xf.li | aa4d92f | 2023-09-13 00:18:58 -0700 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | set -e |
| 4 | |
| 5 | if [ $# -lt 2 ]; then |
| 6 | echo "$0 private_key work_dir" |
| 7 | exit -1 |
| 8 | fi |
| 9 | |
| 10 | PRIVATE_KEY=$1 |
| 11 | WORK_DIR=$2 |
| 12 | #v3t for old device, sha256 is not supported, only md5 |
| 13 | DEVICE=$3 |
| 14 | HASH_STR="sha256" |
| 15 | |
| 16 | echo "PRIVATE_KEY:" $PRIVATE_KEY |
| 17 | echo "WORK_DIR:" $WORK_DIR |
| 18 | |
| 19 | #ap_cpucap name changed for checking errors |
| 20 | if [ -f $WORK_DIR/ap_cpucap.bin ]; then |
| 21 | mv $WORK_DIR/ap_cpucap.bin $WORK_DIR/inter_ap_cpucap.bin |
| 22 | fi |
| 23 | # vehicle device zloader.bin structure |
| 24 | # --------------------------------------------------------------- |
| 25 | # | 8 KB | 24 KB | 8KB | |
| 26 | # --------------------------------------------------------------- |
| 27 | # | bootrom1.bin | bootrom2.bin | zloader3.bin | |
| 28 | # --------------------------------------------------------------- |
| 29 | if [ x"$DEVICE" = x"v3t" ]; then |
| 30 | HASH_STR="md5" |
| 31 | if [ `ls -s $WORK_DIR/zloader.bin | awk '{print $1}'` -gt 32 ]; then |
| 32 | #old v3t device for vehicle |
| 33 | fileread $WORK_DIR/zloader.bin 0 8192 $WORK_DIR/bootrom1.bin |
| 34 | fileread $WORK_DIR/zloader.bin 8192 24576 $WORK_DIR/bootrom2.bin |
| 35 | fileread $WORK_DIR/zloader.bin 32768 0 $WORK_DIR/zloader3.bin |
| 36 | SignImage -z -i $WORK_DIR/bootrom1.bin -k $PRIVATE_KEY -t $HASH_STR |
| 37 | SignImage -z -i $WORK_DIR/bootrom2.bin -k $PRIVATE_KEY -t $HASH_STR |
| 38 | SignImage -z -i $WORK_DIR/zloader3.bin -k $PRIVATE_KEY -t $HASH_STR |
| 39 | cat $WORK_DIR/bootrom1.bin $WORK_DIR/bootrom2.bin $WORK_DIR/zloader3.bin > $WORK_DIR/zloader.bin |
| 40 | rm -v $WORK_DIR/bootrom1.bin $WORK_DIR/bootrom2.bin $WORK_DIR/zloader3.bin |
| 41 | else |
| 42 | #old v3t device for mdl/mifi etc. |
| 43 | SignImage -z -i $WORK_DIR/zloader.bin -k $PRIVATE_KEY -t $HASH_STR |
| 44 | fi |
| 45 | fi |
| 46 | echo "HASH_STR:" $HASH_STR |
| 47 | SignImage -r -i $WORK_DIR/uboot.bin -k $PRIVATE_KEY -t $HASH_STR |
| 48 | |
| 49 | # ap_rootfs.img ap_cpuap.bin |
| 50 | # --------------------------------------------------------------------------------------------------------------- |
| 51 | # | 640 Bytes | 640 Bytes | 64 Bytes | 64 Bytes | |
| 52 | # --------------------------------------------------------------------------------------------------------------- |
| 53 | # | ap_cpuap.bin signdata | ap_rootfs.img signdata | ap_rootfs.img mkimage header | ap_cpuap.bin mkimage header | |
| 54 | # --------------------------------------------------------------------------------------------------------------- |
| 55 | #mkimage -A arm -O linux -C none -T filesystem -a 0 -e 0 -n 'rootfs' -d $WORK_DIR/ap_rootfs.img $WORK_DIR/ap_rootfs_u.img |
| 56 | fileread $WORK_DIR/ap_cpuap.bin 1280 64 $WORK_DIR/rootfs_mkimage_header.img |
| 57 | cat $WORK_DIR/rootfs_mkimage_header.img $WORK_DIR/ap_rootfs.img > $WORK_DIR/ap_rootfs.u |
| 58 | SignImage -i $WORK_DIR/ap_rootfs.u -o $WORK_DIR/ap_rootfs.signed -k $PRIVATE_KEY -t $HASH_STR |
| 59 | fileread $WORK_DIR/ap_rootfs.signed 0 704 $WORK_DIR/ap_rootfs.sign |
| 60 | filewrite $WORK_DIR/ap_cpuap.bin 640 $WORK_DIR/ap_rootfs.sign $WORK_DIR/ap_cpuap.bin |
| 61 | SignImage -r -i $WORK_DIR/ap_cpuap.bin -k $PRIVATE_KEY -t $HASH_STR |
| 62 | |
| 63 | SignImage -r -i $WORK_DIR/evb_cpurpm.img -k $PRIVATE_KEY -t $HASH_STR |
| 64 | SignImage -r -i $WORK_DIR/evb_cpuphy.bin -k $PRIVATE_KEY -t $HASH_STR |
| 65 | SignImage -r -i $WORK_DIR/inter_ap_cpucap.bin -k $PRIVATE_KEY -t $HASH_STR |
| 66 | |
| 67 | if [ -f $WORK_DIR/ap_caprootfs.img.dm ]; then |
| 68 | echo "ap_caprootfs.img resign start" |
| 69 | rm -rf $WORK_DIR/verity && mkdir -p $WORK_DIR/verity |
| 70 | zxic_parse_squashfs_verity $WORK_DIR/ap_caprootfs.img.dm $WORK_DIR/verity/sign $WORK_DIR/verity/raw_table $WORK_DIR/verity/hash_tree_offset |
| 71 | SignImage -d -i $WORK_DIR/verity/raw_table -o $WORK_DIR/verity/raw_table.signed -k $PRIVATE_KEY -t $HASH_STR |
| 72 | fileseek $WORK_DIR/ap_caprootfs.img $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset |
| 73 | sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' ` |
| 74 | echo caprootfs sign_offset $sign_offset |
| 75 | filewrite $WORK_DIR/ap_caprootfs.img $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/ap_caprootfs.img |
| 76 | |
| 77 | #fix ap_caprootfs.img.dm |
| 78 | fileseek $WORK_DIR/ap_caprootfs.img.dm $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset |
| 79 | sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' ` |
| 80 | echo caprootfs dm sign_offset $sign_offset |
| 81 | filewrite $WORK_DIR/ap_caprootfs.img.dm $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/ap_caprootfs.img.dm |
| 82 | |
| 83 | echo "ap_caprootfs.img resign success" |
| 84 | fi |
| 85 | if [ -f $WORK_DIR/cap_oem.img.dm ]; then |
| 86 | echo "cap_oem.img resign start" |
| 87 | rm -rf $WORK_DIR/verity && mkdir -p $WORK_DIR/verity |
| 88 | zxic_parse_squashfs_verity $WORK_DIR/cap_oem.img.dm $WORK_DIR/verity/sign $WORK_DIR/verity/raw_table $WORK_DIR/verity/hash_tree_offset |
| 89 | SignImage -d -i $WORK_DIR/verity/raw_table -o $WORK_DIR/verity/raw_table.signed -k $PRIVATE_KEY -t $HASH_STR |
| 90 | fileseek $WORK_DIR/cap_oem.img $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset |
| 91 | sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' ` |
| 92 | echo oem sign_offset $sign_offset |
| 93 | filewrite $WORK_DIR/cap_oem.img $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/cap_oem.img |
| 94 | |
| 95 | #fix cap_oem.img.dm |
| 96 | fileseek $WORK_DIR/cap_oem.img.dm $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset |
| 97 | sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' ` |
| 98 | echo oem dm sign_offset $sign_offset |
| 99 | filewrite $WORK_DIR/cap_oem.img.dm $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/cap_oem.img.dm |
| 100 | echo "cap_oem.img resign success" |
| 101 | fi |
| 102 | |
| 103 | mv $WORK_DIR/inter_ap_cpucap.bin $WORK_DIR/ap_cpucap.bin |
| 104 | |
| 105 | rm -fv $WORK_DIR/ap_rootfs.u |
| 106 | rm -fv $WORK_DIR/ap_rootfs.sign |
| 107 | rm -fv $WORK_DIR/rootfs_mkimage_header.img |
| 108 | rm -fv $WORK_DIR/ap_rootfs.signed |
xf.li | 9d1a0e1 | 2023-09-20 01:43:20 -0700 | [diff] [blame^] | 109 | rm -fv $WORK_DIR/ap_imagefs*.img |
xf.li | aa4d92f | 2023-09-13 00:18:58 -0700 | [diff] [blame] | 110 | rm -fr $WORK_DIR/verity |