scripts: add mcuboot build script. [11/14]
PD#SWPL-113076
Problem:
add mcuboot build script.
Solution:
add mcuboot build script.
Verify:
ad403_a113l
Change-Id: I84283d13845a8908dcd03a6800657493e98e5cde
Signed-off-by: fugui.zhang <fugui.zhang@amlogic.com>
diff --git a/package.sh b/package.sh
index ed40abe..2dc4de3 100755
--- a/package.sh
+++ b/package.sh
@@ -27,7 +27,7 @@
#parameter check
if [ -z "$PACKAGE_ARRY" ]; then
- echo -e "\033[41;33m package list is not set, please execute source scripts/pkg_env.sh \033[0m"
+ echo -e "\033[41;33m package list is not set, please execute scripts/pkg_env.sh \033[0m"
exit 1
fi
@@ -54,6 +54,41 @@
mkdir -p $AML_IMAGE_STORAGE_PATH
}
+function package_kernel_for_mcuboot() {
+ MCUBOOT_LIB_DIR=${RTOS_BUILD_DIR}/lib/mcuboot
+ MCUBOOT_SIGNTOOL_DIR=${MCUBOOT_LIB_DIR}/scripts
+ MCUBOOT_SIGNTOOL=${MCUBOOT_SIGNTOOL_DIR}/imgtool.py
+ MCUBOOT_OUT_DIR=${RTOS_BUILD_DIR}/output/$1-$2-mcuboot
+ MCUBOOT_CFG=$MCUBOOT_OUT_DIR/$KERNEL/.config
+ IMGTOOL_INPUT_FILE=$OUTPUT_PATH/$KERNEL/$KERNEL.bin
+ IMGTOOL_OUTPUT_FILE=$OUTPUT_PATH/images/$KERNEL-signed.bin
+
+ KERNEL_SLOT_SZ="$(grep -E \
+ "^CONFIG_LIB_MCUBOOT_KERNEL_SIZE=" "$MCUBOOT_CFG" | cut -d '=' -f2)"
+
+ python3 $MCUBOOT_SIGNTOOL sign --key $MCUBOOT_LIB_DIR/root-rsa-2048.pem \
+ --header-size 0x1000 --align 4 --slot-size ${KERNEL_SLOT_SZ} \
+ --pad --version 1.0.0 --pad-header --load-addr 0x10000 \
+ ${IMGTOOL_INPUT_FILE} \
+ ${IMGTOOL_OUTPUT_FILE}
+
+ cp ${IMGTOOL_OUTPUT_FILE} ${IMAGE_PATH}/rtos-uImage
+
+ PRODUCT_CFG=${RTOS_BUILD_DIR}/output/$1-$2-$3/$KERNEL/.config
+ BT_INPUT_FILE=${RTOS_BUILD_DIR}/boards/${pkg_arch[0]}/${pkg_board[0]}/bt_fw.bin
+ BT_OUTPUT_FILE=$AML_IMAGE_STORAGE_PATH/bt-signed.bin
+ BT_SLOT_SZ="$(grep -E "^CONFIG_LIB_MCUBOOT_BT_SIZE=" "$MCUBOOT_CFG" | cut -d '=' -f2)"
+
+ python3 $MCUBOOT_SIGNTOOL sign --key $MCUBOOT_LIB_DIR/root-rsa-2048.pem \
+ --header-size 0x1000 --align 4 --slot-size ${BT_SLOT_SZ} \
+ --version 1.0.0 \
+ --pad-header \
+ ${BT_INPUT_FILE} \
+ ${BT_OUTPUT_FILE}
+ cp $BT_OUTPUT_FILE ${IMAGE_PATH}/bt
+
+}
+
function compile_rtos_for_arm() {
# target file path
OUTPUT_PATH=${RTOS_BUILD_DIR}/output/$1-$3-$4
@@ -96,9 +131,14 @@
cp ${OUTPUT_PATH}/${KERNEL}/${KERNEL}.bin ${BINARY_FILE}
fi
- mkimage -A ${ARCH} -O u-boot -T standalone -C none -a ${RTOS_LOAD_ADDR} -e ${RTOS_LOAD_ADDR} -n rtos -d ${BINARY_FILE} ${IMAGE_PATH}/rtos-uImage
+ if [ -n "$BUILD_MCUBOOT" ]; then
+ package_kernel_for_mcuboot $1 $3 $4
+ else
+ mkimage -A ${ARCH} -O u-boot -T standalone -C none -a ${RTOS_LOAD_ADDR} \
+ -e ${RTOS_LOAD_ADDR} -n rtos -d ${BINARY_FILE} ${IMAGE_PATH}/rtos-uImage
+ fi
- if [ "$RTOS_XIP" = "1" ]; then
+ if [ "$RTOS_XIP" = "1" ]; then
cp ${OUTPUT_PATH}/freertos/freertos_b.bin ${IMAGE_PATH}/rtos-xipA
cp ${IMAGE_PATH}/* $AML_IMAGE_STORAGE_PATH/
else
@@ -157,25 +197,31 @@
echo "start compiling bootloader ..."
echo "<-------------- ${pkg_arch[0]} ${pkg_soc[0]} ${pkg_board[0]} ${pkg_product[0]} -------------->"
- #Select the compile parameters of the bootstrap
- case ${pkg_board[0]} in
- 'ad401_a113l')
- uboot_type="a1_ad401_nand_rtos"
- ;;
- 'ad403_a113l')
- uboot_type="a1_ad403_nand_rtos"
- ;;
- *) ;;
- esac
-
- if [ -z "$uboot_type" ]; then
- echo "Waring: Select board(${pkg_board[0]}) not support compile uboot"
- exit 1
+ if [ "$1" == "mcuboot" ]; then
+ source $RTOS_BUILD_DIR/scripts/package_mcuboot.sh
+ compile_mcuboot ${pkg_arch[0]} ${pkg_soc[0]} ${pkg_board[0]} mcuboot $AML_IMAGE_STORAGE_PATH
+ echo "Compilation of MCUBoot is successful"
else
- pushd $RTOS_BUILD_DIR/boot/u-boot
- ./mk $uboot_type
- test -f build/u-boot.bin && cp -av build/u-boot.bin* $AML_IMAGE_STORAGE_PATH
- popd
+ #Select the compile parameters of the bootstrap
+ case ${pkg_board[0]} in
+ 'ad401_a113l')
+ uboot_type="a1_ad401_nand_rtos"
+ ;;
+ 'ad403_a113l')
+ uboot_type="a1_ad403_nor_rtos"
+ ;;
+ *) ;;
+ esac
+
+ if [ -z "$uboot_type" ]; then
+ echo "Waring: Select board(${pkg_board[0]}) not support compile uboot"
+ exit 1
+ else
+ pushd $RTOS_BUILD_DIR/boot/u-boot
+ ./mk $uboot_type
+ test -f build/u-boot.bin && cp -av build/u-boot.bin* $AML_IMAGE_STORAGE_PATH
+ popd
+ fi
fi
}
@@ -184,12 +230,20 @@
install $IMAGE_BOARD_CONFIG_DIR/usb_flow.aml $AML_IMAGE_STORAGE_PATH/
install $IMAGE_BOARD_CONFIG_DIR/aml_sdc_burn.ini $AML_IMAGE_STORAGE_PATH/
- if [ -e "$AML_IMAGE_STORAGE_PATH/dspboot.bin" ]; then
- cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package.conf $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
- elif [ -e "$AML_IMAGE_STORAGE_PATH/rtos-xipA.bin" ]; then
- cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package_xip.conf $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
- else
- cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package_ndsp.conf $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
+ if [ -e "$AML_IMAGE_STORAGE_PATH/mcuboot.bin" ]; then
+ cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package_mcuboot.conf \
+ $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
+ elif [ -e "$AML_IMAGE_STORAGE_PATH/u-boot.bin" ]; then
+ if [ -e "$AML_IMAGE_STORAGE_PATH/dspboot.bin" ]; then
+ cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package.conf \
+ $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
+ elif [ -e "$AML_IMAGE_STORAGE_PATH/rtos-xipA.bin" ]; then
+ cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package_xip.conf \
+ $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
+ elif [ -e "$AML_IMAGE_STORAGE_PATH/u-boot.bin" ]; then
+ cp $IMAGE_BOARD_CONFIG_DIR/aml_upgrade_package_ndsp.conf \
+ $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf
+ fi
fi
$RTOS_BUILD_DIR/image_packer/aml_image_v2_packer -r $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.conf $AML_IMAGE_STORAGE_PATH $AML_IMAGE_STORAGE_PATH/aml_upgrade_package.img
@@ -198,6 +252,6 @@
}
package_target_verify
+build_bootloader mcuboot
compile_rtos_for_all
-build_bootloader
aml_image_package
diff --git a/package_mcuboot.sh b/package_mcuboot.sh
new file mode 100644
index 0000000..8f0bfa9
--- /dev/null
+++ b/package_mcuboot.sh
@@ -0,0 +1,160 @@
+#! /bin/bash
+#
+# Copyright (c) 2021-2022 Amlogic, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: MIT
+#
+
+MAIN_DIR=$(realpath $(dirname $(readlink -f ${BASH_SOURCE[0]:-$0}))/..)
+
+#$1: bl2.bin
+#$2: bl2_tmp.bin
+#$3: bl2_fixed.bin
+#$4: acs.bin
+#$5: acs_fixed.bin
+#$6: bl2_new.bin
+#This function fix bl2.bin to bl2_fixed.bin, acs.bin to acs_fixed.bin,
+#and then combine bl2_fixed.bin and acs_fixed.bin to bl2_new.bin
+function fix_bl2() {
+
+ declare -i blx_bin_limit=57344
+ declare -i blx_acs_limit=4096
+ declare -i blx_size=0
+ declare -i remain_size=0
+
+ blx_size=$((`stat -c %s $1`))
+ if [ $blx_size -gt $blx_bin_limit ]; then
+ echo "Error: ($1) too big. $blx_size > $blx_bin_limit"
+ exit 1
+ fi
+
+ #fix bl2 to 56KB with zero
+ remain_size=$((blx_bin_limit - blx_size))
+ dd if=/dev/zero of=$2 bs=1 count=$remain_size
+ cat $1 $2 > $3 2> /dev/zero && rm $2
+
+ blx_size=$((`stat -c %s $4`))
+ if [ "$blx_size" -gt "$blx_acs_limit" ]; then
+ echo "Error: ($4) too big. $blx_size > $blx_acs_limit"
+ exit 1
+ fi
+ #fix acs to 4KB with zero
+ remain_size=$((blx_acs_limit - blx_size))
+ dd if=/dev/zero of=$2 bs=1 count=$remain_size
+ cat $4 $2 > $5 2> /dev/zero && rm $2
+
+ #combine bl2.bin and acs.bin to bl2_new.bin
+ cat $3 $5 > $6 2> /dev/zero && rm $3 $5
+
+}
+
+function encrypt() {
+ local ret=0
+ $ENCRYPT_TOOL $@
+ ret=$?
+ if [ 0 -ne "$ret" ]; then
+ echo "Encrypt error: $ret"
+ exit 1
+ fi
+}
+#$1 mcuboot output directory
+function encrypt_bootloader() {
+ encrypt --bl3sig --input $BL31_IMG --output $BL31_IMG.enc --level v3 --type bl31
+ encrypt --bl3sig --input $BL33_BIN --output $BL33_BIN.enc --level v3 --type bl33
+ encrypt --bl2sig --input $BL2_NEW_BIN --output $BL2_ENCRYPT_BIN && rm $BL2_NEW_BIN
+ encrypt --bootmk --output $1/mcuboot.bin \
+ --bl2 $BL2_ENCRYPT_BIN \
+ --bl31 $BL31_IMG.enc \
+ --bl33 $BL33_BIN.enc --level v3 \
+ --ddrfw1 $DDRFW_1 \
+ --ddrfw2 $DDRFW_2 \
+ --ddrfw3 $DDRFW_3 \
+ --ddrfw4 $DDRFW_4 \
+ --ddrfw5 $DDRFW_5 \
+ && rm $BL2_ENCRYPT_BIN $BL31_IMG.enc $BL33_BIN.enc
+}
+
+#$1 soc
+#$2 product
+#$3 input bl33.bin's and output mcuboot.bin's directory: output/arch-board-product/images/
+function package_mcuboot() {
+ #define firmware parameters
+ FIRMWARE_DIR=$MAIN_DIR/products/$2/build/$1
+
+ ACS=$FIRMWARE_DIR/acs.bin
+ BL2_BIN=$FIRMWARE_DIR/bl2.bin
+ BL2_NEW_BIN=$FIRMWARE_DIR/bl2_new.bin
+ BL2_ENCRYPT_BIN=$FIRMWARE_DIR/bl2.n.bin.sig
+ BL31_BIN=$FIRMWARE_DIR/bl31.bin
+ BL31_IMG=$FIRMWARE_DIR/bl31.img
+ BL33_BIN=$3/bl33.bin
+ DDRFW_1=$FIRMWARE_DIR/ddr4_1d.fw
+ DDRFW_2=$FIRMWARE_DIR/ddr4_2d.fw
+ DDRFW_3=$FIRMWARE_DIR/ddr3_1d.fw
+ DDRFW_4=$FIRMWARE_DIR/piei.fw
+ DDRFW_5=$FIRMWARE_DIR/aml_ddr.fw
+ ENCRYPT_TOOL=$FIRMWARE_DIR/aml_encrypt_a1
+
+ fix_bl2 \
+ $BL2_BIN \
+ $FIRMWARE_DIR/bl2_tmp.bin \
+ $FIRMWARE_DIR/bl2_fixed.bin \
+ $ACS \
+ $FIRMWARE_DIR/acs_fix.bin \
+ $BL2_NEW_BIN
+ encrypt_bootloader $3
+}
+
+#$1 arch
+#$2 soc
+#$3 board
+#$4 product
+function compile_mcuboot() {
+ # target file path
+ export BUILD_MCUBOOT=1
+ MCUBOOT_ARCH=$1
+ MCUBOOT_SOC=$2
+ MCUBOOT_BOARD=$3
+ MCUBOOT_PRODUCT=$4
+ IMAGE_STORAGE_PATH=$5
+
+ MCUBOOT_OUTPUT_PATH=${MAIN_DIR}/output/$MCUBOOT_ARCH-$MCUBOOT_BOARD-$MCUBOOT_PRODUCT
+
+ MCUBOOT_IMAGE_PATH=${MCUBOOT_OUTPUT_PATH}/images
+ ORIGINAL_BINARY_FILE=${MCUBOOT_IMAGE_PATH}/bl33.bin
+ DEBUG_FILE_PREFIX=${MCUBOOT_OUTPUT_PATH}/${KERNEL}/${KERNEL}
+
+ # Clean up mcuboot compilation intermediate files
+ rm -rf $MCUBOOT_OUTPUT_PATH
+
+ # start compile flow
+ pushd $MAIN_DIR
+
+ source scripts/env.sh $MCUBOOT_ARCH $MCUBOOT_SOC $MCUBOOT_BOARD $MCUBOOT_PRODUCT
+
+ if [ "$BACKTRACE_ENABLE" = "1" ]; then
+ make backtrace
+ else
+ make
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "Compile MCUBoot failed:$?"
+ popd
+ exit 1
+ fi
+
+ if [ -f "$MCUBOOT_IMAGE_PATH/$KERNEL-signed.bin" ]; then
+ mv $MCUBOOT_IMAGE_PATH/$KERNEL-signed.bin $ORIGINAL_BINARY_FILE
+ else
+ echo "$MCUBOOT_OUTPUT_PATH/$KERNEL/$KERNEL.bin does not exist!"
+ popd
+ exit 1
+ fi
+
+ #package mcuboot
+ package_mcuboot $MCUBOOT_SOC $MCUBOOT_PRODUCT $MCUBOOT_IMAGE_PATH
+ test -f $MCUBOOT_IMAGE_PATH/mcuboot.bin && \
+ cp -av $MCUBOOT_IMAGE_PATH/mcuboot.* $IMAGE_STORAGE_PATH/
+ popd
+}