| set -e |
| |
| mod_config() { |
| if [ "$target" = "spacecast" -a "$key_suffix" = "pvt" ]; then |
| sed -i "s/^CONFIG_RSA_KEY_SET_DEFAULT=.*/# CONFIG_RSA_KEY_SET_DEFAULT is not set/" .config |
| sed -i "s/^# CONFIG_RSA_KEY_SET_SPACECAST_PVT.*/CONFIG_RSA_KEY_SET_SPACECAST_PVT=y/" .config |
| fi |
| } |
| |
| target="$1" |
| |
| if [ "$target" == "optimus" ]; then |
| barebox_config="optimus_defconfig" |
| keystore_id="GFIBER_DRM" |
| elif [ "$target" == "spacecast" ]; then |
| barebox_config="spacecast_defconfig" |
| keystore_id="SPACECAST" |
| else |
| echo "Usage: $0 optimus|spacecast [key-suffix]" >&2 |
| exit 1 |
| fi |
| |
| key_suffix="" |
| bin_subdir="" |
| if [ -n "$2" ]; then |
| key_suffix="$2" |
| bin_subdir="$key_suffix/" |
| fi |
| |
| binaries=$(pwd)/out |
| if [ -d $binaries ]; then |
| rm -rf $binaries.old |
| mv -f $binaries $binaries.old |
| fi |
| mkdir -p $binaries |
| |
| make distclean |
| make optimus_uloader_defconfig ARCH=arm |
| mod_config |
| make oldconfig |
| make -j 16 |
| cp uloader.bin $binaries/uloader_unsigned_release.bin |
| |
| make distclean |
| make optimus_mfg_defconfig ARCH=arm |
| mod_config |
| make oldconfig |
| make -j 16 |
| cp barebox.bin $binaries/barebox_unsigned_mfg.bin |
| |
| make distclean |
| make $barebox_config ARCH=arm |
| mod_config |
| make oldconfig |
| make -j 16 |
| cp barebox.bin $binaries/barebox_unsigned_release.bin |
| |
| make distclean |
| make $barebox_config ARCH=arm |
| echo CONFIG_DEVELOPER_BAREBOX=y >> .config |
| mod_config |
| make oldconfig |
| make -j 16 |
| cp barebox.bin $binaries/barebox_unsigned_unlocked.bin |
| |
| ( |
| set -e |
| cd /google/src/files/head/depot/google3/isp/fiber/drm |
| type=uloader |
| for n in $binaries/uloader_unsigned_*.bin; do |
| signed=$(echo $n | sed -e 's/_unsigned_/_signed_/') |
| blaze run -- //isp/fiber/drm:code_sign_tool sign-image $n \ |
| --image_type=$type --outfile=$signed --keystore_config_id=$keystore_id \ |
| --key_suffix=$key_suffix |
| done |
| type=barebox |
| for n in $binaries/barebox_unsigned_*.bin; do |
| if [[ "$n" == *"_release"* ]] || [ "$target" != "spacecast" ]; then |
| signed=$(echo $n | sed -e 's/_unsigned_/_signed_/') |
| blaze run -- //isp/fiber/drm:code_sign_tool sign-image $n \ |
| --image_type=$type --outfile=$signed --keystore_config_id=$keystore_id \ |
| --key_suffix=$key_suffix |
| fi |
| done |
| |
| blaze --batch run //isp/fiber/drm:drm_keystore_client -- \ |
| --key_type signing_private_key --output $binaries/gfiber_private.pem \ |
| --keystore_config_id=$keystore_id --key_suffix=$key_suffix |
| ) |
| |
| for n in $binaries/*.bin; do |
| sig=$(echo $n | sed -e 's/.bin$/.sig/') |
| openssl dgst -sign $binaries/gfiber_private.pem -sha512 -binary -keyform PEM $n > $sig |
| done |
| |
| rm -f $binaries/gfiber_private.pem |
| |
| cat << EOF |
| ###################################################################### |
| Done |
| If all looks good and tests well, check in with the following |
| cp out/*.bin out/*.sig ../../loader-bin/mindspeed/$target/$bin_subdir |
| cd ../../loader-bin/mindspeed/$target/$bin_subdir |
| git add *.bin *.sig |
| git commit |
| git push gfiber-internal HEAD:refs/for/master |
| EOF |