[PATCH v2 01/33] scripts/k3img: make more flexible

Sascha Hauer s.hauer at pengutronix.de
Thu Jun 5 05:42:26 PDT 2025 

We had a template for the certificate in which each component has a
certain name and the file to use for each component was specified using
different options (--sysfw, --sysfwdata, --dmdata, --sbl and
--innerdata). All components have the same format and the name doesn't
matter. Instead of supporting different options just take a list of
components as input of the tool. Each component can be specified like:

filename:compType:bootCore:compOpts:destAddr

This not only makes the tool easier to follow, but also lets us specify
the compType, bootCore and compOpts options which need different values
for different SoCs.

While at it add support for the --help option.

Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
 images/Makefile.k3 |  12 ++--
 scripts/k3img      | 182 ++++++++++++++++++++---------------------------------
 2 files changed, 77 insertions(+), 117 deletions(-)

diff --git a/images/Makefile.k3 b/images/Makefile.k3
index d9b0af8d67b49569283d35ce0ec1792897654c57..c03ce7acc3152bacfcd7c3c8bf953c2214aaa42a 100644
--- a/images/Makefile.k3
+++ b/images/Makefile.k3
@@ -63,12 +63,16 @@ endif
 quiet_cmd_k3_image = K3IMG   $@
       cmd_k3_image = \
 		if [ -n "$(INNERDATA_$(@F))" ]; then				\
-			inner="--innerdata $(INNERDATA_$(@F))";			\
+			inner="$(INNERDATA_$(@F)):3:0:0:00000000";		\
 		fi;								\
 										\
-		$(srctree)/scripts/k3img --sysfw $(SYSFW_$(@F))			\
-		--sysfwdata $(SYSFWDATA_$(@F)) --dmdata $(DMDATA_$(@F))		\
-		--key $(KEY_$(@F)) $$inner --sbl $< --out $@
+		$(srctree)/scripts/k3img					\
+			$<:1:16:0:43c00000					\
+			$(SYSFW_$(@F)):2:0:0:00040000				\
+			$(SYSFWDATA_$(@F)):18:0:0:00067000			\
+			$$inner							\
+			$(DMDATA_$(@F)):17:16:0:43c3a800			\
+			--key $(KEY_$(@F)) --out $@
 
 $(obj)/%.k3img: $(obj)/% scripts/k3img FORCE
 	$(call if_changed,k3_image)
diff --git a/scripts/k3img b/scripts/k3img
index a514852fcdf6369c33b1e291b59c121badc6f4bd..1f2a34e1c4842171488f2d02a4c5722e4e3f94c2 100755
--- a/scripts/k3img
+++ b/scripts/k3img
@@ -2,7 +2,9 @@
 
 set -e
 
-TEMP=$(getopt -o '' --long 'sysfw:,sysfwdata:,dmdata:,out:,sbl:,key:,innerdata:' -n 'k3img' -- "$@")
+bootcore_opts=0
+
+TEMP=$(getopt -o '' --long 'out:,key:,help' -n 'k3img' -- "$@")
 
 if [ $? -ne 0 ]; then
 	echo 'Terminating...' >&2
@@ -13,47 +15,38 @@ fi
 eval set -- "$TEMP"
 unset TEMP
 
+usage() {
+cat <<EndOfHereDocument
+Generate certificate images suitable for booting TI K3 SoCs.
+
+usage: $0 [OPTION]... [COMPONENT]...
+  --out <FILE>		write output image to <FILE>
+  --key <KEYFILE>	signing key
+  --help		this help
+
+Components have the form:
+
+filename:compType:bootCore:compOpts:destAddr
+
+For the meaning of compType, bootCore and compOpts see the Reference Manual
+EndOfHereDocument
+}
+
 while true; do
         case "$1" in
-        '--sysfw')
-		sysfw="$2"
-		shift 2
-		continue
-	;;
-        '--sysfwdata')
-		sysfwdata="$2"
-		shift 2
-		continue
-	;;
-        '--sysfw')
-		sysfw="$2"
-		shift 2
-		continue
-	;;
-        '--dmdata')
-		dmdata="$2"
-		shift 2
-		continue
-	;;
 	'--out')
 		out="$2"
 		shift 2
 		continue
 	;;
-	'--sbl')
-		sbl="$2"
-		shift 2
-		continue
-	;;
 	'--key')
 		key="$2"
 		shift 2
 		continue
 	;;
-	'--innerdata')
-		innerdata="$2"
-		shift 2
-		continue
+	'--help')
+		usage
+		exit 0
 	;;
 	'--')
 		shift
@@ -66,46 +59,57 @@ while true; do
 	esac
 done
 
-shasbl=$(sha512sum $sbl | sed 's/ .*//')
-shasysfw=$(sha512sum $sysfw | sed 's/ .*//')
-shasysfwdata=$(sha512sum $sysfwdata | sed 's/ .*//')
-shadmdata=$(sha512sum $dmdata | sed 's/ .*//')
+total=0
+num_comp=0
 
-sblsize=$(stat -c%s $sbl)
-sysfwsize=$(stat -c%s $sysfw)
-sysfwdatasize=$(stat -c%s $sysfwdata)
-dmdatasize=$(stat -c%s $dmdata)
-
-total=$(($sblsize + $sysfwsize + $sysfwdatasize + $dmdatasize))
-
-TMPDIR="$(mktemp -d)"
 trap 'rm -rf -- "$TMPDIR"' EXIT
+TMPDIR="$(mktemp -d)"
 
-certcfg=${TMPDIR}/certcfg
-cert=${TMPDIR}/cert
+components=${TMPDIR}/components
+ext_boot_info=${TMPDIR}/ext_boot_info
+data=${TMPDIR}/data
+
+for i in $*; do
+	filename=$(echo "$i" | cut -d ":" -f 1)
+	compType=$(echo "$i" | cut -d ":" -f 2)
+	bootCore=$(echo "$i" | cut -d ":" -f 3)
+	compOpts=$(echo "$i" | cut -d ":" -f 4)
+	destAddr=$(echo "$i" | cut -d ":" -f 5)
 
-num_comp=4
+	sha=$(sha512sum $filename | sed 's/ .*//')
+	size=$(stat -c%s $filename)
 
-if [ -n "${innerdata}" ]; then
-	shainnerdata=$(sha512sum $innerdata | sed 's/ .*//')
-	innerdatasize=$(stat -c%s $innerdata)
+	total=$((total + size))
+	num_comp=$((num_comp + 1))
 
-	innercert=$(cat <<EOF
-[sysfw_inner_cert]
-compType = INTEGER:3
-bootCore = INTEGER:0
-compOpts = INTEGER:0
-destAddr = FORMAT:HEX,OCT:00000000
-compSize = INTEGER:$innerdatasize
+	cat >> $components <<EndOfHereDocument
+[comp$num_comp]
+compType = INTEGER:$compType
+bootCore = INTEGER:$bootCore
+compOpts = INTEGER:$compOpts
+destAddr = FORMAT:HEX,OCT:$destAddr
+compSize = INTEGER:$size
 shaType  = OID:2.16.840.1.101.3.4.2.3
-shaValue = FORMAT:HEX,OCT:$shainnerdata
-EOF
-)
+shaValue = FORMAT:HEX,OCT:$sha
 
-	num_comp=$((num_comp + 1))
-	total=$((total + innerdatasize))
-	sysfw_inner_cert="sysfw_inner_cert=SEQUENCE:sysfw_inner_cert"
-fi
+EndOfHereDocument
+
+	echo "comp$num_comp = SEQUENCE:comp$num_comp" >> $ext_boot_info
+	cat $filename >> $data
+done
+
+echo >> $ext_boot_info
+
+cat >> $components <<EndOfHereDocument
+[ debug ]
+debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
+debugType = INTEGER:4
+coreDbgEn = INTEGER:0
+coreDbgSecEn = INTEGER:0
+EndOfHereDocument
+
+certcfg=${TMPDIR}/certcfg
+cert=${TMPDIR}/cert
 
 cat > $certcfg <<EndOfHereDocument
 [ req ]
@@ -135,58 +139,10 @@ swrv=INTEGER:1
 [ext_boot_info]
 extImgSize=INTEGER:$total
 numComp=INTEGER:$num_comp
-sbl=SEQUENCE:sbl
-sysfw=SEQUENCE:sysfw
-sysfw_data=SEQUENCE:sysfw_data
-$sysfw_inner_cert
-dm_data=SEQUENCE:dm_data
-
-[sbl]
-compType = INTEGER:1
-bootCore = INTEGER:16
-compOpts = INTEGER:0
-destAddr = FORMAT:HEX,OCT:43c00000
-compSize = INTEGER:$sblsize
-shaType  = OID:2.16.840.1.101.3.4.2.3
-shaValue = FORMAT:HEX,OCT:$shasbl
-
-[sysfw]
-compType = INTEGER:2
-bootCore = INTEGER:0
-compOpts = INTEGER:0
-destAddr = FORMAT:HEX,OCT:00040000
-compSize = INTEGER:$sysfwsize
-shaType  = OID:2.16.840.1.101.3.4.2.3
-shaValue = FORMAT:HEX,OCT:$shasysfw
-
-[sysfw_data]
-compType = INTEGER:18
-bootCore = INTEGER:0
-compOpts = INTEGER:0
-destAddr = FORMAT:HEX,OCT:00067000
-compSize = INTEGER:$sysfwdatasize
-shaType  = OID:2.16.840.1.101.3.4.2.3
-shaValue = FORMAT:HEX,OCT:$shasysfwdata
-
-[ debug ]
-debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
-debugType = INTEGER:4
-coreDbgEn = INTEGER:0
-coreDbgSecEn = INTEGER:0
-
-$innercert
-
-[dm_data]
-compType = INTEGER:17
-bootCore = INTEGER:16
-compOpts = INTEGER:0
-destAddr = FORMAT:HEX,OCT:43c3a800
-compSize = INTEGER:$dmdatasize
-shaType  = OID:2.16.840.1.101.3.4.2.3
-shaValue = FORMAT:HEX,OCT:$shadmdata
-
 EndOfHereDocument
 
+cat $ext_boot_info $components >> $certcfg
+
 openssl req -new -x509 -key $key -nodes -outform DER -out $cert -config $certcfg -sha512
 
-cat $cert $sbl $sysfw $sysfwdata $innerdata $dmdata > $out
+cat $cert $data > $out

-- 
2.39.5

More information about the barebox mailing list