#!/bin/sh -e

# Copyright (c) 2019, Mellanox Technologies
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
#    list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
#    this list of conditions and the following disclaimer in the documentation
#    and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the FreeBSD Project.

if [ ! -d /dev/mst ]; then
	mst start
fi

BF1_PLATFORM_ID=0x00000211
BF2_PLATFORM_ID=0x00000214
mst_device="/dev/mst/mt41682_pciconf0"
if [ ! -c "$mst_device" ]; then
	mst_device="/dev/mst/bf-livefish"
fi

# Read chip version info from the CRSPACE
bfversion=$(mcra $mst_device 0xf0014)

if [ $bfversion == $BF1_PLATFORM_ID ]; then
	certversion=0
elif [ $bfversion == $BF2_PLATFORM_ID ]; then
	certversion=1
else
	echo "Unknown platform. Exiting.\n"
	exit 1
fi

TMP_DIR=$(mktemp -d)
TMP_FILE="dump"
CURRENT_BFB=$TMP_DIR/"current.bfb"

if [ -d "$TMP_DIR" ]; then
	rm -rf "$TMP_DIR"
fi

# Create a temporary folder for the generated files
mkdir "$TMP_DIR"

# Identify current primary boot partition
DEV_PATH=$(mlxbf-bootctl | grep "primary" | cut -d ' ' -f 2)

# Retrieve default.bfb from the eMMC
mlxbf-bootctl -r "$DEV_PATH" -b "$CURRENT_BFB"

# Get bfb components using mlx-mkbfb
SCRIPTS_DIR="/opt/mlnx/scripts"
if [ -d "$SCRIPTS_DIR" ]; then
	cd "$TMP_DIR"
	$SCRIPTS_DIR/mlx-mkbfb -x "$CURRENT_BFB"

	declare -A certs=(["dump-bl2-cert-v$certversion"]="BL2 Public Key"
			["dump-bl31-key-cert-v$certversion"]="BL31 Public Key"
			["dump-bl33-key-cert-v$certversion"]="BL33 Public Key"
			["dump-trusted-key-cert-v$certversion"]="Trusted Key")

	nocert=1
	for i in "${!certs[@]}"
	do
		if [ ! -e $i ]; then
			continue
		fi

		nocert=0
		echo -e "\n${certs[$i]}:"
		echo -e "\n\tModulus:"
		openssl x509 -in $i -inform der -text > $TMP_FILE
		sed -e '1,/Modulus:/d' -e '/Exponent:/,$d' $TMP_FILE
		echo -e "\n\tExponent:"
		exp=$(sed -n -e 's/^.*Exponent: //p' $TMP_FILE | cut -d ' ' -f 1)
		echo -e "\t\t    $exp"
	done

	if [ $nocert == 1 ]; then
		echo "No certificates found in boot image"
	fi
fi

# Remove temporary directory
rm -rf "$TMP_DIR"
