blob: f7f54bdcdb073cc0d5c9d6d1858dde139d9f8c99 [file] [log] [blame]
set -e
mod_config() {
if [ "$target" = "spacecast" -a "$key_suffix" = "pvt" ]; then
sed -i "s/^CONFIG_RSA_KEY_SET_DEFAULT=.*/# CONFIG_RSA_KEY_SET_DEFAULT is not set/" .config
sed -i "s/^# CONFIG_RSA_KEY_SET_SPACECAST_PVT.*/CONFIG_RSA_KEY_SET_SPACECAST_PVT=y/" .config
fi
}
target="$1"
if [ "$target" == "optimus" ]; then
barebox_config="optimus_defconfig"
keystore_id="GFIBER_DRM"
elif [ "$target" == "spacecast" ]; then
barebox_config="spacecast_defconfig"
keystore_id="SPACECAST"
else
echo "Usage: $0 optimus|spacecast [key-suffix]" >&2
exit 1
fi
key_suffix=""
bin_subdir=""
if [ -n "$2" ]; then
key_suffix="$2"
bin_subdir="$key_suffix/"
fi
binaries=$(pwd)/out
if [ -d $binaries ]; then
rm -rf $binaries.old
mv -f $binaries $binaries.old
fi
mkdir -p $binaries
make distclean
make optimus_uloader_defconfig ARCH=arm
mod_config
make oldconfig
make -j 16
cp uloader.bin $binaries/uloader_unsigned_release.bin
make distclean
make optimus_mfg_defconfig ARCH=arm
mod_config
make oldconfig
make -j 16
cp barebox.bin $binaries/barebox_unsigned_mfg.bin
make distclean
make $barebox_config ARCH=arm
mod_config
make oldconfig
make -j 16
cp barebox.bin $binaries/barebox_unsigned_release.bin
make distclean
make $barebox_config ARCH=arm
echo CONFIG_DEVELOPER_BAREBOX=y >> .config
mod_config
make oldconfig
make -j 16
cp barebox.bin $binaries/barebox_unsigned_unlocked.bin
(
set -e
cd /google/src/files/head/depot/google3/isp/fiber/drm
type=uloader
for n in $binaries/uloader_unsigned_*.bin; do
signed=$(echo $n | sed -e 's/_unsigned_/_signed_/')
blaze run -- //isp/fiber/drm:code_sign_tool sign-image $n \
--image_type=$type --outfile=$signed --keystore_config_id=$keystore_id \
--key_suffix=$key_suffix
done
type=barebox
for n in $binaries/barebox_unsigned_*.bin; do
if [[ "$n" == *"_release"* ]] || [ "$target" != "spacecast" ]; then
signed=$(echo $n | sed -e 's/_unsigned_/_signed_/')
blaze run -- //isp/fiber/drm:code_sign_tool sign-image $n \
--image_type=$type --outfile=$signed --keystore_config_id=$keystore_id \
--key_suffix=$key_suffix
fi
done
blaze --batch run //isp/fiber/drm:drm_keystore_client -- \
--key_type signing_private_key --output $binaries/gfiber_private.pem \
--keystore_config_id=$keystore_id --key_suffix=$key_suffix
)
for n in $binaries/*.bin; do
sig=$(echo $n | sed -e 's/.bin$/.sig/')
openssl dgst -sign $binaries/gfiber_private.pem -sha512 -binary -keyform PEM $n > $sig
done
rm -f $binaries/gfiber_private.pem
cat << EOF
######################################################################
Done
If all looks good and tests well, check in with the following
cp out/*.bin out/*.sig ../../loader-bin/mindspeed/$target/$bin_subdir
cd ../../loader-bin/mindspeed/$target/$bin_subdir
git add *.bin *.sig
git commit
git push gfiber-internal HEAD:refs/for/master
EOF