summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/gen_x509_combined_cert.sh')
-rwxr-xr-xscripts/gen_x509_combined_cert.sh282
1 files changed, 282 insertions, 0 deletions
diff --git a/scripts/gen_x509_combined_cert.sh b/scripts/gen_x509_combined_cert.sh
new file mode 100755
index 000000000..3fed87b0b
--- /dev/null
+++ b/scripts/gen_x509_combined_cert.sh
@@ -0,0 +1,282 @@
1#!/bin/bash
2#
3# Script to add x509 certificate to binary/ELF
4#
5# Copyright (C) 2020 Texas Instruments Incorporated - https://www.ti.com/
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10#
11# Redistributions of source code must retain the above copyright
12# notice, this list of conditions and the following disclaimer.
13#
14# Redistributions in binary form must reproduce the above copyright
15# notice, this list of conditions and the following disclaimer in the
16# documentation and/or other materials provided with the
17# distribution.
18#
19# Neither the name of Texas Instruments Incorporated nor the names of
20# its contributors may be used to endorse or promote products derived
21# from this software without specific prior written permission.
22#
23# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
33# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34#
35
36# Variables
37VALID_SHAS="sha256 sha384 sha512 sha224"
38OUTPUT=x509-firmware.bin
39TEMP_X509=x509-temp.cert
40CERT=certificate.bin
41RAND_KEY=eckey.pem
42VALID_ROM_CORES="r5 m3"
43VALID_DMSC_CORES="r5-00 r5-01 a53-00 a53-01 a53-10 a53-11"
44SHA=sha512
45CORE=m3
46LOADADDR=0x00040000
47VALID_MASTERS="rom dmsc"
48
49declare -A sha_oids
50sha_oids["sha256"]=2.16.840.1.101.3.4.2.1
51sha_oids["sha384"]=2.16.840.1.101.3.4.2.2
52sha_oids["sha512"]=2.16.840.1.101.3.4.2.3
53sha_oids["sha224"]=2.16.840.1.101.3.4.2.4
54
55declare -A core_ids
56core_ids["r5-00"]=0x01
57
58gen_key() {
59 openssl ecparam -out $RAND_KEY -name prime256v1 -genkey
60 KEY=$RAND_KEY
61}
62
63declare -A options_help
64usage() {
65 if [ -n "$*" ]; then
66 echo "ERROR: $*"
67 fi
68 echo -n "Usage: $0 "
69 for option in "${!options_help[@]}"
70 do
71 arg=`echo ${options_help[$option]}|cut -d ':' -f1`
72 if [ -n "$arg" ]; then
73 arg=" $arg"
74 fi
75 echo -n "[-$option$arg] "
76 done
77 echo
78 echo -e "\nWhere:"
79 for option in "${!options_help[@]}"
80 do
81 arg=`echo ${options_help[$option]}|cut -d ':' -f1`
82 txt=`echo ${options_help[$option]}|cut -d ':' -f2`
83 tb="\t\t\t"
84 if [ -n "$arg" ]; then
85 arg=" $arg"
86 tb="\t"
87 fi
88 echo -e " -$option$arg:$tb$txt"
89 done
90 echo
91 echo "Examples of usage:-"
92 echo "# Example of generation a combined boot image"
93 echo " $0 -b u-boot-spl.bin -l 0x41c00000 -s ti-sci-firmware-j7200-gp-vlab.bin -m 0x40000 -d combined-cfg.bin -n 0x7f000 -o tiboot3.bin"
94}
95
96options_help[b]="Boot Loader:Bin file corresponding to boot loader on R5"
97options_help[l]="SBL loadaddress: R5 Bootloader load address"
98options_help[s]="SYSFW: Bin file corresponding to sysfw image"
99options_help[m]="SYSFW loadaddress: SYSFW image load address"
100options_help[d]="SYSFW_DATA: Bin file corresponding to combined board configurations"
101options_help[n]="SYSFW_DATA loadaddr: Combine board configuration load address"
102options_help[k]="key_file:file with key inside it. If not provided script generates a random key."
103
104while getopts "b:l:s:m:d:n:k:o:h" opt
105do
106 case $opt in
107 b)
108 SBL=$OPTARG
109 ;;
110 l)
111 SBL_LOADADDR=$OPTARG
112 ;;
113 s)
114 SYSFW=$OPTARG
115 ;;
116 m)
117 SYSFW_LOADADDR=$OPTARG
118 ;;
119 d)
120 SYSFW_DATA=$OPTARG
121 ;;
122 n)
123 SYSFW_DATA_LOADADDR=$OPTARG
124 ;;
125 k)
126 KEY=$OPTARG
127 ;;
128 o)
129 OUTPUT=$OPTARG
130 ;;
131 h)
132 usage
133 exit 0
134 ;;
135 \?)
136 usage "Invalid Option '-$OPTARG'"
137 exit 1
138 ;;
139 :)
140 usage "Option '-$OPTARG' Needs an argument."
141 exit 1
142 ;;
143 esac
144done
145
146if [ "$#" -eq 0 ]
147then
148 usage "Arguments missing"
149 exit 1
150fi
151
152if [ -z "$SBL" -o -z "$SBL_LOADADDR" ]; then
153 usage "Bootloader and its loadaddr are compulsory"
154 exit 1
155fi
156
157if [ -z "$SYSFW" -o -z "$SYSFW_LOADADDR" ]; then
158 usage "SYSFW and its loadaddr are compulsory"
159 exit 1
160fi
161
162if [ -z "$SYSFW_DATA" -o -z "$SYSFW_DATA_LOADADDR" ]; then
163 usage "SYSFW board configuration and its loadaddr are compulsory"
164 exit 1
165fi
166
167# Generate random key if user doesn't provide a key
168if [ -z "$KEY" ]; then
169 gen_key
170fi
171
172SHA_OID=${sha_oids["$SHA"]}
173
174SBL_SHA_VAL=`openssl dgst -$SHA -hex $SBL | sed -e "s/^.*= //g"`
175SBL_SIZE=`cat $SBL | wc -c`
176SBL_ADDR=`printf "%08x" $SBL_LOADADDR`
177
178SYSFW_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW | sed -e "s/^.*= //g"`
179SYSFW_SIZE=`cat $SYSFW | wc -c`
180SYSFW_ADDR=`printf "%08x" $SYSFW_LOADADDR`
181
182SYSFW_DATA_SHA_VAL=`openssl dgst -$SHA -hex $SYSFW_DATA | sed -e "s/^.*= //g"`
183SYSFW_DATA_SIZE=`cat $SYSFW_DATA | wc -c`
184SYSFW_DATA_ADDR=`printf "%08x" $SYSFW_DATA_LOADADDR`
185TOTAL_SIZE=$(expr $SBL_SIZE + $SYSFW_SIZE + $SYSFW_DATA_SIZE)
186
187# Generate x509 Template
188gen_template() {
189cat << 'EOF' > $TEMP_X509
190 [ req ]
191 distinguished_name = req_distinguished_name
192 x509_extensions = v3_ca
193 prompt = no
194 dirstring_type = nobmp
195
196 [ req_distinguished_name ]
197 C = US
198 ST = TX
199 L = Dallas
200 O = Texas Instruments Incorporated
201 OU = Processors
202 CN = TI Support
203 emailAddress = support@ti.com
204
205
206 [ v3_ca ]
207 basicConstraints = CA:true
208 1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
209 1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
210
211 [swrv]
212 swrv=INTEGER:0
213
214 [ext_boot_info]
215 extImgSize=INTEGER:TOTAL_IMAGE_LENGTH
216 numComp=INTEGER:3
217 sbl=SEQUENCE:sbl
218 sysfw=SEQUENCE:sysfw
219 sysfw_data=SEQUENCE:sysfw_data
220
221 [sbl]
222 compType = INTEGER:1
223 bootCore = INTEGER:16
224 compOpts = INTEGER:0
225 destAddr = FORMAT:HEX,OCT:SBL_DEST_ADDR
226 compSize = INTEGER:SBL_IMAGE_SIZE
227 shaType = OID:SBL_IMAGE_SHA_OID
228 shaValue = FORMAT:HEX,OCT:SBL_IMAGE_SHA_VAL
229
230 [sysfw]
231 compType = INTEGER:2
232 bootCore = INTEGER:0
233 compOpts = INTEGER:0
234 destAddr = FORMAT:HEX,OCT:SYSFW_DEST_ADDR
235 compSize = INTEGER:SYSFW_IMAGE_SIZE
236 shaType = OID:SYSFW_IMAGE_SHA_OID
237 shaValue = FORMAT:HEX,OCT:SYSFW_IMAGE_SHA_VAL
238
239 [sysfw_data]
240 compType = INTEGER:18
241 bootCore = INTEGER:0
242 compOpts = INTEGER:0
243 destAddr = FORMAT:HEX,OCT:SYSFW_DATA_DEST_ADDR
244 compSize = INTEGER:SYSFW_DATA_IMAGE_SIZE
245 shaType = OID:SYSFW_DATA_IMAGE_SHA_OID
246 shaValue = FORMAT:HEX,OCT:SYSFW_DATA_IMAGE_SHA_VAL
247EOF
248}
249
250gen_cert() {
251 echo "Certificate being generated :"
252 #echo $SBL_ADDR $SBL_SIZE $SBL_SHA_VAL
253 sed -i "s/SBL_DEST_ADDR/$SBL_ADDR/" $TEMP_X509
254 sed -i "s/SBL_IMAGE_SIZE/$SBL_SIZE/" $TEMP_X509
255 sed -i "s/SBL_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
256 sed -i "s/SBL_IMAGE_SHA_VAL/$SBL_SHA_VAL/" $TEMP_X509
257 #echo $SYSFW_ADDR $SYSFW_SIZE $SYSFW_SHA_VAL
258 sed -i "s/SYSFW_DEST_ADDR/$SYSFW_ADDR/" $TEMP_X509
259 sed -i "s/SYSFW_IMAGE_SIZE/$SYSFW_SIZE/" $TEMP_X509
260 sed -i "s/SYSFW_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
261 sed -i "s/SYSFW_IMAGE_SHA_VAL/$SYSFW_SHA_VAL/" $TEMP_X509
262 #echo $SYSFW_DATA_ADDR $SYSFW_DATA_SIZE $SYSFW_DATA_SHA_VAL
263 sed -i "s/SYSFW_DATA_DEST_ADDR/$SYSFW_DATA_ADDR/" $TEMP_X509
264 sed -i "s/SYSFW_DATA_IMAGE_SIZE/$SYSFW_DATA_SIZE/" $TEMP_X509
265 sed -i "s/SYSFW_DATA_IMAGE_SHA_OID/$SHA_OID/" $TEMP_X509
266 sed -i "s/SYSFW_DATA_IMAGE_SHA_VAL/$SYSFW_DATA_SHA_VAL/" $TEMP_X509
267 #echo $TOTAL_SIZE
268 sed -i "s/TOTAL_IMAGE_LENGTH/$TOTAL_SIZE/" $TEMP_X509
269 openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config $TEMP_X509 -$SHA
270}
271
272gen_template
273gen_cert
274cat $CERT $SBL $SYSFW $SYSFW_DATA > $OUTPUT
275
276echo "SUCCESS: Image $OUTPUT generated."
277
278# Remove all intermediate files
279rm $TEMP_X509 $CERT
280if [ "$KEY" == "$RAND_KEY" ]; then
281 rm $RAND_KEY
282fi