MTK 平台IMG 签名流程

#!/bin/bash -e
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64

binoutputdir="/media/data/output"
OUT_PATH="./out/target/product"
PROJECT_NAME="tb8788p1_64_bsp"
INPUT_DIR="/home/jenkins/ftp/input"
OUTPUT_DIR="/home/jenkins/ftp/output"

files_for_sign="
${INPUT_DIR}/boot.img
${INPUT_DIR}/dtbo.img
${INPUT_DIR}/logo.bin
${INPUT_DIR}/md1img.img
${INPUT_DIR}/recovery.img
${INPUT_DIR}/spmfw.img
${INPUT_DIR}/sspm.img
${INPUT_DIR}/tee.img
"
signed_files="
preloader_${PROJECT_NAME}.bin
lk-verified.img
boot-verified.img
dtbo-verified.img
logo-verified.bin
md1img-verified.img
recovery-verified.img
spmfw-verified.img
sspm-verified.img
tee-verified.img
"

function setup_cecure_key()
{
#  echo "copy key"
#  cp -f ${WORKSPACE}/../Santa_3301_SecureBootKey/* ${WORKSPACE}/vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/
  
  echo "+++  copy oemkey.h to preloader and lk  +++"
  cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/oemkey.h vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/inc/
  cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/oemkey.h vendor/mediatek/proprietary/bootable/bootloader/lk/target/${PROJECT_NAME}/inc/
  
  echo "+++  copy dakey.h to preloader  +++"
  cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/dakey.h vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/inc/
  
  echo "+++  kernel settings  +++"
  echo "CONFIG_MTK_SECURITY_SW_SUPPORT=y" >> kernel-4.4/arch/arm64/configs/${PROJECT_NAME}_debug_defconfig
  echo "CONFIG_MTK_SECURITY_SW_SUPPORT=y" >> kernel-4.4/arch/arm64/configs/${PROJECT_NAME}_defconfig

}

function sign_image()
{
  echo "+++  sign image  +++"
  python ./vendor/mediatek/proprietary/scripts/sign-image_v2/sign_flow.py mt6771 ${PROJECT_NAME} 2>&1 | tee signflow.log

}

function rebuild_perloader()
{
  echo "+++  rebuild preloader  +++"

  source ./build/envsetup.sh

  lunch ${LUNCH_OPTION}

  cp -r vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/img_prvk.pem vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/security/chip_config/s/key
  cp -r vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/root_prvk.pem vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/security/chip_config/s/key
  make clean-preloader && make -j8 2>&1|tee build.log

  echo "+++  generate cert1 and cert2 key  +++"
  python ./vendor/mediatek/proprietary/scripts/sign-image_v2/img_key_deploy.py mt6771 cert1_key_path=./vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/root_prvk.pem cert2_key_path=./vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/img_prvk.pem root_key_padding=pss 2>&1 | tee SecureGen.log

  echo "+++  rebuild preloader done +++"
}

function update_perloader()
{
  echo "+++  update preloader  +++"
  git reset --hard HEAD
  git pull
  git log -1
  echo "+++  update preloader done.  +++"
}

function copy_input_image()
{
    echo "+++  start copy image to out directiy ...  +++"
    for FILE in ${files_for_sign}; do
      if [ -f "$FILE" ]; then
        echo "copy $FILE to ${OUT_PATH}/${PROJECT_NAME}"
        cp -af $FILE ${OUT_PATH}/${PROJECT_NAME}
      else
        echo "$FILE does not exist"
        exit 1
      fi
    done
    
    echo "+++  copy done, delete all input image ...  +++"
    rm -rf ${INPUT_DIR}/*
}


function copy_output_image()
{
    echo "+++  clean output dir ...  +++"
    rm -rf ${OUTPUT_DIR}/*

    cd ${OUT_PATH}/${PROJECT_NAME}
    for f in ${signed_files}; do
      echo "copy $f to ${OUTPUT_DIR}"
      cp -a $f ${OUTPUT_DIR}
    done

    cd ${WORKSPACE}

    echo "+++  copy auth_sv5.auth to ${OUTPUT_DIR}  +++"
    cp -a ${WORKSPACE}/ckt_sec_tools/auth_sv5.auth ${OUTPUT_DIR}

    echo "+++  copy MTK_AllInOne_DA-resing.bin to ${OUTPUT_DIR}  +++"
    cp -a ${WORKSPACE}/ckt_sec_tools/MTK_AllInOne_DA-resing.bin ${OUTPUT_DIR}

    echo "+++  copy output done.  +++"
}

cd ${WORKSPACE}

if [ "$(ls -A $INPUT_DIR)" ]; then
     echo "===  $INPUT_DIR is not Empty  ==="

     if [ "$UPDATE_PERLOADER" == "true" ];then
         update_perloader
         setup_cecure_key
         rebuild_perloader
     fi

     copy_input_image

     sign_image
     
     copy_output_image
     echo "===  sign image done.  ==="
else
    echo "===  $INPUT_DIR is Empty, do nothing.  ==="
fi

cd ${WORKSPACE}

  • 1
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 1
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值