1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
|
#
# Copyright 2017-2018 NXP
#
##########################################################################
#!/bin/bash
#
# SCRIPT: createSRKFuses
#
# DESCRIPTION: Create SRK fuses from SRK table generated by SRKTOOL or
# createSrkTable script. This script shows steps to compute
# SRK fuses and can be verified against the fuses generated
# by SRKTOOL or createSRKTable script.
#
##########################################################################
#Debug
DEBUG=0
# Help
if [[ "$1" = "-h" || "$1" = "--help" || "$1" = "" ]] ; then
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Input SRK Table file
SRKtablefile="$1"
if [[ -n "$SRKtablefile" && -f "$SRKtablefile" ]] ; then
echo "SRK table file is $1"
else
echo "File $1 doesnt exist or is empty"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Number of SRK certs
if [[ $2 > 0 && $2 < 5 ]] ; then
nSRK=$2
echo "Number of SRKs are $nSRK"
else
echo "Number of SRKs need to be between 1 and 4"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# SRK key length
lSRK=$3
if [[ $lSRK = 1024 || $lSRK = 2048 || $lSRK = 3072 || $lSRK = 4096 ]] ; then
echo "SRK Key length is $lSRK"
else
echo "SRK key length needs to be 1024, 2048, 3072 or 4096 bits"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Decide size of cert w.r.t SRK Key Length
if [ $lSRK = 1024 ] ; then
countSize=143;
elif [ $lSRK = 2048 ] ; then
countSize=271;
elif [ $lSRK = 3072 ] ; then
countSize=399;
elif [ $lSRK = 4096 ] ; then
countSize=527;
fi
# Divide SRK certificates into individual file
i=$nSRK
for nSRK in {1..4} ; do
dd if=$1 of=SRKCert$nSRK bs=1 skip=$((4+($countSize*($nSRK-1)))) count=$countSize
echo "File SRKCert$nSRK created"
if [ $nSRK = $i ] ; then
break
fi
done
#SRK certs being hashed once
i=1
for fSRK in SRKCert[1234] ; do
sha256sum $fSRK | \
awk '{print $1}' | \
perl -e 'print pack "H*", <STDIN>' | \
dd of=$fSRK.bin bs=1 count=32
echo "File $fSRK.bin created"
if [ $nSRK = $i ] ; then
break
fi
i=$((i+1))
done
#SRK certs hashed again
cat SRKCert[1234].bin | \
sha256sum | awk '{print $1}' | \
perl -e 'print pack "H*", <STDIN>' | \
dd of=SRK_fuses.bin bs=1 count=32
#remove all temp files
if [ $DEBUG = 0 ]; then
rm -v SRKCert*
fi
if [ $DEBUG != 0 ]; then
#hexdiff if available
# hexdiff SRK_fuses.bin SRK_1_2_3_4_fuse.bin
echo "Created Hash SRK_fuses.bin"
hexdump SRK_fuses.bin
echo -n "Enter the SRK fuse filename created by SRKTOOL/createSRKTable script > "
read SRKfuse
echo "Existing Hash from SRK tool in $SRKfuse file"
hexdump $SRKfuse
fi
|