[PATCH 17/20] ARM: k3: Add k3img tool

[Sascha Hauer <s.hauer@pengutronix.de>]

The image format for the TI K3 SoCs is basically a x509 certificate
file. In U-Boot this image is generated with binman. This patch adds
a simple shell script using openssl directly. This is by far not so
sophisticated as the U-Boot variant, but is enough for now to get a
beagleplay up and running.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 arch/arm/mach-k3/ti-degenerate-key.pem |  10 +++
 images/Makefile.k3                     |   7 ++
 scripts/k3img                          | 160 +++++++++++++++++++++++++++++++++
 3 files changed, 177 insertions(+)

diff --git a/arch/arm/mach-k3/ti-degenerate-key.pem b/arch/arm/mach-k3/ti-degenerate-key.pem
new file mode 100644
index 0000000000..bd7d3745ad
--- /dev/null
+++ b/arch/arm/mach-k3/ti-degenerate-key.pem
@@ -0,0 +1,10 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog
+8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e
+QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB
+AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho
+k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey
+bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0
+RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR
+iCrL55cxEM146zMw3AnF
+-----END RSA PRIVATE KEY-----
diff --git a/images/Makefile.k3 b/images/Makefile.k3
index f7acd78014..f2857791c8 100644
--- a/images/Makefile.k3
+++ b/images/Makefile.k3
@@ -11,3 +11,10 @@ $(obj)/k3-am625-beagleplay.fit: $(obj)/barebox-beagleplay.img
 FILE_barebox-beagleplay-fit.img = k3-am625-beagleplay.fit
 image-$(CONFIG_MACH_BEAGLEPLAY) += barebox-beagleplay-fit.img
 
+quiet_cmd_k3_image = K3IMG   $@
+      cmd_k3_image = $(srctree)/scripts/k3img --sysfw $(SYSFW_$(@F)) \
+		--sysfwdata $(SYSFWDATA_$(@F)) --dmdata $(DMDATA_$(@F)) \
+		--key $(KEY_$(@F)) --sbl $< --out $@
+
+$(obj)/%.k3img: $(obj)/% scripts/k3img FORCE
+	$(call if_changed,k3_image)
diff --git a/scripts/k3img b/scripts/k3img
new file mode 100755
index 0000000000..5a94576275
--- /dev/null
+++ b/scripts/k3img
@@ -0,0 +1,160 @@
+#!/bin/bash
+
+TEMP=$(getopt -o '' --long 'sysfw:,sysfwdata:,dmdata:,out:,sbl:,key:' -n 'k3img' -- "$@")
+
+if [ $? -ne 0 ]; then
+	echo 'Terminating...' >&2
+	exit 1
+fi
+
+# Note the quotes around "$TEMP": they are essential!
+eval set -- "$TEMP"
+unset TEMP
+
+while true; do
+        case "$1" in
+        '--sysfw')
+		sysfw="$2"
+		shift 2
+		continue
+	;;
+        '--sysfwdata')
+		sysfwdata="$2"
+		shift 2
+		continue
+	;;
+        '--sysfw')
+		sysfw="$2"
+		shift 2
+		continue
+	;;
+        '--dmdata')
+		dmdata="$2"
+		shift 2
+		continue
+	;;
+	'--out')
+		out="$2"
+		shift 2
+		continue
+	;;
+	'--sbl')
+		sbl="$2"
+		shift 2
+		continue
+	;;
+	'--key')
+		key="$2"
+		shift 2
+		continue
+	;;
+	'--')
+		shift
+		break
+	;;
+	*)
+		echo 'Internal error!' >&2
+		echo $1 ficken
+		exit 1
+	;;
+	esac
+done
+
+shasbl=$(sha512sum $sbl | sed 's/ .*//')
+shasysfw=$(sha512sum $sysfw | sed 's/ .*//')
+shasysfwdata=$(sha512sum $sysfwdata | sed 's/ .*//')
+shadmdata=$(sha512sum $dmdata | sed 's/ .*//')
+
+sblsize=$(stat -c%s $sbl)
+sysfwsize=$(stat -c%s $sysfw)
+sysfwdatasize=$(stat -c%s $sysfwdata)
+dmdatasize=$(stat -c%s $dmdata)
+
+total=$(($sblsize + sysfwsize + $sysfwdatasize + dmdatasize))
+
+certcfg=$(mktemp k3img.XXXXXXX)
+cert=$(mktemp k3img.XXXXXXX)
+
+cat > $certcfg <<EndOfHereDocument
+[ req ]
+distinguished_name     = req_distinguished_name
+x509_extensions        = v3_ca
+prompt                 = no
+dirstring_type         = nobmp
+
+[ req_distinguished_name ]
+C                      = US
+ST                     = TX
+L                      = Dallas
+O                      = Texas Instruments Incorporated
+OU                     = Processors
+CN                     = TI Support
+emailAddress           = support@ti.com
+
+[ v3_ca ]
+basicConstraints = CA:true
+1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
+1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
+1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
+
+[swrv]
+swrv=INTEGER:1
+
+[ext_boot_info]
+extImgSize=INTEGER:$total
+numComp=INTEGER:4
+sbl=SEQUENCE:sbl
+sysfw=SEQUENCE:sysfw
+sysfw_data=SEQUENCE:sysfw_data
+
+dm_data=SEQUENCE:dm_data
+
+[sbl]
+compType = INTEGER:1
+bootCore = INTEGER:16
+compOpts = INTEGER:0
+destAddr = FORMAT:HEX,OCT:43c00000
+compSize = INTEGER:$sblsize
+shaType  = OID:2.16.840.1.101.3.4.2.3
+shaValue = FORMAT:HEX,OCT:$shasbl
+
+[sysfw]
+compType = INTEGER:2
+bootCore = INTEGER:0
+compOpts = INTEGER:0
+destAddr = FORMAT:HEX,OCT:00040000
+compSize = INTEGER:$sysfwsize
+shaType  = OID:2.16.840.1.101.3.4.2.3
+shaValue = FORMAT:HEX,OCT:$shasysfw
+
+[sysfw_data]
+compType = INTEGER:18
+bootCore = INTEGER:0
+compOpts = INTEGER:0
+destAddr = FORMAT:HEX,OCT:00067000
+compSize = INTEGER:$sysfwdatasize
+shaType  = OID:2.16.840.1.101.3.4.2.3
+shaValue = FORMAT:HEX,OCT:$shasysfwdata
+
+[ debug ]
+debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
+debugType = INTEGER:4
+coreDbgEn = INTEGER:0
+coreDbgSecEn = INTEGER:0
+
+
+
+[dm_data]
+compType = INTEGER:17
+bootCore = INTEGER:16
+compOpts = INTEGER:0
+destAddr = FORMAT:HEX,OCT:43c3a800
+compSize = INTEGER:$dmdatasize
+shaType  = OID:2.16.840.1.101.3.4.2.3
+shaValue = FORMAT:HEX,OCT:$shadmdata
+
+EndOfHereDocument
+
+openssl req -new -x509 -key $key -nodes -outform DER -out $cert -config $certcfg -sha512
+
+cat $cert $sbl $sysfw $sysfwdata $dmdata > $out

-- 
2.39.5