blob: 5ac50d8f1663848b65f8ae62bfdec42acdc80963 [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +08001NFSBVERITY="/sbin/veritysetup"
2NFSB_TOOLS_DIR="${TOPDIR}/../src/devtools/nfsb"
3MKNFSBIMG="${NFSB_TOOLS_DIR}/mknfsbimg3"
4ZERO_PADDING_TOOL="${NFSB_TOOLS_DIR}/zero_padding.sh"
5NFSB_WORKING_PATH="${IMGDEPLOYDIR}"
6NFSB_BLOCK_SIZE="1024"
7OLD_ROOTFS_NAME="${IMAGE_NAME}.rootfs.${IMAGE_FSTYPES}"
8OLD_RECOVERY_ROOTFS_NAME="recovery.${IMAGE_FSTYPES}"
9NEW_ROOTFS_NAME="nfsb_rootfs.${IMAGE_FSTYPES}"
10NEW_RECOVERY_ROOTFS_NAME = "tmp_recovery.${IMAGE_FSTYPES}"
11ZERO_PADDING_SIZE="1048576"
12KEY_FILE_MOD="${NFSB_TOOLS_DIR}/rsa.key.pub_out"
13KEY_FILE_PRI="${NFSB_TOOLS_DIR}/rsa.key.pri_out"
14DST_IMG_KEY_FILE = "${TOPDIR}/../src/devtools/nfsb/rsa.key"
15
16add_nfsb_for_rootfs() {
17
18 mod_key=""
19 pri_key=""
20 SRC_IMG_KEY_FILE=""
21 DM_VERITY_ALG=""
22
23 if [ "${STANDALONE_SIGN_PREPARE}" = "yes" ]; then
24 exit 0
25 fi
26
27 if [ "${ROOTFS_VERITY_KEY}" = "" ]; then
28 SRC_IMG_KEY_FILE="${MTK_KEY_DIR}/${VERIFIED_KEY}.pem"
29 else
30 SRC_IMG_KEY_FILE="${MTK_KEY_DIR}/${ROOTFS_VERITY_KEY}.pem"
31 fi
32
33 if [ "${DM_NFSB_HASH_ALG}" = "" ]; then
34 DM_VERITY_ALG="md5"
35 else
36 DM_VERITY_ALG="${DM_NFSB_HASH_ALG}"
37 fi
38
39 #backwards compatible for FORCE_DISABLE_DM_VERITY which only for NFSB actually
40 if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${SECURE_BOOT_TYPE}" = "" ]; then
41 ENABLE_DM_NFSB="yes"
42 fi
43 if [ "${FORCE_DISABLE_DM_VERITY}" = "yes" ]; then
44 ENABLE_DM_NFSB="no"
45 fi
46
47 if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${ENABLE_DM_NFSB}" == "yes" ]; then
48 if [ -e ${KEY_FILE_MOD} ]; then
49 mod_key=${KEY_FILE_MOD}
50 pri_key=${KEY_FILE_PRI}
51 else
52 if [ -e ${SRC_IMG_KEY_FILE} ]; then
53 cp ${SRC_IMG_KEY_FILE} ${DST_IMG_KEY_FILE}
54 python ${TOPDIR}/../src/devtools/nfsb/pretreat-key.py ${TOPDIR} ${SRC_IMG_KEY_FILE}
55 mod_key=${KEY_FILE_MOD}
56 pri_key=${KEY_FILE_PRI}
57 else
58 bbfatal "${KEY_FILE_MOD} does not exist!"
59 fi
60 fi
61 else
62 exit 0
63 fi
64
65 ${NFSBVERITY} --hash=${DM_VERITY_ALG} --no-superblock --data-block-size=${NFSB_BLOCK_SIZE} --hash-block-size=${NFSB_BLOCK_SIZE} format ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_hashes | tee ${NFSB_WORKING_PATH}/rootfs_table
66 ${MKNFSBIMG} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_hashes ${NFSB_WORKING_PATH}/${NEW_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_table ${mod_key} ${pri_key};
67 rm -f ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME}
68 mv ${NFSB_WORKING_PATH}/${NEW_ROOTFS_NAME} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME}
69 ${ZERO_PADDING_TOOL} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${ZERO_PADDING_SIZE}
70 rm -f ${NFSB_WORKING_PATH}/rootfs_hashes
71 rm -f ${NFSB_WORKING_PATH}/rootfs_table
72
73 if [ -e ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ]; then
74 ${NFSBVERITY} --hash=md5 --no-superblock --data-block-size=${NFSB_BLOCK_SIZE} --hash-block-size=${NFSB_BLOCK_SIZE} format ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_hashes | tee ${NFSB_WORKING_PATH}/recovery_rootfs_table
75 ${MKNFSBIMG} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_hashes ${NFSB_WORKING_PATH}/${NEW_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_table ${mod_key} ${pri_key};
76 rm -f ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME}
77 mv ${NFSB_WORKING_PATH}/${NEW_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME}
78 ${ZERO_PADDING_TOOL} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${ZERO_PADDING_SIZE}
79 rm -f ${NFSB_WORKING_PATH}/recovery_rootfs_hashes
80 rm -f ${NFSB_WORKING_PATH}/recovery_rootfs_table
81 fi
82
83 rm -f ${mod_key}
84 rm -f ${pri_key}
85}
86
87IMAGE_POSTPROCESS_COMMAND += " add_nfsb_for_rootfs;"