projects / security-development-tools / core-secdev-k3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9eecc3e)
Read software revision information from file master
authorAndrew Davis <afd@ti.com>
Thu, 7 Jul 2022 17:19:12 +0000 (12:19 -0500)
committerAndrew Davis <afd@ti.com>
Thu, 7 Jul 2022 17:19:12 +0000 (12:19 -0500)
Add a file containing the software revision to use for images signed by
this tool. We put this in a file over using an environment variable or
hard-coding it so the revision can be read by other external tooling.

Set the default to 1, this is lowest revision allowed by ROM on newer
K3 devices.

Signed-off-by: Andrew Davis <afd@ti.com>
keys/swrv.txt [new file with mode: 0644] patch | blob
scripts/secure-binary-image.sh patch | blob | history
scripts/x509-template.txt patch | blob | history

diff --git a/keys/swrv.txt b/keys/swrv.txt
new file mode 100644 (file)
index 0000000..d00491f
--- /dev/null
+++ b/keys/swrv.txt
@@ -0,0 +1 @@
+1
diff --git a/scripts/secure-binary-image.sh b/scripts/secure-binary-image.sh
index 36d5da1ac3500eac28a8cb094a1f6ef944ac0f6a..f17cdfd1f52d8e3c6077acab8fa21d043fcd4387 100755 (executable)
--- a/scripts/secure-binary-image.sh
+++ b/scripts/secure-binary-image.sh
@@ -44,7 +44,7 @@ function fn_display_usage {
        exit 1
 }
 
-# check if M-shield-DK tool is installed
+# check where this tool is installed
 PREFIX=..
 CUSTOMERKEY=${PREFIX}/keys/custMpk.pem
 if [ ! -f ${CUSTOMERKEY} ]; then
@@ -69,9 +69,13 @@ OUTPUT_FILE=$2
 HS_SHA_VALUE=$(openssl dgst -sha512 -hex $INPUT_FILE | sed -e "s/^.*= //g")
 HS_IMAGE_SIZE=$(cat $INPUT_FILE | wc -c)
 
+# Get software revision info
+HS_SWRV=$(cat ${PREFIX}/keys/swrv.txt)
+
 # Parameters to get populated into the x509 template
 HS_SED_OPTS="-e s/TEST_IMAGE_LENGTH/${HS_IMAGE_SIZE}/ "
-HS_SED_OPTS+="-e s/TEST_IMAGE_SHA_VAL/${HS_SHA_VALUE}/"
+HS_SED_OPTS+="-e s/TEST_IMAGE_SHA_VAL/${HS_SHA_VALUE}/ "
+HS_SED_OPTS+="-e s/TEST_SWRV/${HS_SWRV}/ "
 TMPX509=$(mktemp) || exit 1
 cat ${PREFIX}/scripts/x509-template.txt | sed ${HS_SED_OPTS} > ${TMPX509}
 
diff --git a/scripts/x509-template.txt b/scripts/x509-template.txt
index cb3e5d17a0215f80eca771cf533c59462dc2f21d..4cf37565a086d4b4f83cc38812f53a0b7de079db 100644 (file)
--- a/scripts/x509-template.txt
+++ b/scripts/x509-template.txt
@@ -20,7 +20,7 @@ basicConstraints       = CA:true
 1.3.6.1.4.1.294.1.35   = ASN1:SEQUENCE:sysfw_image_load
 
 [ swrv ]
-swrv = INTEGER:0
+swrv = INTEGER:TEST_SWRV
 
 [ sysfw_image_integrity ]
 shaType                = OID:2.16.840.1.101.3.4.2.3
Development tools for High-Security(HS) TI processors. Security development package provided for CoreSDK for K3 platform devices.