github.com/google/trillian-examples@v0.0.0-20240520080811-0d40d35cef0e/binary_transparency/firmware/cmd/usbarmory/image_builder/build.sh (about)

     1  # Copyright 2020 Google LLC. All Rights Reserved.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  # build.sh is a utility to create ext4 filesystem images for use in the
    16  # firmware partition of SD Cards created for USB Armory devices.
    17  
    18  #!/bin/bash
    19  usage() {
    20      echo "Usage: $0 -u <path_to_unikernel> -o <output_file>" 1>&2
    21      exit 1
    22  }
    23  
    24  clean() {
    25      if [ ! -z "${MNT}" ]; then
    26      fusermount -u ${MNT}
    27      rmdir ${MNT}
    28      fi
    29  }
    30  
    31  
    32  while getopts ":u:o:f" opt; do
    33  case ${opt} in
    34      u )
    35      u=${OPTARG}
    36      ;;
    37      o )
    38      o=${OPTARG}
    39      ;;
    40      f )
    41      f=1
    42      ;;
    43      * )
    44      usage
    45      ;;
    46  esac
    47  done
    48  shift $((OPTIND - 1))
    49  
    50  if [ -z "${u}" ] || [ -z "${o}" ]; then
    51      usage
    52  fi
    53  
    54  if [ -f  "${o}" ] && [ -z "${f}" ]; then
    55      echo "Output file ${o} already exists, use -f to force overwrite"
    56      if [ -z ${f} ]; then
    57          exit 2
    58      fi
    59  fi
    60  
    61  trap clean EXIT
    62  
    63  set -e
    64  MNT=$(mktemp --directory /tmp/build_image-XXXXX)
    65  
    66  SIZE=$(stat --format='%s' ${u})
    67  OVERHEAD=2560000
    68  let BLOCKS=(${SIZE}+${OVERHEAD})/1024
    69  
    70  mkfs.ext4 ${o} -q -b 1024 -O ^has_journal -L firmware ${BLOCKS}
    71  tune2fs -O ^metadata_csum,^64bit ${o}
    72  fuse2fs -o fakeroot ${o} ${MNT}
    73  
    74  mkdir ${MNT}/boot
    75  cp ${u} ${MNT}/boot/unikernel
    76  h=$(sha256sum ${u} | awk '{print $1}')
    77  sed -- "s/@HASH@/${h}/" > ${MNT}/boot/armory-boot.conf <<EOF
    78  {
    79      "unikernel": [
    80          "/boot/unikernel",
    81          "@HASH@"
    82      ]
    83  }
    84  EOF
    85  
    86  fusermount -u ${MNT}
    87  tune2fs -O read-only ${o}
    88  unset MNT
    89  
    90  echo "Created image in ${o}:"
    91  ls -lh ${o}