}"
|
|
exit 1
|
|
fi
|
|
|
|
copies=`strings ${ITB} | grep "signer-version" | wc -l`
|
|
if [ ${copies} -ne 1 ]; then
|
|
echo "ERROR: ${ITB} seems not a itb but a image, ${copies}"
|
|
exit 1
|
|
fi
|
|
|
|
SIG_SZ=`ls -l ${SIG} | awk '{ print $5 }'`
|
|
LEN=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/LEN:/p" | awk '{ print $2 }'`
|
|
OFF=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/OFF:/p" | awk '{ print $2 }'`
|
|
END=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/END:/p" | awk '{ print $2 }'`
|
|
|
|
if [ -z ${LEN} ]; then
|
|
echo "ERROR: No signature in ${ITB}"
|
|
exit 1
|
|
strings uboot.img | grep "rollback-index" | wc -l
|
|
elif [ "${SIG_SZ}" -ne "${LEN}" ]; then
|
|
echo "ERROR: ${SIG} size ${SIG_SZ} != ${ITB} Signature size ${LEN}"
|
|
exit 1
|
|
fi
|
|
|
|
dd if=${ITB} of=${ITB}.half1 count=1 bs=${OFF}
|
|
dd if=${ITB} of=${ITB}.half2 skip=1 ibs=${END}
|
|
|
|
ITB_RESIGN="${ITB}.resign"
|
|
cat ${ITB}.half1 > ${ITB_RESIGN}
|
|
cat ${SIG} >> ${ITB_RESIGN}
|
|
cat ${ITB}.half2 >> ${ITB_RESIGN}
|
|
echo
|
|
|
|
if fdtget -l ${ITB_RESIGN} /images/uboot >/dev/null 2>&1 ; then
|
|
ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'`
|
|
ITB_MAX_KB=`sed -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'`
|
|
ITB_MAX_BS=$((ITB_MAX_KB*1024))
|
|
ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'`
|
|
if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
|
|
echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
|
|
exit 1
|
|
fi
|
|
|
|
rm -f ${IMG_UBOOT}
|
|
for ((i = 0; i < ${ITB_MAX_NUM}; i++));
|
|
do
|
|
cat ${ITB_RESIGN} >> ${IMG_UBOOT}
|
|
truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
|
|
done
|
|
echo "Image(re-signed): ${IMG_UBOOT} is ready"
|
|
else
|
|
cp ${ITB_RESIGN} ${IMG_BOOT}
|
|
echo "Image(re-signed): ${IMG_BOOT} is ready"
|
|
fi
|
|
|
|
rm -f ${ITB}.half1 ${ITB}.half2 ${ITB_RESIGN}
|
|
}
|
|
|
|
fit_resign $*
|
|
|