| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 1 | #!/bin/bash | 
|  | 2 | set -eo pipefail | 
|  | 3 |  | 
|  | 4 | help=$'Generate Tarball with PSU image and MANIFEST Script | 
|  | 5 | usage: generate-psu-tar [OPTION] <parameter>... | 
|  | 6 | Options: | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 7 | --image        <file>          PSU FW image | 
|  | 8 | --version      <version>       PSU FW version | 
|  | 9 | --model        <model>         PSU FW model | 
|  | 10 | --manufacture  <version>       PSU FW manufacture | 
|  | 11 | --machineName  <machineName>   Optionally specify the target machine name of this image. | 
|  | 12 | --outfile      <filename>      Outfile name | 
|  | 13 | For example : -o psufw.tar | 
|  | 14 | The default outfile name is image.tar,and | 
|  | 15 | "image" is what you input. | 
|  | 16 | --sign         <path>          Sign the image. The optional path argument specifies | 
|  | 17 | the private key file. Defaults to the bash variable | 
|  | 18 | PRIVATE_KEY_PATH if available, or else uses the | 
|  | 19 | open-source private key in this script. | 
|  | 20 | --help                         Display this help text and exit. | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 21 | ' | 
|  | 22 |  | 
|  | 23 | private_key=$'-----BEGIN PRIVATE KEY----- | 
|  | 24 | MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri | 
|  | 25 | PaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B | 
|  | 26 | zIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k | 
|  | 27 | D4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU | 
|  | 28 | zUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/ | 
|  | 29 | nZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1 | 
|  | 30 | h6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt | 
|  | 31 | rX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE | 
|  | 32 | x/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5 | 
|  | 33 | DCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw | 
|  | 34 | cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE | 
|  | 35 | 5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4 | 
|  | 36 | 6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m | 
|  | 37 | F0nIdUAhR0yTfKM= | 
|  | 38 | -----END PRIVATE KEY----- | 
|  | 39 | ' | 
|  | 40 |  | 
|  | 41 | do_sign=false | 
|  | 42 | private_key_path="${PRIVATE_KEY_PATH}" | 
|  | 43 | image="" | 
|  | 44 | outfile="" | 
|  | 45 | version="" | 
|  | 46 | model="" | 
|  | 47 | manufacture="" | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 48 | machineName="" | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 49 | declare -a partitions=() | 
|  | 50 |  | 
|  | 51 |  | 
|  | 52 | while [[ $# -gt 0 ]]; do | 
|  | 53 | key="$1" | 
|  | 54 | case $key in | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 55 | --image) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 56 | image="$2" | 
|  | 57 | shift 2 | 
|  | 58 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 59 | --version) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 60 | version="$2" | 
|  | 61 | shift 2 | 
|  | 62 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 63 | --model) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 64 | model="$2" | 
|  | 65 | shift 2 | 
|  | 66 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 67 | --manufacture) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 68 | manufacture="$2" | 
|  | 69 | shift 2 | 
|  | 70 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 71 | --machineName) | 
|  | 72 | machineName="$2" | 
|  | 73 | shift 2 | 
|  | 74 | ;; | 
|  | 75 | --outfile) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 76 | outfile="$2" | 
|  | 77 | shift 2 | 
|  | 78 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 79 | --sign) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 80 | do_sign=true | 
|  | 81 | if [[ ! -z "${2}"  && "${2}" != -* ]]; then | 
|  | 82 | private_key_path="$2" | 
|  | 83 | shift 2 | 
|  | 84 | else | 
|  | 85 | shift 1 | 
|  | 86 | fi | 
|  | 87 | ;; | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 88 | --help) | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 89 | echo "$help" | 
|  | 90 | exit | 
|  | 91 | ;; | 
|  | 92 | *) | 
|  | 93 | echo "Please enter the correct parameters." | 
|  | 94 | echo "$help" | 
|  | 95 | exit 1 | 
|  | 96 | ;; | 
|  | 97 | esac | 
|  | 98 | done | 
|  | 99 |  | 
|  | 100 | if [ ! -f "${image}" ]; then | 
|  | 101 | echo "Please enter a valid PSU FW image file." | 
|  | 102 | echo "$help" | 
|  | 103 | exit 1 | 
|  | 104 | fi | 
|  | 105 |  | 
|  | 106 | if [  -z "${version}" ]; then | 
|  | 107 | echo "Please enter a valid PSU FW image version." | 
|  | 108 | echo "$help" | 
|  | 109 | exit 1 | 
|  | 110 | fi | 
|  | 111 |  | 
|  | 112 |  | 
|  | 113 | if [  -z "${model}" ]; then | 
|  | 114 | echo "Please enter a valid PSU FW image model." | 
|  | 115 | echo "$help" | 
|  | 116 | exit 1 | 
|  | 117 | fi | 
|  | 118 |  | 
|  | 119 | if [  -z "${manufacture}" ]; then | 
|  | 120 | echo "Please enter a valid PSU FW image manufacture." | 
|  | 121 | echo "$help" | 
|  | 122 | exit 1 | 
|  | 123 | fi | 
|  | 124 |  | 
|  | 125 | if [  -z "${outfile}" ]; then | 
|  | 126 | outfile=`pwd`/$image.tar | 
|  | 127 | else | 
|  | 128 | outfile=`pwd`/$outfile | 
|  | 129 | fi | 
|  | 130 |  | 
|  | 131 | scratch_dir=`mktemp -d` | 
|  | 132 | trap "{ rm -r ${scratch_dir}; }" EXIT | 
|  | 133 |  | 
|  | 134 | if [[ "${do_sign}" == true ]]; then | 
|  | 135 | if [[ -z "${private_key_path}" ]]; then | 
|  | 136 | private_key_path=${scratch_dir}/OpenBMC.priv | 
|  | 137 | echo "${private_key}" > "${private_key_path}" | 
|  | 138 | echo "Image is NOT secure!! Signing with the open private key!" | 
|  | 139 | else | 
|  | 140 | if [[ ! -f "${private_key_path}" ]]; then | 
|  | 141 | echo "Couldn't find private key ${private_key_path}." | 
|  | 142 | exit 1 | 
|  | 143 | fi | 
|  | 144 |  | 
|  | 145 | echo "Signing with ${private_key_path}." | 
|  | 146 | fi | 
|  | 147 |  | 
|  | 148 | public_key_file=publickey | 
|  | 149 | public_key_path=${scratch_dir}/$public_key_file | 
|  | 150 | openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}" | 
|  | 151 |  | 
|  | 152 | cp ${private_key_path} ${scratch_dir}/private_key | 
|  | 153 |  | 
|  | 154 | fi | 
|  | 155 |  | 
|  | 156 | manifest_location="MANIFEST" | 
|  | 157 | files_to_sign="$manifest_location $public_key_file $image" | 
|  | 158 |  | 
|  | 159 | cp ${image} ${scratch_dir} | 
|  | 160 | cd "${scratch_dir}" | 
|  | 161 |  | 
|  | 162 | echo "Creating MANIFEST for the image" | 
|  | 163 | echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\ | 
|  | 164 | extended_version=model=$model,manufacture=$manufacture" > $manifest_location | 
|  | 165 |  | 
| Chicago Duan | d48ae5f | 2020-01-01 16:43:46 +0800 | [diff] [blame] | 166 | if [[ ! -z "${machineName}" ]]; then | 
|  | 167 | echo -e "MachineName=${machineName}" >> $manifest_location | 
|  | 168 | fi | 
|  | 169 |  | 
| Chicago Duan | 99ac18a | 2019-12-12 15:20:51 +0800 | [diff] [blame] | 170 | if [[ "${do_sign}" == true ]]; then | 
|  | 171 | private_key_name=$(basename "${private_key_path}") | 
|  | 172 | key_type="${private_key_name%.*}" | 
|  | 173 | echo KeyType="${key_type}" >> $manifest_location | 
|  | 174 | echo HashType="RSA-SHA256" >> $manifest_location | 
|  | 175 |  | 
|  | 176 | for file in $files_to_sign; do | 
|  | 177 | openssl dgst -sha256 -sign private_key -out "${file}.sig" $file | 
|  | 178 | done | 
|  | 179 |  | 
|  | 180 | additional_files="*.sig" | 
|  | 181 | fi | 
|  | 182 |  | 
|  | 183 | tar -cvf $outfile $files_to_sign $additional_files | 
|  | 184 | echo "PSU FW tarball at $outfile" | 
|  | 185 | exit |