SmartAudio/package/allwinner/tina-upgrade/aw_ota_verify_img.sh

125 lines
2.8 KiB
Bash
Raw Normal View History

2018-07-13 01:31:50 +00:00
#!/bin/sh
#set -x
. aw_ota_utils.sh
check_img_md5(){
md5_1=$(busybox md5sum $1 | busybox awk '{print $1}')
md5_2=$(cat "$2")
[ x"$md5_1" = x"$md5_2" ] && {
echo "$1 md5 check success!"
return 0
}
echo "check_img_md5 failed, target: $1 !"
return 1
}
check_img_signature(){
#$1 img file #2 signature file #3 pub key
#return: 0 - success ; 1 - fail
pub_key=/OTA_Key_pub.pem
if [ $# -ge 3 ];then
echo key is "$3"
pub_key=$3
fi
verify_result=$(openssl dgst -sha256 -verify "$pub_key" -signature "$2" "$1")
# [[ $verify_result = "Verified OK" ]] && {
[ x"${verify_result:9:2}" = x"OK" ] && {
echo "$1 signature check success!"
return 0
}
echo "check_img_signature failed, target: $1 !"
return 1
}
check_img(){
local part=$1
local img;
img=$(part_2_img "$part")
if [ x"$VERIFY_METHOR" = x"md5" ];then
check_img_md5 "$LOCAL_OTA_DIR"/"$img.verified" "$LOCAL_OTA_DIR"/"$img.md5"
[ $? -eq 1 ] && return 1
elif [ x"$VERIFY_METHOR" = x"signature" ];then
check_img_signature "$LOCAL_OTA_DIR"/"$img.verified" "$LOCAL_OTA_DIR"/"$img.signature"
[ $? -eq 1 ] && return 1
fi
return 0
}
aw_verify_patch()
{
local part=$1
local img
local old_file
local new_file
local patch_file
local md5_file
local to_verify_img
local verified_img
local signature_file
img=$(part_2_img "$part")
[ x"$img" = x"" ] && echo "set img fail" && return 1
new_file=$LOCAL_OTA_DIR/"$img".merge
patch_file=/tmp/"$img.patch"
md5_file=/tmp/"$img.md5"
signature_file=/tmp/"$img.signature"
verified_img=$LOCAL_OTA_DIR/"$img".verified
[ x"$part" = x"uboot" -o x"$part" = x"boot0" ] && {
echo "boot0 and uboot not support patch now"
rm -f "$md5_file" "$signature_file"
return 1
}
[ x"$part" = x"boot" ] && {
old_file=/dev/by-name/boot
}
[ x"$part" = x"rootfs" ] && {
old_file=/dev/by-name/rootfs
}
[ x"$part" = x"recovery" ] && {
old_file=/dev/by-name/recovery
}
apply_patch "$old_file" "$new_file" "$patch_file"
to_verify_img=$new_file
check_img_md5 "$to_verify_img" "$md5_file"
[ $? = 0 ] && {
mv "$to_verify_img" "$verified_img"
[ x"$USE_SIGNATURE" = x"1" ] && mv "$signature_file" "$LOCAL_OTA_DIR"/
rm -f "$md5_file"
return 0;
}
rm -f "$to_verify_img" "$md5_file" "$signature_file"
return 1
}
aw_verify_img()
{
local part=$1
local img
local img_file
local md5_file
local to_verify_img
local verified_img
local signature_file
img=$(part_2_img "$part")
[ x"$img" = x"" ] && echo "set img fail" && return 1
to_verify_img=/tmp/"$img"
md5_file=/tmp/"$img.md5"
signature_file=/tmp/"$img.signature"
verified_img=$LOCAL_OTA_DIR/"$img".verified
check_img_md5 "$to_verify_img" "$md5_file"
[ $? = 0 ] && {
mv "$to_verify_img" "$verified_img"
[ x"$USE_SIGNATURE" = x"1" ] && mv "$signature_file" "$LOCAL_OTA_DIR"/
return 0;
}
rm -f "$to_verify_img" "$md5_file" "$signature_file"
return 1
}