#===============================================================================
# export variables
#===============================================================================
ifeq ($(PRODUCT_TYPE), custom)
	IMAGES_OUT := $(realpath ../image)
	LOCAL_SIGN_KEY_SAMPLE_DIR := $(realpath ../sign_keys)
	SIGN_TOOL_DIR := $(realpath ../sign_tools/CrypSignTool)
else
	IMAGES_OUT := $(LINUX_PRODUCT_OUT)/images
	LOCAL_SIGN_KEY_SAMPLE_DIR := $(LINUX_BUILD_TOP)/vendor/huanglong/development/build/security/
	SIGN_TOOL_DIR := $(LINUX_BUILD_TOP)/vendor/tools/host/huanglong/sign_tools/CrypSignTool
endif

NOW := $(shell date +%s)
SINCE := $(shell date +%s -d '2021-04-12')
DEB_MAJOR_VERSION := "1"
DEB_MINOR_VERSION := "1"
DEB_REVISION_VERSION_TMP := $(shell expr $(NOW) - $(SINCE))
DEB_REVISION_VERSION := $(shell expr $(DEB_REVISION_VERSION_TMP) / 60 / 60 / 24 / 7)
DEB_PKG_VERSION := $(DEB_MAJOR_VERSION).$(DEB_MINOR_VERSION).$(DEB_REVISION_VERSION)

SIGN_CONFIG_DIR := cfg

CHIP_REVISION ?=m
SIGN_TYPE ?=sm2

#====================================================================================
#                   signature_offline
#====================================================================================
.PHONY: signature_offline signature_fastboot_offline signature_bootargs_offline signature_sbl_offline signature_dtb_offline signature_uefi_offline

SIGNED_IMAGE_MAJOR_VERSION = $(shell printf "%02x" $(shell echo $(DEB_PKG_VERSION)|awk -F '.' '{ print $$1 }'))
SIGNED_IMAGE_MINOR_VERSION = $(shell printf "%02x" $(shell echo $(DEB_PKG_VERSION)|awk -F '.' '{ print $$2 }'))
SIGNED_IMAGE_REVISION_VERSION = $(shell printf "%04x" $(shell echo $(DEB_PKG_VERSION)|awk -F '.' '{ print $$3 }'))
SIGNED_IMAGE_VERSION = 0X$(SIGNED_IMAGE_MAJOR_VERSION)$(SIGNED_IMAGE_MINOR_VERSION)$(SIGNED_IMAGE_REVISION_VERSION)

signature_fastboot_offline:

ifneq ("","$(wildcard $(IMAGES_OUT)/fastboot_$(CHIP_REVISION).bin)")
	@test -f $(IMAGES_OUT)/fastboot_$(CHIP_REVISION)_clean.bin || cp $(IMAGES_OUT)/fastboot_$(CHIP_REVISION).bin $(IMAGES_OUT)/fastboot_$(CHIP_REVISION)_clean.bin
	@cp $(IMAGES_OUT)/fastboot_$(CHIP_REVISION)_clean.bin $(IMAGES_OUT)/fastboot.bin
	@echo "CHIP_REVISION is: "$(CHIP_REVISION)
	@echo "sign fastboot.bin offline, SIGN_TYPE is: "$(SIGN_TYPE)
ifeq ($(SIGN_TYPE), sm2)
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 21 $(SIGN_CONFIG_DIR)/sign_fastboot_offline_sm2.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_fastboot
ifeq ($(CHIP_REVISION), m)
	@dd if=$(LOCAL_SIGN_KEY_SAMPLE_DIR)/root_sm_public_key_area_m.bin of=$(IMAGES_OUT)/tmp_fastboot/FinalBoot.bin seek=0 count=512 conv=notrunc
else
	@dd if=$(LOCAL_SIGN_KEY_SAMPLE_DIR)/root_sm_public_key_area_c.bin of=$(IMAGES_OUT)/tmp_fastboot/FinalBoot.bin seek=0 count=512 conv=notrunc
endif
else
ifeq ($(SIGN_TYPE), rsa)
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 21 $(SIGN_CONFIG_DIR)/sign_fastboot_offline.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_fastboot
ifeq ($(CHIP_REVISION), m)
	@dd if=$(LOCAL_SIGN_KEY_SAMPLE_DIR)/root_rsa_public_key_area_m.bin of=$(IMAGES_OUT)/tmp_fastboot/FinalBoot.bin seek=0 count=512 conv=notrunc
else
	@dd if=$(LOCAL_SIGN_KEY_SAMPLE_DIR)/root_rsa_public_key_area_c.bin of=$(IMAGES_OUT)/tmp_fastboot/FinalBoot.bin seek=0 count=512 conv=notrunc
endif
else
	@$(error "Invalid SIGN_TYPE, Please ensure the value of SIGN_TYPE is 'sm2' or 'rsa'")
endif
endif
	@cp $(IMAGES_OUT)/tmp_fastboot/FinalBoot.bin $(IMAGES_OUT)/fastboot_$(CHIP_REVISION).bin
	@rm -rf $(IMAGES_OUT)/tmp_fastboot
	@rm -rf $(IMAGES_OUT)/fastboot.bin
endif

signature_uefi_offline:
ifneq ("","$(wildcard $(IMAGES_OUT)/uefi.bin)")
	@test -f $(IMAGES_OUT)/uefi_clean.bin || cp $(IMAGES_OUT)/uefi.bin $(IMAGES_OUT)/uefi_clean.bin
	@cp $(IMAGES_OUT)/uefi_clean.bin $(IMAGES_OUT)/uefi.bin
	@echo "sign uefi offline, SIGN_TYPE is:"$(SIGN_TYPE)
ifeq ($(SIGN_TYPE), rsa)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_uefi.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_uefi.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_uefi
else
ifeq ($(SIGN_TYPE), sm2)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_uefi_sm2.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_uefi_sm2.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_uefi
else
	@$(error "Invalid SIGN_TYPE, Please ensure the value of SIGN_TYPE is 'sm2' or 'rsa'")
endif
endif
	@cp $(IMAGES_OUT)/tmp_uefi/uefi.bin $(IMAGES_OUT)/uefi.bin
	@rm -rf $(IMAGES_OUT)/tmp_uefi
endif

signature_bootargs_offline:
ifneq ("","$(wildcard $(IMAGES_OUT)/bootargs.bin)")
	@test -f $(IMAGES_OUT)/bootargs_clean.bin || cp $(IMAGES_OUT)/bootargs.bin $(IMAGES_OUT)/bootargs_clean.bin
	@cp $(IMAGES_OUT)/bootargs_clean.bin $(IMAGES_OUT)/bootargs.bin
	@echo "sign bootargs offline, SIGN_TYPE is:"$(SIGN_TYPE)
ifeq ($(SIGN_TYPE), rsa)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_bootargs.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_bootargs.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_bootargs
else
ifeq ($(SIGN_TYPE), sm2)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_bootargs_sm2.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_bootargs_sm2.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_bootargs
else
	@$(error "Invalid SIGN_TYPE, Please ensure the value of SIGN_TYPE is 'sm2' or 'rsa'")
endif
endif
	@cp $(IMAGES_OUT)/tmp_bootargs/bootargs.bin $(IMAGES_OUT)/bootargs.bin
	@rm -rf $(IMAGES_OUT)/tmp_bootargs
endif

signature_sbl_offline:
	@echo "DEB_PKG_VERSION is: "$(DEB_PKG_VERSION)
	@echo "SIGNED_IMAGE_VERSION is: "$(SIGNED_IMAGE_VERSION)
ifneq ("","$(wildcard $(IMAGES_OUT)/sbl_$(CHIP_REVISION).bin)")
	@test -f $(IMAGES_OUT)/sbl_$(CHIP_REVISION)_clean.bin || cp $(IMAGES_OUT)/sbl_$(CHIP_REVISION).bin $(IMAGES_OUT)/sbl_$(CHIP_REVISION)_clean.bin
	@cp $(IMAGES_OUT)/sbl_$(CHIP_REVISION)_clean.bin $(IMAGES_OUT)/sbl.bin
	@echo "sign sbl offline, SIGN_TYPE is: "$(SIGN_TYPE)
ifeq ($(SIGN_TYPE), rsa)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_sbl.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_sbl.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_sbl
else
ifeq ($(SIGN_TYPE), sm2)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_sbl_sm2.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_sbl_sm2.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_sbl
else
	@$(error "Invalid SIGN_TYPE, Please ensure the value of SIGN_TYPE is 'sm2' or 'rsa'")
endif
endif
	@cp $(IMAGES_OUT)/tmp_sbl/sbl.bin $(IMAGES_OUT)/sbl_$(CHIP_REVISION).bin
	@rm -rf $(IMAGES_OUT)/tmp_sbl
	@rm -rf $(IMAGES_OUT)/sbl.bin
endif

signature_dtb_offline:
ifneq ("","$(wildcard $(IMAGES_OUT)/dtbo_$(CHIP_REVISION).img)")
	@test -f $(IMAGES_OUT)/dtbo_$(CHIP_REVISION)_clean.img || cp $(IMAGES_OUT)/dtbo_$(CHIP_REVISION).img $(IMAGES_OUT)/dtbo_$(CHIP_REVISION)_clean.img
	@cp $(IMAGES_OUT)/dtbo_$(CHIP_REVISION)_clean.img $(IMAGES_OUT)/dtbo.img
	@echo "sign dtb offline, SIGN_TYPE is: "$(SIGN_TYPE)
ifeq ($(SIGN_TYPE), rsa)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_dtb.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_dtb.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_dtbo
else
ifeq ($(SIGN_TYPE), sm2)
	@sed -i 's+CustomerData=.*$ +CustomerData=$(SIGNED_IMAGE_VERSION)+' $(SIGN_CONFIG_DIR)/special_dtb_sm2.cfg
	@$(SIGN_TOOL_DIR)/bin64/CrypSignTool 6 $(SIGN_CONFIG_DIR)/special_dtb_sm2.cfg -k $(LOCAL_SIGN_KEY_SAMPLE_DIR) -r $(IMAGES_OUT) -o $(IMAGES_OUT)/tmp_dtbo
else
	@$(error "Invalid SIGN_TYPE, Please ensure the value of SIGN_TYPE is 'sm2' or 'rsa'")
endif
endif
	@cp $(IMAGES_OUT)/tmp_dtbo/dtbo.img $(IMAGES_OUT)/dtbo_$(CHIP_REVISION).img
	@rm -rf $(IMAGES_OUT)/tmp_dtbo
	@rm -rf $(IMAGES_OUT)/dtbo.img
endif

signature_offline: signature_fastboot_offline signature_bootargs_offline signature_sbl_offline signature_dtb_offline signature_uefi_offline

#====================================================================================
#                   signature_clean
#====================================================================================
.PHONY: signature_clean
signature_clean:
	@rm -f $(IMAGES_OUT)/dtbo*.img
	@rm -f $(IMAGES_OUT)/sbl*.bin
	@rm -f $(IMAGES_OUT)/bootargs*.bin
	@rm -f $(IMAGES_OUT)/uefi*.bin
	@rm -f $(IMAGES_OUT)/fastboot*.bin