xref: /rk3399_rockchip-uboot/scripts/fit-resign.sh (revision 1ff581bb9ed8deefd78faf794daf33c28dd896a3)
13301aa1aSJoseph Chen#!/bin/bash
23301aa1aSJoseph Chen#
33301aa1aSJoseph Chen# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd
475323eb8SJoseph Chen#
53301aa1aSJoseph Chen# SPDX-License-Identifier: GPL-2.0
63301aa1aSJoseph Chen#
73301aa1aSJoseph Chenset -e
83301aa1aSJoseph Chen
9*1ff581bbSJoseph Chen# [Keys]
10*1ff581bbSJoseph Chen#	mkdir -p keys
11*1ff581bbSJoseph Chen#	openssl genpkey -algorithm RSA -out keys/dev.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
12*1ff581bbSJoseph Chen#	openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
13*1ff581bbSJoseph Chen# [Sign]
1475323eb8SJoseph Chen#	openssl dgst -sha256 -sign keys/dev.key -out sha256-rsa2048.sign fit/boot.data2sign
153301aa1aSJoseph Chen
16*1ff581bbSJoseph ChenIMG_UBOOT="uboot.img"
17*1ff581bbSJoseph ChenIMG_BOOT="boot.img"
18*1ff581bbSJoseph Chen
19*1ff581bbSJoseph Chenfunction usage_resign()
20*1ff581bbSJoseph Chen{
21*1ff581bbSJoseph Chen	echo
22*1ff581bbSJoseph Chen	echo "usage:"
23*1ff581bbSJoseph Chen	echo "    $0 -f [itb] -s [sig]"
24*1ff581bbSJoseph Chen	echo
25*1ff581bbSJoseph Chen}
26*1ff581bbSJoseph Chen
27*1ff581bbSJoseph Chenfunction fit_resign()
28*1ff581bbSJoseph Chen{
29*1ff581bbSJoseph Chen	if [ $# -ne 4 ]; then
30*1ff581bbSJoseph Chen		usage_resign
31*1ff581bbSJoseph Chen		exit 1
32*1ff581bbSJoseph Chen	fi
33*1ff581bbSJoseph Chen
34*1ff581bbSJoseph Chen	while [ $# -gt 0 ]; do
35*1ff581bbSJoseph Chen		case $1 in
36*1ff581bbSJoseph Chen			-f)
37*1ff581bbSJoseph Chen				ITB=$2
38*1ff581bbSJoseph Chen				shift 2
39*1ff581bbSJoseph Chen				;;
40*1ff581bbSJoseph Chen			-s)
41*1ff581bbSJoseph Chen				SIG=$2
42*1ff581bbSJoseph Chen				shift 2
43*1ff581bbSJoseph Chen				;;
44*1ff581bbSJoseph Chen			*)
45*1ff581bbSJoseph Chen				usage_resign
46*1ff581bbSJoseph Chen				exit 1
47*1ff581bbSJoseph Chen				;;
48*1ff581bbSJoseph Chen		esac
49*1ff581bbSJoseph Chen	done
50*1ff581bbSJoseph Chen
51*1ff581bbSJoseph Chen	if [ ! -f ${ITB} ]; then
52*1ff581bbSJoseph Chen		echo "ERROR: No ${ITB}"
53*1ff581bbSJoseph Chen		exit 1
54*1ff581bbSJoseph Chen	elif [ ! -f ${SIG} ]; then
55*1ff581bbSJoseph Chen		echo "ERROR: No ${SIG}"
56*1ff581bbSJoseph Chen		exit 1
57*1ff581bbSJoseph Chen	fi
58*1ff581bbSJoseph Chen
59*1ff581bbSJoseph Chen	copies=`strings ${ITB} | grep "signer-version"  | wc -l`
60*1ff581bbSJoseph Chen	if [ ${copies} -ne 1 ]; then
61*1ff581bbSJoseph Chen		echo "ERROR: ${ITB} seems not a itb but a image, ${copies}"
62*1ff581bbSJoseph Chen		exit 1
63*1ff581bbSJoseph Chen	fi
64*1ff581bbSJoseph Chen
65*1ff581bbSJoseph Chen	SIG_SZ=`ls -l ${SIG} | awk '{ print $5 }'`
66*1ff581bbSJoseph Chen	LEN=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/LEN:/p" | awk '{ print $2 }'`
67*1ff581bbSJoseph Chen	OFF=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/OFF:/p" | awk '{ print $2 }'`
68*1ff581bbSJoseph Chen	END=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/END:/p" | awk '{ print $2 }'`
69*1ff581bbSJoseph Chen
70*1ff581bbSJoseph Chen	if [ -z ${LEN} ]; then
71*1ff581bbSJoseph Chen		echo "ERROR: No signature in ${ITB}"
72*1ff581bbSJoseph Chen		exit 1
73*1ff581bbSJoseph Chen		strings uboot.img | grep "rollback-index" | wc -l
74*1ff581bbSJoseph Chen	elif [ "${SIG_SZ}" -ne "${LEN}" ]; then
75*1ff581bbSJoseph Chen		echo "ERROR: ${SIG} size ${SIG_SZ} != ${ITB} Signature size ${LEN}"
76*1ff581bbSJoseph Chen		exit 1
77*1ff581bbSJoseph Chen	fi
78*1ff581bbSJoseph Chen
79*1ff581bbSJoseph Chen	dd if=${ITB} of=${ITB}.half1 count=1 bs=${OFF}
80*1ff581bbSJoseph Chen	dd if=${ITB} of=${ITB}.half2 skip=1 ibs=${END}
81*1ff581bbSJoseph Chen
82*1ff581bbSJoseph Chen	ITB_RESIGN="${ITB}.resign"
83*1ff581bbSJoseph Chen	cat ${ITB}.half1  >  ${ITB_RESIGN}
84*1ff581bbSJoseph Chen	cat ${SIG}        >> ${ITB_RESIGN}
85*1ff581bbSJoseph Chen	cat ${ITB}.half2  >> ${ITB_RESIGN}
86*1ff581bbSJoseph Chen	echo
87*1ff581bbSJoseph Chen
88*1ff581bbSJoseph Chen	if fdtget -l ${ITB_RESIGN} /images/uboot >/dev/null 2>&1 ; then
89*1ff581bbSJoseph Chen		ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'`
90*1ff581bbSJoseph Chen		ITB_MAX_KB=`sed  -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'`
91*1ff581bbSJoseph Chen		ITB_MAX_BS=$((ITB_MAX_KB*1024))
92*1ff581bbSJoseph Chen		ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'`
93*1ff581bbSJoseph Chen		if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
94*1ff581bbSJoseph Chen			echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
95*1ff581bbSJoseph Chen			exit 1
96*1ff581bbSJoseph Chen		fi
97*1ff581bbSJoseph Chen
98*1ff581bbSJoseph Chen		rm -f ${IMG_UBOOT}
99*1ff581bbSJoseph Chen		for ((i = 0; i < ${ITB_MAX_NUM}; i++));
100*1ff581bbSJoseph Chen		do
101*1ff581bbSJoseph Chen			cat ${ITB_RESIGN} >> ${IMG_UBOOT}
102*1ff581bbSJoseph Chen			truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
103*1ff581bbSJoseph Chen		done
104*1ff581bbSJoseph Chen		echo "Image(re-signed):  ${IMG_UBOOT} is ready"
105*1ff581bbSJoseph Chen	else
106*1ff581bbSJoseph Chen		cp ${ITB_RESIGN} ${IMG_BOOT}
107*1ff581bbSJoseph Chen		echo "Image(re-signed):  ${IMG_BOOT} is ready"
108*1ff581bbSJoseph Chen	fi
109*1ff581bbSJoseph Chen
110*1ff581bbSJoseph Chen	rm -f ${ITB}.half1 ${ITB}.half2 ${ITB_RESIGN}
111*1ff581bbSJoseph Chen}
112*1ff581bbSJoseph Chen
11375323eb8SJoseph Chenfit_resign $*
114*1ff581bbSJoseph Chen
115