xref: /rk3399_rockchip-uboot/scripts/fit-core.sh (revision d1627df0fa4b7571b1dca79334a4a3572f08d20e) 
11e9dc3b8SJoseph Chen#!/bin/bash
21e9dc3b8SJoseph Chen#
31e9dc3b8SJoseph Chen# Copyright (c) 2022 Rockchip Electronics Co., Ltd
41e9dc3b8SJoseph Chen#
51e9dc3b8SJoseph Chen# SPDX-License-Identifier: GPL-2.0
61e9dc3b8SJoseph Chen#
71e9dc3b8SJoseph Chenset -e
81e9dc3b8SJoseph Chen
91e9dc3b8SJoseph ChenFIT_DIR="fit"
101e9dc3b8SJoseph ChenIMG_UBOOT="uboot.img"
111e9dc3b8SJoseph ChenIMG_BOOT="boot.img"
121e9dc3b8SJoseph ChenIMG_RECOVERY="recovery.img"
131e9dc3b8SJoseph ChenITB_UBOOT="${FIT_DIR}/uboot.itb"
141e9dc3b8SJoseph ChenITB_BOOT="${FIT_DIR}/boot.itb"
151e9dc3b8SJoseph ChenITB_RECOVERY="${FIT_DIR}/recovery.itb"
161e9dc3b8SJoseph ChenSIG_BIN="data2sign.bin"
171e9dc3b8SJoseph ChenSIG_UBOOT="${FIT_DIR}/uboot.data2sign"
181e9dc3b8SJoseph ChenSIG_BOOT="${FIT_DIR}/boot.data2sign"
191e9dc3b8SJoseph ChenSIG_RECOVERY="${FIT_DIR}/recovery.data2sign"
201e9dc3b8SJoseph Chen# offs
211e9dc3b8SJoseph ChenOFFS_DATA="0x1000"
221e9dc3b8SJoseph Chen# placeholder address
231e9dc3b8SJoseph ChenFDT_ADDR_PLACEHOLDER="0xffffff00"
241e9dc3b8SJoseph ChenKERNEL_ADDR_PLACEHOLDER="0xffffff01"
251e9dc3b8SJoseph ChenRAMDISK_ADDR_PLACEHOLDER="0xffffff02"
261e9dc3b8SJoseph Chen# tools
271e9dc3b8SJoseph ChenMKIMAGE="./tools/mkimage"
281e9dc3b8SJoseph ChenRK_SIGN_TOOL="../rkbin/tools/rk_sign_tool"
291e9dc3b8SJoseph ChenFIT_UNPACK="./scripts/fit-unpack.sh"
301e9dc3b8SJoseph ChenCHECK_SIGN="./tools/fit_check_sign"
311e9dc3b8SJoseph Chen# key
321e9dc3b8SJoseph ChenKEY_DIR="keys/"
331e9dc3b8SJoseph ChenRSA_PRI_KEY="keys/dev.key"
341e9dc3b8SJoseph ChenRSA_PUB_KEY="keys/dev.pubkey"
351e9dc3b8SJoseph ChenRSA_CRT_KEY="keys/dev.crt"
361e9dc3b8SJoseph ChenSIGNATURE_KEY_NODE="/signature/key-dev"
371e9dc3b8SJoseph ChenSPL_DTB="spl/u-boot-spl.dtb"
381e9dc3b8SJoseph ChenUBOOT_DTB="u-boot.dtb"
391e9dc3b8SJoseph Chen# its
401e9dc3b8SJoseph ChenITS_UBOOT="u-boot.its"
411e9dc3b8SJoseph ChenITS_BOOT="boot.its"
421e9dc3b8SJoseph ChenITS_RECOVERY="recovery.its"
431e9dc3b8SJoseph ChenARG_VER_UBOOT="0"
441e9dc3b8SJoseph ChenARG_VER_BOOT="0"
451e9dc3b8SJoseph ChenARG_VER_RECOVERY="0"
461e9dc3b8SJoseph Chen
471e9dc3b8SJoseph Chenfunction help()
481e9dc3b8SJoseph Chen{
491e9dc3b8SJoseph Chen	echo
501e9dc3b8SJoseph Chen	echo "usage:"
511e9dc3b8SJoseph Chen	echo "    $0 [args]"
521e9dc3b8SJoseph Chen	echo
531e9dc3b8SJoseph Chen	echo "args:"
541e9dc3b8SJoseph Chen	echo "    --rollback-index-recovery  <decimal integer>"
551e9dc3b8SJoseph Chen	echo "    --rollback-index-boot      <decimal integer>"
561e9dc3b8SJoseph Chen	echo "    --rollback-index-uboot     <decimal integer>"
571e9dc3b8SJoseph Chen	echo "    --version-recovery         <decimal integer>"
581e9dc3b8SJoseph Chen	echo "    --version-boot             <decimal integer>"
591e9dc3b8SJoseph Chen	echo "    --version-uboot            <decimal integer>"
601e9dc3b8SJoseph Chen	echo "    --boot_img                 <boot image>"
611e9dc3b8SJoseph Chen	echo "    --recovery_img             <recovery image>"
621e9dc3b8SJoseph Chen	echo "    --args                     <arg>"
631e9dc3b8SJoseph Chen	echo "    --ini-loader               <loader ini file>"
641e9dc3b8SJoseph Chen	echo "    --ini-trust                <trust ini file>"
651e9dc3b8SJoseph Chen	echo "    --no-check"
661e9dc3b8SJoseph Chen	echo "    --spl-new"
671e9dc3b8SJoseph Chen	echo
681e9dc3b8SJoseph Chen}
691e9dc3b8SJoseph Chen
701e9dc3b8SJoseph Chenfunction arg_check_decimal()
711e9dc3b8SJoseph Chen{
721e9dc3b8SJoseph Chen	if [ -z $1 ]; then
731e9dc3b8SJoseph Chen		help
741e9dc3b8SJoseph Chen		exit 1
751e9dc3b8SJoseph Chen	fi
761e9dc3b8SJoseph Chen
771e9dc3b8SJoseph Chen	decimal=`echo $1 |sed 's/[0-9]//g'`
781e9dc3b8SJoseph Chen	if [ ! -z ${decimal} ]; then
791e9dc3b8SJoseph Chen		echo "ERROR: $1 is not decimal integer"
801e9dc3b8SJoseph Chen		help
811e9dc3b8SJoseph Chen		exit 1
821e9dc3b8SJoseph Chen	fi
831e9dc3b8SJoseph Chen}
841e9dc3b8SJoseph Chen
851e9dc3b8SJoseph Chenfunction check_its()
861e9dc3b8SJoseph Chen{
871e9dc3b8SJoseph Chen	cat $1 | while read line
881e9dc3b8SJoseph Chen	do
891e9dc3b8SJoseph Chen		file=`echo ${line} | sed -n "/incbin/p" | awk -F '"' '{ printf $2 }' | tr -d ' '`
901e9dc3b8SJoseph Chen		if [ ! -f ${file} ]; then
911e9dc3b8SJoseph Chen			echo "ERROR: No ${file}"
921e9dc3b8SJoseph Chen			exit 1
931e9dc3b8SJoseph Chen		fi
941e9dc3b8SJoseph Chen	done
951e9dc3b8SJoseph Chen}
961e9dc3b8SJoseph Chen
971e9dc3b8SJoseph Chenfunction check_rsa_keys()
981e9dc3b8SJoseph Chen{
991e9dc3b8SJoseph Chen	if [ ! -f ${RSA_PRI_KEY} ]; then
1001e9dc3b8SJoseph Chen		echo "ERROR: No ${RSA_PRI_KEY} "
1011e9dc3b8SJoseph Chen		exit 1
1021e9dc3b8SJoseph Chen	elif [ ! -f ${RSA_PUB_KEY} ]; then
1031e9dc3b8SJoseph Chen		echo "ERROR: No ${RSA_PUB_KEY} "
1041e9dc3b8SJoseph Chen		exit 1
1051e9dc3b8SJoseph Chen	elif [ ! -f ${RSA_CRT_KEY} ]; then
1061e9dc3b8SJoseph Chen		echo "ERROR: No ${RSA_CRT_KEY} "
1071e9dc3b8SJoseph Chen		exit 1
1081e9dc3b8SJoseph Chen	fi
1091e9dc3b8SJoseph Chen}
1101e9dc3b8SJoseph Chen
1111e9dc3b8SJoseph Chenfunction validate_arg()
1121e9dc3b8SJoseph Chen{
1131e9dc3b8SJoseph Chen	case $1 in
1141e9dc3b8SJoseph Chen		--no-check|--spl-new|--burn-key-hash)
1151e9dc3b8SJoseph Chen			shift=1
1161e9dc3b8SJoseph Chen			;;
1171e9dc3b8SJoseph Chen		--ini-trust|--ini-loader|--rollback-index-boot|--rollback-index-recovery|--rollback-index-uboot|--boot_img|--recovery_img|--version-uboot|--version-boot|--version-recovery|--chip)
1181e9dc3b8SJoseph Chen			shift=2
1191e9dc3b8SJoseph Chen			;;
1201e9dc3b8SJoseph Chen		*)
1211e9dc3b8SJoseph Chen			shift=0
1221e9dc3b8SJoseph Chen			;;
1231e9dc3b8SJoseph Chen	esac
1241e9dc3b8SJoseph Chen	echo ${shift}
1251e9dc3b8SJoseph Chen}
1261e9dc3b8SJoseph Chen
1271e9dc3b8SJoseph Chenfunction fit_process_args()
1281e9dc3b8SJoseph Chen{
1291e9dc3b8SJoseph Chen	if [ $# -eq 0 ]; then
1301e9dc3b8SJoseph Chen		help
1311e9dc3b8SJoseph Chen		exit 0
1321e9dc3b8SJoseph Chen	fi
1331e9dc3b8SJoseph Chen
1341e9dc3b8SJoseph Chen	while [ $# -gt 0 ]; do
1351e9dc3b8SJoseph Chen		case $1 in
1361e9dc3b8SJoseph Chen			--args)
1371e9dc3b8SJoseph Chen				ARG_VALIDATE=$2
1381e9dc3b8SJoseph Chen				shift 2
1391e9dc3b8SJoseph Chen				;;
1401e9dc3b8SJoseph Chen			--boot_img)     # boot.img
1411e9dc3b8SJoseph Chen				ARG_BOOT_IMG=$2
1421e9dc3b8SJoseph Chen				shift 2
1431e9dc3b8SJoseph Chen				;;
1441e9dc3b8SJoseph Chen			--chip)
1451e9dc3b8SJoseph Chen				ARG_CHIP=$2
1461e9dc3b8SJoseph Chen				shift 2
1471e9dc3b8SJoseph Chen				;;
1481e9dc3b8SJoseph Chen			--recovery_img) # recovery.img
1491e9dc3b8SJoseph Chen				ARG_RECOVERY_IMG=$2
1501e9dc3b8SJoseph Chen				shift 2
1511e9dc3b8SJoseph Chen				;;
1521e9dc3b8SJoseph Chen			--boot_img_dir) # boot.img components directory
1531e9dc3b8SJoseph Chen				ARG_BOOT_IMG_DIR=$2
1541e9dc3b8SJoseph Chen				shift 2
1551e9dc3b8SJoseph Chen				;;
1561e9dc3b8SJoseph Chen			--no-check)     # No hostcc fit signature check
1571e9dc3b8SJoseph Chen				ARG_NO_CHECK="y"
1581e9dc3b8SJoseph Chen				shift 1
1591e9dc3b8SJoseph Chen				;;
1601e9dc3b8SJoseph Chen			--ini-trust)    # Assign trust ini file
1611e9dc3b8SJoseph Chen				ARG_INI_TRUST=$2
1621e9dc3b8SJoseph Chen				shift 2
1631e9dc3b8SJoseph Chen				;;
1641e9dc3b8SJoseph Chen			--ini-loader)   # Assign loader ini file
1651e9dc3b8SJoseph Chen				ARG_INI_LOADER=$2
1661e9dc3b8SJoseph Chen				shift 2
1671e9dc3b8SJoseph Chen				;;
1681e9dc3b8SJoseph Chen			--spl-new)      # Use current build u-boot-spl.bin to pack loader
1691e9dc3b8SJoseph Chen				ARG_SPL_NEW="y"
1701e9dc3b8SJoseph Chen				shift 1
1711e9dc3b8SJoseph Chen				;;
1721e9dc3b8SJoseph Chen			--rollback-index-boot)
1731e9dc3b8SJoseph Chen				ARG_ROLLBACK_IDX_BOOT=$2
1741e9dc3b8SJoseph Chen				arg_check_decimal $2
1751e9dc3b8SJoseph Chen				shift 2
1761e9dc3b8SJoseph Chen				;;
1771e9dc3b8SJoseph Chen			--rollback-index-recovery)
1781e9dc3b8SJoseph Chen				ARG_ROLLBACK_IDX_RECOVERY=$2
1791e9dc3b8SJoseph Chen				arg_check_decimal $2
1801e9dc3b8SJoseph Chen				shift 2
1811e9dc3b8SJoseph Chen				;;
1821e9dc3b8SJoseph Chen			--rollback-index-uboot)
1831e9dc3b8SJoseph Chen				ARG_ROLLBACK_IDX_UBOOT=$2
1841e9dc3b8SJoseph Chen				arg_check_decimal $2
1851e9dc3b8SJoseph Chen				shift 2
1861e9dc3b8SJoseph Chen				;;
1871e9dc3b8SJoseph Chen			--version-uboot)
1881e9dc3b8SJoseph Chen				ARG_VER_UBOOT=$2
1891e9dc3b8SJoseph Chen				arg_check_decimal $2
1901e9dc3b8SJoseph Chen				shift 2
1911e9dc3b8SJoseph Chen				;;
1921e9dc3b8SJoseph Chen			--version-boot)
1931e9dc3b8SJoseph Chen				ARG_VER_BOOT=$2
1941e9dc3b8SJoseph Chen				arg_check_decimal $2
1951e9dc3b8SJoseph Chen				shift 2
1961e9dc3b8SJoseph Chen				;;
1971e9dc3b8SJoseph Chen			--version-recovery)
1981e9dc3b8SJoseph Chen				ARG_VER_RECOVERY=$2
1991e9dc3b8SJoseph Chen				arg_check_decimal $2
2001e9dc3b8SJoseph Chen				shift 2
2011e9dc3b8SJoseph Chen				;;
2021e9dc3b8SJoseph Chen			--burn-key-hash)
2031e9dc3b8SJoseph Chen				ARG_BURN_KEY_HASH="y"
2041e9dc3b8SJoseph Chen				shift 1
2051e9dc3b8SJoseph Chen				;;
2061e9dc3b8SJoseph Chen			*)
2071e9dc3b8SJoseph Chen				help
2081e9dc3b8SJoseph Chen				exit 1
2091e9dc3b8SJoseph Chen				;;
2101e9dc3b8SJoseph Chen		esac
2111e9dc3b8SJoseph Chen	done
2121e9dc3b8SJoseph Chen
2131e9dc3b8SJoseph Chen	if grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
2141e9dc3b8SJoseph Chen		ARG_SIGN="y"
2151e9dc3b8SJoseph Chen	fi
2161e9dc3b8SJoseph Chen}
2171e9dc3b8SJoseph Chen
2181e9dc3b8SJoseph Chenfunction fit_raw_compile()
2191e9dc3b8SJoseph Chen{
2201e9dc3b8SJoseph Chen	# Verified-boot: should rebuild code but don't need to repack images.
2211e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" == "y" ]; then
2221e9dc3b8SJoseph Chen		./make.sh --raw-compile
2231e9dc3b8SJoseph Chen	fi
2241e9dc3b8SJoseph Chen	rm ${FIT_DIR} -rf && mkdir -p ${FIT_DIR}
2251e9dc3b8SJoseph Chen}
2261e9dc3b8SJoseph Chen
2271e9dc3b8SJoseph Chenfunction fit_gen_uboot_itb()
2281e9dc3b8SJoseph Chen{
2291e9dc3b8SJoseph Chen	# generate u-boot.its file
2301e9dc3b8SJoseph Chen	./make.sh itb ${ARG_INI_TRUST}
2311e9dc3b8SJoseph Chen
2321e9dc3b8SJoseph Chen	# check existance of file in its
2331e9dc3b8SJoseph Chen	check_its ${ITS_UBOOT}
2341e9dc3b8SJoseph Chen
2351e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
2361e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_UBOOT} -E -p ${OFFS_DATA} ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
2371e9dc3b8SJoseph Chen		if [ "${ARG_SPL_NEW}" == "y" ]; then
2381e9dc3b8SJoseph Chen			./make.sh --spl ${ARG_INI_LOADER}
2391e9dc3b8SJoseph Chen			echo "pack loader with new: spl/u-boot-spl.bin"
2401e9dc3b8SJoseph Chen		else
2411e9dc3b8SJoseph Chen			./make.sh loader ${ARG_INI_LOADER}
2421e9dc3b8SJoseph Chen		fi
2431e9dc3b8SJoseph Chen	else
2441e9dc3b8SJoseph Chen		check_rsa_keys
2451e9dc3b8SJoseph Chen
2461e9dc3b8SJoseph Chen		if ! grep -q '^CONFIG_SPL_FIT_SIGNATURE=y' .config ; then
2471e9dc3b8SJoseph Chen			echo "ERROR: CONFIG_SPL_FIT_SIGNATURE is disabled"
2481e9dc3b8SJoseph Chen			exit 1
2491e9dc3b8SJoseph Chen		fi
2501e9dc3b8SJoseph Chen
2511e9dc3b8SJoseph Chen		# rollback-index
2521e9dc3b8SJoseph Chen		if grep -q '^CONFIG_SPL_FIT_ROLLBACK_PROTECT=y' .config ; then
2531e9dc3b8SJoseph Chen			ARG_SPL_ROLLBACK_PROTECT="y"
2541e9dc3b8SJoseph Chen			if [ -z ${ARG_ROLLBACK_IDX_UBOOT} ]; then
2551e9dc3b8SJoseph Chen				echo "ERROR: No arg \"--rollback-index-uboot <n>\""
2561e9dc3b8SJoseph Chen				exit 1
2571e9dc3b8SJoseph Chen			fi
2581e9dc3b8SJoseph Chen		fi
2591e9dc3b8SJoseph Chen
2601e9dc3b8SJoseph Chen		if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
2611e9dc3b8SJoseph Chen			VERSION=`grep 'rollback-index' ${ITS_UBOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
2621e9dc3b8SJoseph Chen			sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_UBOOT}>;/g" ${ITS_UBOOT}
2631e9dc3b8SJoseph Chen		fi
2641e9dc3b8SJoseph Chen
2651e9dc3b8SJoseph Chen		# Generally, boot.img is signed before uboot.img, so the ras key can be found
2661e9dc3b8SJoseph Chen		# in u-boot.dtb. If not found, let's insert rsa key anyway.
2671e9dc3b8SJoseph Chen		if ! fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
2681e9dc3b8SJoseph Chen			${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
2691e9dc3b8SJoseph Chen			echo "## Adding RSA public key into ${UBOOT_DTB}"
2701e9dc3b8SJoseph Chen		fi
2711e9dc3b8SJoseph Chen
2721e9dc3b8SJoseph Chen		# Pack
2731e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${SPL_DTB} -E -p ${OFFS_DATA} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
2741e9dc3b8SJoseph Chen		mv ${SIG_BIN} ${SIG_UBOOT}
2751e9dc3b8SJoseph Chen
2761e9dc3b8SJoseph Chen		# burn-key-hash
2771e9dc3b8SJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
2781e9dc3b8SJoseph Chen			if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' .config ; then
2791e9dc3b8SJoseph Chen				fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash 0x1
2801e9dc3b8SJoseph Chen			else
2811e9dc3b8SJoseph Chen				echo "ERROR: --burn-key-hash requires CONFIG_SPL_FIT_HW_CRYPTO=y"
2821e9dc3b8SJoseph Chen				exit 1
2831e9dc3b8SJoseph Chen			fi
2841e9dc3b8SJoseph Chen		fi
2851e9dc3b8SJoseph Chen
2861e9dc3b8SJoseph Chen		# rollback-index read back check
2871e9dc3b8SJoseph Chen		if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
2881e9dc3b8SJoseph Chen			VERSION=`fdtget -ti ${ITB_UBOOT} /configurations/conf rollback-index`
2891e9dc3b8SJoseph Chen			if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_UBOOT}" ]; then
2901e9dc3b8SJoseph Chen				echo "ERROR: Failed to set rollback-index for ${ITB_UBOOT}";
2911e9dc3b8SJoseph Chen				exit 1
2921e9dc3b8SJoseph Chen			fi
2931e9dc3b8SJoseph Chen		fi
2941e9dc3b8SJoseph Chen
2951e9dc3b8SJoseph Chen		# burn-key-hash read back check
2961e9dc3b8SJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
2971e9dc3b8SJoseph Chen			if [ "`fdtget -ti ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash`" != "1" ]; then
2981e9dc3b8SJoseph Chen				echo "ERROR: Failed to set burn-key-hash for ${SPL_DTB}";
2991e9dc3b8SJoseph Chen				exit 1
3001e9dc3b8SJoseph Chen			fi
3011e9dc3b8SJoseph Chen		fi
3021e9dc3b8SJoseph Chen
3031e9dc3b8SJoseph Chen		# host check signature
3041e9dc3b8SJoseph Chen		if [ "${ARG_NO_CHECK}" != "y" ]; then
3051e9dc3b8SJoseph Chen			if [ "${ARG_SPL_NEW}" == "y" ]; then
3061e9dc3b8SJoseph Chen				 ${CHECK_SIGN} -f ${ITB_UBOOT} -k ${SPL_DTB} -s
3071e9dc3b8SJoseph Chen			else
3081e9dc3b8SJoseph Chen				spl_file="../rkbin/"`sed -n "/FlashBoot=/s/FlashBoot=//p" ${ARG_INI_LOADER}  |tr -d '\r'`
3091e9dc3b8SJoseph Chen				offs=`fdtdump -s ${spl_file} | head -1 | awk -F ":" '{ print $2 }' | sed "s/ found fdt at offset //g" | tr -d " "`
3101e9dc3b8SJoseph Chen				if [ -z ${offs}  ]; then
3111e9dc3b8SJoseph Chen					echo "ERROR: invalid ${spl_file} , unable to find fdt blob"
3121e9dc3b8SJoseph Chen				fi
3131e9dc3b8SJoseph Chen				offs=`printf %d ${offs} ` # hex -> dec
3141e9dc3b8SJoseph Chen				dd if=${spl_file} of=spl/u-boot-spl-old.dtb bs=${offs} skip=1 >/dev/null 2>&1
3151e9dc3b8SJoseph Chen				${CHECK_SIGN} -f ${ITB_UBOOT} -k spl/u-boot-spl-old.dtb -s
3161e9dc3b8SJoseph Chen			fi
3171e9dc3b8SJoseph Chen		fi
3181e9dc3b8SJoseph Chen
3191e9dc3b8SJoseph Chen		# minimize u-boot-spl.dtb: clear as 0 but not remove property.
3201e9dc3b8SJoseph Chen		if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' .config ; then
3211e9dc3b8SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
3221e9dc3b8SJoseph Chen			if grep -q '^CONFIG_SPL_ROCKCHIP_CRYPTO_V1=y' .config ; then
3231e9dc3b8SJoseph Chen				fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
3241e9dc3b8SJoseph Chen				fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
3251e9dc3b8SJoseph Chen			else
3261e9dc3b8SJoseph Chen				fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
3271e9dc3b8SJoseph Chen				fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
3281e9dc3b8SJoseph Chen			fi
3291e9dc3b8SJoseph Chen		else
3301e9dc3b8SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
3311e9dc3b8SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
3321e9dc3b8SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
3331e9dc3b8SJoseph Chen			fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
3341e9dc3b8SJoseph Chen			fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
3351e9dc3b8SJoseph Chen		fi
3361e9dc3b8SJoseph Chen
3371e9dc3b8SJoseph Chen		# repack spl
3381e9dc3b8SJoseph Chen		if [ "${ARG_SPL_NEW}" == "y" ]; then
3391e9dc3b8SJoseph Chen			cat spl/u-boot-spl-nodtb.bin > spl/u-boot-spl.bin
3401e9dc3b8SJoseph Chen			if ! grep -q '^CONFIG_SPL_SEPARATE_BSS=y' .config ; then
3411e9dc3b8SJoseph Chen				cat spl/u-boot-spl-pad.bin >> spl/u-boot-spl.bin
3421e9dc3b8SJoseph Chen			fi
3431e9dc3b8SJoseph Chen			cat ${SPL_DTB} >> spl/u-boot-spl.bin
3441e9dc3b8SJoseph Chen
3451e9dc3b8SJoseph Chen			./make.sh --spl ${ARG_INI_LOADER}
3461e9dc3b8SJoseph Chen			echo "## pack loader with new: spl/u-boot-spl.bin"
3471e9dc3b8SJoseph Chen		else
3481e9dc3b8SJoseph Chen			./make.sh loader ${ARG_INI_LOADER}
3491e9dc3b8SJoseph Chen		fi
3501e9dc3b8SJoseph Chen
3511e9dc3b8SJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
3521e9dc3b8SJoseph Chen			echo "## ${SPL_DTB}: burn-key-hash=1"
3531e9dc3b8SJoseph Chen		fi
3541e9dc3b8SJoseph Chen	fi
3551e9dc3b8SJoseph Chen
3561e9dc3b8SJoseph Chen	rm -f u-boot.itb u-boot.img u-boot-dtb.img
3571e9dc3b8SJoseph Chen	mv ${ITS_UBOOT} ${FIT_DIR}
3581e9dc3b8SJoseph Chen}
3591e9dc3b8SJoseph Chen
3601e9dc3b8SJoseph Chenfunction fit_gen_boot_itb()
3611e9dc3b8SJoseph Chen{
3621e9dc3b8SJoseph Chen	if [ ! -z ${ARG_BOOT_IMG} ]; then
3631e9dc3b8SJoseph Chen		${FIT_UNPACK} -f ${ARG_BOOT_IMG} -o ${FIT_DIR}/unpack
3641e9dc3b8SJoseph Chen		ITS_BOOT="${FIT_DIR}/unpack/image.its"
3651e9dc3b8SJoseph Chen	else
3661e9dc3b8SJoseph Chen		compression=`awk -F"," '/COMPRESSION=/  { printf $1 }' ${ARG_INI_TRUST} | tr -d ' ' | cut -c 13-`
3671e9dc3b8SJoseph Chen		if [ -z "${compression}" ]; then
3681e9dc3b8SJoseph Chen			compression="none"
3691e9dc3b8SJoseph Chen		fi
3701e9dc3b8SJoseph Chen		./arch/arm/mach-rockchip/make_fit_boot.sh -c ${compression} > ${ITS_BOOT}
3711e9dc3b8SJoseph Chen		check_its ${ITS_BOOT}
3721e9dc3b8SJoseph Chen	fi
3731e9dc3b8SJoseph Chen
3741e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
3751e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_BOOT} -E -p ${OFFS_DATA} ${ITB_BOOT} -v ${ARG_VER_BOOT}
3761e9dc3b8SJoseph Chen	else
3771e9dc3b8SJoseph Chen		check_rsa_keys
3781e9dc3b8SJoseph Chen
3791e9dc3b8SJoseph Chen		if ! grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
3801e9dc3b8SJoseph Chen			echo "ERROR: CONFIG_FIT_SIGNATURE is disabled"
3811e9dc3b8SJoseph Chen			exit 1
3821e9dc3b8SJoseph Chen		fi
3831e9dc3b8SJoseph Chen
3841e9dc3b8SJoseph Chen		if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' .config ; then
3851e9dc3b8SJoseph Chen			ARG_ROLLBACK_PROTECT="y"
3861e9dc3b8SJoseph Chen			if [ -z ${ARG_ROLLBACK_IDX_BOOT} ]; then
3871e9dc3b8SJoseph Chen				echo "ERROR: No arg \"--rollback-index-boot <n>\""
3881e9dc3b8SJoseph Chen				exit 1
3891e9dc3b8SJoseph Chen			fi
3901ebfa2d7SJoseph Chen			if ! grep -q '^CONFIG_OPTEE_CLIENT=y' .config ; then
3911ebfa2d7SJoseph Chen				echo "ERROR: Don't support \"--rollback-index-boot <n>\""
3921ebfa2d7SJoseph Chen				exit 1
3931ebfa2d7SJoseph Chen			fi
3941e9dc3b8SJoseph Chen		fi
3951e9dc3b8SJoseph Chen
3961e9dc3b8SJoseph Chen		# fixup
397*d1627df0SJoseph Chen		FDT_ADDR_R=`strings env/built-in.o | grep 'fdt_addr_r=' | awk -F "=" '{ print $2 }'`
398*d1627df0SJoseph Chen		KERNEL_ADDR_R=`strings env/built-in.o | grep 'kernel_addr_r=' | awk -F "=" '{ print $2 }'`
399*d1627df0SJoseph Chen		RMADISK_ADDR_R=`strings env/built-in.o | grep 'ramdisk_addr_r=' | awk -F "=" '{ print $2 }'`
400a08b0b01SJoseph Chen		sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g"         ${ITS_BOOT}
4011e9dc3b8SJoseph Chen		sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g"   ${ITS_BOOT}
4021e9dc3b8SJoseph Chen		sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RMADISK_ADDR_R}/g" ${ITS_BOOT}
4031e9dc3b8SJoseph Chen		if grep -q '^CONFIG_ARM64=y' .config ; then
4041e9dc3b8SJoseph Chen			sed -i 's/arch = "arm";/arch = "arm64";/g' ${ITS_BOOT}
4051e9dc3b8SJoseph Chen		fi
4061e9dc3b8SJoseph Chen
4071e9dc3b8SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
4081e9dc3b8SJoseph Chen			VERSION=`grep 'rollback-index' ${ITS_BOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
4091e9dc3b8SJoseph Chen			sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_BOOT}>;/g" ${ITS_BOOT}
4101e9dc3b8SJoseph Chen		fi
4111e9dc3b8SJoseph Chen
4121e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_BOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_BOOT} -v ${ARG_VER_BOOT}
4131e9dc3b8SJoseph Chen		mv ${SIG_BIN} ${SIG_BOOT}
4141e9dc3b8SJoseph Chen
4151e9dc3b8SJoseph Chen		# rollback-index read back check
4161e9dc3b8SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
4171e9dc3b8SJoseph Chen			VERSION=`fdtget -ti ${ITB_BOOT} /configurations/conf rollback-index`
4181e9dc3b8SJoseph Chen			if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_BOOT}" ]; then
4191e9dc3b8SJoseph Chen				echo "ERROR: Failed to set rollback-index for ${ITB_BOOT}";
4201e9dc3b8SJoseph Chen				exit 1
4211e9dc3b8SJoseph Chen			fi
4221e9dc3b8SJoseph Chen		fi
4231e9dc3b8SJoseph Chen
4241e9dc3b8SJoseph Chen		# host check signature
4251e9dc3b8SJoseph Chen		if [ "${ARG_NO_CHECK}" != "y" ]; then
4261e9dc3b8SJoseph Chen			 ${CHECK_SIGN} -f ${ITB_BOOT} -k ${UBOOT_DTB}
4271e9dc3b8SJoseph Chen		fi
4281e9dc3b8SJoseph Chen
4291e9dc3b8SJoseph Chen		# minimize u-boot.dtb: clearn as 0 but not remove property.
4301e9dc3b8SJoseph Chen		if grep -q '^CONFIG_FIT_HW_CRYPTO=y' .config ; then
4311e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
4321e9dc3b8SJoseph Chen			if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' .config ; then
4331e9dc3b8SJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
4341e9dc3b8SJoseph Chen			else
4351e9dc3b8SJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
4361e9dc3b8SJoseph Chen			fi
4371e9dc3b8SJoseph Chen		else
4381e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
4391e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
4401e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
4411e9dc3b8SJoseph Chen		fi
4421e9dc3b8SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@c
4431e9dc3b8SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@np
4441e9dc3b8SJoseph Chen	fi
4451e9dc3b8SJoseph Chen
4461e9dc3b8SJoseph Chen	mv ${ITS_BOOT} ${FIT_DIR}
4471e9dc3b8SJoseph Chen}
4481e9dc3b8SJoseph Chen
4491e9dc3b8SJoseph Chenfunction fit_gen_recovery_itb()
4501e9dc3b8SJoseph Chen{
4511e9dc3b8SJoseph Chen	if [ ! -z ${ARG_RECOVERY_IMG} ]; then
4521e9dc3b8SJoseph Chen		${FIT_UNPACK} -f ${ARG_RECOVERY_IMG} -o ${FIT_DIR}/unpack
4531e9dc3b8SJoseph Chen		ITS_RECOVERY="${FIT_DIR}/unpack/image.its"
4541e9dc3b8SJoseph Chen	else
4551e9dc3b8SJoseph Chen		echo "ERROR: No recovery.img"
4561e9dc3b8SJoseph Chen		exit 1
4571e9dc3b8SJoseph Chen	fi
4581e9dc3b8SJoseph Chen
4591e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
4601e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_RECOVERY} -E -p ${OFFS_DATA} ${ITB_RECOVERY} -v ${ARG_VER_RECOVERY}
4611e9dc3b8SJoseph Chen	else
4621e9dc3b8SJoseph Chen		check_rsa_keys
4631e9dc3b8SJoseph Chen
4641e9dc3b8SJoseph Chen		if ! grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
4651e9dc3b8SJoseph Chen			echo "ERROR: CONFIG_FIT_SIGNATURE is disabled"
4661e9dc3b8SJoseph Chen			exit 1
4671e9dc3b8SJoseph Chen		fi
4681e9dc3b8SJoseph Chen
4691e9dc3b8SJoseph Chen		if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' .config ; then
4701e9dc3b8SJoseph Chen			ARG_ROLLBACK_PROTECT="y"
4711e9dc3b8SJoseph Chen			if [ -z ${ARG_ROLLBACK_IDX_RECOVERY} ]; then
4721e9dc3b8SJoseph Chen				echo "ERROR: No arg \"--rollback-index-recovery <n>\""
4731e9dc3b8SJoseph Chen				exit 1
4741e9dc3b8SJoseph Chen			fi
4751ebfa2d7SJoseph Chen			if ! grep -q '^CONFIG_OPTEE_CLIENT=y' .config ; then
4761ebfa2d7SJoseph Chen				echo "ERROR: Don't support \"--rollback-index-recovery <n>\""
4771ebfa2d7SJoseph Chen				exit 1
4781ebfa2d7SJoseph Chen			fi
4791e9dc3b8SJoseph Chen		fi
4801e9dc3b8SJoseph Chen
4811e9dc3b8SJoseph Chen		# fixup
482*d1627df0SJoseph Chen		FDT_ADDR_R=`strings env/built-in.o | grep 'fdt_addr_r=' | awk -F "=" '{ print $2 }'`
483*d1627df0SJoseph Chen		KERNEL_ADDR_R=`strings env/built-in.o | grep 'kernel_addr_r=' | awk -F "=" '{ print $2 }'`
484*d1627df0SJoseph Chen		RMADISK_ADDR_R=`strings env/built-in.o | grep 'ramdisk_addr_r=' | awk -F "=" '{ print $2 }'`
4851e9dc3b8SJoseph Chen		sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g"         ${ITS_RECOVERY}
4861e9dc3b8SJoseph Chen		sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g"   ${ITS_RECOVERY}
4871e9dc3b8SJoseph Chen		sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RMADISK_ADDR_R}/g" ${ITS_RECOVERY}
4881e9dc3b8SJoseph Chen		if grep -q '^CONFIG_ARM64=y' .config ; then
4891e9dc3b8SJoseph Chen			sed -i 's/arch = "arm";/arch = "arm64";/g' ${ITS_RECOVERY}
4901e9dc3b8SJoseph Chen		fi
4911e9dc3b8SJoseph Chen
4921e9dc3b8SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
4931e9dc3b8SJoseph Chen			VERSION=`grep 'rollback-index' ${ITS_RECOVERY} | awk -F '=' '{ printf $2 }' | tr -d ' '`
4941e9dc3b8SJoseph Chen			sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_RECOVERY}>;/g" ${ITS_RECOVERY}
4951e9dc3b8SJoseph Chen		fi
4961e9dc3b8SJoseph Chen
4971e9dc3b8SJoseph Chen		${MKIMAGE} -f ${ITS_RECOVERY} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_DATA} -r ${ITB_RECOVERY} -v ${ARG_VER_RECOVERY}
4981e9dc3b8SJoseph Chen		mv ${SIG_BIN} ${SIG_RECOVERY}
4991e9dc3b8SJoseph Chen
5001e9dc3b8SJoseph Chen		# rollback-index read back check
5011e9dc3b8SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
5021e9dc3b8SJoseph Chen			VERSION=`fdtget -ti ${ITB_RECOVERY} /configurations/conf rollback-index`
5031e9dc3b8SJoseph Chen			if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_RECOVERY}" ]; then
5041e9dc3b8SJoseph Chen				echo "ERROR: Failed to set rollback-index for ${ITB_RECOVERY}";
5051e9dc3b8SJoseph Chen				exit 1
5061e9dc3b8SJoseph Chen			fi
5071e9dc3b8SJoseph Chen		fi
5081e9dc3b8SJoseph Chen
5091e9dc3b8SJoseph Chen		# host check signature
5101e9dc3b8SJoseph Chen		if [ "${ARG_NO_CHECK}" != "y" ]; then
5111e9dc3b8SJoseph Chen			 ${CHECK_SIGN} -f ${ITB_RECOVERY} -k ${UBOOT_DTB}
5121e9dc3b8SJoseph Chen		fi
5131e9dc3b8SJoseph Chen
5141e9dc3b8SJoseph Chen		# minimize u-boot.dtb: clearn as 0 but not remove property.
5151e9dc3b8SJoseph Chen		if grep -q '^CONFIG_FIT_HW_CRYPTO=y' .config ; then
5161e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
5171e9dc3b8SJoseph Chen			if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' .config ; then
5181e9dc3b8SJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
5191e9dc3b8SJoseph Chen			else
5201e9dc3b8SJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
5211e9dc3b8SJoseph Chen			fi
5221e9dc3b8SJoseph Chen		else
5231e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
5241e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
5251e9dc3b8SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
5261e9dc3b8SJoseph Chen		fi
5271e9dc3b8SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@c
5281e9dc3b8SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@np
5291e9dc3b8SJoseph Chen	fi
5301e9dc3b8SJoseph Chen
5311e9dc3b8SJoseph Chen	mv ${ITS_RECOVERY} ${FIT_DIR}
5321e9dc3b8SJoseph Chen}
5331e9dc3b8SJoseph Chen
5341e9dc3b8SJoseph Chenfunction fit_gen_uboot_img()
5351e9dc3b8SJoseph Chen{
5361e9dc3b8SJoseph Chen	ITB=$1
5371e9dc3b8SJoseph Chen
5381e9dc3b8SJoseph Chen	if [ -z ${ITB} ]; then
5391e9dc3b8SJoseph Chen		ITB=${ITB_UBOOT}
5401e9dc3b8SJoseph Chen	fi
5411e9dc3b8SJoseph Chen
5421e9dc3b8SJoseph Chen	ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'`
5431e9dc3b8SJoseph Chen	ITB_MAX_KB=`sed  -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'`
5441e9dc3b8SJoseph Chen	ITB_MAX_BS=$((ITB_MAX_KB*1024))
5451e9dc3b8SJoseph Chen	ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'`
5461e9dc3b8SJoseph Chen
5471e9dc3b8SJoseph Chen	if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
5481e9dc3b8SJoseph Chen		echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
5491e9dc3b8SJoseph Chen		exit 1
5501e9dc3b8SJoseph Chen	fi
5511e9dc3b8SJoseph Chen
5521e9dc3b8SJoseph Chen	rm -f ${IMG_UBOOT}
5531e9dc3b8SJoseph Chen	for ((i = 0; i < ${ITB_MAX_NUM}; i++));
5541e9dc3b8SJoseph Chen	do
5551e9dc3b8SJoseph Chen		cat ${ITB} >> ${IMG_UBOOT}
5561e9dc3b8SJoseph Chen		truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
5571e9dc3b8SJoseph Chen	done
5581e9dc3b8SJoseph Chen}
5591e9dc3b8SJoseph Chen
5601e9dc3b8SJoseph Chenfunction fit_gen_boot_img()
5611e9dc3b8SJoseph Chen{
5621e9dc3b8SJoseph Chen	ITB=$1
5631e9dc3b8SJoseph Chen
5641e9dc3b8SJoseph Chen	if [ -z ${ITB} ]; then
5651e9dc3b8SJoseph Chen		ITB=${ITB_BOOT}
5661e9dc3b8SJoseph Chen	fi
5671e9dc3b8SJoseph Chen
5681e9dc3b8SJoseph Chen	if [ "${ITB}" != "${IMG_BOOT}" ]; then
5691e9dc3b8SJoseph Chen		cp ${ITB} ${IMG_BOOT} -f
5701e9dc3b8SJoseph Chen	fi
5711e9dc3b8SJoseph Chen}
5721e9dc3b8SJoseph Chen
5731e9dc3b8SJoseph Chenfunction fit_gen_recovery_img()
5741e9dc3b8SJoseph Chen{
5751e9dc3b8SJoseph Chen	ITB=$1
5761e9dc3b8SJoseph Chen
5771e9dc3b8SJoseph Chen	if [ -z ${ITB} ]; then
5781e9dc3b8SJoseph Chen		ITB=${ITB_RECOVERY}
5791e9dc3b8SJoseph Chen	fi
5801e9dc3b8SJoseph Chen
5811e9dc3b8SJoseph Chen	if [ "${ITB}" != "${IMG_RECOVERY}" ]; then
5821e9dc3b8SJoseph Chen		cp ${ITB} ${IMG_RECOVERY} -f
5831e9dc3b8SJoseph Chen	fi
5841e9dc3b8SJoseph Chen}
5851e9dc3b8SJoseph Chen
5861e9dc3b8SJoseph Chenfunction fit_gen_loader()
5871e9dc3b8SJoseph Chen{
5881e9dc3b8SJoseph Chen	if grep -Eq '^CONFIG_FIT_SIGNATURE=y' .config ; then
5891e9dc3b8SJoseph Chen		${RK_SIGN_TOOL} cc --chip ${ARG_CHIP: 2: 6}
5901e9dc3b8SJoseph Chen		${RK_SIGN_TOOL} lk --key ${RSA_PRI_KEY} --pubkey ${RSA_PUB_KEY}
5911e9dc3b8SJoseph Chen		if ls *loader*.bin >/dev/null 2>&1 ; then
5921e9dc3b8SJoseph Chen			${RK_SIGN_TOOL} sl --loader *loader*.bin
5931e9dc3b8SJoseph Chen		fi
5941e9dc3b8SJoseph Chen		if ls *download*.bin >/dev/null 2>&1 ; then
5951e9dc3b8SJoseph Chen			${RK_SIGN_TOOL} sl --loader *download*.bin
5961e9dc3b8SJoseph Chen		fi
5971e9dc3b8SJoseph Chen		if ls *idblock*.img >/dev/null 2>&1 ; then
5981e9dc3b8SJoseph Chen			${RK_SIGN_TOOL} sb --idb *idblock*.img
5991e9dc3b8SJoseph Chen		fi
6001e9dc3b8SJoseph Chen	fi
6011e9dc3b8SJoseph Chen}
6021e9dc3b8SJoseph Chen
6031e9dc3b8SJoseph Chenfunction fit_msg_uboot()
6041e9dc3b8SJoseph Chen{
6051e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
6061e9dc3b8SJoseph Chen		MSG_SIGN="no-signed"
6071e9dc3b8SJoseph Chen	else
6081e9dc3b8SJoseph Chen		MSG_SIGN="signed"
6091e9dc3b8SJoseph Chen	fi
6101e9dc3b8SJoseph Chen
6111e9dc3b8SJoseph Chen	VERSION=`fdtget -ti ${ITB_UBOOT} / version`
6121e9dc3b8SJoseph Chen	if [ "${VERSION}" != "" ]; then
6131e9dc3b8SJoseph Chen		MSG_VER=", version=${VERSION}"
6141e9dc3b8SJoseph Chen	fi
6151e9dc3b8SJoseph Chen
6161e9dc3b8SJoseph Chen	if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
6171e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_UBOOT}): ${IMG_UBOOT} (with uboot, trust...) is ready"
6181e9dc3b8SJoseph Chen	else
6191e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}): ${IMG_UBOOT} (FIT with uboot, trust...) is ready"
6201e9dc3b8SJoseph Chen	fi
6211e9dc3b8SJoseph Chen}
6221e9dc3b8SJoseph Chen
6231e9dc3b8SJoseph Chenfunction fit_msg_boot()
6241e9dc3b8SJoseph Chen{
6251e9dc3b8SJoseph Chen	if [ -z "${ARG_BOOT_IMG}" ]; then
6261e9dc3b8SJoseph Chen		return;
6271e9dc3b8SJoseph Chen	fi
6281e9dc3b8SJoseph Chen
6291e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
6301e9dc3b8SJoseph Chen		MSG_SIGN="no-signed"
6311e9dc3b8SJoseph Chen	else
6321e9dc3b8SJoseph Chen		MSG_SIGN="signed"
6331e9dc3b8SJoseph Chen	fi
6341e9dc3b8SJoseph Chen
6351e9dc3b8SJoseph Chen	VERSION=`fdtget -ti ${ITB_BOOT} / version`
6361e9dc3b8SJoseph Chen	if [ "${VERSION}" != "" ]; then
6371e9dc3b8SJoseph Chen		MSG_VER=", version=${VERSION}"
6381e9dc3b8SJoseph Chen	fi
6391e9dc3b8SJoseph Chen
6401e9dc3b8SJoseph Chen	if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
6411e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_BOOT}): ${IMG_BOOT} is ready"
6421e9dc3b8SJoseph Chen	else
6431e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}): ${IMG_BOOT} (FIT with kernel, fdt, resource...) is ready"
6441e9dc3b8SJoseph Chen	fi
6451e9dc3b8SJoseph Chen}
6461e9dc3b8SJoseph Chen
6471e9dc3b8SJoseph Chenfunction fit_msg_recovery()
6481e9dc3b8SJoseph Chen{
6491e9dc3b8SJoseph Chen	if [ -z "${ARG_RECOVERY_IMG}" ]; then
6501e9dc3b8SJoseph Chen		return;
6511e9dc3b8SJoseph Chen	fi
6521e9dc3b8SJoseph Chen
6531e9dc3b8SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
6541e9dc3b8SJoseph Chen		MSG_SIGN="no-signed"
6551e9dc3b8SJoseph Chen	else
6561e9dc3b8SJoseph Chen		MSG_SIGN="signed"
6571e9dc3b8SJoseph Chen	fi
6581e9dc3b8SJoseph Chen
6591e9dc3b8SJoseph Chen	VERSION=`fdtget -ti ${ITB_RECOVERY} / version`
6601e9dc3b8SJoseph Chen	if [ "${VERSION}" != "" ]; then
6611e9dc3b8SJoseph Chen		MSG_VER=", version=${VERSION}"
6621e9dc3b8SJoseph Chen	fi
6631e9dc3b8SJoseph Chen
6641e9dc3b8SJoseph Chen	if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
6651e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_RECOVERY}): ${IMG_RECOVERY} is ready"
6661e9dc3b8SJoseph Chen	else
6671e9dc3b8SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}): ${IMG_RECOVERY} (FIT with kernel, fdt, resource...) is ready"
6681e9dc3b8SJoseph Chen	fi
6691e9dc3b8SJoseph Chen}
6701e9dc3b8SJoseph Chen
6711e9dc3b8SJoseph Chenfunction fit_msg_loader()
6721e9dc3b8SJoseph Chen{
6731e9dc3b8SJoseph Chen	if ls *loader*.bin >/dev/null 2>&1 ; then
6741e9dc3b8SJoseph Chen		LOADER=`ls *loader*.bin`
6751e9dc3b8SJoseph Chen	fi
6761e9dc3b8SJoseph Chen
6771e9dc3b8SJoseph Chen	if ls *idblock*.img >/dev/null 2>&1 ; then
6781e9dc3b8SJoseph Chen		LOADER=`ls *idblock*.img`
6791e9dc3b8SJoseph Chen	fi
6801e9dc3b8SJoseph Chen
6811e9dc3b8SJoseph Chen	if grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
6821e9dc3b8SJoseph Chen		echo "Image(signed): ${LOADER} (with spl, ddr...) is ready"
6831e9dc3b8SJoseph Chen	else
6841e9dc3b8SJoseph Chen		echo "Image(no-signed): ${LOADER} (with spl, ddr...) is ready"
6851e9dc3b8SJoseph Chen	fi
6861e9dc3b8SJoseph Chen}
6871e9dc3b8SJoseph Chen
6881e9dc3b8SJoseph Chenfunction fit_msg_u_boot_loader()
6891e9dc3b8SJoseph Chen{
6901e9dc3b8SJoseph Chen	if ls *loader*.bin >/dev/null 2>&1 ; then
6911e9dc3b8SJoseph Chen		LOADER=`ls *loader*.bin`
6921e9dc3b8SJoseph Chen	fi
6931e9dc3b8SJoseph Chen
6941e9dc3b8SJoseph Chen	if ls *idblock*.img >/dev/null 2>&1 ; then
6951e9dc3b8SJoseph Chen		LOADER=`ls *idblock*.img`
6961e9dc3b8SJoseph Chen	fi
6971e9dc3b8SJoseph Chen
6981e9dc3b8SJoseph Chen	if grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
6991e9dc3b8SJoseph Chen		echo "Image(signed): ${LOADER} (with u-boot, ddr...) is ready"
7001e9dc3b8SJoseph Chen	else
7011e9dc3b8SJoseph Chen		echo "Image(no-signed): ${LOADER} (with u-boot, ddr...) is ready"
7021e9dc3b8SJoseph Chen	fi
7031e9dc3b8SJoseph Chen}
704