scripts: add mcuboot build script. [11/14]
PD#SWPL-113076
Problem:
add mcuboot build script.
Solution:
add mcuboot build script.
Verify:
ad403_a113l
Change-Id: I84283d13845a8908dcd03a6800657493e98e5cde
Signed-off-by: fugui.zhang <fugui.zhang@amlogic.com>
diff --git a/package_mcuboot.sh b/package_mcuboot.sh
new file mode 100644
index 0000000..8f0bfa9
--- /dev/null
+++ b/package_mcuboot.sh
@@ -0,0 +1,160 @@
+#! /bin/bash
+#
+# Copyright (c) 2021-2022 Amlogic, Inc. All rights reserved.
+#
+# SPDX-License-Identifier: MIT
+#
+
+MAIN_DIR=$(realpath $(dirname $(readlink -f ${BASH_SOURCE[0]:-$0}))/..)
+
+#$1: bl2.bin
+#$2: bl2_tmp.bin
+#$3: bl2_fixed.bin
+#$4: acs.bin
+#$5: acs_fixed.bin
+#$6: bl2_new.bin
+#This function fix bl2.bin to bl2_fixed.bin, acs.bin to acs_fixed.bin,
+#and then combine bl2_fixed.bin and acs_fixed.bin to bl2_new.bin
+function fix_bl2() {
+
+ declare -i blx_bin_limit=57344
+ declare -i blx_acs_limit=4096
+ declare -i blx_size=0
+ declare -i remain_size=0
+
+ blx_size=$((`stat -c %s $1`))
+ if [ $blx_size -gt $blx_bin_limit ]; then
+ echo "Error: ($1) too big. $blx_size > $blx_bin_limit"
+ exit 1
+ fi
+
+ #fix bl2 to 56KB with zero
+ remain_size=$((blx_bin_limit - blx_size))
+ dd if=/dev/zero of=$2 bs=1 count=$remain_size
+ cat $1 $2 > $3 2> /dev/zero && rm $2
+
+ blx_size=$((`stat -c %s $4`))
+ if [ "$blx_size" -gt "$blx_acs_limit" ]; then
+ echo "Error: ($4) too big. $blx_size > $blx_acs_limit"
+ exit 1
+ fi
+ #fix acs to 4KB with zero
+ remain_size=$((blx_acs_limit - blx_size))
+ dd if=/dev/zero of=$2 bs=1 count=$remain_size
+ cat $4 $2 > $5 2> /dev/zero && rm $2
+
+ #combine bl2.bin and acs.bin to bl2_new.bin
+ cat $3 $5 > $6 2> /dev/zero && rm $3 $5
+
+}
+
+function encrypt() {
+ local ret=0
+ $ENCRYPT_TOOL $@
+ ret=$?
+ if [ 0 -ne "$ret" ]; then
+ echo "Encrypt error: $ret"
+ exit 1
+ fi
+}
+#$1 mcuboot output directory
+function encrypt_bootloader() {
+ encrypt --bl3sig --input $BL31_IMG --output $BL31_IMG.enc --level v3 --type bl31
+ encrypt --bl3sig --input $BL33_BIN --output $BL33_BIN.enc --level v3 --type bl33
+ encrypt --bl2sig --input $BL2_NEW_BIN --output $BL2_ENCRYPT_BIN && rm $BL2_NEW_BIN
+ encrypt --bootmk --output $1/mcuboot.bin \
+ --bl2 $BL2_ENCRYPT_BIN \
+ --bl31 $BL31_IMG.enc \
+ --bl33 $BL33_BIN.enc --level v3 \
+ --ddrfw1 $DDRFW_1 \
+ --ddrfw2 $DDRFW_2 \
+ --ddrfw3 $DDRFW_3 \
+ --ddrfw4 $DDRFW_4 \
+ --ddrfw5 $DDRFW_5 \
+ && rm $BL2_ENCRYPT_BIN $BL31_IMG.enc $BL33_BIN.enc
+}
+
+#$1 soc
+#$2 product
+#$3 input bl33.bin's and output mcuboot.bin's directory: output/arch-board-product/images/
+function package_mcuboot() {
+ #define firmware parameters
+ FIRMWARE_DIR=$MAIN_DIR/products/$2/build/$1
+
+ ACS=$FIRMWARE_DIR/acs.bin
+ BL2_BIN=$FIRMWARE_DIR/bl2.bin
+ BL2_NEW_BIN=$FIRMWARE_DIR/bl2_new.bin
+ BL2_ENCRYPT_BIN=$FIRMWARE_DIR/bl2.n.bin.sig
+ BL31_BIN=$FIRMWARE_DIR/bl31.bin
+ BL31_IMG=$FIRMWARE_DIR/bl31.img
+ BL33_BIN=$3/bl33.bin
+ DDRFW_1=$FIRMWARE_DIR/ddr4_1d.fw
+ DDRFW_2=$FIRMWARE_DIR/ddr4_2d.fw
+ DDRFW_3=$FIRMWARE_DIR/ddr3_1d.fw
+ DDRFW_4=$FIRMWARE_DIR/piei.fw
+ DDRFW_5=$FIRMWARE_DIR/aml_ddr.fw
+ ENCRYPT_TOOL=$FIRMWARE_DIR/aml_encrypt_a1
+
+ fix_bl2 \
+ $BL2_BIN \
+ $FIRMWARE_DIR/bl2_tmp.bin \
+ $FIRMWARE_DIR/bl2_fixed.bin \
+ $ACS \
+ $FIRMWARE_DIR/acs_fix.bin \
+ $BL2_NEW_BIN
+ encrypt_bootloader $3
+}
+
+#$1 arch
+#$2 soc
+#$3 board
+#$4 product
+function compile_mcuboot() {
+ # target file path
+ export BUILD_MCUBOOT=1
+ MCUBOOT_ARCH=$1
+ MCUBOOT_SOC=$2
+ MCUBOOT_BOARD=$3
+ MCUBOOT_PRODUCT=$4
+ IMAGE_STORAGE_PATH=$5
+
+ MCUBOOT_OUTPUT_PATH=${MAIN_DIR}/output/$MCUBOOT_ARCH-$MCUBOOT_BOARD-$MCUBOOT_PRODUCT
+
+ MCUBOOT_IMAGE_PATH=${MCUBOOT_OUTPUT_PATH}/images
+ ORIGINAL_BINARY_FILE=${MCUBOOT_IMAGE_PATH}/bl33.bin
+ DEBUG_FILE_PREFIX=${MCUBOOT_OUTPUT_PATH}/${KERNEL}/${KERNEL}
+
+ # Clean up mcuboot compilation intermediate files
+ rm -rf $MCUBOOT_OUTPUT_PATH
+
+ # start compile flow
+ pushd $MAIN_DIR
+
+ source scripts/env.sh $MCUBOOT_ARCH $MCUBOOT_SOC $MCUBOOT_BOARD $MCUBOOT_PRODUCT
+
+ if [ "$BACKTRACE_ENABLE" = "1" ]; then
+ make backtrace
+ else
+ make
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "Compile MCUBoot failed:$?"
+ popd
+ exit 1
+ fi
+
+ if [ -f "$MCUBOOT_IMAGE_PATH/$KERNEL-signed.bin" ]; then
+ mv $MCUBOOT_IMAGE_PATH/$KERNEL-signed.bin $ORIGINAL_BINARY_FILE
+ else
+ echo "$MCUBOOT_OUTPUT_PATH/$KERNEL/$KERNEL.bin does not exist!"
+ popd
+ exit 1
+ fi
+
+ #package mcuboot
+ package_mcuboot $MCUBOOT_SOC $MCUBOOT_PRODUCT $MCUBOOT_IMAGE_PATH
+ test -f $MCUBOOT_IMAGE_PATH/mcuboot.bin && \
+ cp -av $MCUBOOT_IMAGE_PATH/mcuboot.* $IMAGE_STORAGE_PATH/
+ popd
+}