Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9d1a0e121234a7fd2844e8583174b8662dbaad4b / . / allbins / tools / resign_tool / resign.sh
blob: 7423a2112f28754586deaf4d0d985859b9dc85f0 [file] [log] [blame]
xf.liaa4d92f2023-09-13 00:18:58 -0700[diff] [blame]1#!/bin/bash
2
3set -e
4
5if [ $# -lt 2 ]; then
6 echo "$0 private_key work_dir"
7 exit -1
8fi
9
10PRIVATE_KEY=$1
11WORK_DIR=$2
12#v3t for old device, sha256 is not supported, only md5
13DEVICE=$3
14HASH_STR="sha256"
15
16echo "PRIVATE_KEY:" $PRIVATE_KEY
17echo "WORK_DIR:" $WORK_DIR
18
19#ap_cpucap name changed for checking errors
20if [ -f $WORK_DIR/ap_cpucap.bin ]; then
21 mv $WORK_DIR/ap_cpucap.bin $WORK_DIR/inter_ap_cpucap.bin
22fi
23# vehicle device zloader.bin structure
24# ---------------------------------------------------------------
25# | 8 KB | 24 KB | 8KB |
26# ---------------------------------------------------------------
27# | bootrom1.bin | bootrom2.bin | zloader3.bin |
28# ---------------------------------------------------------------
29if [ x"$DEVICE" = x"v3t" ]; then
30 HASH_STR="md5"
31 if [ `ls -s $WORK_DIR/zloader.bin | awk '{print $1}'` -gt 32 ]; then
32 #old v3t device for vehicle
33 fileread $WORK_DIR/zloader.bin 0 8192 $WORK_DIR/bootrom1.bin
34 fileread $WORK_DIR/zloader.bin 8192 24576 $WORK_DIR/bootrom2.bin
35 fileread $WORK_DIR/zloader.bin 32768 0 $WORK_DIR/zloader3.bin
36 SignImage -z -i $WORK_DIR/bootrom1.bin -k $PRIVATE_KEY -t $HASH_STR
37 SignImage -z -i $WORK_DIR/bootrom2.bin -k $PRIVATE_KEY -t $HASH_STR
38 SignImage -z -i $WORK_DIR/zloader3.bin -k $PRIVATE_KEY -t $HASH_STR
39 cat $WORK_DIR/bootrom1.bin $WORK_DIR/bootrom2.bin $WORK_DIR/zloader3.bin > $WORK_DIR/zloader.bin
40 rm -v $WORK_DIR/bootrom1.bin $WORK_DIR/bootrom2.bin $WORK_DIR/zloader3.bin
41 else
42 #old v3t device for mdl/mifi etc.
43 SignImage -z -i $WORK_DIR/zloader.bin -k $PRIVATE_KEY -t $HASH_STR
44 fi
45fi
46echo "HASH_STR:" $HASH_STR
47SignImage -r -i $WORK_DIR/uboot.bin -k $PRIVATE_KEY -t $HASH_STR
48
49# ap_rootfs.img ap_cpuap.bin
50# ---------------------------------------------------------------------------------------------------------------
51# | 640 Bytes | 640 Bytes | 64 Bytes | 64 Bytes |
52# ---------------------------------------------------------------------------------------------------------------
53# | ap_cpuap.bin signdata | ap_rootfs.img signdata | ap_rootfs.img mkimage header | ap_cpuap.bin mkimage header |
54# ---------------------------------------------------------------------------------------------------------------
55#mkimage -A arm -O linux -C none -T filesystem -a 0 -e 0 -n 'rootfs' -d $WORK_DIR/ap_rootfs.img $WORK_DIR/ap_rootfs_u.img
56fileread $WORK_DIR/ap_cpuap.bin 1280 64 $WORK_DIR/rootfs_mkimage_header.img
57cat $WORK_DIR/rootfs_mkimage_header.img $WORK_DIR/ap_rootfs.img > $WORK_DIR/ap_rootfs.u
58SignImage -i $WORK_DIR/ap_rootfs.u -o $WORK_DIR/ap_rootfs.signed -k $PRIVATE_KEY -t $HASH_STR
59fileread $WORK_DIR/ap_rootfs.signed 0 704 $WORK_DIR/ap_rootfs.sign
60filewrite $WORK_DIR/ap_cpuap.bin 640 $WORK_DIR/ap_rootfs.sign $WORK_DIR/ap_cpuap.bin
61SignImage -r -i $WORK_DIR/ap_cpuap.bin -k $PRIVATE_KEY -t $HASH_STR
62
63SignImage -r -i $WORK_DIR/evb_cpurpm.img -k $PRIVATE_KEY -t $HASH_STR
64SignImage -r -i $WORK_DIR/evb_cpuphy.bin -k $PRIVATE_KEY -t $HASH_STR
65SignImage -r -i $WORK_DIR/inter_ap_cpucap.bin -k $PRIVATE_KEY -t $HASH_STR
66
67if [ -f $WORK_DIR/ap_caprootfs.img.dm ]; then
68 echo "ap_caprootfs.img resign start"
69 rm -rf $WORK_DIR/verity && mkdir -p $WORK_DIR/verity
70 zxic_parse_squashfs_verity $WORK_DIR/ap_caprootfs.img.dm $WORK_DIR/verity/sign $WORK_DIR/verity/raw_table $WORK_DIR/verity/hash_tree_offset
71 SignImage -d -i $WORK_DIR/verity/raw_table -o $WORK_DIR/verity/raw_table.signed -k $PRIVATE_KEY -t $HASH_STR
72 fileseek $WORK_DIR/ap_caprootfs.img $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset
73 sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' `
74 echo caprootfs sign_offset $sign_offset
75 filewrite $WORK_DIR/ap_caprootfs.img $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/ap_caprootfs.img
76
77 #fix ap_caprootfs.img.dm
78 fileseek $WORK_DIR/ap_caprootfs.img.dm $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset
79 sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' `
80 echo caprootfs dm sign_offset $sign_offset
81 filewrite $WORK_DIR/ap_caprootfs.img.dm $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/ap_caprootfs.img.dm
82
83 echo "ap_caprootfs.img resign success"
84fi
85if [ -f $WORK_DIR/cap_oem.img.dm ]; then
86 echo "cap_oem.img resign start"
87 rm -rf $WORK_DIR/verity && mkdir -p $WORK_DIR/verity
88 zxic_parse_squashfs_verity $WORK_DIR/cap_oem.img.dm $WORK_DIR/verity/sign $WORK_DIR/verity/raw_table $WORK_DIR/verity/hash_tree_offset
89 SignImage -d -i $WORK_DIR/verity/raw_table -o $WORK_DIR/verity/raw_table.signed -k $PRIVATE_KEY -t $HASH_STR
90 fileseek $WORK_DIR/cap_oem.img $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset
91 sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' `
92 echo oem sign_offset $sign_offset
93 filewrite $WORK_DIR/cap_oem.img $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/cap_oem.img
94
95 #fix cap_oem.img.dm
96 fileseek $WORK_DIR/cap_oem.img.dm $WORK_DIR/verity/sign > $WORK_DIR/verity/sign_offset
97 sign_offset=` sed -n '/found/p' $WORK_DIR/verity/sign_offset | awk '{print $2}' `
98 echo oem dm sign_offset $sign_offset
99 filewrite $WORK_DIR/cap_oem.img.dm $sign_offset $WORK_DIR/verity/raw_table.signed $WORK_DIR/cap_oem.img.dm
100 echo "cap_oem.img resign success"
101fi
102
103mv $WORK_DIR/inter_ap_cpucap.bin $WORK_DIR/ap_cpucap.bin
104
105rm -fv $WORK_DIR/ap_rootfs.u
106rm -fv $WORK_DIR/ap_rootfs.sign
107rm -fv $WORK_DIR/rootfs_mkimage_header.img
108rm -fv $WORK_DIR/ap_rootfs.signed
xf.li9d1a0e12023-09-20 01:43:20 -0700[diff] [blame^]109rm -fv $WORK_DIR/ap_imagefs*.img
xf.liaa4d92f2023-09-13 00:18:58 -0700[diff] [blame]110rm -fr $WORK_DIR/verity