forked from u-boot/u-boot
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
binman: ti-secure: Add support for TI signing
Add support Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
- Loading branch information
Neha Malcom Francis
committed
Mar 24, 2023
1 parent
a0799fa
commit ea7413e
Showing
5 changed files
with
552 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIJKQIBAAKCAgEAvxSuSdh/ctNrI83rSA5l3CJN8g5PgvbttfLd23yR+m5Z/9X3 | ||
tt4EHYrM0pXZ0eDEwfhQv/9IDJEiUJpMe4vzlgooJrOk2eCpVUEa+z5bJ2y/ysBx | ||
ry9yIu5GASVirT7HBPaxGLYswBJuD+KbPuWmoKgGRQNBF04WH6l01oRO1nmnELgR | ||
qQ6SHyXdf7Hy0bnyaNgzWUuCfXfM0Zz6I7T7WIjyzerVFvIsdS36YsPBCW7gBnDg | ||
tQcJmWLZ1uTnbG3IggdQk/fi2O3RX+PQns+TVNlf3V3ON2DxqxSKBHtlp7p/30VF | ||
fEuhW65OxpQ9jE6H0pQ8pPOf2vzyNnznDa1aQjfxKoHQbqGnZwMeh+0Au3NKaCgx | ||
ooKaowTB6If/RX6qwZ/UOwXHg/0hcf69fzjJFhlSDuYDM40dHsk2HM1OnYIpiM2b | ||
Kr5sX3uysjp5AGp99a0anR7NWCrPXvROgKs7T9341N40osQg2VkZLYUCXh9osUyN | ||
uREG6S12tViMUKg3bmZ4b4MwRk00n7QYSrm7+nvFrtYyEISEbD+agDM1/E281W5g | ||
VFDPfm2AlwT6jwsg/b2YK6E3vVn9SuxFoQmLF8lyFDO3BV4SXeJaHc4hVPbh6tVV | ||
qifrTQnfGUCCLmaJF2XZbrPWOE6NYRbWdNTeFl9RGdVCuIPSyN5LqWmXto0CAwEA | ||
AQKCAgAzkAwcJ0z1GnId/lJQZno8NhGckRoJuEKbR8dwlCP8VUz6Ca5H7Y9kvXDa | ||
Hs/hn+rYgP6hYOz7XyrIX2rmJ/T6dxEwqGeC1+o59FConcIRWHpE5zuGT6JYJL5F | ||
TuZa48bm4v8VMQvQZOjIZpkIFwao8c6HTwKAnHTB5IN/48I2hCt+Cn3RhfoOZ7Rm | ||
4gkpaSkt+7GXlhXHb82YfujNO+hbktEamhUYlQ9EK70Wa8aqmf3gHxO0JgsEFjW8 | ||
lJaSnultlTW8SDcx3LMUUjCYumECk4oX/VlJfmKYjPlVjkr3QQ+Cm3nNucb4K4hc | ||
c+JL+2ERhSj8RjXL7VgbNgdPnIjvQDJuTNqecTU8xWPYrkOLQpNibbLjnutLkhJz | ||
fMyRtmDtrsey8WiCDuCHkPJ8/f8RjL2zWI9fzTDDIzdlEKouUFGOovaHVnbua6pn | ||
hymcu9d9FV3p2rcbj0ivCs7e8j+vhSxFJEJoAbcQdXCTi/n2uR7pLtoMNiUzsejy | ||
d46Uz+KEU920NTwE2z6JJq8I2vegnxjc7PDDrV3/5rK04B93aXiqvwWseCpxelrI | ||
xaMkRHbXrIXRO6MXQ3N+zNq8Dg3hjGTTvaBKuwgvqLwlXY8+Aa3ooFzEOInIOSsI | ||
XcWqXxt/tgZgsj9RwpC42t8kbA+BkbNk9EIUa+P5kEr2P/fO7QKCAQEA4EtArnOX | ||
D6tQF8uTw8USOZC2P9s/ez1z4jRq3oKP0Kv4tJiuIObJ/dUvGVD7aM5v2xaCfhm8 | ||
xpk09VPUgghfG5jR5qVvQr75kCNToJQudWi4ngk1HwKJzzTO11giFEdybvTUA+Pj | ||
fmxCM0dYYqRWZoj0hLqXlUCwxE74BFIhJVjeYbf+nTQrqpllTLoW7MTZHzGx5SXx | ||
4dNzyVAUH49Yt2D8mgXXCkf5sGLh762wj34b/rR10Kr4O5utGMZrfTRIbuQ1pNjU | ||
m66baPzq+mC0BzqZEW70TgEb7lOr8rcVXLOi3r36omfd9/MHx7iZD6o3K1axSO15 | ||
grD4ZrN7Ac3QJwKCAQEA2heCoBdpvy6YUk8AO2k8qDygTdmPQRuwjjT+Z2fMslBt | ||
D7DkpKwZ6Bl9OclcpiiLHmH+hv65KqYg+tR0RRb7PcogB9El9x7yKkGTPZEYWGky | ||
n8P84rJpKwjnwWQvPQktI1cs3YGvZA9DQTFBavRrwuzgd1oSJq5aPQ2tme0kMvWp | ||
l1/B/cPK+PKCi/Wfisaze1TjijP9qIeUwkdNN6WLrLU3QgsGppcg2I7RQtAIikT6 | ||
GkuiOQAvWMsrJVV6PNrVKz4fJDJ59Rz6jbDHZNi1MEYNxQoB/Pl7QIakbfjWpHLv | ||
8Ey7cB2JKxjQy8tmyl8WNQVbXbE6daPXcMTUmaRAKwKCAQBv1lYMJmq+T2eCVen6 | ||
BbvOpE+bi5EdvEiaFBTtmiBnpjg+pJq+oRU60h/H+c9CNR0lGxY6Fk9An4f+g6xE | ||
ojP6KLsQzJCrsVny+wpp2TlJJcxYULMCIVvhy60PR0zG29E9biqBPhJjKUvhEcQK | ||
e3LxcXyq6fdHXphFajLUxLbuTl+kTgBRFoBnclFGbsubh5PTsA3J+p+fQLZNPPar | ||
veg4l82cZykQYU8pGkUaI3sUMYd3+zd7sqRP5JHs9pMGPRmY4YW2CsAIWIn5UZNB | ||
ARMDP76vKKn8cyUgMuxb+9pU/OVLN2NPs4bEaZQJjAwV+YPEwldny7F47xEM9JVz | ||
EtKlAoIBAQDUt62u3GdGE/p5/ZgqWoDRTyDEDfmN9aYFbmbdEP80xQE7FrxMaZhz | ||
K7laja6SWmUm40nQ/c45bQQp4uLtKHcxU15egX7YRBTLZl5o5IasZR79ebnEm2O8 | ||
l9kEZeU1USf3mmWmP4GExOZCRfqaiYA6BbUCdJXTqKdXeWnkAssV8UrS3JFoJHpq | ||
yo7OWGqefyQ8nRW6jO9SW7uaqtUD+7H6aF5XSk3YWvusfdBZrHNH+fM/hpnZovaL | ||
Us7ogTDS/laA8PyK37jYfMVdQhmZoU1Iomt3zkUWK3gt/aWPpfAlQf4Jka4YspZB | ||
tNiijefaZ1hPqsPs5Joyd/YAhdsfaHc1AoIBAQCn/9j6RRjRaw0ip756oad4AXHz | ||
XBwVB2CrY96qT6Hj9Sq7tGgdskqGkOQkAivBLBizUdcWv0t1yenOsSgasQeMlvlh | ||
B8md9cLvpKXPB3HM3rTDH/xNXe0TpVKLf7SXC8HfDyIweHwMW3QgO2DWrvI4BV/T | ||
ckBatRNQ90HxkqGFhC/Mp529lQlyg3ifxPxJsvZOyPMUnrflAvsKQk5c2ZiQg3nZ | ||
h7I2pjSYgCl+Ib52l8p9bf1kcrVGgPM+auzm496i0RPobFeDBoBvSoznJktHJ7+3 | ||
NnZH+jLiZCODiQPGtQUi+T6eIZUIJF0YASpsCCtUzXCxwW3lYIDNy7UlMivF | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog | ||
8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e | ||
QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB | ||
AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho | ||
k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey | ||
bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0 | ||
RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR | ||
iCrL55cxEM146zMw3AnF | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
# SPDX-License-Identifier: GPL-2.0+ | ||
# Copyright 20 | ||
# Written by Neha Malcom Francis <n-francis@ti.com> | ||
# | ||
|
||
# Support for generating x509 certificate to binary for K3 devices | ||
|
||
from collections import OrderedDict | ||
import os | ||
|
||
from binman.entry import EntryArg | ||
from binman.etype.x509_cert import Entry_x509_cert | ||
|
||
import hashlib | ||
|
||
from dtoc import fdt_util | ||
from u_boot_pylib import tools | ||
|
||
class Entry_ti_secure(Entry_x509_cert): | ||
def __init__(self, section, etype, node): | ||
super().__init__(section, etype, node) | ||
self.openssl = None | ||
|
||
def ReadNode(self): | ||
super().ReadNode() | ||
self.key_fname = self.GetEntryArgsOrProps([ | ||
EntryArg('keyfile', str)], required=True)[0] | ||
self.sha = fdt_util.GetInt(self._node, 'sha', 512) | ||
|
||
def GetCertificate(self, required): | ||
"""Generate certificate for contents of this entry | ||
Args: | ||
required: True if the data must be present, False if it is OK to | ||
return None | ||
Returns: | ||
bytes content of the entry, which is the certificate for the | ||
provided data | ||
""" | ||
# Join up the data files to be signed | ||
input_data = self.GetContents(required) | ||
if input_data is None: | ||
return None | ||
|
||
uniq = self.GetUniqueName() | ||
output_fname = tools.get_output_filename('cert.%s' % uniq) | ||
input_fname = tools.get_output_filename('input.%s' % uniq) | ||
config_fname = tools.get_output_filename('config.%s' % uniq) | ||
tools.write_file(input_fname, input_data) | ||
|
||
indata = tools.read_file(input_fname) | ||
hashval = hashlib.sha512(indata).hexdigest() | ||
imagesize = len(indata) | ||
|
||
swrev = 1 | ||
|
||
with open(config_fname, 'w', encoding='utf-8') as outf: | ||
print(f''' | ||
[ req ] | ||
distinguished_name = req_distinguished_name | ||
x509_extensions = v3_ca | ||
prompt = no | ||
dirstring_type = nobmp | ||
[ req_distinguished_name ] | ||
C = US | ||
ST = TX | ||
L = Dallas | ||
O = Texas Instruments Incorporated | ||
OU = Processors | ||
CN = TI Support | ||
emailAddress = support@ti.com | ||
[ v3_ca ] | ||
basicConstraints = CA:true | ||
1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv | ||
1.3.6.1.4.1.294.1.34 = ASN1:SEQUENCE:sysfw_image_integrity | ||
1.3.6.1.4.1.294.1.35 = ASN1:SEQUENCE:sysfw_image_load | ||
[ swrv ] | ||
swrv = INTEGER:{swrev} | ||
[ sysfw_image_integrity ] | ||
shaType = OID:2.16.840.1.101.3.4.2.3 | ||
shaValue = FORMAT:HEX,OCT:{hashval} | ||
imageSize = INTEGER:{imagesize} | ||
[ sysfw_image_load ] | ||
destAddr = FORMAT:HEX,OCT:00000000 | ||
authInPlace = INTEGER:2 | ||
''', file=outf) | ||
stdout = self.openssl.x509_cert_custom( | ||
cert_fname=output_fname, | ||
key_fname=self.key_fname, | ||
config_fname=config_fname, | ||
sha=self.sha) | ||
if stdout is not None: | ||
data = tools.read_file(output_fname) | ||
else: | ||
# Bintool is missing; just use 4KB of zero data | ||
self.record_missing_bintool(self.openssl) | ||
data = tools.get_bytes(0, 4096) | ||
return data | ||
|
||
def ObtainContents(self): | ||
data = self.GetCertificate(False) | ||
if data is None: | ||
return False | ||
self.SetContents(data) | ||
return True | ||
|
||
def ProcessContents(self): | ||
# The blob may have changed due to WriteSymbols() | ||
data = self.GetCertificate(True) | ||
return self.ProcessContentsUpdate(data) | ||
|
||
def AddBintools(self, btools): | ||
super().AddBintools(btools) | ||
self.openssl = self.AddBintool(btools, 'openssl') |
Oops, something went wrong.