Lines Matching +full:- +full:- +full:build +full:- +full:dir
5 # SPDX-License-Identifier: GPL-2.0
7 set -e
16 TOOL_FIT_UNPACK=${TOOLS}/fit-unpack.sh
27 SIGNATURE_KEY_NODE="/signature/key-dev"
29 SPL_DTB="${UNPACK_LOADER}/u-boot-spl.dtb"
37 declare -A ROLLBACK_PARAMS
38 declare -A VERSION_PARAMS
44 # ├── fit-unpack.sh
51 sed -n "/${1}=/s/${1}=//p" $2 | tr -d '\r' | tr -d '"'
61 echo " --key-dir <dir> | Mandatory"
62 echo " --src-dir <dir> | Mandatory"
63 echo " --out-dir <dir> | Mandatory"
64 echo " --burn-key-hash | Optional"
65 echo " --rollback-index <image1 n1> <image2 n2> ... | Optional"
66 echo " --version <image1 n1> <image2 n2> ... | Optional"
69 …echo " $0 --key-dir keys/ --src-dir src/ --out-dir output/ --version uboot.img 1 boot.img 3 -…
75 if [ -z $1 ]; then
80 DECIMAL=`echo $1 |sed 's/[0-9]//g'`
81 if [ ! -z ${DECIMAL} ]; then
90 while [ $# -gt 0 ]; do
92 --key-dir)
101 --src-dir)
108 --out-dir)
113 --rollback-index)
119 if [[ $3 == *"--"* || -z $3 ]]; then
126 --version)
132 if [[ $3 == *"--"* || -z $3 ]]; then
139 --burn-key-hash)
150 if [ -z "${ARG_KEY_DIR}" ] || [ -z "${ARG_SRC_DIR}" ] || [ -z "${ARG_OUTPUT_DIR}" ]; then
158 if [ ! -d $1 ]; then
166 if [ ! -f $1 ]; then
176 FILE=`echo ${LINE} | sed -n "/incbin/p" | awk -F '"' '{ printf $2 }' | tr -d ' '`
177 if [ ! -f ${FILE} ]; then
186 if grep -q '^CONFIG_FIT_ENABLE_RSA4096_SUPPORT=y' ${SIGN_CONFIG} ; then
192 if ! grep -q ${RSA_ALGO} $1 ; then
200 if [ ! -f ${RSA_PRI_KEY} ]; then
203 elif [ ! -f ${RSA_PUB_KEY} ]; then
206 elif [ ! -f ${RSA_CRT_KEY} ]; then
217 INI_PATH=`find ${UNPACK_LOADER}/ -name 'MINIALL.ini'`
218 sed -i "s|PATH=|PATH=${SIGN_OUTPUT}\/|g" ${INI_PATH}
221 DDR=`grep "Path1=bin/[^ ]*_ddr_" ${INI_PATH} | tr -d ' '`
222 if [ ! -z ${DDR} ]; then
224 NEW_DDR=`find ${UNPACK_LOADER}/ -name '*ddr*bin' | head -n 1`
226 sed -i "s|${DDR}|${NEW_DDR}|g" ${INI_PATH}
229 USBPLUG=`grep "Path1=bin/[^ ]*_usbplug_" ${INI_PATH} | tr -d ' '`
230 if [ ! -z ${USBPLUG} ]; then
232 NEW_USBPLUG=`find ${UNPACK_LOADER}/ -name '*usbplug*bin' | head -n 1`
234 sed -i "s|${USBPLUG}|${NEW_USBPLUG}|g" ${INI_PATH}
237 FlashData=`grep "FlashData=bin/[^ ]*_ddr_" ${INI_PATH} | tr -d ' '`
238 if [ ! -z ${FlashData} ]; then
240 NEW_FlashData=`find ${UNPACK_LOADER}/ -name '*FlashData*bin' | head -n 1`
242 sed -i "s|${FlashData}|${NEW_FlashData}|g" ${INI_PATH}
245 FlashBoot=`grep "FlashBoot=bin/[^ ]*_spl_" ${INI_PATH} | tr -d ' '`
246 if [ ! -z ${FlashBoot} ]; then
248 NEW_FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
250 sed -i "s|${FlashBoot}|${NEW_FlashBoot}|g" ${INI_PATH}
253 FlashBoost=`grep "FlashBoost=bin/[^ ]*_boost_" ${INI_PATH} | tr -d ' '`
254 if [ ! -z ${FlashBoost} ]; then
256 NEW_FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoost*bin' | head -n 1`
258 sed -i "s|${FlashBoost}|${NEW_FlashBoot}|g" ${INI_PATH}
264 CHIP_PATTERN='^CONFIG_ROCKCHIP_[R,P][X,V,K][0-9ESXB]{1,5}'
265 RKCHIP=`egrep -o ${CHIP_PATTERN} ${SIGN_CONFIG}`
268 if [ -z "${CHIP_NAME}" ]; then
273 ${TOOL_RK_SIGN} cc --chip ${CHIP_NAME: 2: 6}
274 ${TOOL_RK_SIGN} lk --key ${RSA_PRI_KEY} --pubkey ${RSA_PUB_KEY}
276 ${TOOL_RK_SIGN} sl --loader ${SIGN_OUTPUT}/*loader*.bin
279 ${TOOL_RK_SIGN} sl --loader ${SIGN_OUTPUT}/*download*.bin
282 ${TOOL_RK_SIGN} sb --idb ${SIGN_OUTPUT}/*idblock*.img
288 ARG_ROLLBACK_IDX_UBOOT=${ROLLBACK_PARAMS["uboot"]:-0}
289 ARG_VER_UBOOT=${VERSION_PARAMS["uboot"]:-0}
292 …echo "==================== sign uboot.img: version=${ARG_VER_UBOOT}, rollback-index=${ARG_ROLLBACK…
293 if ! grep -q '^CONFIG_SPL_FIT_SIGNATURE=y' ${SIGN_CONFIG} ; then
298 FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
299 TOTALSIZE=`fdtdump -s ${FlashBoot} | grep totalsize | awk '{ print $4 }' | tr -d "()"`
300 …OFFSET=`fdtdump -s ${FlashBoot} | head -1 | awk -F ":" '{ print $2 }' | sed "s/ found fdt at offse…
301 if [ -z ${OFFSET} ]; then
304 OFFSET=`printf %d ${OFFSET} ` # hex -> dec
308 # rollback-index
309 if grep -q '^CONFIG_SPL_FIT_ROLLBACK_PROTECT=y' ${SIGN_CONFIG} ; then
311 if [ ${ARG_ROLLBACK_IDX_UBOOT} -eq 0 ]; then
312 echo "ERROR: No arg \"--rollback-index uboot.img <n>\""
318 VERSION=`grep 'rollback-index' ${ITS_UBOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
319 …sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_UBOOT}>;/g" ${ITS_UBOOT}
322 if ! fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
323 …${TOOL_MKIMAGE} -f ${ITS_UBOOT} -k ${ARG_KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOO…
327 if fdtget -l ${SPL_DTB} /signature >/dev/null 2>&1 ; then
328 fdtput -r ${SPL_DTB} /signature
332 …${TOOL_MKIMAGE} -f ${ITS_UBOOT} -k ${ARG_KEY_DIR} -K ${SPL_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOOT}…
334 # burn-key-hash
336 if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
337 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash 0x1
339 echo "ERROR: --burn-key-hash requires CONFIG_SPL_FIT_HW_CRYPTO=y"
344 # rollback-index read back check
346 VERSION=`fdtget -ti ${ITB_UBOOT} /configurations/conf rollback-index`
348 echo "ERROR: Failed to set rollback-index for ${ITB_UBOOT}";
352 if [ ! -z "${ARG_ROLLBACK_IDX_UBOOT}" ]; then
353 …echo "WARNING: ignore \"--rollback-index uboot.img ${ARG_ROLLBACK_IDX_UBOOT}\" due to CONFIG_SPL_F…
358 # burn-key-hash read back check
360 if [ "`fdtget -ti ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash`" != "1" ]; then
361 echo "ERROR: Failed to set burn-key-hash for ${SPL_DTB}";
367 ${TOOL_FIT_CHECK_SIGN} -f ${ITB_UBOOT} -k ${SPL_DTB} -s
369 # minimize u-boot-spl.dtb: clear as 0 but not remove property.
370 if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
371 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
372 if grep -q '^CONFIG_SPL_ROCKCHIP_CRYPTO_V1=y' ${SIGN_CONFIG} ; then
373 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
374 fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
376 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
377 fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
380 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
381 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
382 fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
383 fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
384 fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
391 echo "## ${SPL_DTB}: burn-key-hash=1"
394 ITB_MAX_NUM=`sed -n "/CONFIG_SPL_FIT_IMAGE_MULTIPLE/p" ${SIGN_CONFIG} | awk -F "=" '{ print $2 }'`
395 ITB_MAX_KB=`sed -n "/CONFIG_SPL_FIT_IMAGE_KB/p" ${SIGN_CONFIG} | awk -F "=" '{ print $2 }'`
397 ITB_BS=`ls -l ${ITB_UBOOT} | awk '{ print $5 }'`
399 if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
407 truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
418 ARG_VERSION=${VERSION_PARAMS["$1"]:-0}
419 ARG_ROLLBACK_IDX=${ROLLBACK_PARAMS["$1"]:-0}
422 …echo "==================== sign ${SRC_FILE}: version=${ARG_VERSION}, rollback-index=${ARG_ROLLBACK…
424 rm -rf ${UNPACK_DIR}
425 ${TOOL_FIT_UNPACK} -f ${ARG_SRC_DIR}/${SRC_FILE} -o ${UNPACK_DIR}
428 if ! grep -q '^CONFIG_FIT_SIGNATURE=y' ${SIGN_CONFIG} ; then
434 if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' ${SIGN_CONFIG} ; then
436 if ! grep -q '^CONFIG_OPTEE_CLIENT=y' ${SIGN_CONFIG} ; then
437 if [ ${ARG_ROLLBACK_IDX} -gt 0 ]; then
438 …echo "ERROR: Don't support \"--rollback-index ${SRC_FILE} <n>\" due to CONFIG_FIT_ROLLBACK_PROTECT…
442 if [ ${ARG_ROLLBACK_IDX} -eq 0 ]; then
443 echo "ERROR: No arg \"--rollback-index ${SRC_FILE} <n>\""
448 if [ ${ARG_ROLLBACK_IDX} -gt 0 ]; then
449 …echo "WARNING: ignore \"--rollback-index ${SRC_FILE} ${ARG_ROLLBACK_IDX}\" due to CONFIG_FIT_ROLLB…
455 if [ -z "${PREV_ARG_ROLLBACK_IDX}" ]; then
464 # fixup for non-thunderboot
468 sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g" ${ITS_FILE}
469 sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g" ${ITS_FILE}
470 sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RAMDISK_ADDR_R}/g" ${ITS_FILE}
473 VERSION=`grep 'rollback-index' ${ITS_FILE} | awk -F '=' '{ printf $2 }' | tr -d ' '`
474 sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX}>;/g" ${ITS_FILE}
478 …${TOOL_MKIMAGE} -f ${ITS_FILE} -k ${ARG_KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_FILE}…
480 # rollback-index read back check
482 VERSION=`fdtget -ti ${ITB_FILE} /configurations/conf rollback-index`
484 echo "ERROR: Failed to set rollback-index for ${ITB_FILE}";
490 ${TOOL_FIT_CHECK_SIGN} -f ${ITB_FILE} -k ${UBOOT_DTB}
492 # minimize u-boot.dtb: clearn as 0 but not remove property.
493 if grep -q '^CONFIG_FIT_HW_CRYPTO=y' ${SIGN_CONFIG} ; then
494 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
495 if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' ${SIGN_CONFIG} ; then
496 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
498 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
501 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
502 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
503 fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
505 fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@c
506 fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@np
516 rm -rf ${UNPACK_LOADER}/ && mkdir -p ${UNPACK_LOADER}/
517 ${TOOL_BOOT_MERGER} unpack -i ${LOADER_NAME} -o ${UNPACK_LOADER}/
520 FlashBoot=`find ${UNPACK_LOADER}/ -name '*FlashBoot*bin' | head -n 1`
521 SIZE=`grep 'spl_size=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
522 …dd if=${FlashBoot} of=${UNPACK_LOADER}/u-boot-spl-nodtb.bin bs=1 skip=0 count=${SIZE} >/dev/null 2…
523 CSUM1=`grep 'spl_sha256sum=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
524 CSUM2=`sha256sum ${UNPACK_LOADER}/u-boot-spl-nodtb.bin | awk '{ print $1 }'`
530 echo "Build info of ${SIGN_CONFIG}:"
531 echo " ${BUILD}"
537 rm -rf ${UNPACK_UBOOT}/
538 ${TOOL_FIT_UNPACK} -f ${ARG_SRC_DIR}/uboot.img -o ${UNPACK_UBOOT}
541 CSUM1=`grep 'uboot_sha256sum=' ${SIGN_CONFIG} | awk -F "=" '{print $2}'`
543 BUILD=`grep 'BUILD:' ${SIGN_CONFIG}`
549 echo "Build info of ${SIGN_CONFIG}:"
550 echo " ${BUILD}"
556 if fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
557 fdtput -r ${UBOOT_DTB} /signature
564 if [ ! -d ${SIGN_CFG_DIR} ]; then
568 if [ ! -f ${SIGN_CONFIG} ]; then
572 if [ ! -f ${ARG_SRC_DIR}/uboot.img ]; then
576 INI_PATH=`find ${SIGN_CFG_DIR} -name 'MINIALL.ini' | head -n 1`
577 if [ -z "${INI_PATH}" ]; then
581 LOADER_NAME=`find ${ARG_SRC_DIR} -name '*loader*bin' | head -n 1`
582 if [ -z "${LOADER_NAME}" ]; then
583 LOADER_NAME=`find ${ARG_SRC_DIR} -name '*download*.bin' | head -n 1`
585 if [ -z "${LOADER_NAME}" ]; then
590 rm -rf ${SIGN_DIR} && mkdir -p ${SIGN_OUTPUT}
596 echo "Rollback-Index:"
598 if file ${FILE} | grep -q 'Device Tree Blob' ; then
599 VERSION=`fdtget -ti ${FILE} /configurations/conf rollback-index`
601 echo " - ${NAME}=${VERSION}"
608 rm -rf ${SIGN_DIR}/ data2sign*
618 if echo ${FILE} | grep -q "uboot.img"; then
621 if file ${FILE} | grep -q 'Device Tree Blob' ; then