Deepa Dinamani | 0e5038f | 2013-05-16 15:02:16 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2007, Google Inc. |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * Copyright (c) 2009-2011, The Linux Foundation. All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in |
| 14 | * the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google, Inc. nor the names of its contributors |
| 17 | * may be used to endorse or promote products derived from this |
| 18 | * software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 23 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 24 | * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 25 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| 26 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS |
| 27 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
| 28 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| 29 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| 30 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | * SUCH DAMAGE. |
| 32 | */ |
| 33 | |
| 34 | #include <stdio.h> |
| 35 | #include <stdlib.h> |
| 36 | #include <unistd.h> |
| 37 | #include <fcntl.h> |
| 38 | #include <string.h> |
| 39 | |
| 40 | #include <sys/stat.h> |
| 41 | |
| 42 | int print_usage() |
| 43 | { |
| 44 | fprintf(stderr, "usage: mkheader <bin> <hdr> <none|unified-boot>\n"); |
| 45 | fprintf(stderr, " mkheader <bin> <hdr> <unsecure-boot>" |
| 46 | " <outbin>\n"); |
| 47 | fprintf(stderr, " mkheader <bin> <hdr> <secure-boot> <outbin>" |
| 48 | " <maxsize>\n"); |
| 49 | fprintf(stderr, " mkheader <bin> <hdr> <secure-boot> <outbin>" |
| 50 | " <maxsize> <certchain> <files...>\n\n"); |
| 51 | fprintf(stderr, "bin: Input raw appsbl binary\n"); |
| 52 | fprintf(stderr, |
| 53 | "hdr: Output of appsbl header location\n"); |
| 54 | fprintf(stderr, |
| 55 | "outbin: Output of the signed or unsigned" |
| 56 | " apps boot location\n"); |
| 57 | fprintf(stderr, |
| 58 | "maxsize: Maximum size for certificate" " chain\n"); |
| 59 | fprintf(stderr, |
| 60 | "certchain: Output of the certchain location\n"); |
| 61 | fprintf(stderr, |
| 62 | "files: Input format <bin signature>" |
| 63 | " <certifcate file(s) for certificate chain>...\n"); |
| 64 | fprintf(stderr, |
| 65 | "certificate chain: Files will be concatenated in order" |
| 66 | " to create the certificate chain\n\n"); |
| 67 | return -1; |
| 68 | } |
| 69 | |
| 70 | int cat(FILE * in, FILE * out, unsigned size, unsigned buff_size) |
| 71 | { |
| 72 | unsigned bytes_left = size; |
| 73 | char buf[buff_size]; |
| 74 | int ret = 0; |
| 75 | |
| 76 | while (bytes_left) { |
| 77 | fread(buf, sizeof(char), buff_size, in); |
| 78 | if (!feof(in)) { |
| 79 | bytes_left -= fwrite(buf, sizeof(char), buff_size, out); |
| 80 | } else |
| 81 | bytes_left = 0; |
| 82 | } |
| 83 | ret = ferror(in) | ferror(out); |
| 84 | if (ret) |
| 85 | fprintf(stderr, "ERROR: Occured during file concatenation\n"); |
| 86 | return ret; |
| 87 | } |
| 88 | |
| 89 | int main(int argc, char *argv[]) |
| 90 | { |
| 91 | struct stat s; |
| 92 | unsigned size, base; |
| 93 | int unified_boot = 0; |
| 94 | unsigned unified_boot_magic[20]; |
| 95 | unsigned non_unified_boot_magic[10]; |
| 96 | unsigned magic_len = 0; |
| 97 | unsigned *magic; |
| 98 | unsigned cert_chain_size = 0; |
| 99 | unsigned signature_size = 0; |
| 100 | int secure_boot = 0; |
| 101 | int fd; |
| 102 | |
| 103 | if (argc < 3) { |
| 104 | return print_usage(); |
| 105 | } |
| 106 | |
| 107 | if (argc == 4) { |
| 108 | if (!strcmp("unified-boot", argv[3])) { |
| 109 | unified_boot = 1; |
| 110 | } else if (!strcmp("secure-boot", argv[3])) { |
| 111 | fprintf(stderr, |
| 112 | "ERROR: Missing arguments: [outbin maxsize] |" |
| 113 | " [outbin, maxsize, certchain," |
| 114 | " signature + certifcate(s)]\n"); |
| 115 | return print_usage(); |
| 116 | } else if (!strcmp("unsecure-boot", argv[3])) { |
| 117 | fprintf(stderr, "ERROR: Missing arguments:" |
| 118 | " outbin directory\n"); |
| 119 | return print_usage(); |
| 120 | } |
| 121 | } |
| 122 | |
| 123 | if (argc > 4) { |
| 124 | if (!strcmp("secure-boot", argv[3])) { |
| 125 | if (argc < 9 && argc != 6) { |
| 126 | fprintf(stderr, |
| 127 | "ERROR: Missing argument(s):" |
| 128 | " [outbin maxsize] | [outbin, maxsize," |
| 129 | " certchain," |
| 130 | " signature + certifcate(s)]\n"); |
| 131 | return print_usage(); |
| 132 | } |
| 133 | secure_boot = 1; |
| 134 | signature_size = 256; //Support SHA 256 |
| 135 | cert_chain_size = atoi(argv[5]); |
| 136 | } |
| 137 | } |
| 138 | |
| 139 | if (stat(argv[1], &s)) { |
| 140 | perror("cannot stat binary"); |
| 141 | return -1; |
| 142 | } |
| 143 | |
| 144 | if (unified_boot) { |
| 145 | magic = unified_boot_magic; |
| 146 | magic_len = sizeof(unified_boot_magic); |
| 147 | } else { |
| 148 | magic = non_unified_boot_magic; |
| 149 | magic_len = sizeof(non_unified_boot_magic); |
| 150 | } |
| 151 | |
| 152 | size = s.st_size; |
| 153 | #if MEMBASE |
| 154 | base = MEMBASE; |
| 155 | #else |
| 156 | base = 0; |
| 157 | #endif |
| 158 | |
| 159 | printf("Image Destination Pointer: 0x%x\n", base); |
| 160 | |
| 161 | magic[0] = 0x00000005; /* appsbl */ |
| 162 | magic[1] = 0x00000003; //Flash_partition_version /* nand */ |
| 163 | magic[2] = 0x00000000; //image source pointer |
| 164 | magic[3] = base; //image destination pointer |
| 165 | magic[4] = size + cert_chain_size + signature_size; //image size |
| 166 | magic[5] = size; //code size |
| 167 | magic[6] = base + size; |
| 168 | magic[7] = signature_size; |
| 169 | magic[8] = size + base + signature_size; |
| 170 | magic[9] = cert_chain_size; |
| 171 | |
| 172 | if (unified_boot == 1) { |
| 173 | magic[10] = 0x33836685; /* cookie magic number */ |
| 174 | magic[11] = 0x00000001; /* cookie version */ |
| 175 | magic[12] = 0x00000002; /* file formats */ |
| 176 | magic[13] = 0x00000000; |
| 177 | magic[14] = 0x00000000; /* not setting size for boot.img */ |
| 178 | magic[15] = 0x00000000; |
| 179 | magic[16] = 0x00000000; |
| 180 | magic[17] = 0x00000000; |
| 181 | magic[18] = 0x00000000; |
| 182 | magic[19] = 0x00000000; |
| 183 | } |
| 184 | |
| 185 | fd = open(argv[2], O_WRONLY | O_CREAT | O_TRUNC, 0644); |
| 186 | if (fd < 0) { |
| 187 | perror("cannot open header for writing"); |
| 188 | return -1; |
| 189 | } |
| 190 | if (write(fd, magic, magic_len) != magic_len) { |
| 191 | perror("cannot write header"); |
| 192 | close(fd); |
| 193 | unlink(argv[2]); |
| 194 | return -1; |
| 195 | } |
| 196 | close(fd); |
| 197 | |
| 198 | if (secure_boot && argc > 6) { |
| 199 | FILE *input_file; |
| 200 | FILE *output_file; |
| 201 | unsigned buff_size = 1; |
| 202 | char buf[buff_size]; |
| 203 | unsigned bytes_left; |
| 204 | unsigned current_cert_chain_size = 0; |
| 205 | int padding_size = 0; |
| 206 | int i; |
| 207 | |
| 208 | if ((output_file = fopen(argv[6], "wb")) == NULL) { |
| 209 | perror("ERROR: Occured during fopen"); |
| 210 | return -1; |
| 211 | } |
| 212 | printf("Certificate Chain Output File: %s\n", argv[6]); |
| 213 | |
| 214 | for (i = 8; i < argc; i++) { |
| 215 | if ((input_file = fopen(argv[i], "rb")) == NULL) { |
| 216 | perror("ERROR: Occured during fopen"); |
| 217 | return -1; |
| 218 | } |
| 219 | stat(argv[i], &s); |
| 220 | bytes_left = s.st_size; |
| 221 | current_cert_chain_size += bytes_left; |
| 222 | if (cat(input_file, output_file, bytes_left, buff_size)) |
| 223 | return -1; |
| 224 | fclose(input_file); |
| 225 | } |
| 226 | |
| 227 | //Pad certifcate chain to the max expected size from input |
| 228 | memset(buf, 0xFF, sizeof(buf)); |
| 229 | padding_size = cert_chain_size - current_cert_chain_size; |
| 230 | |
| 231 | if (padding_size < 0) { |
| 232 | fprintf(stderr, "ERROR: Input certificate chain" |
| 233 | " (Size=%d) is larger than the maximum" |
| 234 | " specified (Size=%d)\n", |
| 235 | current_cert_chain_size, cert_chain_size); |
| 236 | return -1; |
| 237 | } |
| 238 | |
| 239 | bytes_left = (padding_size > 0) ? padding_size : 0; |
| 240 | while (bytes_left) { |
| 241 | if (!ferror(output_file)) |
| 242 | bytes_left -= fwrite(buf, |
| 243 | sizeof(buf), |
| 244 | buff_size, output_file); |
| 245 | else { |
| 246 | fprintf(stderr, "ERROR: Occured during" |
| 247 | " certifcate chain padding\n"); |
| 248 | return -1; |
| 249 | } |
| 250 | } |
| 251 | fclose(output_file); |
| 252 | |
| 253 | /* Concat and combine to signed image. |
| 254 | * Format [HDR][RAW APPSBOOT][PADDED CERT CHAIN] |
| 255 | */ |
| 256 | if ((output_file = fopen(argv[4], "wb")) == NULL) { |
| 257 | perror("ERROR: Occured during fopen"); |
| 258 | return -1; |
| 259 | } |
| 260 | printf("Image Output File: %s\n", argv[4]); |
| 261 | |
| 262 | //Header |
| 263 | if ((input_file = fopen(argv[2], "rb")) == NULL) { |
| 264 | perror("ERROR: Occured during fopen"); |
| 265 | return -1; |
| 266 | } |
| 267 | stat(argv[2], &s); |
| 268 | if (cat(input_file, output_file, s.st_size, buff_size)) |
| 269 | return -1; |
| 270 | fclose(input_file); |
| 271 | |
| 272 | //Raw Appsbl |
| 273 | if ((input_file = fopen(argv[1], "rb")) == NULL) { |
| 274 | perror("ERROR: Occured during fopen"); |
| 275 | return -1; |
| 276 | } |
| 277 | stat(argv[1], &s); |
| 278 | if (cat(input_file, output_file, s.st_size, buff_size)) |
| 279 | return -1; |
| 280 | fclose(input_file); |
| 281 | |
| 282 | //Signature |
| 283 | if ((input_file = fopen(argv[7], "rb")) == NULL) { |
| 284 | perror("ERROR: Occured during fopen"); |
| 285 | return -1; |
| 286 | } |
| 287 | stat(argv[7], &s); |
| 288 | if (cat(input_file, output_file, s.st_size, buff_size)) |
| 289 | return -1; |
| 290 | fclose(input_file); |
| 291 | |
| 292 | //Certifcate Chain |
| 293 | if ((input_file = fopen(argv[6], "rb")) == NULL) { |
| 294 | perror("ERROR: Occured during fopen"); |
| 295 | return -1; |
| 296 | } |
| 297 | if (cat(input_file, output_file, |
| 298 | (current_cert_chain_size + padding_size), buff_size)) |
| 299 | return -1; |
| 300 | fclose(input_file); |
| 301 | |
| 302 | fclose(output_file); |
| 303 | |
| 304 | } else if (argc == 5 || argc == 6) { |
| 305 | FILE *input_file; |
| 306 | FILE *output_file; |
| 307 | unsigned buff_size = 1; |
| 308 | char buf[buff_size]; |
| 309 | |
| 310 | /* Concat and combine to unsigned image. |
| 311 | * Format [HDR][RAW APPSBOOT] |
| 312 | */ |
| 313 | if ((output_file = fopen(argv[4], "wb")) == NULL) { |
| 314 | perror("ERROR: Occured during fopen"); |
| 315 | return -1; |
| 316 | } |
| 317 | printf("Image Output File: %s\n", argv[4]); |
| 318 | |
| 319 | //Header |
| 320 | if ((input_file = fopen(argv[2], "rb")) == NULL) { |
| 321 | perror("ERROR: Occured during fopen"); |
| 322 | return -1; |
| 323 | } |
| 324 | stat(argv[2], &s); |
| 325 | if (cat(input_file, output_file, s.st_size, buff_size)) |
| 326 | return -1; |
| 327 | fclose(input_file); |
| 328 | |
| 329 | //Raw Appsbl |
| 330 | if ((input_file = fopen(argv[1], "rb")) == NULL) { |
| 331 | perror("ERROR: Occured during fopen"); |
| 332 | return -1; |
| 333 | } |
| 334 | stat(argv[1], &s); |
| 335 | if (cat(input_file, output_file, s.st_size, buff_size)) |
| 336 | return -1; |
| 337 | fclose(input_file); |
| 338 | fclose(output_file); |
| 339 | } |
| 340 | |
| 341 | printf("Done execution\n"); |
| 342 | |
| 343 | return 0; |
| 344 | } |