bundleBootapp
2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/bin/sh
SKDIR=`pwd`
HOST_TOOL_DIR=$ROOT/usr/sbin
HOST_DATA_DIR=$ROOT/usr/host_data
# tools
CONTENT_TOOL=$HOST_TOOL_DIR/mkCmd
BUNDLE_TOOL=$HOST_TOOL_DIR/pkgbootrl
# hard-code key/iv used to encrypt sysapp ticket. for now we
COMMON_BOOT_IV="b80902767e25db270f3449c5d94b1621"
# not really used in packaging sysapp, but needed for V2_TOOL
BBPRIV_KEY="a81902767e25db170f3449c5d94b162fa81902767e25db170f3449c5d94b162f"
# key/iv applied to the sysapp rom itself
SYSAPP_KEY="a81902767e25db170f3449c5d94b162f"
SYSAPP_IV="a438b3410298747b0c089d8f6d2991a8"
# output files (may be loaded to fs via shell):
# SYSAPP_AES - sysapp (encrypted)
# SYSAPP_TICKET - sysapp ticket
SYSAPP_AES=sysapp_aes.bin
SYSAPP_TICKET=bat.bin
V2_CONSTFILE=/tmp/bb_v2const
# single arg is sysapp rom
function package_sysapp {
# COMMON_BOOT_IV: placed in boot app BbContentMetaDataHead.commonCmdIv.
# the iv corresponding to COMMON_BOOT_KEY.
# -R: signifies mkCmd should acquire loadAddress from
# rom header.
# $1: the plaintext sysapp rom produced using makerom
# (with path if not in current directory).
# SYSAPP_KEY: key used to encrypt the sysapp. placed in
# BbContentMetaDataHead.key.
# SYSAPP_IV: iv used with SYSAPP_KEY, placed in
# BbContentMetaDataHead.iv.
# SYSAPP_AES: output aes encrypted sysapp (i.e., $1 that has
# been encrypted using SYSAPP_KEY/SYSAPP_IV pair).
# SYSAPP_TICKET: the sysapp ticket bundle. holds BbContentMetaDataHead,
# the cert chain to verify the cmdh, and the revocation
# lists.
#
if ! $CONTENT_TOOL $pub_prop_file $bbid $rights $Rights $signer_key $cert_sys $test_error -s -i $COMMON_BOOT_IV $1 $SYSAPP_KEY $SYSAPP_IV $2 $3_
then
echo "failed to package sysapp and create cmd"
exit 1
fi
if [[ $no_crl = false ]]; then
if ! $BUNDLE_TOOL -r $HOST_DATA_DIR/crl.sys $3_
then
echo "failed to add crl info to cmd"
exit 1
fi
fi
dd if=$3_ of=$3 bs=16384 conv=sync count=1
rm $3_
rm -f $V2_CONSTFILE
}
function usage {
echo "Usage:"
echo "bundleSysapp [-T] [-S signer_string] [-C certSysFile]"
echo " <sysapp_rom_in> <sysapp_rom_out> <sysapp_tick_out>"
}
signer_key= cert_sys= test_error=
pub_prop_file= rights= Rights= no_crl=false bbid=
while getopts "S:C:Tr:R:p:b:n" a
do
case $a in
S) signer_key="-S $OPTARG";;
C) cert_sys="-C $OPTARG";;
T) test_error="-T";;
r) rights="-r $OPTARG";;
R) Rights="-R $OPTARG";;
p) pub_prop_file="-p $OPTARG";;
n) no_crl=true;;
b) bbid="-b $OPTARG";;
*) usage; exit 1;;
esac
done
shift $(($OPTIND - 1))
if (($# != 3)); then
usage
exit 1
fi
package_sysapp $@