xref: /rk3399_rockchip-uboot/scripts/fit.sh (revision b800cd5a0c3f6f9602c5e4cee5cdcabc60025200) 
1ae33e311SJoseph Chen#!/bin/bash
2ae33e311SJoseph Chen#
3ae33e311SJoseph Chen# Copyright (c) 2020 Fuzhou Rockchip Electronics Co., Ltd
4ae33e311SJoseph Chen#
5ae33e311SJoseph Chen# SPDX-License-Identifier: GPL-2.0
6ae33e311SJoseph Chen#
7ae33e311SJoseph Chenset -e
8ae33e311SJoseph Chen
9ae33e311SJoseph ChenFIT_DIR="fit"
10ae33e311SJoseph ChenIMG_UBOOT="uboot.img"
11ae33e311SJoseph ChenIMG_BOOT="boot.img"
12ae33e311SJoseph ChenITB_UBOOT="${FIT_DIR}/uboot.itb"
13ae33e311SJoseph ChenITB_BOOT="${FIT_DIR}/boot.itb"
14ae33e311SJoseph ChenSIG_BIN="data2sign.bin"
15ae33e311SJoseph ChenSIG_UBOOT="${FIT_DIR}/uboot.data2sign"
16ae33e311SJoseph ChenSIG_BOOT="${FIT_DIR}/boot.data2sign"
17ae33e311SJoseph Chen# offs
1833e46123SJoseph ChenOFFS_NS_UBOOT="0xc00"
19ae33e311SJoseph ChenOFFS_S_UBOOT="0xc00"
20ae33e311SJoseph ChenOFFS_NS_BOOT="0x800"
21ae33e311SJoseph ChenOFFS_S_BOOT="0xc00"
22ae33e311SJoseph Chen# file
23ae33e311SJoseph ChenCHIP_FILE="arch/arm/lib/.asm-offsets.s.cmd"
24ae33e311SJoseph Chen# placeholder address
25ae33e311SJoseph ChenFDT_ADDR_PLACEHOLDER="0xffffff00"
26ae33e311SJoseph ChenKERNEL_ADDR_PLACEHOLDER="0xffffff01"
27ae33e311SJoseph ChenRAMDISK_ADDR_PLACEHOLDER="0xffffff02"
28ae33e311SJoseph Chen# tools
29ae33e311SJoseph ChenMKIMAGE="./tools/mkimage"
30ae33e311SJoseph ChenFIT_UNPACK="./scripts/fit-unpack.sh"
31ae33e311SJoseph ChenCHECK_SIGN="./tools/fit_check_sign"
32ae33e311SJoseph Chen# key
33ae33e311SJoseph ChenKEY_DIR="keys/"
34ae33e311SJoseph ChenRSA_PRI_KEY="keys/dev.key"
35ae33e311SJoseph ChenRSA_PUB_KEY="keys/dev.crt"
36ae33e311SJoseph ChenSIGNATURE_KEY_NODE="/signature/key-dev"
37ae33e311SJoseph ChenSPL_DTB="spl/u-boot-spl.dtb"
38ae33e311SJoseph ChenUBOOT_DTB="u-boot.dtb"
39ae33e311SJoseph Chen# its
40ae33e311SJoseph ChenITS_UBOOT="u-boot.its"
41ae33e311SJoseph ChenITS_BOOT="boot.its"
42ae33e311SJoseph ChenARG_VER_UBOOT="0"
43ae33e311SJoseph ChenARG_VER_BOOT="0"
44ae33e311SJoseph Chen
45ae33e311SJoseph Chenfunction help()
46ae33e311SJoseph Chen{
47ae33e311SJoseph Chen	echo
48ae33e311SJoseph Chen	echo "usage:"
49ae33e311SJoseph Chen	echo "    $0 [args]"
50ae33e311SJoseph Chen	echo
51ae33e311SJoseph Chen	echo "args:"
52ae33e311SJoseph Chen	echo "    --rollback-index-boot   <decimal integer>"
53ae33e311SJoseph Chen	echo "    --rollback-index-uboot  <decimal integer>"
54ae33e311SJoseph Chen	echo "    --version-uboot         <decimal integer>"
55ae33e311SJoseph Chen	echo "    --version-boot          <decimal integer>"
56ae33e311SJoseph Chen	echo "    --ini-trust"
57ae33e311SJoseph Chen	echo "    --ini-loader"
58ae33e311SJoseph Chen	echo "    --no-check"
59ae33e311SJoseph Chen	echo "    --spl-new"
60ae33e311SJoseph Chen	echo "    --boot_img"
612d11b868SJoseph Chen	echo "    --args"
62ae33e311SJoseph Chen	echo
63ae33e311SJoseph Chen}
64ae33e311SJoseph Chen
65ae33e311SJoseph Chenfunction arg_check_decimal()
66ae33e311SJoseph Chen{
67ae33e311SJoseph Chen	if [ -z $1 ]; then
68ae33e311SJoseph Chen		help
69ae33e311SJoseph Chen		exit 1
70ae33e311SJoseph Chen	fi
71ae33e311SJoseph Chen
72ae33e311SJoseph Chen	decimal=`echo $1 |sed 's/[0-9]//g'`
73ae33e311SJoseph Chen	if [ ! -z ${decimal} ]; then
74ae33e311SJoseph Chen		echo "ERROR: $1 is not decimal integer"
75ae33e311SJoseph Chen		help
76ae33e311SJoseph Chen		exit 1
77ae33e311SJoseph Chen	fi
78ae33e311SJoseph Chen}
79ae33e311SJoseph Chen
80ae33e311SJoseph Chenfunction check_its()
81ae33e311SJoseph Chen{
82ae33e311SJoseph Chen	cat $1 | while read line
83ae33e311SJoseph Chen	do
84ae33e311SJoseph Chen		file=`echo ${line} | sed -n "/incbin/p" | awk -F '"' '{ printf $2 }' | tr -d ' '`
85ae33e311SJoseph Chen		if [ ! -f ${file} ]; then
86ae33e311SJoseph Chen			echo "ERROR: No ${file}"
87ae33e311SJoseph Chen			exit 1
88ae33e311SJoseph Chen		fi
89ae33e311SJoseph Chen	done
90ae33e311SJoseph Chen}
91ae33e311SJoseph Chen
92ae33e311SJoseph Chenfunction validate_arg()
93ae33e311SJoseph Chen{
94ae33e311SJoseph Chen	case $1 in
9514aa40ffSJoseph Chen		--no-check|--spl-new|--burn-key-hash)
96ae33e311SJoseph Chen			shift=1
97ae33e311SJoseph Chen			;;
98ae33e311SJoseph Chen		--ini-trust|--ini-loader|--rollback-index-boot|--rollback-index-uboot|--boot_img|--version-uboot|--version-boot)
99ae33e311SJoseph Chen			shift=2
100ae33e311SJoseph Chen			;;
101ae33e311SJoseph Chen		*)
102ae33e311SJoseph Chen			shift=0
103ae33e311SJoseph Chen			;;
104ae33e311SJoseph Chen	esac
105ae33e311SJoseph Chen	echo ${shift}
106ae33e311SJoseph Chen}
107ae33e311SJoseph Chen
108ae33e311SJoseph Chenfunction fit_process_args()
109ae33e311SJoseph Chen{
110ae33e311SJoseph Chen	if [ $# -eq 0 ]; then
111ae33e311SJoseph Chen		help
112ae33e311SJoseph Chen		exit 0
113ae33e311SJoseph Chen	fi
114ae33e311SJoseph Chen
115ae33e311SJoseph Chen	while [ $# -gt 0 ]; do
116ae33e311SJoseph Chen		case $1 in
1172d11b868SJoseph Chen			--args)
118ae33e311SJoseph Chen				ARG_VALIDATE=$2
119ae33e311SJoseph Chen				shift 2
120ae33e311SJoseph Chen				;;
1212d11b868SJoseph Chen			--boot_img)     # boot.img
1222d11b868SJoseph Chen				ARG_BOOT_IMG=$2
1232d11b868SJoseph Chen				shift 2
124ae33e311SJoseph Chen				;;
1252d11b868SJoseph Chen			--boot_img_dir) # boot.img components directory
1262d11b868SJoseph Chen				ARG_BOOT_IMG_DIR=$2
1272d11b868SJoseph Chen				shift 2
128ae33e311SJoseph Chen				;;
129ae33e311SJoseph Chen			--no-check)     # No hostcc fit signature check
130ae33e311SJoseph Chen				ARG_NO_CHECK="y"
131ae33e311SJoseph Chen				shift 1
132ae33e311SJoseph Chen				;;
133ae33e311SJoseph Chen			--ini-trust)    # Assign trust ini file
134ae33e311SJoseph Chen				ARG_INI_TRUST=$2
135ae33e311SJoseph Chen				shift 2
136ae33e311SJoseph Chen				;;
137ae33e311SJoseph Chen			--ini-loader)   # Assign loader ini file
138ae33e311SJoseph Chen				ARG_INI_LOADER=$2
139ae33e311SJoseph Chen				shift 2
140ae33e311SJoseph Chen				;;
141ae33e311SJoseph Chen			--spl-new)      # Use current build u-boot-spl.bin to pack loader
142ae33e311SJoseph Chen				ARG_SPL_NEW="y"
143ae33e311SJoseph Chen				shift 1
144ae33e311SJoseph Chen				;;
145ae33e311SJoseph Chen			--rollback-index-boot)
146ae33e311SJoseph Chen				ARG_ROLLBACK_IDX_BOOT=$2
147ae33e311SJoseph Chen				arg_check_decimal $2
148ae33e311SJoseph Chen				shift 2
149ae33e311SJoseph Chen				;;
150ae33e311SJoseph Chen			--rollback-index-uboot)
151ae33e311SJoseph Chen				ARG_ROLLBACK_IDX_UBOOT=$2
152ae33e311SJoseph Chen				arg_check_decimal $2
153ae33e311SJoseph Chen				shift 2
154ae33e311SJoseph Chen				;;
155ae33e311SJoseph Chen			--version-uboot)
156ae33e311SJoseph Chen				ARG_VER_UBOOT=$2
157ae33e311SJoseph Chen				arg_check_decimal $2
158ae33e311SJoseph Chen				shift 2
159ae33e311SJoseph Chen				;;
160ae33e311SJoseph Chen			--version-boot)
161ae33e311SJoseph Chen				ARG_VER_BOOT=$2
162ae33e311SJoseph Chen				arg_check_decimal $2
163ae33e311SJoseph Chen				shift 2
164ae33e311SJoseph Chen				;;
16514aa40ffSJoseph Chen			--burn-key-hash)
16614aa40ffSJoseph Chen				ARG_BURN_KEY_HASH="y"
16714aa40ffSJoseph Chen				shift 1
16814aa40ffSJoseph Chen				;;
169ae33e311SJoseph Chen			*)
170ae33e311SJoseph Chen				help
171ae33e311SJoseph Chen				exit 1
172ae33e311SJoseph Chen				;;
173ae33e311SJoseph Chen		esac
174ae33e311SJoseph Chen	done
1752d11b868SJoseph Chen
1762d11b868SJoseph Chen	if grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
1772d11b868SJoseph Chen		ARG_SIGN="y"
1782d11b868SJoseph Chen	fi
179ae33e311SJoseph Chen}
180ae33e311SJoseph Chen
1812d11b868SJoseph Chenfunction fit_raw_compile()
182ae33e311SJoseph Chen{
183ae33e311SJoseph Chen	# Verified-boot: should rebuild code but don't need to repack images.
1842d11b868SJoseph Chen	if [ "${ARG_SIGN}" == "y" ]; then
1852d11b868SJoseph Chen		./make.sh --raw-compile
186ae33e311SJoseph Chen	fi
1872d11b868SJoseph Chen	rm ${FIT_DIR} -rf && mkdir -p ${FIT_DIR}
188ae33e311SJoseph Chen}
189ae33e311SJoseph Chen
190ae33e311SJoseph Chenfunction fit_gen_uboot_itb()
191ae33e311SJoseph Chen{
192173a9307SJoseph Chen	./make.sh itb ${ARG_INI_TRUST}
193ae33e311SJoseph Chen	check_its ${ITS_UBOOT}
194ae33e311SJoseph Chen
1952d11b868SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
196ae33e311SJoseph Chen		${MKIMAGE} -f ${ITS_UBOOT} -E -p ${OFFS_NS_UBOOT} ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
197ae33e311SJoseph Chen		if [ "${ARG_SPL_NEW}" == "y" ]; then
198ae33e311SJoseph Chen			./make.sh --spl ${ARG_INI_LOADER}
199ae33e311SJoseph Chen			echo "pack loader with new: spl/u-boot-spl.bin"
200ae33e311SJoseph Chen		else
201ae33e311SJoseph Chen			./make.sh loader ${ARG_INI_LOADER}
202ae33e311SJoseph Chen		fi
203ae33e311SJoseph Chen	else
204ae33e311SJoseph Chen		if [ ! -f ${RSA_PRI_KEY} ]; then
205ae33e311SJoseph Chen			echo "ERROR: No ${RSA_PRI_KEY} "
206ae33e311SJoseph Chen			exit 1
207ae33e311SJoseph Chen		elif [ ! -f ${RSA_PUB_KEY} ]; then
208ae33e311SJoseph Chen			echo "ERROR: No ${RSA_PUB_KEY} "
209ae33e311SJoseph Chen			exit 1
210ae33e311SJoseph Chen		fi
211ae33e311SJoseph Chen
212ae33e311SJoseph Chen		if ! grep -q '^CONFIG_SPL_FIT_SIGNATURE=y' .config ; then
213ae33e311SJoseph Chen			echo "ERROR: CONFIG_SPL_FIT_SIGNATURE is disabled"
214ae33e311SJoseph Chen			exit 1
215ae33e311SJoseph Chen		fi
216ae33e311SJoseph Chen
21741290645SJoseph Chen		# rollback-index
218ae33e311SJoseph Chen		if grep -q '^CONFIG_SPL_FIT_ROLLBACK_PROTECT=y' .config ; then
219ae33e311SJoseph Chen			ARG_SPL_ROLLBACK_PROTECT="y"
220ae33e311SJoseph Chen			if [ -z ${ARG_ROLLBACK_IDX_UBOOT} ]; then
221ae33e311SJoseph Chen				echo "ERROR: No arg \"--rollback-index-uboot <n>\""
222ae33e311SJoseph Chen				exit 1
223ae33e311SJoseph Chen			fi
224ae33e311SJoseph Chen		fi
225ae33e311SJoseph Chen
226ae33e311SJoseph Chen		if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
22741290645SJoseph Chen			VERSION=`grep 'rollback-index' ${ITS_UBOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
22841290645SJoseph Chen			sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_UBOOT}>;/g" ${ITS_UBOOT}
229ae33e311SJoseph Chen		fi
230ae33e311SJoseph Chen
231ae33e311SJoseph Chen		# u-boot.dtb must contains rsa key
232ae33e311SJoseph Chen		if ! fdtget -l ${UBOOT_DTB} /signature >/dev/null 2>&1 ; then
233ae33e311SJoseph Chen			${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_S_UBOOT} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
2342d11b868SJoseph Chen			echo "## Adding RSA public key into ${UBOOT_DTB}"
235ae33e311SJoseph Chen		fi
236ae33e311SJoseph Chen
237ae33e311SJoseph Chen		# Pack
238ae33e311SJoseph Chen		${MKIMAGE} -f ${ITS_UBOOT} -k ${KEY_DIR} -K ${SPL_DTB} -E -p ${OFFS_S_UBOOT} -r ${ITB_UBOOT} -v ${ARG_VER_UBOOT}
239ae33e311SJoseph Chen		mv ${SIG_BIN} ${SIG_UBOOT}
240ae33e311SJoseph Chen
2418d853b06SJoseph Chen		# burn-key-hash
2428d853b06SJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
2438d853b06SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash 0x1
2448d853b06SJoseph Chen		fi
245ae33e311SJoseph Chen		# rollback-index read back check
246ae33e311SJoseph Chen		if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
247ae33e311SJoseph Chen			VERSION=`fdtget -ti ${ITB_UBOOT} /configurations/conf rollback-index`
248ae33e311SJoseph Chen			if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_UBOOT}" ]; then
249ae33e311SJoseph Chen				echo "ERROR: Failed to set rollback-index for ${ITB_UBOOT}";
250ae33e311SJoseph Chen				exit 1
251ae33e311SJoseph Chen			fi
252ae33e311SJoseph Chen		fi
253ae33e311SJoseph Chen
25414aa40ffSJoseph Chen		# burn-key-hash read back check
25514aa40ffSJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
2568d853b06SJoseph Chen			if [ "`fdtget -ti ${SPL_DTB} ${SIGNATURE_KEY_NODE} burn-key-hash`" != "1" ]; then
2578d853b06SJoseph Chen				echo "ERROR: Failed to set burn-key-hash for ${SPL_DTB}";
25814aa40ffSJoseph Chen				exit 1
25914aa40ffSJoseph Chen			fi
26014aa40ffSJoseph Chen		fi
26114aa40ffSJoseph Chen
262ae33e311SJoseph Chen		# host check signature
263ae33e311SJoseph Chen		if [ "${ARG_NO_CHECK}" != "y" ]; then
264ae33e311SJoseph Chen			if [ "${ARG_SPL_NEW}" == "y" ]; then
265ae33e311SJoseph Chen				 ${CHECK_SIGN} -f ${ITB_UBOOT} -k ${SPL_DTB} -s
266ae33e311SJoseph Chen			else
267ae33e311SJoseph Chen				spl_file="../rkbin/"`sed -n "/FlashBoot=/s/FlashBoot=//p" ${ARG_INI_LOADER}  |tr -d '\r'`
268ae33e311SJoseph Chen				offs=`fdtdump -s ${spl_file} | head -1 | awk -F ":" '{ print $2 }' | sed "s/ found fdt at offset //g" | tr -d " "`
269ae33e311SJoseph Chen				if [ -z ${offs}  ]; then
270ae33e311SJoseph Chen					echo "ERROR: invalid ${spl_file} , unable to find fdt blob"
271ae33e311SJoseph Chen				fi
272ae33e311SJoseph Chen				offs=`printf %d ${offs} ` # hex -> dec
273ae33e311SJoseph Chen				dd if=${spl_file} of=spl/u-boot-spl-old.dtb bs=${offs} skip=1 >/dev/null 2>&1
274ae33e311SJoseph Chen				${CHECK_SIGN} -f ${ITB_UBOOT} -k spl/u-boot-spl-old.dtb -s
275ae33e311SJoseph Chen			fi
276ae33e311SJoseph Chen		fi
277ae33e311SJoseph Chen
278ae33e311SJoseph Chen		# minimize u-boot-spl.dtb
279ae33e311SJoseph Chen		if grep -q '^CONFIG_SPL_FIT_HW_CRYPTO=y' .config ; then
280ae33e311SJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
281ae33e311SJoseph Chen			if grep -q '^CONFIG_SPL_ROCKCHIP_CRYPTO_V1=y' .config ; then
282*b800cd5aSJoseph Chen				fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
283134814e5SJoseph Chen				fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
284ae33e311SJoseph Chen			else
285*b800cd5aSJoseph Chen				fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
286134814e5SJoseph Chen				fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
287ae33e311SJoseph Chen			fi
288ae33e311SJoseph Chen		else
289*b800cd5aSJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
290*b800cd5aSJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
291*b800cd5aSJoseph Chen			fdtput -tx ${SPL_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
292134814e5SJoseph Chen			fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@c
293134814e5SJoseph Chen			fdtput -r ${SPL_DTB} ${SIGNATURE_KEY_NODE}/hash@np
294ae33e311SJoseph Chen		fi
295ae33e311SJoseph Chen
296ae33e311SJoseph Chen		# repack spl
297ae33e311SJoseph Chen		rm -f *_loader_*.bin
298ae33e311SJoseph Chen		if [ "${ARG_SPL_NEW}" == "y" ]; then
299ae33e311SJoseph Chen			cat spl/u-boot-spl-nodtb.bin > spl/u-boot-spl.bin
300ae33e311SJoseph Chen			if ! grep -q '^CONFIG_SPL_SEPARATE_BSS=y' .config ; then
301ae33e311SJoseph Chen				cat spl/u-boot-spl-pad.bin >> spl/u-boot-spl.bin
302ae33e311SJoseph Chen			fi
303ae33e311SJoseph Chen			cat ${SPL_DTB} >> spl/u-boot-spl.bin
304ae33e311SJoseph Chen
305ae33e311SJoseph Chen			./make.sh --spl ${ARG_INI_LOADER}
3068d853b06SJoseph Chen			echo "## pack loader with new: spl/u-boot-spl.bin"
307ae33e311SJoseph Chen		else
308ae33e311SJoseph Chen			./make.sh loader ${ARG_INI_LOADER}
309ae33e311SJoseph Chen		fi
3108d853b06SJoseph Chen
3118d853b06SJoseph Chen		if [ "${ARG_BURN_KEY_HASH}" == "y" ]; then
3128d853b06SJoseph Chen			echo "## ${SPL_DTB}: burn-key-hash=1"
3138d853b06SJoseph Chen		fi
314ae33e311SJoseph Chen	fi
315ae33e311SJoseph Chen
316ae33e311SJoseph Chen	rm -f u-boot.itb u-boot.img u-boot-dtb.img
317ae33e311SJoseph Chen	mv ${ITS_UBOOT} ${FIT_DIR}
318ae33e311SJoseph Chen}
319ae33e311SJoseph Chen
320ae33e311SJoseph Chenfunction fit_gen_boot_itb()
321ae33e311SJoseph Chen{
3222d11b868SJoseph Chen	if [ ! -z ${ARG_BOOT_IMG} ]; then
3232d11b868SJoseph Chen		${FIT_UNPACK} -f ${ARG_BOOT_IMG} -o ${FIT_DIR}/unpack
324ae33e311SJoseph Chen		ITS_BOOT="${FIT_DIR}/unpack/image.its"
325ae33e311SJoseph Chen	else
326ae33e311SJoseph Chen		compression=`awk -F"," '/COMPRESSION=/  { printf $1 }' ${ARG_INI_TRUST} | tr -d ' ' | cut -c 13-`
327ae33e311SJoseph Chen		if [ -z "${compression}" ]; then
328ae33e311SJoseph Chen			compression="none"
329ae33e311SJoseph Chen		fi
330ae33e311SJoseph Chen		./arch/arm/mach-rockchip/make_fit_boot.sh -c ${compression} > ${ITS_BOOT}
331ae33e311SJoseph Chen		check_its ${ITS_BOOT}
332ae33e311SJoseph Chen	fi
333ae33e311SJoseph Chen
3342d11b868SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
335ae33e311SJoseph Chen		${MKIMAGE} -f ${ITS_BOOT} -E -p ${OFFS_NS_BOOT} ${ITB_BOOT} -v ${ARG_VER_BOOT}
336ae33e311SJoseph Chen	else
337ae33e311SJoseph Chen		if [ ! -f ${RSA_PRI_KEY}  ]; then
338ae33e311SJoseph Chen			echo "ERROR: No ${RSA_PRI_KEY}"
339ae33e311SJoseph Chen			exit 1
340ae33e311SJoseph Chen		elif [ ! -f ${RSA_PUB_KEY}  ]; then
341ae33e311SJoseph Chen			echo "ERROR: No ${RSA_PUB_KEY}"
342ae33e311SJoseph Chen			exit 1
343ae33e311SJoseph Chen		fi
344ae33e311SJoseph Chen
345ae33e311SJoseph Chen		if ! grep -q '^CONFIG_FIT_SIGNATURE=y' .config ; then
346ae33e311SJoseph Chen			echo "ERROR: CONFIG_FIT_SIGNATURE is disabled"
347ae33e311SJoseph Chen			exit 1
348ae33e311SJoseph Chen		fi
349ae33e311SJoseph Chen
350ae33e311SJoseph Chen		if grep -q '^CONFIG_FIT_ROLLBACK_PROTECT=y' .config ; then
351ae33e311SJoseph Chen			ARG_ROLLBACK_PROTECT="y"
352ae33e311SJoseph Chen			if [ -z ${ARG_ROLLBACK_IDX_BOOT} ]; then
353ae33e311SJoseph Chen				echo "ERROR: No arg \"--rollback-index-boot <n>\""
354ae33e311SJoseph Chen				exit 1
355ae33e311SJoseph Chen			fi
356ae33e311SJoseph Chen		fi
357ae33e311SJoseph Chen
358ae33e311SJoseph Chen		# fixup
359ae33e311SJoseph Chen		COMMON_FILE=`sed -n "/_common.h/p" ${CHIP_FILE} | awk '{ print $1 }'`
360ae33e311SJoseph Chen		FDT_ADDR_R=`awk /fdt_addr_r/         ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'`
361ae33e311SJoseph Chen		KERNEL_ADDR_R=`awk /kernel_addr_r/   ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'`
362ae33e311SJoseph Chen		RMADISK_ADDR_R=`awk /ramdisk_addr_r/ ${COMMON_FILE} | awk -F '=' '{ print $2 }' | awk -F '\\' '{ print $1 }'`
363ae33e311SJoseph Chen		sed -i "s/${FDT_ADDR_PLACEHOLDER}/${FDT_ADDR_R}/g"         ${ITS_BOOT}
364ae33e311SJoseph Chen		sed -i "s/${KERNEL_ADDR_PLACEHOLDER}/${KERNEL_ADDR_R}/g"   ${ITS_BOOT}
365ae33e311SJoseph Chen		sed -i "s/${RAMDISK_ADDR_PLACEHOLDER}/${RMADISK_ADDR_R}/g" ${ITS_BOOT}
366ae33e311SJoseph Chen		if grep -q '^CONFIG_ARM64=y' .config ; then
367ae33e311SJoseph Chen			sed -i 's/arch = "arm";/arch = "arm64";/g' ${ITS_BOOT}
368ae33e311SJoseph Chen		fi
369ae33e311SJoseph Chen
370ae33e311SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
37141290645SJoseph Chen			VERSION=`grep 'rollback-index' ${ITS_BOOT} | awk -F '=' '{ printf $2 }' | tr -d ' '`
37241290645SJoseph Chen			sed -i "s/rollback-index = ${VERSION}/rollback-index = <${ARG_ROLLBACK_IDX_BOOT}>;/g" ${ITS_BOOT}
373ae33e311SJoseph Chen		fi
374ae33e311SJoseph Chen
375ae33e311SJoseph Chen		${MKIMAGE} -f ${ITS_BOOT} -k ${KEY_DIR} -K ${UBOOT_DTB} -E -p ${OFFS_S_BOOT} -r ${ITB_BOOT} -v ${ARG_VER_BOOT}
376ae33e311SJoseph Chen		mv ${SIG_BIN} ${SIG_BOOT}
377ae33e311SJoseph Chen
378ae33e311SJoseph Chen		# rollback-index read back check
379ae33e311SJoseph Chen		if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
380ae33e311SJoseph Chen			VERSION=`fdtget -ti ${ITB_BOOT} /configurations/conf rollback-index`
381ae33e311SJoseph Chen			if [ "${VERSION}" != "${ARG_ROLLBACK_IDX_BOOT}" ]; then
382ae33e311SJoseph Chen				echo "ERROR: Failed to set rollback-index for ${ITB_BOOT}";
383ae33e311SJoseph Chen				exit 1
384ae33e311SJoseph Chen			fi
385ae33e311SJoseph Chen		fi
386ae33e311SJoseph Chen
387ae33e311SJoseph Chen		if [ "${ARG_NO_CHECK}" != "y" ]; then
388ae33e311SJoseph Chen			 ${CHECK_SIGN} -f ${ITB_BOOT} -k ${UBOOT_DTB}
389ae33e311SJoseph Chen		fi
390ae33e311SJoseph Chen
391ae33e311SJoseph Chen		# minimize u-boot.dtb
392ae33e311SJoseph Chen		if grep -q '^CONFIG_FIT_HW_CRYPTO=y' .config ; then
393ae33e311SJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,r-squared 0x0
394ae33e311SJoseph Chen			if grep -q '^CONFIG_ROCKCHIP_CRYPTO_V1=y' .config ; then
395*b800cd5aSJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
396ae33e311SJoseph Chen			else
397*b800cd5aSJoseph Chen				fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
398ae33e311SJoseph Chen			fi
399ae33e311SJoseph Chen		else
400*b800cd5aSJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,c 0x0
401*b800cd5aSJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,np 0x0
402*b800cd5aSJoseph Chen			fdtput -tx ${UBOOT_DTB} ${SIGNATURE_KEY_NODE} rsa,exponent-BN 0x0
403ae33e311SJoseph Chen		fi
404134814e5SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@c
405134814e5SJoseph Chen		fdtput -r ${UBOOT_DTB} ${SIGNATURE_KEY_NODE}/hash@np
406ae33e311SJoseph Chen	fi
407ae33e311SJoseph Chen
408ae33e311SJoseph Chen	mv ${ITS_BOOT} ${FIT_DIR}
409ae33e311SJoseph Chen}
410ae33e311SJoseph Chen
411ae33e311SJoseph Chenfunction fit_gen_uboot_img()
412ae33e311SJoseph Chen{
413ae33e311SJoseph Chen	ITB=$1
414ae33e311SJoseph Chen
415ae33e311SJoseph Chen	if [ -z ${ITB} ]; then
416ae33e311SJoseph Chen		ITB=${ITB_UBOOT}
417ae33e311SJoseph Chen	fi
418ae33e311SJoseph Chen
419ae33e311SJoseph Chen	ITB_MAX_NUM=`sed -n "/SPL_FIT_IMAGE_MULTIPLE/p" .config | awk -F "=" '{ print $2 }'`
420ae33e311SJoseph Chen	ITB_MAX_KB=`sed  -n "/SPL_FIT_IMAGE_KB/p" .config | awk -F "=" '{ print $2 }'`
421ae33e311SJoseph Chen	ITB_MAX_BS=$((ITB_MAX_KB*1024))
422ae33e311SJoseph Chen	ITB_BS=`ls -l ${ITB} | awk '{ print $5 }'`
423ae33e311SJoseph Chen
424ae33e311SJoseph Chen	if [ ${ITB_BS} -gt ${ITB_MAX_BS} ]; then
425ae33e311SJoseph Chen		echo "ERROR: pack ${IMG_UBOOT} failed! ${ITB} actual: ${ITB_BS} bytes, max limit: ${ITB_MAX_BS} bytes"
426ae33e311SJoseph Chen		exit 1
427ae33e311SJoseph Chen	fi
428ae33e311SJoseph Chen
429ae33e311SJoseph Chen	rm -f ${IMG_UBOOT}
430ae33e311SJoseph Chen	for ((i = 0; i < ${ITB_MAX_NUM}; i++));
431ae33e311SJoseph Chen	do
432ae33e311SJoseph Chen		cat ${ITB} >> ${IMG_UBOOT}
433ae33e311SJoseph Chen		truncate -s %${ITB_MAX_KB}K ${IMG_UBOOT}
434ae33e311SJoseph Chen	done
435ae33e311SJoseph Chen}
436ae33e311SJoseph Chen
437ae33e311SJoseph Chenfunction fit_gen_boot_img()
438ae33e311SJoseph Chen{
439ae33e311SJoseph Chen	ITB=$1
440ae33e311SJoseph Chen
441ae33e311SJoseph Chen	if [ -z ${ITB} ]; then
442ae33e311SJoseph Chen		ITB=${ITB_BOOT}
443ae33e311SJoseph Chen	fi
444ae33e311SJoseph Chen
445ae33e311SJoseph Chen	if [ "${ITB}" != "${IMG_BOOT}" ]; then
446ae33e311SJoseph Chen		cp ${ITB} ${IMG_BOOT} -f
447ae33e311SJoseph Chen	fi
448ae33e311SJoseph Chen}
449ae33e311SJoseph Chen
450ae33e311SJoseph Chenfunction fit_msg_uboot()
451ae33e311SJoseph Chen{
4522d11b868SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
453ae33e311SJoseph Chen		MSG_SIGN="no-signed"
454ae33e311SJoseph Chen	else
455ae33e311SJoseph Chen		MSG_SIGN="signed"
456ae33e311SJoseph Chen	fi
457ae33e311SJoseph Chen
458ae33e311SJoseph Chen	VERSION=`fdtget -ti ${ITB_UBOOT} / version`
459ae33e311SJoseph Chen	if [ "${VERSION}" != "" ]; then
460ae33e311SJoseph Chen		MSG_VER=", version=${VERSION}"
461ae33e311SJoseph Chen	fi
462ae33e311SJoseph Chen
463ae33e311SJoseph Chen	if [ "${ARG_SPL_ROLLBACK_PROTECT}" == "y" ]; then
464ae33e311SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_UBOOT}):  ${IMG_UBOOT} (with uboot, trust...) is ready"
465ae33e311SJoseph Chen	else
466ae33e311SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}):  ${IMG_UBOOT} (FIT with uboot, trust...) is ready"
467ae33e311SJoseph Chen	fi
468ae33e311SJoseph Chen}
469ae33e311SJoseph Chen
470ae33e311SJoseph Chenfunction fit_msg_boot()
471ae33e311SJoseph Chen{
4722d11b868SJoseph Chen	if [ "${ARG_SIGN}" != "y" ]; then
473ae33e311SJoseph Chen		MSG_SIGN="no-signed"
474ae33e311SJoseph Chen	else
475ae33e311SJoseph Chen		MSG_SIGN="signed"
476ae33e311SJoseph Chen	fi
477ae33e311SJoseph Chen
478ae33e311SJoseph Chen	VERSION=`fdtget -ti ${ITB_BOOT} / version`
479ae33e311SJoseph Chen	if [ "${VERSION}" != "" ]; then
480ae33e311SJoseph Chen		MSG_VER=", version=${VERSION}"
481ae33e311SJoseph Chen	fi
482ae33e311SJoseph Chen
483ae33e311SJoseph Chen	if [ "${ARG_ROLLBACK_PROTECT}" == "y" ]; then
484ae33e311SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}, rollback-index=${ARG_ROLLBACK_IDX_BOOT}):  ${IMG_BOOT} is ready"
485ae33e311SJoseph Chen	else
486ae33e311SJoseph Chen		echo "Image(${MSG_SIGN}${MSG_VER}):  ${IMG_BOOT} (FIT with kernel, fdt, resource...) is ready"
487ae33e311SJoseph Chen	fi
488ae33e311SJoseph Chen}
489ae33e311SJoseph Chen
490ae33e311SJoseph Chenfunction fit_msg_loader()
491ae33e311SJoseph Chen{
492ae33e311SJoseph Chen	LOADER=`ls *loader*.bin`
493ae33e311SJoseph Chen	echo "Image(no-signed):  ${LOADER} (with spl, ddr, usbplug) is ready"
494ae33e311SJoseph Chen}
495ae33e311SJoseph Chen
4962d11b868SJoseph Chenfunction fit_generate_uboot()
497ae33e311SJoseph Chen{
4982d11b868SJoseph Chen	fit_raw_compile
499ae33e311SJoseph Chen	fit_gen_uboot_itb
500ae33e311SJoseph Chen	fit_gen_uboot_img
501ae33e311SJoseph Chen	echo
502ae33e311SJoseph Chen	fit_msg_uboot
503ae33e311SJoseph Chen}
504ae33e311SJoseph Chen
5052d11b868SJoseph Chenfunction fit_generate_uboot_boot()
506ae33e311SJoseph Chen{
5072d11b868SJoseph Chen	fit_raw_compile
508ae33e311SJoseph Chen	fit_gen_boot_itb
509ae33e311SJoseph Chen	fit_gen_boot_img
510ae33e311SJoseph Chen	fit_gen_uboot_itb
511ae33e311SJoseph Chen	fit_gen_uboot_img
512ae33e311SJoseph Chen	echo
513ae33e311SJoseph Chen
514ae33e311SJoseph Chen	fit_msg_uboot
515ae33e311SJoseph Chen	fit_msg_boot
516ae33e311SJoseph Chen	fit_msg_loader
517ae33e311SJoseph Chen	echo
518ae33e311SJoseph Chen}
519ae33e311SJoseph Chen
520ae33e311SJoseph Chenfit_process_args $*
521ae33e311SJoseph Chenif [ ! -z "${ARG_VALIDATE}" ]; then
522ae33e311SJoseph Chen	validate_arg ${ARG_VALIDATE}
523d6babb00SJoseph Chenelif [ ! -z "${ARG_BOOT_IMG}" -o ! -z "${ARG_BOOT_IMG_DIR}" ]; then
5242d11b868SJoseph Chen	fit_generate_uboot_boot
5252d11b868SJoseph Chenelse
5262d11b868SJoseph Chen	fit_generate_uboot
527ae33e311SJoseph Chenfi
528ae33e311SJoseph Chen
529