tegra-helper-scripts: add a helper to wrap l4t_sign_image.sh

Mainly so we can pass the same TEGRA_SIGNING_ARGS options when doing file signing as we use for other signing operations. Signed-off-by: Matt Madison <[email protected]>
lmp-mirrors · Jun 9, 2021 · c0b03b5 · c0b03b5
1 parent 361d1f3
commit c0b03b5
Show file tree

Hide file tree

Showing 2 changed files with 95 additions and 0 deletions.
diff --git a/recipes-bsp/tegra-binaries/tegra-helper-scripts-native_32.5.1.bb b/recipes-bsp/tegra-binaries/tegra-helper-scripts-native_32.5.1.bb
@@ -12,6 +12,7 @@ SRC_URI = " \
     file://tegra210-flash-helper.sh \
     file://nvflashxmlparse.py \
     file://make-sdcard.sh \
+    file://tegra-signimage-helper.sh \
 "
 
 S = "${WORKDIR}"
@@ -25,4 +26,5 @@ do_install() {
     install -m 0755 ${S}/make-sdcard.sh ${D}${bindir}/tegra210-flash/make-sdcard
     install -m 0755 ${S}/nvflashxmlparse.py ${D}${bindir}/tegra186-flash/nvflashxmlparse
     install -m 0755 ${S}/make-sdcard.sh ${D}${bindir}/tegra186-flash/make-sdcard
+    install -m 0755 ${S}/tegra-signimage-helper.sh ${D}${bindir}/tegra186-flash/tegra-signimage-helper
 }
diff --git a/recipes-bsp/tegra-binaries/tegra-helper-scripts/tegra-signimage-helper.sh b/recipes-bsp/tegra-binaries/tegra-helper-scripts/tegra-signimage-helper.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+keyfile=
+user_keyfile=
+to_remove=
+split=True
+chip=
+encrypting=
+
+ARGS=$(getopt -n $(basename "$0") -l "user_key:,chip:,nosplit" -o "u:v:" -- "$@")
+if [ $? -ne 0 ]; then
+    echo "Error parsing options" >&2
+    exit 1
+fi
+eval set -- "$ARGS"
+unset ARGS
+
+while true; do
+    case "$1" in
+	--chip)
+	    chip="$2"
+	    shift 2
+	    ;;
+	--user_key)
+	    user_keyfile="$2"
+	    shift 2
+	    ;;
+	--nosplit)
+	    split=False
+	    shift
+	    ;;
+	-u)
+	    keyfile="$2"
+	    shift 2
+	    ;;
+	-v)
+	    # Accepted here to tell us that we need to
+	    # generate an all-zeros user_keyfile
+	    encrypting=yes
+	    shift 2
+	    ;;
+	--)
+	    shift
+	    break
+	    ;;
+	*)
+	    echo "Error processing options" >&2
+	    exit 1
+	    ;;
+    esac
+done
+
+if [ -z "$chip" ]; then
+    echo "ERR: --chip option not specified" >&2
+    exit 1
+fi
+
+here=$(readlink -f $(dirname "$0"))
+
+if [ -x $here/l4t_sign_image.sh ]; then
+    signimg="$here/l4t_sign_image.sh";
+else
+    hereparent=$(readlink -f "$here/.." 2>/dev/null)
+    if [ -n "$hereparent" -a -x "$hereparent/l4t_sign_image.sh" ]; then
+	signimg="$hereparent/l4t_sign_image.sh"
+    fi
+fi
+if [ -z "$signimg" ]; then
+    echo "ERR: missing l4t_sign_image script" >&2
+    exit 1
+fi
+
+if [ "$keyfile" = "None" ]; then
+    keyfile=""
+fi
+
+tmpuserkey=
+if [ -z "$user_keyfile" -a "$encrypting" = "yes" ]; then
+    tmpuserkey=$(mktemp)
+    echo "0x00000000 0x00000000 0x00000000 0x00000000" > "$tmpuserkey"
+    user_keyfile=$(readlink -f "$tmpuserkey")
+    echo "Using null key for encryption" >&2
+fi
+rc=0
+while [ -n "$1" ]; do
+    filetosign="$1"
+    shift
+    if ! "$signimg" --file "$filetosign"  --key "$keyfile" --encrypt_key "$user_keyfile" --chip "$chip" --split $split; then
+	echo "Error signing $filetosign" >&2
+	rc=1
+    fi
+done
+[ -z "$tmpuserkey" ] || rm -f "$tmpuserkey"
+exit $rc