From ea1e03d546f5a672862e15c6bc1880e1f2f04db0 Mon Sep 17 00:00:00 2001
From: Jimmy Zhang <jimmzhang@nvidia.com>
Date: Mon, 11 Apr 2016 12:18:08 -0700
Subject: [PATCH] sign.sh: Add more features

1. Use parameter <soc> to specify boot image type. ie, tegra124, tegra210.
   Previouly sign.sh can only sign for tegra210 boot image.

2. Automatically generate signed bct, ie, tegra124.bct, tegra210.bct.
   A signed bct is needed when flashing target.

Command syntax:
   $ ./sign.sh <soc> <bootimage> <rsa_key>

Example:

   $ ./sign.sh tegra124 t124.img rsa_priv.pem

Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
---
 samples/sign.sh | 68 ++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 59 insertions(+), 9 deletions(-)

diff --git a/samples/sign.sh b/samples/sign.sh
index 2edd126..c9d237d 100755
--- a/samples/sign.sh
+++ b/samples/sign.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright (c) 2015, NVIDIA CORPORATION.  All rights reserved.
+# Copyright (c) 2015-2016, NVIDIA CORPORATION.  All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify it
 # under the terms and conditions of the GNU General Public License,
@@ -17,9 +17,49 @@
 # See file CREDITS for list of people who contributed to this
 # project.
 #
+
+Usage ()
+{
+	cat << EOF
+Usage: ./sign.sh <soc> <boot_image> <rsa_priv_key>
+  Where,
+	soc: tegra124, tegra210
+	boot_image: image generated by cbootimage,
+	priv_key: rsa key file in .pem format.
+EOF
+	exit 1;
+}
+
 set -e
-IMAGE_FILE=$1
-KEY_FILE=$2
+
+soc=$1		# tegra124, tegra210
+if [[ "${soc}" = tegra124 ]]; then
+	bl_block_offset=16384;  # emmc: 16384, spi_flash: 32768: default: emmc
+	bct_signed_offset=1712;
+	bct_signed_length=6480;
+elif [[ "${soc}" = tegra210 ]]; then
+	bl_block_offset=32768;  # emmc: 16384, spi_flash: 32768: default: spi
+	bct_signed_offset=1296;
+	bct_signed_length=8944;
+else
+	echo "Error: Invalid target device: soc = $soc";
+	Usage;
+fi;
+bct_length=$(($bct_signed_offset + $bct_signed_length));
+
+# more error check
+if [ $# -lt 3 ]; then
+	echo "Error: Missing parameter(s)";
+	Usage;
+fi;
+
+#
+# In case to add more parameters in the future, we keep the last two as
+# IMAGE_FILE and KEY_FILE
+#
+argv=($@);
+IMAGE_FILE=${argv[$#-2]};
+KEY_FILE=${argv[$#-1]};
 TARGET_IMAGE=$IMAGE_FILE
 CONFIG_FILE=config.tmp
 
@@ -33,15 +73,15 @@ MV=mv
 XXD=xxd
 CUT=cut
 
-echo "Get rid of all temporary files: *.sig, *.tosig, *.tmp *.mod"
-$RM -f *.sig *.tosig *.tmp *.mod
+echo "Sign ${soc} ${IMAGE_FILE} with key ${KEY_FILE}"
 
 echo "Get bl length "
 BL_LENGTH=`$BCT_DUMP $IMAGE_FILE | grep "Bootloader\[0\].Length"\
  | awk -F ' ' '{print $4}' | awk -F ';' '{print $1}'`
 
 echo "Extract bootloader to $IMAGE_FILE.bl.tosig, length $BL_LENGTH"
-$DD bs=1 skip=32768 if=$IMAGE_FILE of=$IMAGE_FILE.bl.tosig count=$BL_LENGTH
+$DD bs=1 skip=${bl_block_offset} if=$IMAGE_FILE of=$IMAGE_FILE.bl.tosig \
+	 count=$BL_LENGTH
 
 echo "Calculate rsa signature for bootloader and save to $IMAGE_FILE.bl.sig"
 $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
@@ -50,10 +90,11 @@ $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
 echo "Update bootloader's rsa signature, aes hash and bct's aes hash"
 echo "RsaPssSigBlFile = $IMAGE_FILE.bl.sig;" > $CONFIG_FILE
 echo "RehashBl;" >> $CONFIG_FILE
-$CBOOTIMAGE -s tegra210 -u $CONFIG_FILE $IMAGE_FILE $IMAGE_FILE.tmp
+$CBOOTIMAGE -s ${soc} -u $CONFIG_FILE $IMAGE_FILE $IMAGE_FILE.tmp
 
 echo "Extract the part of bct which needs to be rsa signed"
-$DD bs=1 if=$IMAGE_FILE.tmp of=$IMAGE_FILE.bct.tosig count=8944 skip=1296
+$DD bs=1 if=$IMAGE_FILE.tmp of=$IMAGE_FILE.bct.tosig skip=${bct_signed_offset} \
+ count=${bct_signed_length}
 
 echo "Calculate rsa signature for bct and save to $IMAGE_FILE.bct.sig"
 $OPENSSL dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
@@ -70,4 +111,13 @@ $XXD -r -p -l 256 $KEY_FILE.mod.tmp $KEY_FILE.mod.bin
 echo "Update bct's rsa signature and modulus"
 echo "RsaPssSigBctFile = $IMAGE_FILE.bct.sig;" > $CONFIG_FILE
 echo "RsaKeyModulusFile = $KEY_FILE.mod.bin;" >> $CONFIG_FILE
-$CBOOTIMAGE -s tegra210 -u $CONFIG_FILE $IMAGE_FILE.tmp $TARGET_IMAGE
+echo ""
+$CBOOTIMAGE -s ${soc} -u $CONFIG_FILE $IMAGE_FILE.tmp $TARGET_IMAGE
+
+echo ""
+$DD bs=1 if=$TARGET_IMAGE of=${soc}.bct count=${bct_length}
+echo ""
+echo "Signed bct ${soc}.bct has been successfully generated!";
+
+#echo "Get rid of all temporary files: *.sig, *.tosig, *.tmp, *.mod, *.mod.bin"
+$RM -f *.sig *.tosig *.tmp *.mod *.mod.bin