diff options
author | Jimmy Zhang <jimmzhang@nvidia.com> | 2016-04-11 12:18:08 -0700 |
---|---|---|
committer | Stephen Warren <swarren@nvidia.com> | 2016-04-12 11:59:42 -0600 |
commit | ea1e03d546f5a672862e15c6bc1880e1f2f04db0 (patch) | |
tree | ba08fece55e6fd5c5c6a619094bd8c20263727cc | |
parent | efe19b2eb9db7bb3ba913f0af7d5ececb173fe82 (diff) | |
download | nvidia-cbootimage-ea1e03d546f5a672862e15c6bc1880e1f2f04db0.tar.gz |
sign.sh: Add more features
1. Use parameter <soc> to specify boot image type. ie, tegra124, tegra210.
Previouly sign.sh can only sign for tegra210 boot image.
2. Automatically generate signed bct, ie, tegra124.bct, tegra210.bct.
A signed bct is needed when flashing target.
Command syntax:
$ ./sign.sh <soc> <bootimage> <rsa_key>
Example:
$ ./sign.sh tegra124 t124.img rsa_priv.pem
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
-rwxr-xr-x | samples/sign.sh | 68 |
1 files changed, 59 insertions, 9 deletions
diff --git a/samples/sign.sh b/samples/sign.sh index 2edd126..c9d237d 100755 --- a/samples/sign.sh +++ b/samples/sign.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2015, NVIDIA CORPORATION. All rights reserved. +# Copyright (c) 2015-2016, NVIDIA CORPORATION. All rights reserved. # # This program is free software; you can redistribute it and/or modify it # under the terms and conditions of the GNU General Public License, @@ -17,9 +17,49 @@ # See file CREDITS for list of people who contributed to this # project. # + +Usage () +{ + cat << EOF +Usage: ./sign.sh <soc> <boot_image> <rsa_priv_key> + Where, + soc: tegra124, tegra210 + boot_image: image generated by cbootimage, + priv_key: rsa key file in .pem format. +EOF + exit 1; +} + set -e -IMAGE_FILE=$1 -KEY_FILE=$2 + +soc=$1 # tegra124, tegra210 +if [[ "${soc}" = tegra124 ]]; then + bl_block_offset=16384; # emmc: 16384, spi_flash: 32768: default: emmc + bct_signed_offset=1712; + bct_signed_length=6480; +elif [[ "${soc}" = tegra210 ]]; then + bl_block_offset=32768; # emmc: 16384, spi_flash: 32768: default: spi + bct_signed_offset=1296; + bct_signed_length=8944; +else + echo "Error: Invalid target device: soc = $soc"; + Usage; +fi; +bct_length=$(($bct_signed_offset + $bct_signed_length)); + +# more error check +if [ $# -lt 3 ]; then + echo "Error: Missing parameter(s)"; + Usage; +fi; + +# +# In case to add more parameters in the future, we keep the last two as +# IMAGE_FILE and KEY_FILE +# +argv=($@); +IMAGE_FILE=${argv[$#-2]}; +KEY_FILE=${argv[$#-1]}; TARGET_IMAGE=$IMAGE_FILE CONFIG_FILE=config.tmp @@ -33,15 +73,15 @@ MV=mv XXD=xxd CUT=cut -echo "Get rid of all temporary files: *.sig, *.tosig, *.tmp *.mod" -$RM -f *.sig *.tosig *.tmp *.mod +echo "Sign ${soc} ${IMAGE_FILE} with key ${KEY_FILE}" echo "Get bl length " BL_LENGTH=`$BCT_DUMP $IMAGE_FILE | grep "Bootloader\[0\].Length"\ | awk -F ' ' '{print $4}' | awk -F ';' '{print $1}'` echo "Extract bootloader to $IMAGE_FILE.bl.tosig, length $BL_LENGTH" -$DD bs=1 skip=32768 if=$IMAGE_FILE of=$IMAGE_FILE.bl.tosig count=$BL_LENGTH +$DD bs=1 skip=${bl_block_offset} if=$IMAGE_FILE of=$IMAGE_FILE.bl.tosig \ + count=$BL_LENGTH echo "Calculate rsa signature for bootloader and save to $IMAGE_FILE.bl.sig" $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ @@ -50,10 +90,11 @@ $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ echo "Update bootloader's rsa signature, aes hash and bct's aes hash" echo "RsaPssSigBlFile = $IMAGE_FILE.bl.sig;" > $CONFIG_FILE echo "RehashBl;" >> $CONFIG_FILE -$CBOOTIMAGE -s tegra210 -u $CONFIG_FILE $IMAGE_FILE $IMAGE_FILE.tmp +$CBOOTIMAGE -s ${soc} -u $CONFIG_FILE $IMAGE_FILE $IMAGE_FILE.tmp echo "Extract the part of bct which needs to be rsa signed" -$DD bs=1 if=$IMAGE_FILE.tmp of=$IMAGE_FILE.bct.tosig count=8944 skip=1296 +$DD bs=1 if=$IMAGE_FILE.tmp of=$IMAGE_FILE.bct.tosig skip=${bct_signed_offset} \ + count=${bct_signed_length} echo "Calculate rsa signature for bct and save to $IMAGE_FILE.bct.sig" $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ @@ -70,4 +111,13 @@ $XXD -r -p -l 256 $KEY_FILE.mod.tmp $KEY_FILE.mod.bin echo "Update bct's rsa signature and modulus" echo "RsaPssSigBctFile = $IMAGE_FILE.bct.sig;" > $CONFIG_FILE echo "RsaKeyModulusFile = $KEY_FILE.mod.bin;" >> $CONFIG_FILE -$CBOOTIMAGE -s tegra210 -u $CONFIG_FILE $IMAGE_FILE.tmp $TARGET_IMAGE +echo "" +$CBOOTIMAGE -s ${soc} -u $CONFIG_FILE $IMAGE_FILE.tmp $TARGET_IMAGE + +echo "" +$DD bs=1 if=$TARGET_IMAGE of=${soc}.bct count=${bct_length} +echo "" +echo "Signed bct ${soc}.bct has been successfully generated!"; + +#echo "Get rid of all temporary files: *.sig, *.tosig, *.tmp, *.mod, *.mod.bin" +$RM -f *.sig *.tosig *.tmp *.mod *.mod.bin |