78 lines
3.0 KiB
Python
78 lines
3.0 KiB
Python
## @ GenExtKeyHashStore.py
|
|
# Tool to generate an public key hash store.
|
|
# Generated binary can be updated using capsule firmware update
|
|
#
|
|
#
|
|
# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
#
|
|
##
|
|
|
|
import argparse
|
|
|
|
from CommonUtility import *
|
|
from BuildUtility import gen_pub_key_hash_store, HASH_USAGE
|
|
|
|
|
|
#
|
|
# HASH USAGE definitions supported
|
|
#
|
|
# 'PUBKEY_CFG_DATA' : (1<<9)
|
|
# 'PUBKEY_FWU' : (1<<10)
|
|
# 'PUBKEY_OS' : (1<<11)
|
|
# 'PUBKEY_CONT_DEF' : (1<<12)
|
|
# 'PUBKEY_OEM_0' : (1<<24)
|
|
# 'PUBKEY_OEM_1' : (1<<25)
|
|
# 'PUBKEY_OEM_2' : (1<<26)
|
|
# 'PUBKEY_OEM_3' : (1<<27)
|
|
# 'PUBKEY_OEM_4' : (1<<28)
|
|
# 'PUBKEY_OEM_5' : (1<<29)
|
|
# 'PUBKEY_OEM_6' : (1<<30)
|
|
# 'PUBKEY_OEM_7' : (1<<31)
|
|
|
|
#
|
|
# Sample Key Hash Store Layout file
|
|
#
|
|
# usage , KeyFile/Key_ID
|
|
# =========================================================================
|
|
# ( HASH_USAGE['PUBKEY_CFG_DATA'], 'KEY_ID_CFGDATA_RSA2048' ),
|
|
# ( HASH_USAGE['PUBKEY_FWU'], 'KEY_ID_FIRMWAREUPDATE_RSA2048'),
|
|
# ( HASH_USAGE['PUBKEY_CONT_DEF'], 'KEY_ID_CONTAINER_RSA2048' ),
|
|
# ( HASH_USAGE['PUBKEY_OS'], 'KEY_ID_OS1_PUBLIC_RSA2048' ),
|
|
#
|
|
#
|
|
|
|
def main():
|
|
|
|
#
|
|
# Create command line argument parser object
|
|
#
|
|
|
|
parser = argparse.ArgumentParser()
|
|
|
|
parser.add_argument('-l', '--layout', dest='keyh_layout', type=str, required=True, help='Key hash store layout input file')
|
|
parser.add_argument('-i', '--input_dir', dest='input_key_dir', type=str, default='', help='Keys input directory')
|
|
parser.add_argument('-k', '--priv_key', dest='PrivKey', type=str, required=True, help='Key Id or Private RSA 2048/RSA3072 key in PEM format to sign image')
|
|
parser.add_argument('-a', '--alg_hash', dest='HashType', type=str, choices=['SHA2_256', 'SHA2_384', 'AUTO'], default='AUTO', help='Hash type for signing. For AUTO hash type will be choosen based on key length')
|
|
parser.add_argument('-s', '--sign_scheme', dest='SignScheme', type=str, choices=['RSA_PKCS1', 'RSA_PSS'], default='RSA_PSS', help='Signing Scheme types')
|
|
parser.add_argument('-svn', dest='svn', type=int, default=0, help='Security version number for key hash store')
|
|
parser.add_argument('-o', '--output', dest='out_bin', type=str, required=True, help='Output file for signed image')
|
|
|
|
#
|
|
# Parse command line arguments
|
|
#
|
|
args = parser.parse_args()
|
|
|
|
layout = get_file_data(args.keyh_layout, 'r')
|
|
key_list = eval ('[%s]' % layout.replace('\\', '/'))
|
|
|
|
if args.HashType == 'AUTO':
|
|
HashType = adjust_hash_type(args.PrivKey)
|
|
|
|
gen_pub_key_hash_store (args.PrivKey, key_list, HashType, args.SignScheme, args.svn, args.input_key_dir, args.out_bin)
|
|
|
|
print('Successfully created key hash store binary')
|
|
|
|
if __name__ == '__main__':
|
|
sys.exit(main())
|