author | Pengguang Zhu <pengguang.zhu@amlogic.com> | 2017-11-16 08:55:55 (GMT) |
---|---|---|
committer | Pengguang Zhu <pengguang.zhu@amlogic.com> | 2017-11-16 11:06:07 (GMT) |
commit | 78c395931798d5919be8f10100b519a63e8bae0d (patch) | |
tree | a3775c02047f2c49e08cd09e4b8b3d4fa0316335 | |
parent | 62f09488d2008db397eb906965182d6cc9b9651a (diff) | |
download | tdk-78c395931798d5919be8f10100b519a63e8bae0d.zip tdk-78c395931798d5919be8f10100b519a63e8bae0d.tar.gz tdk-78c395931798d5919be8f10100b519a63e8bae0d.tar.bz2 |
update bl32.img and Makefile
1. pack rsa key default
2. add sign_ta_auto.py, using default key
3. sign TA default
Change-Id: Ie52522556ae41d54e80541af9b459781e2b28c8b
Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
-rw-r--r-- | demos/hello_world/ta/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/aes_perf/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/concurrent/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/concurrent_large/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/create_fail_test/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/crypt/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/os_test/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/rpc_test/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/sdp_basic/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/sha_perf/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/sims/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/socket/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/storage/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/storage2/Android.mk | 2 | ||||
-rw-r--r-- | demos/optee_test/ta/storage_benchmark/Android.mk | 2 | ||||
-rw-r--r-- | secureos/axg/bl32.img | 3 | ||||
-rw-r--r-- | secureos/gx/bl32.img | 3 | ||||
-rw-r--r-- | secureos/txlx/bl32.img | 3 | ||||
-rwxr-xr-x | ta_export/scripts/sign_ta_auto.py | 76 |
19 files changed, 97 insertions, 18 deletions
diff --git a/demos/hello_world/ta/Android.mk b/demos/hello_world/ta/Android.mk index f882e04..316d57a 100644 --- a/demos/hello_world/ta/Android.mk +++ b/demos/hello_world/ta/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/aes_perf/Android.mk b/demos/optee_test/ta/aes_perf/Android.mk index e93da9b..d3c0a21 100644 --- a/demos/optee_test/ta/aes_perf/Android.mk +++ b/demos/optee_test/ta/aes_perf/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/concurrent/Android.mk b/demos/optee_test/ta/concurrent/Android.mk index fe75f0d..6000836 100644 --- a/demos/optee_test/ta/concurrent/Android.mk +++ b/demos/optee_test/ta/concurrent/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/concurrent_large/Android.mk b/demos/optee_test/ta/concurrent_large/Android.mk index 2e882f1..3d5336d 100644 --- a/demos/optee_test/ta/concurrent_large/Android.mk +++ b/demos/optee_test/ta/concurrent_large/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/create_fail_test/Android.mk b/demos/optee_test/ta/create_fail_test/Android.mk index 447addd..e0a4d10 100644 --- a/demos/optee_test/ta/create_fail_test/Android.mk +++ b/demos/optee_test/ta/create_fail_test/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/crypt/Android.mk b/demos/optee_test/ta/crypt/Android.mk index 8cc2724..68ad6d2 100644 --- a/demos/optee_test/ta/crypt/Android.mk +++ b/demos/optee_test/ta/crypt/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/os_test/Android.mk b/demos/optee_test/ta/os_test/Android.mk index d8fe2c3..1b6d576 100644 --- a/demos/optee_test/ta/os_test/Android.mk +++ b/demos/optee_test/ta/os_test/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/rpc_test/Android.mk b/demos/optee_test/ta/rpc_test/Android.mk index 0d3a002..85fa3a9 100644 --- a/demos/optee_test/ta/rpc_test/Android.mk +++ b/demos/optee_test/ta/rpc_test/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/sdp_basic/Android.mk b/demos/optee_test/ta/sdp_basic/Android.mk index 8e1ad09..1f55352 100644 --- a/demos/optee_test/ta/sdp_basic/Android.mk +++ b/demos/optee_test/ta/sdp_basic/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/sha_perf/Android.mk b/demos/optee_test/ta/sha_perf/Android.mk index a7a7fb3..c6225af 100644 --- a/demos/optee_test/ta/sha_perf/Android.mk +++ b/demos/optee_test/ta/sha_perf/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/sims/Android.mk b/demos/optee_test/ta/sims/Android.mk index acf2b3a..e704bdb 100644 --- a/demos/optee_test/ta/sims/Android.mk +++ b/demos/optee_test/ta/sims/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/socket/Android.mk b/demos/optee_test/ta/socket/Android.mk index d9dc8d5..acc2f8e 100644 --- a/demos/optee_test/ta/socket/Android.mk +++ b/demos/optee_test/ta/socket/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/storage/Android.mk b/demos/optee_test/ta/storage/Android.mk index 22762fd..bb8e35d 100644 --- a/demos/optee_test/ta/storage/Android.mk +++ b/demos/optee_test/ta/storage/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/storage2/Android.mk b/demos/optee_test/ta/storage2/Android.mk index f00c1e6..e87fe9a 100644 --- a/demos/optee_test/ta/storage2/Android.mk +++ b/demos/optee_test/ta/storage2/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/demos/optee_test/ta/storage_benchmark/Android.mk b/demos/optee_test/ta/storage_benchmark/Android.mk index 4a7cdb4..c3c708b 100644 --- a/demos/optee_test/ta/storage_benchmark/Android.mk +++ b/demos/optee_test/ta/storage_benchmark/Android.mk @@ -13,7 +13,7 @@ $(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi) ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta -ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY), true) +ifeq ($(TARGET_ENABLE_TA_SIGN), true) $(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \ --ta_rsa_key=$(TA_USER_PUB_KEY) \ --uuid=$(TA_BINARY) \ diff --git a/secureos/axg/bl32.img b/secureos/axg/bl32.img index dfa8b2d..e279447 100644 --- a/secureos/axg/bl32.img +++ b/secureos/axg/bl32.img @@ -1,5 +1,6 @@ e4' -o +o +/fZ(RnCi_` FOzq# diff --git a/secureos/gx/bl32.img b/secureos/gx/bl32.img index e51c51e..e893889 100644 --- a/secureos/gx/bl32.img +++ b/secureos/gx/bl32.img @@ -1,5 +1,6 @@ e4' -o +o +/fZ(RnCi_` FOzq# diff --git a/secureos/txlx/bl32.img b/secureos/txlx/bl32.img index 82da0dc..43e7e79 100644 --- a/secureos/txlx/bl32.img +++ b/secureos/txlx/bl32.img @@ -1,5 +1,6 @@ e4' -o +o +/fZ(RnCi_` FOzq# diff --git a/ta_export/scripts/sign_ta_auto.py b/ta_export/scripts/sign_ta_auto.py new file mode 100755 index 0000000..c4f8f34 --- a/dev/null +++ b/ta_export/scripts/sign_ta_auto.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python +# +# Copyright (C) 2016 Amlogic, Inc. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# + +def get_args(): + from argparse import ArgumentParser + + parser = ArgumentParser() + parser.add_argument('--in', required=True, dest='inf', help='unsigned ta file') + parser.add_argument('--out', type=str, default='null', help='signed ta file') + + return parser.parse_args() + +def main(): + import sys + import os + import logging + import subprocess + + log = logging.getLogger("Core.Analysis.Processing") + INTERPRETER = "/usr/bin/python" + + file_path = str(sys.path[0]) + processor1 = file_path + "/gen_cert_key.py" + processor2 = file_path + "/sign_ta.py" + cmd1 = [INTERPRETER, processor1] + cmd2 = [INTERPRETER, processor2] + + if not os.path.exists(INTERPRETER): + log.error("Cannot find INTERPRETER at path \"%s\"." % INTERPRETER) + + # parse arguments + args = get_args() + if args.out == 'null': + args.out = args.inf + + uuid = "" + args.inf.split('/')[-1] + uuid = uuid[:-3] + + cmd1.extend(["--root_rsa_key=" + file_path + "/../keys/root_rsa_prv_key.pem"]) + cmd1.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_pub_key.pem"]) + cmd1.extend(["--uuid=" + uuid]) + cmd1.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"]) + cmd1.extend(["--root_aes_key=" + file_path + "/../keys/root_aes_key.bin"]) + cmd1.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"]) + cmd1.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"]) + cmd1.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"]) + sub = subprocess.Popen(cmd1) + sub.communicate() + + cmd2.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_prv_key.pem"]) + cmd2.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"]) + cmd2.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"]) + cmd2.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"]) + cmd2.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"]) + cmd2.extend(["--in=" + args.inf]) + cmd2.extend(["--out=" + args.out]) + sub = subprocess.Popen(cmd2) + sub.communicate() + + os.remove(sys.path[0] + "/ta_rsa_key.sig") + os.remove(sys.path[0] + "/ta_aes_key_enc.bin") + +if __name__ == "__main__": + main() |