diff options
| author | laurenw-arm <lauren.wehrmeister@arm.com> | 2023-03-14 11:25:45 -0500 |
|---|---|---|
| committer | Manish V Badarkhe <manish.badarkhe@arm.com> | 2023-03-15 18:50:03 +0100 |
| commit | b568410c158bc3729376c6d31b83af377011dfab (patch) | |
| tree | ba8960c8251e90df2f8ae8d250704e3562162e43 | |
| parent | a6bccb74203ce34555e99e6f30943bbb8fd4f5b6 (diff) | |
tc: refactor for readability
Moving sign_image and fip_update function definitions outside of the
function fetch_tf_resource for better readability.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib0b4bd611b5c37c046d6f966a649994d5ba133c1
| -rw-r--r-- | run_config/fvp-linux.tc | 188 |
1 files changed, 94 insertions, 94 deletions
diff --git a/run_config/fvp-linux.tc b/run_config/fvp-linux.tc index 4861b0c6..429837d4 100644 --- a/run_config/fvp-linux.tc +++ b/run_config/fvp-linux.tc @@ -5,6 +5,100 @@ # SPDX-License-Identifier: BSD-3-Clause # +sign_image() { + # $1 ... host binary name to sign + # $2 ... image load address + # $3 ... signed bin size + + local tmpdir="$(mktempdir)" + host_bin="`basename ${1}`" + signed_bin="signed_`basename ${1}`" + host_binary_layout="`basename -s .bin ${1}`_ns" + + # development PEM containing a key - use same key which is used for SCP BL1 in pre-built image + url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file + archive_file "root-RSA-3072.pem" + + RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem + RSS_SEC_CNTR_INIT_VAL=1 + RSS_LAYOUT_WRAPPER_VERSION="1.7.0" + + cat << EOF > $tmpdir/$host_binary_layout +enum image_attributes { + RE_IMAGE_LOAD_ADDRESS = $2, + RE_SIGN_BIN_SIZE = $3, +}; +EOF + + if [ ! -f $archive/$host_bin ]; then + echo "$archive/$host_bin does not exist. Aborting...!" + exit 1 + fi + + echo "Signing `basename ${1}`" + # Get mcuboot + git clone "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot + # Fetch wrapper script + saveas="$tmpdir" url="$tc_prebuilts/tc$plat_variant/wrapper_scripts" fetch_directory + + echo "Installing dependencies..." + pip3 install cryptography cbor2 intelhex + + pushd $tmpdir/mcuboot/scripts + python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \ + -v $RSS_LAYOUT_WRAPPER_VERSION \ + --layout $tmpdir/$host_binary_layout \ + -k $RSS_SIGN_PRIVATE_KEY \ + --public-key-format full \ + --align 1 \ + --pad \ + --pad-header \ + -H 0x2000 \ + -s $RSS_SEC_CNTR_INIT_VAL \ + $archive/$host_bin \ + $tmpdir/$signed_bin + + echo "created signed_`basename ${1}`" + url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file + archive_file "$signed_bin" + popd +} + +update_fip() { + local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision + + # Get pre-built rss rom + url="$prebuild_prefix/rss_rom.bin" fetch_file + archive_file "rss_rom.bin" + + # Get pre-built rss bl2 signed bin + url="$prebuild_prefix/bl2_signed.bin" fetch_file + archive_file "bl2_signed.bin" + + # Get pre-built rss TF-M NS signed bin + url="$prebuild_prefix/tfm_ns_signed.bin" fetch_file + archive_file "tfm_ns_signed.bin" + + # Get pre-built rss TF-M S signed bin + url="$prebuild_prefix/tfm_s_signed.bin" fetch_file + archive_file "tfm_s_signed.bin" + + # Get pre-built SCP signed bin + url="$prebuild_prefix/scp_signed.bin" fetch_file + archive_file "scp_signed.bin" + + # Create FIP layout + "$fiptool" update \ + --align 8192 --rss-bl2 "$archive/bl2_signed.bin" \ + --align 8192 --rss-ns "$archive/tfm_ns_signed.bin" \ + --align 8192 --rss-s "$archive/tfm_s_signed.bin" \ + --align 8192 --rss-scp-bl1 "$archive/scp_signed.bin" \ + --align 8192 --rss-ap-bl1 "$archive/$signed_bin" \ + --out "host_flash_fip.bin" \ + "$archive/fip.bin" + archive_file "host_flash_fip.bin" +} + fetch_tf_resource() { kernel_type="fvp-tc-kernel" get_kernel initrd_type="fvp-tc-ramdisk" get_initrd @@ -23,100 +117,6 @@ fetch_tf_resource() { # Hold RSS terminal_uart_ap uart="2" file="hold_uart.exp" track_expect - sign_image() { - # $1 ... host binary name to sign - # $2 ... image load address - # $3 ... signed bin size - - local tmpdir="$(mktempdir)" - host_bin="`basename ${1}`" - signed_bin="signed_`basename ${1}`" - host_binary_layout="`basename -s .bin ${1}`_ns" - - # development PEM containing a key - use same key which is used for SCP BL1 in pre-built image - url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file - archive_file "root-RSA-3072.pem" - - RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem - RSS_SEC_CNTR_INIT_VAL=1 - RSS_LAYOUT_WRAPPER_VERSION="1.7.0" - - cat << EOF > $tmpdir/$host_binary_layout -enum image_attributes { - RE_IMAGE_LOAD_ADDRESS = $2, - RE_SIGN_BIN_SIZE = $3, -}; -EOF - - if [ ! -f $archive/$host_bin ]; then - echo "$archive/$host_bin does not exist. Aborting...!" - exit 1 - fi - - echo "Signing `basename ${1}`" - # Get mcuboot - git clone "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot - # Fetch wrapper script - saveas="$tmpdir" url="$tc_prebuilts/tc$plat_variant/wrapper_scripts" fetch_directory - - echo "Installing dependencies..." - pip3 install cryptography cbor2 intelhex - - pushd $tmpdir/mcuboot/scripts - python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \ - -v $RSS_LAYOUT_WRAPPER_VERSION \ - --layout $tmpdir/$host_binary_layout \ - -k $RSS_SIGN_PRIVATE_KEY \ - --public-key-format full \ - --align 1 \ - --pad \ - --pad-header \ - -H 0x2000 \ - -s $RSS_SEC_CNTR_INIT_VAL \ - $archive/$host_bin \ - $tmpdir/$signed_bin - - echo "created signed_`basename ${1}`" - url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file - archive_file "$signed_bin" - popd - } - - update_fip() { - local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision - - # Get pre-built rss rom - url="$prebuild_prefix/rss_rom.bin" fetch_file - archive_file "rss_rom.bin" - - # Get pre-built rss bl2 signed bin - url="$prebuild_prefix/bl2_signed.bin" fetch_file - archive_file "bl2_signed.bin" - - # Get pre-built rss TF-M NS signed bin - url="$prebuild_prefix/tfm_ns_signed.bin" fetch_file - archive_file "tfm_ns_signed.bin" - - # Get pre-built rss TF-M S signed bin - url="$prebuild_prefix/tfm_s_signed.bin" fetch_file - archive_file "tfm_s_signed.bin" - - # Get pre-built SCP signed bin - url="$prebuild_prefix/scp_signed.bin" fetch_file - archive_file "scp_signed.bin" - - # Create FIP layout - "$fiptool" update \ - --align 8192 --rss-bl2 "$archive/bl2_signed.bin" \ - --align 8192 --rss-ns "$archive/tfm_ns_signed.bin" \ - --align 8192 --rss-s "$archive/tfm_s_signed.bin" \ - --align 8192 --rss-scp-bl1 "$archive/scp_signed.bin" \ - --align 8192 --rss-ap-bl1 "$archive/$signed_bin" \ - --out "host_flash_fip.bin" \ - "$archive/fip.bin" - archive_file "host_flash_fip.bin" - } - # sign AP bl1 sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size |