xref: /rk3399_rockchip-uboot/scripts/fit-resign.sh (revision 827e2ae92e2103f82dab5b54228ad24e40db6263) 
1#!/bin/bash
2#
3# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd
4#
5# SPDX-License-Identifier: GPL-2.0
6#
7set -e
8
9# [Keys]
10#	mkdir -p keys
11#	openssl genpkey -algorithm RSA -out keys/dev.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
12#	openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
13# [Sign]
14#	openssl dgst -sha256 -sign keys/dev.key -out sha256-rsa2048.sign fit/boot.data2sign
15
16IMG_UBOOT="uboot.img"
17IMG_BOOT="boot.img"
18
19function usage_resign()
20{
21	echo
22	echo "usage:"
23	echo "    $0 -f [itb] -s [sig]"
24	echo
25}
26
27function fit_resign()
28{
29	if [ $# -ne 4 ]; then
30		usage_resign
31		exit 1
32	fi
33
34	while [ $# -gt 0 ]; do
35		case $1 in
36			-f)
37				ITB=$2
38				shift 2
39				;;
40			-s)
41				SIG=$2
42				shift 2
43				;;
44			*)
45				usage_resign
46				exit 1
47				;;
48		esac
49	done
50
51	if [ ! -f ${ITB} ]; then
52		echo "ERROR: No ${ITB}"
53		exit 1
54	elif [ ! -f ${SIG} ]; then
55		echo "ERROR: No ${SIG}"
56		exit 1
57	fi
58
59	copies=`strings ${ITB} | grep "signer-version"  | wc -l`
60	if [ ${copies} -ne 1 ]; then
61		echo "ERROR: ${ITB} seems not a itb but a image, ${copies}"
62		exit 1
63	fi
64
65	SIG_SZ=`ls -l ${SIG} | awk '{ print $5 }'`
66	LEN=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/LEN:/p" | awk '{ print $2 }'`
67	OFF=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/OFF:/p" | awk '{ print $2 }'`
68	END=`./tools/fit_info -f ${ITB} -n /configurations/conf/signature -p value | sed -n "/END:/p" | awk '{ print $2 }'`
69
70	if [ -z ${LEN} ]; then
71		echo "ERROR: No signature in ${ITB}"
72		exit 1
73		strings uboot.img | grep "rollback-index" | wc -l
74	elif [ "${SIG_SZ}" -ne "${LEN}" ]; then
75		echo "ERROR: ${SIG} size ${SIG_SZ} != ${ITB} Signature size ${LEN}"
76		exit 1
77	fi
78
79	dd if=${ITB} of=${ITB}.half1 count=1 bs=${OFF}
80	dd if=${ITB} of=${ITB}.half2 skip=1 ibs=${END}
81
82	ITB_RESIGN="${ITB}.resign"
83	cat ${ITB}.half1  >  ${ITB_RESIGN}
84	cat ${SIG}        >> ${ITB_RESIGN}
85	cat ${ITB}.half2  >> ${ITB_RESIGN}
86	echo
87
88	if fdtget -l ${ITB_RESIGN} /images/uboot >/dev/null 2>&1 ; then
89		ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'`
90		ITB_MAX_KB=`sed  -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'`
91		ITB_MAX_BS=$((ITB_MAX_KB*1024))
92		ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'`
93		if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
94			echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
95			exit 1
96		fi
97
98		rm -f ${IMG_UBOOT}
99		for ((i = 0; i < ${ITB_MAX_NUM}; i++));
100		do
101			cat ${ITB_RESIGN} >> ${IMG_UBOOT}
102			truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
103		done
104		echo "Image(re-signed):  ${IMG_UBOOT} is ready"
105	else
106		cp ${ITB_RESIGN} ${IMG_BOOT}
107		echo "Image(re-signed):  ${IMG_BOOT} is ready"
108	fi
109
110	rm -f ${ITB}.half1 ${ITB}.half2 ${ITB_RESIGN}
111}
112
113fit_resign $*
114
115