#!/usr/bin/bash -e

# Copyright (c) 2019, Mellanox Technologies
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
#    list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
#    this list of conditions and the following disclaimer in the documentation
#    and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the FreeBSD Project.

BF1_PLATFORM_ID=0x00000211
BF2_PLATFORM_ID=0x00000214

# Read chip version info from the CRSPACE
bfversion=$(bfhcafw mcra 0xf0014)

if [ "$bfversion" == $BF1_PLATFORM_ID ]; then
	certversion=0
elif [ "$bfversion" == $BF2_PLATFORM_ID ]; then
	certversion=1
else
	echo "Unknown platform. Exiting."
	exit 1
fi

TMP_DIR=$(mktemp -d)
TMP_FILE="dump"
CURRENT_BFB=$TMP_DIR/"current.bfb"

if [ -d "$TMP_DIR" ]; then
	rm -rf "$TMP_DIR"
fi

# Create a temporary folder for the generated files
mkdir "$TMP_DIR"

# Identify current primary boot partition
DEV_PATH=$(mlxbf-bootctl | grep "primary" | cut -d ' ' -f 2)

# Retrieve default.bfb from the eMMC
mlxbf-bootctl -r "$DEV_PATH" -b "$CURRENT_BFB"

# Get bfb components using mlx-mkbfb
cd "$TMP_DIR"
mlx-mkbfb -x "$CURRENT_BFB"

declare -A certs=(["dump-bl2-cert-v$certversion"]="BL2 Public Key"
        ["dump-bl31-key-cert-v$certversion"]="BL31 Public Key"
        ["dump-bl33-key-cert-v$certversion"]="BL33 Public Key"
        ["dump-trusted-key-cert-v$certversion"]="Trusted Key")

nocert=1
for i in "${!certs[@]}"
do
    if [ ! -e "$i" ]; then
        continue
    fi

    nocert=0
    echo -e "\n${certs[$i]}:"
    echo -e "\n\tModulus:"
    openssl x509 -in "$i" -inform der -text > $TMP_FILE
    sed -e '1,/Modulus:/d' -e '/Exponent:/,$d' $TMP_FILE
    echo -e "\n\tExponent:"
    exp=$(sed -n -e 's/^.*Exponent: //p' $TMP_FILE | cut -d ' ' -f 1)
    echo -e "\t\t    $exp"
done

if [ $nocert == 1 ]; then
    echo "No certificates found in boot image"
fi

# Remove temporary directory
rm -rf "$TMP_DIR"
