TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 409941a9bbb7899f87af499b0afbbefca400d0d8 / . / boot / cypress / run_toc2_generator.sh
blob: 4b47cbab3a87ac75e53bb0cf3b8d378ad8e905dc [file] [log] [blame]
Roman Okhrimenko977b3752022-03-31 14:40:48 +0300[diff] [blame]1#!/bin/bash
2(set -o igncr) 2>/dev/null && set -o igncr; #keep this comment
3
4echo_run() { echo "\$ ${@/eval/}" ; "$@" ; }
5
6# set -vx
7
8# parameters
9# 1. secure/non-secure
10# 2. path to app
11# 3. app name
12# 4. app type
13# 5. path to keys
14# 6. smif config file
15
16# additional mcuboot makefile param
17# 7. gcc toolchain path
18# 8. path to policy
19# 9. default application slot size
20# 10. enable encryption
21# 11. service application descriptor address
22
23# Combined image configuration
24LCS=$1
25: ${LCS:="NORMAL_NO_SECURE"}
26
27# Path to the image and image name for programming (the extension must be bin)
28L1_USER_APP_BIN="$2/$3.bin"
29: ${L1_USER_APP_BIN:="blinky.bin"}
30
31if [ "$LCS" == "SECURE" ]; then
32L1_USER_APP_BIN_SIGN="$2/$3.signed.bin"
33: ${L1_USER_APP_BIN_SIGN:="blinky.signed.bin"}
34fi
35
36L1_USER_APP_ELF="$2/$3.elf"
37: ${L1_USER_APP_ELF:="blinky.elf"}
38
39FINAL_BIN_FILE="$2/$3.final.bin"
40: ${FINAL_BIN_FILE:="blinky.final.bin"}
41
42COMBINED_BIN_FILE="$2/$3.combined.bin"
43: ${L1_USER_APP_BIN:="blinky.combined.bin"}
44
45FINAL_HEX_FILE="$2/$3.final.hex"
46: ${FINAL_HEX_FILE:="blinky.final.hex"}
47
48AES_CTR_NONCE_FILE="$2/$3.signed_nonce.bin"
49
50ENCRYPTED_MCUBOOT_BIN_FILE="$2/$3.signed_encrypted.bin"
51
52TOC2_FILE="$2/toc2.bin"
53
54L1_DESC_TEMP="$2/l1_app_desc_temp.bin"
55
56L1_DESC_FILE="$2/l1_app_desc.bin"
57
58L1_USER_APP_HEADER_FILE="$2/l1_user_app_header.bin"
59
60APP_TYPE=$4
61: ${APP_TYPE:="l1ram"}
62
63PROVISION_PATH=$5
64: ${PROVISION_PATH:="."}
65
66# Path to the smif_crypto_cfg and its name for programming (the extension
67# must be bin)
68SMIF_CRYPTO_CFG=$6
69: ${SMIF_CRYPTO_CFG:="NONE"}
70
71# Full path to the default toolchain
72if [ "$7" == "" ];then
73 NM_TOOL=arm-none-eabi-nm
74else
75 NM_TOOL="$7"/bin/arm-none-eabi-nm
76fi
77
78POLICY_PATH=$8
79: ${POLICY_PATH:="$PROVISION_PATH/policy/policy_secure.json"}
80
81SLOT_SIZE=$9
82
83if [ "${10}" == "1" ];then
84 ENC_OPTION="--encrypt"
85else
86 ENC_OPTION=""
87fi
88
89SERVICE_APP_DESCR_ADDR=${11}
90: ${SERVICE_APP_DESCR_ADDR:=0x0}
91
92######################## Validate Input Args #################################
93if ! [ -f $L1_USER_APP_BIN ]; then
94 echo "ERROR: $L1_USER_APP_BIN not found"
95 exit 1
96fi
97
98if ! [ -f $L1_USER_APP_ELF ]; then
99 echo "ERROR: $L1_USER_APP_ELF not found"
100 exit 1
101fi
102
103if ! [ -d $PROVISION_PATH ]; then
104 echo "ERROR: $PROVISION_PATH not found"
105 exit 1
106fi
107
108if [ "$TOOLCHAIN" != "ARM" ]; then
109if ! [ -x $NM_TOOL ]; then
110 echo "ERROR: $NM_TOOL not found"
111 exit 1
112fi
113fi
114
115if ! [ -x "$(command -v awk)" ]; then
116 echo "ERROR: awk not found"
117 exit 1
118fi
119
120# if ! [ -x "$(command -v print)" ]; then
121# echo "ERROR: print not found"
122# exit 1
123# fi
124
125if [ "$LCS" == "SECURE" ]; then
126 if ! [ -x "$(command -v cysecuretools)" ]; then
127 echo "ERROR: cysecuretools not found"
128 exit 1
129 fi
130fi
131######################### Generate TOC2 ########################################
132
133# Hardcoded value bytes
134TOC2_SIZE=16
135
136# Hardcoded address in external memory
137TOC2_ADDR=0x0
138
139# TOC2 entries in hexadecimal
140L1_APP_DESCR_ADDR=0x10
141DEBUG_CERT_ADDR=0x0
142
143# Convert to hex string (without 0x prefix)
144TOC2_SIZE_HEX=$(printf "%08x" $TOC2_SIZE)
145L1_APP_DESCR_ADDR_HEX=$(printf "%08x" $(expr $L1_APP_DESCR_ADDR))
146SERVICE_APP_DESCR_ADDR_HEX=$(printf "%08x" $(expr $SERVICE_APP_DESCR_ADDR))
147DEBUG_CERT_ADDR_HEX=$(printf "%08x" $(expr $DEBUG_CERT_ADDR))
148
149# Write 4 bytes from hex string, LSB first
150printf "\x"${TOC2_SIZE_HEX:6:2} > $TOC2_FILE
151printf "\x"${TOC2_SIZE_HEX:4:2} >> $TOC2_FILE
152printf "\x"${TOC2_SIZE_HEX:2:2} >> $TOC2_FILE
153printf "\x"${TOC2_SIZE_HEX:0:2} >> $TOC2_FILE
154
155printf "\x"${L1_APP_DESCR_ADDR_HEX:6:2} >> $TOC2_FILE
156printf "\x"${L1_APP_DESCR_ADDR_HEX:4:2} >> $TOC2_FILE
157printf "\x"${L1_APP_DESCR_ADDR_HEX:2:2} >> $TOC2_FILE
158printf "\x"${L1_APP_DESCR_ADDR_HEX:0:2} >> $TOC2_FILE
159
160printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:6:2} >> $TOC2_FILE
161printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:4:2} >> $TOC2_FILE
162printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:2:2} >> $TOC2_FILE
163printf "\x"${SERVICE_APP_DESCR_ADDR_HEX:0:2} >> $TOC2_FILE
164
165printf "\x"${DEBUG_CERT_ADDR_HEX:6:2} >> $TOC2_FILE
166printf "\x"${DEBUG_CERT_ADDR_HEX:4:2} >> $TOC2_FILE
167printf "\x"${DEBUG_CERT_ADDR_HEX:2:2} >> $TOC2_FILE
168printf "\x"${DEBUG_CERT_ADDR_HEX:0:2} >> $TOC2_FILE
169
170if [ ! -f "$TOC2_FILE" ]; then
171 echo "Error: $TOC2_FILE does not exist." > /dev/tty
172 exit -1
173fi
174######################### Generate L1_APP_DESCR ################################
175
176# Hardcoded value bytes
177L1_APP_DESCR_SIZE=28
178
179# Placed after the TOC2
180L1_APP_DESCR_ADDR=$(printf "0x%x" `expr $TOC2_SIZE`)
181BOOT_STRAP_DST_ADDR=0x20004000
182# L1_APP_DESCR entries in hexadecimal
183if [ "$LCS" == "NORMAL_NO_SECURE" ]; then
184 BOOT_STRAP_ADDR=0x50 # Fix address for un-signed image
185else
186 BOOT_STRAP_ADDR=0x30 # Fix address for signed image
187fi
188
189if [ "$APP_TYPE" == "l1ram" ]; then
190 BOOT_STRAP_SIZE=`wc -c ${L1_USER_APP_BIN} | awk '{print $1}'`
191 BOOT_STRAP_DST_ADDR_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_start_addr__" | awk '{print $1}'`
192 BOOT_STRAP_DST_ADDR=$(printf "%d" $((16#$BOOT_STRAP_DST_ADDR_ELF)))
193
194 if [ ! -f "$L1_USER_APP_BIN" ]; then
195 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
196 exit -1
197 fi
198else
199 BOOT_STRAP_SIZE_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_size__" | awk '{print $1}'`
200 BOOT_STRAP_SIZE=$(printf "%d" $((16#$BOOT_STRAP_SIZE_ELF)))
201 BOOT_STRAP_DST_ADDR_ELF=`${NM_TOOL} ${L1_USER_APP_ELF} | grep "__bootstrap_start_addr__" | awk '{print $1}'`
202 BOOT_STRAP_DST_ADDR=$(printf "%d" $((16#$BOOT_STRAP_DST_ADDR_ELF)))
203if [ "$TOOLCHAIN" == "ARM" ]; then
204# Reserving 0x3000 for bootstrap. This needs to be calculated based on the actual size
205 BOOT_STRAP_SIZE=12288
206fi
207fi
208
209# Convert to hex string (without 0x prefix)
210L1_APP_DESCR_SIZE_HEX=$(printf "%08x" $L1_APP_DESCR_SIZE)
211BOOT_STRAP_ADDR_HEX=$(printf "%08x" $BOOT_STRAP_ADDR)
212BOOT_STRAP_DST_ADDR_HEX=$(printf "%08x" $BOOT_STRAP_DST_ADDR)
213BOOT_STRAP_SIZE_HEX=$(printf "%08x" $BOOT_STRAP_SIZE)
214
215if [ $BOOT_STRAP_SIZE_HEX == 00000000 ]; then
216 echo "ERROR: in calculating bootstrap size"
217 exit 1
218fi
219
220# Write 4 bytes from hex string, LSB first
221printf "\x"${L1_APP_DESCR_SIZE_HEX:6:2} > $L1_DESC_TEMP
222printf "\x"${L1_APP_DESCR_SIZE_HEX:4:2} >> $L1_DESC_TEMP
223printf "\x"${L1_APP_DESCR_SIZE_HEX:2:2} >> $L1_DESC_TEMP
224printf "\x"${L1_APP_DESCR_SIZE_HEX:0:2} >> $L1_DESC_TEMP
225
226printf "\x"${BOOT_STRAP_ADDR_HEX:6:2} >> $L1_DESC_TEMP
227printf "\x"${BOOT_STRAP_ADDR_HEX:4:2} >> $L1_DESC_TEMP
228printf "\x"${BOOT_STRAP_ADDR_HEX:2:2} >> $L1_DESC_TEMP
229printf "\x"${BOOT_STRAP_ADDR_HEX:0:2} >> $L1_DESC_TEMP
230
231printf "\x"${BOOT_STRAP_DST_ADDR_HEX:6:2} >> $L1_DESC_TEMP
232printf "\x"${BOOT_STRAP_DST_ADDR_HEX:4:2} >> $L1_DESC_TEMP
233printf "\x"${BOOT_STRAP_DST_ADDR_HEX:2:2} >> $L1_DESC_TEMP
234printf "\x"${BOOT_STRAP_DST_ADDR_HEX:0:2} >> $L1_DESC_TEMP
235
236printf "\x"${BOOT_STRAP_SIZE_HEX:6:2} >> $L1_DESC_TEMP
237printf "\x"${BOOT_STRAP_SIZE_HEX:4:2} >> $L1_DESC_TEMP
238printf "\x"${BOOT_STRAP_SIZE_HEX:2:2} >> $L1_DESC_TEMP
239printf "\x"${BOOT_STRAP_SIZE_HEX:0:2} >> $L1_DESC_TEMP
240
241if [ ! -f "$L1_DESC_TEMP" ]; then
242 echo "Error: $L1_DESC_TEMP does not exist." > /dev/tty
243 exit -1
244fi
245
246if [ "$SMIF_CRYPTO_CFG" == "NONE" ]; then
247 for var in 0 1 2
248 do
249 SMIF_CRYPTO_CFG_HEX=00000000
250 printf "\x"${SMIF_CRYPTO_CFG_HEX:6:2} >> $L1_DESC_TEMP
251 printf "\x"${SMIF_CRYPTO_CFG_HEX:4:2} >> $L1_DESC_TEMP
252 printf "\x"${SMIF_CRYPTO_CFG_HEX:2:2} >> $L1_DESC_TEMP
253 printf "\x"${SMIF_CRYPTO_CFG_HEX:0:2} >> $L1_DESC_TEMP
254 done
255
256 `mv $L1_DESC_TEMP $L1_DESC_FILE`
257
258 if [ ! -f "$L1_DESC_FILE" ]; then
259 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
260 exit -1
261 fi
262else
263 if [ ! -f "$L1_DESC_TEMP.bin" ]; then
264 echo "Error: $L1_DESC_TEMP.bin does not exist." > /dev/tty
265 exit -1
266 fi
267 if [ ! -f "$SMIF_CRYPTO_CFG.bin" ]; then
268 echo "Error: $SMIF_CRYPTO_CFG.bin does not exist." > /dev/tty
269 exit -1
270 fi
271
272 `cat $L1_DESC_TEMP $SMIF_CRYPTO_CFG.bin > $L1_DESC_FILE
273 rm -f $L1_DESC_TEMP`
274
275 if [ ! -f "$L1_DESC_FILE" ]; then
276 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
277 exit -1
278 fi
279 if [ -f "$L1_DESC_TEMP" ]; then
280 echo "Error: $L1_DESC_TEMP has not been removed." > /dev/tty
281 exit -1
282 fi
283fi
284
285if [ ! -f "$TOC2_FILE" ]; then
286 echo "Error: $TOC2_FILE does not exist." > /dev/tty
287 exit -1
288fi
289if [ ! -f "$L1_DESC_FILE" ]; then
290 echo "Error: $L1_DESC_FILE does not exist." > /dev/tty
291 exit -1
292fi
293
294# 4 bytes of padding (encrypted data should be aligned to 0x10 boundary)
295echo -en "\0\0\0\0" >> $L1_DESC_FILE
296
297if [ "$LCS" == "NORMAL_NO_SECURE" ]; then
298
299 number=0
300
301 L1_USER_APP_HEADER_HEX=00000000
302 # create 32 byte null header for bootstrap
303 printf "\x"${L1_USER_APP_HEADER_HEX:6:2} > $L1_USER_APP_HEADER_FILE
304 printf "\x"${L1_USER_APP_HEADER_HEX:4:2} >> $L1_USER_APP_HEADER_FILE
305 printf "\x"${L1_USER_APP_HEADER_HEX:2:2} >> $L1_USER_APP_HEADER_FILE
306 printf "\x"${L1_USER_APP_HEADER_HEX:0:2} >> $L1_USER_APP_HEADER_FILE
307
308 if [ ! -f "$L1_USER_APP_HEADER_FILE" ]; then
309 echo "Error: $L1_USER_APP_HEADER_FILE does not exist." > /dev/tty
310 exit -1
311 fi
312
313 while [ $number -lt 7 ]
314 do
315 printf "\x"${L1_USER_APP_HEADER_HEX:6:2} >> $L1_USER_APP_HEADER_FILE
316 printf "\x"${L1_USER_APP_HEADER_HEX:4:2} >> $L1_USER_APP_HEADER_FILE
317 printf "\x"${L1_USER_APP_HEADER_HEX:2:2} >> $L1_USER_APP_HEADER_FILE
318 printf "\x"${L1_USER_APP_HEADER_HEX:0:2} >> $L1_USER_APP_HEADER_FILE
319
320 number=`expr $number + 1`
321 done
322
323 if [ ! -f "$L1_USER_APP_HEADER_FILE" ]; then
324 echo "Error: $L1_USER_APP_HEADER_FILE does not exist." > /dev/tty
325 exit -1
326 fi
327 if [ ! -f "$L1_USER_APP_BIN" ]; then
328 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
329 exit -1
330 fi
331
332 # Combining all images (toc2+l1_app_desc+l1_user_app_header+l1_user_app) to Final binary file
333 `cat $TOC2_FILE $L1_DESC_FILE $L1_USER_APP_HEADER_FILE $L1_USER_APP_BIN > $FINAL_BIN_FILE`
334elif [ "$LCS" == "SECURE" ]; then
335 if [ ! -f "$L1_USER_APP_BIN" ]; then
336 echo "Error: $L1_USER_APP_BIN does not exist." > /dev/tty
337 exit -1
338 fi
339
340 # Sign l1 user app L1_USER_APP_BIN_SIGN
341 cysecuretools -q -t cyw20829 -p $POLICY_PATH sign-image --image-format bootrom_next_app -i $L1_USER_APP_BIN -k 0 -o $L1_USER_APP_BIN_SIGN --slot-size $SLOT_SIZE --app-addr 0x08000030 $ENC_OPTION
342
343 if [ ! -f "$L1_USER_APP_BIN_SIGN" ]; then
344 echo "Error: $L1_USER_APP_BIN_SIGN has not been created." > /dev/tty
345 exit -1
346 fi
347
348 # Combining all images (toc2+l1_app_desc+l1_user_app) to Final binary file of MCUBootApp
349 if [ -z $ENC_OPTION ]; then
350 cat $TOC2_FILE $L1_DESC_FILE $L1_USER_APP_BIN_SIGN > $FINAL_BIN_FILE
351 else
352 # Patching L1 app descriptor with AES-CTR Nonce
353 dd seek=16 bs=1 count=12 conv=notrunc if=$AES_CTR_NONCE_FILE of=$L1_DESC_FILE >& /dev/null && \
354 cat $TOC2_FILE $L1_DESC_FILE ${ENCRYPTED_MCUBOOT_BIN_FILE} > $FINAL_BIN_FILE
355 fi
356else
357 echo "ERROR: Invalid LCS ($LCS) value"
358 exit 1
359fi
360
361if [ ! -f "$FINAL_BIN_FILE" ]; then
362 echo "Error: $FINAL_BIN_FILE does not exist." > /dev/tty
363 exit -1
364fi