forked from cryptoadvance/specter-diy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild_firmware.sh
executable file
·67 lines (54 loc) · 2.95 KB
/
build_firmware.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
INFO="\e[1;36m"
ENDCOLOR="\e[0m"
echo -e "${INFO}
══════════════════════ Building main firmware ═════════════════════════════
${ENDCOLOR}"
make clean
make disco USE_DBOOT=1
echo -e "${INFO}
═════════════════════ Building secure bootloader ══════════════════════════
${ENDCOLOR}"
cd bootloader
make clean
make stm32f469disco READ_PROTECTION=1 WRITE_PROTECTION=1
cd -
echo -e "${INFO}
══════════════════════ Assembling final binaries ══════════════════════════
${ENDCOLOR}"
mkdir -p release
python3 ./bootloader/tools/make-initial-firmware.py -s ./bootloader/build/stm32f469disco/startup/release/startup.hex -b ./bootloader/build/stm32f469disco/bootloader/release/bootloader.hex -f ./bin/specter-diy.hex -bin ./release/initial_firmware.bin
echo -e "Initial firmware saved to release/initial_firmware.bin"
python3 ./bootloader/tools/upgrade-generator.py gen -f ./bin/specter-diy.hex -p stm32f469disco ./release/specter_upgrade.bin
cp ./release/specter_upgrade.bin ./release/specter_upgrade_unsigned.bin
echo "Unsigned upgrate file saved to release/specter_upgrade_unsigned.bin"
HASH=$(python3 ./bootloader/tools/upgrade-generator.py message ./release/specter_upgrade.bin)
echo "
╔═════════════════════════════════════════════════════════════════════════╗
║ Message to sign with vendor keys: ║
║ ║
║ ${HASH} ║
║ ║
╚═════════════════════════════════════════════════════════════════════════╝
"
echo -e "${INFO}
═════════════════════ Adding signature to the binary ══════════════════════
${ENDCOLOR}"
while true; do
echo "Provide a signature to add to the upgrade file, or just hit enter to stop."
read SIGNATURE
if [ -z $SIGNATURE ]; then
break
fi
python3 ./bootloader/tools/upgrade-generator.py import-sig -s $SIGNATURE ./release/specter_upgrade.bin
echo "Signature is added: ${SIGNATURE}"
done
echo -e "${INFO}
═════════════════════════ Hashes of the binaries: ═════════════════════════
${ENDCOLOR}"
cd release
sha256sum *.bin > sha256.txt
cat sha256.txt
echo "
Hashes saved to release/sha256.txt file.
"