bundleBootapp 2.86 KB
#!/bin/sh

SKDIR=`pwd`

HOST_TOOL_DIR=$ROOT/usr/sbin
HOST_DATA_DIR=$ROOT/usr/host_data

# tools
CONTENT_TOOL=$HOST_TOOL_DIR/mkCmd
BUNDLE_TOOL=$HOST_TOOL_DIR/pkgbootrl

# hard-code key/iv used to encrypt sysapp ticket. for now we 
COMMON_BOOT_IV="b80902767e25db270f3449c5d94b1621"

# not really used in packaging sysapp, but needed for V2_TOOL
BBPRIV_KEY="a81902767e25db170f3449c5d94b162fa81902767e25db170f3449c5d94b162f"

# key/iv applied to the sysapp rom itself
SYSAPP_KEY="a81902767e25db170f3449c5d94b162f"
SYSAPP_IV="a438b3410298747b0c089d8f6d2991a8"

# output files (may be loaded to fs via shell):
#   SYSAPP_AES - sysapp (encrypted)
#   SYSAPP_TICKET - sysapp ticket 
SYSAPP_AES=sysapp_aes.bin
SYSAPP_TICKET=bat.bin

V2_CONSTFILE=/tmp/bb_v2const

# single arg is sysapp rom
function package_sysapp {
    # COMMON_BOOT_IV:  placed in boot app BbContentMetaDataHead.commonCmdIv.
    #                  the iv corresponding to COMMON_BOOT_KEY.
    # -R:              signifies mkCmd should acquire loadAddress from
    #                  rom header.
    # $1:              the plaintext sysapp rom produced using makerom
    #                  (with path if not in current directory).
    # SYSAPP_KEY:      key used to encrypt the sysapp. placed in
    #                  BbContentMetaDataHead.key.
    # SYSAPP_IV:       iv used with SYSAPP_KEY, placed in
    #                  BbContentMetaDataHead.iv.
    # SYSAPP_AES:      output aes encrypted sysapp (i.e., $1 that has
    #                  been encrypted using SYSAPP_KEY/SYSAPP_IV pair).
    # SYSAPP_TICKET:   the sysapp ticket bundle. holds BbContentMetaDataHead,
    #                  the cert chain to verify the cmdh, and the revocation
    #                  lists.
    #

    if ! $CONTENT_TOOL $pub_prop_file $bbid $rights $Rights $signer_key $cert_sys $test_error -s -i $COMMON_BOOT_IV $1 $SYSAPP_KEY $SYSAPP_IV $2 $3_
    then
	echo "failed to package sysapp and create cmd"
        exit 1
    fi

    if [[ $no_crl = false ]]; then
        if ! $BUNDLE_TOOL -r $HOST_DATA_DIR/crl.sys $3_
        then
            echo "failed to add crl info to cmd"
            exit 1
        fi
    fi

    dd if=$3_ of=$3 bs=16384 conv=sync count=1
    rm $3_

    rm -f $V2_CONSTFILE
}

function usage {
    echo "Usage:"
    echo "bundleSysapp [-T] [-S signer_string] [-C certSysFile]"
    echo "   <sysapp_rom_in> <sysapp_rom_out> <sysapp_tick_out>"
}

signer_key= cert_sys= test_error=
pub_prop_file= rights= Rights=  no_crl=false bbid=
while getopts "S:C:Tr:R:p:b:n" a
do
   case $a in
      S) signer_key="-S $OPTARG";;
      C) cert_sys="-C $OPTARG";;
      T) test_error="-T";;
      r) rights="-r $OPTARG";;
      R) Rights="-R $OPTARG";;
      p) pub_prop_file="-p $OPTARG";;
      n) no_crl=true;;
      b) bbid="-b $OPTARG";;
      *) usage; exit 1;;
   esac
done

shift $(($OPTIND - 1))

if (($# != 3)); then
    usage
    exit 1
fi

package_sysapp $@