xref: /openbmc/phosphor-psu-code-mgmt/tools/generate-psu-tar (revision b58af7e4ebb87101e96455eb8cc3cc4e856a2289) 
199ac18a7SChicago Duan#!/bin/bash
299ac18a7SChicago Duanset -eo pipefail
399ac18a7SChicago Duan
4a821b890SPatrick Williamshelp=$(cat <<EOF
5a821b890SPatrick WilliamsGenerate Tarball with PSU image and MANIFEST Script
699ac18a7SChicago Duanusage: generate-psu-tar [OPTION] <parameter>...
799ac18a7SChicago DuanOptions:
8d48ae5fbSChicago Duan   --image        <file>          PSU FW image
9d48ae5fbSChicago Duan   --version      <version>       PSU FW version
10d48ae5fbSChicago Duan   --model        <model>         PSU FW model
11d48ae5fbSChicago Duan   --manufacture  <version>       PSU FW manufacture
12d48ae5fbSChicago Duan   --machineName  <machineName>   Optionally specify the target machine name of this image.
13d48ae5fbSChicago Duan   --outfile      <filename>      Outfile name
1499ac18a7SChicago Duan		                  For example : -o psufw.tar
1599ac18a7SChicago Duan                                  The default outfile name is image.tar,and
1699ac18a7SChicago Duan                                  "image" is what you input.
17d48ae5fbSChicago Duan   --sign         <path>          Sign the image. The optional path argument specifies
1899ac18a7SChicago Duan                                  the private key file. Defaults to the bash variable
1999ac18a7SChicago Duan                                  PRIVATE_KEY_PATH if available, or else uses the
2099ac18a7SChicago Duan                                  open-source private key in this script.
21d48ae5fbSChicago Duan   --help                         Display this help text and exit.
22a821b890SPatrick WilliamsEOF
23a821b890SPatrick Williams)
2499ac18a7SChicago Duan
2599ac18a7SChicago Duanprivate_key=$'-----BEGIN PRIVATE KEY-----
2699ac18a7SChicago DuanMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri
2799ac18a7SChicago DuanPaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B
2899ac18a7SChicago DuanzIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k
2999ac18a7SChicago DuanD4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU
3099ac18a7SChicago DuanzUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/
3199ac18a7SChicago DuannZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1
3299ac18a7SChicago Duanh6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt
3399ac18a7SChicago DuanrX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE
3499ac18a7SChicago Duanx/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5
3599ac18a7SChicago DuanDCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw
3699ac18a7SChicago DuancM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
3799ac18a7SChicago Duan5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4
3899ac18a7SChicago Duan6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
3999ac18a7SChicago DuanF0nIdUAhR0yTfKM=
4099ac18a7SChicago Duan-----END PRIVATE KEY-----
4199ac18a7SChicago Duan'
4299ac18a7SChicago Duan
4399ac18a7SChicago Duando_sign=false
443190547cSPatrick Williams# shellcheck disable=SC2153
4599ac18a7SChicago Duanprivate_key_path="${PRIVATE_KEY_PATH}"
4699ac18a7SChicago Duanimage=""
4799ac18a7SChicago Duanoutfile=""
4899ac18a7SChicago Duanversion=""
4999ac18a7SChicago Duanmodel=""
5099ac18a7SChicago Duanmanufacture=""
51d48ae5fbSChicago DuanmachineName=""
5299ac18a7SChicago Duan
5399ac18a7SChicago Duan
5499ac18a7SChicago Duanwhile [[ $# -gt 0 ]]; do
5599ac18a7SChicago Duan  key="$1"
5699ac18a7SChicago Duan  case $key in
57d48ae5fbSChicago Duan    --image)
5899ac18a7SChicago Duan      image="$2"
5999ac18a7SChicago Duan      shift 2
6099ac18a7SChicago Duan      ;;
61d48ae5fbSChicago Duan    --version)
6299ac18a7SChicago Duan      version="$2"
6399ac18a7SChicago Duan      shift 2
6499ac18a7SChicago Duan      ;;
65d48ae5fbSChicago Duan    --model)
6699ac18a7SChicago Duan      model="$2"
6799ac18a7SChicago Duan      shift 2
6899ac18a7SChicago Duan      ;;
69d48ae5fbSChicago Duan    --manufacture)
7099ac18a7SChicago Duan      manufacture="$2"
7199ac18a7SChicago Duan      shift 2
7299ac18a7SChicago Duan      ;;
73d48ae5fbSChicago Duan    --machineName)
74d48ae5fbSChicago Duan      machineName="$2"
75d48ae5fbSChicago Duan      shift 2
76d48ae5fbSChicago Duan      ;;
77d48ae5fbSChicago Duan    --outfile)
7899ac18a7SChicago Duan      outfile="$2"
7999ac18a7SChicago Duan      shift 2
8099ac18a7SChicago Duan      ;;
81d48ae5fbSChicago Duan    --sign)
8299ac18a7SChicago Duan      do_sign=true
833190547cSPatrick Williams      if [[ -n "${2}"  && "${2}" != -* ]]; then
8499ac18a7SChicago Duan        private_key_path="$2"
8599ac18a7SChicago Duan        shift 2
8699ac18a7SChicago Duan      else
8799ac18a7SChicago Duan        shift 1
8899ac18a7SChicago Duan      fi
8999ac18a7SChicago Duan      ;;
90d48ae5fbSChicago Duan    --help)
9199ac18a7SChicago Duan      echo "$help"
9299ac18a7SChicago Duan      exit
9399ac18a7SChicago Duan      ;;
9499ac18a7SChicago Duan    *)
9599ac18a7SChicago Duan      echo "Please enter the correct parameters."
9699ac18a7SChicago Duan      echo "$help"
9799ac18a7SChicago Duan      exit 1
9899ac18a7SChicago Duan      ;;
9999ac18a7SChicago Duan  esac
10099ac18a7SChicago Duandone
10199ac18a7SChicago Duan
10299ac18a7SChicago Duanif [ ! -f "${image}" ]; then
10399ac18a7SChicago Duan  echo "Please enter a valid PSU FW image file."
10499ac18a7SChicago Duan  echo "$help"
10599ac18a7SChicago Duan  exit 1
10699ac18a7SChicago Duanfi
10799ac18a7SChicago Duan
10899ac18a7SChicago Duanif [  -z "${version}" ]; then
10999ac18a7SChicago Duan  echo "Please enter a valid PSU FW image version."
11099ac18a7SChicago Duan  echo "$help"
11199ac18a7SChicago Duan  exit 1
11299ac18a7SChicago Duanfi
11399ac18a7SChicago Duan
11499ac18a7SChicago Duan
11599ac18a7SChicago Duanif [  -z "${model}" ]; then
11699ac18a7SChicago Duan  echo "Please enter a valid PSU FW image model."
11799ac18a7SChicago Duan  echo "$help"
11899ac18a7SChicago Duan  exit 1
11999ac18a7SChicago Duanfi
12099ac18a7SChicago Duan
12199ac18a7SChicago Duanif [  -z "${manufacture}" ]; then
12299ac18a7SChicago Duan  echo "Please enter a valid PSU FW image manufacture."
12399ac18a7SChicago Duan  echo "$help"
12499ac18a7SChicago Duan  exit 1
12599ac18a7SChicago Duanfi
12699ac18a7SChicago Duan
12799ac18a7SChicago Duanif [  -z "${outfile}" ]; then
1283190547cSPatrick Williams    outfile=$(pwd)/$image.tar
12999ac18a7SChicago Duanelse
1303190547cSPatrick Williams    outfile=$(pwd)/$outfile
13199ac18a7SChicago Duanfi
13299ac18a7SChicago Duan
1333190547cSPatrick Williamsscratch_dir=$(mktemp -d)
1343190547cSPatrick Williams# shellcheck disable=SC2064
13599ac18a7SChicago Duantrap "{ rm -r ${scratch_dir}; }" EXIT
13699ac18a7SChicago Duan
13799ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
13899ac18a7SChicago Duan  if [[ -z "${private_key_path}" ]]; then
13999ac18a7SChicago Duan    private_key_path=${scratch_dir}/OpenBMC.priv
14099ac18a7SChicago Duan    echo "${private_key}" > "${private_key_path}"
14199ac18a7SChicago Duan    echo "Image is NOT secure!! Signing with the open private key!"
14299ac18a7SChicago Duan  else
14399ac18a7SChicago Duan    if [[ ! -f "${private_key_path}" ]]; then
14499ac18a7SChicago Duan      echo "Couldn't find private key ${private_key_path}."
14599ac18a7SChicago Duan      exit 1
14699ac18a7SChicago Duan    fi
14799ac18a7SChicago Duan
14899ac18a7SChicago Duan    echo "Signing with ${private_key_path}."
14999ac18a7SChicago Duan  fi
15099ac18a7SChicago Duan
15199ac18a7SChicago Duan  public_key_file=publickey
15299ac18a7SChicago Duan  public_key_path=${scratch_dir}/$public_key_file
15399ac18a7SChicago Duan  openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"
15499ac18a7SChicago Duan
1553190547cSPatrick Williams  cp "${private_key_path}" "${scratch_dir}/private_key"
15699ac18a7SChicago Duan
15799ac18a7SChicago Duanfi
15899ac18a7SChicago Duan
15999ac18a7SChicago Duanmanifest_location="MANIFEST"
16099ac18a7SChicago Duanfiles_to_sign="$manifest_location $public_key_file $image"
16199ac18a7SChicago Duan
1623190547cSPatrick Williamscp "${image}" "${scratch_dir}"
16399ac18a7SChicago Duancd "${scratch_dir}"
16499ac18a7SChicago Duan
16599ac18a7SChicago Duanecho "Creating MANIFEST for the image"
16699ac18a7SChicago Duanecho -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
16799ac18a7SChicago Duanextended_version=model=$model,manufacture=$manufacture" > $manifest_location
16899ac18a7SChicago Duan
1693190547cSPatrick Williamsif [[ -n "${machineName}" ]]; then
170d48ae5fbSChicago Duan    echo -e "MachineName=${machineName}" >> $manifest_location
171d48ae5fbSChicago Duanfi
172d48ae5fbSChicago Duan
17399ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
17499ac18a7SChicago Duan  private_key_name=$(basename "${private_key_path}")
17599ac18a7SChicago Duan  key_type="${private_key_name%.*}"
17699ac18a7SChicago Duan  echo KeyType="${key_type}" >> $manifest_location
17799ac18a7SChicago Duan  echo HashType="RSA-SHA256" >> $manifest_location
17899ac18a7SChicago Duan
17999ac18a7SChicago Duan  for file in $files_to_sign; do
1803190547cSPatrick Williams    openssl dgst -sha256 -sign private_key -out "${file}.sig" "$file"
18199ac18a7SChicago Duan  done
18299ac18a7SChicago Duan
18399ac18a7SChicago Duan  additional_files="*.sig"
18499ac18a7SChicago Duanfi
18599ac18a7SChicago Duan
186*b58af7e4SChicago Duan# shellcheck disable=SC2086
187*b58af7e4SChicago Duan# Do not quote the files variables since they list multiple files
188*b58af7e4SChicago Duan# and tar would assume to be a single file name within quotes
189*b58af7e4SChicago Duantar -cvf $outfile $files_to_sign $additional_files
19099ac18a7SChicago Duanecho "PSU FW tarball at $outfile"
19199ac18a7SChicago Duanexit
192