[thirdparty/u-boot.git] / tools / iot2050-sign-fw.sh

#!/bin/sh

if [ -z "$1" ]; then
	echo "Usage: $0 KEY"
	exit 1
fi

TOOLS_DIR=$(dirname $0)

TEMP_X509=$(mktemp XXXXXXXX.temp)

REVISION=${2:-0}
SHA_VAL=$(openssl dgst -sha512 -hex tispl.bin | sed -e "s/^.*= //g")
BIN_SIZE=$(stat -c %s tispl.bin)

cat <<EOF >$TEMP_X509
[ req ]
distinguished_name     = req_distinguished_name
x509_extensions        = v3_ca
prompt                 = no
dirstring_type         = nobmp

[ req_distinguished_name ]
CN                     = IOT2050 Firmware Signature

[ v3_ca ]
basicConstraints       = CA:true
1.3.6.1.4.1.294.1.3    = ASN1:SEQUENCE:swrv
1.3.6.1.4.1.294.1.34   = ASN1:SEQUENCE:sysfw_image_integrity

[ swrv ]
swrv = INTEGER:$REVISION

[ sysfw_image_integrity ]
shaType                = OID:2.16.840.1.101.3.4.2.3
shaValue               = FORMAT:HEX,OCT:$SHA_VAL
imageSize              = INTEGER:$BIN_SIZE
EOF

CERT_X509=$(mktemp XXXXXXXX.crt)

openssl req -new -x509 -key $1 -nodes -outform DER -out $CERT_X509 -config $TEMP_X509 -sha512
cat $CERT_X509 tispl.bin > tispl.bin_signed
$TOOLS_DIR/binman/binman replace -i flash-pg1.bin -f tispl.bin_signed fit@180000
$TOOLS_DIR/binman/binman replace -i flash-pg2.bin -f tispl.bin_signed fit@180000

rm $TEMP_X509 $CERT_X509

$TOOLS_DIR/binman/binman sign -i flash-pg1.bin -k $1 -a sha256,rsa4096 fit@380000
$TOOLS_DIR/binman/binman sign -i flash-pg2.bin -k $1 -a sha256,rsa4096 fit@380000
Commit	Line	Data
033ab460 JK	1	#!/bin/sh
	2
	3	if [ -z "$1" ]; then
	4	echo "Usage: $0 KEY"
	5	exit 1
	6	fi
	7
47e7f128 JK	8	TOOLS_DIR=$(dirname $0)
47e7f128 JK	9
033ab460 JK	10	TEMP_X509=$(mktemp XXXXXXXX.temp)
	11
	12	REVISION=${2:-0}
	13	SHA_VAL=$(openssl dgst -sha512 -hex tispl.bin \| sed -e "s/^.*= //g")
	14	BIN_SIZE=$(stat -c %s tispl.bin)
	15
	16	cat <<EOF >$TEMP_X509
	17	[ req ]
	18	distinguished_name = req_distinguished_name
	19	x509_extensions = v3_ca
	20	prompt = no
	21	dirstring_type = nobmp
	22
	23	[ req_distinguished_name ]
	24	CN = IOT2050 Firmware Signature
	25
	26	[ v3_ca ]
	27	basicConstraints = CA:true
	28	1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
	29	1.3.6.1.4.1.294.1.34 = ASN1:SEQUENCE:sysfw_image_integrity
	30
	31	[ swrv ]
	32	swrv = INTEGER:$REVISION
	33
	34	[ sysfw_image_integrity ]
	35	shaType = OID:2.16.840.1.101.3.4.2.3
	36	shaValue = FORMAT:HEX,OCT:$SHA_VAL
	37	imageSize = INTEGER:$BIN_SIZE
	38	EOF
	39
	40	CERT_X509=$(mktemp XXXXXXXX.crt)
	41
	42	openssl req -new -x509 -key $1 -nodes -outform DER -out $CERT_X509 -config $TEMP_X509 -sha512
	43	cat $CERT_X509 tispl.bin > tispl.bin_signed
47e7f128 JK	44	$TOOLS_DIR/binman/binman replace -i flash-pg1.bin -f tispl.bin_signed fit@180000
47e7f128 JK	45	$TOOLS_DIR/binman/binman replace -i flash-pg2.bin -f tispl.bin_signed fit@180000
033ab460 JK	46
	47	rm $TEMP_X509 $CERT_X509
	48
47e7f128 JK	49	$TOOLS_DIR/binman/binman sign -i flash-pg1.bin -k $1 -a sha256,rsa4096 fit@380000
47e7f128 JK	50	$TOOLS_DIR/binman/binman sign -i flash-pg2.bin -k $1 -a sha256,rsa4096 fit@380000