Git Browser for ODROID
Code Review Sign In
git.odroid.com / yocto / amlogic / tools / fip / a87c03dba65eda022ba4d081660897572fa33dcc / . / axg / build.sh
blob: fe84430f05a8aa1f9999b358a9d95dcf46d33826 [file] [log] [blame]
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]1#!/bin/bash
2
3# include uboot pre-build macros
4#declare CONFIG_FILE=("${buildtree}/.config")
5#declare AUTOCFG_FILE=("${buildtree}/include/autoconf.mk")
6
7function init_vari() {
8 #source ${CONFIG_FILE} &> /dev/null # ignore warning/error
9 #source ${AUTOCFG_FILE} &> /dev/null # ignore warning/error
10
11 AML_BL2_NAME="bl2.bin"
dongqing.lie538ef82022-08-24 15:11:31 +0800[diff] [blame]12 AML_KEY_BLOB_NAME="aml-user-key.sig"
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]13
14 if [ "y" == "${CONFIG_AML_SECURE_BOOT_V3}" ]; then
15 V3_PROCESS_FLAG="--level v3"
16 fi
17
18 if [ "y" == "${CONFIG_AML_BL33_COMPRESS_ENABLE}" ]; then
19 BL33_COMPRESS_FLAG="--compress lz4"
20 fi
21
22 if [ "y" == "${CONFIG_FIP_IMG_SUPPORT}" ]; then
23 BL3X_SUFFIX="img"
24 fi
25}
26
27function fix_blx() {
28 #bl2 file size 41K, bl21 file size 3K (file size not equal runtime size)
29 #total 44K
30 #after encrypt process, bl2 add 4K header, cut off 4K tail
31
32 #bl30 limit 41K
33 #bl301 limit 12K
34 #bl2 limit 41K
35 #bl21 limit 3K, but encrypt tool need 48K bl2.bin, so fix to 7168byte.
36
37 declare blx_bin_limit=0
38 declare blx01_bin_limit=0
39 declare -i blx_size=0
40 declare -i zero_size=0
41
42 #$7:name flag
43 if [ "$7" = "bl30" ]; then
44 blx_bin_limit=40960 # PD#132613 2016-10-31 update, 41984->40960
45 blx01_bin_limit=13312 # PD#132613 2016-10-31 update, 12288->13312
46 elif [ "$7" = "bl2" ]; then
47 blx_bin_limit=41984
48 blx01_bin_limit=7168
49 else
50 echo "blx_fix name flag not supported!"
51 exit 1
52 fi
53
54 # blx_size: blx.bin size, zero_size: fill with zeros
55 blx_size=`du -b $1 | awk '{print int($1)}'`
Lawrence Mokc38e1c62018-05-10 16:07:38 -0700[diff] [blame]56 if [ $blx_size -gt $blx_bin_limit ]; then
57 echo "Error: $7 ($1) too big. $blx_size > $blx_bin_limit"
58 exit 1
59 fi
60
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]61 zero_size=$blx_bin_limit-$blx_size
62 dd if=/dev/zero of=$2 bs=1 count=$zero_size
63 cat $1 $2 > $3
64 rm $2
65
66 blx_size=`du -b $4 | awk '{print int($1)}'`
67 zero_size=$blx01_bin_limit-$blx_size
68 dd if=/dev/zero of=$2 bs=1 count=$zero_size
69 cat $4 $2 > $5
70
71 cat $3 $5 > $6
72
73 rm $2
74}
75
76function cleanup() {
77 rm -f ${BUILD_PATH}/bl*.enc ${BUILD_PATH}/bl2*.sig
78 rm -f ${BUILD_PATH}/boot_new.bin
79}
80
81function encrypt_step() {
82 dbg "encrypt: $@"
83 local ret=0
84 ./${FIP_FOLDER}${CUR_SOC}/aml_encrypt_${CUR_SOC} $@
85 ret=$?
86 if [ 0 != $ret ]; then
87 echo "Err! aml_encrypt_${CUR_SOC} return $ret"
88 exit $ret
89 fi
90}
91
92function encrypt() {
93 # part1 for new soc flow(besides gxb/gxtvbb)
94 if [ "y" == "${CONFIG_AML_SECURE_BOOT_V3}" ]; then
95 # v3 flow
96 encrypt_step --bl3sig --input ${BUILD_PATH}/bl30_new.bin --output ${BUILD_PATH}/bl30_new.bin.enc ${V3_PROCESS_FLAG} --type bl30
97 encrypt_step --bl3sig --input ${BUILD_PATH}/bl31.${BL3X_SUFFIX} --output ${BUILD_PATH}/bl31.${BL3X_SUFFIX}.enc ${V3_PROCESS_FLAG} --type bl31
98 if [ "${FIP_BL32}" == "${BUILD_PATH}/bl32.${BL3X_SUFFIX}" ]; then
99 encrypt_step --bl3sig --input ${BUILD_PATH}/bl32.${BL3X_SUFFIX} --output ${BUILD_PATH}/bl32.${BL3X_SUFFIX}.enc ${V3_PROCESS_FLAG} --type bl32
100 fi
101 encrypt_step --bl3sig --input ${BUILD_PATH}/bl33.bin ${BL33_COMPRESS_FLAG} --output ${BUILD_PATH}/bl33.bin.enc ${V3_PROCESS_FLAG} --type bl33
102 else
103 # v2 flow
104 encrypt_step --bl3enc --input ${BUILD_PATH}/bl30_new.bin --output ${BUILD_PATH}/bl30_new.bin.enc
105 encrypt_step --bl3enc --input ${BUILD_PATH}/bl31.${BL3X_SUFFIX} --output ${BUILD_PATH}/bl31.${BL3X_SUFFIX}.enc
106 if [ "${FIP_BL32}" == "${BUILD_PATH}/bl32.${BL3X_SUFFIX}" ]; then
xiaobo gud74f7882018-06-26 15:53:57 +0800[diff] [blame]107 encrypt_step --bl3enc --input ${BUILD_PATH}/bl32.${BL3X_SUFFIX} --output ${BUILD_PATH}/bl32.${BL3X_SUFFIX}.enc
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]108 fi
109 encrypt_step --bl3enc --input ${BUILD_PATH}/bl33.bin --output ${BUILD_PATH}/bl33.bin.enc ${BL33_COMPRESS_FLAG}
110 fi
111
112 encrypt_step --bl2sig --input ${BUILD_PATH}/bl2_new.bin --output ${BUILD_PATH}/bl2.n.bin.sig
113
114 encrypt_step --bootmk --output ${BUILD_PATH}/u-boot.bin \
115 --bl2 ${BUILD_PATH}/bl2.n.bin.sig --bl30 ${BUILD_PATH}/bl30_new.bin.enc \
116 --bl31 ${BUILD_PATH}/bl31.${BL3X_SUFFIX}.enc ${FIP_BL32_PROCESS} --bl33 ${BUILD_PATH}/bl33.bin.enc ${V3_PROCESS_FLAG}
117 # part1 end
118 # part1 for old soc (gxb/gxtvbb)
119 #encrypt_step --bootsig --input ${BUILD_PATH}/boot_new.bin --output ${BUILD_PATH}/u-boot.bin
120
121 if [ "y" == "${CONFIG_AML_CRYPTO_UBOOT}" ]; then
122 # new soc only (besides gxb/gxtvbb)
dongqing.lie538ef82022-08-24 15:11:31 +0800[diff] [blame]123 encrypt_step --efsgen --amluserkey ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/${AML_KEY_BLOB_NAME} \
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]124 --output ${BUILD_PATH}/u-boot.bin.encrypt.efuse ${V3_PROCESS_FLAG}
125
126 # for all soc
dongqing.lie538ef82022-08-24 15:11:31 +0800[diff] [blame]127 encrypt_step --bootsig --input ${BUILD_PATH}/u-boot.bin --amluserkey ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/${AML_KEY_BLOB_NAME} \
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]128 --aeskey enable --output ${BUILD_PATH}/u-boot.bin.encrypt ${V3_PROCESS_FLAG}
129 fi
130
131 if [ "y" == "${CONFIG_AML_CRYPTO_IMG}" ]; then
dongqing.lie538ef82022-08-24 15:11:31 +0800[diff] [blame]132 encrypt_step --imgsig --input ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/boot.img --amluserkey ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/${AML_KEY_BLOB_NAME} --output ${BUILD_PATH}/boot.img.encrypt
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]133 fi
134
135 return
136}
137
138function build_fip() {
139 fix_blx \
140 ${BUILD_PATH}/bl30.bin \
141 ${BUILD_PATH}/zero_tmp \
142 ${BUILD_PATH}/bl30_zero.bin \
143 ${BUILD_PATH}/bl301.bin \
144 ${BUILD_PATH}/bl301_zero.bin \
145 ${BUILD_PATH}/bl30_new.bin \
146 bl30
147
148 # acs_tool process ddr timing and configurable parameters
hanliang.xionga87c03d2024-07-09 02:20:59 +0000[diff] [blame^]149 python2 ${FIP_FOLDER}/acs_tool.pyc ${BUILD_PATH}/${AML_BL2_NAME} ${BUILD_PATH}/bl2_acs.bin ${BUILD_PATH}/acs.bin 0
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]150
151 # fix bl2/bl21
152 fix_blx \
153 ${BUILD_PATH}/bl2_acs.bin \
154 ${BUILD_PATH}/zero_tmp \
155 ${BUILD_PATH}/bl2_zero.bin \
156 ${BUILD_PATH}/bl21.bin \
157 ${BUILD_PATH}/bl21_zero.bin \
158 ${BUILD_PATH}/bl2_new.bin \
159 bl2
160
161 # v2: bl30/bl301 merged since 2016.03.22
162 FIP_ARGS="--bl30 ${BUILD_PATH}/bl30_new.bin --bl31 ${BUILD_PATH}/bl31.${BL3X_SUFFIX}"
163
164 if [ "y" == "${CONFIG_NEED_BL32}" ]; then
165 FIP_BL32="`find ${BUILD_PATH} -name "bl32.${BL3X_SUFFIX}"`"
166 if [ "${FIP_BL32}" == "${BUILD_PATH}/bl32.${BL3X_SUFFIX}" ]; then
167 FIP_ARGS="${FIP_ARGS}"" --bl32 ${BUILD_PATH}/bl32.${BL3X_SUFFIX}"
168 FIP_BL32_PROCESS=" --bl32 ${BUILD_PATH}/bl32.${BL3X_SUFFIX}.enc"
169 fi
170 fi
171 FIP_ARGS="${FIP_ARGS}"" --bl33 ${BUILD_PATH}/bl33.bin"
172
173 # create fip.bin
174 ./${FIP_FOLDER}/fip_create ${FIP_ARGS} ${BUILD_PATH}/fip.bin
175 ./${FIP_FOLDER}/fip_create --dump ${BUILD_PATH}/fip.bin
176
177 # build final bootloader
178 cat ${BUILD_PATH}/bl2_new.bin ${BUILD_PATH}/fip.bin > ${BUILD_PATH}/boot_new.bin
179
180 return
181}
182
183function copy_other_soc() {
184 cp ${UBOOT_SRC_FOLDER}/build/scp_task/bl301.bin ${BUILD_PATH} -f
185 cp ${UBOOT_SRC_FOLDER}/build/${BOARD_DIR}/firmware/bl21.bin ${BUILD_PATH} -f
186 cp ${UBOOT_SRC_FOLDER}/build/${BOARD_DIR}/firmware/acs.bin ${BUILD_PATH} -f
187 # todo. cp bl40?
188}
189
190function package() {
191 # BUILD_PATH without "/"
192 x=$((${#BUILD_PATH}-1))
193 if [ "\\" == "${BUILD_PATH:$x:1}" ] || [ "/" == "${BUILD_PATH:$x:1}" ]; then
194 BUILD_PATH=${BUILD_PATH:0:$x}
195 fi
196
197 init_vari $@
198 build_fip $@
Zhongfu Luod2556372022-04-27 20:02:33 +0800[diff] [blame]199
200 if [ "y" == "${CONFIG_AML_SIGNED_UBOOT}" ]; then
201
202 mv -f ${BUILD_PATH}/bl33.bin ${BUILD_PATH}/bl33.bin.org
203 encrypt_step --bl3sig --input ${BUILD_PATH}/bl33.bin.org --output ${BUILD_PATH}/bl33.bin.org.lz4 --compress lz4 --level v3 --type bl33
204 #get LZ4 format bl33 image from bl33.bin.enc with offset 0x720
205 dd if=${BUILD_PATH}/bl33.bin.org.lz4 of=${BUILD_PATH}/bl33.bin bs=1 skip=1824 >& /dev/null
206
207 list_pack="${BUILD_PATH}/bl2_new.bin ${BUILD_PATH}/bl30_new.bin ${BUILD_PATH}/bl31.img ${BUILD_PATH}/bl32.img ${BUILD_PATH}/bl33.bin"
208 u_pack=${BUILD_FOLDER}/"$(basename ${BOARD_DIR})"-u-boot.aml.zip
209 zip -j $u_pack ${list_pack} >& /dev/null
210
211 ${FIP_FOLDER}/stool/sign.sh -s ${CUR_SOC} -z $u_pack -o ${BUILD_FOLDER} -r ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/aml-key -a ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/aml-key
212
213 if [ "y" == "${CONFIG_AML_CRYPTO_IMG}" ]; then
214 ${FIP_FOLDER}/stool/sign.sh -s ${CUR_SOC} -p ${UBOOT_SRC_FOLDER}/${BOARD_DIR} -o ${BUILD_FOLDER} -r ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/aml-key -a ${UBOOT_SRC_FOLDER}/${BOARD_DIR}/aml-key
215 fi
216
217 else
218 encrypt $@
219 fi
xiaobo gue6c46862018-01-10 18:58:09 +0800[diff] [blame]220 #copy_file
221 #cleanup
222 echo "Bootloader build done!"
223}