]>
Commit | Line | Data |
---|---|---|
033ab460 JK |
1 | #!/bin/sh |
2 | ||
3 | if [ -z "$1" ]; then | |
4 | echo "Usage: $0 KEY" | |
5 | exit 1 | |
6 | fi | |
7 | ||
47e7f128 JK |
8 | TOOLS_DIR=$(dirname $0) |
9 | ||
033ab460 JK |
10 | TEMP_X509=$(mktemp XXXXXXXX.temp) |
11 | ||
12 | REVISION=${2:-0} | |
13 | SHA_VAL=$(openssl dgst -sha512 -hex tispl.bin | sed -e "s/^.*= //g") | |
14 | BIN_SIZE=$(stat -c %s tispl.bin) | |
15 | ||
16 | cat <<EOF >$TEMP_X509 | |
17 | [ req ] | |
18 | distinguished_name = req_distinguished_name | |
19 | x509_extensions = v3_ca | |
20 | prompt = no | |
21 | dirstring_type = nobmp | |
22 | ||
23 | [ req_distinguished_name ] | |
24 | CN = IOT2050 Firmware Signature | |
25 | ||
26 | [ v3_ca ] | |
27 | basicConstraints = CA:true | |
28 | 1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv | |
29 | 1.3.6.1.4.1.294.1.34 = ASN1:SEQUENCE:sysfw_image_integrity | |
30 | ||
31 | [ swrv ] | |
32 | swrv = INTEGER:$REVISION | |
33 | ||
34 | [ sysfw_image_integrity ] | |
35 | shaType = OID:2.16.840.1.101.3.4.2.3 | |
36 | shaValue = FORMAT:HEX,OCT:$SHA_VAL | |
37 | imageSize = INTEGER:$BIN_SIZE | |
38 | EOF | |
39 | ||
40 | CERT_X509=$(mktemp XXXXXXXX.crt) | |
41 | ||
42 | openssl req -new -x509 -key $1 -nodes -outform DER -out $CERT_X509 -config $TEMP_X509 -sha512 | |
43 | cat $CERT_X509 tispl.bin > tispl.bin_signed | |
47e7f128 JK |
44 | $TOOLS_DIR/binman/binman replace -i flash-pg1.bin -f tispl.bin_signed fit@180000 |
45 | $TOOLS_DIR/binman/binman replace -i flash-pg2.bin -f tispl.bin_signed fit@180000 | |
033ab460 JK |
46 | |
47 | rm $TEMP_X509 $CERT_X509 | |
48 | ||
47e7f128 JK |
49 | $TOOLS_DIR/binman/binman sign -i flash-pg1.bin -k $1 -a sha256,rsa4096 fit@380000 |
50 | $TOOLS_DIR/binman/binman sign -i flash-pg2.bin -k $1 -a sha256,rsa4096 fit@380000 |