• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /bin/sh
2
3#If want to decrypt ddr_init.bin,u-boot.bin and their signatures,
4#you must to set the KEY and IV for aes, and IV can't be zero;
5#otherwise, ddr_init.bin, u-boot.bin and their signatures would
6#not be decrypted.
7
8#The IV and KEY must be used at the same time.
9
10#The length of IV should be 16 Byte.
11IV=
12
13#The length of KEY should be 32 Byte.
14KEY=
15
16#please set ddr_file uboot_file
17ddr_init_file=ddr_init_reg_info.bin
18uboot_file=u-boot-original.bin
19
20if [ ! -e $uboot_file ] ||  [ ! -e $ddr_init_file ];then
21echo ==================================================================================
22echo "  please set ddr_init_file/uboot_file !!! "
23echo ==================================================================================
24exit 1 ;
25fi
26echo "";
27echo "usage:";
28echo "     ddr_init_file = $ddr_init_file";
29echo ""
30echo "     uboot_file    = $uboot_file";
31echo "";
32echo "     IV            = $IV";
33echo "";
34echo "     KEY           = $KEY";
35echo "";
36
37
38dec2hex(){
39	printf "0x%08x" $1
40}
41
42function H_TO_NL {
43        local tmp1=$[$1 & 0xff]
44        local tmp2=$[$[$1 & 0xff00] >> 8]
45        local tmp3=$[$[$1 & 0xff0000] >> 16]
46        local tmp4=$[$[$1 & 0xff000000] >> 24]
47        local val=$[$[$tmp1 << 24] | $[$tmp2 << 16] | $[$tmp3 << 8] | $tmp4]
48
49        echo $val
50}
51
52function HASH_OTP_TABLE {
53	Str=`cat $1`
54	echo $Str > $2
55	echo ================================================================================== >> $2
56	echo "input_file: $1" >> $2
57	echo ================================================================================== >> $2
58	for((i=0; i<64; i=i+8))
59	do
60		word=${Str:i:8};
61		word=$(printf "0x%s" $word)
62		word=$(H_TO_NL $word)
63		word=$(printf "0x%08x" $word)
64		reg=$[0x100b000c + $(($i/2))]     # OTP reg
65		reg=$(printf "%08x" $reg)
66		echo rootkey_hash[$(($i/8))]=mw 0x$reg $word  >> $2
67	done
68}
69
70function AES_OTP_TABLE {
71	Str=$1
72	echo "AES KEY FILE" > $2
73	echo ================================================================================== >> $2
74	echo "AES KEY:: $1" >> $2
75	echo ================================================================================== >> $2
76	for((i=0; i<64; i=i+8))
77	do
78		word=${Str:i:8};
79		word=$(printf "0x%s" $word)
80		word=$(H_TO_NL $word)
81		word=$(printf "0x%08x" $word)
82		reg=$[0x100b000c + $(($i/2))]     # OTP reg
83		reg=$(printf "%08x" $reg)
84		echo aes_key_val[$(($i/8))]=mw 0x$reg $word  >> $2
85	done
86}
87
88##################2048############################
89if [ $1 = "rsa2048pem_gen" ];then
90if [ -f rsa2048pem/rsa_pub_2048.pem ]; then
91echo "....................rsa_2048........................."
92#4:RSA_pub N+E
93openssl base64 -d -in rsa2048pem/rsa_pub_2048.pem -out private.bin
94dd if=./private.bin of=./fb1 bs=1 skip=33 count=256
95for((i=1;i<=253;i++))
96do
97	echo 0x00 | xxd -r >> fb2
98done
99dd if=./private.bin of=./fb3 bs=1 skip=291 count=3
100cat fb1 fb2 fb3 > all.bin
101cp all.bin rsa2048pem/rsa_pub_2048.bin
102filesize=`wc -c < all.bin`
103if [ $filesize == 512 ];then
104echo ""
105echo 0:RSA_PUB creat OK!
106echo RSA_PUB file_size = $filesize
107echo ""
108else
109echo 0:RSA_PUB creat error!
110echo RSA_PUB file_size = $filesize
111echo ""
112fi
113rm -f fb1 fb2 fb3 private.bin
114
115#5:IV
116if [ $IV ];then
117echo 0x$IV | xxd -r >> all.bin
118else
119echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
120fi
121
122#6:DDR_len
123#1)The ddr image must be filled with 16 bytes.
124filesize=`wc -c < $ddr_init_file`
125echo "1:The ddr image must be 16-byte aligned!"
126echo $ddr_init_file dec_size = $filesize
127a=$(($filesize % 16))
128if [ $a == 0 ];then
129b=0
130else
131b=$((16-$a))
132fi
133cp $ddr_init_file ddr_16byte_alig.bin
134for((i=1;i<=$b;i++))
135do
136	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
137done
138filesize=`wc -c < ddr_16byte_alig.bin`
139echo ddr_16byte_alig.bin dec_size = $filesize
140echo ""
141#2)fill iamge len
142a=$(dec2hex $filesize)
143a=$(H_TO_NL $a)
144a=$(dec2hex $a)
145echo $a | xxd -r > ddr_len.txt
146#big_lit ddr_len.txt
147cat ddr_len.txt >> all.bin
148
149#7:DDR.BIN
150cat ddr_16byte_alig.bin >> all.bin
151
152#8:ddr_sig
153openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
154if [ -f ddr_sig.bin ]; then
155echo 2:creat ddr_sig.bin ok!
156echo ""
157fi
158
159cat ddr_sig.bin >> all.bin
160
161#9:u-boot_len
162#1)The boot image must be filled with 16 bytes.
163filesize=`wc -c < $uboot_file`
164echo "3:The boot image must be 16-byte aligned!"
165echo $uboot_file dec_size = $filesize
166a=$(($filesize % 16))
167if [ $a == 0 ];then
168b=0
169else
170b=$((16-$a))
171fi
172cp $uboot_file uboot_16byte_alig.bin
173for((i=1;i<=$b;i++))
174do
175	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
176done
177#2)fill iamge len
178filesize=`wc -c < uboot_16byte_alig.bin`
179filesize=$[filesize]
180echo uboot_16byte_alig.bin dec_size = $filesize
181echo ""
182a=$(dec2hex $filesize)
183a=$(H_TO_NL $a)
184a=$(dec2hex $a)
185echo $a | xxd -r > uboot_len.txt
186#big_lit uboot_len.txt
187cat uboot_len.txt >> all.bin
188
189#10:u-boot.bin + uboot_sing.bin
190if [ $KEY ]; then
191#IV and KEY have set,
192#1) Obtain a new KEY by decrypting the ECB mode.
193echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
194echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
195openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
196openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
197cat out_2.bin >> out_1.bin
198KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
199rm out_*.bin seed_*.bin
200echo 4:Obtain a new KEY by decrypting the ECB mode!
201echo new_KEY = $KEY_ecb
202echo ""
203#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
204#2)boot_sig+boot
205openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
206if [ -f uboot_sig.bin ];then
207echo 5:AES:creat uboot_sig.bin OK!
208echo ""
209else
210echo 5:AES:creat uboot_sig.bin error!
211echo ""
212fi
213cp uboot_16byte_alig.bin u-cbc.bin
214cat uboot_sig.bin >> u-cbc.bin
215#3) Use the new KEY and IV to encrypt the image in CBC mode.
216if [ $IV ];then
217openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
218else
219echo error: please set IV!
220fi
221cat cbc_boot.bin >> all.bin
222rm u-cbc.bin cbc_boot.bin
223
224else
225#If the IV and KEY are not set, use the default image.
226#1)boot_bin
227cat uboot_16byte_alig.bin >> all.bin
228#2):boot_sig
229openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
230if [ -f uboot_sig.bin ];then
231echo 4:RSA:creat uboot_sig.bin OK!
232echo ""
233else
234echo 4:RSA:creat uboot_sig.bin error!
235fi
236cat uboot_sig.bin >> all.bin
237fi
238
239#1:MAGIC
240touch head.txt
241val=0x4253424d
242val=$(H_TO_NL $val)
243val=$(dec2hex $val)
244echo $val | xxd -r > head.txt
245
246#2:TOTAL_LEN
247filesize=`wc -c < all.bin`
248filesize=$[$filesize+16]
249echo all.bin dec_size = $filesize
250a=$(dec2hex $filesize)
251a=$(H_TO_NL $a)
252a=$(dec2hex $a)
253echo $a | xxd -r >> head.txt
254
255#3:RSA2048
256a=0x00000100
257a=$(H_TO_NL $a)
258a=$(dec2hex $a)
259echo $a | xxd -r >> head.txt
260echo $a | xxd -r >> head.txt
261
262#######big->lit##########
263#touch head_e.txt
264#Fill in the first 16 bytes of the image.
265cat all.bin  >> head.txt
266cat head.txt > u-boot-rsa2048.bin
267
268#Gets the hash value of the public KEY
269echo Gets the hash value of the public KEY!
270dd if=./u-boot-rsa2048.bin of=rsa2048pem/rsa_pub_2048.bin bs=1 skip=16 count=512
271openssl dgst -sha256 -r  -hex rsa2048pem/rsa_pub_2048.bin >rsa2048pem/rsa_pub_2048_sha256.txt
272
273
274HASH_OTP_TABLE rsa2048pem/rsa_pub_2048_sha256.txt rsa2048pem/rsa2048_pem_hash_val.txt
275cat rsa2048pem/rsa2048_pem_hash_val.txt
276
277#clean
278rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
279rm *.txt *_sig.bin
280echo "....................................................."
281echo
282echo
283fi
284fi
285
286##################################################
287####################4096##########################
288#################################################
289if [ $1 = "rsa4096pem_gen" ];then
290if [ -f rsa4096pem/rsa_pub_4096.pem ]; then
291echo "....................rsa_4096........................."
292#4:RSA_pub
293openssl base64 -d -in rsa4096pem/rsa_pub_4096.pem -out private_4096.bin
294dd if=./private_4096.bin of=./fb1 bs=1 skip=33 count=512
295for((i=1;i<=509;i++))
296do
297	echo 0x00 | xxd -r >> fb2
298done
299dd if=./private_4096.bin of=./fb3 bs=1 skip=547 count=3
300cat fb1 fb2 fb3 > all.bin
301
302filesize=`wc -c < all.bin`
303if [ $filesize == 1024 ];then
304	echo ""
305	echo 0:RSA_PUB creat OK!
306	echo RSA_PUB file_size = $filesize
307	echo ""
308else
309	echo 0:RSA_PUB creat error!
310	echo RSA_PUB file_size = $filesize
311	echo ""
312fi
313rm -f fb1 fb2 fb3 private.bin
314
315#5:IV
316if [ $IV ];then
317echo 0x$IV | xxd -r >> all.bin
318else
319echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
320fi
321
322#6:DDR_len
323#1)The ddr image must be filled with 16 bytes.
324filesize=`wc -c < $ddr_init_file`
325echo "1:The ddr image must be 16-byte aligned!"
326echo $ddr_init_file dec_size = $filesize
327a=$(($filesize % 16))
328if [ $a == 0 ];then
329b=0
330else
331b=$((16-$a))
332fi
333cp $ddr_init_file ddr_16byte_alig.bin
334for((i=1;i<=$b;i++))
335do
336	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
337done
338filesize=`wc -c < ddr_16byte_alig.bin`
339echo ddr_16byte_alig.bin dec_size = $filesize
340echo ""
341#2)fill iamge len
342a=$(dec2hex $filesize)
343a=$(H_TO_NL $a)
344a=$(dec2hex $a)
345echo $a | xxd -r > ddr_len.txt
346#big_lit ddr_len.txt
347cat ddr_len.txt >> all.bin
348
349#7:DDR.BIN
350openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
351cat ddr_16byte_alig.bin >> all.bin
352
353#8:ddr_sig
354cat ddr_sig.bin >> all.bin
355if [ -f ddr_sig.bin ]; then
356echo 2:creat ddr_sig.bin ok!
357echo ""
358fi
359
360#9:u-boot_len
361#1)The boot image must be filled with 16 bytes.
362filesize=`wc -c < $uboot_file`
363echo "3:The boot image must be 16-byte aligned!"
364echo $uboot_file dec_size = $filesize
365a=$(($filesize % 16))
366if [ $a == 0 ];then
367b=0
368else
369b=$((16-$a))
370fi
371cp $uboot_file uboot_16byte_alig.bin
372for((i=1;i<=$b;i++))
373do
374	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
375done
376#2)fill iamge len
377filesize=`wc -c < uboot_16byte_alig.bin`
378filesize=$[filesize]
379echo uboot_16byte_alig.bin dec_size = $filesize
380echo ""
381a=$(dec2hex $filesize)
382a=$(H_TO_NL $a)
383a=$(dec2hex $a)
384echo $a | xxd -r > uboot_len.txt
385#big_lit uboot_len.txt
386cat uboot_len.txt >> all.bin
387
388#10:u-boot.bin + uboot_sing.bin
389if [ $KEY ]; then
390#IV and KEY have set,
391#1) Obtain a new KEY by decrypting the ECB mode.
392echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
393echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
394openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
395openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
396cat out_2.bin >> out_1.bin
397KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
398rm out_*.bin seed_*.bin
399echo 4:Obtain a new KEY by decrypting the ECB mode!
400echo new_KEY = $KEY_ecb
401echo ""
402#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
403#2)boot_sig+boot
404openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
405if [ -f uboot_sig.bin ];then
406echo 5:AES:creat uboot_sig.bin OK!
407echo ""
408else
409echo 5:AES:creat uboot_sig.bin error!
410echo ""
411fi
412
413cp uboot_16byte_alig.bin u-cbc.bin
414cat uboot_sig.bin >> u-cbc.bin
415#3) Use the new KEY and IV to encrypt the image in CBC mode.
416if [ $IV ];then
417openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
418fi
419cat cbc_boot.bin >> all.bin
420rm u-cbc.bin cbc_boot.bin
421
422else
423#If the IV and KEY are not set, use the default image.
424#1)boot_bin
425cat uboot_16byte_alig.bin >> all.bin
426#2):boot_sig
427openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
428if [ -f uboot_sig.bin ];then
429echo 4:RSA:creat uboot_sig.bin OK!
430echo ""
431else
432echo 4:RSA:creat uboot_sig.bin error!
433echo ""
434fi
435cat uboot_sig.bin >> all.bin
436fi
437
438#1:MAGIC
439touch head.txt
440val=0x4253424D
441val=$(H_TO_NL $val)
442val=$(dec2hex $val)
443echo $val | xxd -r > head.txt
444
445#2:TOTAL_LEN
446filesize=`wc -c < all.bin`
447filesize=$[$filesize+16]
448echo all.bin dec_size = $filesize
449a=$(dec2hex $filesize)
450a=$(H_TO_NL $a)
451a=$(dec2hex $a)
452echo $a | xxd -r >> head.txt
453
454#3:RSA4096
455a=0x00000200
456a=$(H_TO_NL $a)
457a=$(dec2hex $a)
458echo $a | xxd -r >> head.txt
459echo $a | xxd -r >> head.txt
460
461#######big->lit##########
462#touch head_e.txt
463#Fill in the first 16 bytes of the image.
464cat all.bin  >> head.txt
465cat head.txt > u-boot-rsa4096.bin
466
467#Gets the hash value of the public KEY
468echo Gets the hash value of the public KEY!
469dd if=./u-boot-rsa4096.bin of=rsa4096pem/rsa_pub_4096.bin bs=1 skip=16 count=1024
470openssl dgst -sha256 -r  -hex rsa4096pem/rsa_pub_4096.bin >rsa4096pem/rsa_pub_4096_sha256.txt
471
472HASH_OTP_TABLE rsa4096pem/rsa_pub_4096_sha256.txt  rsa4096pem/rsa4096_pem_hash_val.txt
473cat rsa4096pem/rsa4096_pem_hash_val.txt
474
475#clean
476rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
477rm *.txt *_sig.bin
478echo "....................................................."
479fi
480fi
481
482if [ $KEY ]; then
483AES_OTP_TABLE $KEY aes_otp_cfg.txt
484echo  create aes_otp_cfg.txt over!
485fi
486