def main(args, return_isc=False): """Parses the command line arguments, performs any basic operations based on the parsed arguments and starts processing using the isc module. """ # Log to file flids = logger.log_to_file(SECIMAGE_TOOL_NAME, args.output_dir) # Print the tool's launch command logger.debug('\n\n SecImage launched as: "' + ' '.join(sys.argv) + '"\n') # Initialize SecImageCore isc = SecImageCore(debug=args.debug) # Configure image signer if args.image_file or ( args.meta_build and not SecImageCore.meta_supports_sign_id(args.meta_build)): if args.chipset: isc.set_chipset(args.chipset, args._c_overrides) elif args.config_path: isc.set_config_path(args.config_path, args._c_overrides) # Set the input if args.image_file: isc.set_image_path(args.image_file, args.sign_id) elif args.meta_build: isc.set_meta_build_path(args.meta_build, [] if args.sign_id is None else [args.sign_id]) # Set the output if args.mini_build: isc.mini_build_path = args.mini_build elif args.output_dir: isc.output_dir = args.output_dir # Process the images isc.process(verify_setup=args.verify_inputs, integrity_check=args.integrity_check, sign=args.sign, encrypt=args.encrypt, decrypt=args.decrypt, val_image=args.validate, val_integrity_check=args.validate, val_sign=args.validate, val_encrypt=args.validate, root_cert_hash=args.rch) # Print the summary print_summary(args, isc.image_info_list) # Clear all log handlers logger.removeFileLogger(flids) if return_isc: return isc else: return isc.image_info_list
def main(args): """Parses the command line arguments, performs any basic operations based on the parsed arguments and starts processing using the isc module. """ # Log to file log_to_file(args.output_dir) # Print the tool's launch command logger.debug('\n\n SecImage launched as: "' + ' '.join(sys.argv) + '"\n') # Initialize SecImageCore isc = SecImageCore(debug=args.debug) # Configure image signer if args.image_file or ( args.meta_build and not SecImageCore.meta_supports_sign_id(args.meta_build)): if args.chipset: isc.chipset = args.chipset elif args.config_path: isc.config_path = args.config_path # Set the input if args.image_file: isc.set_image_path(args.image_file, args.sign_id) elif args.meta_build: isc.set_meta_build_path(args.meta_build, [] if args.sign_id is None else [args.sign_id]) # Set the output if args.mini_build: isc.mini_build_path = args.mini_build elif args.output_dir: isc.output_dir = args.output_dir # Process the images isc.process(verify_setup=args.verify_inputs, integrity_check=args.integrity_check, sign=args.sign, encrypt=args.encrypt, decrypt=args.decrypt, val_image=args.validate, val_integrity_check=args.validate, val_sign=args.validate, val_encrypt=args.validate) # Print the summary print_summary(args, isc.image_info_list) return isc.image_info_list
def c_validate(self): """Validates the command line args provided by the user. :raises: RuntimeError if any error occurs. """ args = self.parsed_args err = [] # Check if the meta build supports sign id meta_supports_sign_id = False if args.meta_build: meta_supports_sign_id = SecImageCore.meta_supports_sign_id( args.meta_build) # Check the input files if ((args.image_file and args.meta_build) or (not args.image_file and not args.meta_build)): err.append( 'Provide either image_file or a meta_build for processing.') # Check that --override flag is not given without help flag if args.overrides and not args.help: err.append( '-h flag must accompany --overrides flag to view overridable properties' ) # Check the configuration option and output dir if args.image_file or (args.meta_build and not meta_supports_sign_id): if ((args.chipset and args.config_path) or (not args.chipset and not args.config_path)): err.append( 'Provide either chipset or a config_path to process images.' ) if not args.output_dir: err.append('Provide the output_dir for storing the output.') elif args.meta_build and not meta_supports_sign_id: if not args.output_dir and not args.mini_build: err.append( 'Provide either output_dir or mini_build for storing the output.' ) # Check the operations if not (args.integrity_check or args.sign or args.encrypt or args.decrypt or args.validate or args.verify_inputs): err.append('Specify one or more operations to perform.') # Check and sanitize any paths for read access for path in ['image_file', 'config_path']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) if not c_path.validate_file(path_val): err.append('Cannot access ' + path + ' at: ' + path_val) setattr(args, path, path_val) # Check and sanitize any paths for read dir access for path in ['meta_build']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) if not c_path.validate_dir(path_val): err.append('Cannot access ' + path + ' at: ' + path_val) setattr(args, path, path_val) # Check and sanitize paths for write access for path in ['output_dir', 'mini_build']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) try: c_path.create_dir(path_val) except Exception as e: err.append('Cannot write at: ' + path_val + '\n' ' ' + 'Error: ' + str(e)) setattr(args, path, path_val) # Raise error if any if err: if len(err) > 1: err = [(' ' + str(idx + 1) + '. ' + error) for idx, error in enumerate(err)] err = 'Please check the command line args:\n\n' + '\n'.join( err) else: err = err[0] raise RuntimeError(err)
def main(args, return_isc=False): """Parses the command line arguments, performs any basic operations based on the parsed arguments and starts processing using the isc module. """ # Log to file flids = logger.log_to_file(SECIMAGE_TOOL_NAME, args.output_dir) try: # Print the tool's launch command logged_args = CoreOptionParser.mask_private_args( sys.argv, args._c_spec_override_prefix) logger.info('\n\n SecImage launched as: "' + ' '.join(logged_args) + '"\n') # Initialize SecImageCore isc = SecImageCore(debug=args.debug) # Configure image signer if args.image_file or ( args.meta_build and not SecImageCore.meta_supports_sign_id(args.meta_build)): if args.chipset: isc.set_chipset(args.chipset, args._c_overrides, args._c_spec_overrides) elif args.config_path: isc.set_config_path(args.config_path, args._c_overrides, args._c_spec_overrides) if args.qti_signing: isc.authority = AUTHORITY_QTI # Set the input if args.image_file: isc.set_image_path(args.image_file, args.sign_id, args.m_gen, args.m_image_file) elif args.meta_build: isc.set_meta_build_path( args.meta_build, [] if args.sign_id is None else [args.sign_id], args.m_gen) # Set the output if args.mini_build: isc.mini_build_path = args.mini_build elif args.output_dir: isc.output_dir = args.output_dir # Process the images isc.process(verify_setup=args.verify_inputs, sign_attr=args.sign_attr, integrity_check=args.integrity_check, sign=args.sign, encrypt=args.encrypt, decrypt=args.decrypt, no_op=args.no_op, val_image=args.validate, val_integrity_check=args.validate, val_sign=args.validate, val_encrypt=args.validate, m_sign_attr=args.m_sign_attr, m_integrity_check=args.m_integrity_check, m_sign=args.m_sign, m_encrypt=args.m_encrypt, m_decrypt=args.m_decrypt, m_val_image=args.m_validate, m_val_integrity_check=args.m_validate, m_val_sign=args.m_validate, m_val_encrypt=args.m_validate, gen_multi_image=args.m_gen, root_cert_hash=args.rch) # Print the summary print_summary(args, isc.image_info_list, isc.multi_image_imageinfo_dict.values()) if return_isc: return isc else: return isc.image_info_list finally: # Clear all log handlers logger.removeFileLogger(flids)
def c_validate(self): """Validates the command line args provided by the user. :raises: RuntimeError if any error occurs. """ args = self.parsed_args err = [] # Check the input files if ((args.image_file and args.meta_build) or (not args.image_file and not args.meta_build)): err.append( 'Provide either image_file or a meta_build for processing.') # Check that m_image_file and meta_build are not both provided if args.meta_build and args.m_image_file: err.append('--m_image_file cannot be provided with meta_build.') err.append('Provide --m_gen flag if ' + multi_image_string() + ' file generation is desired.') # Check that m_gen and m_image_file are not both provided if args.m_gen and args.m_image_file: err.append('Provide either --m_image_file or --m_gen.') # Check that --override flag is not given without help flag if args.overrides and not args.help: err.append( '-h flag must accompany --overrides flag to view overridable properties' ) # Check if the meta build supports sign id meta_supports_sign_id = False if args.meta_build: meta_supports_sign_id = SecImageCore.meta_supports_sign_id( args.meta_build) # Check the configuration option and output dir if args.image_file or (args.meta_build and not meta_supports_sign_id): if ((args.chipset and args.config_path) or (not args.chipset and not args.config_path)): err.append( 'Provide either chipset or a config_path to process images.' ) if not args.output_dir: err.append('Provide the output_dir for storing the output.') elif args.meta_build and not meta_supports_sign_id: if not args.output_dir and not args.mini_build: err.append( 'Provide either output_dir or mini_build for storing the output.' ) if not (args.integrity_check or args.sign or args.encrypt or args.decrypt or args.validate or args.verify_inputs or args.no_op): err.append('Specify one or more operations to perform.') # Check that multi-image operations are enabled when m_gen or m_image_file are provided if args.m_image_file and not (args.m_integrity_check or args.m_sign or args.m_encrypt or args.m_decrypt or args.m_validate): err.append('Specify one or more ' + multi_image_string() + ' image operations to perform.') if args.m_gen and not (args.m_integrity_check or args.m_sign or args.m_encrypt): err.append('Specify one or more ' + multi_image_string() + ' image operations to perform.') # Check that multi-image operations are not enabled when m_gen and m_image_file are missing if not (args.m_gen or args.m_image_file) and ( args.m_integrity_check or args.m_sign or args.m_encrypt or args.m_decrypt or args.m_validate): err.append( 'Provide either --m_image_file or --m_gen when performing ' + multi_image_string() + ' image operations.') # Check that no_op operation is only enabled when m_gen or m_image_file are provided if args.no_op and not (args.m_gen or args.m_image_file): err.append( 'Provide either --m_image_file or --m_gen when adding image entry to ' + multi_image_string() + ' image.') # Check that no_op operation is not provided with any other individual image operations if args.no_op and (args.integrity_check or args.sign or args.encrypt or args.decrypt or args.validate): err.append( 'no_op operation cannot be performed alongside other image operations' ) # Check sign_attr is only set when adding hash table if args.sign_attr and not (args.integrity_check or args.sign): err.append( 'sign_attr operation can only be performed when integrity_check or sign are being performed.' ) # Check m_sign_attr is only set when adding hash table if args.m_sign_attr and not (args.m_integrity_check or args.m_sign): err.append( 'm_sign_attr operation can only be performed when m_integrity_check or m_sign are being performed.' ) # Check other options: if args.rch and not args.validate: err.append( 'Root Cert Hash can only be given when "--validate" operation is provided.' ) # Check and sanitize any paths for read access for path in ['image_file', 'config_path']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) if not c_path.validate_file(path_val): err.append('Cannot access ' + path + ' at: ' + path_val) setattr(args, path, path_val) # Check and sanitize any paths for read dir access for path in ['meta_build']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) if not c_path.validate_dir(path_val): err.append('Cannot access ' + path + ' at: ' + path_val) setattr(args, path, path_val) # Check and sanitize paths for write access for path in ['output_dir', 'mini_build']: path_val = getattr(args, path, None) if path_val: path_val = c_path.normalize(path_val) try: c_path.create_dir(path_val) except Exception as e: err.append('Cannot write at: ' + path_val + '\n' ' ' + 'Error: ' + str(e)) setattr(args, path, path_val) # Raise error if any if err: if len(err) > 1: err = [(' ' + str(idx + 1) + '. ' + error) for idx, error in enumerate(err)] err = 'Please check the command line args:\n\n' + '\n'.join( err) else: err = err[0] raise RuntimeError(err)