a8080f7acf8d32daa75cca3deb6a0b640c046b6e
1 #!/bin/bash
2 #
3 # Script to add x509 certificate to binary for K3
4 #
5 # Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
6 # Andrew F. Davis <afd@ti.com>
7 #
8 # Redistribution and use in source and binary forms, with or without
9 # modification, are permitted provided that the following conditions
10 # are met:
11 #
12 # Redistributions of source code must retain the above copyright
13 # notice, this list of conditions and the following disclaimer.
14 #
15 # Redistributions in binary form must reproduce the above copyright
16 # notice, this list of conditions and the following disclaimer in the
17 # documentation and/or other materials provided with the
18 # distribution.
19 #
20 # Neither the name of Texas Instruments Incorporated nor the names of
21 # its contributors may be used to endorse or promote products derived
22 # from this software without specific prior written permission.
23 #
24 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
25 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
26 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
27 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
28 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
29 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
30 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
34 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #
37 function fn_display_usage {
38 echo "Error: $1"
39 echo ""
40 echo "This script is used to secure a binary blob for the K3 platform."
41 echo ""
42 echo "Usage: secure-binary-image.sh <input-file-name> <output-file-name>"
43 echo ""
44 exit 1
45 }
47 # check if M-shield-DK tool is installed
48 PREFIX=..
49 CUSTOMERKEY=${PREFIX}/keys/custMpk.pem
50 if [ ! -f ${CUSTOMERKEY} ]; then
51 IFT=${TI_SECURE_DEV_PKG}/keys/custMpk.pem
52 if [ ! -f ${IFT} ]; then
53 fn_display_usage "Customer key cannot be found, correctly define TI_SECURE_DEV_PKG environment variable"
54 fi
55 PREFIX=${TI_SECURE_DEV_PKG}
56 fi
58 # Validate input parameters
59 if [ $# -lt 2 ]
60 then
61 fn_display_usage "missing parameter"
62 fi
64 # Parse input options
65 INPUT_FILE=$1
66 OUTPUT_FILE=$2
68 # Get input file info
69 HS_SHA_VALUE=$(openssl dgst -sha512 -hex $INPUT_FILE | sed -e "s/^.*= //g")
70 HS_IMAGE_SIZE=$(cat $INPUT_FILE | wc -c)
72 # Parameters to get populated into the x509 template
73 HS_SED_OPTS="-e s/TEST_IMAGE_LENGTH/${HS_IMAGE_SIZE}/ "
74 HS_SED_OPTS+="-e s/TEST_IMAGE_SHA_VAL/${HS_SHA_VALUE}/"
76 # Generate x509 certificate
77 cat ${PREFIX}/scripts/x509-template.txt | sed ${HS_SED_OPTS} > temp-x509.txt
78 openssl req -new -x509 -key ${PREFIX}/keys/custMpk.pem -nodes -outform DER -out temp-x509.cert -config temp-x509.txt -sha512
80 # Append x509 certificate
81 cat temp-x509.cert $INPUT_FILE > $OUTPUT_FILE
83 # Cleanup
84 rm -f temp-x509.txt temp-x509.cert