-
Notifications
You must be signed in to change notification settings - Fork 27
/
bfsbkeys
executable file
·93 lines (78 loc) · 3.07 KB
/
bfsbkeys
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash -e
# Copyright (c) 2019, Mellanox Technologies
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the FreeBSD Project.
BF1_PLATFORM_ID=0x00000211
BF2_PLATFORM_ID=0x00000214
# Read chip version info from the CRSPACE
bfversion=$(bfhcafw mcra 0xf0014)
if [ "$bfversion" == $BF1_PLATFORM_ID ]; then
certversion=0
elif [ "$bfversion" == $BF2_PLATFORM_ID ]; then
certversion=1
else
echo "Unknown platform. Exiting."
exit 1
fi
TMP_DIR=$(mktemp -d)
TMP_FILE="dump"
CURRENT_BFB=$TMP_DIR/"current.bfb"
if [ -d "$TMP_DIR" ]; then
rm -rf "$TMP_DIR"
fi
# Create a temporary folder for the generated files
mkdir "$TMP_DIR"
# Identify current primary boot partition
DEV_PATH=$(mlxbf-bootctl | grep "primary" | cut -d ' ' -f 2)
# Retrieve default.bfb from the eMMC
mlxbf-bootctl -r "$DEV_PATH" -b "$CURRENT_BFB"
# Get bfb components using mlx-mkbfb
cd "$TMP_DIR"
mlx-mkbfb -x "$CURRENT_BFB"
declare -A certs=(["dump-bl2-cert-v$certversion"]="BL2 Public Key"
["dump-bl31-key-cert-v$certversion"]="BL31 Public Key"
["dump-bl33-key-cert-v$certversion"]="BL33 Public Key"
["dump-trusted-key-cert-v$certversion"]="Trusted Key")
nocert=1
for i in "${!certs[@]}"
do
if [ ! -e "$i" ]; then
continue
fi
nocert=0
echo -e "\n${certs[$i]}:"
echo -e "\n\tModulus:"
openssl x509 -in "$i" -inform der -text > $TMP_FILE
sed -e '1,/Modulus:/d' -e '/Exponent:/,$d' $TMP_FILE
echo -e "\n\tExponent:"
exp=$(sed -n -e 's/^.*Exponent: //p' $TMP_FILE | cut -d ' ' -f 1)
echo -e "\t\t $exp"
done
if [ $nocert == 1 ]; then
echo "No certificates found in boot image"
fi
# Remove temporary directory
rm -rf "$TMP_DIR"