rk3576: - support to use spl-dtb.bin build from u-boot - ddr: Add lp4_1866MHz_lp5_2736MHz bin Signed-off-by: hmz007 <hmz007@gmail.com> Change-Id: Ie75085d1e82013c988c61983737aec70ef0e562amaster
hmz007
1 year ago
parent
2fd7247988
commit
6e372e3113
@ -0,0 +1,39 @@
|
||||
[CHIP_NAME]
|
||||
NAME=RK3576
|
||||
[VERSION]
|
||||
MAJOR=1
|
||||
MINOR=100
|
||||
[CODE471_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3576_ddr_lp4_1866MHz_lp5_2736MHz_v1.09.bin
|
||||
Sleep=1
|
||||
[CODE472_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/nanopi_m5_usbplug.bin
|
||||
[LOADER_OPTION]
|
||||
NUM=3
|
||||
LOADER1=FlashBoost
|
||||
LOADER2=FlashData
|
||||
LOADER3=FlashBoot
|
||||
FlashBoost=bin/rk35/rk3576_boost_v1.03.bin
|
||||
FlashData=bin/rk35/rk3576_ddr_lp4_1866MHz_lp5_2736MHz_v1.09.bin
|
||||
FlashBoot=bin/rk35/nanopi_m5_spl-dtb.bin
|
||||
[LOADER1_PARAM]
|
||||
LOAD_ADDR=0x3FFC0000
|
||||
FLAG=0x0
|
||||
[LOADER2_PARAM]
|
||||
LOAD_ADDR=0x3FF81000
|
||||
FLAG=0x0
|
||||
[OUTPUT]
|
||||
PATH=rk3576_spl_loader_v1.09.107.bin
|
||||
IDB_PATH=rk3576_idblock_v1.09.107.img
|
||||
[SYSTEM]
|
||||
NEWIDB=true
|
||||
ALIGN=8
|
||||
[FLAG]
|
||||
CREATE_IDB=true
|
||||
471_RC4_OFF=true
|
||||
RC4_OFF=true
|
||||
CRC_OFF=true
|
||||
[BOOT1_PARAM]
|
||||
WORD_2=0x100
|
||||
@ -0,0 +1,29 @@
|
||||
[CHIP_NAME]
|
||||
NAME=RK350F
|
||||
[VERSION]
|
||||
MAJOR=1
|
||||
MINOR=1
|
||||
[CODE471_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3506b_ddr_750MHz_rt_v1.06.bin
|
||||
[CODE472_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3506_usbplug_v1.02.bin
|
||||
[LOADER_OPTION]
|
||||
NUM=2
|
||||
LOADER1=FlashData
|
||||
LOADER2=FlashBoot
|
||||
FlashData=bin/rk35/rk3506b_ddr_750MHz_rt_v1.06.bin
|
||||
FlashBoot=bin/rk35/rk3506_spl_v1.11.bin
|
||||
[LOADER2_PARAM]
|
||||
LOAD_ADDR=0x3f00000
|
||||
FLAG=0x0
|
||||
[OUTPUT]
|
||||
PATH=rk3506_spl_loader_v1.06.111.bin
|
||||
IDB_PATH=rk3506_idblock_v1.06.111.img
|
||||
[SYSTEM]
|
||||
NEWIDB=true
|
||||
[FLAG]
|
||||
471_RC4_OFF=true
|
||||
RC4_OFF=true
|
||||
CREATE_IDB=true
|
||||
@ -0,0 +1,29 @@
|
||||
[CHIP_NAME]
|
||||
NAME=RK350F
|
||||
[VERSION]
|
||||
MAJOR=1
|
||||
MINOR=1
|
||||
[CODE471_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3506_ddr_750MHz_rt_v1.06.bin
|
||||
[CODE472_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3506_usbplug_v1.02.bin
|
||||
[LOADER_OPTION]
|
||||
NUM=2
|
||||
LOADER1=FlashData
|
||||
LOADER2=FlashBoot
|
||||
FlashData=bin/rk35/rk3506_ddr_750MHz_rt_v1.06.bin
|
||||
FlashBoot=bin/rk35/rk3506_spl_v1.11.bin
|
||||
[LOADER2_PARAM]
|
||||
LOAD_ADDR=0x3f00000
|
||||
FLAG=0x0
|
||||
[OUTPUT]
|
||||
PATH=rk3506_spl_loader_v1.06.111.bin
|
||||
IDB_PATH=rk3506_idblock_v1.06.111.img
|
||||
[SYSTEM]
|
||||
NEWIDB=true
|
||||
[FLAG]
|
||||
471_RC4_OFF=true
|
||||
RC4_OFF=true
|
||||
CREATE_IDB=true
|
||||
@ -0,0 +1,39 @@
|
||||
[CHIP_NAME]
|
||||
NAME=RK3576
|
||||
[VERSION]
|
||||
MAJOR=1
|
||||
MINOR=100
|
||||
[CODE471_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3576_ddr_lp4_2112MHz_lp5_2736MHz_v1.09.bin
|
||||
Sleep=1
|
||||
[CODE472_OPTION]
|
||||
NUM=1
|
||||
Path1=bin/rk35/rk3576_usbplug_v1.04.bin
|
||||
[LOADER_OPTION]
|
||||
NUM=3
|
||||
LOADER1=FlashBoost
|
||||
LOADER2=FlashData
|
||||
LOADER3=FlashBoot
|
||||
FlashBoost=bin/rk35/rk3576_boost_v1.03.bin
|
||||
FlashData=bin/rk35/rk3576_ddr_lp4_2112MHz_lp5_2736MHz_v1.09.bin
|
||||
FlashBoot=bin/rk35/rk3576_spl_v1.07.bin
|
||||
[LOADER1_PARAM]
|
||||
LOAD_ADDR=0x3FFC0000
|
||||
FLAG=0x0
|
||||
[LOADER2_PARAM]
|
||||
LOAD_ADDR=0x3FF81000
|
||||
FLAG=0x0
|
||||
[OUTPUT]
|
||||
PATH=rk3576_download_v1.09.107.bin
|
||||
IDB_PATH=rk3576_idblock_v1.09.107.img
|
||||
[SYSTEM]
|
||||
NEWIDB=true
|
||||
ALIGN=8
|
||||
[FLAG]
|
||||
CREATE_IDB=true
|
||||
471_RC4_OFF=true
|
||||
RC4_OFF=true
|
||||
CRC_OFF=true
|
||||
[BOOT1_PARAM]
|
||||
WORD_2=0x100
|
||||
@ -1,3 +1,3 @@
|
||||
[TOS]
|
||||
TOSTA=bin/rk35/rk3506_tee_v1.27.bin
|
||||
TOSTA=bin/rk35/rk3506_tee_v2.10.bin
|
||||
ADDR=0x1000
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
[TOS]
|
||||
TOSTA=bin/rk35/rk3506_tee_ta_v1.00.bin
|
||||
TOSTA=bin/rk35/rk3506_tee_ta_v1.10.bin
|
||||
ADDR=0x3c00000
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
[COMPRESSION]
|
||||
COMPRESSION=lzma
|
||||
[TOS]
|
||||
TOSTA=bin/rv11/rv1103b_tee_ta_v1.02.bin
|
||||
TOSTA=bin/rv11/rv1103b_tee_ta_v1.03.bin
|
||||
ADDR=0x03e00000
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,633 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (c) 2024 Rockchip Electronics Co., Ltd
|
||||
#
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
#
|
||||
set -e
|
||||
|
||||
SIGN_DIR=".fit_sign"
|
||||
SIGN_OUTPUT="${SIGN_DIR}/output"
|
||||
UNPACK_UBOOT="${SIGN_DIR}/unpack_uboot"
|
||||
UNPACK_LOADER="${SIGN_DIR}/unpack_loader"
|
||||
TOOLS=$(cd `dirname $0`; pwd)
|
||||
# tools
|
||||
TOOL_MKIMAGE=${TOOLS}/mkimage
|
||||
TOOL_FIT_UNPACK=${TOOLS}/fit-unpack.sh
|
||||
TOOL_FIT_CHECK_SIGN=${TOOLS}/fit_check_sign
|
||||
TOOL_RK_SIGN=${TOOLS}/rk_sign_tool
|
||||
TOOL_BOOT_MERGER=${TOOLS}/boot_merger
|
||||
# offset
|
||||
OFFS_DATA=0x1200
|
||||
# placeholder address
|
||||
FDT_ADDR_PLACEHOLDER="0xffffff00"
|
||||
KERNEL_ADDR_PLACEHOLDER="0xffffff01"
|
||||
RAMDISK_ADDR_PLACEHOLDER="0xffffff02"
|
||||
# key
|
||||
SIGNATURE_KEY_NODE="/signature/key-dev"
|
||||
# dtb
|
||||
SPL_DTB="${UNPACK_LOADER}/u-boot-spl.dtb"
|
||||
UBOOT_DTB="${UNPACK_UBOOT}/fdt"
|
||||
UBOOT_DTB_ORIG="${UNPACK_UBOOT}/fdt_orig"
|
||||
# uboot
|
||||
ITS_UBOOT="${UNPACK_UBOOT}/image.its"
|
||||
ITB_UBOOT="${UNPACK_UBOOT}/image.itb"
|
||||
IMG_UBOOT="${SIGN_OUTPUT}/uboot.img"
|
||||
# rollback & version
|
||||
declare -A ROLLBACK_PARAMS
|
||||
declare -A VERSION_PARAMS
|
||||
|
||||
# All required tools:
|
||||
#
|
||||
# ├── boot_merger
|
||||
# ├── fit_check_sign
|
||||
# ├── fit-unpack.sh
|
||||
# ├── mkimage
|
||||
# ├── rk_sign_tool
|
||||
# └── setting.ini
|
||||
|
||||
function filt_val()
|
||||
{
|
||||
sed -n "/${1}=/s/${1}=//p" $2 | tr -d '\r' | tr -d '"'
|
||||
}
|
||||
|
||||
function help()
|
||||
{
|
||||
echo
|
||||
echo "Usage:"
|
||||
echo " $0 [args]"
|
||||
echo
|
||||
echo "Args:"
|
||||
echo " --key-dir <dir> | Mandatory"
|
||||
echo " --src-dir <dir> | Mandatory"
|
||||
echo " --out-dir <dir> | Mandatory"
|
||||
echo " --burn-key-hash | Optional"
|
||||
echo " --rollback-index <image1 n1> <image2 n2> ... | Optional"
|
||||
echo " --version <image1 n1> <image2 n2> ... | Optional"
|
||||
echo ""
|
||||
echo "Example:"
|
||||
echo " $0 --key-dir keys/ --src-dir src/ --out-dir output/ --version uboot.img 1 boot.img 3 --rollback-index uboot.img 3 boot.img 5"
|
||||
echo
|
||||
}
|
||||
|
||||
function arg_check_decimal()
|
||||
{
|
||||
if [ -z $1 ]; then
|
||||
help
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DECIMAL=`echo $1 |sed 's/[0-9]//g'`
|
||||
if [ ! -z ${DECIMAL} ]; then
|
||||
echo "ERROR: $1 is not decimal integer"
|
||||
help
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function process_args()
|
||||
{
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
--key-dir)
|
||||
ARG_KEY_DIR=$2
|
||||
RSA_PRI_KEY="${ARG_KEY_DIR}/dev.key"
|
||||
RSA_PUB_KEY="${ARG_KEY_DIR}/dev.pubkey"
|
||||
RSA_CRT_KEY="${ARG_KEY_DIR}/dev.crt"
|
||||
check_dir_exist $2
|
||||
check_rsa_keys $2
|
||||
shift 2
|
||||
;;
|
||||
--src-dir)
|
||||
ARG_SRC_DIR=$2
|
||||
check_dir_exist $2
|
||||
SIGN_CFG_DIR="${ARG_SRC_DIR}/fit_signcfg/"
|
||||
SIGN_CONFIG="${ARG_SRC_DIR}/fit_signcfg/sign.readonly_config"
|
||||
shift 2
|
||||
;;
|
||||
--out-dir)
|
||||
ARG_OUTPUT_DIR=$2
|
||||
check_dir_exist $2
|
||||
shift 2
|
||||
;;
|
||||
--rollback-index)
|
||||
shift 1
|
||||
for arg in "$@"; do
|
||||
FILE_NAME="${1%.img}"
|
||||
arg_check_decimal $2
|
||||
ROLLBACK_PARAMS["${FILE_NAME}"]="$2"
|
||||
if [[ $3 == *"--"* || -z $3 ]]; then
|
||||
shift 2
|
||||
break;
|
||||
fi
|
||||
shift 2
|
||||
done
|
||||
;;
|
||||
--version)
|
||||
shift 1
|
||||
for arg in "$@"; do
|
||||
FILE_NAME="${1%.img}"
|
||||
arg_check_decimal $2
|
||||
VERSION_PARAMS["${FILE_NAME}"]="$2"
|
||||
if [[ $3 == *"--"* || -z $3 ]]; then
|
||||
shift 2
|
||||
break;
|
||||
fi
|
||||
shift 2
|
||||
done
|
||||
;;
|
||||
--burn-key-hash)
|
||||
ARG_BURN_KEY_HASH="y"
|
||||
shift 1
|
||||
;;
|
||||
*)
|
||||
help
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "${ARG_KEY_DIR}" ] || [ -z "${ARG_SRC_DIR}" ] || [ -z "${ARG_OUTPUT_DIR}" ]; then
|
||||
help
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function check_dir_exist()
|
||||
{
|
||||
if [ ! -d $1 ]; then
|
||||
echo "ERROR: No $1 directory"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function check_file_exist()
|
||||
{
|
||||
if [ ! -f $1 ]; then
|
||||
echo "ERROR: No $1"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function check_its()
|
||||
{
|
||||
cat $1 | while read LINE
|
||||
do
|
||||
FILE=`echo ${LINE} | sed -n "/incbin/p" | awk -F '"' '{ printf $2 }' | tr -d ' '`
|
||||
if [ ! -f ${FILE} ]; then
|
||||
echo "ERROR: ${FILE} not exist"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function check_rsa_algo()
|
||||
{
|
||||
if grep -q '^CONFIG_FIT_ENABLE_RSA4096_SUPPORT=y' ${SIGN_CONFIG} ; then
|
||||
RSA_ALGO="rsa4096"
|
||||
else
|
||||
RSA_ALGO="rsa2048"
|
||||
fi
|
||||
|
||||
if ! grep -q ${RSA_ALGO} $1 ; then
|
||||
echo "ERROR: Wrong rsa 'algo' in its file. It should be ${RSA_ALGO}."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function check_rsa_keys()
|
||||
{
|
||||
if [ ! -f ${RSA_PRI_KEY} ]; then
|
||||
echo "ERROR: No ${RSA_PRI_KEY} "
|
||||
exit 1
|
||||
elif [ ! -f ${RSA_PUB_KEY} ]; then
|
||||
echo "ERROR: No ${RSA_PUB_KEY} "
|
||||
exit 1
|
||||
elif [ ! -f ${RSA_CRT_KEY} ]; then
|
||||
echo "ERROR: No ${RSA_CRT_KEY} "
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function sign_loader()
|
||||
{
|
||||
echo
|
||||
echo "==================== sign loader ===================="
|
||||
cp ${INI_PATH} ${UNPACK_LOADER}/
|
||||
INI_PATH=`find ${UNPACK_LOADER}/ -name 'MINIALL.ini'`
|
||||
sed -i "s|PATH=|PATH=${SIGN_OUTPUT}\/|g" ${INI_PATH}
|
||||
|
||||
# code471
|
||||
DDR=`grep "Path1=bin/[^ ]*_ddr_" ${INI_PATH} | tr -d ' '`
|
||||
if [ ! -z ${DDR} ]; then
|
||||
DDR=${DDR/*=/}
|
||||
NEW_DDR=`find ${UNPACK_LOADER}/ -name '*ddr*bin' | head -n 1`
|
||||
echo "${DDR} ${NEW_DDR}"
|
||||
sed -i "s|${DDR}|${NEW_DDR}|g" ${INI_PATH}
|
||||
fi
|
||||
# code472
|
||||
USBPLUG=`grep "Path1=bin/[^ ]*_usbplug_" ${INI_PATH} | tr -d ' '`
|
||||
if [ ! -z ${USBPLUG} ]; then
|
||||
USBPLUG=${USBPLUG/*=/}
|
||||
NEW_USBPLUG=`find ${UNPACK_LOADER}/ -name '*usbplug*bin' | head -n 1`
|
||||
echo "${USBPLUG} ${NEW_USBPLUG}"
|
||||
sed -i "s|${USBPLUG}|${NEW_USBPLUG}|g" ${INI_PATH}
|
||||
fi
|
||||
# FlashData
|
||||
FlashData=`grep "FlashData=bin/[^ ]*_ddr_" ${INI_PATH} | tr -d ' '`
|
||||
if [ ! -z ${FlashData} ]; then
|
||||
FlashData=${FlashData/*=/}
|
||||
NEW_FlashData=`find ${UNPACK_LOADER}/ -name '*FlashData*bin' | head -n 1`
|
||||
echo "${FlashData} ${NEW_FlashData}"
|
||||
sed -i "s|${FlashData}|${NEW_FlashData}|g" ${INI_PATH}
|
||||
fi
|
||||
# FlashBoot
|
||||
FlashBoot=`grep "FlashBoot=bin/[^ ]*_spl_" ${INI_PATH} | tr -d ' '`
|
||||
if [ ! -z ${FlashBoot} ]; then
|
||||
FlashBoot=${FlashBoot/*=/}
|
||||
NEW_FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
|
||||
echo "${FlashBoot} ${NEW_FlashBoot}"
|
||||
sed -i "s|${FlashBoot}|${NEW_FlashBoot}|g" ${INI_PATH}
|
||||
fi
|
||||
# FlashBoost
|
||||
FlashBoost=`grep "FlashBoost=bin/[^ ]*_boost_" ${INI_PATH} | tr -d ' '`
|
||||
if [ ! -z ${FlashBoost} ]; then
|
||||
FlashBoost=${FlashBoost/*=/}
|
||||
NEW_FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoost*bin' | head -n 1`
|
||||
echo "${FlashBoost} ${NEW_FlashBoot}"
|
||||
sed -i "s|${FlashBoost}|${NEW_FlashBoot}|g" ${INI_PATH}
|
||||
fi
|
||||
|
||||
${TOOL_BOOT_MERGER} ${INI_PATH}
|
||||
|
||||
# chip name
|
||||
CHIP_PATTERN='^CONFIG_ROCKCHIP_[R,P][X,V,K][0-9ESXB]{1,5}'
|
||||
RKCHIP=`egrep -o ${CHIP_PATTERN} ${SIGN_CONFIG}`
|
||||
RKCHIP=${RKCHIP##*_}
|
||||
CHIP_NAME=`filt_val "CONFIG_CHIP_NAME" ${SIGN_CONFIG}`
|
||||
if [ -z "${CHIP_NAME}" ]; then
|
||||
CHIP_NAME=${RKCHIP}
|
||||
fi
|
||||
|
||||
# sign
|
||||
${TOOL_RK_SIGN} cc --chip ${CHIP_NAME: 2: 6}
|
||||
${TOOL_RK_SIGN} lk --key ${RSA_PRI_KEY} --pubkey ${RSA_PUB_KEY}
|
||||
if ls ${SIGN_OUTPUT}/*loader*.bin >/dev/null 2>&1 ; then
|
||||
${TOOL_RK_SIGN} sl --loader ${SIGN_OUTPUT}/*loader*.bin
|
||||
fi
|
||||
if ls ${SIGN_OUTPUT}/*download*.bin >/dev/null 2>&1 ; then
|
||||
${TOOL_RK_SIGN} sl --loader ${SIGN_OUTPUT}/*download*.bin
|
||||
fi
|
||||
if ls ${SIGN_OUTPUT}/*idblock*.img >/dev/null 2>&1 ; then
|
||||
${TOOL_RK_SIGN} sb --idb ${SIGN_OUTPUT}/*idblock*.img
|
||||
fi
|
||||
}
|
||||
|
||||
function sign_uboot()
|
||||
{
|
||||
ARG_ROLLBACK_IDX_UBOOT=${ROLLBACK_PARAMS["uboot"]:-0}
|
||||
ARG_VER_UBOOT=${VERSION_PARAMS["uboot"]:-0}
|
||||
|
||||
echo
|
||||
echo "==================== sign uboot.img: version=${ARG_VER_UBOOT}, rollback-index=${ARG_ROLLBACK_IDX_UBOOT} ===================="
|
||||
if ! grep -q '^CONFIG_SPL_FIT_SIGNATURE=y' ${SIGN_CONFIG} ; then
|
||||
echo "ERROR: CONFIG_SPL_FIT_SIGNATURE is disabled"
|
||||
exit 1
|
||||
fi
|
||||
# spl dtb
|
||||
FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
|
||||
TOTALSIZE=`fdtdump -s ${FlashBoot} | grep totalsize | awk '{ print $4 }' | tr -d "()"`
|
||||
OFFSET=`fdtdump -s ${FlashBoot} | head -1 | awk -F ":" '{ print $2 }' | sed "s/ found fdt at offset //g" | tr -d " "`
|
||||
if [ -z ${OFFSET} ]; then
|
||||
echo "ERROR: invalid ${FlashBoot} , unable to find fdt blob"
|
||||
fi
|
||||
OFFSET=`printf %d ${OFFSET} ` # hex -> dec
|
||||
|
||||
dd if=${FlashBoot} of=${SPL_DTB} bs=1 skip=${OFFSET} count=${TOTALSIZE} >/dev/null 2>&1
|
||||
|
||||
# rollback-index
|
||||
if grep -q '^CONFIG_SPL_FIT_ROLLBACK_PROTECT=y' ${SIGN_CONFIG} ; then
|
||||
ARG_SPL_ROLLBACK_PROTECT="y"
|
||||
if [ ${ARG_ROLLBACK_IDX_UBOOT} -eq 0 ]; then
|
||||
echo "ERROR: No arg \"--rollback-index uboot.img <n>\""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
|
||||
VERSION=`grep 'rollback-index' ${ITS_UBOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
|
||||
sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_UBOOT}>;/g" ${ITS_UBOOT}
|
||||
fi
|
||||
|
||||
if ! fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
|
||||
${TOOL_MKIMAGE} -f ${ITS_UBOOT} -k ${ARG_KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
|
||||
echo "## Adding RSA public key into ${UBOOT_DTB}"
|
||||
fi
|
||||
|
||||
if fdtget -l ${SPL_DTB} /signature >/dev/null 2>&1 ; then
|
||||
fdtput -r ${SPL_DTB} /signature
|
||||
fi
|
||||
|
||||
# sign
|
||||
${TOOL_MKIMAGE} -f ${ITS_UBOOT} -k ${ARG_KEY_DIR} -K ${SPL_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
|
||||
|
||||
# burn-key-hash
|
||||
if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
|
||||
if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash 0x1
|
||||
else
|
||||
echo "ERROR: --burn-key-hash requires CONFIG_SPL_FIT_HW_CRYPTO=y"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# rollback-index read back check
|
||||
if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
|
||||
VERSION=`fdtget -ti ${ITB_UBOOT} /configurations/conf rollback-index`
|
||||
if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_UBOOT}" ]; then
|
||||
echo "ERROR: Failed to set rollback-index for ${ITB_UBOOT}";
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
if [ ! -z "${ARG_ROLLBACK_IDX_UBOOT}" ]; then
|
||||
echo "WARNING: ignore \"--rollback-index uboot.img ${ARG_ROLLBACK_IDX_UBOOT}\" due to CONFIG_SPL_FIT_ROLLBACK_PROTECT=n"
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
# burn-key-hash read back check
|
||||
if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
|
||||
if [ "`fdtget -ti ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash`" != "1" ]; then
|
||||
echo "ERROR: Failed to set burn-key-hash for ${SPL_DTB}";
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# host check signature
|
||||
${TOOL_FIT_CHECK_SIGN} -f ${ITB_UBOOT} -k ${SPL_DTB} -s
|
||||
|
||||
# minimize u-boot-spl.dtb: clear as 0 but not remove property.
|
||||
if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
|
||||
if grep -q '^CONFIG_SPL_ROCKCHIP_CRYPTO_V1=y' ${SIGN_CONFIG} ; then
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
|
||||
fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
|
||||
else
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
|
||||
fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
|
||||
fi
|
||||
else
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
|
||||
fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
|
||||
fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
|
||||
fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
|
||||
fi
|
||||
|
||||
# repack spl
|
||||
dd if=${SPL_DTB} of=${FlashBoot} bs=${OFFSET} seek=1 >/dev/null 2>&1
|
||||
|
||||
if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
|
||||
echo "## ${SPL_DTB}: burn-key-hash=1"
|
||||
fi
|
||||
|
||||
ITB_MAX_NUM=`sed -n "/CONFIG_SPL_FIT_IMAGE_MULTIPLE/p" ${SIGN_CONFIG} | awk -F "=" '{ print $2 }'`
|
||||
ITB_MAX_KB=`sed -n "/CONFIG_SPL_FIT_IMAGE_KB/p" ${SIGN_CONFIG} | awk -F "=" '{ print $2 }'`
|
||||
ITB_MAX_BS=$((ITB_MAX_KB*1024))
|
||||
ITB_BS=`ls -l ${ITB_UBOOT} | awk '{ print $5 }'`
|
||||
|
||||
if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
|
||||
echo "ERROR: pack uboot.img failed! ${ITB_UBOOT} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for ((i = 0; i < ${ITB_MAX_NUM}; i++));
|
||||
do
|
||||
cat ${ITB_UBOOT} >> ${IMG_UBOOT}
|
||||
truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
|
||||
done
|
||||
}
|
||||
|
||||
function sign_fit()
|
||||
{
|
||||
SRC_FILE="$1.img"
|
||||
UNPACK_DIR="${SIGN_DIR}/unpack_$1"
|
||||
ITS_FILE="${UNPACK_DIR}/image.its"
|
||||
ITB_FILE="${UNPACK_DIR}/image.itb"
|
||||
IMG_FILE="${SIGN_OUTPUT}/${SRC_FILE}"
|
||||
ARG_VERSION=${VERSION_PARAMS["$1"]:-0}
|
||||
ARG_ROLLBACK_IDX=${ROLLBACK_PARAMS["$1"]:-0}
|
||||
|
||||
echo
|
||||
echo "==================== sign ${SRC_FILE}: version=${ARG_VERSION}, rollback-index=${ARG_ROLLBACK_IDX} ===================="
|
||||
cp ${UBOOT_DTB_ORIG} ${UBOOT_DTB}
|
||||
rm -rf ${UNPACK_DIR}
|
||||
${TOOL_FIT_UNPACK} -f ${ARG_SRC_DIR}/${SRC_FILE} -o ${UNPACK_DIR}
|
||||
check_rsa_algo ${ITS_FILE}
|
||||
|
||||
if ! grep -q '^CONFIG_FIT_SIGNATURE=y' ${SIGN_CONFIG} ; then
|
||||
echo "ERROR: CONFIG_FIT_SIGNATURE is disabled"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# ARG_ROLLBACK_IDX default value is 0.
|
||||
if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' ${SIGN_CONFIG} ; then
|
||||
ARG_ROLLBACK_PROTECT="y"
|
||||
if ! grep -q '^CONFIG_OPTEE_CLIENT=y' ${SIGN_CONFIG} ; then
|
||||
if [ ${ARG_ROLLBACK_IDX} -gt 0 ]; then
|
||||
echo "ERROR: Don't support \"--rollback-index ${SRC_FILE} <n>\" due to CONFIG_FIT_ROLLBACK_PROTECT=y but CONFIG_OPTEE_CLIENT=n"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
if [ ${ARG_ROLLBACK_IDX} -eq 0 ]; then
|
||||
echo "ERROR: No arg \"--rollback-index ${SRC_FILE} <n>\""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ ${ARG_ROLLBACK_IDX} -gt 0 ]; then
|
||||
echo "WARNING: ignore \"--rollback-index ${SRC_FILE} ${ARG_ROLLBACK_IDX}\" due to CONFIG_FIT_ROLLBACK_PROTECT=n"
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
# Limit as same.
|
||||
if [ -z "${PREV_ARG_ROLLBACK_IDX}" ]; then
|
||||
PREV_ARG_ROLLBACK_IDX=${ARG_ROLLBACK_IDX}
|
||||
else
|
||||
if [ "${PREV_ARG_ROLLBACK_IDX}" != "${ARG_ROLLBACK_IDX}" ]; then
|
||||
echo "ERROR: ${SRC_FILE} rollback version should be the same as previous: ${PREV_ARG_ROLLBACK_IDX}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# fixup for non-thunderboot
|
||||
FDT_ADDR_R=`filt_val "fdt_addr_r" ${SIGN_CONFIG}`
|
||||
KERNEL_ADDR_R=`filt_val "kernel_addr_r" ${SIGN_CONFIG}`
|
||||
RAMDISK_ADDR_R=`filt_val "ramdisk_addr_r" ${SIGN_CONFIG}`
|
||||
sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g" ${ITS_FILE}
|
||||
sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g" ${ITS_FILE}
|
||||
sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RAMDISK_ADDR_R}/g" ${ITS_FILE}
|
||||
|
||||
if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
|
||||
VERSION=`grep 'rollback-index' ${ITS_FILE} | awk -F '=' '{ printf $2 }' | tr -d ' '`
|
||||
sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX}>;/g" ${ITS_FILE}
|
||||
fi
|
||||
|
||||
# sign
|
||||
${TOOL_MKIMAGE} -f ${ITS_FILE} -k ${ARG_KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_FILE} -v ${ARG_VERSION}
|
||||
|
||||
# rollback-index read back check
|
||||
if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
|
||||
VERSION=`fdtget -ti ${ITB_FILE} /configurations/conf rollback-index`
|
||||
if [ "${VERSION}" != "${ARG_ROLLBACK_IDX}" ]; then
|
||||
echo "ERROR: Failed to set rollback-index for ${ITB_FILE}";
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# host check signature
|
||||
${TOOL_FIT_CHECK_SIGN} -f ${ITB_FILE} -k ${UBOOT_DTB}
|
||||
|
||||
# minimize u-boot.dtb: clearn as 0 but not remove property.
|
||||
if grep -q '^CONFIG_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
|
||||
if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' ${SIGN_CONFIG} ; then
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
|
||||
else
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
|
||||
fi
|
||||
else
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
|
||||
fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
|
||||
fi
|
||||
fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@c
|
||||
fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@np
|
||||
|
||||
cp ${ITB_FILE} ${IMG_FILE}
|
||||
}
|
||||
|
||||
function unpack_loader_uboot()
|
||||
{
|
||||
echo
|
||||
echo "==================== unpack files ===================="
|
||||
# unpack loader
|
||||
rm -rf ${UNPACK_LOADER}/ && mkdir -p ${UNPACK_LOADER}/
|
||||
${TOOL_BOOT_MERGER} unpack -i ${LOADER_NAME} -o ${UNPACK_LOADER}/
|
||||
|
||||
# csum spl
|
||||
FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
|
||||
SIZE=`grep 'spl_size=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
|
||||
dd if=${FlashBoot} of=${UNPACK_LOADER}/u-boot-spl-nodtb.bin bs=1 skip=0 count=${SIZE} >/dev/null 2>&1
|
||||
CSUM1=`grep 'spl_sha256sum=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
|
||||
CSUM2=`sha256sum ${UNPACK_LOADER}/u-boot-spl-nodtb.bin | awk '{ print $1 }'`
|
||||
if [ "${CSUM1}" != "${CSUM2}" ]; then
|
||||
echo "ERROR: SHA256 checksum is not match:"
|
||||
echo " ${CSUM1}: ${LOADER_NAME}/"
|
||||
echo " ${CSUM2}: ${SIGN_CONFIG} history"
|
||||
echo
|
||||
echo "Build info of ${SIGN_CONFIG}:"
|
||||
echo " ${BUILD}"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# unpack uboot.img
|
||||
rm -rf ${UNPACK_UBOOT}/
|
||||
${TOOL_FIT_UNPACK} -f ${ARG_SRC_DIR}/uboot.img -o ${UNPACK_UBOOT}
|
||||
|
||||
# csum uboot
|
||||
CSUM1=`grep 'uboot_sha256sum=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
|
||||
CSUM2=`sha256sum ${UNPACK_UBOOT}/uboot | awk '{ print $1 }'`
|
||||
BUILD=`grep 'BUILD:' ${SIGN_CONFIG}`
|
||||
if [ "${CSUM1}" != "${CSUM2}" ]; then
|
||||
echo "ERROR: SHA256 checksum is not match:"
|
||||
echo " ${CSUM1}: uboot in ${ARG_SRC_DIR}/uboot.img"
|
||||
echo " ${CSUM2}: in ${SIGN_CONFIG}"
|
||||
echo
|
||||
echo "Build info of ${SIGN_CONFIG}:"
|
||||
echo " ${BUILD}"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
check_rsa_algo ${ITS_UBOOT}
|
||||
if fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
|
||||
fdtput -r ${UBOOT_DTB} /signature
|
||||
fi
|
||||
cp ${UBOOT_DTB} ${UBOOT_DTB_ORIG}
|
||||
}
|
||||
|
||||
function prepare()
|
||||
{
|
||||
if [ ! -d ${SIGN_CFG_DIR} ]; then
|
||||
echo "ERROR: No ${SIGN_CFG_DIR} directory"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f ${SIGN_CONFIG} ]; then
|
||||
echo "ERROR: No ${SIGN_CONFIG} file"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f ${ARG_SRC_DIR}/uboot.img ]; then
|
||||
echo "ERROR: No ${ARG_SRC_DIR}/uboot.img file"
|
||||
exit 1
|
||||
fi
|
||||
INI_PATH=`find ${SIGN_CFG_DIR} -name 'MINIALL.ini' | head -n 1`
|
||||
if [ -z "${INI_PATH}" ]; then
|
||||
echo "ERROR: No platform MINIALL.ini file"
|
||||
exit 1
|
||||
fi
|
||||
LOADER_NAME=`find ${ARG_SRC_DIR} -name '*loader*bin' | head -n 1`
|
||||
if [ -z "${LOADER_NAME}" ]; then
|
||||
LOADER_NAME=`find ${ARG_SRC_DIR} -name '*download*.bin' | head -n 1`
|
||||
fi
|
||||
if [ -z "${LOADER_NAME}" ]; then
|
||||
echo "ERROR: No platform loader or download found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -rf ${SIGN_DIR} && mkdir -p ${SIGN_OUTPUT}
|
||||
}
|
||||
|
||||
function finish()
|
||||
{
|
||||
echo
|
||||
echo "Rollback-Index:"
|
||||
for FILE in ${SIGN_OUTPUT}/*.img; do
|
||||
if file ${FILE} | grep -q 'Device Tree Blob' ; then
|
||||
VERSION=`fdtget -ti ${FILE} /configurations/conf rollback-index`
|
||||
NAME=`basename ${FILE}`
|
||||
echo " - ${NAME}=${VERSION}"
|
||||
fi
|
||||
done
|
||||
echo
|
||||
echo "OK. Signed images are ready in ${ARG_OUTPUT_DIR}:"
|
||||
ls ${SIGN_OUTPUT}
|
||||
mv ${SIGN_OUTPUT}/* ${ARG_OUTPUT_DIR}/
|
||||
rm -rf ${SIGN_DIR}/ data2sign*
|
||||
echo
|
||||
}
|
||||
|
||||
function main()
|
||||
{
|
||||
prepare
|
||||
unpack_loader_uboot
|
||||
|
||||
for FILE in ${ARG_SRC_DIR}/*.img; do
|
||||
if echo ${FILE} | grep -q "uboot.img"; then
|
||||
continue;
|
||||
fi
|
||||
if file ${FILE} | grep -q 'Device Tree Blob' ; then
|
||||
FILE=$(basename "${FILE}" .img)
|
||||
sign_fit ${FILE}
|
||||
fi
|
||||
done
|
||||
|
||||
sign_uboot
|
||||
sign_loader
|
||||
finish
|
||||
}
|
||||
|
||||
process_args $*
|
||||
main
|
||||
@ -0,0 +1,165 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd
|
||||
#
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
#
|
||||
set -e
|
||||
|
||||
function usage()
|
||||
{
|
||||
echo
|
||||
echo "usage:"
|
||||
echo " $0 -f [fit/itb] -o [out]"
|
||||
echo
|
||||
}
|
||||
|
||||
function args_process()
|
||||
{
|
||||
if [ $# -ne 4 -a $# -ne 2 ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
-f)
|
||||
ITB=$2
|
||||
shift 2
|
||||
;;
|
||||
-o)
|
||||
OUT=$2
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ ! -f ${ITB} ]; then
|
||||
echo "ERROR: No ${ITB}"
|
||||
exit 1
|
||||
elif ! file ${ITB} | grep 'Device Tree Blob' ; then
|
||||
echo "ERROR: ${ITB} is not FIT image"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z ${OUT} ]; then
|
||||
OUT="out"
|
||||
fi
|
||||
}
|
||||
|
||||
unpack_itb()
|
||||
{
|
||||
mkdir -p ${OUT}
|
||||
echo "Unpack to directory ${OUT}:"
|
||||
|
||||
for NAME in `fdtget -l ${ITB} /images`
|
||||
do
|
||||
# generate ITB
|
||||
NODE="/images/${NAME}"
|
||||
OFFS=`fdtget -ti ${ITB} ${NODE} data-position`
|
||||
SIZE=`fdtget -ti ${ITB} ${NODE} data-size`
|
||||
if [ -z ${OFFS} ]; then
|
||||
continue;
|
||||
fi
|
||||
|
||||
if [ ${SIZE} -ne 0 ]; then
|
||||
dd if=${ITB} of=${OUT}/${NAME} bs=${SIZE} count=1 skip=${OFFS} iflag=skip_bytes >/dev/null 2>&1
|
||||
else
|
||||
touch ${OUT}/${NAME}
|
||||
fi
|
||||
|
||||
# hash verify
|
||||
ALGO=`fdtget -ts ${ITB} ${NODE}/hash algo`
|
||||
if [ -z ${ALGO} ]; then
|
||||
printf " %-20s: %d bytes" ${NAME} ${SIZE}
|
||||
else
|
||||
VALUE=`fdtget -tx ${ITB} ${NODE}/hash value`
|
||||
VALUE=`echo " "${VALUE} | sed "s/ / 0x/g"`
|
||||
CSUM=`"${ALGO}"sum ${OUT}/${NAME} | awk '{ print $1}'`
|
||||
|
||||
HASH=""
|
||||
for((i=1;;i++));
|
||||
do
|
||||
HEX=`echo ${VALUE} | awk -v idx=$i '{ print $idx }'`
|
||||
if [ -z ${HEX} ]; then
|
||||
break;
|
||||
fi
|
||||
|
||||
HEX=`printf "%08x" ${HEX}`
|
||||
HASH="${HASH}${HEX}"
|
||||
done
|
||||
|
||||
printf " %-20s: %d bytes... %s" ${NAME} ${SIZE} ${ALGO}
|
||||
if [ "${CSUM}" == "${HASH}" -o ${SIZE} -eq 0 ]; then
|
||||
echo "+"
|
||||
else
|
||||
echo "-"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
echo
|
||||
}
|
||||
|
||||
function gen_its()
|
||||
{
|
||||
ITS=${OUT}/image.its
|
||||
TMP_ITB=${OUT}/image.tmp
|
||||
|
||||
# add placeholder
|
||||
cp -a ${ITB} ${TMP_ITB}
|
||||
|
||||
# data and digest value
|
||||
for NAME in `fdtget -l ${ITB} /images`; do
|
||||
COMPRESSION=`fdtget -ts ${ITB} /images/${NAME} compression`
|
||||
if [ "${COMPRESSION}" == "gzip" ] && fdtget -l "${TMP_ITB}" /images/${NAME}/digest >/dev/null 2>&1; then
|
||||
fdtput -t s ${TMP_ITB} /images/${NAME} data "/INCBIN/(${NAME}.gz)"
|
||||
|
||||
mv ${OUT}/${NAME} ${OUT}/${NAME}.gz
|
||||
gzip -dk ${OUT}/${NAME}.gz
|
||||
openssl dgst -sha256 -binary -out ${OUT}/${NAME}.digest ${OUT}/${NAME}
|
||||
fdtput -t s ${TMP_ITB} /images/${NAME}/digest digest "/INCBIN/(${NAME}.digest)"
|
||||
elif [ "${COMPRESSION}" == "lzma" ] && fdtget -l "${TMP_ITB}" /images/${NAME}/digest >/dev/null 2>&1; then
|
||||
fdtput -t s ${TMP_ITB} /images/${NAME} data "/INCBIN/(${NAME}.lzma)"
|
||||
|
||||
SIZE=`ls -l ${OUT}/${NAME} | awk '{ print $5 }'`
|
||||
SIZE=$(echo "obase=10;$(($SIZE-4))"|bc)
|
||||
cp ${OUT}/${NAME} ${OUT}/${NAME}.lzma.bak
|
||||
dd if=${OUT}/${NAME} of=${OUT}/${NAME}.lzma bs=${SIZE} count=1 >/dev/null 2>&1
|
||||
lzma -df ${OUT}/${NAME}.lzma
|
||||
openssl dgst -sha256 -binary -out ${OUT}/${NAME}.digest ${OUT}/${NAME}
|
||||
mv ${OUT}/${NAME}.lzma.bak ${OUT}/${NAME}.lzma
|
||||
fdtput -t s ${TMP_ITB} /images/${NAME}/digest digest "/INCBIN/(${NAME}.digest)"
|
||||
else
|
||||
fdtput -t s ${TMP_ITB} /images/${NAME} data "/INCBIN/(${NAME})"
|
||||
fi
|
||||
done
|
||||
|
||||
dtc -I dtb -O dts ${TMP_ITB} -o ${ITS}
|
||||
rm -f ${TMP_ITB}
|
||||
|
||||
# fixup placeholder: data = "/INCBIN/(...)"; -> data = /incbin/("...");
|
||||
sed -i "s/\"\/INCBIN\/(\(.*\))\"/\/incbin\/(\"\1\")/" ${ITS}
|
||||
|
||||
# remove
|
||||
sed -i "/memreserve/d" ${ITS}
|
||||
sed -i "/timestamp/d" ${ITS}
|
||||
sed -i "/data-size/d" ${ITS}
|
||||
sed -i "/data-position/d" ${ITS}
|
||||
sed -i "/value/d" ${ITS}
|
||||
sed -i "/hashed-strings/d" ${ITS}
|
||||
sed -i "/hashed-nodes/d" ${ITS}
|
||||
sed -i "/signer-version/d" ${ITS}
|
||||
sed -i "/signer-name/d" ${ITS}
|
||||
sed -i "/version/d" ${ITS}
|
||||
sed -i "/totalsize/d" ${ITS}
|
||||
sed -i "s/digest =/value =/g" ${ITS}
|
||||
}
|
||||
|
||||
args_process $*
|
||||
unpack_itb
|
||||
gen_its
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Loading…
Reference in new issue