#!/bin/bash -e
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
binoutputdir="/media/data/output"
OUT_PATH="./out/target/product"
PROJECT_NAME="tb8788p1_64_bsp"
INPUT_DIR="/home/jenkins/ftp/input"
OUTPUT_DIR="/home/jenkins/ftp/output"
files_for_sign="
${INPUT_DIR}/boot.img
${INPUT_DIR}/dtbo.img
${INPUT_DIR}/logo.bin
${INPUT_DIR}/md1img.img
${INPUT_DIR}/recovery.img
${INPUT_DIR}/spmfw.img
${INPUT_DIR}/sspm.img
${INPUT_DIR}/tee.img
"
signed_files="
preloader_${PROJECT_NAME}.bin
lk-verified.img
boot-verified.img
dtbo-verified.img
logo-verified.bin
md1img-verified.img
recovery-verified.img
spmfw-verified.img
sspm-verified.img
tee-verified.img
"
function setup_cecure_key()
{
# echo "copy key"
# cp -f ${WORKSPACE}/../Santa_3301_SecureBootKey/* ${WORKSPACE}/vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/
echo "+++ copy oemkey.h to preloader and lk +++"
cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/oemkey.h vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/inc/
cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/oemkey.h vendor/mediatek/proprietary/bootable/bootloader/lk/target/${PROJECT_NAME}/inc/
echo "+++ copy dakey.h to preloader +++"
cp -r ${WORKSPACE}/../Santa_3301_SecureBootKey/dakey.h vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/inc/
echo "+++ kernel settings +++"
echo "CONFIG_MTK_SECURITY_SW_SUPPORT=y" >> kernel-4.4/arch/arm64/configs/${PROJECT_NAME}_debug_defconfig
echo "CONFIG_MTK_SECURITY_SW_SUPPORT=y" >> kernel-4.4/arch/arm64/configs/${PROJECT_NAME}_defconfig
}
function sign_image()
{
echo "+++ sign image +++"
python ./vendor/mediatek/proprietary/scripts/sign-image_v2/sign_flow.py mt6771 ${PROJECT_NAME} 2>&1 | tee signflow.log
}
function rebuild_perloader()
{
echo "+++ rebuild preloader +++"
source ./build/envsetup.sh
lunch ${LUNCH_OPTION}
cp -r vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/img_prvk.pem vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/security/chip_config/s/key
cp -r vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/root_prvk.pem vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/${PROJECT_NAME}/security/chip_config/s/key
make clean-preloader && make -j8 2>&1|tee build.log
echo "+++ generate cert1 and cert2 key +++"
python ./vendor/mediatek/proprietary/scripts/sign-image_v2/img_key_deploy.py mt6771 cert1_key_path=./vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/root_prvk.pem cert2_key_path=./vendor/mediatek/proprietary/scripts/sign-image_v2/der_extractor/img_prvk.pem root_key_padding=pss 2>&1 | tee SecureGen.log
echo "+++ rebuild preloader done +++"
}
function update_perloader()
{
echo "+++ update preloader +++"
git reset --hard HEAD
git pull
git log -1
echo "+++ update preloader done. +++"
}
function copy_input_image()
{
echo "+++ start copy image to out directiy ... +++"
for FILE in ${files_for_sign}; do
if [ -f "$FILE" ]; then
echo "copy $FILE to ${OUT_PATH}/${PROJECT_NAME}"
cp -af $FILE ${OUT_PATH}/${PROJECT_NAME}
else
echo "$FILE does not exist"
exit 1
fi
done
echo "+++ copy done, delete all input image ... +++"
rm -rf ${INPUT_DIR}/*
}
function copy_output_image()
{
echo "+++ clean output dir ... +++"
rm -rf ${OUTPUT_DIR}/*
cd ${OUT_PATH}/${PROJECT_NAME}
for f in ${signed_files}; do
echo "copy $f to ${OUTPUT_DIR}"
cp -a $f ${OUTPUT_DIR}
done
cd ${WORKSPACE}
echo "+++ copy auth_sv5.auth to ${OUTPUT_DIR} +++"
cp -a ${WORKSPACE}/ckt_sec_tools/auth_sv5.auth ${OUTPUT_DIR}
echo "+++ copy MTK_AllInOne_DA-resing.bin to ${OUTPUT_DIR} +++"
cp -a ${WORKSPACE}/ckt_sec_tools/MTK_AllInOne_DA-resing.bin ${OUTPUT_DIR}
echo "+++ copy output done. +++"
}
cd ${WORKSPACE}
if [ "$(ls -A $INPUT_DIR)" ]; then
echo "=== $INPUT_DIR is not Empty ==="
if [ "$UPDATE_PERLOADER" == "true" ];then
update_perloader
setup_cecure_key
rebuild_perloader
fi
copy_input_image
sign_image
copy_output_image
echo "=== sign image done. ==="
else
echo "=== $INPUT_DIR is Empty, do nothing. ==="
fi
cd ${WORKSPACE}