From f263a0f9ff5c050312f676b6684396ea118a8884 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= Date: Tue, 2 Jun 2020 09:12:05 +0200 Subject: [PATCH] bcm63xx: nand: support Sercomm firmwares MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for Sercomm factory firmwares (AES 256 CBC encrypted). Signed-off-by: Álvaro Fernández Rojas --- target/linux/bcm63xx/image/Makefile | 58 ++++++++++++++++++++++ target/linux/bcm63xx/image/bcm63xx_nand.mk | 9 ++++ 2 files changed, 67 insertions(+) diff --git a/target/linux/bcm63xx/image/Makefile b/target/linux/bcm63xx/image/Makefile index 5fbe8ea4701..fdeb100dd96 100644 --- a/target/linux/bcm63xx/image/Makefile +++ b/target/linux/bcm63xx/image/Makefile @@ -223,6 +223,64 @@ define Build/cfe-part-tag dd if=$@.part >> $@ endef +define Build/cfe-sercomm-part + $(TOPDIR)/scripts/sercomm-partition-tag.py \ + --input-file $@ \ + --output-file $@.kernel_rootfs \ + --part-name kernel_rootfs \ + --part-version OpenWrt \ + --rootfs-version $(SERCOMM_VERSION) + + rm -rf $@-rootfs_lib + mkdir -p $@-rootfs_lib + echo $(SERCOMM_VERSION) > $@-rootfs_lib/lib_ver + $(call Build/cfe-jffs2,$@-rootfs_lib) + $(call Build/pad-to,$(BLOCKSIZE)) + $(TOPDIR)/scripts/sercomm-partition-tag.py \ + --input-file $@ \ + --output-file $@.rootfs_lib \ + --part-name rootfs_lib \ + --part-version $(SERCOMM_VERSION) + + rm -rf $@-bootloader + mkdir -p $@-bootloader + cp $(KDIR)/bcm63xx-cfe/$(CFE_RAM_FILE) $@-bootloader/$(CFE_RAM_JFFS2_NAME) + $(call Build/cfe-jffs2,$@-bootloader) + $(call Build/pad-to,$(BLOCKSIZE)) + $(TOPDIR)/scripts/sercomm-partition-tag.py \ + --input-file $@ \ + --output-file $@.bootloader \ + --part-name bootloader \ + --part-version $(SERCOMM_VERSION) + + mv $@.kernel_rootfs $@ + dd if=$@.rootfs_lib >> $@ + dd if=$@.bootloader >> $@ +endef + +define Build/cfe-sercomm-load + mv $@ $@.ser + echo $(SERCOMM_PID) | xxd -p -r > $@ + sha256sum $@.ser | awk '{ print $1 }' | xxd -p -r >> $@ + dd if=$@.ser >> $@ + rm -f $@.ser +endef + +define Build/cfe-sercomm-crypto + $(TOPDIR)/scripts/sercomm-crypto.py \ + --input-file $@ \ + --key-file $@.key \ + --output-file $@.ser \ + --version OpenWrt + $(STAGING_DIR_HOST)/bin/openssl enc -md md5 -aes-256-cbc \ + -in $@ -out $@.enc \ + -K `cat $@.key` \ + -iv 00000000000000000000000000000000 + dd if=$@.enc >> $@.ser + mv $@.ser $@ + rm -f $@.enc $@.key +endef + define Build/cfe-old-bin $(TOPDIR)/scripts/brcmImage.pl -t -p \ -o $@ -b $(CFE_BOARD_ID) -c $(CHIP_ID) \ diff --git a/target/linux/bcm63xx/image/bcm63xx_nand.mk b/target/linux/bcm63xx/image/bcm63xx_nand.mk index 5483c73077e..57a895f9db4 100644 --- a/target/linux/bcm63xx/image/bcm63xx_nand.mk +++ b/target/linux/bcm63xx/image/bcm63xx_nand.mk @@ -7,6 +7,7 @@ DEVICE_VARS += CFE_RAM_FILE DEVICE_VARS += CFE_RAM_JFFS2_NAME CFE_RAM_JFFS2_PAD DEVICE_VARS += CFE_WFI_CHIP_ID CFE_WFI_FLASH_TYPE DEVICE_VARS += CFE_WFI_FLAGS CFE_WFI_VERSION +DEVICE_VARS += SERCOMM_PID SERCOMM_VERSION # CFE expects a single JFFS2 partition with cferam and kernel. However, # it's possible to fool CFE into properly loading both cferam and kernel @@ -36,6 +37,14 @@ define Device/bcm63xx-nand SUPPORTED_DEVICES := $(subst _,$(comma),$(1)) endef +define Device/sercomm-nand + $(Device/bcm63xx-nand) + IMAGES += factory.img + IMAGE/factory.img := append-kernel | pad-to $$$$(KERNEL_SIZE) | append-ubi | cfe-sercomm-part | gzip | cfe-sercomm-load | cfe-sercomm-crypto + SERCOM_PID := + SERCOMM_VERSION := +endef + ### Comtrend ### define Device/comtrend_vr-3032u $(Device/bcm63xx-nand)