TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 3d3b51d2e0308ecbee455a57d15a0fd21ece51a2 / . / boot / cypress / run_toc2_generator.sh
blob: c8f65f3f32209a97c8252c87a1042d467acdeb6a [file] [log] [blame]
Roman Okhrimenko977b3752022-03-31 14:40:48 +0300[diff] [blame]1#!/bin/bash
2(set -o igncr) 2>/dev/null && set -o igncr; #keep this comment
3
4echo_run() { echo "\$ ${@/eval/}" ; "$@" ; }
5
6# set -vx
7
8# parameters
9# 1. secure/non-secure
10# 2. path to app
11# 3. app name
12# 4. app type
13# 5. path to keys
14# 6. smif config file
15
16# additional mcuboot makefile param
17# 7. gcc toolchain path
18# 8. path to policy
19# 9. default application slot size
20# 10. enable encryption
Roman Okhrimenko883cb5b2024-03-28 17:22:33 +0200[diff] [blame]21# 11. platform (CYW20829 or CYW89829)
22# 12. service application descriptor address
Roman Okhrimenko977b3752022-03-31 14:40:48 +0300[diff] [blame]23
24# Combined image configuration
25LCS=$1
26: ${LCS:="NORMAL_NO_SECURE"}
27
28# Path to the image and image name for programming (the extension must be bin)
29L1_USER_APP_BIN="$2/$3.bin"
30: ${L1_USER_APP_BIN:="blinky.bin"}
31
32if [ "$LCS" == "SECURE" ]; then
33L1_USER_APP_BIN_SIGN="$2/$3.signed.bin"
34: ${L1_USER_APP_BIN_SIGN:="blinky.signed.bin"}
35fi
36
37L1_USER_APP_ELF="$2/$3.elf"
38: ${L1_USER_APP_ELF:="blinky.elf"}
39
40FINAL_BIN_FILE="$2/$3.final.bin"
41: ${FINAL_BIN_FILE:="blinky.final.bin"}
42
43COMBINED_BIN_FILE="$2/$3.combined.bin"
44: ${L1_USER_APP_BIN:="blinky.combined.bin"}
45
46FINAL_HEX_FILE="$2/$3.final.hex"
47: ${FINAL_HEX_FILE:="blinky.final.hex"}
48
49AES_CTR_NONCE_FILE="$2/$3.signed_nonce.bin"
50
51ENCRYPTED_MCUBOOT_BIN_FILE="$2/$3.signed_encrypted.bin"
52
53TOC2_FILE="$2/toc2.bin"
54
55L1_DESC_TEMP="$2/l1_app_desc_temp.bin"
56
57L1_DESC_FILE="$2/l1_app_desc.bin"
58
59L1_USER_APP_HEADER_FILE="$2/l1_user_app_header.bin"
60
61APP_TYPE=$4
62: ${APP_TYPE:="l1ram"}
63
64PROVISION_PATH=$5
65: ${PROVISION_PATH:="."}
66
67# Path to the smif_crypto_cfg and its name for programming (the extension
68# must be bin)
69SMIF_CRYPTO_CFG=$6
70: ${SMIF_CRYPTO_CFG:="NONE"}
71
72# Full path to the default toolchain
73if [ "$7" == "" ];then
74 NM_TOOL=arm-none-eabi-nm
75else
76 NM_TOOL="$7"/bin/arm-none-eabi-nm
77fi
78
79POLICY_PATH=$8
80: ${POLICY_PATH:="$PROVISION_PATH/policy/policy_secure.json"}
81
82SLOT_SIZE=$9
83
84if [ "${10}" == "1" ];then
85 ENC_OPTION="--encrypt"
86else
87 ENC_OPTION=""
88fi
89
Roman Okhrimenko883cb5b2024-03-28 17:22:33 +0200[diff] [blame]90TARGET_PLATFORM=${11}
91
92SERVICE_APP_DESCR_ADDR=${12}
Roman Okhrimenko977b3752022-03-31 14:40:48 +0300[diff] [blame]93: ${SERVICE_APP_DESCR_ADDR:=0x0}
94
95######################## Validate Input Args #################################
96if ! [ -f $L1_USER_APP_BIN ]; then
97 echo "ERROR: $L1_USER_APP_BIN not found"
98 exit 1
99fi
100
101if ! [ -f $L1_USER_APP_ELF ]; then
102 echo "ERROR: $L1_USER_APP_ELF not found"
103 exit 1
104fi
105
106if ! [ -d $PROVISION_PATH ]; then
107 echo "ERROR: $PROVISION_PATH not found"
108 exit 1
109fi
110
111if [ "$TOOLCHAIN" != "ARM" ]; then
112if ! [ -x $NM_TOOL ]; then
113 echo "ERROR: $NM_TOOL not found"
114 exit 1
115fi
116fi
117
118if ! [ -x "$(command -v awk)" ]; then
119 echo "ERROR: awk not found"
120 exit 1
121fi
122
123# if ! [ -x "$(command -v print)" ]; then
124# echo "ERROR: print not found"
125# exit 1
126# fi
127
128if [ "$LCS" == "SECURE" ]; then
129 if ! [ -x "$(command -v cysecuretools)" ]; then
130 echo "ERROR: cysecuretools not found"
131 exit 1
132 fi
133fi
134######################### Generate TOC2 ########################################
135
136# Hardcoded value bytes
137TOC2_SIZE=16
138
139# Hardcoded address in external memory
140TOC2_ADDR=0x0
141
142# TOC2 entries in hexadecimal
143L1_APP_DESCR_ADDR=0x10
144DEBUG_CERT_ADDR=0x0
145
146# Convert to hex string (without 0x prefix)
147TOC2_SIZE_HEX=$(printf "%08x" $TOC2_SIZE)
148L1_APP_DESCR_ADDR_HEX=$(printf "%08x" $(expr $L1_APP_DESCR_ADDR))
149SERVICE_APP_DESCR_ADDR_HEX=$(printf "%08x" $(expr $SERVICE_APP_DESCR_ADDR))
150DEBUG_CERT_ADDR_HEX=$(printf "%08x" $(expr $DEBUG_CERT_ADDR))
151
152# Write 4 bytes from hex string, LSB first
153printf "\x"${TOC2_SIZE_HEX:6:2} > $TOC2_FILE
154printf "\x"${TOC2_SIZE_HEX:4:2} >> $TOC2_FILE
155printf "\x"${TOC2_SIZE_HEX:2:2} >> $TOC2_FILE
156printf "\x"${TOC2_SIZE_HEX:0:2} >> $TOC2_FILE
157
158printf "\x"${L1_APP_DESCR_ADDR_HEX:6:2} >> $TOC2_FILE
159printf "\x"${L1_APP_DESCR_ADDR_HEX:4:2} >> $TOC2_FILE
160printf "\x"${L1_APP_DESCR_ADDR_HEX:2:2} >> $TOC2_FILE
161printf "\x"${L1_APP_DESCR_ADDR_HEX:0:2} >> $TOC2_FILE
162
163printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:6:2} >> $TOC2_FILE
164printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:4:2} >> $TOC2_FILE
165printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:2:2} >> $TOC2_FILE
166printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:0:2} >> $TOC2_FILE
167
168printf "\x"${DEBUG_CERT_ADDR_HEX:6:2} >> $TOC2_FILE
169printf "\x"${DEBUG_CERT_ADDR_HEX:4:2} >> $TOC2_FILE
170printf "\x"${DEBUG_CERT_ADDR_HEX:2:2} >> $TOC2_FILE
171printf "\x"${DEBUG_CERT_ADDR_HEX:0:2} >> $TOC2_FILE
172
173if [ ! -f "$TOC2_FILE" ]; then
174 echo "Error: $TOC2_FILE does not exist." > /dev/tty
175 exit -1
176fi
177######################### Generate L1_APP_DESCR ################################
178
179# Hardcoded value bytes
180L1_APP_DESCR_SIZE=28
181
182# Placed after the TOC2
183L1_APP_DESCR_ADDR=$(printf "0x%x" `expr $TOC2_SIZE`)
184BOOT_STRAP_DST_ADDR=0x20004000
185# L1_APP_DESCR entries in hexadecimal
186if [ "$LCS" == "NORMAL_NO_SECURE" ]; then
187 BOOT_STRAP_ADDR=0x50 # Fix address for un-signed image
188else
189 BOOT_STRAP_ADDR=0x30 # Fix address for signed image
190fi
191
192if [ "$APP_TYPE" == "l1ram" ]; then
193 BOOT_STRAP_SIZE=`wc -c ${L1_USER_APP_BIN} | awk '{print $1}'`
194 BOOT_STRAP_DST_ADDR_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_start_addr__" | awk '{print $1}'`
195 BOOT_STRAP_DST_ADDR=$(printf "%d" $((16#$BOOT_STRAP_DST_ADDR_ELF)))
196
197 if [ ! -f "$L1_USER_APP_BIN" ]; then
198 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
199 exit -1
200 fi
201else
202 BOOT_STRAP_SIZE_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_size__" | awk '{print $1}'`
203 BOOT_STRAP_SIZE=$(printf "%d" $((16#$BOOT_STRAP_SIZE_ELF)))
204 BOOT_STRAP_DST_ADDR_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_start_addr__" | awk '{print $1}'`
205 BOOT_STRAP_DST_ADDR=$(printf "%d" $((16#$BOOT_STRAP_DST_ADDR_ELF)))
206if [ "$TOOLCHAIN" == "ARM" ]; then
207# Reserving 0x3000 for bootstrap. This needs to be calculated based on the actual size
208 BOOT_STRAP_SIZE=12288
209fi
210fi
211
212# Convert to hex string (without 0x prefix)
213L1_APP_DESCR_SIZE_HEX=$(printf "%08x" $L1_APP_DESCR_SIZE)
214BOOT_STRAP_ADDR_HEX=$(printf "%08x" $BOOT_STRAP_ADDR)
215BOOT_STRAP_DST_ADDR_HEX=$(printf "%08x" $BOOT_STRAP_DST_ADDR)
216BOOT_STRAP_SIZE_HEX=$(printf "%08x" $BOOT_STRAP_SIZE)
217
218if [ $BOOT_STRAP_SIZE_HEX == 00000000 ]; then
219 echo "ERROR: in calculating bootstrap size"
220 exit 1
221fi
222
223# Write 4 bytes from hex string, LSB first
224printf "\x"${L1_APP_DESCR_SIZE_HEX:6:2} > $L1_DESC_TEMP
225printf "\x"${L1_APP_DESCR_SIZE_HEX:4:2} >> $L1_DESC_TEMP
226printf "\x"${L1_APP_DESCR_SIZE_HEX:2:2} >> $L1_DESC_TEMP
227printf "\x"${L1_APP_DESCR_SIZE_HEX:0:2} >> $L1_DESC_TEMP
228
229printf "\x"${BOOT_STRAP_ADDR_HEX:6:2} >> $L1_DESC_TEMP
230printf "\x"${BOOT_STRAP_ADDR_HEX:4:2} >> $L1_DESC_TEMP
231printf "\x"${BOOT_STRAP_ADDR_HEX:2:2} >> $L1_DESC_TEMP
232printf "\x"${BOOT_STRAP_ADDR_HEX:0:2} >> $L1_DESC_TEMP
233
234printf "\x"${BOOT_STRAP_DST_ADDR_HEX:6:2} >> $L1_DESC_TEMP
235printf "\x"${BOOT_STRAP_DST_ADDR_HEX:4:2} >> $L1_DESC_TEMP
236printf "\x"${BOOT_STRAP_DST_ADDR_HEX:2:2} >> $L1_DESC_TEMP
237printf "\x"${BOOT_STRAP_DST_ADDR_HEX:0:2} >> $L1_DESC_TEMP
238
239printf "\x"${BOOT_STRAP_SIZE_HEX:6:2} >> $L1_DESC_TEMP
240printf "\x"${BOOT_STRAP_SIZE_HEX:4:2} >> $L1_DESC_TEMP
241printf "\x"${BOOT_STRAP_SIZE_HEX:2:2} >> $L1_DESC_TEMP
242printf "\x"${BOOT_STRAP_SIZE_HEX:0:2} >> $L1_DESC_TEMP
243
244if [ ! -f "$L1_DESC_TEMP" ]; then
245 echo "Error: $L1_DESC_TEMP does not exist." > /dev/tty
246 exit -1
247fi
248
249if [ "$SMIF_CRYPTO_CFG" == "NONE" ]; then
250 for var in 0 1 2
251 do
252 SMIF_CRYPTO_CFG_HEX=00000000
253 printf "\x"${SMIF_CRYPTO_CFG_HEX:6:2} >> $L1_DESC_TEMP
254 printf "\x"${SMIF_CRYPTO_CFG_HEX:4:2} >> $L1_DESC_TEMP
255 printf "\x"${SMIF_CRYPTO_CFG_HEX:2:2} >> $L1_DESC_TEMP
256 printf "\x"${SMIF_CRYPTO_CFG_HEX:0:2} >> $L1_DESC_TEMP
257 done
258
259 `mv $L1_DESC_TEMP $L1_DESC_FILE`
260
261 if [ ! -f "$L1_DESC_FILE" ]; then
262 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
263 exit -1
264 fi
265else
266 if [ ! -f "$L1_DESC_TEMP.bin" ]; then
267 echo "Error: $L1_DESC_TEMP.bin does not exist." > /dev/tty
268 exit -1
269 fi
270 if [ ! -f "$SMIF_CRYPTO_CFG.bin" ]; then
271 echo "Error: $SMIF_CRYPTO_CFG.bin does not exist." > /dev/tty
272 exit -1
273 fi
274
275 `cat $L1_DESC_TEMP $SMIF_CRYPTO_CFG.bin > $L1_DESC_FILE
276 rm -f $L1_DESC_TEMP`
277
278 if [ ! -f "$L1_DESC_FILE" ]; then
279 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
280 exit -1
281 fi
282 if [ -f "$L1_DESC_TEMP" ]; then
283 echo "Error: $L1_DESC_TEMP has not been removed." > /dev/tty
284 exit -1
285 fi
286fi
287
288if [ ! -f "$TOC2_FILE" ]; then
289 echo "Error: $TOC2_FILE does not exist." > /dev/tty
290 exit -1
291fi
292if [ ! -f "$L1_DESC_FILE" ]; then
293 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
294 exit -1
295fi
296
297# 4 bytes of padding (encrypted data should be aligned to 0x10 boundary)
298echo -en "\0\0\0\0" >> $L1_DESC_FILE
299
300if [ "$LCS" == "NORMAL_NO_SECURE" ]; then
301
302 number=0
303
304 L1_USER_APP_HEADER_HEX=00000000
305 # create 32 byte null header for bootstrap
306 printf "\x"${L1_USER_APP_HEADER_HEX:6:2} > $L1_USER_APP_HEADER_FILE
307 printf "\x"${L1_USER_APP_HEADER_HEX:4:2} >> $L1_USER_APP_HEADER_FILE
308 printf "\x"${L1_USER_APP_HEADER_HEX:2:2} >> $L1_USER_APP_HEADER_FILE
309 printf "\x"${L1_USER_APP_HEADER_HEX:0:2} >> $L1_USER_APP_HEADER_FILE
310
311 if [ ! -f "$L1_USER_APP_HEADER_FILE" ]; then
312 echo "Error: $L1_USER_APP_HEADER_FILE does not exist." > /dev/tty
313 exit -1
314 fi
315
316 while [ $number -lt 7 ]
317 do
318 printf "\x"${L1_USER_APP_HEADER_HEX:6:2} >> $L1_USER_APP_HEADER_FILE
319 printf "\x"${L1_USER_APP_HEADER_HEX:4:2} >> $L1_USER_APP_HEADER_FILE
320 printf "\x"${L1_USER_APP_HEADER_HEX:2:2} >> $L1_USER_APP_HEADER_FILE
321 printf "\x"${L1_USER_APP_HEADER_HEX:0:2} >> $L1_USER_APP_HEADER_FILE
322
323 number=`expr $number + 1`
324 done
325
326 if [ ! -f "$L1_USER_APP_HEADER_FILE" ]; then
327 echo "Error: $L1_USER_APP_HEADER_FILE does not exist." > /dev/tty
328 exit -1
329 fi
330 if [ ! -f "$L1_USER_APP_BIN" ]; then
331 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
332 exit -1
333 fi
334
335 # Combining all images (toc2+l1_app_desc+l1_user_app_header+l1_user_app) to Final binary file
336 `cat $TOC2_FILE $L1_DESC_FILE $L1_USER_APP_HEADER_FILE $L1_USER_APP_BIN > $FINAL_BIN_FILE`
337elif [ "$LCS" == "SECURE" ]; then
338 if [ ! -f "$L1_USER_APP_BIN" ]; then
339 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
340 exit -1
341 fi
342
343 # Sign l1 user app L1_USER_APP_BIN_SIGN
Roman Okhrimenko883cb5b2024-03-28 17:22:33 +0200[diff] [blame]344 cysecuretools -q -t $TARGET_PLATFORM -p $POLICY_PATH sign-image --image-format bootrom_next_app -i $L1_USER_APP_BIN -k 0 -o $L1_USER_APP_BIN_SIGN --slot-size $SLOT_SIZE --app-addr 0x08000030 $ENC_OPTION
Roman Okhrimenko977b3752022-03-31 14:40:48 +0300[diff] [blame]345
346 if [ ! -f "$L1_USER_APP_BIN_SIGN" ]; then
347 echo "Error: $L1_USER_APP_BIN_SIGN has not been created." > /dev/tty
348 exit -1
349 fi
350
351 # Combining all images (toc2+l1_app_desc+l1_user_app) to Final binary file of MCUBootApp
352 if [ -z $ENC_OPTION ]; then
353 cat $TOC2_FILE $L1_DESC_FILE $L1_USER_APP_BIN_SIGN > $FINAL_BIN_FILE
354 else
355 # Patching L1 app descriptor with AES-CTR Nonce
356 dd seek=16 bs=1 count=12 conv=notrunc if=$AES_CTR_NONCE_FILE of=$L1_DESC_FILE >& /dev/null && \
357 cat $TOC2_FILE $L1_DESC_FILE ${ENCRYPTED_MCUBOOT_BIN_FILE} > $FINAL_BIN_FILE
358 fi
359else
360 echo "ERROR: Invalid LCS ($LCS) value"
361 exit 1
362fi
363
364if [ ! -f "$FINAL_BIN_FILE" ]; then
365 echo "Error: $FINAL_BIN_FILE does not exist." > /dev/tty
366 exit -1
367fi