OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Script to resign a firmware image using a different set of keys | 7 # Script to resign a firmware image using a different set of keys |
8 # for use on signing servers. | 8 # for use on signing servers. |
9 # | 9 # |
10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock | 10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock |
11 # | 11 # |
12 # src_fd: Input firmware image (in .fd format) | 12 # src_fd: Input firmware image (in .fd format) |
13 # dst_fd: output firmware image name | 13 # dst_fd: output firmware image name |
14 # firmware_datakey: Key used to sign firmware data (in .vbprivk format) | 14 # firmware_datakey: Key used to sign firmware data (in .vbprivk format) |
15 # firmware_keyblock: Key block for firmware data key (in .keyblock format) | 15 # firmware_keyblock: Key block for firmware data key (in .keyblock format) |
16 # | 16 # |
17 # Both the fmap_decode tool and vbutil_firmware should be in the system path. | 17 # Both the mosys tool and vbutil_firmware should be in the system path. |
18 # | 18 # |
19 # This script parses the output of fmap_decode tool from the Flashmap project | 19 # This script parses the output of mosys tool from |
20 # http://code.google.com/p/flashmap | 20 # http://code.google.com/p/mosys |
21 # | 21 # |
22 # to determine the regions in the image containing "Firmware [A|B] Data" and | 22 # to determine the regions in the image containing "Firmware [A|B] Data" and |
23 # "Firmware [A|B] Key", which contain firmware data and firmware vblocks | 23 # "Firmware [A|B] Key", which contain firmware data and firmware vblocks |
24 # respectively. It will then generate new vblocks using the set of keys | 24 # respectively. It will then generate new vblocks using the set of keys |
25 # passed as arguments and output a new firmware image, with this new firmware | 25 # passed as arguments and output a new firmware image, with this new firmware |
26 # vblocks the old ones. | 26 # vblocks the old ones. |
27 # | 27 # |
28 # Here is an example output of fmap_decode: | 28 # Here is an example output of mosys: |
29 # | 29 # |
30 # area_offset="0x001c0000" area_size="0x00040000" area_name="Boot Stub" \ | 30 # area_offset="0x001c0000" area_size="0x00040000" area_name="Boot Stub" \ |
31 # area_flags_raw="0x01" area_flags="static" | 31 # area_flags_raw="0x01" area_flags="static" |
32 # area_offset="0x001a0000" area_size="0x00020000" area_name="GBB Area" \ | 32 # area_offset="0x001a0000" area_size="0x00020000" area_name="GBB Area" \ |
33 # area_flags_raw="0x01" area_flags="static" | 33 # area_flags_raw="0x01" area_flags="static" |
34 # area_offset="0x00008000" area_size="0x00002000" area_name="Firmware A Key" \ | 34 # area_offset="0x00008000" area_size="0x00002000" area_name="Firmware A Key" \ |
35 # area_flags_raw="0x01" area_flags="static" | 35 # area_flags_raw="0x01" area_flags="static" |
36 # area_offset="0x0000a000" area_size="0x0009e000" area_name="Firmware A Data" \ | 36 # area_offset="0x0000a000" area_size="0x0009e000" area_name="Firmware A Data" \ |
37 # area_flags_raw="0x03" area_flags="static,compressed" | 37 # area_flags_raw="0x03" area_flags="static,compressed" |
38 # area_offset="0x000a8000" area_size="0x00002000" area_name="Firmware B Key" \ | 38 # area_offset="0x000a8000" area_size="0x00002000" area_name="Firmware B Key" \ |
(...skipping 15 matching lines...) Expand all Loading... |
54 set -e | 54 set -e |
55 | 55 |
56 # Check arguments | 56 # Check arguments |
57 if [ $# -ne 5 ] ; then | 57 if [ $# -ne 5 ] ; then |
58 echo \ | 58 echo \ |
59 "Usage: $0 src_fd dst_fd firmware_datakey firmware_keyblock kernel_subkey" | 59 "Usage: $0 src_fd dst_fd firmware_datakey firmware_keyblock kernel_subkey" |
60 exit 1 | 60 exit 1 |
61 fi | 61 fi |
62 | 62 |
63 # Make sure the tools we need are available. | 63 # Make sure the tools we need are available. |
64 for prog in fmap_decode vbutil_firmware; do | 64 for prog in mosys vbutil_firmware; do |
65 type -P "${prog}" &>/dev/null || \ | 65 type -P "${prog}" &>/dev/null || \ |
66 { echo "${prog} tool not found."; exit 1; } | 66 { echo "${prog} tool not found."; exit 1; } |
67 done | 67 done |
68 | 68 |
69 src_fd=$1 | 69 src_fd=$1 |
70 dst_fd=$2 | 70 dst_fd=$2 |
71 firmware_datakey=$3 | 71 firmware_datakey=$3 |
72 firmware_keyblock=$4 | 72 firmware_keyblock=$4 |
73 kernel_subkey=$5 | 73 kernel_subkey=$5 |
74 | 74 |
75 # TODO(gauravsh): Figure out where the version comes from. | 75 # TODO(gauravsh): Figure out where the version comes from. |
76 # Do we rev it manually? | 76 # Do we rev it manually? |
77 VERSION=1 | 77 VERSION=1 |
78 | 78 |
79 # Parse offsets and size of firmware data and vblocks | 79 # Parse offsets and size of firmware data and vblocks |
80 for i in "A" "B" | 80 for i in "A" "B" |
81 do | 81 do |
82 match_str="$i Key" | 82 match_str="$i Key" |
83 line=$(fmap_decode $1 | grep "$match_str") | 83 line=$(mosys -f -k eeprom map $1 | grep "$match_str") |
84 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" | 84 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" |
85 eval let \ | 85 eval let \ |
86 fw${i}_vblock_offset="$offset" | 86 fw${i}_vblock_offset="$offset" |
87 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" | 87 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" |
88 eval let \ | 88 eval let \ |
89 fw${i}_vblock_size="$size" | 89 fw${i}_vblock_size="$size" |
90 | 90 |
91 match_str="$i Data" | 91 match_str="$i Data" |
92 line=$(fmap_decode $1 | grep "$match_str") | 92 line=$(mosys -f -k eeprom map $1 | grep "$match_str") |
93 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" | 93 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" |
94 eval let \ | 94 eval let \ |
95 fw${i}_offset="$offset" | 95 fw${i}_offset="$offset" |
96 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" | 96 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" |
97 eval let \ | 97 eval let \ |
98 fw${i}_size="$size" | 98 fw${i}_size="$size" |
99 done | 99 done |
100 | 100 |
101 temp_fwimage=$(make_temp_file) | 101 temp_fwimage=$(make_temp_file) |
102 temp_out_vb=$(make_temp_file) | 102 temp_out_vb=$(make_temp_file) |
(...skipping 26 matching lines...) Expand all Loading... |
129 --signprivate "${firmware_datakey}" \ | 129 --signprivate "${firmware_datakey}" \ |
130 --version "${VERSION}" \ | 130 --version "${VERSION}" \ |
131 --fv "${temp_fwimage}" \ | 131 --fv "${temp_fwimage}" \ |
132 --kernelkey "${kernel_subkey}" | 132 --kernelkey "${kernel_subkey}" |
133 | 133 |
134 # Destination image has already been created. | 134 # Destination image has already been created. |
135 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwB_vblock_offset}" bs=1 \ | 135 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwB_vblock_offset}" bs=1 \ |
136 count="${fwB_vblock_size}" conv=notrunc | 136 count="${fwB_vblock_size}" conv=notrunc |
137 | 137 |
138 echo "New signed image was output to ${dst_fd}" | 138 echo "New signed image was output to ${dst_fd}" |
OLD | NEW |