xref: /openbmc/phosphor-psu-code-mgmt/tools/generate-psu-tar (revision d48ae5fbcaab4e67b43f03925612ea5252569f33) 
199ac18a7SChicago Duan#!/bin/bash
299ac18a7SChicago Duanset -eo pipefail
399ac18a7SChicago Duan
499ac18a7SChicago Duanhelp=$'Generate Tarball with PSU image and MANIFEST Script
599ac18a7SChicago Duanusage: generate-psu-tar [OPTION] <parameter>...
699ac18a7SChicago DuanOptions:
7*d48ae5fbSChicago Duan   --image        <file>          PSU FW image
8*d48ae5fbSChicago Duan   --version      <version>       PSU FW version
9*d48ae5fbSChicago Duan   --model        <model>         PSU FW model
10*d48ae5fbSChicago Duan   --manufacture  <version>       PSU FW manufacture
11*d48ae5fbSChicago Duan   --machineName  <machineName>   Optionally specify the target machine name of this image.
12*d48ae5fbSChicago Duan   --outfile      <filename>      Outfile name
1399ac18a7SChicago Duan		                  For example : -o psufw.tar
1499ac18a7SChicago Duan                                  The default outfile name is image.tar,and
1599ac18a7SChicago Duan                                  "image" is what you input.
16*d48ae5fbSChicago Duan   --sign         <path>          Sign the image. The optional path argument specifies
1799ac18a7SChicago Duan                                  the private key file. Defaults to the bash variable
1899ac18a7SChicago Duan                                  PRIVATE_KEY_PATH if available, or else uses the
1999ac18a7SChicago Duan                                  open-source private key in this script.
20*d48ae5fbSChicago Duan   --help                         Display this help text and exit.
2199ac18a7SChicago Duan'
2299ac18a7SChicago Duan
2399ac18a7SChicago Duanprivate_key=$'-----BEGIN PRIVATE KEY-----
2499ac18a7SChicago DuanMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri
2599ac18a7SChicago DuanPaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B
2699ac18a7SChicago DuanzIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k
2799ac18a7SChicago DuanD4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU
2899ac18a7SChicago DuanzUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/
2999ac18a7SChicago DuannZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1
3099ac18a7SChicago Duanh6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt
3199ac18a7SChicago DuanrX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE
3299ac18a7SChicago Duanx/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5
3399ac18a7SChicago DuanDCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw
3499ac18a7SChicago DuancM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
3599ac18a7SChicago Duan5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4
3699ac18a7SChicago Duan6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
3799ac18a7SChicago DuanF0nIdUAhR0yTfKM=
3899ac18a7SChicago Duan-----END PRIVATE KEY-----
3999ac18a7SChicago Duan'
4099ac18a7SChicago Duan
4199ac18a7SChicago Duando_sign=false
4299ac18a7SChicago Duanprivate_key_path="${PRIVATE_KEY_PATH}"
4399ac18a7SChicago Duanimage=""
4499ac18a7SChicago Duanoutfile=""
4599ac18a7SChicago Duanversion=""
4699ac18a7SChicago Duanmodel=""
4799ac18a7SChicago Duanmanufacture=""
48*d48ae5fbSChicago DuanmachineName=""
4999ac18a7SChicago Duandeclare -a partitions=()
5099ac18a7SChicago Duan
5199ac18a7SChicago Duan
5299ac18a7SChicago Duanwhile [[ $# -gt 0 ]]; do
5399ac18a7SChicago Duan  key="$1"
5499ac18a7SChicago Duan  case $key in
55*d48ae5fbSChicago Duan    --image)
5699ac18a7SChicago Duan      image="$2"
5799ac18a7SChicago Duan      shift 2
5899ac18a7SChicago Duan      ;;
59*d48ae5fbSChicago Duan    --version)
6099ac18a7SChicago Duan      version="$2"
6199ac18a7SChicago Duan      shift 2
6299ac18a7SChicago Duan      ;;
63*d48ae5fbSChicago Duan    --model)
6499ac18a7SChicago Duan      model="$2"
6599ac18a7SChicago Duan      shift 2
6699ac18a7SChicago Duan      ;;
67*d48ae5fbSChicago Duan    --manufacture)
6899ac18a7SChicago Duan      manufacture="$2"
6999ac18a7SChicago Duan      shift 2
7099ac18a7SChicago Duan      ;;
71*d48ae5fbSChicago Duan    --machineName)
72*d48ae5fbSChicago Duan      machineName="$2"
73*d48ae5fbSChicago Duan      shift 2
74*d48ae5fbSChicago Duan      ;;
75*d48ae5fbSChicago Duan    --outfile)
7699ac18a7SChicago Duan      outfile="$2"
7799ac18a7SChicago Duan      shift 2
7899ac18a7SChicago Duan      ;;
79*d48ae5fbSChicago Duan    --sign)
8099ac18a7SChicago Duan      do_sign=true
8199ac18a7SChicago Duan      if [[ ! -z "${2}"  && "${2}" != -* ]]; then
8299ac18a7SChicago Duan        private_key_path="$2"
8399ac18a7SChicago Duan        shift 2
8499ac18a7SChicago Duan      else
8599ac18a7SChicago Duan        shift 1
8699ac18a7SChicago Duan      fi
8799ac18a7SChicago Duan      ;;
88*d48ae5fbSChicago Duan    --help)
8999ac18a7SChicago Duan      echo "$help"
9099ac18a7SChicago Duan      exit
9199ac18a7SChicago Duan      ;;
9299ac18a7SChicago Duan    *)
9399ac18a7SChicago Duan      echo "Please enter the correct parameters."
9499ac18a7SChicago Duan      echo "$help"
9599ac18a7SChicago Duan      exit 1
9699ac18a7SChicago Duan      ;;
9799ac18a7SChicago Duan  esac
9899ac18a7SChicago Duandone
9999ac18a7SChicago Duan
10099ac18a7SChicago Duanif [ ! -f "${image}" ]; then
10199ac18a7SChicago Duan  echo "Please enter a valid PSU FW image file."
10299ac18a7SChicago Duan  echo "$help"
10399ac18a7SChicago Duan  exit 1
10499ac18a7SChicago Duanfi
10599ac18a7SChicago Duan
10699ac18a7SChicago Duanif [  -z "${version}" ]; then
10799ac18a7SChicago Duan  echo "Please enter a valid PSU FW image version."
10899ac18a7SChicago Duan  echo "$help"
10999ac18a7SChicago Duan  exit 1
11099ac18a7SChicago Duanfi
11199ac18a7SChicago Duan
11299ac18a7SChicago Duan
11399ac18a7SChicago Duanif [  -z "${model}" ]; then
11499ac18a7SChicago Duan  echo "Please enter a valid PSU FW image model."
11599ac18a7SChicago Duan  echo "$help"
11699ac18a7SChicago Duan  exit 1
11799ac18a7SChicago Duanfi
11899ac18a7SChicago Duan
11999ac18a7SChicago Duanif [  -z "${manufacture}" ]; then
12099ac18a7SChicago Duan  echo "Please enter a valid PSU FW image manufacture."
12199ac18a7SChicago Duan  echo "$help"
12299ac18a7SChicago Duan  exit 1
12399ac18a7SChicago Duanfi
12499ac18a7SChicago Duan
12599ac18a7SChicago Duanif [  -z "${outfile}" ]; then
12699ac18a7SChicago Duan  outfile=`pwd`/$image.tar
12799ac18a7SChicago Duanelse
12899ac18a7SChicago Duan  outfile=`pwd`/$outfile
12999ac18a7SChicago Duanfi
13099ac18a7SChicago Duan
13199ac18a7SChicago Duanscratch_dir=`mktemp -d`
13299ac18a7SChicago Duantrap "{ rm -r ${scratch_dir}; }" EXIT
13399ac18a7SChicago Duan
13499ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
13599ac18a7SChicago Duan  if [[ -z "${private_key_path}" ]]; then
13699ac18a7SChicago Duan    private_key_path=${scratch_dir}/OpenBMC.priv
13799ac18a7SChicago Duan    echo "${private_key}" > "${private_key_path}"
13899ac18a7SChicago Duan    echo "Image is NOT secure!! Signing with the open private key!"
13999ac18a7SChicago Duan  else
14099ac18a7SChicago Duan    if [[ ! -f "${private_key_path}" ]]; then
14199ac18a7SChicago Duan      echo "Couldn't find private key ${private_key_path}."
14299ac18a7SChicago Duan      exit 1
14399ac18a7SChicago Duan    fi
14499ac18a7SChicago Duan
14599ac18a7SChicago Duan    echo "Signing with ${private_key_path}."
14699ac18a7SChicago Duan  fi
14799ac18a7SChicago Duan
14899ac18a7SChicago Duan  public_key_file=publickey
14999ac18a7SChicago Duan  public_key_path=${scratch_dir}/$public_key_file
15099ac18a7SChicago Duan  openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"
15199ac18a7SChicago Duan
15299ac18a7SChicago Duan  cp ${private_key_path} ${scratch_dir}/private_key
15399ac18a7SChicago Duan
15499ac18a7SChicago Duanfi
15599ac18a7SChicago Duan
15699ac18a7SChicago Duanmanifest_location="MANIFEST"
15799ac18a7SChicago Duanfiles_to_sign="$manifest_location $public_key_file $image"
15899ac18a7SChicago Duan
15999ac18a7SChicago Duancp ${image} ${scratch_dir}
16099ac18a7SChicago Duancd "${scratch_dir}"
16199ac18a7SChicago Duan
16299ac18a7SChicago Duanecho "Creating MANIFEST for the image"
16399ac18a7SChicago Duanecho -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
16499ac18a7SChicago Duanextended_version=model=$model,manufacture=$manufacture" > $manifest_location
16599ac18a7SChicago Duan
166*d48ae5fbSChicago Duanif [[ ! -z "${machineName}" ]]; then
167*d48ae5fbSChicago Duan    echo -e "MachineName=${machineName}" >> $manifest_location
168*d48ae5fbSChicago Duanfi
169*d48ae5fbSChicago Duan
17099ac18a7SChicago Duanif [[ "${do_sign}" == true ]]; then
17199ac18a7SChicago Duan  private_key_name=$(basename "${private_key_path}")
17299ac18a7SChicago Duan  key_type="${private_key_name%.*}"
17399ac18a7SChicago Duan  echo KeyType="${key_type}" >> $manifest_location
17499ac18a7SChicago Duan  echo HashType="RSA-SHA256" >> $manifest_location
17599ac18a7SChicago Duan
17699ac18a7SChicago Duan  for file in $files_to_sign; do
17799ac18a7SChicago Duan    openssl dgst -sha256 -sign private_key -out "${file}.sig" $file
17899ac18a7SChicago Duan  done
17999ac18a7SChicago Duan
18099ac18a7SChicago Duan  additional_files="*.sig"
18199ac18a7SChicago Duanfi
18299ac18a7SChicago Duan
18399ac18a7SChicago Duantar -cvf $outfile $files_to_sign $additional_files
18499ac18a7SChicago Duanecho "PSU FW tarball at $outfile"
18599ac18a7SChicago Duanexit
186