]>
git.ipfire.org Git - thirdparty/u-boot.git/blob - tools/iot2050-sign-fw.sh
8 TEMP_X509
=$
(mktemp XXXXXXXX.temp
)
11 SHA_VAL
=$
(openssl dgst
-sha512 -hex tispl.bin |
sed -e "s/^.*= //g")
12 BIN_SIZE
=$
(stat
-c %s tispl.bin
)
16 distinguished_name = req_distinguished_name
17 x509_extensions = v3_ca
19 dirstring_type = nobmp
21 [ req_distinguished_name ]
22 CN = IOT2050 Firmware Signature
25 basicConstraints = CA:true
26 1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
27 1.3.6.1.4.1.294.1.34 = ASN1:SEQUENCE:sysfw_image_integrity
30 swrv = INTEGER:$REVISION
32 [ sysfw_image_integrity ]
33 shaType = OID:2.16.840.1.101.3.4.2.3
34 shaValue = FORMAT:HEX,OCT:$SHA_VAL
35 imageSize = INTEGER:$BIN_SIZE
38 CERT_X509
=$
(mktemp XXXXXXXX.crt
)
40 openssl req
-new -x509 -key $1 -nodes -outform DER
-out $CERT_X509 -config $TEMP_X509 -sha512
41 cat $CERT_X509 tispl.bin
> tispl.bin_signed
42 # currently broken in upstream
43 #source/tools/binman/binman replace -i flash.bin -f tispl.bin_signed blob@0x180000
44 dd if=tispl.bin_signed of
=flash.bin bs
=$
((0x1000)) seek
=$
((0x180000/0x1000)) conv
=notrunc
46 rm $TEMP_X509 $CERT_X509
48 tools
/mkimage
-G $1 -r -o sha256
,rsa4096
-F fit@
0x380000.fit
49 # currently broken in upstream
50 #source/tools/binman/binman replace -i flash.bin -f fit@0x380000.fit fit@0x380000
51 dd if=fit@
0x380000.fit of
=flash.bin bs
=$
((0x1000)) seek
=$
((0x380000/0x1000)) conv
=notrunc