[Feature]add MT2731_MP2_MR2_SVN388 baseline version
Change-Id: Ief04314834b31e27effab435d3ca8ba33b499059
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/dev_info/dtb-transfer-array.py b/meta/meta-mediatek/recipes-bsp/bl33/files/dev_info/dtb-transfer-array.py
new file mode 100644
index 0000000..c6b3583
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/dev_info/dtb-transfer-array.py
@@ -0,0 +1,41 @@
+import os
+import sys
+
+def read_dtb(filename, raw_data):
+ fin = open(filename, 'rb')
+ fin.seek(0, 0)
+ while True:
+ t_byte = fin.read(1)
+ if len(t_byte) == 0:
+ break
+ else :
+ raw_data.append("0x%.2X" % ord(t_byte))
+
+def write_blob_head_file(filename, raw_data, length):
+ fout = open(filename, 'w+')
+ fout.write('#define CHECK_RSA 1 \n')
+ fout.write('#define CHECK_HASH 1 \n')
+ fout.write('const unsigned char blob[] __attribute__((aligned(4))) = \n')
+ fout.write('{\n ')
+
+ i = 0
+ for data in raw_data:
+ i += 1
+ if i != length:
+ fout.write(data + ', ')
+ else:
+ fout.write(data)
+ if i % 16 == 0:
+ fout.write('\n ')
+ if i == length:
+ break;
+ fout.write('\n};')
+ fout.close()
+
+if __name__ == "__main__":
+ raw_data = []
+ in_path = str(sys.argv[1]);
+ out_path = str(sys.argv[2]);
+ length = int(sys.argv[3],16);
+ read_dtb(in_path, raw_data)
+ write_blob_head_file(out_path, raw_data, length)
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage b/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage
new file mode 100644
index 0000000..036ed1b
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/dummy_img/fitImage
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/fit-lk/extract_region b/meta/meta-mediatek/recipes-bsp/bl33/files/fit-lk/extract_region
new file mode 100755
index 0000000..261ba30
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/fit-lk/extract_region
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/key/lk_key.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/key/lk_key.ini
new file mode 100755
index 0000000..d6d089a
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/key/lk_key.ini
@@ -0,0 +1,4 @@
+[KEY]
+sw_ver = "1"
+rootkey = "root_prvk.pem"
+ac_key = "0x112233445566778899aabbccddeeff"
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/key/root_prvk.pem b/meta/meta-mediatek/recipes-bsp/bl33/files/key/root_prvk.pem
new file mode 100644
index 0000000..fd987a3
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/key/root_prvk.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0mlxI+3vrVlX8wH23CeTPDIH3c4DhEQNIGQltziYX7DOAHyf
+t/5s9TXAOmqIY0cyrQsjw837aiN3QGXONeQorP4+G5wlzWESJeJyAGlZ11hSijVp
+QQFwCT+++k4L8SEoMIgJUMNVd9pESqCYf08nhJXc/qgn++YiG8tMvHz9IA/Ef4OK
+XNj/+1+XyrtYRgYpfOwsoCgbe01NEpV3vM61fW0g3EtCQXW7MOD5VIWMkvTt+ob4
+qTF5/HpRlIJ5nth/8ZktkCx51Lu6yhQ1fw3KKPZ7A3ZmBtxSJ8I1xe1v/yWN+eD9
+Z9l7ZTkFVe8Avej6NnudkH1f6uTNmEETXOXHWwIDAQABAoIBAAdKjhgfo6GPKgQK
+umIwoOKCHVGrVOXdcdMAhWoO9QDD4K+Vofc/QslQfoPHs0g1bGUgsLGVTrQD3JsH
+rBij+mDcQoy0YX73cSiM60RmYi2bKukNJsOQ6C/53IVR9Qn7Cyh7Xk9FJY4Mqzcm
+z4IB3S2z/793VkNdWys5ZURW1HKq6R7s5Z937wlinPdJhwi7kI148NFnHFO793+z
+MGRC4n45CP13dHG3jktc46UYksP3sQ4CFcjFhKS6BPKDsyjmbCx1HUYjjcaLTy2d
+CJhYDlEvvkjU6CmQfe+cFpKYXnW5zZTwwx1uUDFiWOgSZupaieWZtyPCX7hqQ4ea
+Q6u7RxkCgYEA6+WjIwTB+D3PKP1x82RY2BMpWQRxHuVJs7T0H4zA+IicfJYc/+Sh
+0Esqzfj9ak/sEuNR1fIj4XCKODEVL3/n+qjBz8lbsNDjUrjG8jv3TiGkeaOeOyFR
+8jv0cvedzFk+1lQElFwSHrWAOfeoZRMHOoxK1MNkELjo2wFa67o6rxcCgYEA5FfR
+PJRyu2OmCVwqzycMbSOz6gB/5O5bnI9DxZf0oMNE1n5ElsZWynEFE5L33E+bvB/8
+AdC4cPPL1pg46KiDDkJ/BQhw+mC4wwvBHwjZFlKdQMYtgGb9ErFL4WPnllXy+ETD
+8U9Az1zOvj6thy3RYA7JGyZus4t9ecM5M+xItF0CgYBm+u7G4NLUzhbbrBjMyifG
+3EaWp8vCUxJjs0FHbKjpVqoJ8XZjd6n0Rnw/Qs1OVemXLUmSfoyPZBPTCApZnBrn
+YDiLvzmZ7PbwK94d7XO+1gz5VSZEZf1iJC5I6jQm+2blJfSB19fJNC7wH1+SEEZ9
+lrUsQMg0TKTKxsKsWbY4rQKBgEjP//aTV6qNcgqWC0iXKQ08T0iU9DNqFmhr/q5p
+cCY7Xh4PkYuKn25ab8X4HXVxJTXt9QwXJFlQRHWfgLYf1fqcFajjMjOE2CXJ/8EH
+r0HBAkf/ac8CCD0HsCylENoNejbUpq6yGPaGn55mmir630MEM/imXrJ+DnrfV8RI
+2j45AoGBAN/fhfcjGu5ix88+T9sEmV1lfoHyETQIZD4r5c9NufMXPcztE33XTqjI
+DpBfOCVQ8ZNuHuScQdQC55K8XT7wR9sQRhNvRua1K0IsfcL73ghCJin9i0yxMEzp
+s00NbHgvb2kfhxCC8eyoiCmpRk9A9xg2V22hx7Hkcwv+A62e9tN4
+-----END RSA PRIVATE KEY-----
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/lk.dts b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/lk.dts
new file mode 100644
index 0000000..7b1b06f
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/lk.dts
@@ -0,0 +1,12 @@
+/dts-v1/;
+/ {
+ model = "Keys";
+ compatible = "mediatek,auto2701evb2-ivi";
+ signature {
+ key-dev {
+ required = "conf";
+ algo = "sha256,rsa2048";
+ key-name-hint = "dev";
+ };
+ };
+};
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/tmp_blob.txt b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/tmp_blob.txt
new file mode 100644
index 0000000..744dd90
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/lk_dts/tmp_blob.txt
@@ -0,0 +1,7 @@
+#define CHECK_RSA 0
+#define CHECK_HASH 0
+
+const unsigned char blob[] __attribute__((aligned(4))) =
+{
+0
+};
\ No newline at end of file
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/hsm.py b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/hsm.py
new file mode 100755
index 0000000..be8d484
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/hsm.py
@@ -0,0 +1,78 @@
+import filecmp
+import os
+
+g_key_table = None
+
+class hsm_param:
+ def __init__(self):
+ #you can add parameter required by your HSM here
+ self.m_ref_key_path = ""
+ self.m_key_id = 0
+ self.m_attr1 = 0
+ self.m_attr2 = 0
+ self.m_padding_dict = {"raw": 0, "pss": 1}
+ self.m_padding = 0 #default: raw
+
+def create_key_table():
+ global g_key_table
+ if None == g_key_table:
+ #create key table
+ #here is reference design, please customize
+ #this part according to your HSM spec.
+ script_folder, script_name = os.path.split(os.path.realpath(__file__))
+ key_folder = os.path.join(script_folder, "keys")
+ key_folder = os.path.join(key_folder, "hsm")
+ g_key_table = list()
+ #key1 parameter
+ key1_param = hsm_param()
+ key1_param.m_ref_key_path = os.path.join(key_folder, 'pubk1.pem')
+ key1_param.m_key_id = 0
+ key1_param.m_attr1 = 1
+ key1_param.m_attr2 = 1
+ g_key_table.append(key1_param)
+ #key2 parameter
+ key2_param = hsm_param()
+ key2_param.m_ref_key_path = os.path.join(key_folder, 'pubk2.pem')
+ key2_param.m_key_id = 1
+ key2_param.m_attr1 = 2
+ key2_param.m_attr2 = 2
+ g_key_table.append(key2_param)
+ return
+
+def query_key_table(key):
+ global g_key_table
+ create_key_table()
+ for key_table_entry in g_key_table:
+ if filecmp.cmp(key, key_table_entry.m_ref_key_path):
+ print "key index: " + hex(key_table_entry.m_key_id)
+ return key_table_entry
+ print "no valid key entry found in table"
+ return None
+
+def hsm_rsa_sign(data, key, padding, sig):
+ hsm_param_obj = None
+
+ #note that key is pubk actually, use it as index for
+ #HSM parameters such as key selection
+ hsm_param_obj = query_key_table(key)
+ if None == hsm_param_obj:
+ return -1
+ hsm_param_obj.m_padding = hsm_param_obj.m_padding_dict[padding]
+
+ print "========================"
+ print "HSM parameter:"
+ print " m_key_id = " + hex(hsm_param_obj.m_key_id)
+ print " m_padding = " + hex(hsm_param_obj.m_padding)
+ print " m_attr1 = " + hex(hsm_param_obj.m_attr1)
+ print " m_attr2 = " + hex(hsm_param_obj.m_attr2)
+ print "========================"
+
+ #place hsm request here -- start
+ #create dummy sig for now
+ sig_file = open(sig, 'wb')
+ for i in range(0, 256):
+ sig_file.write(chr(0))
+ sig_file.close()
+ #place hsm request here -- end
+ return 0
+
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/sctrlcert/root_prvk.pem b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/sctrlcert/root_prvk.pem
new file mode 100644
index 0000000..715ecca
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/sctrlcert/root_prvk.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0WQDRmxTDvm7U8HoqWphpOMy4X3A9Vu0bSB6wwW66TVOqsLL
+MHezN0DSdQNrgi2yaCAN4X2j23JmsnaGuJcLhXNwUPCE+NV2kE50zWxTsx8LsM1g
+aGv2fGDaDsIPVj7qcVzr2/dtHFwQ6YKrKVXYM95VPJza/X6iOIwCgjz+fdmsg/oq
+jrBoWr2rVqkt8aeAXorAvRDA89yxdwqea7w0GMX4Ski3yyMWssj2SXLzkbEWpYyT
+lanOnnQ1aaNnCG13cdOf7I67uj3StRl4Wnap9YnTbWN6+IRUP9ZbrHW+gjwMUKoW
+1YGHuXIjYlxUxmtaXk266re+iaTjQKLiQbCbLwIDAQABAoIBAAmXZTcCm0NiWRxb
+E4c/Ij3lUl1V31Ld4oPlKvpn9snb8UCNL7WGpiTvyTQm9fO+mB+A6GHd2XWh5eZi
+24T1FkgEo65xdgXX8Vhm357RSXw4/dYZckMWPvIvlY17gixXMXID6aHn0Y2tAfFQ
+VPrNvduSYaEnJjjaZh/k+fBxTs8A5lQcxDWvsf11on00sXrUAOlHS6hQ2vziZnmc
+r/MqBY/3Hkwtqsr4unCenKTch1hKf/6KqaChYO0GnDlwt9rjmH3tcb0LyCQ1aYe9
+dDY9RmgscZE8PtvbKpEfcB8jruP43ZgYC1oTj9WtdHQ2gtLS0bs9knhnECSPMW3Y
+ORF46oECgYEA8qz+H+tuqxCKAA1p6EXmegpEcqhkwapviqgMZMQAejfW//bf8LYd
+9CsyTtWER1uxJ+PjvhW/K0NYXn+tbWzrsW1UK/AaYwvaB9+JsjU07aZh9kmADZJi
+3KkPsKp4Unqlno59XkLm3XE9REoHursnIkiuzHZnqh/+50ck+GJGQQ8CgYEA3OMr
+xNfLkuTs5NyBDBCYSOf0s2wfLgpfu4eaUYuYMGoAAL4trvrLtW5tcW63ObMy51V5
+EJJAH3vk/EK9EgevMYGwbiVB7pkb11tcnLoxelorTAbpDCzSorbW71mruX11496w
+GBJw4yQcIUxET5GxU14qTEK4wLQQ7AZQIKVtw+ECgYEAv/YJuzQfwZ9+mhYCPaL1
+cnomtM/xi6SHQRY3X4oPmp4LK0Sc1ispPJji3atWTKACXbyNzTIkm1NVVsMGa7Wq
+JxqFZ5AxP0IDwRCZOmeOK6LegNSZP6MZItV0vNnL/epYkjjCgMrJFkfaH+ezf4lF
+pn/6DXBoBhHzL/1+CCCs1A8CgYBPk1+fSIbEYsidInszF39lNHtJcDhDY+VdL9r+
+aaXoOyfJHLpkgWGF+URgSxyjItXB1V8KA0YqkX3LC1gF+NK6qRggdjesd2g6S2Wv
+6LwOchGLECpBApzXlbsU+18MMhCYiQ8zfOFCUy33KPyrFbemaxQd6SOZ+MTn4tZX
+DIHgwQKBgFLvSmrc8eLKRDDDxdvZYiu8JMm/DS4TdbK3P2u67hhxd3Y4whdQboF5
+zHbkkTBIuKoFbbQj3bB91KmCIcxNkT66Xe3qmoAfDrUMp7cxBLcnpoDpJIXTlKnG
+bHThVsqvJvuwQByr2oUGUJd8eerqzUCAgx/mi+/9aTe+ztB/KmBF
+-----END RSA PRIVATE KEY-----
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/da_prvk.pem b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/da_prvk.pem
new file mode 100644
index 0000000..715ecca
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/da_prvk.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0WQDRmxTDvm7U8HoqWphpOMy4X3A9Vu0bSB6wwW66TVOqsLL
+MHezN0DSdQNrgi2yaCAN4X2j23JmsnaGuJcLhXNwUPCE+NV2kE50zWxTsx8LsM1g
+aGv2fGDaDsIPVj7qcVzr2/dtHFwQ6YKrKVXYM95VPJza/X6iOIwCgjz+fdmsg/oq
+jrBoWr2rVqkt8aeAXorAvRDA89yxdwqea7w0GMX4Ski3yyMWssj2SXLzkbEWpYyT
+lanOnnQ1aaNnCG13cdOf7I67uj3StRl4Wnap9YnTbWN6+IRUP9ZbrHW+gjwMUKoW
+1YGHuXIjYlxUxmtaXk266re+iaTjQKLiQbCbLwIDAQABAoIBAAmXZTcCm0NiWRxb
+E4c/Ij3lUl1V31Ld4oPlKvpn9snb8UCNL7WGpiTvyTQm9fO+mB+A6GHd2XWh5eZi
+24T1FkgEo65xdgXX8Vhm357RSXw4/dYZckMWPvIvlY17gixXMXID6aHn0Y2tAfFQ
+VPrNvduSYaEnJjjaZh/k+fBxTs8A5lQcxDWvsf11on00sXrUAOlHS6hQ2vziZnmc
+r/MqBY/3Hkwtqsr4unCenKTch1hKf/6KqaChYO0GnDlwt9rjmH3tcb0LyCQ1aYe9
+dDY9RmgscZE8PtvbKpEfcB8jruP43ZgYC1oTj9WtdHQ2gtLS0bs9knhnECSPMW3Y
+ORF46oECgYEA8qz+H+tuqxCKAA1p6EXmegpEcqhkwapviqgMZMQAejfW//bf8LYd
+9CsyTtWER1uxJ+PjvhW/K0NYXn+tbWzrsW1UK/AaYwvaB9+JsjU07aZh9kmADZJi
+3KkPsKp4Unqlno59XkLm3XE9REoHursnIkiuzHZnqh/+50ck+GJGQQ8CgYEA3OMr
+xNfLkuTs5NyBDBCYSOf0s2wfLgpfu4eaUYuYMGoAAL4trvrLtW5tcW63ObMy51V5
+EJJAH3vk/EK9EgevMYGwbiVB7pkb11tcnLoxelorTAbpDCzSorbW71mruX11496w
+GBJw4yQcIUxET5GxU14qTEK4wLQQ7AZQIKVtw+ECgYEAv/YJuzQfwZ9+mhYCPaL1
+cnomtM/xi6SHQRY3X4oPmp4LK0Sc1ispPJji3atWTKACXbyNzTIkm1NVVsMGa7Wq
+JxqFZ5AxP0IDwRCZOmeOK6LegNSZP6MZItV0vNnL/epYkjjCgMrJFkfaH+ezf4lF
+pn/6DXBoBhHzL/1+CCCs1A8CgYBPk1+fSIbEYsidInszF39lNHtJcDhDY+VdL9r+
+aaXoOyfJHLpkgWGF+URgSxyjItXB1V8KA0YqkX3LC1gF+NK6qRggdjesd2g6S2Wv
+6LwOchGLECpBApzXlbsU+18MMhCYiQ8zfOFCUy33KPyrFbemaxQd6SOZ+MTn4tZX
+DIHgwQKBgFLvSmrc8eLKRDDDxdvZYiu8JMm/DS4TdbK3P2u67hhxd3Y4whdQboF5
+zHbkkTBIuKoFbbQj3bB91KmCIcxNkT66Xe3qmoAfDrUMp7cxBLcnpoDpJIXTlKnG
+bHThVsqvJvuwQByr2oUGUJd8eerqzUCAgx/mi+/9aTe+ztB/KmBF
+-----END RSA PRIVATE KEY-----
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/root_prvk.pem b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/root_prvk.pem
new file mode 100644
index 0000000..715ecca
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/root_prvk.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0WQDRmxTDvm7U8HoqWphpOMy4X3A9Vu0bSB6wwW66TVOqsLL
+MHezN0DSdQNrgi2yaCAN4X2j23JmsnaGuJcLhXNwUPCE+NV2kE50zWxTsx8LsM1g
+aGv2fGDaDsIPVj7qcVzr2/dtHFwQ6YKrKVXYM95VPJza/X6iOIwCgjz+fdmsg/oq
+jrBoWr2rVqkt8aeAXorAvRDA89yxdwqea7w0GMX4Ski3yyMWssj2SXLzkbEWpYyT
+lanOnnQ1aaNnCG13cdOf7I67uj3StRl4Wnap9YnTbWN6+IRUP9ZbrHW+gjwMUKoW
+1YGHuXIjYlxUxmtaXk266re+iaTjQKLiQbCbLwIDAQABAoIBAAmXZTcCm0NiWRxb
+E4c/Ij3lUl1V31Ld4oPlKvpn9snb8UCNL7WGpiTvyTQm9fO+mB+A6GHd2XWh5eZi
+24T1FkgEo65xdgXX8Vhm357RSXw4/dYZckMWPvIvlY17gixXMXID6aHn0Y2tAfFQ
+VPrNvduSYaEnJjjaZh/k+fBxTs8A5lQcxDWvsf11on00sXrUAOlHS6hQ2vziZnmc
+r/MqBY/3Hkwtqsr4unCenKTch1hKf/6KqaChYO0GnDlwt9rjmH3tcb0LyCQ1aYe9
+dDY9RmgscZE8PtvbKpEfcB8jruP43ZgYC1oTj9WtdHQ2gtLS0bs9knhnECSPMW3Y
+ORF46oECgYEA8qz+H+tuqxCKAA1p6EXmegpEcqhkwapviqgMZMQAejfW//bf8LYd
+9CsyTtWER1uxJ+PjvhW/K0NYXn+tbWzrsW1UK/AaYwvaB9+JsjU07aZh9kmADZJi
+3KkPsKp4Unqlno59XkLm3XE9REoHursnIkiuzHZnqh/+50ck+GJGQQ8CgYEA3OMr
+xNfLkuTs5NyBDBCYSOf0s2wfLgpfu4eaUYuYMGoAAL4trvrLtW5tcW63ObMy51V5
+EJJAH3vk/EK9EgevMYGwbiVB7pkb11tcnLoxelorTAbpDCzSorbW71mruX11496w
+GBJw4yQcIUxET5GxU14qTEK4wLQQ7AZQIKVtw+ECgYEAv/YJuzQfwZ9+mhYCPaL1
+cnomtM/xi6SHQRY3X4oPmp4LK0Sc1ispPJji3atWTKACXbyNzTIkm1NVVsMGa7Wq
+JxqFZ5AxP0IDwRCZOmeOK6LegNSZP6MZItV0vNnL/epYkjjCgMrJFkfaH+ezf4lF
+pn/6DXBoBhHzL/1+CCCs1A8CgYBPk1+fSIbEYsidInszF39lNHtJcDhDY+VdL9r+
+aaXoOyfJHLpkgWGF+URgSxyjItXB1V8KA0YqkX3LC1gF+NK6qRggdjesd2g6S2Wv
+6LwOchGLECpBApzXlbsU+18MMhCYiQ8zfOFCUy33KPyrFbemaxQd6SOZ+MTn4tZX
+DIHgwQKBgFLvSmrc8eLKRDDDxdvZYiu8JMm/DS4TdbK3P2u67hhxd3Y4whdQboF5
+zHbkkTBIuKoFbbQj3bB91KmCIcxNkT66Xe3qmoAfDrUMp7cxBLcnpoDpJIXTlKnG
+bHThVsqvJvuwQByr2oUGUJd8eerqzUCAgx/mi+/9aTe+ztB/KmBF
+-----END RSA PRIVATE KEY-----
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/sla_prvk.pem b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/sla_prvk.pem
new file mode 100644
index 0000000..715ecca
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/keys/toolauth/sla_prvk.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0WQDRmxTDvm7U8HoqWphpOMy4X3A9Vu0bSB6wwW66TVOqsLL
+MHezN0DSdQNrgi2yaCAN4X2j23JmsnaGuJcLhXNwUPCE+NV2kE50zWxTsx8LsM1g
+aGv2fGDaDsIPVj7qcVzr2/dtHFwQ6YKrKVXYM95VPJza/X6iOIwCgjz+fdmsg/oq
+jrBoWr2rVqkt8aeAXorAvRDA89yxdwqea7w0GMX4Ski3yyMWssj2SXLzkbEWpYyT
+lanOnnQ1aaNnCG13cdOf7I67uj3StRl4Wnap9YnTbWN6+IRUP9ZbrHW+gjwMUKoW
+1YGHuXIjYlxUxmtaXk266re+iaTjQKLiQbCbLwIDAQABAoIBAAmXZTcCm0NiWRxb
+E4c/Ij3lUl1V31Ld4oPlKvpn9snb8UCNL7WGpiTvyTQm9fO+mB+A6GHd2XWh5eZi
+24T1FkgEo65xdgXX8Vhm357RSXw4/dYZckMWPvIvlY17gixXMXID6aHn0Y2tAfFQ
+VPrNvduSYaEnJjjaZh/k+fBxTs8A5lQcxDWvsf11on00sXrUAOlHS6hQ2vziZnmc
+r/MqBY/3Hkwtqsr4unCenKTch1hKf/6KqaChYO0GnDlwt9rjmH3tcb0LyCQ1aYe9
+dDY9RmgscZE8PtvbKpEfcB8jruP43ZgYC1oTj9WtdHQ2gtLS0bs9knhnECSPMW3Y
+ORF46oECgYEA8qz+H+tuqxCKAA1p6EXmegpEcqhkwapviqgMZMQAejfW//bf8LYd
+9CsyTtWER1uxJ+PjvhW/K0NYXn+tbWzrsW1UK/AaYwvaB9+JsjU07aZh9kmADZJi
+3KkPsKp4Unqlno59XkLm3XE9REoHursnIkiuzHZnqh/+50ck+GJGQQ8CgYEA3OMr
+xNfLkuTs5NyBDBCYSOf0s2wfLgpfu4eaUYuYMGoAAL4trvrLtW5tcW63ObMy51V5
+EJJAH3vk/EK9EgevMYGwbiVB7pkb11tcnLoxelorTAbpDCzSorbW71mruX11496w
+GBJw4yQcIUxET5GxU14qTEK4wLQQ7AZQIKVtw+ECgYEAv/YJuzQfwZ9+mhYCPaL1
+cnomtM/xi6SHQRY3X4oPmp4LK0Sc1ispPJji3atWTKACXbyNzTIkm1NVVsMGa7Wq
+JxqFZ5AxP0IDwRCZOmeOK6LegNSZP6MZItV0vNnL/epYkjjCgMrJFkfaH+ezf4lF
+pn/6DXBoBhHzL/1+CCCs1A8CgYBPk1+fSIbEYsidInszF39lNHtJcDhDY+VdL9r+
+aaXoOyfJHLpkgWGF+URgSxyjItXB1V8KA0YqkX3LC1gF+NK6qRggdjesd2g6S2Wv
+6LwOchGLECpBApzXlbsU+18MMhCYiQ8zfOFCUy33KPyrFbemaxQd6SOZ+MTn4tZX
+DIHgwQKBgFLvSmrc8eLKRDDDxdvZYiu8JMm/DS4TdbK3P2u67hhxd3Y4whdQboF5
+zHbkkTBIuKoFbbQj3bB91KmCIcxNkT66Xe3qmoAfDrUMp7cxBLcnpoDpJIXTlKnG
+bHThVsqvJvuwQByr2oUGUJd8eerqzUCAgx/mi+/9aTe+ztB/KmBF
+-----END RSA PRIVATE KEY-----
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/asn1_gen.pyc b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/asn1_gen.pyc
new file mode 100644
index 0000000..554f44d
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/asn1_gen.pyc
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/cert.pyc b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/cert.pyc
new file mode 100644
index 0000000..e9a251c
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/cert.pyc
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/dainfo.pyc b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/dainfo.pyc
new file mode 100644
index 0000000..77a358f
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/dainfo.pyc
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/gfh.pyc b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/gfh.pyc
new file mode 100644
index 0000000..3931c7d
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/gfh.pyc
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/hsm_hook.pyc b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/hsm_hook.pyc
new file mode 100644
index 0000000..2e3d7bc
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/lib/hsm_hook.pyc
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/pbp.py b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/pbp.py
new file mode 100755
index 0000000..6420a8f
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/pbp.py
@@ -0,0 +1,272 @@
+import sys
+import os
+import struct
+import subprocess
+import shutil
+script_folder, script_name = os.path.split(os.path.realpath(__file__))
+sys.path.append(os.path.join(script_folder, "lib"))
+import gfh
+import cert
+
+def get_file_sizeb(file_path):
+ if not os.path.isfile(file_path):
+ return 0
+ file_handle = open(file_path, "rb")
+ file_handle.seek(0, 2)
+ file_size = file_handle.tell()
+ file_handle.close()
+ return file_size
+
+def concatb(file1_path, file2_path):
+ file1_size = get_file_sizeb(file1_path)
+ file2_size = get_file_sizeb(file2_path)
+ file1 = open(file1_path, "ab+")
+ file2 = open(file2_path, "rb")
+ file1.write(file2.read(file2_size))
+ file2.close()
+ file1.close()
+
+class bootloader:
+ def __init__(self, out_path, in_bootloader_file_path, out_bootloader_file_path):
+ self.m_gfh = gfh.image_gfh()
+ self.m_out_path = out_path
+ if not os.path.exists(self.m_out_path):
+ os.makedirs(self.m_out_path)
+ self.m_in_bootloader_file_path = in_bootloader_file_path
+ self.m_out_bootloader_file_path = out_bootloader_file_path
+ self.m_bootloader_is_signed = False
+ self.m_bootloader_content_offset = 0
+ #initialize content size to bootloader file size
+ self.m_bootloader_content_length = get_file_sizeb(self.m_in_bootloader_file_path)
+ self.m_bootloader_sig_size = 0
+ #generate file path for bootloader without gfh and signature
+ bootloader_path = in_bootloader_file_path.split('.')
+ self.m_bootloader_no_gfh_file_path = bootloader_path[0] + "_plain.bin"
+ self.m_sig_ver = 0
+ self.m_sw_ver = 0
+ self.m_root_prvk_path = ""
+ self.m_img_prvk_path = ""
+ self.m_ac_key = 0
+ self.m_sig_handler = None
+ def is_signed(self):
+ if self.m_in_bootloader_file_path:
+ bootloader_file = open(self.m_in_bootloader_file_path, "rb")
+ gfh_hdr_obj = gfh.gfh_header()
+ gfh_hdr_size = gfh_hdr_obj.get_size()
+ gfh_hdr_buf = bootloader_file.read(gfh_hdr_size)
+ self.m_bootloader_is_signed = gfh_hdr_obj.is_gfh(gfh_hdr_buf)
+ bootloader_file.close()
+ return self.m_bootloader_is_signed
+ def parse(self):
+ print "===parse bootloader==="
+ #image will be decomposed if it's signed
+ if self.is_signed():
+ gfh_total_size = self.m_gfh.parse(self.m_in_bootloader_file_path)
+ self.m_bootloader_content_offset = gfh_total_size
+ self.m_bootloader_content_length -= gfh_total_size
+ self.m_bootloader_content_length -= self.m_gfh.get_sig_size()
+ self.m_bootloader_sig_size = self.m_gfh.get_sig_size()
+ in_file = open(self.m_in_bootloader_file_path, "rb")
+ out_file = open(self.m_bootloader_no_gfh_file_path, "wb")
+ in_file.seek(self.m_bootloader_content_offset)
+ out_file.write(in_file.read(self.m_bootloader_content_length))
+ out_file.close()
+ in_file.close()
+ else:
+ shutil.copyfile(self.m_in_bootloader_file_path, self.m_bootloader_no_gfh_file_path)
+ print "bootloader content size = " + hex(self.m_bootloader_content_length)
+ def create_gfh(self, gfh_config):
+ self.parse()
+ if gfh_config:
+ if self.is_signed():
+ del self.m_gfh.gfhs[:]
+ self.m_gfh.load_ini(gfh_config)
+ elif not self.is_signed():
+ print "GFH_CONFIG.ini does not exist!!"
+ return -1
+ #self.m_gfh.dump()
+ return 0
+ def sign(self, key_ini_path, key_cert_path, content_config_file_path):
+ self.m_gfh.finalize(self.m_bootloader_content_length, key_ini_path)
+ #create tbs_bootloader.bin
+ tbs_bootloader_file_path = os.path.join(self.m_out_path, "tbs_preloader.bin")
+ tbs_bootloader_file = open(tbs_bootloader_file_path, "wb")
+ tbs_bootloader_file.write(self.m_gfh.pack())
+ bootloader_no_gfh_file = open(self.m_bootloader_no_gfh_file_path, "rb")
+ tbs_bootloader_file.write(bootloader_no_gfh_file.read(self.m_bootloader_content_length))
+ bootloader_no_gfh_file.close()
+ tbs_bootloader_file.close()
+ print "===sign==="
+ if self.m_gfh.get_sig_type() == "CERT_CHAIN":
+ self.m_sig_handler = cert.cert_chain_v2()
+ #create key cert if key cert does not exist
+ if key_cert_path == "":
+ key_cert_path = os.path.join(self.m_out_path, "key_cert.bin")
+ if not os.path.isfile(key_cert_path):
+ key_cert_folder_name, key_cert_file_name = os.path.split(os.path.abspath(key_cert_path))
+ self.m_sig_handler.create_key_cert(key_ini_path, self.m_out_path, key_cert_file_name)
+ key_cert_path = os.path.join(self.m_out_path, key_cert_file_name)
+ else:
+ self.m_sig_handler.set_key_cert(key_cert_path)
+ #create content cert
+ content_cert_name = "content_cert.bin"
+ self.m_sig_handler.create_content_cert(content_config_file_path, tbs_bootloader_file_path, self.m_out_path, content_cert_name)
+ #create final cert chain
+ sig_name = "preloader.sig"
+ sig_file_path = os.path.join(self.m_out_path, sig_name)
+ self.m_sig_handler.output(self.m_out_path, sig_name)
+ #output final cert chain size
+ sig_size_name = "sig_size.txt"
+ sig_size_file_path = os.path.join(self.m_out_path, sig_size_name)
+ sig_size_file = open(sig_size_file_path, 'w')
+ sig_size_file.write(hex(get_file_sizeb(sig_file_path)))
+ sig_size_file.close()
+ #create final preloader image
+ if os.path.isfile(self.m_out_bootloader_file_path):
+ os.remove(self.m_out_bootloader_file_path)
+ concatb(self.m_out_bootloader_file_path, tbs_bootloader_file_path)
+ concatb(self.m_out_bootloader_file_path, sig_file_path)
+ #clean up
+ os.remove(os.path.join(self.m_out_path, content_cert_name))
+ elif self.m_gfh.get_sig_type() == "SINGLE_AND_PHASH":
+ self.m_sig_handler = cert.sig_single_and_phash(self.m_gfh.get_pad_type())
+ self.m_sig_handler.set_out_path(self.m_out_path)
+ self.m_sig_handler.create(key_ini_path, tbs_bootloader_file_path)
+ #signature generation
+ self.m_sig_handler.sign()
+ sig_name = "preloader.sig"
+ sig_file_path = os.path.join(self.m_out_path, sig_name)
+ self.m_sig_handler.output(self.m_out_path, sig_name)
+ #output signature size
+ sig_size_name = "sig_size.txt"
+ sig_size_file_path = os.path.join(self.m_out_path, sig_size_name)
+ sig_size_file = open(sig_size_file_path, 'w')
+ sig_size_file.write(hex(get_file_sizeb(sig_file_path)))
+ sig_size_file.close()
+ #create final preloader image
+ if os.path.isfile(self.m_out_bootloader_file_path):
+ os.remove(self.m_out_bootloader_file_path)
+ concatb(self.m_out_bootloader_file_path, tbs_bootloader_file_path)
+ concatb(self.m_out_bootloader_file_path, sig_file_path)
+ else:
+ print "unknown signature type"
+ #clean up
+ os.remove(self.m_bootloader_no_gfh_file_path)
+ os.remove(tbs_bootloader_file_path)
+ os.remove(sig_file_path)
+ return
+
+def main():
+ #parameter parsing
+ idx = 1
+ key_ini_path = ""
+ key_path = ""
+ gfh_config_ini_path = ""
+ content_config_ini_path = ""
+ key_cert_path = ""
+ in_bootloader_path = ""
+ function = "sign"
+ function_out_path = ""
+ while idx < len(sys.argv):
+ if sys.argv[idx][0] == '-':
+ if sys.argv[idx][1] == 'i':
+ print "key ini: " + sys.argv[idx + 1]
+ key_ini_path = sys.argv[idx + 1]
+ idx += 2
+ if sys.argv[idx][1] == 'j':
+ print "key(pem): " + sys.argv[idx + 1]
+ key_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'g':
+ print "gfh config: " + sys.argv[idx + 1]
+ gfh_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'c':
+ print "content config: " + sys.argv[idx + 1]
+ content_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'k':
+ print "key cert: " + sys.argv[idx + 1]
+ key_cert_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1:] == 'func':
+ print "function: " + sys.argv[idx + 1]
+ function = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'o':
+ print "function output: " + sys.argv[idx + 1]
+ function_out_path = sys.argv[idx + 1]
+ idx += 2
+ else:
+ print "unknown input"
+ idx += 2
+ else:
+ in_bootloader_path = sys.argv[idx]
+ print "bootloader: " + in_bootloader_path
+ idx += 1
+
+ if (function == "sign") and (not in_bootloader_path):
+ print "bootloader path is not given!"
+ return -1
+ if (not function_out_path):
+ print "function out path is not given!"
+ return -1
+ if function == "sign":
+ if (key_ini_path == "") and (key_cert_path == ""):
+ print "key path is not given!"
+ return -1
+ else:
+ if (key_path == "" and key_ini_path == ""):
+ print "key path is not given!"
+ return -1
+
+ out_path = os.path.dirname(os.path.abspath(function_out_path))
+ if not os.path.exists(out_path):
+ os.makedirs(out_path)
+
+ if function == "sign":
+ bootloader_obj = bootloader(out_path, in_bootloader_path, function_out_path)
+ bootloader_obj.create_gfh(gfh_config_ini_path)
+ bootloader_obj.sign(key_ini_path, key_cert_path, content_config_ini_path)
+ return 0
+ elif function == "keybin_pss":
+ key = cert.ct_key("pss")
+ key.create(key_path)
+ key_bin = key.pack()
+ out_file = open(function_out_path, "wb")
+ out_file.write(key_bin)
+ out_file.close()
+ return 0
+ elif function == "keybin_legacy":
+ key = cert.ct_key("legacy")
+ key.create(key_path)
+ key_bin = key.pack()
+ out_file = open(function_out_path, "wb")
+ out_file.write(key_bin)
+ out_file.close()
+ return 0
+ elif function == "keyhash_pss":
+ key = cert.ct_key("pss")
+ key.create(key_path)
+ key_bin = key.pack()
+ tmp_key_bin_path = os.path.join(out_path, "tmp_keybin.bin")
+ out_file = open(tmp_key_bin_path, "wb")
+ out_file.write(key_bin)
+ out_file.close()
+ cert.hash_gen(tmp_key_bin_path, function_out_path)
+ os.remove(tmp_key_bin_path)
+ return 0
+ elif function == "keyhash_legacy":
+ key = cert.ct_key("legacy")
+ key.create(key_path)
+ key_bin = key.pack()
+ tmp_key_bin_path = os.path.join(out_path, "tmp_keybin.bin")
+ out_file = open(tmp_key_bin_path, "wb")
+ out_file.write(key_bin)
+ out_file.close()
+ cert.hash_gen(tmp_key_bin_path, function_out_path)
+ os.remove(tmp_key_bin_path)
+ return 0
+
+if __name__ == '__main__':
+ main()
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/prebuilt/toolauth/MTK_AllInOne_DA.bin b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/prebuilt/toolauth/MTK_AllInOne_DA.bin
new file mode 100644
index 0000000..3f5aea7
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/prebuilt/toolauth/MTK_AllInOne_DA.bin
Binary files differ
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert.py b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert.py
new file mode 100755
index 0000000..214703f
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert.py
@@ -0,0 +1,170 @@
+import sys
+import os
+import struct
+script_folder, script_name = os.path.split(os.path.realpath(__file__))
+sys.path.append(os.path.join(script_folder, "lib"))
+import gfh
+import cert
+
+def get_file_sizeb(file_path):
+ if not os.path.isfile(file_path):
+ return 0
+ file_handle = open(file_path, "rb")
+ file_handle.seek(0, 2)
+ file_size = file_handle.tell()
+ file_handle.close()
+ return file_size
+
+def concatb(file1_path, file2_path):
+ file1_size = get_file_sizeb(file1_path)
+ file2_size = get_file_sizeb(file2_path)
+ file1 = open(file1_path, "ab+")
+ file2 = open(file2_path, "rb")
+ file1.write(file2.read(file2_size))
+ file2.close()
+ file1.close()
+
+class sctrl_cert:
+ def __init__(self, out_path, sctrl_cert_path):
+ self.m_out_path = out_path
+ if not os.path.exists(self.m_out_path):
+ os.makedirs(self.m_out_path)
+ self.m_sctrl_cert_path = sctrl_cert_path
+ self.m_gfh = gfh.image_gfh()
+ self.m_key_path = ""
+ self.m_out_path = out_path
+ self.m_sig_handler = None
+ def create_gfh(self, gfh_config):
+ self.m_gfh.load_ini(gfh_config)
+ self.m_gfh.dump()
+ return
+ def sign(self, key_ini_path, key_cert_path, primary_dbg_config_ini_path, primary_dbg_path, secondary_config_file_path):
+ #tool auth contains only gfh and signature, no extra content
+ self.m_gfh.finalize(0, key_ini_path)
+ #create tbs_sctrl_cert.bin
+ tbs_sctrl_cert_file_path = os.path.join(self.m_out_path, "tbs_sctrl_cert.bin")
+ tbs_sctrl_cert_file = open(tbs_sctrl_cert_file_path, "wb")
+ tbs_sctrl_cert_file.write(self.m_gfh.pack())
+ tbs_sctrl_cert_file.close()
+ print "===sctrl_cert sign==="
+ if self.m_gfh.get_sig_type() == "CERT_CHAIN":
+ self.m_sig_handler = cert.cert_chain_v5()
+ #create key cert
+ if key_cert_path == "":
+ key_cert_path = os.path.join(self.m_out_path, "key_cert.bin")
+ if os.path.isfile(key_ini_path):
+ key_cert_folder_name, key_cert_file_name = os.path.split(os.path.abspath(key_cert_path))
+ self.m_sig_handler.create_key_cert(key_ini_path, self.m_out_path, key_cert_file_name)
+ key_cert_path = os.path.join(self.m_out_path, key_cert_file_name)
+ else:
+ self.m_sig_handler.set_key_cert(key_cert_path)
+ #create primary debug cert
+ if primary_dbg_path == "":
+ primary_dbg_path = "primary_dbg_cert.bin"
+ if os.path.isfile(primary_dbg_config_ini_path):
+ primary_dbg_cert_folder_name, primary_dbg_cert_file_name = os.path.split(os.path.abspath(primary_dbg_path))
+ self.m_sig_handler.create_primary_dbg_cert(primary_dbg_config_ini_path, tbs_sctrl_cert_file_path, self.m_out_path, primary_dbg_cert_file_name)
+ primary_dbg_cert_path = os.path.join(self.m_out_path, primary_dbg_cert_file_name)
+ else:
+ self.m_sig_handler.set_primary_dbg_cert(primary_dbg_path)
+ #create secondary debug cert
+ secondary_dbg_cert_file_name = "secondary_dbg_cert.bin"
+ secondary_dbg_cert_file_path = os.path.join(self.m_out_path, secondary_dbg_cert_file_name)
+ self.m_sig_handler.create_secondary_dbg_cert(secondary_config_file_path, self.m_out_path, secondary_dbg_cert_file_name)
+ #create final cert chain
+ sig_name = "sctrl_cert.sig"
+ sig_file_path = os.path.join(self.m_out_path, sig_name)
+ self.m_sig_handler.output(self.m_out_path, sig_name)
+ #create final sctrl cert
+ if os.path.isfile(self.m_sctrl_cert_path):
+ os.remove(self.m_sctrl_cert_path)
+ concatb(self.m_sctrl_cert_path, tbs_sctrl_cert_file_path)
+ concatb(self.m_sctrl_cert_path, sig_file_path)
+ os.remove(secondary_dbg_cert_file_path)
+ elif self.m_gfh.get_sig_type() == "SINGLE":
+ self.m_sig_handler = cert.sig_single(self.m_gfh.get_pad_type())
+ self.m_sig_handler.set_out_path(self.m_out_path)
+ self.m_sig_handler.create(key_ini_path, tbs_sctrl_cert_file_path)
+ self.m_sig_handler.sign()
+ sig_name = "sctrl_cert.sig"
+ sig_file_path = os.path.join(self.m_out_path, sig_name)
+ self.m_sig_handler.output(self.m_out_path, sig_name)
+ #create final toolauth file
+ if os.path.isfile(self.m_sctrl_cert_path):
+ os.remove(self.m_sctrl_cert_path)
+ concatb(self.m_sctrl_cert_path, tbs_sctrl_cert_file_path)
+ concatb(self.m_sctrl_cert_path, sig_file_path)
+ else:
+ print "unknown signature type"
+
+ #clean up
+ os.remove(tbs_sctrl_cert_file_path)
+ os.remove(sig_file_path)
+ return
+
+def main():
+ #parameter parsing
+ idx = 1
+ key_ini_path = ""
+ key_cert_path = ""
+ gfh_config_ini_path = ""
+ primary_dbg_path = ""
+ primary_dbg_config_ini_path = ""
+ secondary_dbg_config_ini_path = ""
+ sctrl_cert_path = ""
+
+ while idx < len(sys.argv):
+ if sys.argv[idx][0] == '-':
+ if sys.argv[idx][1] == 'i':
+ print "key: " + sys.argv[idx + 1]
+ key_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'g':
+ print "gfh config: " + sys.argv[idx + 1]
+ gfh_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'p':
+ print "primary dbg cert: " + sys.argv[idx + 1]
+ primary_dbg_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'q':
+ print "primary dbg cert config: " + sys.argv[idx + 1]
+ primary_dbg_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 's':
+ print "secondary dbg cert config: " + sys.argv[idx + 1]
+ secondary_dbg_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'k':
+ print "key cert: " + sys.argv[idx + 1]
+ key_cert_path = sys.argv[idx + 1]
+ idx += 2
+ else:
+ print "unknown input"
+ idx += 2
+ else:
+ sctrl_cert_path = sys.argv[idx]
+ print "sctrl_cert_path: " + sctrl_cert_path
+ idx += 1
+
+ if not key_cert_path and not key_ini_path:
+ print "key path is not given!"
+ return -1
+ if not gfh_config_ini_path:
+ print "sctrl_cert_config_path is not given!"
+ return -1
+ if not sctrl_cert_path:
+ print "sctrl_cert is not given!"
+ return -1
+
+ out_path = os.path.dirname(os.path.abspath(sctrl_cert_path))
+
+ sctrl_cert_obj = sctrl_cert(out_path, sctrl_cert_path)
+ sctrl_cert_obj.create_gfh(gfh_config_ini_path)
+ sctrl_cert_obj.sign(key_ini_path, key_cert_path, primary_dbg_config_ini_path, primary_dbg_path, secondary_dbg_config_ini_path)
+
+ return 0
+
+if __name__ == '__main__':
+ main()
+
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_gfh_config.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_gfh_config.ini
new file mode 100644
index 0000000..3e002cb
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_gfh_config.ini
@@ -0,0 +1,14 @@
+[GFH_FILE_INFO]
+file_type = "4"
+start_addr = "0x00201000"
+flash_dev = "emmc"
+sig_type = "SINGLE"
+pad_type = "legacy"
+[GFH_SCTRL_CERT]
+version = "1"
+me_id = "9398c055df4d402b8be0ac030d609210"
+daa_dis = "1"
+sbc_dis = "1"
+jtag_enable = "1"
+secure_world_debug_enable = "1"
+
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_key.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_key.ini
new file mode 100644
index 0000000..2aac06f
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/sctrlcert/scc_key.ini
@@ -0,0 +1,3 @@
+[KEY]
+sw_ver = "1"
+rootkey = "keys/sctrlcert/root_prvk.pem"
\ No newline at end of file
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth.py b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth.py
new file mode 100755
index 0000000..72188c2
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth.py
@@ -0,0 +1,110 @@
+import sys
+import os
+import struct
+script_folder, script_name = os.path.split(os.path.realpath(__file__))
+sys.path.append(os.path.join(script_folder, "lib"))
+import gfh
+import cert
+
+def get_file_sizeb(file_path):
+ if not os.path.isfile(file_path):
+ return 0
+ file_handle = open(file_path, "rb")
+ file_handle.seek(0, 2)
+ file_size = file_handle.tell()
+ file_handle.close()
+ return file_size
+
+def concatb(file1_path, file2_path):
+ file1_size = get_file_sizeb(file1_path)
+ file2_size = get_file_sizeb(file2_path)
+ file1 = open(file1_path, "ab+")
+ file2 = open(file2_path, "rb")
+ file1.write(file2.read(file2_size))
+ file2.close()
+ file1.close()
+
+class tool_auth:
+ def __init__(self, out_path, tool_auth_path):
+ self.m_out_path = out_path
+ if not os.path.exists(self.m_out_path):
+ os.makedirs(self.m_out_path)
+ self.m_tool_auth_path = tool_auth_path
+ self.m_gfh = gfh.image_gfh()
+ self.m_sig_handler = None
+ def create_gfh(self, gfh_config):
+ self.m_gfh.load_ini(gfh_config)
+ return
+ def sign(self, key_ini_path):
+ #tool auth contains only gfh and signature, no extra content
+ self.m_gfh.finalize(0, key_ini_path)
+ #write tbs_tool_auth
+ tbs_toolauth_file_path = os.path.join(self.m_out_path, "tbs_toolauth.bin")
+ tbs_tool_auth_file = open(tbs_toolauth_file_path, "wb")
+ tbs_tool_auth_file.write(self.m_gfh.pack())
+ tbs_tool_auth_file.close()
+ print "===tool_auth signing==="
+ if self.m_gfh.get_sig_type() == "SINGLE":
+ self.m_sig_handler = cert.sig_single(self.m_gfh.get_pad_type())
+ self.m_sig_handler.set_out_path(self.m_out_path)
+ self.m_sig_handler.create(key_ini_path, tbs_toolauth_file_path)
+ self.m_sig_handler.sign()
+ sig_name = "toolauth.sig"
+ sig_file_path = os.path.join(self.m_out_path, sig_name)
+ self.m_sig_handler.output(self.m_out_path, sig_name)
+ #create final toolauth file
+ if os.path.isfile(self.m_tool_auth_path):
+ os.remove(self.m_tool_auth_path)
+ concatb(self.m_tool_auth_path, tbs_toolauth_file_path)
+ concatb(self.m_tool_auth_path, sig_file_path)
+ else:
+ print "unknown signature type"
+ #clean up
+ os.remove(tbs_toolauth_file_path)
+ os.remove(sig_file_path)
+ return
+
+def main():
+ #parameter parsing
+ idx = 1
+ key_ini_path = ""
+ gfh_config_ini_path = ""
+ while idx < len(sys.argv):
+ if sys.argv[idx][0] == '-':
+ if sys.argv[idx][1] == 'i':
+ print "key: " + sys.argv[idx + 1]
+ key_ini_path = sys.argv[idx + 1]
+ idx += 2
+ elif sys.argv[idx][1] == 'g':
+ print "gfh: " + sys.argv[idx + 1]
+ gfh_config_ini_path = sys.argv[idx + 1]
+ idx += 2
+ else:
+ print "unknown input"
+ idx += 2
+ else:
+ tool_auth_path = sys.argv[idx]
+ print "tool_auth_path: " + tool_auth_path
+ idx += 1
+
+ if not key_ini_path:
+ print "key path is not given!"
+ return -1
+ if not gfh_config_ini_path:
+ print "gfh config path is not given!"
+ return -1
+ if not tool_auth_path:
+ print "tool_auth path is not given!"
+ return -1
+
+ out_path = os.path.dirname(os.path.abspath(tool_auth_path))
+
+ tool_auth_obj = tool_auth(out_path, tool_auth_path)
+ tool_auth_obj.create_gfh(gfh_config_ini_path)
+ tool_auth_obj.sign(key_ini_path)
+
+ return
+
+if __name__ == '__main__':
+ main()
+
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/bbchips.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/bbchips.ini
new file mode 100644
index 0000000..2a75c3d
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/bbchips.ini
@@ -0,0 +1,11 @@
+[MT8521p]
+hw_code = 0x8521
+hw_sub_code = 0x0
+hw_ver = 0xca00
+sw_ver = 0x0
+load_region0_sigtype = epp
+load_region0_key = keys/resignda/epp_prvk.pem
+load_region1_sigtype = da
+load_region1_key = keys/resignda/da_prvk.pem
+load_region2_sigtype = da
+load_region2_key = keys/resignda/da_prvk.pem
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_gfh_config.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_gfh_config.ini
new file mode 100644
index 0000000..087063c
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_gfh_config.ini
@@ -0,0 +1,13 @@
+[GFH_FILE_INFO]
+file_type = "5"
+start_addr = "0x00201000"
+flash_dev = "emmc"
+sig_type = "SINGLE"
+pad_type = "legacy"
+[GFH_TOOL_AUTH]
+version = "1"
+da_path = "prebuilt/toolauth/MTK_AllInOne_DA.bin"
+bbchip = "MT8521p"
+bbchip_ini_path = "toolauth/bbchips.ini"
+sla_public_key = "keys/toolauth/sla_prvk.pem"
+daa_public_key = "keys/toolauth/da_prvk.pem"
diff --git a/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_key.ini b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_key.ini
new file mode 100644
index 0000000..e760e20
--- /dev/null
+++ b/meta/meta-mediatek/recipes-bsp/bl33/files/pbp/toolauth/toolauth_key.ini
@@ -0,0 +1,3 @@
+[KEY]
+sw_ver = "1"
+rootkey = "keys/toolauth/root_prvk.pem"
\ No newline at end of file