xref: /OK3568_Linux_fs/device/rockchip/common/scripts/mk-dm.sh (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1#!/bin/bash -e
2
3MODE=$1
4INPUT="$(readlink -f "$2")"
5OUTDIR="$RK_OUTDIR/security-dm"
6
7cd "$SDK_DIR"
8mkdir -p "$OUTDIR"
9
10TEMPDIR="$OUTDIR/tempfile"
11if [ "$MODE" = "DM-E" ]; then
12	ROOTFS="$OUTDIR/enc.img"
13	cipher=aes-cbc-plain
14	key=$(cat u-boot/keys/system_enc_key)
15else
16	ROOTFS="$OUTDIR/dmv.img"
17fi
18ROOT_HASH="$TEMPDIR/root.hash"
19ROOT_HASH_OFFSET="$TEMPDIR/root.offset"
20OVERLAY_DIR="$SDK_DIR/buildroot/board/rockchip/common/security-ramdisk-overlay"
21INIT_FILE="$OVERLAY_DIR/init"
22ROOTFS_INFO=$(ls -l "$INPUT")
23
24PACK=TRUE
25if [ -e "$OUTDIR/rootfs.info" ]; then
26	if [ "$(cat "$OUTDIR/rootfs.info")" = "$(ls -l "$INPUT")" ]; then
27		PACK=FALSE
28	else
29		echo "$(ls -l "$INPUT")" > "$OUTDIR/rootfs.info"
30	fi
31else
32	echo "$(ls -l "$INPUT")" > "$OUTDIR/rootfs.info"
33fi
34
35pack_dmv()
36{
37	cp "$INPUT" "$ROOTFS"
38	HASH_OFFSET=$[(ROOTFS_SIZE / 1024 / 1024 + 2) * 1024 * 1024]
39	tempfile=$(mktemp)
40	veritysetup --hash-offset=$HASH_OFFSET format "$ROOTFS" "$ROOTFS" > \
41		$tempfile
42	cat $tempfile | grep "Root hash" | awk '{printf $3}' > "$ROOT_HASH"
43
44	cp $tempfile "$TEMPDIR/tempfile"
45	echo $HASH_OFFSET > "$ROOT_HASH_OFFSET"
46}
47
48pack_dme()
49{
50	sectors=$(ls -l "$INPUT" | awk '{printf $5}')
51	sectors=$[(sectors + (21 * 1024 * 1024) - 1) / 512] # remain 20M for partition info / unit: 512 bytes
52
53	loopdevice=$(losetup -f)
54	mappername=encfs-$(shuf -i 1-10000000000000000000 -n 1)
55	dd if=/dev/null of="$ROOTFS" seek=$sectors bs=512
56	sudo -S losetup $loopdevice "$ROOTFS" < u-boot/keys/root_passwd
57	sudo -S dmsetup create $mappername --table "0 $sectors crypt $cipher $key 0 $loopdevice 0 1 allow_discards" < u-boot/keys/root_passwd
58	sudo -S dd if="$INPUT" of=/dev/mapper/$mappername conv=fsync < u-boot/keys/root_passwd
59	sync && sudo -S dmsetup remove $mappername < u-boot/keys/root_passwd
60	sudo -S losetup -d $loopdevice < u-boot/keys/root_passwd
61
62	rm "$TEMPDIR/enc.info" || true
63	echo "sectors=$sectors" > "$TEMPDIR/enc.info"
64	echo "cipher=$cipher" >> "$TEMPDIR/enc.info"
65	echo "key=$key" >> "$TEMPDIR/enc.info"
66}
67
68if [ "$PACK" = "TRUE" ]; then
69	mkdir -p "$TEMPDIR"
70	ROOTFS_SIZE=$(ls "$INPUT" -l | awk '{printf $5}')
71
72	if [ "$MODE" = "DM-V" ]; then
73		pack_dmv
74	elif [ "$MODE" = "DM-E" ]; then
75		pack_dme
76	fi
77
78	ln -rsf "$ROOTFS" "$RK_SECURITY_FIRMWARE_DIR/rootfs.img"
79fi
80
81cp "$OVERLAY_DIR/init.in" "$INIT_FILE"
82
83if [ "$MODE" = "DM-V" ]; then
84	TMP_HASH=$(cat "$ROOT_HASH")
85	TMP_OFFSET=$(cat "$ROOT_HASH_OFFSET")
86	sed -i "s/OFFSET=/OFFSET=$TMP_OFFSET/" "$INIT_FILE"
87	sed -i "s/HASH=/HASH=$TMP_HASH/" "$INIT_FILE"
88	sed -i "s/ENC_EN=/ENC_EN=false/" "$INIT_FILE"
89elif [ "$MODE" = "DM-E" ]; then
90	source "$TEMPDIR/enc.info"
91
92	sed -i "s/ENC_EN=/ENC_EN=true/" "$INIT_FILE"
93	sed -i "s/CIPHER=/CIPHER=$cipher/" "$INIT_FILE"
94
95	echo "Generate misc with key"
96	"$SCRIPTS_DIR/mk-misc.sh" "$RK_IMAGE_DIR/$RK_MISC_IMG" \
97		"$RK_SECURITY_FIRMWARE_DIR/misc.img" 64 \
98		$(cat "$SDK_DIR/u-boot/keys/system_enc_key")
99fi
100
101sed -i "s/# exec busybox switch_root/exec busybox switch_root/" "$INIT_FILE"
102
103rm -rf "$TEMPDIR"
104