From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 167EDC433EF
	for <u-boot@archiver.kernel.org>; Fri,  6 May 2022 04:39:42 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id E48C9841CF;
	Fri,  6 May 2022 06:38:35 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="WZxtrzco";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 8EC68840EC; Fri,  6 May 2022 06:38:24 +0200 (CEST)
Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id A5174840C4
 for <u-boot@lists.denx.de>; Fri,  6 May 2022 06:38:20 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=n-francis@ti.com
Received: from lelv0266.itg.ti.com ([10.180.67.225])
 by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id 2464cJBp113933
 for <u-boot@lists.denx.de>; Thu, 5 May 2022 23:38:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;
 s=ti-com-17Q1; t=1651811899;
 bh=xCwd9pPhTx5t0kbCJk54nwC3l3I8VntLFAqAkwnShNo=;
 h=From:To:CC:Subject:Date:In-Reply-To:References;
 b=WZxtrzcocXgVlzxZBbEJO7iTB76OI21Cw4jfAOK3fc3vyi7oX8jef5nzebIN1TBPa
 aRGr4wecSOrTvoSGkA5U2Jd9efsTo3e61GtRXfsAKX6ZXCZNllK68EK72t1HnBXlSv
 2Hdr4CglPc3GmyIsbOgKGQLXMHpjj8b88XBKM2oQ=
Received: from DFLE111.ent.ti.com (dfle111.ent.ti.com [10.64.6.32])
 by lelv0266.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 2464cJgG030212
 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL)
 for <u-boot@lists.denx.de>; Thu, 5 May 2022 23:38:19 -0500
Received: from DFLE115.ent.ti.com (10.64.6.36) by DFLE111.ent.ti.com
 (10.64.6.32) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14; Thu, 5
 May 2022 23:38:18 -0500
Received: from lelv0326.itg.ti.com (10.180.67.84) by DFLE115.ent.ti.com
 (10.64.6.36) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14 via
 Frontend Transport; Thu, 5 May 2022 23:38:18 -0500
Received: from ula0497641.india.ti.com (ileax41-snat.itg.ti.com
 [10.172.224.153])
 by lelv0326.itg.ti.com (8.15.2/8.15.2) with ESMTP id 2464bxmS032170;
 Thu, 5 May 2022 23:38:17 -0500
From: Neha Malcom Francis <n-francis@ti.com>
To: <u-boot@lists.denx.de>
CC: <n-francis@ti.com>
Subject: [PATCH RFC v2 09/11] ti: x509: Remove shell script used for signing
Date: Fri, 6 May 2022 10:07:57 +0530
Message-ID: <20220506043759.8193-10-n-francis@ti.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220506043759.8193-1-n-francis@ti.com>
References: <20220506043759.8193-1-n-francis@ti.com>
MIME-Version: 1.0
Content-Type: text/plain
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

Earlier the k3_gen_x509_cert.sh was used for signing binaries with the
x509 certificate for Texas Instruments K3 architecture devices. Since
the signing process is handled by x509 etype now, there is no more
requirement for this script, hence removing it.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
---
 tools/k3_gen_x509_cert.sh | 252 --------------------------------------
 1 file changed, 252 deletions(-)
 delete mode 100755 tools/k3_gen_x509_cert.sh

diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh
deleted file mode 100755
index b6ef5a2de3..0000000000
--- a/tools/k3_gen_x509_cert.sh
+++ /dev/null
@@ -1,252 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: GPL-2.0+ OR BSD-3-Clause
-#
-# Script to add K3 specific x509 cetificate to a binary.
-#
-
-# Variables
-OUTPUT=tiboot3.bin
-TEMP_X509=x509-temp.cert
-CERT=certificate.bin
-RAND_KEY=eckey.pem
-LOADADDR=0x41c00000
-BOOTCORE_OPTS=0
-BOOTCORE=16
-DEBUG_TYPE=0
-
-gen_degen_template() {
-cat << 'EOF' > degen-template.txt
-
-asn1=SEQUENCE:rsa_key
-
-[rsa_key]
-version=INTEGER:0
-modulus=INTEGER:0xDEGEN_MODULUS
-pubExp=INTEGER:1
-privExp=INTEGER:1
-p=INTEGER:0xDEGEN_P
-q=INTEGER:0xDEGEN_Q
-e1=INTEGER:1
-e2=INTEGER:1
-coeff=INTEGER:0xDEGEN_COEFF
-EOF
-}
-
-# Generate x509 Template
-gen_template() {
-cat << 'EOF' > x509-template.txt
- [ req ]
- distinguished_name     = req_distinguished_name
- x509_extensions        = v3_ca
- prompt                 = no
- dirstring_type         = nobmp
-
- [ req_distinguished_name ]
- C                      = US
- ST                     = TX
- L                      = Dallas
- O                      = Texas Instruments Incorporated
- OU                     = Processors
- CN                     = TI support
- emailAddress           = support@ti.com
-
- [ v3_ca ]
- basicConstraints = CA:true
- 1.3.6.1.4.1.294.1.1 = ASN1:SEQUENCE:boot_seq
- 1.3.6.1.4.1.294.1.2 = ASN1:SEQUENCE:image_integrity
- 1.3.6.1.4.1.294.1.3 = ASN1:SEQUENCE:swrv
-# 1.3.6.1.4.1.294.1.4 = ASN1:SEQUENCE:encryption
- 1.3.6.1.4.1.294.1.8 = ASN1:SEQUENCE:debug
-
- [ boot_seq ]
- certType = INTEGER:TEST_CERT_TYPE
- bootCore = INTEGER:TEST_BOOT_CORE
- bootCoreOpts = INTEGER:TEST_BOOT_CORE_OPTS
- destAddr = FORMAT:HEX,OCT:TEST_BOOT_ADDR
- imageSize = INTEGER:TEST_IMAGE_LENGTH
-
- [ image_integrity ]
- shaType = OID:2.16.840.1.101.3.4.2.3
- shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL
-
- [ swrv ]
- swrv = INTEGER:0
-
-# [ encryption ]
-# initalVector = FORMAT:HEX,OCT:TEST_IMAGE_ENC_IV
-# randomString = FORMAT:HEX,OCT:TEST_IMAGE_ENC_RS
-# iterationCnt = INTEGER:TEST_IMAGE_KEY_DERIVE_INDEX
-# salt = FORMAT:HEX,OCT:TEST_IMAGE_KEY_DERIVE_SALT
-
- [ debug ]
- debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
- debugType = INTEGER:TEST_DEBUG_TYPE
- coreDbgEn = INTEGER:0
- coreDbgSecEn = INTEGER:0
-EOF
-}
-
-parse_key() {
-	sed '/\ \ \ \ /s/://g' key.txt | awk  '!/\ \ \ \ / {printf("\n%s\n", $0)}; /\ \ \ \ / {printf("%s", $0)}' | sed 's/\ \ \ \ //g' | awk "/$1:/{getline; print}"
-}
-
-gen_degen_key() {
-# Generate a 4096 bit RSA Key
-	openssl genrsa -out key.pem 1024 >>/dev/null 2>&1
-	openssl rsa -in key.pem -text -out key.txt >>/dev/null 2>&1
-	DEGEN_MODULUS=$( parse_key 'modulus' )
-	DEGEN_P=$( parse_key 'prime1' )
-	DEGEN_Q=$( parse_key 'prime2' )
-	DEGEN_COEFF=$( parse_key 'coefficient' )
-	gen_degen_template
-
-	sed -e "s/DEGEN_MODULUS/$DEGEN_MODULUS/"\
-		-e "s/DEGEN_P/$DEGEN_P/" \
-		-e "s/DEGEN_Q/$DEGEN_Q/" \
-		-e "s/DEGEN_COEFF/$DEGEN_COEFF/" \
-		 degen-template.txt > degenerateKey.txt
-
-	openssl asn1parse -genconf degenerateKey.txt -out degenerateKey.der >>/dev/null 2>&1
-	openssl rsa -in degenerateKey.der -inform DER -outform PEM -out $RAND_KEY >>/dev/null 2>&1
-	KEY=$RAND_KEY
-	#rm key.pem key.txt degen-template.txt degenerateKey.txt degenerateKey.der
-}
-
-declare -A options_help
-usage() {
-	if [ -n "$*" ]; then
-		echo "ERROR: $*"
-	fi
-	echo -n "Usage: $0 "
-	for option in "${!options_help[@]}"
-	do
-		arg=`echo ${options_help[$option]}|cut -d ':' -f1`
-		if [ -n "$arg" ]; then
-			arg=" $arg"
-		fi
-		echo -n "[-$option$arg] "
-	done
-	echo
-	echo -e "\nWhere:"
-	for option in "${!options_help[@]}"
-	do
-		arg=`echo ${options_help[$option]}|cut -d ':' -f1`
-		txt=`echo ${options_help[$option]}|cut -d ':' -f2`
-		tb="\t\t\t"
-		if [ -n "$arg" ]; then
-			arg=" $arg"
-			tb="\t"
-		fi
-		echo -e "   -$option$arg:$tb$txt"
-	done
-	echo
-	echo "Examples of usage:-"
-	echo "# Example of signing the SYSFW binary with rsa degenerate key"
-	echo "    $0 -c 0 -b ti-sci-firmware-am6x.bin -o sysfw.bin -l 0x40000"
-	echo "# Example of signing the SPL binary with rsa degenerate key"
-	echo "    $0 -c 16 -b spl/u-boot-spl.bin -o tiboot3.bin -l 0x41c00000"
-}
-
-options_help[b]="bin_file:Bin file that needs to be signed"
-options_help[k]="key_file:file with key inside it. If not provided script generates a rsa degenerate key."
-options_help[o]="output_file:Name of the final output file. default to $OUTPUT"
-options_help[c]="core_id:target core id on which the image would be running. Default to $BOOTCORE"
-options_help[l]="loadaddr: Target load address of the binary in hex. Default to $LOADADDR"
-options_help[d]="debug_type: Debug type, set to 4 to enable early JTAG. Default to $DEBUG_TYPE"
-
-while getopts "b:k:o:c:l:d:h" opt
-do
-	case $opt in
-	b)
-		BIN=$OPTARG
-	;;
-	k)
-		KEY=$OPTARG
-	;;
-	o)
-		OUTPUT=$OPTARG
-	;;
-	l)
-		LOADADDR=$OPTARG
-	;;
-	c)
-		BOOTCORE=$OPTARG
-	;;
-	d)
-		DEBUG_TYPE=$OPTARG
-	;;
-	h)
-		usage
-		exit 0
-	;;
-	\?)
-		usage "Invalid Option '-$OPTARG'"
-		exit 1
-	;;
-	:)
-		usage "Option '-$OPTARG' Needs an argument."
-		exit 1
-	;;
-	esac
-done
-
-if [ "$#" -eq 0 ]; then
-	usage "Arguments missing"
-	exit 1
-fi
-
-if [ -z "$BIN" ]; then
-	usage "Bin file missing in arguments"
-	exit 1
-fi
-
-# Generate rsa degenerate key if user doesn't provide a key
-if [ -z "$KEY" ]; then
-	gen_degen_key
-fi
-
-if [ $BOOTCORE == 0 ]; then	# BOOTCORE M3, loaded by ROM
-	CERTTYPE=2
-elif [ $BOOTCORE == 16 ]; then	# BOOTCORE R5, loaded by ROM
-	CERTTYPE=1
-else				# Non BOOTCORE, loaded by SYSFW
-	BOOTCORE_OPTS_VER=$(printf "%01x" 1)
-	# Add input args option for SET and CLR flags.
-	BOOTCORE_OPTS_SETFLAG=$(printf "%08x" 0)
-	BOOTCORE_OPTS_CLRFLAG=$(printf "%08x" 0x100) # Clear FLAG_ARMV8_AARCH32
-	BOOTCORE_OPTS="0x$BOOTCORE_OPTS_VER$BOOTCORE_OPTS_SETFLAG$BOOTCORE_OPTS_CLRFLAG"
-	# Set the cert type to zero.
-	# We are not using public/private key store now
-	CERTTYPE=$(printf "0x%08x" 0)
-fi
-
-SHA_VAL=`openssl dgst -sha512 -hex $BIN | sed -e "s/^.*= //g"`
-BIN_SIZE=`cat $BIN | wc -c`
-ADDR=`printf "%08x" $LOADADDR`
-
-gen_cert() {
-	#echo "Certificate being generated :"
-	#echo "	LOADADDR = 0x$ADDR"
-	#echo "	IMAGE_SIZE = $BIN_SIZE"
-	#echo "	CERT_TYPE = $CERTTYPE"
-	#echo "	DEBUG_TYPE = $DEBUG_TYPE"
-	sed -e "s/TEST_IMAGE_LENGTH/$BIN_SIZE/"	\
-		-e "s/TEST_IMAGE_SHA_VAL/$SHA_VAL/" \
-		-e "s/TEST_CERT_TYPE/$CERTTYPE/" \
-		-e "s/TEST_BOOT_CORE_OPTS/$BOOTCORE_OPTS/" \
-		-e "s/TEST_BOOT_CORE/$BOOTCORE/" \
-		-e "s/TEST_BOOT_ADDR/$ADDR/" \
-		-e "s/TEST_DEBUG_TYPE/$DEBUG_TYPE/" \
-		x509-template.txt > $TEMP_X509
-	openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config $TEMP_X509 -sha512
-}
-
-gen_template
-gen_cert
-cat $CERT $BIN > $OUTPUT
-
-# Remove all intermediate files
-#rm $TEMP_X509 $CERT x509-template.txt
-#if [ "$KEY" == "$RAND_KEY" ]; then
-#	rm $RAND_KEY
-#fi
-- 
2.17.1