-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathesp32.sh
335 lines (277 loc) · 10.9 KB
/
esp32.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
#!/bin/bash
cat << EOF
ESP32-WROOM-DevKIT-V1
EOF
ESP_TOOLCHAIN=$false
ESP_TOOLCHAIN_URL="https://dl.espressif.com/dl/xtensa-esp32-elf-linux64-1.22.0-80-g6c4433a-5.2.0.tar.gz"
ESP_TOOLCHAIN_VERSION="xtensa-esp32-elf-linux64-1.22.0-80-g6c4433a-5.2.0.tar.gz"
set_up_env()
{
ENV_BASEDIR=$(pwd)
if [[ $(uname) = "Linux" ]];
then
# Install required Debian based distros packages to compile with ESP-IDF
sudo apt-get update && sudo apt-get install -y gcc git wget make libncurses-dev flex bison gperf python python-pip python-setuptools python-serial python-cryptography python-future python-pyparsing
retval_nux_packages=$?
cat << EOF
Set up toolchain ...
EOF
mkdir -p $ENV_BASEDIR/toolchain
curl -OJL $ESP_TOOLCHAIN_URL
echo tar: extracting $ESP_TOOLCHAIN_VERSION
tar xvzf $ESP_TOOLCHAIN_VERSION -C $ENV_BASEDIR/toolchain/
retval_toolchain=$?
rm $ESP_TOOLCHAIN_VERSION
cat << EOF
Set up ESP-IDF ...
EOF
# Get ESP-IDF git Depo
echo "[+] Downloading esp-idf ..."
git clone --recursive https://github.com/espressif/esp-idf.git $ENV_BASEDIR/esp-idf
retval_esp_idf=$?
cat << EOF
Set up IDF_PATH Env variable ...
EOF
# Setup IDF_PATH for login shells
echo "export IDF_PATH=~$ENV_BASEDIR/esp-idf" >> ~/.profile
echo "export PATH=\"$ENV_BASEDIR/toolchain/xtensa-esp32-elf/bin:\$PATH\"" >> ~/.profile
source ~/.profile
retval1_idf_path=$?
# Setup IDF_PATH for non-login shells
echo "export IDF_PATH=~$ENV_BASEDIR/esp-idf" >> ~/.bashrc
echo "export PATH=\"$ENV_BASEDIR/toolchain/xtensa-esp32-elf/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrc
retval2_idf_path=$?
cat << EOF
Install Python requirement ...
EOF
python -m pip install --user -r "$IDF_PATH/requirements.txt"
retval_py_req=$?
else
>&2 echo "OS Unknown: $(uname)"
exit 1
fi
# Status of development environment set up
if [[ $retval_nux_packages -eq 0 ]]; then echo "[+] Packages installed successfully"; else echo "[-] Failed to install packages"; fi
if [[ $retval_toolchain -eq 0 ]]; then echo "[+] Toolchain binaries downloaded successfully"; else echo "[-] Failed to download toolchain binaries"; fi
if [[ $retval_esp_idf -eq 0 ]]; then echo "[+] ESP-IDF repository cloned successfully"; else echo "[-] Failed to clone ESP-IDF repository"; fi
if [[ $retval1_idf_path -eq 0 ]]; then echo "[+] IDF-PATH in \"profile\" edited successfully"; else echo "[-] Failed to edit IDF-PATH in \"profile\""; fi
if [[ $retval2_idf_path -eq 0 ]]; then echo "[+] IDF-PATH in \"bashrc\" edited successfully"; else echo "[-] Failed to edit IDF-PATH in \"bashrc\""; fi
if [[ $retval_py_req -eq 0 ]]; then echo "[+] Python requirements for ESP-IDF installed successfully"; else echo "[-] Failed to install python requirements for ESP-IDF"; fi
}
increase_entropy()
{
if [[ $(uname) = "Linux" ]];
then
retValue=$(cat /proc/sys/kernel/random/entropy_avail)
is_rngd_running=$(ps -ef | grep rngd | grep -v grep)
ret_rngd=$?
if [[ $retValue -lt 3000 && $ret_rngd -ne 0 ]];
then
echo "[+] Your entropy level is $retValue"
echo "[+] Entopy level must be increased for a robust random key"
echo "[+] Installing RNG-tools package ..."
sudo apt-get install -y rng-tools
rng_file=$(<"/etc/default/rng-tools")
if [[ $rng_file == *HRNGDEVICE=/dev/urandom* ]];
then
echo "[+] Uncomment HRNGDEVICE value"
sudo sh -c "sed -i '/HRNGDEVICE=\/dev\/urandom/s/^#//g' /etc/default/rng-tools"
else
echo "[+] Set HRNGDEVICE value"
sudo sh -c "echo 'HRNGDEVICE=/dev/urandom' >> /etc/default/rng-tools"
fi
sudo systemctl start rng-tools.service
elif [[ $retValue -gt 3000 && $ret_rngd -ne 0 ]]
then
echo "[+] Your entropy level is $retValue"
while true; do
read -r -p "Do you wish to increase more and more your entropy? (Y/N) " yn
case $yn in
[Yy]* )
sudo apt-get install -y rng-tools
rng_file=$(<"/etc/default/rng-tools")
if [[ $rng_file == *HRNGDEVICE=/dev/urandom* ]];
then
echo "[+] Uncomment HRNGDEVICE value or already uncommented"
sudo sh -c "sed -i '/HRNGDEVICE=\/dev\/urandom/s/^#//g' /etc/default/rng-tools"
else
echo "[+] Set HRNGDEVICE value"
sudo sh -c "echo 'HRNGDEVICE=/dev/urandom' >> /etc/default/rng-tools"
fi
sudo systemctl start rng-tools.service
return 0
;;
[Nn]* )
echo "[+] the answer is No ..."
return 1
;;
* )
echo "[+] Please answer yes or no."
;;
esac
done
else
echo "[+] RNG-tools is running ..."
fi
else
>&2 echo "OS Unknown: $(uname)"
exit 1
fi
}
gen_encrypt_key()
{
ESP_TOOL_PYTHON=$IDF_PATH/components/esptool_py/esptool
case "$1" in
"/dev/ttyUSB0"*)
flash_enc=$(python $ESP_TOOL_PYTHON/espefuse.py --port $1 summary | awk '$1 ~/FLASH_CRYPT_CNT/' | cut -d"=" -f2 | awk '{print $1}')
if [[ $flash_enc -eq 0 ]];
then
echo "[+] Flash Encryption is disabled, you can generate Encrypttion Key and burn it in eFUSE BLK1 block"
is_rngd_running=$(ps -ef | grep rngd | grep -v grep)
if [[ $? -eq "0" ]];
then
echo "[+] RNG-tools is running ..."
else
echo "[+] RNG-tools is not running"
increase_entropy
ret_choice=$?
if [[ $ret_choice -eq 0 ]];
then
echo "[+] Please wait 30 sec for \"increase_entropy\" to take place ..."
sleep 30
fi
fi
python $ESP_TOOL_PYTHON/espsecure.py generate_flash_encryption_key "$2"
ret_gen_key=$?
size=$(stat --printf="%s" "$2")
if [[ $ret_gen_key -eq 0 && size -eq 32 ]];
then
echo "[+] Generation Flash Encryption Key succeed !"
echo "[+] Stop RNG-tools service please wait ..."
sudo systemctl stop rng-tools.service
else
echo "[+] Generation Flash Encryption Key Failed !"
fi
else
echo "[+] Flash Encryption is enabled"
echo "[+] Which means a Flash Encryption Key is already burned"
fi
;;
*)
echo "[Error] could not open port "$1""
echo "Warning: please make sure to write the right Serial Port (Default /dev/ttyUSB0)"
;;
esac
}
gen_signing_key()
{
ESP_TOOL_PYTHON=$IDF_PATH/components/esptool_py/esptool
case "$1" in
"/dev/tty"*)
sec_boot=$(python $ESP_TOOL_PYTHON/espefuse.py --port $1 summary | awk '$1 ~/ABS_DONE_0/' | cut -d"=" -f2 | awk '{print $1}')
if [[ $sec_boot -eq 0 ]];
then
echo "[+] Secure Boot is disabled, you can generate Signing Key and burn it in eFUSE BLK2 block"
is_rngd_running=$(ps -ef | grep rngd | grep -v grep)
if [[ $? -eq "0" ]];
then
echo "[+] RNG-tools is running ..."
else
echo "[+] RNG-tools is not running"
increase_entropy
ret_choice=$?
if [[ $ret_choice -eq 0 ]];
then
echo "[+] Please wait 30 sec for \"increase_entropy\" to take place ..."
sleep 30
fi
fi
python $ESP_TOOL_PYTHON/espsecure.py generate_signing_key "$2"
ret_gen_key=$?
echo $ret_gen_key
check_sign_key=$(<$2)
if [[ $ret_gen_key -eq 0 && $check_sign_key == -----BEGIN* ]];
then
echo "[+] Generation Secure Boot Signing Private Key succeed !"
echo "[+] Stop RNG-tools service please wait ..."
sudo systemctl stop rng-tools.service
else
echo "[+] Generation Secure Boot Signing Private Key Failed !"
fi
else
echo "[+] Secure Boot is enabled."
echo "[+] Which means a Secure Boot Signing Key is already burned"
fi
;;
*)
echo "[Error] could not open port "$1""
echo "Warning: please make sure to write the right Serial Port (Default /dev/ttyUSB0)"
;;
esac
}
help()
{
__usage="
Usage: source $(basename "$0") [OPTIONS]
Options:
--set-env Set up development environment
--increase-entropy Increase the entropy level for better random numbers source
--encrypt-key Generate Flash Encryption Key
[--port <SERIAL PORT> <Enc Key file name>]
--signing-key Generate Flash Encryption Key
[--port <SERIAL PORT> <Sig Key file name>]
--help Display this help and exit
"
echo "$__usage"
}
test_shell()
{
echo "ok"
}
main()
{
case "$1" in
"--set-env")
set_up_env
;;
"--increase-entropy")
increase_entropy
;;
"--encrypt-key")
case "$2" in
"--port")
gen_encrypt_key "$3" "$4"
echo "$4"
;;
*)
echo "Error: argument operation."
echo "Check \"help\" list"
help
;;
esac
;;
"--signing-key")
case "$2" in
"--port")
gen_signing_key "$3" "$4"
;;
*)
echo "[Error]: argument operation"
echo "Warning: check \"help\" list"
help
;;
esac
;;
"--help")
help
;;
"--test")
test_shell
;;
*)
help
;;
esac
}
main "$@"