summaryrefslogtreecommitdiff
authorPengguang Zhu <pengguang.zhu@amlogic.com>2017-11-16 08:55:55 (GMT)
committer Pengguang Zhu <pengguang.zhu@amlogic.com>2017-11-16 11:06:07 (GMT)
commit78c395931798d5919be8f10100b519a63e8bae0d (patch)
treea3775c02047f2c49e08cd09e4b8b3d4fa0316335
parent62f09488d2008db397eb906965182d6cc9b9651a (diff)
downloadtdk-78c395931798d5919be8f10100b519a63e8bae0d.zip
tdk-78c395931798d5919be8f10100b519a63e8bae0d.tar.gz
tdk-78c395931798d5919be8f10100b519a63e8bae0d.tar.bz2
update bl32.img and Makefile
1. pack rsa key default 2. add sign_ta_auto.py, using default key 3. sign TA default Change-Id: Ie52522556ae41d54e80541af9b459781e2b28c8b Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
Diffstat
-rw-r--r--demos/hello_world/ta/Android.mk2
-rw-r--r--demos/optee_test/ta/aes_perf/Android.mk2
-rw-r--r--demos/optee_test/ta/concurrent/Android.mk2
-rw-r--r--demos/optee_test/ta/concurrent_large/Android.mk2
-rw-r--r--demos/optee_test/ta/create_fail_test/Android.mk2
-rw-r--r--demos/optee_test/ta/crypt/Android.mk2
-rw-r--r--demos/optee_test/ta/os_test/Android.mk2
-rw-r--r--demos/optee_test/ta/rpc_test/Android.mk2
-rw-r--r--demos/optee_test/ta/sdp_basic/Android.mk2
-rw-r--r--demos/optee_test/ta/sha_perf/Android.mk2
-rw-r--r--demos/optee_test/ta/sims/Android.mk2
-rw-r--r--demos/optee_test/ta/socket/Android.mk2
-rw-r--r--demos/optee_test/ta/storage/Android.mk2
-rw-r--r--demos/optee_test/ta/storage2/Android.mk2
-rw-r--r--demos/optee_test/ta/storage_benchmark/Android.mk2
-rw-r--r--secureos/axg/bl32.img3
-rw-r--r--secureos/gx/bl32.img3
-rw-r--r--secureos/txlx/bl32.img3
-rwxr-xr-xta_export/scripts/sign_ta_auto.py76
19 files changed, 97 insertions, 18 deletions
diff --git a/demos/hello_world/ta/Android.mk b/demos/hello_world/ta/Android.mk
index f882e04..316d57a 100644
--- a/demos/hello_world/ta/Android.mk
+++ b/demos/hello_world/ta/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/aes_perf/Android.mk b/demos/optee_test/ta/aes_perf/Android.mk
index e93da9b..d3c0a21 100644
--- a/demos/optee_test/ta/aes_perf/Android.mk
+++ b/demos/optee_test/ta/aes_perf/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/concurrent/Android.mk b/demos/optee_test/ta/concurrent/Android.mk
index fe75f0d..6000836 100644
--- a/demos/optee_test/ta/concurrent/Android.mk
+++ b/demos/optee_test/ta/concurrent/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/concurrent_large/Android.mk b/demos/optee_test/ta/concurrent_large/Android.mk
index 2e882f1..3d5336d 100644
--- a/demos/optee_test/ta/concurrent_large/Android.mk
+++ b/demos/optee_test/ta/concurrent_large/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/create_fail_test/Android.mk b/demos/optee_test/ta/create_fail_test/Android.mk
index 447addd..e0a4d10 100644
--- a/demos/optee_test/ta/create_fail_test/Android.mk
+++ b/demos/optee_test/ta/create_fail_test/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/crypt/Android.mk b/demos/optee_test/ta/crypt/Android.mk
index 8cc2724..68ad6d2 100644
--- a/demos/optee_test/ta/crypt/Android.mk
+++ b/demos/optee_test/ta/crypt/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/os_test/Android.mk b/demos/optee_test/ta/os_test/Android.mk
index d8fe2c3..1b6d576 100644
--- a/demos/optee_test/ta/os_test/Android.mk
+++ b/demos/optee_test/ta/os_test/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/rpc_test/Android.mk b/demos/optee_test/ta/rpc_test/Android.mk
index 0d3a002..85fa3a9 100644
--- a/demos/optee_test/ta/rpc_test/Android.mk
+++ b/demos/optee_test/ta/rpc_test/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/sdp_basic/Android.mk b/demos/optee_test/ta/sdp_basic/Android.mk
index 8e1ad09..1f55352 100644
--- a/demos/optee_test/ta/sdp_basic/Android.mk
+++ b/demos/optee_test/ta/sdp_basic/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/sha_perf/Android.mk b/demos/optee_test/ta/sha_perf/Android.mk
index a7a7fb3..c6225af 100644
--- a/demos/optee_test/ta/sha_perf/Android.mk
+++ b/demos/optee_test/ta/sha_perf/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/sims/Android.mk b/demos/optee_test/ta/sims/Android.mk
index acf2b3a..e704bdb 100644
--- a/demos/optee_test/ta/sims/Android.mk
+++ b/demos/optee_test/ta/sims/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/socket/Android.mk b/demos/optee_test/ta/socket/Android.mk
index d9dc8d5..acc2f8e 100644
--- a/demos/optee_test/ta/socket/Android.mk
+++ b/demos/optee_test/ta/socket/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/storage/Android.mk b/demos/optee_test/ta/storage/Android.mk
index 22762fd..bb8e35d 100644
--- a/demos/optee_test/ta/storage/Android.mk
+++ b/demos/optee_test/ta/storage/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/storage2/Android.mk b/demos/optee_test/ta/storage2/Android.mk
index f00c1e6..e87fe9a 100644
--- a/demos/optee_test/ta/storage2/Android.mk
+++ b/demos/optee_test/ta/storage2/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/demos/optee_test/ta/storage_benchmark/Android.mk b/demos/optee_test/ta/storage_benchmark/Android.mk
index 4a7cdb4..c3c708b 100644
--- a/demos/optee_test/ta/storage_benchmark/Android.mk
+++ b/demos/optee_test/ta/storage_benchmark/Android.mk
@@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi)
ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
--ta_rsa_key=$(TA_USER_PUB_KEY) \
--uuid=$(TA_BINARY) \
diff --git a/secureos/axg/bl32.img b/secureos/axg/bl32.img
index dfa8b2d..e279447 100644
--- a/secureos/axg/bl32.img
+++ b/secureos/axg/bl32.img
@@ -1,5 +1,6 @@
e4'
-o
+o
+/fZ(R nCi_`
FOzq#
diff --git a/secureos/gx/bl32.img b/secureos/gx/bl32.img
index e51c51e..e893889 100644
--- a/secureos/gx/bl32.img
+++ b/secureos/gx/bl32.img
@@ -1,5 +1,6 @@
e4'
-o
+o
+/fZ(R nCi_`
FOzq#
diff --git a/secureos/txlx/bl32.img b/secureos/txlx/bl32.img
index 82da0dc..43e7e79 100644
--- a/secureos/txlx/bl32.img
+++ b/secureos/txlx/bl32.img
@@ -1,5 +1,6 @@
e4'
-o
+o
+/fZ(R nCi_`
FOzq#
diff --git a/ta_export/scripts/sign_ta_auto.py b/ta_export/scripts/sign_ta_auto.py
new file mode 100755
index 0000000..c4f8f34
--- a/dev/null
+++ b/ta_export/scripts/sign_ta_auto.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2016 Amlogic, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+
+def get_args():
+ from argparse import ArgumentParser
+
+ parser = ArgumentParser()
+ parser.add_argument('--in', required=True, dest='inf', help='unsigned ta file')
+ parser.add_argument('--out', type=str, default='null', help='signed ta file')
+
+ return parser.parse_args()
+
+def main():
+ import sys
+ import os
+ import logging
+ import subprocess
+
+ log = logging.getLogger("Core.Analysis.Processing")
+ INTERPRETER = "/usr/bin/python"
+
+ file_path = str(sys.path[0])
+ processor1 = file_path + "/gen_cert_key.py"
+ processor2 = file_path + "/sign_ta.py"
+ cmd1 = [INTERPRETER, processor1]
+ cmd2 = [INTERPRETER, processor2]
+
+ if not os.path.exists(INTERPRETER):
+ log.error("Cannot find INTERPRETER at path \"%s\"." % INTERPRETER)
+
+ # parse arguments
+ args = get_args()
+ if args.out == 'null':
+ args.out = args.inf
+
+ uuid = "" + args.inf.split('/')[-1]
+ uuid = uuid[:-3]
+
+ cmd1.extend(["--root_rsa_key=" + file_path + "/../keys/root_rsa_prv_key.pem"])
+ cmd1.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_pub_key.pem"])
+ cmd1.extend(["--uuid=" + uuid])
+ cmd1.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"])
+ cmd1.extend(["--root_aes_key=" + file_path + "/../keys/root_aes_key.bin"])
+ cmd1.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"])
+ cmd1.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"])
+ cmd1.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"])
+ sub = subprocess.Popen(cmd1)
+ sub.communicate()
+
+ cmd2.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_prv_key.pem"])
+ cmd2.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"])
+ cmd2.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"])
+ cmd2.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"])
+ cmd2.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"])
+ cmd2.extend(["--in=" + args.inf])
+ cmd2.extend(["--out=" + args.out])
+ sub = subprocess.Popen(cmd2)
+ sub.communicate()
+
+ os.remove(sys.path[0] + "/ta_rsa_key.sig")
+ os.remove(sys.path[0] + "/ta_aes_key_enc.bin")
+
+if __name__ == "__main__":
+ main()
generated by cgit at 2024-05-18 19:15:15 (GMT)