1*ae33e311SJoseph Chen#!/bin/bash 2*ae33e311SJoseph Chen# 3*ae33e311SJoseph Chen# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd 4*ae33e311SJoseph Chen# 5*ae33e311SJoseph Chen# SPDX-License-Identifier: GPL-2.0 6*ae33e311SJoseph Chen# 7*ae33e311SJoseph Chenset -e 8*ae33e311SJoseph Chen 9*ae33e311SJoseph ChenFIT_DIR="fit" 10*ae33e311SJoseph ChenIMG_UBOOT="uboot.img" 11*ae33e311SJoseph ChenIMG_BOOT="boot.img" 12*ae33e311SJoseph ChenITB_UBOOT="${FIT_DIR}/uboot.itb" 13*ae33e311SJoseph ChenITB_BOOT="${FIT_DIR}/boot.itb" 14*ae33e311SJoseph ChenSIG_BIN="data2sign.bin" 15*ae33e311SJoseph ChenSIG_UBOOT="${FIT_DIR}/uboot.data2sign" 16*ae33e311SJoseph ChenSIG_BOOT="${FIT_DIR}/boot.data2sign" 17*ae33e311SJoseph Chen# offs 18*ae33e311SJoseph ChenOFFS_NS_UBOOT="0xa00" 19*ae33e311SJoseph ChenOFFS_S_UBOOT="0xc00" 20*ae33e311SJoseph ChenOFFS_NS_BOOT="0x800" 21*ae33e311SJoseph ChenOFFS_S_BOOT="0xc00" 22*ae33e311SJoseph Chen# file 23*ae33e311SJoseph ChenCHIP_FILE="arch/arm/lib/.asm-offsets.s.cmd" 24*ae33e311SJoseph Chen# placeholder address 25*ae33e311SJoseph ChenFDT_ADDR_PLACEHOLDER="0xffffff00" 26*ae33e311SJoseph ChenKERNEL_ADDR_PLACEHOLDER="0xffffff01" 27*ae33e311SJoseph ChenRAMDISK_ADDR_PLACEHOLDER="0xffffff02" 28*ae33e311SJoseph Chen# tools 29*ae33e311SJoseph ChenMKIMAGE="./tools/mkimage" 30*ae33e311SJoseph ChenFIT_UNPACK="./scripts/fit-unpack.sh" 31*ae33e311SJoseph ChenCHECK_SIGN="./tools/fit_check_sign" 32*ae33e311SJoseph Chen# key 33*ae33e311SJoseph ChenKEY_DIR="keys/" 34*ae33e311SJoseph ChenRSA_PRI_KEY="keys/dev.key" 35*ae33e311SJoseph ChenRSA_PUB_KEY="keys/dev.crt" 36*ae33e311SJoseph ChenSIGNATURE_KEY_NODE="/signature/key-dev" 37*ae33e311SJoseph ChenSPL_DTB="spl/u-boot-spl.dtb" 38*ae33e311SJoseph ChenUBOOT_DTB="u-boot.dtb" 39*ae33e311SJoseph Chen# its 40*ae33e311SJoseph ChenITS_UBOOT="u-boot.its" 41*ae33e311SJoseph ChenITS_BOOT="boot.its" 42*ae33e311SJoseph ChenARG_VER_UBOOT="0" 43*ae33e311SJoseph ChenARG_VER_BOOT="0" 44*ae33e311SJoseph Chen 45*ae33e311SJoseph Chenfunction help() 46*ae33e311SJoseph Chen{ 47*ae33e311SJoseph Chen echo 48*ae33e311SJoseph Chen echo "usage:" 49*ae33e311SJoseph Chen echo " $0 [args]" 50*ae33e311SJoseph Chen echo 51*ae33e311SJoseph Chen echo "args:" 52*ae33e311SJoseph Chen echo " --rollback-index-boot <decimal integer>" 53*ae33e311SJoseph Chen echo " --rollback-index-uboot <decimal integer>" 54*ae33e311SJoseph Chen echo " --version-uboot <decimal integer>" 55*ae33e311SJoseph Chen echo " --version-boot <decimal integer>" 56*ae33e311SJoseph Chen echo " --ini-trust" 57*ae33e311SJoseph Chen echo " --ini-loader" 58*ae33e311SJoseph Chen echo " --no-vboot" 59*ae33e311SJoseph Chen echo " --no-check" 60*ae33e311SJoseph Chen echo " --no-rebuild" 61*ae33e311SJoseph Chen echo " --spl-new" 62*ae33e311SJoseph Chen echo " --uboot-itb" 63*ae33e311SJoseph Chen echo " --boot-itb" 64*ae33e311SJoseph Chen echo " --boot_img" 65*ae33e311SJoseph Chen echo " --arg-check" 66*ae33e311SJoseph Chen echo 67*ae33e311SJoseph Chen} 68*ae33e311SJoseph Chen 69*ae33e311SJoseph Chenfunction arg_check_decimal() 70*ae33e311SJoseph Chen{ 71*ae33e311SJoseph Chen if [ -z $1 ]; then 72*ae33e311SJoseph Chen help 73*ae33e311SJoseph Chen exit 1 74*ae33e311SJoseph Chen fi 75*ae33e311SJoseph Chen 76*ae33e311SJoseph Chen decimal=`echo $1 |sed 's/[0-9]//g'` 77*ae33e311SJoseph Chen if [ ! -z ${decimal} ]; then 78*ae33e311SJoseph Chen echo "ERROR: $1 is not decimal integer" 79*ae33e311SJoseph Chen help 80*ae33e311SJoseph Chen exit 1 81*ae33e311SJoseph Chen fi 82*ae33e311SJoseph Chen} 83*ae33e311SJoseph Chen 84*ae33e311SJoseph Chenfunction check_its() 85*ae33e311SJoseph Chen{ 86*ae33e311SJoseph Chen cat $1 | while read line 87*ae33e311SJoseph Chen do 88*ae33e311SJoseph Chen file=`echo ${line} | sed -n "/incbin/p" | awk -F '"' '{ printf $2 }' | tr -d ' '` 89*ae33e311SJoseph Chen if [ ! -f ${file} ]; then 90*ae33e311SJoseph Chen echo "ERROR: No ${file}" 91*ae33e311SJoseph Chen exit 1 92*ae33e311SJoseph Chen fi 93*ae33e311SJoseph Chen done 94*ae33e311SJoseph Chen} 95*ae33e311SJoseph Chen 96*ae33e311SJoseph Chenfunction validate_arg() 97*ae33e311SJoseph Chen{ 98*ae33e311SJoseph Chen case $1 in 99*ae33e311SJoseph Chen --uboot-itb|--boot-itb|--no-vboot|--no-rebuild|--no-check|--spl-new) 100*ae33e311SJoseph Chen shift=1 101*ae33e311SJoseph Chen ;; 102*ae33e311SJoseph Chen --ini-trust|--ini-loader|--rollback-index-boot|--rollback-index-uboot|--boot_img|--version-uboot|--version-boot) 103*ae33e311SJoseph Chen shift=2 104*ae33e311SJoseph Chen ;; 105*ae33e311SJoseph Chen *) 106*ae33e311SJoseph Chen shift=0 107*ae33e311SJoseph Chen ;; 108*ae33e311SJoseph Chen esac 109*ae33e311SJoseph Chen echo ${shift} 110*ae33e311SJoseph Chen} 111*ae33e311SJoseph Chen 112*ae33e311SJoseph Chenfunction fit_process_args() 113*ae33e311SJoseph Chen{ 114*ae33e311SJoseph Chen if [ $# -eq 0 ]; then 115*ae33e311SJoseph Chen help 116*ae33e311SJoseph Chen exit 0 117*ae33e311SJoseph Chen fi 118*ae33e311SJoseph Chen 119*ae33e311SJoseph Chen while [ $# -gt 0 ]; do 120*ae33e311SJoseph Chen case $1 in 121*ae33e311SJoseph Chen --arg-check) 122*ae33e311SJoseph Chen ARG_VALIDATE=$2 123*ae33e311SJoseph Chen shift 2 124*ae33e311SJoseph Chen ;; 125*ae33e311SJoseph Chen --uboot-itb) 126*ae33e311SJoseph Chen ARG_PACK_UBOOT="y" 127*ae33e311SJoseph Chen shift 1 128*ae33e311SJoseph Chen ;; 129*ae33e311SJoseph Chen --boot-itb) 130*ae33e311SJoseph Chen ARG_PACK_BOOT="y" 131*ae33e311SJoseph Chen shift 1 132*ae33e311SJoseph Chen ;; 133*ae33e311SJoseph Chen --no-vboot) # Force to build non-vboot image 134*ae33e311SJoseph Chen ARG_NO_VBOOT="y" 135*ae33e311SJoseph Chen shift 1 136*ae33e311SJoseph Chen ;; 137*ae33e311SJoseph Chen --no-rebuild) # No rebuild with "./make.sh" 138*ae33e311SJoseph Chen ARG_NO_REBUILD="y" 139*ae33e311SJoseph Chen shift 1 140*ae33e311SJoseph Chen ;; 141*ae33e311SJoseph Chen --no-check) # No hostcc fit signature check 142*ae33e311SJoseph Chen ARG_NO_CHECK="y" 143*ae33e311SJoseph Chen shift 1 144*ae33e311SJoseph Chen ;; 145*ae33e311SJoseph Chen --ini-trust) # Assign trust ini file 146*ae33e311SJoseph Chen ARG_INI_TRUST=$2 147*ae33e311SJoseph Chen shift 2 148*ae33e311SJoseph Chen ;; 149*ae33e311SJoseph Chen --ini-loader) # Assign loader ini file 150*ae33e311SJoseph Chen ARG_INI_LOADER=$2 151*ae33e311SJoseph Chen shift 2 152*ae33e311SJoseph Chen ;; 153*ae33e311SJoseph Chen --spl-new) # Use current build u-boot-spl.bin to pack loader 154*ae33e311SJoseph Chen ARG_SPL_NEW="y" 155*ae33e311SJoseph Chen shift 1 156*ae33e311SJoseph Chen ;; 157*ae33e311SJoseph Chen --rollback-index-boot) 158*ae33e311SJoseph Chen ARG_ROLLBACK_IDX_BOOT=$2 159*ae33e311SJoseph Chen arg_check_decimal $2 160*ae33e311SJoseph Chen shift 2 161*ae33e311SJoseph Chen ;; 162*ae33e311SJoseph Chen --rollback-index-uboot) 163*ae33e311SJoseph Chen ARG_ROLLBACK_IDX_UBOOT=$2 164*ae33e311SJoseph Chen arg_check_decimal $2 165*ae33e311SJoseph Chen shift 2 166*ae33e311SJoseph Chen ;; 167*ae33e311SJoseph Chen --boot_img) # external boot.img 168*ae33e311SJoseph Chen ARG_EXT_BOOT=$2 169*ae33e311SJoseph Chen shift 2 170*ae33e311SJoseph Chen ;; 171*ae33e311SJoseph Chen --version-uboot) 172*ae33e311SJoseph Chen ARG_VER_UBOOT=$2 173*ae33e311SJoseph Chen arg_check_decimal $2 174*ae33e311SJoseph Chen shift 2 175*ae33e311SJoseph Chen ;; 176*ae33e311SJoseph Chen --version-boot) 177*ae33e311SJoseph Chen ARG_VER_BOOT=$2 178*ae33e311SJoseph Chen arg_check_decimal $2 179*ae33e311SJoseph Chen shift 2 180*ae33e311SJoseph Chen ;; 181*ae33e311SJoseph Chen *) 182*ae33e311SJoseph Chen help 183*ae33e311SJoseph Chen exit 1 184*ae33e311SJoseph Chen ;; 185*ae33e311SJoseph Chen esac 186*ae33e311SJoseph Chen done 187*ae33e311SJoseph Chen} 188*ae33e311SJoseph Chen 189*ae33e311SJoseph Chenfunction fit_rebuild() 190*ae33e311SJoseph Chen{ 191*ae33e311SJoseph Chen # Verified-boot: should rebuild code but don't need to repack images. 192*ae33e311SJoseph Chen if [ "${ARG_NO_REBUILD}" != "y" ]; then 193*ae33e311SJoseph Chen ./make.sh --no-pack # Build but not pack loader/trust/uboot, etc. 194*ae33e311SJoseph Chen fi 195*ae33e311SJoseph Chen 196*ae33e311SJoseph Chen rm ${FIT_DIR} -rf 197*ae33e311SJoseph Chen mkdir -p ${FIT_DIR} 198*ae33e311SJoseph Chen} 199*ae33e311SJoseph Chen 200*ae33e311SJoseph Chenfunction fit_gen_uboot_itb() 201*ae33e311SJoseph Chen{ 202*ae33e311SJoseph Chen ./make.sh itb ${ARG_INI_TRUST} >/dev/null 2>&1 203*ae33e311SJoseph Chen check_its ${ITS_UBOOT} 204*ae33e311SJoseph Chen 205*ae33e311SJoseph Chen if [ "${ARG_NO_VBOOT}" == "y" ]; then 206*ae33e311SJoseph Chen ${MKIMAGE} -f ${ITS_UBOOT} -E -p ${OFFS_NS_UBOOT} ${ITB_UBOOT} -v ${ARG_VER_UBOOT} 207*ae33e311SJoseph Chen if [ "${ARG_SPL_NEW}" == "y" ]; then 208*ae33e311SJoseph Chen ./make.sh --spl ${ARG_INI_LOADER} 209*ae33e311SJoseph Chen echo "pack loader with new: spl/u-boot-spl.bin" 210*ae33e311SJoseph Chen else 211*ae33e311SJoseph Chen ./make.sh loader ${ARG_INI_LOADER} 212*ae33e311SJoseph Chen fi 213*ae33e311SJoseph Chen else 214*ae33e311SJoseph Chen if [ ! -f ${RSA_PRI_KEY} ]; then 215*ae33e311SJoseph Chen echo "ERROR: No ${RSA_PRI_KEY} " 216*ae33e311SJoseph Chen exit 1 217*ae33e311SJoseph Chen elif [ ! -f ${RSA_PUB_KEY} ]; then 218*ae33e311SJoseph Chen echo "ERROR: No ${RSA_PUB_KEY} " 219*ae33e311SJoseph Chen exit 1 220*ae33e311SJoseph Chen fi 221*ae33e311SJoseph Chen 222*ae33e311SJoseph Chen if ! grep -q '^CONFIG_SPL_FIT_SIGNATURE=y' .config ; then 223*ae33e311SJoseph Chen echo "ERROR: CONFIG_SPL_FIT_SIGNATURE is disabled" 224*ae33e311SJoseph Chen exit 1 225*ae33e311SJoseph Chen fi 226*ae33e311SJoseph Chen 227*ae33e311SJoseph Chen if grep -q '^CONFIG_SPL_FIT_ROLLBACK_PROTECT=y' .config ; then 228*ae33e311SJoseph Chen ARG_SPL_ROLLBACK_PROTECT="y" 229*ae33e311SJoseph Chen if [ -z ${ARG_ROLLBACK_IDX_UBOOT} ]; then 230*ae33e311SJoseph Chen echo "ERROR: No arg \"--rollback-index-uboot <n>\"" 231*ae33e311SJoseph Chen exit 1 232*ae33e311SJoseph Chen fi 233*ae33e311SJoseph Chen fi 234*ae33e311SJoseph Chen 235*ae33e311SJoseph Chen if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then 236*ae33e311SJoseph Chen VERSION=`grep 'rollback-index' ${ITS_UBOOT} | awk -F '=' '{ printf $2 }' ` 237*ae33e311SJoseph Chen sed -i "s/${VERSION}/ <${ARG_ROLLBACK_IDX_UBOOT}>;/g" ${ITS_UBOOT} 238*ae33e311SJoseph Chen fi 239*ae33e311SJoseph Chen 240*ae33e311SJoseph Chen # u-boot.dtb must contains rsa key 241*ae33e311SJoseph Chen if ! fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then 242*ae33e311SJoseph Chen ${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_S_UBOOT} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT} 243*ae33e311SJoseph Chen echo "Adding RSA public key into ${UBOOT_DTB}" 244*ae33e311SJoseph Chen fi 245*ae33e311SJoseph Chen 246*ae33e311SJoseph Chen # Pack 247*ae33e311SJoseph Chen ${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${SPL_DTB} -E -p ${OFFS_S_UBOOT} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT} 248*ae33e311SJoseph Chen mv ${SIG_BIN} ${SIG_UBOOT} 249*ae33e311SJoseph Chen 250*ae33e311SJoseph Chen # rollback-index read back check 251*ae33e311SJoseph Chen if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then 252*ae33e311SJoseph Chen VERSION=`fdtget -ti ${ITB_UBOOT} /configurations/conf rollback-index` 253*ae33e311SJoseph Chen if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_UBOOT}" ]; then 254*ae33e311SJoseph Chen echo "ERROR: Failed to set rollback-index for ${ITB_UBOOT}"; 255*ae33e311SJoseph Chen exit 1 256*ae33e311SJoseph Chen fi 257*ae33e311SJoseph Chen fi 258*ae33e311SJoseph Chen 259*ae33e311SJoseph Chen # host check signature 260*ae33e311SJoseph Chen if [ "${ARG_NO_CHECK}" != "y" ]; then 261*ae33e311SJoseph Chen if [ "${ARG_SPL_NEW}" == "y" ]; then 262*ae33e311SJoseph Chen ${CHECK_SIGN} -f ${ITB_UBOOT} -k ${SPL_DTB} -s 263*ae33e311SJoseph Chen else 264*ae33e311SJoseph Chen spl_file="../rkbin/"`sed -n "/FlashBoot=/s/FlashBoot=//p" ${ARG_INI_LOADER} |tr -d '\r'` 265*ae33e311SJoseph Chen offs=`fdtdump -s ${spl_file} | head -1 | awk -F ":" '{ print $2 }' | sed "s/ found fdt at offset //g" | tr -d " "` 266*ae33e311SJoseph Chen if [ -z ${offs} ]; then 267*ae33e311SJoseph Chen echo "ERROR: invalid ${spl_file} , unable to find fdt blob" 268*ae33e311SJoseph Chen fi 269*ae33e311SJoseph Chen offs=`printf %d ${offs} ` # hex -> dec 270*ae33e311SJoseph Chen dd if=${spl_file} of=spl/u-boot-spl-old.dtb bs=${offs} skip=1 >/dev/null 2>&1 271*ae33e311SJoseph Chen ${CHECK_SIGN} -f ${ITB_UBOOT} -k spl/u-boot-spl-old.dtb -s 272*ae33e311SJoseph Chen fi 273*ae33e311SJoseph Chen fi 274*ae33e311SJoseph Chen 275*ae33e311SJoseph Chen # minimize u-boot-spl.dtb 276*ae33e311SJoseph Chen if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' .config ; then 277*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0 278*ae33e311SJoseph Chen if grep -q '^CONFIG_SPL_ROCKCHIP_CRYPTO_V1=y' .config ; then 279*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0 280*ae33e311SJoseph Chen else 281*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0 282*ae33e311SJoseph Chen fi 283*ae33e311SJoseph Chen else 284*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0 285*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0 286*ae33e311SJoseph Chen fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0 287*ae33e311SJoseph Chen fi 288*ae33e311SJoseph Chen 289*ae33e311SJoseph Chen # repack spl 290*ae33e311SJoseph Chen rm -f *_loader_*.bin 291*ae33e311SJoseph Chen if [ "${ARG_SPL_NEW}" == "y" ]; then 292*ae33e311SJoseph Chen cat spl/u-boot-spl-nodtb.bin > spl/u-boot-spl.bin 293*ae33e311SJoseph Chen if ! grep -q '^CONFIG_SPL_SEPARATE_BSS=y' .config ; then 294*ae33e311SJoseph Chen cat spl/u-boot-spl-pad.bin >> spl/u-boot-spl.bin 295*ae33e311SJoseph Chen fi 296*ae33e311SJoseph Chen cat ${SPL_DTB} >> spl/u-boot-spl.bin 297*ae33e311SJoseph Chen 298*ae33e311SJoseph Chen ./make.sh --spl ${ARG_INI_LOADER} 299*ae33e311SJoseph Chen echo "pack loader with new: spl/u-boot-spl.bin" 300*ae33e311SJoseph Chen else 301*ae33e311SJoseph Chen ./make.sh loader ${ARG_INI_LOADER} 302*ae33e311SJoseph Chen fi 303*ae33e311SJoseph Chen fi 304*ae33e311SJoseph Chen 305*ae33e311SJoseph Chen rm -f u-boot.itb u-boot.img u-boot-dtb.img 306*ae33e311SJoseph Chen mv ${ITS_UBOOT} ${FIT_DIR} 307*ae33e311SJoseph Chen} 308*ae33e311SJoseph Chen 309*ae33e311SJoseph Chenfunction fit_gen_boot_itb() 310*ae33e311SJoseph Chen{ 311*ae33e311SJoseph Chen if [ ! -z ${ARG_EXT_BOOT} ]; then 312*ae33e311SJoseph Chen ${FIT_UNPACK} -f ${ARG_EXT_BOOT} -o ${FIT_DIR}/unpack 313*ae33e311SJoseph Chen ITS_BOOT="${FIT_DIR}/unpack/image.its" 314*ae33e311SJoseph Chen else 315*ae33e311SJoseph Chen compression=`awk -F"," '/COMPRESSION=/ { printf $1 }' ${ARG_INI_TRUST} | tr -d ' ' | cut -c 13-` 316*ae33e311SJoseph Chen if [ -z "${compression}" ]; then 317*ae33e311SJoseph Chen compression="none" 318*ae33e311SJoseph Chen fi 319*ae33e311SJoseph Chen ./arch/arm/mach-rockchip/make_fit_boot.sh -c ${compression} > ${ITS_BOOT} 320*ae33e311SJoseph Chen check_its ${ITS_BOOT} 321*ae33e311SJoseph Chen fi 322*ae33e311SJoseph Chen 323*ae33e311SJoseph Chen if [ "${ARG_NO_VBOOT}" == "y" ]; then 324*ae33e311SJoseph Chen ${MKIMAGE} -f ${ITS_BOOT} -E -p ${OFFS_NS_BOOT} ${ITB_BOOT} -v ${ARG_VER_BOOT} 325*ae33e311SJoseph Chen else 326*ae33e311SJoseph Chen if [ ! -f ${RSA_PRI_KEY} ]; then 327*ae33e311SJoseph Chen echo "ERROR: No ${RSA_PRI_KEY}" 328*ae33e311SJoseph Chen exit 1 329*ae33e311SJoseph Chen elif [ ! -f ${RSA_PUB_KEY} ]; then 330*ae33e311SJoseph Chen echo "ERROR: No ${RSA_PUB_KEY}" 331*ae33e311SJoseph Chen exit 1 332*ae33e311SJoseph Chen fi 333*ae33e311SJoseph Chen 334*ae33e311SJoseph Chen if ! grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then 335*ae33e311SJoseph Chen echo "ERROR: CONFIG_FIT_SIGNATURE is disabled" 336*ae33e311SJoseph Chen exit 1 337*ae33e311SJoseph Chen fi 338*ae33e311SJoseph Chen 339*ae33e311SJoseph Chen if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' .config ; then 340*ae33e311SJoseph Chen ARG_ROLLBACK_PROTECT="y" 341*ae33e311SJoseph Chen if [ -z ${ARG_ROLLBACK_IDX_BOOT} ]; then 342*ae33e311SJoseph Chen echo "ERROR: No arg \"--rollback-index-boot <n>\"" 343*ae33e311SJoseph Chen exit 1 344*ae33e311SJoseph Chen fi 345*ae33e311SJoseph Chen fi 346*ae33e311SJoseph Chen 347*ae33e311SJoseph Chen # fixup 348*ae33e311SJoseph Chen COMMON_FILE=`sed -n "/_common.h/p" ${CHIP_FILE} | awk '{ print $1 }'` 349*ae33e311SJoseph Chen FDT_ADDR_R=`awk /fdt_addr_r/ ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'` 350*ae33e311SJoseph Chen KERNEL_ADDR_R=`awk /kernel_addr_r/ ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'` 351*ae33e311SJoseph Chen RMADISK_ADDR_R=`awk /ramdisk_addr_r/ ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'` 352*ae33e311SJoseph Chen sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g" ${ITS_BOOT} 353*ae33e311SJoseph Chen sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g" ${ITS_BOOT} 354*ae33e311SJoseph Chen sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RMADISK_ADDR_R}/g" ${ITS_BOOT} 355*ae33e311SJoseph Chen if grep -q '^CONFIG_ARM64=y' .config ; then 356*ae33e311SJoseph Chen sed -i 's/arch = "arm";/arch = "arm64";/g' ${ITS_BOOT} 357*ae33e311SJoseph Chen fi 358*ae33e311SJoseph Chen 359*ae33e311SJoseph Chen if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then 360*ae33e311SJoseph Chen VERSION=`grep 'rollback-index' ${ITS_BOOT} | awk -F '=' '{ printf $2 }' ` 361*ae33e311SJoseph Chen sed -i "s/${VERSION}/ <${ARG_ROLLBACK_IDX_BOOT}>;/g" ${ITS_BOOT} 362*ae33e311SJoseph Chen fi 363*ae33e311SJoseph Chen 364*ae33e311SJoseph Chen ${MKIMAGE} -f ${ITS_BOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_S_BOOT} -r ${ITB_BOOT} -v ${ARG_VER_BOOT} 365*ae33e311SJoseph Chen mv ${SIG_BIN} ${SIG_BOOT} 366*ae33e311SJoseph Chen 367*ae33e311SJoseph Chen # rollback-index read back check 368*ae33e311SJoseph Chen if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then 369*ae33e311SJoseph Chen VERSION=`fdtget -ti ${ITB_BOOT} /configurations/conf rollback-index` 370*ae33e311SJoseph Chen if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_BOOT}" ]; then 371*ae33e311SJoseph Chen echo "ERROR: Failed to set rollback-index for ${ITB_BOOT}"; 372*ae33e311SJoseph Chen exit 1 373*ae33e311SJoseph Chen fi 374*ae33e311SJoseph Chen fi 375*ae33e311SJoseph Chen 376*ae33e311SJoseph Chen if [ "${ARG_NO_CHECK}" != "y" ]; then 377*ae33e311SJoseph Chen ${CHECK_SIGN} -f ${ITB_BOOT} -k ${UBOOT_DTB} 378*ae33e311SJoseph Chen fi 379*ae33e311SJoseph Chen 380*ae33e311SJoseph Chen # minimize u-boot.dtb 381*ae33e311SJoseph Chen if grep -q '^CONFIG_FIT_HW_CRYPTO=y' .config ; then 382*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0 383*ae33e311SJoseph Chen if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' .config ; then 384*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0 385*ae33e311SJoseph Chen else 386*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0 387*ae33e311SJoseph Chen fi 388*ae33e311SJoseph Chen else 389*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0 390*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0 391*ae33e311SJoseph Chen fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0 392*ae33e311SJoseph Chen fi 393*ae33e311SJoseph Chen fi 394*ae33e311SJoseph Chen 395*ae33e311SJoseph Chen mv ${ITS_BOOT} ${FIT_DIR} 396*ae33e311SJoseph Chen} 397*ae33e311SJoseph Chen 398*ae33e311SJoseph Chenfunction fit_gen_uboot_img() 399*ae33e311SJoseph Chen{ 400*ae33e311SJoseph Chen ITB=$1 401*ae33e311SJoseph Chen 402*ae33e311SJoseph Chen if [ -z ${ITB} ]; then 403*ae33e311SJoseph Chen ITB=${ITB_UBOOT} 404*ae33e311SJoseph Chen fi 405*ae33e311SJoseph Chen 406*ae33e311SJoseph Chen ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'` 407*ae33e311SJoseph Chen ITB_MAX_KB=`sed -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'` 408*ae33e311SJoseph Chen ITB_MAX_BS=$((ITB_MAX_KB*1024)) 409*ae33e311SJoseph Chen ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'` 410*ae33e311SJoseph Chen 411*ae33e311SJoseph Chen if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then 412*ae33e311SJoseph Chen echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes" 413*ae33e311SJoseph Chen exit 1 414*ae33e311SJoseph Chen fi 415*ae33e311SJoseph Chen 416*ae33e311SJoseph Chen rm -f ${IMG_UBOOT} 417*ae33e311SJoseph Chen for ((i = 0; i < ${ITB_MAX_NUM}; i++)); 418*ae33e311SJoseph Chen do 419*ae33e311SJoseph Chen cat ${ITB} >> ${IMG_UBOOT} 420*ae33e311SJoseph Chen truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT} 421*ae33e311SJoseph Chen done 422*ae33e311SJoseph Chen} 423*ae33e311SJoseph Chen 424*ae33e311SJoseph Chenfunction fit_gen_boot_img() 425*ae33e311SJoseph Chen{ 426*ae33e311SJoseph Chen ITB=$1 427*ae33e311SJoseph Chen 428*ae33e311SJoseph Chen if [ -z ${ITB} ]; then 429*ae33e311SJoseph Chen ITB=${ITB_BOOT} 430*ae33e311SJoseph Chen fi 431*ae33e311SJoseph Chen 432*ae33e311SJoseph Chen if [ "${ITB}" != "${IMG_BOOT}" ]; then 433*ae33e311SJoseph Chen cp ${ITB} ${IMG_BOOT} -f 434*ae33e311SJoseph Chen fi 435*ae33e311SJoseph Chen} 436*ae33e311SJoseph Chen 437*ae33e311SJoseph Chenfunction fit_msg_uboot() 438*ae33e311SJoseph Chen{ 439*ae33e311SJoseph Chen if [ "${ARG_NO_VBOOT}" == "y" ]; then 440*ae33e311SJoseph Chen MSG_SIGN="no-signed" 441*ae33e311SJoseph Chen else 442*ae33e311SJoseph Chen MSG_SIGN="signed" 443*ae33e311SJoseph Chen fi 444*ae33e311SJoseph Chen 445*ae33e311SJoseph Chen VERSION=`fdtget -ti ${ITB_UBOOT} / version` 446*ae33e311SJoseph Chen if [ "${VERSION}" != "" ]; then 447*ae33e311SJoseph Chen MSG_VER=", version=${VERSION}" 448*ae33e311SJoseph Chen fi 449*ae33e311SJoseph Chen 450*ae33e311SJoseph Chen if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then 451*ae33e311SJoseph Chen echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_UBOOT}): ${IMG_UBOOT} (with uboot, trust...) is ready" 452*ae33e311SJoseph Chen else 453*ae33e311SJoseph Chen echo "Image(${MSG_SIGN}${MSG_VER}): ${IMG_UBOOT} (FIT with uboot, trust...) is ready" 454*ae33e311SJoseph Chen fi 455*ae33e311SJoseph Chen} 456*ae33e311SJoseph Chen 457*ae33e311SJoseph Chenfunction fit_msg_boot() 458*ae33e311SJoseph Chen{ 459*ae33e311SJoseph Chen if [ "${ARG_NO_VBOOT}" == "y" ]; then 460*ae33e311SJoseph Chen MSG_SIGN="no-signed" 461*ae33e311SJoseph Chen else 462*ae33e311SJoseph Chen MSG_SIGN="signed" 463*ae33e311SJoseph Chen fi 464*ae33e311SJoseph Chen 465*ae33e311SJoseph Chen VERSION=`fdtget -ti ${ITB_BOOT} / version` 466*ae33e311SJoseph Chen if [ "${VERSION}" != "" ]; then 467*ae33e311SJoseph Chen MSG_VER=", version=${VERSION}" 468*ae33e311SJoseph Chen fi 469*ae33e311SJoseph Chen 470*ae33e311SJoseph Chen if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then 471*ae33e311SJoseph Chen echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_BOOT}): ${IMG_BOOT} is ready" 472*ae33e311SJoseph Chen else 473*ae33e311SJoseph Chen echo "Image(${MSG_SIGN}${MSG_VER}): ${IMG_BOOT} (FIT with kernel, fdt, resource...) is ready" 474*ae33e311SJoseph Chen fi 475*ae33e311SJoseph Chen} 476*ae33e311SJoseph Chen 477*ae33e311SJoseph Chenfunction fit_msg_loader() 478*ae33e311SJoseph Chen{ 479*ae33e311SJoseph Chen LOADER=`ls *loader*.bin` 480*ae33e311SJoseph Chen echo "Image(no-signed): ${LOADER} (with spl, ddr, usbplug) is ready" 481*ae33e311SJoseph Chen} 482*ae33e311SJoseph Chen 483*ae33e311SJoseph Chenfunction fit_vboot_uboot() 484*ae33e311SJoseph Chen{ 485*ae33e311SJoseph Chen fit_rebuild 486*ae33e311SJoseph Chen fit_gen_uboot_itb 487*ae33e311SJoseph Chen fit_gen_uboot_img 488*ae33e311SJoseph Chen echo 489*ae33e311SJoseph Chen fit_msg_uboot 490*ae33e311SJoseph Chen} 491*ae33e311SJoseph Chen 492*ae33e311SJoseph Chenfunction fit_vboot() 493*ae33e311SJoseph Chen{ 494*ae33e311SJoseph Chen fit_rebuild 495*ae33e311SJoseph Chen fit_gen_boot_itb 496*ae33e311SJoseph Chen fit_gen_boot_img 497*ae33e311SJoseph Chen fit_gen_uboot_itb 498*ae33e311SJoseph Chen fit_gen_uboot_img 499*ae33e311SJoseph Chen echo 500*ae33e311SJoseph Chen 501*ae33e311SJoseph Chen fit_msg_uboot 502*ae33e311SJoseph Chen fit_msg_boot 503*ae33e311SJoseph Chen fit_msg_loader 504*ae33e311SJoseph Chen echo 505*ae33e311SJoseph Chen} 506*ae33e311SJoseph Chen 507*ae33e311SJoseph Chenfit_process_args $* 508*ae33e311SJoseph Chenif [ ! -z "${ARG_VALIDATE}" ]; then 509*ae33e311SJoseph Chen validate_arg ${ARG_VALIDATE} 510*ae33e311SJoseph Chenelif [ "${ARG_PACK_UBOOT}${ARG_PACK_BOOT}" == "yy" ]; then 511*ae33e311SJoseph Chen fit_vboot 512*ae33e311SJoseph Chenelif [ "${ARG_PACK_UBOOT}" == "y" ]; then 513*ae33e311SJoseph Chen fit_vboot_uboot 514*ae33e311SJoseph Chenelif [ "${ARG_PACK_BOOT}" == "y" ]; then 515*ae33e311SJoseph Chen fit_vboot_boot 516*ae33e311SJoseph Chenfi 517*ae33e311SJoseph Chen 518