File: createSRKFuses

package info (click to toggle)
imx-code-signing-tool 3.3.1%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 5,336 kB
  • sloc: ansic: 10,752; sh: 1,167; python: 384; yacc: 245; makefile: 117; lex: 59
file content (129 lines) | stat: -rwxr-xr-x 3,245 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#
# Copyright 2017-2018 NXP
#
##########################################################################
#!/bin/bash
#
# SCRIPT:  	createSRKFuses
#
# DESCRIPTION:	Create SRK fuses from SRK table generated by SRKTOOL or 
# 		createSrkTable script. This script shows steps to compute
#		SRK fuses and can be verified against the fuses generated
#		by SRKTOOL or createSRKTable script.
#
##########################################################################


#Debug
DEBUG=0

# Help
if [[ "$1" = "-h" || "$1" = "--help" || "$1" = "" ]] ; then
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Input SRK Table file
SRKtablefile="$1"
if [[ -n "$SRKtablefile" &&  -f "$SRKtablefile" ]] ; then
	echo "SRK table file is $1"
else
	echo "File $1 doesnt exist or is empty"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Number of SRK certs
if [[ $2 > 0 && $2 < 5 ]] ; then
	nSRK=$2
	echo "Number of SRKs are $nSRK"
else
	echo "Number of SRKs need to be between 1 and 4"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# SRK key length
lSRK=$3
if [[ $lSRK = 1024 || $lSRK = 2048 || $lSRK = 3072 || $lSRK = 4096 ]] ; then
	echo "SRK Key length is $lSRK"
else
	echo "SRK key length needs to be 1024, 2048, 3072 or 4096 bits"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Decide size of cert w.r.t SRK Key Length
if [ $lSRK = 1024 ] ; then
	countSize=143;
elif [ $lSRK = 2048 ] ; then
	countSize=271;
elif [ $lSRK = 3072 ] ; then
	countSize=399;
elif [ $lSRK = 4096 ] ; then
	countSize=527;
fi


# Divide SRK certificates into individual file
i=$nSRK
for nSRK in {1..4} ; do
	dd if=$1 of=SRKCert$nSRK bs=1 skip=$((4+($countSize*($nSRK-1)))) count=$countSize
	echo "File SRKCert$nSRK created"
	if [ $nSRK = $i ] ; then
		break
	fi
done

#SRK certs being hashed once
i=1
for fSRK in SRKCert[1234] ; do
	sha256sum $fSRK | \
		awk '{print $1}' | \
			perl -e 'print pack "H*", <STDIN>' | \
				dd of=$fSRK.bin bs=1 count=32
	echo "File $fSRK.bin created"
	if [ $nSRK = $i ] ; then
		break
	fi
	i=$((i+1))
done

#SRK certs hashed again
cat SRKCert[1234].bin | \
	sha256sum | awk '{print $1}' | \
		perl -e 'print pack "H*", <STDIN>' | \
			dd of=SRK_fuses.bin bs=1 count=32

#remove all temp files
if [ $DEBUG = 0 ]; then
	rm -v SRKCert*
fi

if [ $DEBUG != 0 ]; then
#hexdiff if available
#	hexdiff SRK_fuses.bin SRK_1_2_3_4_fuse.bin
	
	echo "Created Hash SRK_fuses.bin"
	hexdump SRK_fuses.bin
	echo -n "Enter the SRK fuse filename created by SRKTOOL/createSRKTable script > "
	read SRKfuse
	echo "Existing Hash from SRK tool in $SRKfuse file"
	hexdump $SRKfuse
fi