-
Notifications
You must be signed in to change notification settings - Fork 136
/
secure_partition.py
73 lines (58 loc) · 2.34 KB
/
secure_partition.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
'''
This tool is used to sign (aka generate "secureinfo") and encrypt partition
Almost all new Mstar builds I saw have SECURITY_BOOT option enebled. Which means it uses AES to
encrypt boot.img and recovery.img and RSA to generate signature (Plus multiple internal security updates).
This script will generate two files: encrypted image and signature file
'''
import os
import sys
# Command line args
if len(sys.argv) == 1:
print ("Usage: secure_partition.py <file to encrypt> <AES key file> <RSA private key file> <RSA public key file> <output encrypted file> <output signature file>")
print ("Example: secure_partition.py ./pack/boot.img ./keys/AESbootKey ./keys/RSAboot_priv.txt ./keys/RSAboot_pub.txt ./pack/boot.img.aes ./pack/boot.signature.bin")
quit()
INPUT_FILE_NAME = sys.argv[1]
AES_KEY = sys.argv[2]
RSA_PRIVATE_KEY = sys.argv[3]
RSA_PUBLIC_KEY = sys.argv[4]
OUTPUT_FILE_NAME = sys.argv[5]
OUTPUT_SIGNATURE_FILE_NAME = sys.argv[6]
# Aditional SubSecureInfoGen params
BLOCK_SIZE_FOR_INTERLEAVE = 2097152
ENABLE_PARTIAL_AUTHENTICATION = 0 # 0 - disable, 1 - enable
NUMBER_FOR_PARTIAL_AUTHENTICATION = 8 # ???
ENABLE_INTERLEAVE_MODE = 1 # 0 - disable, 1 - enable
DISPLAY_DEBUGGING_INFO = 1 # 0 - disable, 1 - enable
# Binary tools
TOOLS_DIR = 'bin\\win32\\' if os.name == 'nt' else 'bin/linux-x86/'
alignment = os.path.join(TOOLS_DIR, 'alignment')
SubSecureInfoGen = os.path.join(TOOLS_DIR, 'SubSecureInfoGen')
aescrypt2 = os.path.join(TOOLS_DIR, 'aescrypt2')
# Alignment
os.system(alignment + ' {}'.format(INPUT_FILE_NAME))
# Generate signature
os.system(SubSecureInfoGen + ' {} {} {} {} {} {} {} {} {} {}'.format(
OUTPUT_SIGNATURE_FILE_NAME,
INPUT_FILE_NAME,
RSA_PRIVATE_KEY,
RSA_PUBLIC_KEY,
ENABLE_PARTIAL_AUTHENTICATION,
NUMBER_FOR_PARTIAL_AUTHENTICATION,
ENABLE_INTERLEAVE_MODE,
BLOCK_SIZE_FOR_INTERLEAVE,
DISPLAY_DEBUGGING_INFO,
TOOLS_DIR))
print (SubSecureInfoGen + ' {} {} {} {} {} {} {} {} {} {}'.format(
OUTPUT_SIGNATURE_FILE_NAME,
INPUT_FILE_NAME,
RSA_PRIVATE_KEY,
RSA_PUBLIC_KEY,
ENABLE_PARTIAL_AUTHENTICATION,
NUMBER_FOR_PARTIAL_AUTHENTICATION,
ENABLE_INTERLEAVE_MODE,
BLOCK_SIZE_FOR_INTERLEAVE,
DISPLAY_DEBUGGING_INFO,
TOOLS_DIR))
# Crypt input image
os.system(aescrypt2 + ' 0 {} {} {}'.format(INPUT_FILE_NAME, OUTPUT_FILE_NAME, AES_KEY))
print ("Done")