blob: d748a5b9ed39d09364df489cc39de6e802eff3d0 [file] [log] [blame]
#!/bin/sh
################################################################################
# This script generates c2k images(that includes image header) from the standard
# binary file. It can generates header with NULL, SHA256, RSA signatures, and
# key inbuilt to the header. This script internally invoke header generation
# application with corresponding parameters.
#
# Example Usage:
# To generate firmware image with NULL hash
# mk_c2kimage.sh null firmware.bin
#
# To generate firmware image with SHA256
# mk_c2kimage.sh sha256 firmware.bin
#
# To generate firmware image with RSA signature and key inbuilt to the header
# mk_c2kimage.sh rsa private.pem insertkey firmware.bin
#
# To generate firmware image with RSA signature and no key inserted in the header
# mk_c2kimage.sh rsa private.pem nokey firmware.bin
#
# OpenSSL command to generate new private key
# openssl genrsa -out private.pem 2048
#
# Note: RSA key size is determined from the given private key.
################################################################################
usage()
{
echo "Usage..."
echo "$0 <mode> <options> <fw_file>"
echo " <mode> - legacy or nonlegacy"
echo " <fw_file> - Firmware image"
echo "If legacy mode then the options are"
echo "<base_offset> - The value of base offset"
echo "<start_offset> - The value of start offset"
echo "If non-legacy mode then the options are"
echo " <null> - Place NULL hash in the header"
echo " <sha256> - Place SHA256 hash in the header"
echo " <rsa> <private_key> <insertkey|nokey>"
echo " - Place RSA signature in the header using private_key"
echo " insertkey|nokey to inbuilt or exclude the key from header"
echo " <gen_key> <private_key> <public_key>"
echo " - Generate the public key and sha256 hash of this key"
echo " - Generate the public key with this name"
}
clean_exit()
{
if [ -e "$public_modulus" ]
then
rm $public_modulus
fi
if [ -e "$sig_file" ]
then
rm $sig_file
fi
if [ -e "$hash_file" ]
then
rm $hash_file
fi
exit $1
}
check_image()
{
if [ "$1" = "" ]; then
usage
clean_exit 1
fi
if [ ! -e $1 ]; then
echo "Firmware file not found "$1
clean_exit 1
fi
}
case "$1" in
legacy)
echo "Legacy mode..."
base_off=$2
start_off=$3
image=$4
echo "c2kimage_gen $1 $base_off $start_off $image"
./c2kimage_gen $1 $base_off $start_off $image
;;
nonlegacy)
echo "Non-Legacy mode..."
case "$2" in
null)
echo "Generating C2K image with NULL hash"
timestamp=`date +%s` || exit 1
image=$3
check_image $image
#Call header generation utility
./c2kimage_gen $1 $timestamp $image $2
echo "c2kimage_gen $1 $timestamp $image $2"
;;
sha256)
echo "Generating C2K image with SHA256.."
hash_file=`mktemp` || exit 1
timestamp=`date +%s` || exit 1
image=$3
check_image $image
#Calculate SHA256 hash on fw file.
openssl dgst -binary -sha256 < $image > $hash_file
if [ $? != 0 ]; then
echo "Error while calculating hash on $image"
clean_exit 1
fi
#Call header generation utility
./c2kimage_gen $1 $timestamp $image $2 $hash_file
echo "c2kimage_gen $1 $timestamp $image $2 $hash_file"
;;
rsa*)
echo "Generating C2K image with RSA signature .."
public_modulus=`mktemp` || clean_exit 1
sig_file=`mktemp` || clean_exit 1
hash_file=`mktemp` || clean_exit 1
private_key=$3
keymode=$4
timestamp=`date +%s` || exit 1
image=$5
check_image $image
if [ ! -e $private_key ]; then
echo "Private key file not found '$private_key'"
clean_exit 1
fi
#Calculate SHA256 hash on fw file.
openssl dgst -binary -sha256 < $image > $hash_file
#RSA Sign the hash using private key
openssl rsautl -sign -inkey $private_key -keyform PEM -pkcs -in $hash_file -out $sig_file
#extract the public modulus(N) from the private key.
openssl rsa -in $private_key -modulus | awk -F"=" '{if ($1 == "Modulus"){print $2}}' > $public_modulus
./c2kimage_gen $1 $timestamp $image $2 $sig_file $public_modulus $keymode
echo "c2kimage_gen $1 $timestamp $image $2 $sig_file $public_modulus $keymode"
;;
gen_key)
echo "Generating public key"
timestamp=`date +%s` || exit 1
public_modulus=`mktemp` || clean_exit 1
privatekey=$3
publickey=$4
image=$5
hashfile="publichash"
check_image $image
if [ ! -e $privatekey ]; then
echo "Private key file not found '$privatekey'"
clean_exit 1
fi
#extract the public modulus(N) from the private key.
openssl rsa -in $privatekey -modulus | awk -F"=" '{if ($1 == "Modulus"){print $2}}' > $public_modulus
#Call header generation utility
./c2kimage_gen $1 $timestamp $image $2 $publickey $public_modulus
echo "c2kimage_gen $1 $timestamp $image $2 $publickey $public_modulus"
#Calculate SHA256 hash on public key file.
openssl dgst -binary -sha256 < $publickey > $hashfile
echo "Generated hash on public key"
;;
*)
usage
exit 1
;;
esac
;;
*)
usage
exit 1
;;
esac
clean_exit 0