#!/bin/bash -e
# Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved.
# For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md
usage() {
cat << ==usage
Usage: $(basename "$0") [cst_path] [elf2sb_path] [srk_table] [csf_key] [img_key] [file]
cst_path: NXP cst tool path
elf2sb_path: NXP elf2sb tool path
srk_table: SRK table binary file
csf_key: CSF key
img_key: Image sign key
file: File to sign
==usage
exit 1
}
# Generate SRK file from the template
#param in SRK template input
#param SRK output file
gen_srk_from_template() {
sed "s|startAddress =.*|startAddress=0x80ff0000;|g
s|\${SRK_INDEX}|0|g
s|\${SRK_TABLE}|${SRK_TABLE}|g
s|\${CSF_KEY}|${CSF_KEY}|g
s|\${IMG_KEY}|${IMG_KEY}|g
" "$1" > $2
}
if [ $# -ne 6 ]; then
echo "Error! Invalid argument count"
usage
exit 1
fi
CST_PATH="$1"
ELF2SB_PATH="$2"
SRK_TABLE="$3"
CSF_KEY="$4"
IMG_KEY="$5"
FILE_TO_SIGN="$6"
# Script root dir
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
#File search
if [ ! -f "$FILE_TO_SIGN" ]; then
echo "Error! Unable to find file to signature"
exit 1
fi
#temporary authenticated file HAB
TEMP_HAB_FILE="$(mktemp)"
# Generate SRK template
gen_srk_from_template "$SCRIPT_DIR/../config/imx_authenticated_hab.cmake_template" "$TEMP_HAB_FILE"
# Generate SHA 256 binary signature
openssl dgst -binary -sha256 "$FILE_TO_SIGN" > "$FILE_TO_SIGN.sig"
# Minimum size of binary is 4k
truncate -s 4k "${FILE_TO_SIGN}.sig"
# Convert to srec (acceptable by the tool)
arm-none-eabi-objcopy --change-addresses=0x80ff1000 --input-target=binary --output-target=srec "$FILE_TO_SIGN.sig" "$FILE_TO_SIGN.srec"
rm "$FILE_TO_SIGN.sig"
# Final signing using the tool
"$SCRIPT_DIR/../config/elftosb_wrapper.sh" "$ELF2SB_PATH" "$CST_PATH" -f imx -V -c "$TEMP_HAB_FILE" -o "$FILE_TO_SIGN.sig" "$FILE_TO_SIGN.srec"
# Remove temporary files generated by the NXP tools
rm "$TEMP_HAB_FILE" csf.bin input.csf "${FILE_TO_SIGN}_nopadding.sig" "${FILE_TO_SIGN}.srec" temp.bin