search

repk / gxlimg

Boot Image creation tool for amlogic s905x (GXL)
BSD 2-Clause "Simplified" License
56 stars 27 forks source link

aml_encrypt_g12b functionality #7

Open angerman opened 3 years ago

angerman commented 3 years ago

Hi, this looks great! I've got a HardKernel N2 here with a S922X chip, packaging the boot image is terrible, and aml_encrypt_g12b being only available as a x86_64 binary blob doesn't make it much better.

Here's what the somewhat loosely available only documentation provides for building the images

wget https://github.com/BayLibre/u-boot/releases/download/v2017.11-libretech-cc/blx_fix_g12a.sh -O fip/blx_fix.sh
cp -v $UBOOTDIR/build/scp_task/bl301.bin fip/
cp -v $UBOOTDIR/build/board/hardkernel/odroidn2/firmware/acs.bin fip/
cp -v $UBOOTDIR/fip/g12b/bl2.bin fip/
cp -v $UBOOTDIR/fip/g12b/bl30.bin fip/
cp -v $UBOOTDIR/fip/g12b/bl31.img fip/
cp -v $UBOOTDIR/fip/g12b/ddr3_1d.fw fip/
cp -v $UBOOTDIR/fip/g12b/ddr4_1d.fw fip/
cp -v $UBOOTDIR/fip/g12b/ddr4_2d.fw fip/
cp -v $UBOOTDIR/fip/g12b/diag_lpddr4.fw fip/
cp -v $UBOOTDIR/fip/g12b/lpddr4_1d.fw fip2/
cp -v $UBOOTDIR/fip/g12b/lpddr4_2d.fw fip/
cp -v $UBOOTDIR/fip/g12b/piei.fw fip/
cp -v $UBOOTDIR/fip/g12b/aml_ddr.fw fip/
cp -v u-boot.bin fip/bl33.bin

bash fip/blx_fix.sh \
     fip/bl30.bin \
     fip/zero_tmp \
     fip/bl30_zero.bin \
     fip/bl301.bin \
     fip/bl301_zero.bin \
     fip/bl30_new.bin \
     bl30

bash fip/blx_fix.sh \
     fip/bl2.bin \
     fip/zero_tmp \
     fip/bl2_zero.bin \
     fip/acs.bin \
     fip/bl21_zero.bin \
     fip/bl2_new.bin \
     bl2

$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bl30sig --input fip/bl30_new.bin \
                                --output fip/bl30_new.bin.g12a.enc \
                                --level v3
$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bl3sig --input fip/bl30_new.bin.g12a.enc \
                                --output fip/bl30_new.bin.enc \
                                --level v3 --type bl30
$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bl3sig --input fip/bl31.img \
                                --output fip/bl31.img.enc \
                                --level v3 --type bl31
$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bl3sig --input fip/bl33.bin --compress lz4 \
                                --output fip/bl33.bin.enc \
                                --level v3 --type bl33 --compress lz4
$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bl2sig --input fip/bl2_new.bin \
                                --output fip/bl2.n.bin.sig
$UBOOTDIR/fip/g12b/aml_encrypt_g12b --bootmk \
        --output fip/u-boot.bin \
        --bl2 fip/bl2.n.bin.sig \
        --bl30 fip/bl30_new.bin.enc \
        --bl31 fip/bl31.img.enc \
        --bl33 fip/bl33.bin.enc \
        --ddrfw1 fip/ddr4_1d.fw \
        --ddrfw2 fip/ddr4_2d.fw \
        --ddrfw3 fip/ddr3_1d.fw \
        --ddrfw4 fip/piei.fw \
        --ddrfw5 fip/lpddr4_1d.fw \
        --ddrfw6 fip/lpddr4_2d.fw \
        --ddrfw7 fip/diag_lpddr4.fw \
        --ddrfw8 fip/aml_ddr.fw \
        --level v3

Looking at the README.g12b, gxlimg should be suitable to get most of this done. Assuming we have the bl30_new.bin and bl2_new.bin constructed with the blx_fip.sh, these gxlimg commands should yield the same results

gxlimg -t bl30 -s bl30_new.bin bl30_new.bin.g12.enc
gxlimg -t bl3x -s bl30_new.bin.g12.enc bl30_new.bin.enc
gxlimg -t bl3x -s bl31.img bl31.img.sig.enc
gxlimg -t bl3x -s bl32.img bl32.img.enc
gxlimg -t bl3x -s u-boot.bin bl33.bin.enc
gxlimg -t bl2 -s bl2_new.bin bl2.n.bin.sig

Of course the bl33.bin.enc won't be lz4 compressed, but the --bootmk step is missing. I believe this is the -t fib instruction, however we are missing all the ddr arguments? This leaves me with some questions: (a) the --level 3 argument seems mostly unused? (b) does not compressing bl33 pose an issue? Do we know if the compression is run before or after the signing? (c) would it be hard to add the -ddrXXX flags? I see gi_fip_create just learned about bl301. (d) with respect to (c), does that mean we can sign bl30 and bl301 separately and ignore the first blx_fip.sh step?

hexdump0815 commented 3 years ago

@angerman - i guess this issue resulted in https://github.com/angerman/meson64-tools in the end? - i just tried to use that to try to build a native mainline u-boot for s905x2 (g12a) and s905x3 (sm1) tv boxes (https://github.com/hexdump0815/u-boot-misc/blob/gxm-experiments/readme.gxy#L53-L76) and i was able to at least assemble a boot image without any errors which started to boot, but sadly failed during the memory training with all the ddr firmwares i was able to find (most of them seem to be the same anyway) - here is btw. the boot output of trying to boot my assembled boot image: https://github.com/hexdump0815/u-boot-misc/blob/gxm-experiments/misc.gxy/debug-info/sm1-non-working-ddr.txt and in comparison the output of the original android boot: https://github.com/hexdump0815/u-boot-misc/blob/gxm-experiments/misc.gxy/debug-info/sm1-working-ddr.txt ... so i guess the only option to make this work would be to extract the blobs from the original boot blocks like gxlimg makes it possible with the "-e" option and which helped to make a native u-boot working perfectly fine on gxl and gxm. would any of you two be willing to write such an extraction option, so either to extend gxlimg's "-e" to also support g12a, g12b and sm1 or to add something like an "unmkboot" to the meson64-tools? sadly my skills are not good enough to get this solved myself. in case you would need some original boot blocks to experiment with - here is one for g12a and one for sm1 ready for "gxlimg -e", i.e. with the first 512 bytes stripped: https://github.com/hexdump0815/u-boot-misc/tree/gxm-experiments/misc.gxy/dump-in.dd

@angerman - the logs above are from my sm1 testing, i also tested on g12a and there it did not even boot - i guess there is maybe some magic number different for g12a which is created properly for sm1 only with the meson64-tools? - see: https://github.com/hexdump0815/u-boot-misc/blob/gxm-experiments/misc.gxy/debug-info/g12a-non-working-boot.txt

a lot of thanks in advance and best wishes - hexdump

hexdump0815 commented 3 years ago

just a little update: i have mainline u-boot and atf now working on a s905x3 = sm1 tv box without having to disassemble the orignal boot blocks - the available blobs are working well, i only had to extract the ddr memory timings from /dev/mmcblkXboot0 ... more info: https://freenode.irclog.whitequark.org/linux-amlogic/2020-09-26#28000408

update: regarding my above g12a tests - those most probably failed as the box i tried them with seems to have a locked boot loader - i guess that the meson64-tools will most probably work well for g12a - will test that soon ...

superna9999 commented 2 years ago

I've added an initial implementation in #16

xabolcs commented 2 years ago

@angerman did you have a chance to try Neil's work?

I'd like to package this into OpenWrt as stintel did with another aml tool.

xdarklight commented 1 year ago

since #16 has been merged: can this be closed?