#!/bin/bash -e # Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved. # For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md usage() { cat << ==usage Usage: $(basename "$0") [cst_path] [elf2sb_path] [srk_table] [csf_key] [img_key] [file] cst_path: NXP cst tool path elf2sb_path: NXP elf2sb tool path srk_table: SRK table binary file csf_key: CSF key img_key: Image sign key file: File to sign ==usage exit 1 } # Generate SRK file from the template #param in SRK template input #param SRK output file gen_srk_from_template() { sed "s|startAddress =.*|startAddress=0x80ff0000;|g s|\${SRK_INDEX}|0|g s|\${SRK_TABLE}|${SRK_TABLE}|g s|\${CSF_KEY}|${CSF_KEY}|g s|\${IMG_KEY}|${IMG_KEY}|g " "$1" > $2 } if [ $# -ne 6 ]; then echo "Error! Invalid argument count" usage exit 1 fi CST_PATH="$1" ELF2SB_PATH="$2" SRK_TABLE="$3" CSF_KEY="$4" IMG_KEY="$5" FILE_TO_SIGN="$6" # Script root dir SCRIPT_DIR=$(dirname "$(readlink -f "$0")") #File search if [ ! -f "$FILE_TO_SIGN" ]; then echo "Error! Unable to find file to signature" exit 1 fi #temporary authenticated file HAB TEMP_HAB_FILE="$(mktemp)" # Generate SRK template gen_srk_from_template "$SCRIPT_DIR/../config/imx_authenticated_hab.cmake_template" "$TEMP_HAB_FILE" # Generate SHA 256 binary signature openssl dgst -binary -sha256 "$FILE_TO_SIGN" > "$FILE_TO_SIGN.sig" # Minimum size of binary is 4k truncate -s 4k "${FILE_TO_SIGN}.sig" # Convert to srec (acceptable by the tool) arm-none-eabi-objcopy --change-addresses=0x80ff1000 --input-target=binary --output-target=srec "$FILE_TO_SIGN.sig" "$FILE_TO_SIGN.srec" rm "$FILE_TO_SIGN.sig" # Final signing using the tool "$SCRIPT_DIR/../config/elftosb_wrapper.sh" "$ELF2SB_PATH" "$CST_PATH" -f imx -V -c "$TEMP_HAB_FILE" -o "$FILE_TO_SIGN.sig" "$FILE_TO_SIGN.srec" # Remove temporary files generated by the NXP tools rm "$TEMP_HAB_FILE" csf.bin input.csf "${FILE_TO_SIGN}_nopadding.sig" "${FILE_TO_SIGN}.srec" temp.bin