1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# SPDX-License-Identifier: BSD-3-Clause
#
# Copyright 2017-2018, 2023 NXP
#
##########################################################################
#!/bin/bash
#
# SCRIPT: createSRKFuses
#
# DESCRIPTION: Create SRK fuses from SRK table generated by SRKTOOL or
# createSrkTable script. This script shows steps to compute
# SRK fuses and can be verified against the fuses generated
# by SRKTOOL or createSRKTable script.
#
##########################################################################
#Debug
DEBUG=0
# Help
if [[ "$1" = "-h" || "$1" = "--help" || "$1" = "" ]] ; then
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Input SRK Table file
SRKtablefile="$1"
if [[ -n "$SRKtablefile" && -f "$SRKtablefile" ]] ; then
echo "SRK table file is $1"
else
echo "File $1 doesnt exist or is empty"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Number of SRK certs
if [[ $2 > 0 && $2 < 5 ]] ; then
nSRK=$2
echo "Number of SRKs are $nSRK"
else
echo "Number of SRKs need to be between 1 and 4"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# SRK key length
lSRK=$3
if [[ $lSRK = 1024 || $lSRK = 2048 || $lSRK = 3072 || $lSRK = 4096 ]] ; then
echo "SRK Key length is $lSRK"
else
echo "SRK key length needs to be 1024, 2048, 3072 or 4096 bits"
echo
echo "./createSRKFuses [-h|--help] for help"
echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
echo "Number of SRK : 1 - 4"
echo "SRK Key Length : 1024, 2048, 3072, 4096"
exit 1
fi
# Decide size of cert w.r.t SRK Key Length
if [ $lSRK = 1024 ] ; then
countSize=143;
elif [ $lSRK = 2048 ] ; then
countSize=271;
elif [ $lSRK = 3072 ] ; then
countSize=399;
elif [ $lSRK = 4096 ] ; then
countSize=527;
fi
# Divide SRK certificates into individual file
i=$nSRK
for nSRK in {1..4} ; do
dd if=$1 of=SRKCert$nSRK bs=1 skip=$((4+($countSize*($nSRK-1)))) count=$countSize
echo "File SRKCert$nSRK created"
if [ $nSRK = $i ] ; then
break
fi
done
#SRK certs being hashed once
i=1
for fSRK in SRKCert[1234] ; do
sha256sum $fSRK | \
awk '{print $1}' | \
perl -e 'print pack "H*", <STDIN>' | \
dd of=$fSRK.bin bs=1 count=32
echo "File $fSRK.bin created"
if [ $nSRK = $i ] ; then
break
fi
i=$((i+1))
done
#SRK certs hashed again
cat SRKCert[1234].bin | \
sha256sum | awk '{print $1}' | \
perl -e 'print pack "H*", <STDIN>' | \
dd of=SRK_fuses.bin bs=1 count=32
#remove all temp files
if [ $DEBUG = 0 ]; then
rm -v SRKCert*
fi
if [ $DEBUG != 0 ]; then
#hexdiff if available
# hexdiff SRK_fuses.bin SRK_1_2_3_4_fuse.bin
echo "Created Hash SRK_fuses.bin"
hexdump SRK_fuses.bin
echo -n "Enter the SRK fuse filename created by SRKTOOL/createSRKTable script > "
read SRKfuse
echo "Existing Hash from SRK tool in $SRKfuse file"
hexdump $SRKfuse
fi
|
