[][MAC80211][misc][update autobuild folder for WiFi7]
[Description]
Refactor autobuild folder for external build PASS.
Update MT7996 mp2.0 FW to 20230608.
[Release-log]
N/A
Change-Id: Idf22eb7dd01a777657f90ff0ce170f31abb106f7
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7633627
diff --git a/autobuild_mac80211_release/openwrt_patches-21.02/mtk_soc/0913-sbc-add-offline-sign-support.patch b/autobuild_mac80211_release/openwrt_patches-21.02/mtk_soc/0913-sbc-add-offline-sign-support.patch
new file mode 100644
index 0000000..191eb53
--- /dev/null
+++ b/autobuild_mac80211_release/openwrt_patches-21.02/mtk_soc/0913-sbc-add-offline-sign-support.patch
@@ -0,0 +1,428 @@
+--- a/include/image.mk
++++ b/include/image.mk
+@@ -443,7 +443,10 @@ endif
+ ROOTFS_ENCRYPT = $(if $(ROE_KEY_DIR),$(wildcard $(ROE_KEY_DIR)/$(ROE_KEY_NAME).key),)
+
+ DEVICE_CHECK_FIT_KEY = $(if $(wildcard $(FIT_KEY_DIR)/$(FIT_KEY_NAME).key),install-images,install-disabled)
+-DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-images)
++DEVICE_CHECK_FIT_DIR = $(if $(FIT_KEY_DIR),$(DEVICE_CHECK_FIT_KEY),install-disabled)
++
++DEVICE_CHECK_OFFLINE_FIT_KEY = $(if $(filter offline%,$(FIT_KEY_NAME)),install-images,$(DEVICE_CHECK_FIT_DIR))
++DEVICE_CHECK_FIT_KEY_NAME = $(if $(FIT_KEY_NAME),$(DEVICE_CHECK_OFFLINE_FIT_KEY),install-images)
+
+ DEVICE_EXTRA_PACKAGES = $(call qstrip,$(CONFIG_TARGET_DEVICE_PACKAGES_$(call target_conf,$(BOARD)$(if $(SUBTARGET),_$(SUBTARGET)))_DEVICE_$(1)))
+
+@@ -467,7 +470,7 @@ endef
+ define Device/Check
+ $(Device/Check/Common)
+ KDIR_KERNEL_IMAGE := $(KDIR)/$(1)$$(KERNEL_SUFFIX)
+- _TARGET := $$(if $$(_PROFILE_SET),$$(DEVICE_CHECK_FIT_DIR),install-disabled)
++ _TARGET := $$(if $$(_PROFILE_SET),$$(DEVICE_CHECK_FIT_KEY_NAME),install-disabled)
+ ifndef IB
+ _COMPILE_TARGET := $$(if $(CONFIG_IB)$$(_PROFILE_SET),compile,compile-disabled)
+ endif
+--- a/scripts/mkits.sh
++++ b/scripts/mkits.sh
+@@ -164,11 +164,17 @@ fi
+
+ # Conditionally create signature information
+ if [ -n "${KEY_NAME_HINT}" ]; then
++ if [[ "${KEY_NAME_HINT}" == "offline,"* ]]; then
++ KEY_NAME_HINT=$(echo -n "${KEY_NAME_HINT}" | sed "s/^.*[,]//g")
++ SIGN_OFFLINE="
++ sign-offline = <1>;"
++ fi
+ SIGNATURE="\
+ signature {
+ algo = \"sha1,rsa2048\";
+ key-name-hint = \"${KEY_NAME_HINT}\";
+ ${SIGN_IMAGES}
++${SIGN_OFFLINE}
+ };\
+ "
+ fi
+--- /dev/null
++++ b/tools/mkimage/patches/901-mtk-mkimage-add-offline-sign-support.patch
+@@ -0,0 +1,382 @@
++--- a/tools/image-host.c
+++++ b/tools/image-host.c
++@@ -168,6 +168,9 @@ static int fit_image_setup_sig(struct im
++ {
++ const char *node_name;
++ const char *padding_name;
+++ const char *offline;
+++ const char offline_suffix[] = ",offline";
+++ char *offline_algo_name = NULL;
++
++ node_name = fit_get_name(fit, noffset, NULL);
++ if (!algo_name) {
++@@ -188,7 +191,21 @@ static int fit_image_setup_sig(struct im
++ info->node_offset = noffset;
++ info->name = strdup(algo_name);
++ info->checksum = image_get_checksum_algo(algo_name);
++- info->crypto = image_get_crypto_algo(algo_name);
+++
+++ offline = fdt_getprop(fit, noffset, "sign-offline", NULL);
+++ if (offline) {
+++ offline_algo_name = calloc(strlen(algo_name) + strlen(offline_suffix) + 1, sizeof(char));
+++ if (!offline_algo_name)
+++ return -ENOMEM;
+++
+++ strcpy(offline_algo_name, algo_name);
+++ strcat(offline_algo_name, offline_suffix);
+++
+++ info->crypto = image_get_crypto_algo(offline_algo_name);
+++ } else {
+++ info->crypto = image_get_crypto_algo(algo_name);
+++ }
+++
++ info->padding = image_get_padding_algo(padding_name);
++ info->require_keys = require_keys;
++ info->engine_id = engine_id;
++--- a/tools/image-sig-host.c
+++++ b/tools/image-sig-host.c
++@@ -11,6 +11,7 @@
++ #include <u-boot/ecdsa.h>
++ #include <u-boot/rsa.h>
++ #include <u-boot/hash-checksum.h>
+++#include "signoffline.h"
++
++ struct checksum_algo checksum_algos[] = {
++ {
++@@ -76,6 +77,27 @@ struct crypto_algo crypto_algos[] = {
++ .add_verify_data = ecdsa_add_verify_data,
++ .verify = ecdsa_verify,
++ },
+++ {
+++ .name = "rsa2048,offline",
+++ .key_len = RSA2048_BYTES,
+++ .sign = offline_sign,
+++ .add_verify_data = rsa_add_verify_data,
+++ .verify = offline_verify,
+++ },
+++ {
+++ .name = "rsa3072,offline",
+++ .key_len = RSA3072_BYTES,
+++ .sign = offline_sign,
+++ .add_verify_data = rsa_add_verify_data,
+++ .verify = offline_verify,
+++ },
+++ {
+++ .name = "rsa4096,offline",
+++ .key_len = RSA4096_BYTES,
+++ .sign = offline_sign,
+++ .add_verify_data = rsa_add_verify_data,
+++ .verify = offline_verify,
+++ },
++ };
++
++ struct padding_algo padding_algos[] = {
++--- a/tools/Makefile
+++++ b/tools/Makefile
++@@ -89,6 +89,8 @@ RSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(
++ rsa-sign.o rsa-verify.o \
++ rsa-mod-exp.o)
++
+++SIGNOFFLINE_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := signoffline.o
+++
++ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o)
++
++ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
++@@ -149,7 +151,8 @@ dumpimage-mkimage-objs := aisimage.o \
++ mtk_image.o \
++ $(ECDSA_OBJS-y) \
++ $(RSA_OBJS-y) \
++- $(AES_OBJS-y)
+++ $(AES_OBJS-y) \
+++ $(SIGNOFFLINE_OBJS-y)
++
++ dumpimage-objs := $(dumpimage-mkimage-objs) dumpimage.o
++ mkimage-objs := $(dumpimage-mkimage-objs) mkimage.o
++--- /dev/null
+++++ b/tools/signoffline.h
++@@ -0,0 +1,18 @@
+++// SPDX-License-Identifier: GPL-2.0+
+++/*
+++ * Copyright (C) 2022 MediaTek Incorporation. All Rights Reserved.
+++ *
+++ */
+++
+++#ifndef SIGNOFFLINE_H_
+++#define SIGNOFFLINE_H_
+++
+++int offline_sign(struct image_sign_info *info,
+++ const struct image_region region[], int region_count,
+++ uint8_t **sigp, uint *sig_len);
+++
+++int offline_verify(struct image_sign_info *info,
+++ const struct image_region region[], int region_count,
+++ uint8_t *sig, uint sig_len);
+++
+++#endif /* SIGNOFFLINE_H_ */
++--- /dev/null
+++++ b/tools/signoffline.c
++@@ -0,0 +1,264 @@
+++// SPDX-License-Identifier: GPL-2.0+
+++/*
+++ * Copyright (C) 2022 MediaTek Incorporation. All Rights Reserved.
+++ *
+++ */
+++#include <stdio.h>
+++#include <stdint.h>
+++#include <image.h>
+++#include <linux/libfdt.h>
+++#include <malloc.h>
+++#include <u-boot/sha512.h>
+++#include "mkimage.h"
+++
+++#define OFFSIGN_MSG_FILE ".msg"
+++#define OFFSIGN_SIG_FILE ".sig"
+++#define OFFSIGN_MAX_TMPFILE_LEN 256
+++#define OFFSIGN_MAX_CMDLINE_LEN 3 * OFFSIGN_MAX_TMPFILE_LEN + 128 + 1
+++#define OPENSSL_PKEYUTL_CMD "openssl pkeyutl"
+++#define OPENSSL_PKEYUTL_OPER "-sign"
+++#define OPENSSL_PKEYUTL_PADDING "-pkeyopt rsa_padding_mode"
+++#define OPENSSL_PKEYUTL_SALT "-pkeyopt rsa_pss_saltlen:32"
+++
+++static char img_prefix[OFFSIGN_MAX_TMPFILE_LEN];
+++
+++static int get_fit_identifier(const void *fit, char *img_prefix)
+++{
+++ int ret = 0;
+++ int noffset = 0;
+++ int img_noffset = 0;
+++ int len = 0;
+++ const char *prop = NULL;
+++ char *p = NULL, *end_p = NULL;
+++
+++ img_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
+++ if (img_noffset < 0) {
+++ fprintf(stderr, "Can't find image parent node: %s\n", FIT_IMAGES_PATH);
+++ return img_noffset;
+++ }
+++
+++ noffset = fdt_subnode_offset(fit, img_noffset, "fdt-1");
+++ if (noffset < 0) {
+++ fprintf(stderr, "Can't find fdt-1 node in %s\n", FIT_IMAGES_PATH);
+++ return noffset;
+++ }
+++
+++ prop = fdt_getprop(fit, noffset, FIT_DESC_PROP, &len);
+++ if (!prop) {
+++ fprintf(stderr, "Can't find %s property in node: fdt-1\n", FIT_DESC_PROP);
+++ return -EINVAL;
+++ }
+++
+++ /* find FIT image name as tmpfile prefix */
+++ p = strstr(prop, "OpenWrt ");
+++ if (!p)
+++ return -EINVAL;
+++
+++ p = strchr(p, ' ');
+++ if (!p)
+++ return -EINVAL;
+++ p += 1;
+++
+++ end_p = strchr(p, ' ');
+++ if (!end_p)
+++ return -EINVAL;
+++
+++ if ((end_p - p) >= OFFSIGN_MAX_TMPFILE_LEN)
+++ return -EINVAL;
+++
+++ strncpy(img_prefix, p, end_p - p);
+++
+++ return ret;
+++}
+++
+++static int prepare_offline_sign(struct image_sign_info *info,
+++ const struct image_region region[],
+++ int region_count)
+++{
+++ int ret = 0;
+++ size_t len = 0;
+++ FILE *f = NULL;
+++ char msg_file[OFFSIGN_MAX_TMPFILE_LEN] = {0};
+++ uint8_t checksum[SHA512_SUM_LEN] = {0};
+++
+++ ret = get_fit_identifier(info->fit, img_prefix);
+++ if (ret)
+++ return ret;
+++
+++ len = snprintf(msg_file, sizeof(msg_file),
+++ "%s/%s%s", info->keydir, img_prefix, OFFSIGN_MSG_FILE);
+++ if (len < 0)
+++ return -EINVAL;
+++
+++ /* calculate digest */
+++ ret = info->checksum->calculate(info->checksum->name, region,
+++ region_count, checksum);
+++ if (ret) {
+++ fprintf(stderr, "Failed to calculate checksum of regions\n");
+++ return ret;
+++ }
+++
+++ /* write message to be signed to msg_file */
+++ f = fopen(msg_file, "w");
+++ if (!f) {
+++ fprintf(stderr, "Failed to open %s\n", msg_file);
+++ return -EINVAL;
+++ }
+++
+++ len = fwrite(checksum, sizeof(uint8_t),
+++ info->checksum->checksum_len, f);
+++ if (len < 0) {
+++ fprintf(stderr, "Failed to write to %s\n", msg_file);
+++ ret = -EINVAL;
+++ }
+++
+++ fclose(f);
+++
+++ return ret;
+++}
+++
+++static int sign_offline(struct image_sign_info *info,
+++ const struct image_region region[],
+++ int region_count,
+++ uint8_t **sigp, uint *sig_len)
+++{
+++ int ret = 0;
+++ size_t len = 0;
+++ char cmd[OFFSIGN_MAX_CMDLINE_LEN] = {0};
+++ char padding[8] = {0};
+++
+++ /* check padding */
+++ if (info->padding && !strcmp(info->padding->name, "pss"))
+++ strncpy(padding, "pss", sizeof(padding));
+++ else
+++ strncpy(padding, "pkcs1", sizeof(padding));
+++
+++ len = snprintf(cmd, sizeof(cmd),
+++ "%s %s -in %s/%s%s -inkey %s/%s.key -out %s/%s%s -pkeyopt digest:%s %s:%s",
+++ OPENSSL_PKEYUTL_CMD,
+++ OPENSSL_PKEYUTL_OPER,
+++ info->keydir,
+++ img_prefix,
+++ OFFSIGN_MSG_FILE,
+++ info->keydir,
+++ info->keyname,
+++ info->keydir,
+++ img_prefix,
+++ OFFSIGN_SIG_FILE,
+++ info->checksum->name,
+++ OPENSSL_PKEYUTL_PADDING,
+++ padding);
+++ if (len < 0)
+++ return -EINVAL;
+++
+++ if (!strcmp(padding, "pss")) {
+++ len = snprintf(cmd + len, sizeof(cmd), "%s", OPENSSL_PKEYUTL_SALT);
+++ if (len < 0)
+++ return -EINVAL;
+++ }
+++
+++ printf("%s\n", cmd);
+++
+++ /* execute openssl command */
+++ if (system(cmd) == -1) {
+++ fprintf(stderr,"%s: failed to sign FIT\n", OPENSSL_PKEYUTL_CMD);
+++ return -EINVAL;
+++ }
+++
+++ return ret;
+++}
+++
+++static int post_offline_sign(struct image_sign_info *info,
+++ uint8_t **sigp, uint *sig_len)
+++{
+++ int ret = 0;
+++ FILE *f = NULL;
+++ size_t len = 0;
+++ void *sig = NULL;
+++ char sig_file[OFFSIGN_MAX_TMPFILE_LEN] = {0};
+++
+++ len = snprintf(sig_file, sizeof(sig_file),
+++ "%s/%s%s", info->keydir, img_prefix, OFFSIGN_SIG_FILE);
+++ if (len < 0)
+++ return -EINVAL;
+++
+++ /* read signature from sig_file */
+++ f = fopen(sig_file, "rb");
+++ if (!f) {
+++ fprintf(stderr, "Failed to open %s\n", sig_file);
+++ return -EINVAL;
+++ }
+++
+++ sig = calloc(info->crypto->key_len, sizeof(uint8_t));
+++ if (!sig) {
+++ ret = -ENOMEM;
+++ goto post_offline_sign_err;
+++ }
+++
+++ len = fread(sig, sizeof(uint8_t), info->crypto->key_len, f);
+++ if (len < 0) {
+++ fprintf(stderr, "Failed to read from %s\n", sig_file);
+++ ret = -EINVAL;
+++ goto post_offline_sign_err;
+++ }
+++
+++ if (len != info->crypto->key_len) {
+++ fprintf(stderr, "Signature length is invalid\n");
+++ ret = -EINVAL;
+++ goto post_offline_sign_err;
+++ }
+++
+++ fclose(f);
+++
+++ *sigp = sig;
+++ *sig_len= info->crypto->key_len;
+++
+++ return 0;
+++
+++post_offline_sign_err:
+++ fclose(f);
+++ if (sig)
+++ free(sig);
+++
+++ return ret;
+++}
+++
+++int offline_sign(struct image_sign_info *info,
+++ const struct image_region region[], int region_count,
+++ uint8_t **sigp, uint *sig_len)
+++{
+++ int ret = 0;
+++
+++ printf("%s:\n", __func__);
+++
+++ ret = prepare_offline_sign(info, region, region_count);
+++ if (ret) {
+++ fprintf(stderr, "prepare_offline_sign() failed\n");
+++ return -EINVAL;
+++ }
+++
+++ ret = sign_offline(info, region, region_count, sigp, sig_len);
+++ if (ret) {
+++ fprintf(stderr, "sign_offline() failed\n");
+++ return -EINVAL;
+++ }
+++
+++ ret = post_offline_sign(info, sigp, sig_len);
+++ if (ret) {
+++ fprintf(stderr, "post_offline_sign() failed\n");
+++ return -EINVAL;
+++ }
+++
+++ return ret;
+++}
+++
+++int offline_verify(struct image_sign_info *info,
+++ const struct image_region region[], int region_count,
+++ uint8_t *sig, uint sig_len)
+++{
+++ int ret = 0;
+++
+++ printf("%s:\n", __func__);
+++
+++ return ret;
+++}