Ejemplo n.º 1
0
def generate_master_boot_image(image_conf: click.File) -> None:
    """Generate MasterBootImage from json configuration file."""
    config_data = json.load(image_conf)
    config = elftosb_helper.MasterBootImageConfig(config_data)
    app = load_binary(config.input_image_file)
    load_addr = config.output_image_exec_address
    trustzone = _get_trustzone(config)
    image_type = _get_master_boot_image_type(config)
    dual_boot_version = config.dual_boot_version
    firmware_version = config.firmware_version

    cert_block = None
    signature_provider = None
    if MasterBootImageType.is_signed(image_type):
        cert_config = elftosb_helper.CertificateBlockConfig(config_data)
        cert_block = _get_cert_block_v31(cert_config)
        if cert_config.use_isk:
            signing_private_key_path = cert_config.isk_private_key_file
        else:
            signing_private_key_path = cert_config.main_root_private_key_file
        signature_provider = SignatureProvider.create(
            f'type=file;file_path={signing_private_key_path}')

    mbi = MasterBootImageN4Analog(app=app,
                                  load_addr=load_addr,
                                  image_type=image_type,
                                  trust_zone=trustzone,
                                  dual_boot_version=dual_boot_version,
                                  firmware_version=firmware_version,
                                  cert_block=cert_block,
                                  signature_provider=signature_provider)
    mbi_data = mbi.export()

    write_file(mbi_data, config.master_boot_output_file, mode='wb')
Ejemplo n.º 2
0
def generate_trustzone_binary(tzm_conf: click.File) -> None:
    """Generate TrustZone binary from json configuration file."""
    config_data = load_configuration(tzm_conf.name)
    check_config(config_data, TrustZone.get_validation_schemas())
    trustzone = TrustZone.from_config(config_data)
    tz_data = trustzone.export()
    output_file = config_data["tzpOutputFile"]
    write_file(tz_data, output_file, mode="wb")
    click.echo(f"Success. (Trustzone binary: {output_file} created.)")
Ejemplo n.º 3
0
def generate_trustzone_binary(tzm_conf: click.File) -> None:
    """Generate TrustZone binary from json configuration file."""
    config_data = json.load(tzm_conf)
    config = elftosb_helper.TrustZoneConfig(config_data)
    trustzone = TrustZone.custom(family=config.family,
                                 revision=config.revision,
                                 customizations=config.presets)
    tz_data = trustzone.export()
    write_file(tz_data, config.output_file, mode="wb")
Ejemplo n.º 4
0
def generate_master_boot_image(image_conf: click.File) -> None:
    """Generate MasterBootImage from json configuration file."""
    config_data = json.load(image_conf)
    config = elftosb_helper.MasterBootImageConfig(config_data)
    app = load_binary(config.input_image_file)
    load_addr = config.output_image_exec_address
    trustzone = _get_trustzone(config)
    image_type = _get_master_boot_image_type(config)
    dual_boot_version = config.dual_boot_version
    firmware_version = config.firmware_version

    cert_block = None
    signature_provider = None
    if MasterBootImageType.is_signed(image_type):
        cert_config = elftosb_helper.CertificateBlockConfig(config_data)
        root_certs = [
            load_binary(cert_file) for cert_file in cert_config.root_certs  # type: ignore
        ]
        user_data = None
        if cert_config.isk_sign_data_path:
            user_data = load_binary(cert_config.isk_sign_data_path)
        isk_private_key = None
        if cert_config.isk_private_key_file:
            isk_private_key = load_private_key(cert_config.isk_private_key_file)
            assert isinstance(isk_private_key, EllipticCurvePrivateKeyWithSerialization)

        isk_cert = None
        if cert_config.isk_certificate:
            cert_data = load_binary(cert_config.isk_certificate)
            isk_cert = ECC.import_key(cert_data)

        ca_flag = not cert_config.use_isk
        cert_block = CertBlockV3(
            root_certs=root_certs, ca_flag=ca_flag,
            used_root_cert=cert_config.main_root_cert_id, constraints=cert_config.isk_constraint,
            isk_private_key=isk_private_key, isk_cert=isk_cert,  # type: ignore
            user_data=user_data
        )
        if cert_config.use_isk:
            signing_private_key_path = cert_config.isk_private_key_file
        else:
            signing_private_key_path = cert_config.main_root_private_key_file
        signature_provider = SignatureProvider.create(f'type=file;file_path={signing_private_key_path}')

    assert config.master_boot_output_file
    mbi = MasterBootImageN4Analog(
        app=app, load_addr=load_addr, image_type=image_type,
        trust_zone=trustzone, dual_boot_version=dual_boot_version,
        firmware_version=firmware_version,
        cert_block=cert_block,
        signature_provider=signature_provider
    )
    mbi_data = mbi.export()

    write_file(mbi_data, config.master_boot_output_file, mode='wb')
Ejemplo n.º 5
0
def test_write_file(data_dir, tmpdir):
    """Test writing data to data using write_file."""
    data = load_binary(data_dir, "file.bin")
    text = load_file(data_dir, "file.txt")

    write_file(data, tmpdir, "file.bin", mode="wb")
    write_file(text, tmpdir, "file.txt")

    assert filecmp.cmp(os.path.join(data_dir, "file.bin"),
                       os.path.join(tmpdir, "file.bin"))
    assert filecmp.cmp(os.path.join(data_dir, "file.txt"),
                       os.path.join(tmpdir, "file.txt"))
Ejemplo n.º 6
0
def generate_master_boot_image(image_conf: click.File) -> None:
    """Generate MasterBootImage from json configuration file.

    :param image_conf: master boot image json configuration file.
    """
    config_data = load_configuration(image_conf.name)
    mbi_cls = get_mbi_class(config_data)
    check_config(config_data, mbi_cls.get_validation_schemas())
    mbi = mbi_cls()
    mbi.load_from_config(config_data)
    mbi_data = mbi.export()

    mbi_output_file_path = config_data["masterBootOutputFile"]
    write_file(mbi_data, mbi_output_file_path, mode="wb")

    click.echo(
        f"Success. (Master Boot Image: {mbi_output_file_path} created.)")
Ejemplo n.º 7
0
def generate_secure_binary_31(container_conf: click.File) -> None:
    """Geneate SecureBinary image from json configuration file.

    :param container_conf: configuration file
    :raises SPSDKError: Raised when there is no signing key
    """
    config_data = load_configuration(container_conf.name)
    schemas = SecureBinary31.get_validation_schemas(
        include_test_configuration=True)
    schemas.append(
        ValidationSchemas.get_schema_file(SB3_SCH_FILE)["sb3_output"])
    check_config(config_data, schemas)
    sb3 = SecureBinary31.load_from_config(config_data)
    sb3_data = sb3.export()

    sb3_output_file_path = config_data["containerOutputFile"]
    write_file(sb3_data, sb3_output_file_path, mode="wb")

    click.echo(
        f"Success. (Secure binary 3.1: {sb3_output_file_path} created.)")
Ejemplo n.º 8
0
def generate_master_boot_image(image_conf: click.File) -> None:
    """Generate MasterBootImage from json configuration file."""
    config_data = json.load(image_conf)
    config = elftosb_helper.MasterBootImageConfig(config_data)
    app = load_binary(config.input_image_file)
    load_addr = config.output_image_exec_address
    trustzone = _get_trustzone(config)
    image_type = _get_master_boot_image_type(config)
    dual_boot_version = config.dual_boot_version
    firmware_version = config.firmware_version

    assert config.master_boot_output_file
    mbi = MasterBootImageN4Analog(app=app,
                                  load_addr=load_addr,
                                  image_type=image_type,
                                  trust_zone=trustzone,
                                  dual_boot_version=dual_boot_version,
                                  firmware_version=firmware_version)
    mbi_data = mbi.export()

    write_file(mbi_data, config.master_boot_output_file, mode='wb')
Ejemplo n.º 9
0
def generate_secure_binary(container_conf: click.File) -> None:
    """Geneate SecureBinary image from json configuration file."""
    config_data = json.load(container_conf)
    config = elftosb_helper.SB31Config(config_data)
    timestamp = config.timestamp
    if timestamp is None:
        # in our case, timestamp is the number of seconds since "Jan 1, 2000"
        timestamp = int(
            (datetime.now() - datetime(2000, 1, 1)).total_seconds())
    if isinstance(timestamp, str):
        timestamp = int(timestamp, 0)

    final_data = bytes()
    assert isinstance(config.main_curve_name, str)
    # COMMANDS
    pck = None
    if config.is_encrypted:
        assert isinstance(config.container_keyblob_enc_key_path, str)
        pck = bytes.fromhex(load_text(config.container_keyblob_enc_key_path))
    sb_cmd_block = SecureBinary31Commands(
        curve_name=config.main_curve_name,
        is_encrypted=config.is_encrypted,
        kdk_access_rights=config.kdk_access_rights,
        pck=pck,
        timestamp=timestamp,
    )
    commands = elftosb_helper.get_cmd_from_json(config)
    sb_cmd_block.set_commands(commands)

    commands_data = sb_cmd_block.export()

    # CERTIFICATE BLOCK
    cert_block = _get_cert_block_v31(config)
    data_cb = cert_block.export()

    # SB FILE HEADER
    sb_header = SecureBinary31Header(firmware_version=config.firmware_version,
                                     description=config.description,
                                     curve_name=config.main_curve_name,
                                     timestamp=timestamp,
                                     is_nxp_container=config.is_nxp_container)
    sb_header.block_count = sb_cmd_block.block_count
    sb_header.image_total_length += len(sb_cmd_block.final_hash) + len(data_cb)
    # TODO: use proper signature len calculation
    sb_header.image_total_length += 2 * len(sb_cmd_block.final_hash)
    sb_header_data = sb_header.export()
    final_data += sb_header_data

    # HASH OF PREVIOUS BLOCK
    final_data += sb_cmd_block.final_hash
    final_data += data_cb

    # SIGNATURE
    assert isinstance(config.main_signing_key, str)
    private_key_data = load_binary(config.main_signing_key)
    data_to_sign = final_data
    signature = internal_backend.ecc_sign(private_key_data, data_to_sign)
    assert internal_backend.ecc_verify(private_key_data, signature,
                                       data_to_sign)
    final_data += signature
    final_data += commands_data

    write_file(final_data, config.container_output, mode='wb')