TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / ci / tf-a-ci-scripts / d0ee4bf02baee9ca2c20bb6d84b0179b42f64bf1 / . / run_config / rd1ae_rse_utils.sh
blob: 3aa62a7b336c1d16bcd75b82cc9520b35e94f212 [file] [log] [blame]
Divin Raj5eb69482024-10-02 11:36:04 +0100[diff] [blame]1#!/usr/bin/env bash
2#
3# Copyright (c) 2024, Arm Limited. All rights reserved.
4#
5# SPDX-License-Identifier: BSD-3-Clause
6#
7
8sign_host_ap_bl2_image() {
9 # $1 ... host binary name to sign
10 # $2 ... image load address
11 # $3 ... signed bin size
12
13 local tmpdir="$(mktemp -d)"
14 host_bin="`basename ${1}`"
15 signed_bin="signed_`basename ${1}`"
16 host_binary_layout="`basename -s .bin ${1}`_ns"
17
18 # Download the RSE public key
19 url="$arm_automotive_solutions/rd1ae/root-EC-P256.pem" saveas="root-EC-P256.pem" fetch_file
20 archive_file "root-EC-P256.pem"
21
22 RSE_SIGN_PRIVATE_KEY=$archive/root-EC-P256.pem
23 RSE_LAYOUT_WRAPPER_VERSION="0.0.7"
24
25 cat << EOF > $tmpdir/$host_binary_layout
26enum image_attributes {
27 RE_IMAGE_LOAD_ADDRESS = $2,
28 RE_SIGN_BIN_SIZE = $3,
29};
30EOF
31
32 if [ ! -f $archive/$host_bin ]; then
33 echo "$archive/$host_bin does not exist. Aborting...!"
34 exit 1
35 fi
36
37 echo "Signing `basename ${1}`"
38 # Get mcuboot
39 git clone --branch v2.1.0 "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot
40
41 # Fetch wrapper script
42 saveas="$tmpdir" url="$arm_automotive_solutions/rd1ae/wrapper_scripts" fetch_directory
43
44 pushd $tmpdir/mcuboot/scripts
45 python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \
46 -v $RSE_LAYOUT_WRAPPER_VERSION \
47 --layout $tmpdir/$host_binary_layout \
48 -k $RSE_SIGN_PRIVATE_KEY \
49 --public-key-format full \
50 --align 1 \
51 --pad \
52 --pad-header \
53 --measured-boot-record \
54 -H 0x400 \
55 -s auto \
56 $archive/$host_bin \
57 $tmpdir/$signed_bin
58
59 echo "Generated signed_`basename ${1}`"
60
61 url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file
62 archive_file "$signed_bin"
63 popd
64}
65
66downlaod_rd1ae_prebuilt() {
67 url="$arm_automotive_solutions/rd1ae/core-image-minimal-fvp-rd-kronos.wic" saveas="rootfs.bin" fetch_file
68 archive_file "rootfs.bin"
69
70 # Get pre-built rse encrypted_cm_provisioning_bundle_0 bin
71 url="$arm_automotive_solutions/rd1ae/encrypted_cm_provisioning_bundle_0.bin" \
72 saveas=rse_encrypted_cm_provisioning_bundle_0.bin fetch_file
73 archive_file "rse_encrypted_cm_provisioning_bundle_0.bin"
74
75 # Get pre-built rse encrypted_dm_provisioning_bundle bin
76 url="$arm_automotive_solutions/rd1ae/encrypted_dm_provisioning_bundle_0.bin" \
77 saveas=rse_encrypted_dm_provisioning_bundle.bin fetch_file
78 archive_file "rse_encrypted_dm_provisioning_bundle.bin"
79
80 # Get pre-built rse-rom-image.img
81 url="$arm_automotive_solutions/rd1ae/rse-rom-image.img" saveas=rse_rom.bin fetch_file
82 archive_file "rse_rom.bin"
83
84 # Get pre-built rse-flash-image.img
85 url="$arm_automotive_solutions/rd1ae/rse-flash-image.img" saveas=rse_flash.bin fetch_file
86 archive_file "rse_flash.bin"
87
88 # Get pre-built rse-nvm-image.img
89 url="$arm_automotive_solutions/rd1ae/rse-nvm-image.img" fetch_file
90 archive_file "rse-nvm-image.img"
91}
92
93update_ap_flash_image() {
94 # Downlaod prebuilt ap-flash-image.img
95 url="$arm_automotive_solutions/rd1ae/ap-flash-image.img" saveas=fip_gpt.bin fetch_file
96 archive_file "fip_gpt.bin"
97
98 if [ ! -f "$archive/fip.bin" ]; then
99 echo "$archive/fip.bin does not exist. Aborting...!"
100 exit 1
101 fi
102
103 echo "Updating ap-flash-image..."
104 dd if=$archive/fip.bin of=$archive/fip_gpt.bin bs=1 seek=0 conv=notrunc
105 dd if=$archive/fip.bin of=$archive/fip_gpt.bin bs=1 seek=$((0x200000)) conv=notrunc
106 echo "Succesfully updated."
107}