| Madhukar Pappireddy | 2f284e1 | 2021-08-30 16:06:14 -0500 | [diff] [blame] | 1 | #!/usr/bin/env bash |
| 2 | # |
| Jayanth Dodderi Chidanand | 4063699 | 2022-04-06 18:21:55 +0100 | [diff] [blame] | 3 | # Copyright (c) 2019-2022 Arm Limited. All rights reserved. |
| Madhukar Pappireddy | 2f284e1 | 2021-08-30 16:06:14 -0500 | [diff] [blame] | 4 | # |
| 5 | # SPDX-License-Identifier: BSD-3-Clause |
| 6 | # |
| 7 | |
| 8 | fetch_tf_resource() { |
| 9 | kernel_type="fvp-tc-kernel" get_kernel |
| 10 | initrd_type="fvp-tc-ramdisk" get_initrd |
| 11 | uart="1" set_primary="1" file="linux-rd-busybox.exp" track_expect |
| 12 | |
| 13 | payload_type="linux" gen_fvp_yaml_template |
| 14 | # Use SCP binary from SCP build if it exists, or fetch pre-built ones. |
| Nicola Mazzucato | d15f713 | 2021-10-27 14:56:34 +0100 | [diff] [blame] | 15 | if [ ! -f "$archive/scp_rom.bin" ]; then |
| Madhukar Pappireddy | 2f284e1 | 2021-08-30 16:06:14 -0500 | [diff] [blame] | 16 | # Pick the appropriate binary based on target platform variant |
| Jayanth Dodderi Chidanand | 4063699 | 2022-04-06 18:21:55 +0100 | [diff] [blame] | 17 | url="$scp_prebuilts/tc$plat_variant/release/tc$plat_variant-bl1.bin" saveas="scp_rom.bin" fetch_file |
| Nicola Mazzucato | d15f713 | 2021-10-27 14:56:34 +0100 | [diff] [blame] | 18 | archive_file "scp_rom.bin" |
| Madhukar Pappireddy | 2f284e1 | 2021-08-30 16:06:14 -0500 | [diff] [blame] | 19 | fi |
| 20 | |
| 21 | # Hold scp terminal_s0 |
| 22 | uart="0" file="hold_uart.exp" track_expect |
| Rupinderjit Singh | 8d4e1e4 | 2022-08-18 14:51:41 +0100 | [diff] [blame^] | 23 | |
| 24 | # RSS is applicable to TC2 |
| 25 | if [ $plat_variant -eq 2 ]; then |
| 26 | |
| 27 | sign_image() { |
| 28 | # $1 ... host binary name to sign |
| 29 | # $2 ... image load address |
| 30 | # $3 ... signed bin size |
| 31 | |
| 32 | local tmpdir="$(mktempdir)" |
| 33 | host_bin="`basename ${1}`" |
| 34 | signed_bin="signed_`basename ${1}`" |
| 35 | host_binary_layout="`basename -s .bin ${1}`_ns" |
| 36 | |
| 37 | # development PEM containing a key - use same key which is used for SCP BL1 in pre-built image |
| 38 | url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file |
| 39 | archive_file "root-RSA-3072.pem" |
| 40 | |
| 41 | RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem |
| 42 | RSS_SEC_CNTR_INIT_VAL=1 |
| 43 | RSS_LAYOUT_WRAPPER_VERSION="1.5.0" |
| 44 | |
| 45 | cat << EOF > $tmpdir/$host_binary_layout |
| 46 | enum image_attributes { |
| 47 | RE_IMAGE_LOAD_ADDRESS = $2, |
| 48 | RE_SIGN_BIN_SIZE = $3, |
| 49 | }; |
| 50 | EOF |
| 51 | |
| 52 | if [ ! -f $archive/$host_bin ]; then |
| 53 | echo "$archive/$host_bin does not exist. Aborting...!" |
| 54 | exit 1 |
| 55 | fi |
| 56 | |
| 57 | echo "Signing `basename ${1}`" |
| 58 | # Get mcuboot |
| 59 | git clone "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot |
| 60 | # Fetch wrapper script |
| 61 | saveas="$tmpdir" url="$tc_prebuilts/tc$plat_variant/wrapper_scripts" fetch_directory |
| 62 | |
| 63 | echo "Installing dependencies..." |
| 64 | pip3 install cryptography cbor2 intelhex |
| 65 | |
| 66 | pushd $tmpdir/mcuboot/scripts |
| 67 | python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \ |
| 68 | -v $RSS_LAYOUT_WRAPPER_VERSION \ |
| 69 | --layout $tmpdir/$host_binary_layout \ |
| 70 | -k $RSS_SIGN_PRIVATE_KEY \ |
| 71 | --public-key-format full \ |
| 72 | --align 1 \ |
| 73 | --pad \ |
| 74 | --pad-header \ |
| 75 | -H 0x1000 \ |
| 76 | -s $RSS_SEC_CNTR_INIT_VAL \ |
| 77 | $archive/$host_bin \ |
| 78 | $tmpdir/$signed_bin |
| 79 | |
| 80 | echo "created signed_`basename ${1}`" |
| 81 | url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file |
| 82 | archive_file "$signed_bin" |
| 83 | popd |
| 84 | } |
| 85 | |
| 86 | inject_bl1() { |
| 87 | # Get pre-built rss rom |
| 88 | if [ ! -f "$archive/rss_rom.bin" ]; then |
| 89 | url="$tc_prebuilts/tc$plat_variant/rss_rom.bin" fetch_file |
| 90 | archive_file "rss_rom.bin" |
| 91 | fi |
| 92 | |
| 93 | # Get pre-built rss flash |
| 94 | if [ ! -f "$archive/rss_flash.bin" ]; then |
| 95 | url="$tc_prebuilts/tc$plat_variant/rss_flash.bin" fetch_file |
| 96 | archive_file "rss_flash.bin" |
| 97 | fi |
| 98 | |
| 99 | # Inject signed AP bl1 into pre-built rss flash image bundle - both at primary and secondary locations. |
| 100 | dd if=$archive/$signed_bin of=$archive/rss_flash.bin bs=1 seek=$((0x240000)) conv=notrunc status=progress |
| 101 | dd if=$archive/$signed_bin of=$archive/rss_flash.bin bs=1 seek=$((0x340000)) conv=notrunc status=progress |
| 102 | } |
| 103 | |
| 104 | # sign AP bl1 |
| 105 | sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size |
| 106 | |
| 107 | # Inject signed bl1 to pre-built rss flash image |
| 108 | inject_bl1 |
| 109 | fi |
| Madhukar Pappireddy | 2f284e1 | 2021-08-30 16:06:14 -0500 | [diff] [blame] | 110 | } |