xref: /OK3568_Linux_fs/device/rockchip/common/scripts/mk-dm.sh (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun#!/bin/bash -e
2*4882a593Smuzhiyun
3*4882a593SmuzhiyunMODE=$1
4*4882a593SmuzhiyunINPUT="$(readlink -f "$2")"
5*4882a593SmuzhiyunOUTDIR="$RK_OUTDIR/security-dm"
6*4882a593Smuzhiyun
7*4882a593Smuzhiyuncd "$SDK_DIR"
8*4882a593Smuzhiyunmkdir -p "$OUTDIR"
9*4882a593Smuzhiyun
10*4882a593SmuzhiyunTEMPDIR="$OUTDIR/tempfile"
11*4882a593Smuzhiyunif [ "$MODE" = "DM-E" ]; then
12*4882a593Smuzhiyun	ROOTFS="$OUTDIR/enc.img"
13*4882a593Smuzhiyun	cipher=aes-cbc-plain
14*4882a593Smuzhiyun	key=$(cat u-boot/keys/system_enc_key)
15*4882a593Smuzhiyunelse
16*4882a593Smuzhiyun	ROOTFS="$OUTDIR/dmv.img"
17*4882a593Smuzhiyunfi
18*4882a593SmuzhiyunROOT_HASH="$TEMPDIR/root.hash"
19*4882a593SmuzhiyunROOT_HASH_OFFSET="$TEMPDIR/root.offset"
20*4882a593SmuzhiyunOVERLAY_DIR="$SDK_DIR/buildroot/board/rockchip/common/security-ramdisk-overlay"
21*4882a593SmuzhiyunINIT_FILE="$OVERLAY_DIR/init"
22*4882a593SmuzhiyunROOTFS_INFO=$(ls -l "$INPUT")
23*4882a593Smuzhiyun
24*4882a593SmuzhiyunPACK=TRUE
25*4882a593Smuzhiyunif [ -e "$OUTDIR/rootfs.info" ]; then
26*4882a593Smuzhiyun	if [ "$(cat "$OUTDIR/rootfs.info")" = "$(ls -l "$INPUT")" ]; then
27*4882a593Smuzhiyun		PACK=FALSE
28*4882a593Smuzhiyun	else
29*4882a593Smuzhiyun		echo "$(ls -l "$INPUT")" > "$OUTDIR/rootfs.info"
30*4882a593Smuzhiyun	fi
31*4882a593Smuzhiyunelse
32*4882a593Smuzhiyun	echo "$(ls -l "$INPUT")" > "$OUTDIR/rootfs.info"
33*4882a593Smuzhiyunfi
34*4882a593Smuzhiyun
35*4882a593Smuzhiyunpack_dmv()
36*4882a593Smuzhiyun{
37*4882a593Smuzhiyun	cp "$INPUT" "$ROOTFS"
38*4882a593Smuzhiyun	HASH_OFFSET=$[(ROOTFS_SIZE / 1024 / 1024 + 2) * 1024 * 1024]
39*4882a593Smuzhiyun	tempfile=$(mktemp)
40*4882a593Smuzhiyun	veritysetup --hash-offset=$HASH_OFFSET format "$ROOTFS" "$ROOTFS" > \
41*4882a593Smuzhiyun		$tempfile
42*4882a593Smuzhiyun	cat $tempfile | grep "Root hash" | awk '{printf $3}' > "$ROOT_HASH"
43*4882a593Smuzhiyun
44*4882a593Smuzhiyun	cp $tempfile "$TEMPDIR/tempfile"
45*4882a593Smuzhiyun	echo $HASH_OFFSET > "$ROOT_HASH_OFFSET"
46*4882a593Smuzhiyun}
47*4882a593Smuzhiyun
48*4882a593Smuzhiyunpack_dme()
49*4882a593Smuzhiyun{
50*4882a593Smuzhiyun	sectors=$(ls -l "$INPUT" | awk '{printf $5}')
51*4882a593Smuzhiyun	sectors=$[(sectors + (21 * 1024 * 1024) - 1) / 512] # remain 20M for partition info / unit: 512 bytes
52*4882a593Smuzhiyun
53*4882a593Smuzhiyun	loopdevice=$(losetup -f)
54*4882a593Smuzhiyun	mappername=encfs-$(shuf -i 1-10000000000000000000 -n 1)
55*4882a593Smuzhiyun	dd if=/dev/null of="$ROOTFS" seek=$sectors bs=512
56*4882a593Smuzhiyun	sudo -S losetup $loopdevice "$ROOTFS" < u-boot/keys/root_passwd
57*4882a593Smuzhiyun	sudo -S dmsetup create $mappername --table "0 $sectors crypt $cipher $key 0 $loopdevice 0 1 allow_discards" < u-boot/keys/root_passwd
58*4882a593Smuzhiyun	sudo -S dd if="$INPUT" of=/dev/mapper/$mappername conv=fsync < u-boot/keys/root_passwd
59*4882a593Smuzhiyun	sync && sudo -S dmsetup remove $mappername < u-boot/keys/root_passwd
60*4882a593Smuzhiyun	sudo -S losetup -d $loopdevice < u-boot/keys/root_passwd
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun	rm "$TEMPDIR/enc.info" || true
63*4882a593Smuzhiyun	echo "sectors=$sectors" > "$TEMPDIR/enc.info"
64*4882a593Smuzhiyun	echo "cipher=$cipher" >> "$TEMPDIR/enc.info"
65*4882a593Smuzhiyun	echo "key=$key" >> "$TEMPDIR/enc.info"
66*4882a593Smuzhiyun}
67*4882a593Smuzhiyun
68*4882a593Smuzhiyunif [ "$PACK" = "TRUE" ]; then
69*4882a593Smuzhiyun	mkdir -p "$TEMPDIR"
70*4882a593Smuzhiyun	ROOTFS_SIZE=$(ls "$INPUT" -l | awk '{printf $5}')
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun	if [ "$MODE" = "DM-V" ]; then
73*4882a593Smuzhiyun		pack_dmv
74*4882a593Smuzhiyun	elif [ "$MODE" = "DM-E" ]; then
75*4882a593Smuzhiyun		pack_dme
76*4882a593Smuzhiyun	fi
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun	ln -rsf "$ROOTFS" "$RK_SECURITY_FIRMWARE_DIR/rootfs.img"
79*4882a593Smuzhiyunfi
80*4882a593Smuzhiyun
81*4882a593Smuzhiyuncp "$OVERLAY_DIR/init.in" "$INIT_FILE"
82*4882a593Smuzhiyun
83*4882a593Smuzhiyunif [ "$MODE" = "DM-V" ]; then
84*4882a593Smuzhiyun	TMP_HASH=$(cat "$ROOT_HASH")
85*4882a593Smuzhiyun	TMP_OFFSET=$(cat "$ROOT_HASH_OFFSET")
86*4882a593Smuzhiyun	sed -i "s/OFFSET=/OFFSET=$TMP_OFFSET/" "$INIT_FILE"
87*4882a593Smuzhiyun	sed -i "s/HASH=/HASH=$TMP_HASH/" "$INIT_FILE"
88*4882a593Smuzhiyun	sed -i "s/ENC_EN=/ENC_EN=false/" "$INIT_FILE"
89*4882a593Smuzhiyunelif [ "$MODE" = "DM-E" ]; then
90*4882a593Smuzhiyun	source "$TEMPDIR/enc.info"
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun	sed -i "s/ENC_EN=/ENC_EN=true/" "$INIT_FILE"
93*4882a593Smuzhiyun	sed -i "s/CIPHER=/CIPHER=$cipher/" "$INIT_FILE"
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun	echo "Generate misc with key"
96*4882a593Smuzhiyun	"$SCRIPTS_DIR/mk-misc.sh" "$RK_IMAGE_DIR/$RK_MISC_IMG" \
97*4882a593Smuzhiyun		"$RK_SECURITY_FIRMWARE_DIR/misc.img" 64 \
98*4882a593Smuzhiyun		$(cat "$SDK_DIR/u-boot/keys/system_enc_key")
99*4882a593Smuzhiyunfi
100*4882a593Smuzhiyun
101*4882a593Smuzhiyunsed -i "s/# exec busybox switch_root/exec busybox switch_root/" "$INIT_FILE"
102*4882a593Smuzhiyun
103*4882a593Smuzhiyunrm -rf "$TEMPDIR"
104