xref: /openbmc/phosphor-psu-code-mgmt/tools/generate-psu-tar (revision 99ac18a7cb8b0077d0ecac54f126e01c1ae17543) 
1*99ac18a7SChicago Duan#!/bin/bash
2*99ac18a7SChicago Duanset -eo pipefail
3*99ac18a7SChicago Duan
4*99ac18a7SChicago Duanhelp=$'Generate Tarball with PSU image and MANIFEST Script
5*99ac18a7SChicago Duanusage: generate-psu-tar [OPTION] <parameter>...
6*99ac18a7SChicago DuanOptions:
7*99ac18a7SChicago Duan   -i,     --image        <file>      PSU FW image
8*99ac18a7SChicago Duan   -v,     --version      <version>   PSU FW version
9*99ac18a7SChicago Duan   -model, --model        <model>     PSU FW model
10*99ac18a7SChicago Duan   -mf,    --manufacture  <version>   PSU FW manufacture
11*99ac18a7SChicago Duan   -o,     --outfile      <filename>  Outfile name
12*99ac18a7SChicago Duan			              For example : -o psufw.tar
13*99ac18a7SChicago Duan                                      The default outfile name is image.tar,and
14*99ac18a7SChicago Duan                                      "image" is what you input.
15*99ac18a7SChicago Duan   -s,     --sign         <path>      Sign the image. The optional path argument specifies
16*99ac18a7SChicago Duan                                      the private key file. Defaults to the bash variable
17*99ac18a7SChicago Duan                                      PRIVATE_KEY_PATH if available, or else uses the
18*99ac18a7SChicago Duan                                      open-source private key in this script.
19*99ac18a7SChicago Duan   -h,     --help                     Display this help text and exit.
20*99ac18a7SChicago Duan'
21*99ac18a7SChicago Duan
22*99ac18a7SChicago Duanprivate_key=$'-----BEGIN PRIVATE KEY-----
23*99ac18a7SChicago DuanMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri
24*99ac18a7SChicago DuanPaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B
25*99ac18a7SChicago DuanzIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k
26*99ac18a7SChicago DuanD4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU
27*99ac18a7SChicago DuanzUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/
28*99ac18a7SChicago DuannZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1
29*99ac18a7SChicago Duanh6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt
30*99ac18a7SChicago DuanrX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE
31*99ac18a7SChicago Duanx/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5
32*99ac18a7SChicago DuanDCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw
33*99ac18a7SChicago DuancM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
34*99ac18a7SChicago Duan5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4
35*99ac18a7SChicago Duan6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
36*99ac18a7SChicago DuanF0nIdUAhR0yTfKM=
37*99ac18a7SChicago Duan-----END PRIVATE KEY-----
38*99ac18a7SChicago Duan'
39*99ac18a7SChicago Duan
40*99ac18a7SChicago Duando_sign=false
41*99ac18a7SChicago Duanprivate_key_path="${PRIVATE_KEY_PATH}"
42*99ac18a7SChicago Duanimage=""
43*99ac18a7SChicago Duanoutfile=""
44*99ac18a7SChicago Duanversion=""
45*99ac18a7SChicago Duanmodel=""
46*99ac18a7SChicago Duanmanufacture=""
47*99ac18a7SChicago Duandeclare -a partitions=()
48*99ac18a7SChicago Duan
49*99ac18a7SChicago Duan
50*99ac18a7SChicago Duanwhile [[ $# -gt 0 ]]; do
51*99ac18a7SChicago Duan  key="$1"
52*99ac18a7SChicago Duan  case $key in
53*99ac18a7SChicago Duan    -i|--image)
54*99ac18a7SChicago Duan      image="$2"
55*99ac18a7SChicago Duan      shift 2
56*99ac18a7SChicago Duan      ;;
57*99ac18a7SChicago Duan    -v|--version)
58*99ac18a7SChicago Duan      version="$2"
59*99ac18a7SChicago Duan      shift 2
60*99ac18a7SChicago Duan      ;;
61*99ac18a7SChicago Duan    -model|--model)
62*99ac18a7SChicago Duan      model="$2"
63*99ac18a7SChicago Duan      shift 2
64*99ac18a7SChicago Duan      ;;
65*99ac18a7SChicago Duan    -mf|--manufacture)
66*99ac18a7SChicago Duan      manufacture="$2"
67*99ac18a7SChicago Duan      shift 2
68*99ac18a7SChicago Duan      ;;
69*99ac18a7SChicago Duan    -o|--outfile)
70*99ac18a7SChicago Duan      outfile="$2"
71*99ac18a7SChicago Duan      shift 2
72*99ac18a7SChicago Duan      ;;
73*99ac18a7SChicago Duan    -s|--sign)
74*99ac18a7SChicago Duan      do_sign=true
75*99ac18a7SChicago Duan      if [[ ! -z "${2}"  && "${2}" != -* ]]; then
76*99ac18a7SChicago Duan        private_key_path="$2"
77*99ac18a7SChicago Duan        shift 2
78*99ac18a7SChicago Duan      else
79*99ac18a7SChicago Duan        shift 1
80*99ac18a7SChicago Duan      fi
81*99ac18a7SChicago Duan      ;;
82*99ac18a7SChicago Duan    -h|--help)
83*99ac18a7SChicago Duan      echo "$help"
84*99ac18a7SChicago Duan      exit
85*99ac18a7SChicago Duan      ;;
86*99ac18a7SChicago Duan    *)
87*99ac18a7SChicago Duan      echo "Please enter the correct parameters."
88*99ac18a7SChicago Duan      echo "$help"
89*99ac18a7SChicago Duan      exit 1
90*99ac18a7SChicago Duan      ;;
91*99ac18a7SChicago Duan  esac
92*99ac18a7SChicago Duandone
93*99ac18a7SChicago Duan
94*99ac18a7SChicago Duanif [ ! -f "${image}" ]; then
95*99ac18a7SChicago Duan  echo "Please enter a valid PSU FW image file."
96*99ac18a7SChicago Duan  echo "$help"
97*99ac18a7SChicago Duan  exit 1
98*99ac18a7SChicago Duanfi
99*99ac18a7SChicago Duan
100*99ac18a7SChicago Duanif [  -z "${version}" ]; then
101*99ac18a7SChicago Duan  echo "Please enter a valid PSU FW image version."
102*99ac18a7SChicago Duan  echo "$help"
103*99ac18a7SChicago Duan  exit 1
104*99ac18a7SChicago Duanfi
105*99ac18a7SChicago Duan
106*99ac18a7SChicago Duan
107*99ac18a7SChicago Duanif [  -z "${model}" ]; then
108*99ac18a7SChicago Duan  echo "Please enter a valid PSU FW image model."
109*99ac18a7SChicago Duan  echo "$help"
110*99ac18a7SChicago Duan  exit 1
111*99ac18a7SChicago Duanfi
112*99ac18a7SChicago Duan
113*99ac18a7SChicago Duanif [  -z "${manufacture}" ]; then
114*99ac18a7SChicago Duan  echo "Please enter a valid PSU FW image manufacture."
115*99ac18a7SChicago Duan  echo "$help"
116*99ac18a7SChicago Duan  exit 1
117*99ac18a7SChicago Duanfi
118*99ac18a7SChicago Duan
119*99ac18a7SChicago Duanif [  -z "${outfile}" ]; then
120*99ac18a7SChicago Duan  outfile=`pwd`/$image.tar
121*99ac18a7SChicago Duanelse
122*99ac18a7SChicago Duan  outfile=`pwd`/$outfile
123*99ac18a7SChicago Duanfi
124*99ac18a7SChicago Duan
125*99ac18a7SChicago Duanscratch_dir=`mktemp -d`
126*99ac18a7SChicago Duantrap "{ rm -r ${scratch_dir}; }" EXIT
127*99ac18a7SChicago Duan
128*99ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
129*99ac18a7SChicago Duan  if [[ -z "${private_key_path}" ]]; then
130*99ac18a7SChicago Duan    private_key_path=${scratch_dir}/OpenBMC.priv
131*99ac18a7SChicago Duan    echo "${private_key}" > "${private_key_path}"
132*99ac18a7SChicago Duan    echo "Image is NOT secure!! Signing with the open private key!"
133*99ac18a7SChicago Duan  else
134*99ac18a7SChicago Duan    if [[ ! -f "${private_key_path}" ]]; then
135*99ac18a7SChicago Duan      echo "Couldn't find private key ${private_key_path}."
136*99ac18a7SChicago Duan      exit 1
137*99ac18a7SChicago Duan    fi
138*99ac18a7SChicago Duan
139*99ac18a7SChicago Duan    echo "Signing with ${private_key_path}."
140*99ac18a7SChicago Duan  fi
141*99ac18a7SChicago Duan
142*99ac18a7SChicago Duan  public_key_file=publickey
143*99ac18a7SChicago Duan  public_key_path=${scratch_dir}/$public_key_file
144*99ac18a7SChicago Duan  openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"
145*99ac18a7SChicago Duan
146*99ac18a7SChicago Duan  cp ${private_key_path} ${scratch_dir}/private_key
147*99ac18a7SChicago Duan
148*99ac18a7SChicago Duanfi
149*99ac18a7SChicago Duan
150*99ac18a7SChicago Duanmanifest_location="MANIFEST"
151*99ac18a7SChicago Duanfiles_to_sign="$manifest_location $public_key_file $image"
152*99ac18a7SChicago Duan
153*99ac18a7SChicago Duancp ${image} ${scratch_dir}
154*99ac18a7SChicago Duancd "${scratch_dir}"
155*99ac18a7SChicago Duan
156*99ac18a7SChicago Duanecho "Creating MANIFEST for the image"
157*99ac18a7SChicago Duanecho -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
158*99ac18a7SChicago Duanextended_version=model=$model,manufacture=$manufacture" > $manifest_location
159*99ac18a7SChicago Duan
160*99ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
161*99ac18a7SChicago Duan  private_key_name=$(basename "${private_key_path}")
162*99ac18a7SChicago Duan  key_type="${private_key_name%.*}"
163*99ac18a7SChicago Duan  echo KeyType="${key_type}" >> $manifest_location
164*99ac18a7SChicago Duan  echo HashType="RSA-SHA256" >> $manifest_location
165*99ac18a7SChicago Duan
166*99ac18a7SChicago Duan  for file in $files_to_sign; do
167*99ac18a7SChicago Duan    openssl dgst -sha256 -sign private_key -out "${file}.sig" $file
168*99ac18a7SChicago Duan  done
169*99ac18a7SChicago Duan
170*99ac18a7SChicago Duan  additional_files="*.sig"
171*99ac18a7SChicago Duanfi
172*99ac18a7SChicago Duan
173*99ac18a7SChicago Duantar -cvf $outfile $files_to_sign $additional_files
174*99ac18a7SChicago Duanecho "PSU FW tarball at $outfile"
175*99ac18a7SChicago Duanexit
176