scripts: gen_x509_combined_cert: Introduce script for generating combined boot image

New Combined ROM image format consists of the following images: - R5 SBL - SYSFW image - SYSFW data Introduce script for creating this combined ROM image format Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
author: Lokesh Vutla 2020-08-11 16:33:07 -0500
committer: Dave Gerlach 2020-08-14 12:11:07 -0500
commit: 0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef (patch)
tree: 815f6296b1429cd268454ffba5671d815aad503f
parent: a8d5f684d000788a8e4e700c20bf7455110faf36 (diff)
download: k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.tar.gz
k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.tar.xz
k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.zip
2 files changed, 285 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 7ef72b49c..6e955dd71 100644
--- a/Makefile
+++ b/Makefile
@@ -176,6 +176,9 @@ soc_objs: $(SOC_OBJS)
 $(COMBINED_BRDCFG): $(SOC_BINS)
        python3 ./scripts/sysfw_boardcfg_blob_creator.py -b $(soc_objroot)/board-cfg.bin -s $(soc_objroot)/sec-cfg.bin -p $(soc_objroot)/pm-cfg.bin -r $(soc_objroot)/rm-cfg.bin -o $@
+tiboot3.bin: $(SBL) $(SYSFW_PATH) $(COMBINED_BRDCFG)
+        ./scripts/gen_x509_combined_cert.sh -b $(SBL) -l $(SBL_LOADADDDR) -s $(SYSFW_PATH) -m 0x40000 -d $(COMBINED_BRDCFG) -n $(COMBINED_BRDCFG_LOADADDR) -k $(KEY) -o $@
 $(soc_objroot)/%.o: %.c
        $(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@-pre-validated $<
        python3 ./scripts/sysfw_boardcfg_validator.py -b $@-pre-validated -i -o $@ -s $(SOC) -l $@.log
diff --git a/scripts/gen_x509_combined_cert.sh b/scripts/gen_x509_combined_cert.sh
new file mode 100755
index 000000000..3fed87b0b
--- /dev/null
+++ b/scripts/gen_x509_combined_cert.sh
@@ -0,0 +1,282 @@
+#!/bin/bash
+#
+# Script to add x509 certificate to binary/ELF
+#
+# Copyright (C) 2020 Texas Instruments Incorporated - https://www.ti.com/
+#
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions
+#  are met:
+#
+#    Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#    Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the
+#    distribution.
+#
+#    Neither the name of Texas Instruments Incorporated nor the names of
+#    its contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Variables
+VALID_SHAS="sha256 sha384 sha512 sha224"
+OUTPUT=x509-firmware.bin
+TEMP_X509=x509-temp.cert
+CERT=certificate.bin
+RAND_KEY=eckey.pem
+VALID_ROM_CORES="r5 m3"
+VALID_DMSC_CORES="r5-00 r5-01 a53-00 a53-01 a53-10 a53-11"
+SHA=sha512
+CORE=m3
+LOADADDR=0x00040000
+VALID_MASTERS="rom dmsc"
+declare -A sha_oids
+sha_oids["sha256"]=2.16.840.1.101.3.4.2.1
+sha_oids["sha384"]=2.16.840.1.101.3.4.2.2
+sha_oids["sha512"]=2.16.840.1.101.3.4.2.3
+sha_oids["sha224"]=2.16.840.1.101.3.4.2.4
+declare -A core_ids
+core_ids["r5-00"]=0x01
+gen_key() {
+        openssl ecparam -out $RAND_KEY -name prime256v1 -genkey
+        KEY=$RAND_KEY
+}
+declare -A options_help
+usage() {
+        if [ -n "$*" ]; then
+                echo "ERROR: $*"
+        fi
+        echo -n "Usage: $0 "
+        for option in "${!options_help[@]}"
+        do
+                arg=`echo ${options_help[$option]}|cut -d ':' -f1`
+                if [ -n "$arg" ]; then
+                        arg=" $arg"
+                fi
+                echo -n "[-$option$arg] "
+        done
+        echo
+        echo -e "\nWhere:"
+        for option in "${!options_help[@]}"
+        do
+                arg=`echo ${options_help[$option]}|cut -d ':' -f1`
+                txt=`echo ${options_help[$option]}|cut -d ':' -f2`
+                tb="\t\t\t"
+                if [ -n "$arg" ]; then
+                        arg=" $arg"
+                        tb="\t"
+                fi
+                echo -e "   -$option$arg:$tb$txt"
+        done
+        echo
+        echo "Examples of usage:-"
+        echo "# Example of generation a combined boot image"
+        echo "    $0 -b u-boot-spl.bin -l 0x41c00000 -s ti-sci-firmware-j7200-gp-vlab.bin -m 0x40000 -d combined-cfg.bin -n 0x7f000 -o tiboot3.bin"
+}
+options_help[b]="Boot Loader:Bin file corresponding to boot loader on R5"
+options_help[l]="SBL loadaddress: R5 Bootloader load address"
+options_help[s]="SYSFW: Bin file corresponding to sysfw image"
+options_help[m]="SYSFW loadaddress: SYSFW image load address"
+options_help[d]="SYSFW_DATA: Bin file corresponding to combined board configurations"
+options_help[n]="SYSFW_DATA loadaddr: Combine board configuration load address"
+options_help[k]="key_file:file with key inside it. If not provided script generates a random key."
+while getopts "b:l:s:m:d:n:k:o:h" opt
+do
+        case $opt in
+        b)
+                SBL=$OPTARG
+        ;;
+        l)
+                SBL_LOADADDR=$OPTARG
+        ;;
+        s)
+                SYSFW=$OPTARG
+        ;;
+        m)
+                SYSFW_LOADADDR=$OPTARG
+        ;;
+        d)
+                SYSFW_DATA=$OPTARG
+        ;;
+        n)
+                SYSFW_DATA_LOADADDR=$OPTARG
+        ;;
+        k)
+                KEY=$OPTARG
+        ;;
+        o)
+                OUTPUT=$OPTARG
+        ;;
+        h)
+                usage
+                exit 0
+        ;;
+        \?)
+                usage "Invalid Option '-$OPTARG'"
+                exit 1
+        ;;
+        :)
+                usage "Option '-$OPTARG' Needs an argument."
+                exit 1
+        ;;
+        esac
+done
+if [ "$#" -eq 0 ]
+then
+        usage "Arguments missing"
+        exit 1
+fi
+if [ -z "$SBL" -o -z "$SBL_LOADADDR" ]; then
+        usage "Bootloader and its loadaddr are compulsory"
+        exit 1
+fi
+if [ -z "$SYSFW" -o -z "$SYSFW_LOADADDR" ]; then
+        usage "SYSFW and its loadaddr are compulsory"
+        exit 1
+fi
+if [ -z "$SYSFW_DATA" -o -z "$SYSFW_DATA_LOADADDR" ]; then
+        usage "SYSFW board configuration and its loadaddr are compulsory"
+        exit 1
+fi
+# Generate random key if user doesn't provide a key
+if [ -z "$KEY" ]; then
+        gen_key
+fi
+SHA_OID=${sha_oids["$SHA"]}
+SBL_SHA_VAL=`openssl dgst -$SHA -hex $SBL | sed -e "s/^.*= //g"`
+SBL_SIZE=`cat $SBL | wc -c`
+SBL_ADDR=`printf "%08x" $SBL_LOADADDR`
+SYSFW_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW | sed -e "s/^.*= //g"`
+SYSFW_SIZE=`cat $SYSFW | wc -c`
+SYSFW_ADDR=`printf "%08x" $SYSFW_LOADADDR`
+SYSFW_DATA_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW_DATA | sed -e "s/^.*= //g"`
+SYSFW_DATA_SIZE=`cat $SYSFW_DATA | wc -c`
+SYSFW_DATA_ADDR=`printf "%08x" $SYSFW_DATA_LOADADDR`
+TOTAL_SIZE=$(expr $SBL_SIZE + $SYSFW_SIZE + $SYSFW_DATA_SIZE)
+# Generate x509 Template
+gen_template() {
+cat << 'EOF' > $TEMP_X509
+ [ req ]
+ distinguished_name     = req_distinguished_name
+ x509_extensions        = v3_ca
+ prompt                 = no
+ dirstring_type         = nobmp
+ [ req_distinguished_name ]
+ C                      = US
+ ST                     = TX
+ L                      = Dallas
+ O                      = Texas Instruments Incorporated
+ OU                     = Processors
+ CN                     = TI Support
+ emailAddress           = support@ti.com
+ [ v3_ca ]
+ basicConstraints = CA:true
+ 1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
+ 1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
+ [swrv]
+ swrv=INTEGER:0
+ [ext_boot_info]
+ extImgSize=INTEGER:TOTAL_IMAGE_LENGTH
+ numComp=INTEGER:3
+ sbl=SEQUENCE:sbl
+ sysfw=SEQUENCE:sysfw
+ sysfw_data=SEQUENCE:sysfw_data
+ [sbl]
+ compType = INTEGER:1
+ bootCore = INTEGER:16
+ compOpts = INTEGER:0
+ destAddr = FORMAT:HEX,OCT:SBL_DEST_ADDR
+ compSize = INTEGER:SBL_IMAGE_SIZE
+ shaType  = OID:SBL_IMAGE_SHA_OID
+ shaValue = FORMAT:HEX,OCT:SBL_IMAGE_SHA_VAL
+ [sysfw]
+ compType = INTEGER:2
+ bootCore = INTEGER:0
+ compOpts = INTEGER:0
+ destAddr = FORMAT:HEX,OCT:SYSFW_DEST_ADDR
+ compSize = INTEGER:SYSFW_IMAGE_SIZE
+ shaType  = OID:SYSFW_IMAGE_SHA_OID
+ shaValue = FORMAT:HEX,OCT:SYSFW_IMAGE_SHA_VAL
+ [sysfw_data]
+ compType = INTEGER:18
+ bootCore = INTEGER:0
+ compOpts = INTEGER:0
+ destAddr = FORMAT:HEX,OCT:SYSFW_DATA_DEST_ADDR
+ compSize = INTEGER:SYSFW_DATA_IMAGE_SIZE
+ shaType  = OID:SYSFW_DATA_IMAGE_SHA_OID
+ shaValue = FORMAT:HEX,OCT:SYSFW_DATA_IMAGE_SHA_VAL
+EOF
+}
+gen_cert() {
+        echo "Certificate being generated :"
+        #echo $SBL_ADDR $SBL_SIZE $SBL_SHA_VAL
+        sed -i "s/SBL_DEST_ADDR/$SBL_ADDR/"  $TEMP_X509
+        sed -i "s/SBL_IMAGE_SIZE/$SBL_SIZE/" $TEMP_X509
+        sed -i "s/SBL_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
+        sed -i "s/SBL_IMAGE_SHA_VAL/$SBL_SHA_VAL/" $TEMP_X509
+        #echo $SYSFW_ADDR $SYSFW_SIZE $SYSFW_SHA_VAL
+        sed -i "s/SYSFW_DEST_ADDR/$SYSFW_ADDR/" $TEMP_X509
+        sed -i "s/SYSFW_IMAGE_SIZE/$SYSFW_SIZE/" $TEMP_X509
+        sed -i "s/SYSFW_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
+        sed -i "s/SYSFW_IMAGE_SHA_VAL/$SYSFW_SHA_VAL/" $TEMP_X509
+        #echo $SYSFW_DATA_ADDR $SYSFW_DATA_SIZE $SYSFW_DATA_SHA_VAL
+        sed -i "s/SYSFW_DATA_DEST_ADDR/$SYSFW_DATA_ADDR/" $TEMP_X509
+        sed -i "s/SYSFW_DATA_IMAGE_SIZE/$SYSFW_DATA_SIZE/" $TEMP_X509
+        sed -i "s/SYSFW_DATA_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
+        sed -i "s/SYSFW_DATA_IMAGE_SHA_VAL/$SYSFW_DATA_SHA_VAL/" $TEMP_X509
+        #echo $TOTAL_SIZE
+        sed -i "s/TOTAL_IMAGE_LENGTH/$TOTAL_SIZE/" $TEMP_X509
+        openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config $TEMP_X509 -$SHA
+}
+gen_template
+gen_cert
+cat $CERT $SBL $SYSFW $SYSFW_DATA > $OUTPUT
+echo "SUCCESS: Image $OUTPUT generated."
+# Remove all intermediate files
+rm $TEMP_X509 $CERT
+if [ "$KEY" == "$RAND_KEY" ]; then
+        rm $RAND_KEY
+fi
author	Lokesh Vutla	2020-08-11 16:33:07 -0500
committer	Dave Gerlach	2020-08-14 12:11:07 -0500
commit	0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef (patch)
tree	815f6296b1429cd268454ffba5671d815aad503f
parent	a8d5f684d000788a8e4e700c20bf7455110faf36 (diff)
download	k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.tar.gz k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.tar.xz k3-image-gen-0a2aa9e6e0a843c40eea51dc5a0bb53ff83f14ef.zip

diff --git a/Makefile b/Makefile index 7ef72b49c..6e955dd71 100644 --- a/Makefile +++ b/Makefile
@@ -176,6 +176,9 @@ soc_objs: $(SOC_OBJS)
176	$(COMBINED_BRDCFG): $(SOC_BINS)	176	$(COMBINED_BRDCFG): $(SOC_BINS)
177	python3 ./scripts/sysfw_boardcfg_blob_creator.py -b $(soc_objroot)/board-cfg.bin -s $(soc_objroot)/sec-cfg.bin -p $(soc_objroot)/pm-cfg.bin -r $(soc_objroot)/rm-cfg.bin -o $@	177	python3 ./scripts/sysfw_boardcfg_blob_creator.py -b $(soc_objroot)/board-cfg.bin -s $(soc_objroot)/sec-cfg.bin -p $(soc_objroot)/pm-cfg.bin -r $(soc_objroot)/rm-cfg.bin -o $@
178		178
		179	tiboot3.bin: $(SBL) $(SYSFW_PATH) $(COMBINED_BRDCFG)
		180	./scripts/gen_x509_combined_cert.sh -b $(SBL) -l $(SBL_LOADADDDR) -s $(SYSFW_PATH) -m 0x40000 -d $(COMBINED_BRDCFG) -n $(COMBINED_BRDCFG_LOADADDR) -k $(KEY) -o $@
		181
179	$(soc_objroot)/%.o: %.c	182	$(soc_objroot)/%.o: %.c
180	$(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@-pre-validated $<	183	$(CROSS_COMPILE)gcc $(CFLAGS) -c -o $@-pre-validated $<
181	python3 ./scripts/sysfw_boardcfg_validator.py -b $@-pre-validated -i -o $@ -s $(SOC) -l $@.log	184	python3 ./scripts/sysfw_boardcfg_validator.py -b $@-pre-validated -i -o $@ -s $(SOC) -l $@.log


diff --git a/scripts/gen_x509_combined_cert.sh b/scripts/gen_x509_combined_cert.sh new file mode 100755 index 000000000..3fed87b0b --- /dev/null +++ b/scripts/gen_x509_combined_cert.sh
@@ -0,0 +1,282 @@
		1	#!/bin/bash
		2	#
		3	# Script to add x509 certificate to binary/ELF
		4	#
		5	# Copyright (C) 2020 Texas Instruments Incorporated - https://www.ti.com/
		6	#
		7	# Redistribution and use in source and binary forms, with or without
		8	# modification, are permitted provided that the following conditions
		9	# are met:
		10	#
		11	# Redistributions of source code must retain the above copyright
		12	# notice, this list of conditions and the following disclaimer.
		13	#
		14	# Redistributions in binary form must reproduce the above copyright
		15	# notice, this list of conditions and the following disclaimer in the
		16	# documentation and/or other materials provided with the
		17	# distribution.
		18	#
		19	# Neither the name of Texas Instruments Incorporated nor the names of
		20	# its contributors may be used to endorse or promote products derived
		21	# from this software without specific prior written permission.
		22	#
		23	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
		24	# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
		25	# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
		26	# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
		27	# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		28	# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
		29	# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
		30	# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
		31	# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		32	# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
		33	# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		34	#
		35
		36	# Variables
		37	VALID_SHAS="sha256 sha384 sha512 sha224"
		38	OUTPUT=x509-firmware.bin
		39	TEMP_X509=x509-temp.cert
		40	CERT=certificate.bin
		41	RAND_KEY=eckey.pem
		42	VALID_ROM_CORES="r5 m3"
		43	VALID_DMSC_CORES="r5-00 r5-01 a53-00 a53-01 a53-10 a53-11"
		44	SHA=sha512
		45	CORE=m3
		46	LOADADDR=0x00040000
		47	VALID_MASTERS="rom dmsc"
		48
		49	declare -A sha_oids
		50	sha_oids["sha256"]=2.16.840.1.101.3.4.2.1
		51	sha_oids["sha384"]=2.16.840.1.101.3.4.2.2
		52	sha_oids["sha512"]=2.16.840.1.101.3.4.2.3
		53	sha_oids["sha224"]=2.16.840.1.101.3.4.2.4
		54
		55	declare -A core_ids
		56	core_ids["r5-00"]=0x01
		57
		58	gen_key() {
		59	openssl ecparam -out $RAND_KEY -name prime256v1 -genkey
		60	KEY=$RAND_KEY
		61	}
		62
		63	declare -A options_help
		64	usage() {
		65	if [ -n "$*" ]; then
		66	echo "ERROR: $*"
		67	fi
		68	echo -n "Usage: $0 "
		69	for option in "${!options_help[@]}"
		70	do
		71	arg=`echo ${options_help[$option]}\|cut -d ':' -f1`
		72	if [ -n "$arg" ]; then
		73	arg=" $arg"
		74	fi
		75	echo -n "[-$option$arg] "
		76	done
		77	echo
		78	echo -e "\nWhere:"
		79	for option in "${!options_help[@]}"
		80	do
		81	arg=`echo ${options_help[$option]}\|cut -d ':' -f1`
		82	txt=`echo ${options_help[$option]}\|cut -d ':' -f2`
		83	tb="\t\t\t"
		84	if [ -n "$arg" ]; then
		85	arg=" $arg"
		86	tb="\t"
		87	fi
		88	echo -e " -$option$arg:$tb$txt"
		89	done
		90	echo
		91	echo "Examples of usage:-"
		92	echo "# Example of generation a combined boot image"
		93	echo " $0 -b u-boot-spl.bin -l 0x41c00000 -s ti-sci-firmware-j7200-gp-vlab.bin -m 0x40000 -d combined-cfg.bin -n 0x7f000 -o tiboot3.bin"
		94	}
		95
		96	options_help[b]="Boot Loader:Bin file corresponding to boot loader on R5"
		97	options_help[l]="SBL loadaddress: R5 Bootloader load address"
		98	options_help[s]="SYSFW: Bin file corresponding to sysfw image"
		99	options_help[m]="SYSFW loadaddress: SYSFW image load address"
		100	options_help[d]="SYSFW_DATA: Bin file corresponding to combined board configurations"
		101	options_help[n]="SYSFW_DATA loadaddr: Combine board configuration load address"
		102	options_help[k]="key_file:file with key inside it. If not provided script generates a random key."
		103
		104	while getopts "b:l:s:m:d:n:k:o:h" opt
		105	do
		106	case $opt in
		107	b)
		108	SBL=$OPTARG
		109	;;
		110	l)
		111	SBL_LOADADDR=$OPTARG
		112	;;
		113	s)
		114	SYSFW=$OPTARG
		115	;;
		116	m)
		117	SYSFW_LOADADDR=$OPTARG
		118	;;
		119	d)
		120	SYSFW_DATA=$OPTARG
		121	;;
		122	n)
		123	SYSFW_DATA_LOADADDR=$OPTARG
		124	;;
		125	k)
		126	KEY=$OPTARG
		127	;;
		128	o)
		129	OUTPUT=$OPTARG
		130	;;
		131	h)
		132	usage
		133	exit 0
		134	;;
		135	\?)
		136	usage "Invalid Option '-$OPTARG'"
		137	exit 1
		138	;;
		139	:)
		140	usage "Option '-$OPTARG' Needs an argument."
		141	exit 1
		142	;;
		143	esac
		144	done
		145
		146	if [ "$#" -eq 0 ]
		147	then
		148	usage "Arguments missing"
		149	exit 1
		150	fi
		151
		152	if [ -z "$SBL" -o -z "$SBL_LOADADDR" ]; then
		153	usage "Bootloader and its loadaddr are compulsory"
		154	exit 1
		155	fi
		156
		157	if [ -z "$SYSFW" -o -z "$SYSFW_LOADADDR" ]; then
		158	usage "SYSFW and its loadaddr are compulsory"
		159	exit 1
		160	fi
		161
		162	if [ -z "$SYSFW_DATA" -o -z "$SYSFW_DATA_LOADADDR" ]; then
		163	usage "SYSFW board configuration and its loadaddr are compulsory"
		164	exit 1
		165	fi
		166
		167	# Generate random key if user doesn't provide a key
		168	if [ -z "$KEY" ]; then
		169	gen_key
		170	fi
		171
		172	SHA_OID=${sha_oids["$SHA"]}
		173
		174	SBL_SHA_VAL=`openssl dgst -$SHA -hex $SBL \| sed -e "s/^.*= //g"`
		175	SBL_SIZE=`cat $SBL \| wc -c`
		176	SBL_ADDR=`printf "%08x" $SBL_LOADADDR`
		177
		178	SYSFW_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW \| sed -e "s/^.*= //g"`
		179	SYSFW_SIZE=`cat $SYSFW \| wc -c`
		180	SYSFW_ADDR=`printf "%08x" $SYSFW_LOADADDR`
		181
		182	SYSFW_DATA_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW_DATA \| sed -e "s/^.*= //g"`
		183	SYSFW_DATA_SIZE=`cat $SYSFW_DATA \| wc -c`
		184	SYSFW_DATA_ADDR=`printf "%08x" $SYSFW_DATA_LOADADDR`
		185	TOTAL_SIZE=$(expr $SBL_SIZE + $SYSFW_SIZE + $SYSFW_DATA_SIZE)
		186
		187	# Generate x509 Template
		188	gen_template() {
		189	cat << 'EOF' > $TEMP_X509
		190	[ req ]
		191	distinguished_name = req_distinguished_name
		192	x509_extensions = v3_ca
		193	prompt = no
		194	dirstring_type = nobmp
		195
		196	[ req_distinguished_name ]
		197	C = US
		198	ST = TX
		199	L = Dallas
		200	O = Texas Instruments Incorporated
		201	OU = Processors
		202	CN = TI Support
		203	emailAddress = support@ti.com
		204
		205
		206	[ v3_ca ]
		207	basicConstraints = CA:true
		208	1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
		209	1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
		210
		211	[swrv]
		212	swrv=INTEGER:0
		213
		214	[ext_boot_info]
		215	extImgSize=INTEGER:TOTAL_IMAGE_LENGTH
		216	numComp=INTEGER:3
		217	sbl=SEQUENCE:sbl
		218	sysfw=SEQUENCE:sysfw
		219	sysfw_data=SEQUENCE:sysfw_data
		220
		221	[sbl]
		222	compType = INTEGER:1
		223	bootCore = INTEGER:16
		224	compOpts = INTEGER:0
		225	destAddr = FORMAT:HEX,OCT:SBL_DEST_ADDR
		226	compSize = INTEGER:SBL_IMAGE_SIZE
		227	shaType = OID:SBL_IMAGE_SHA_OID
		228	shaValue = FORMAT:HEX,OCT:SBL_IMAGE_SHA_VAL
		229
		230	[sysfw]
		231	compType = INTEGER:2
		232	bootCore = INTEGER:0
		233	compOpts = INTEGER:0
		234	destAddr = FORMAT:HEX,OCT:SYSFW_DEST_ADDR
		235	compSize = INTEGER:SYSFW_IMAGE_SIZE
		236	shaType = OID:SYSFW_IMAGE_SHA_OID
		237	shaValue = FORMAT:HEX,OCT:SYSFW_IMAGE_SHA_VAL
		238
		239	[sysfw_data]
		240	compType = INTEGER:18
		241	bootCore = INTEGER:0
		242	compOpts = INTEGER:0
		243	destAddr = FORMAT:HEX,OCT:SYSFW_DATA_DEST_ADDR
		244	compSize = INTEGER:SYSFW_DATA_IMAGE_SIZE
		245	shaType = OID:SYSFW_DATA_IMAGE_SHA_OID
		246	shaValue = FORMAT:HEX,OCT:SYSFW_DATA_IMAGE_SHA_VAL
		247	EOF
		248	}
		249
		250	gen_cert() {
		251	echo "Certificate being generated :"
		252	#echo $SBL_ADDR $SBL_SIZE $SBL_SHA_VAL
		253	sed -i "s/SBL_DEST_ADDR/$SBL_ADDR/" $TEMP_X509
		254	sed -i "s/SBL_IMAGE_SIZE/$SBL_SIZE/" $TEMP_X509
		255	sed -i "s/SBL_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
		256	sed -i "s/SBL_IMAGE_SHA_VAL/$SBL_SHA_VAL/" $TEMP_X509
		257	#echo $SYSFW_ADDR $SYSFW_SIZE $SYSFW_SHA_VAL
		258	sed -i "s/SYSFW_DEST_ADDR/$SYSFW_ADDR/" $TEMP_X509
		259	sed -i "s/SYSFW_IMAGE_SIZE/$SYSFW_SIZE/" $TEMP_X509
		260	sed -i "s/SYSFW_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
		261	sed -i "s/SYSFW_IMAGE_SHA_VAL/$SYSFW_SHA_VAL/" $TEMP_X509
		262	#echo $SYSFW_DATA_ADDR $SYSFW_DATA_SIZE $SYSFW_DATA_SHA_VAL
		263	sed -i "s/SYSFW_DATA_DEST_ADDR/$SYSFW_DATA_ADDR/" $TEMP_X509
		264	sed -i "s/SYSFW_DATA_IMAGE_SIZE/$SYSFW_DATA_SIZE/" $TEMP_X509
		265	sed -i "s/SYSFW_DATA_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
		266	sed -i "s/SYSFW_DATA_IMAGE_SHA_VAL/$SYSFW_DATA_SHA_VAL/" $TEMP_X509
		267	#echo $TOTAL_SIZE
		268	sed -i "s/TOTAL_IMAGE_LENGTH/$TOTAL_SIZE/" $TEMP_X509
		269	openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config $TEMP_X509 -$SHA
		270	}
		271
		272	gen_template
		273	gen_cert
		274	cat $CERT $SBL $SYSFW $SYSFW_DATA > $OUTPUT
		275
		276	echo "SUCCESS: Image $OUTPUT generated."
		277
		278	# Remove all intermediate files
		279	rm $TEMP_X509 $CERT
		280	if [ "$KEY" == "$RAND_KEY" ]; then
		281	rm $RAND_KEY
		282	fi