Single signings scripts improvements

Udated error handling for SBL Key dir and error
messages to guide user to use GenerateKeys tool.

Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>

BootloaderCorePkg/Tools/BuildUtility.py

@@ -23,6 +23,7 @@ import zipfile
 import ntpath
 from   CommonUtility import *
 from   IfwiUtility   import FLASH_MAP, FLASH_MAP_DESC, FIT_ENTRY, UCODE_HEADER
+from SingleSign import MESSAGE_SBL_KEY_DIR
 
 sys.dont_write_bytecode = True
 sys.path.append (os.path.join(os.path.dirname(__file__), '..', '..', 'IntelFsp2Pkg', 'Tools'))
@@ -867,7 +868,9 @@ def check_for_git():
 
 def check_for_slimbootkeydir():
     if not os.path.exists(os.environ.get('SBL_KEY_DIR')):
-        raise Exception ("SBL_KEY_DIR is not valid. Set correct SBL_KEY_DIR path !!")
+        print ("!!! ERROR: SBL_KEY_DIR is set to directory %s does not exist!!! \n"  % os.environ['SBL_KEY_DIR'])
+        print (MESSAGE_SBL_KEY_DIR)
+        sys.exit(1)
 
 def copy_images_to_output (fv_dir, zip_file, img_list, rgn_name_list, out_list):
     zip_path_file = os.path.join (os.environ['WORKSPACE'], zip_file)

BootloaderCorePkg/Tools/SingleSign.py

@@ -47,13 +47,14 @@ SIGNING_KEY = {
     "OS2_PUBLIC_KEY_ID"      :    "OS2_TestKey_Pub",
     }
 
-
-def print_message_sbl_key_dir ():
-    print ("Pre-requiste: SBL_KEY_DIR environment variable has to be set!")
-    print ("SBL_KEY_DIR is path to keys used for the project!")
-    print ("For Keys generation follow GenerateKeys.py available in tool directory!")
-
-    return
+MESSAGE_SBL_KEY_DIR = (
+            "!!! PRE-REQUISITE: Path to SBL_KEY_DIR has to be set with SBL KEYS DIRECTORY !!! \n"
+            "!!! Generate keys using GenerateKeys.py available in BootloaderCorePkg/Tools directory !!! \n"
+            "!!! Run $python BootloaderCorePkg/Tools/GenerateKeys.py -k $PATH_TO_SBL_KEY_DIR !!!\n"
+            "!!! Set SBL_KEY_DIR environ with path to SBL KEYS DIR !!!\n"
+            "!!! Windows $set    SBL_KEY_DIR=$PATH_TO_SBL_KEY_DIR !!!\n"
+            "!!! Linux   $export SBL_KEY_DIR=$PATH_TO_SBL_KEY_DIR !!!\n"
+        )
 
 def get_openssl_path ():
     if os.name == 'nt':
@@ -110,45 +111,54 @@ def get_key_id (priv_key):
     else:
         return None
 
-def get_key_dir ():
+def get_sbl_key_dir ():
     # Check Key store setting SBL_KEY_DIR path
     if 'SBL_KEY_DIR' not in os.environ:
-        print_message_sbl_key_dir()
-        raise Exception ("SBL_KEY_DIR is not defined. Set SBL_KEY_DIR !!")
+        raise Exception ("ERROR: SBL_KEY_DIR is not defined. Set SBL_KEY_DIR with SBL Keys directory!!\n"
+                                                                + MESSAGE_SBL_KEY_DIR)
 
     sbl_key_dir = os.environ.get('SBL_KEY_DIR')
     if not os.path.exists(sbl_key_dir):
-        print_message_sbl_key_dir()
-        raise Exception ("SBL_KEY_DIR is not valid. Set the correct SBL_KEY_DIR path !!")
+        raise Exception (("ERROR:SBL_KEY_DIR set %s is not valid. Set the correct SBL_KEY_DIR path !!\n"
+                                                                        + MESSAGE_SBL_KEY_DIR) % sbl_key_dir)
     else:
         return sbl_key_dir
 
 def get_key_from_store (in_key):
 
-    print("in_Key %s" % in_key)
-    # Get Slimboot key dir path
-    sbl_key_dir = get_key_dir()
+    #Check in_key is path to  key
+    if os.path.exists(in_key):
+        return in_key
 
-    # Extract key_id if present
+    # Get Slimboot key dir path
+    sbl_key_dir = get_sbl_key_dir()
+
+    # Extract if in_key is key_id
     priv_key = get_key_id (in_key)
     if priv_key is not None:
         if (priv_key in SIGNING_KEY):
             # Generate key file name from key id
             priv_key_file = SIGNING_KEY[priv_key] + '_' + KEY_SIZE_TYPE +'.pem'
         else:
-            raise Exception('KEY_ID %s is not found!' % priv_key)
+            raise Exception('KEY_ID %s is not found in supported KEY IDs!!' % priv_key)
     elif check_file_pem_format(in_key) == True:
-        # check if file is of pem format
+        # check if file name is provided in pem format
         priv_key_file = in_key
     else:
         priv_key_file = None
         raise Exception('key provided %s is not valid!' % in_key)
 
+    # Create a file path
+    # Join Key Dir and priv_key_file
     try:
         priv_key = os.path.join (sbl_key_dir, priv_key_file)
     except:
         raise Exception('priv_key is not found %s!' % priv_key)
 
+    # Check for priv_key construted based on KEY ID exists in specified path
+    if not os.path.isfile(priv_key):
+        raise Exception (("!!! ERROR: Key file corresponding to '%s' do not exist in Sbl key directory at '%s' !!! \n" + MESSAGE_SBL_KEY_DIR)  % (in_key, sbl_key_dir))
+
     return priv_key
 
 #
@@ -182,12 +192,7 @@ def single_sign_file (priv_key, hash_type, sign_scheme, in_file, out_file):
         "RSA_PSS"      : 'pss',
     }
 
-    # Check priv_key is path to private key
-    if not os.path.exists(priv_key):
-        priv_key = get_key_from_store(priv_key)
-
-    if not os.path.isfile(priv_key):
-        raise Exception ("Invalid input key file '%s' !" % priv_key)
+    priv_key = get_key_from_store(priv_key)
 
     # Temporary files to store hash generated
     hash_file_tmp = out_file+'.hash.tmp'
@@ -233,12 +238,7 @@ def single_sign_file (priv_key, hash_type, sign_scheme, in_file, out_file):
 
 def single_sign_gen_pub_key (in_key, pub_key_file = None):
 
-    # Check in_key is path to private key
-    if not os.path.exists(in_key):
-        in_key = get_key_from_store(in_key)
-
-    if not os.path.isfile(in_key):
-        raise Exception ("Invalid input key file '%s' !" % in_key)
+    in_key = get_key_from_store(in_key)
 
     # Expect key to be in PEM format
     is_prv_key = False