Container Tool¶
GenContainer.py
is a tool used to generate the container images in a binary file format.
A container is an encapsulation of multiple components as depicted in the following image:
Following operations are supported:
usage: GenContainer.py [-h] {view,create,extract,replace,sign} ...
positional arguments:
{view,create,extract,replace,sign}
command
view display a container image
create create a container image
extract extract a component image
replace replace a component image
sign compress and sign a component image
optional arguments:
-h, --help show this help message and exit
view:
usage: GenContainer.py view [-h] -i IMAGE optional arguments: -h, --help show this help message and exit -i IMAGE Container input image
example:
python GenContainer.py view -i ContainerImage.bin
create:
usage: GenContainer.py create [-h] (-l LAYOUT | -cl COMP_LIST [COMP_LIST ...]) [-t IMG_TYPE] [-o OUT_PATH] [-k KEY_PATH] [-cd COMP_DIR] [-td TOOL_DIR] [-a {SHA2_256, SHA2_384, RSA2048_PKCS1_SHA2_256, RSA3072_PKCS1_SHA2_384, RSA2048_PSS_SHA2_256, RSA3072_PSS_SHA2_384, NONE}] optional arguments: -h, --help show this help message and exit -l LAYOUT Container layout intput file if no -cl -cl COMP_LIST [COMP_LIST ...] List of each component files, following XXXX:FileName format -t IMG_TYPE Container Image Type : [NORMAL, CLASSIC, MULTIBOOT] -o OUT_PATH Container output directory/file -a {SHA2_256, SHA2_384, RSA2048_PKCS1_SHA2_256, RSA3072_PKCS1_SHA2_384, RSA2048_PSS_SHA2_256, RSA3072_PSS_SHA2_384, NONE} Authentication algorithm -k KEY_PATH KEY_ID or Private key file -cd COMP_DIR Componet image input directory -td TOOL_DIR Compression tool directory -s SVN Security version number for Component for no -cl option
example:
python GenContainer.py create -cl CMDL:cmdline.txt:$svn KRNL:vmlinuz:$svn INRD:initrd:$svn -o Out $svn is optional or python GenContainer.py create -l layout.txt -o Out
Note
layout.txt can look like following:
# Container Layout File
#
# Name , ImageFile ,CompAlg , AuthType, KeyFile , Alignment, Size, Svn
# ============================================================================================================
( 'BOOT', 'Out' , '' , 'RSA2048_PSS_SHA2_256', 'CONTAINER_KEY_ID' , 0, 0, 0), <--- Container Hdr
( 'CMDL', 'cmdline.txt' , 'Lz4' , 'RSA2048_PSS_SHA2_256', 'CONTAINER_COMP_KEY_ID' , 0, 0, 0), <--- Component Entry 1
( 'KRNL', 'vmlinuz' , 'Lz4' , 'RSA2048_PSS_SHA2_256', 'CONTAINER_COMP_KEY_ID' , 0, 0, 0), <--- Component Entry 2
( 'INRD', 'initrd' , 'Lz4' , 'RSA2048_PSS_SHA2_256', 'CONTAINER_COMP_KEY_ID' , 0, 0, 0), <--- Component Entry 3
If you provide the full path or a file/dir name to output or key, in both layout.txt and command line, command line options will always overwrite the values in layout.txt.
extract:
usage: GenContainer.py extract [-h] -i IMAGE [-n COMP_NAME] [-od OUT_DIR] [-td TOOL_DIR] optional arguments: -h, --help show this help message and exit -i IMAGE Container input image path -n COMP_NAME Component name to extract -od OUT_DIR Output directory -td TOOL_DIR Compression tool directory
example:
python GenContainer.py extract -i ContainerImage.bin -od ExtDir
replace:
usage: GenContainer.py replace [-h] -i IMAGE [-o NEW_NAME] -n COMP_NAME -f COMP_FILE [-c {lz4,lzma,dummy}] [-k KEY_FILE] [-od OUT_DIR] [-td TOOL_DIR] optional arguments: -h, --help show this help message and exit -i IMAGE Container input image path -o NEW_NAME Container new output image name -n COMP_NAME Component name to replace -f COMP_FILE Component input file path -c {lz4,lzma,dummy} compression algorithm -k KEY_FILE KEY_ID/Private key file path to sign component -od OUT_DIR Output directory -td TOOL_DIR Compression tool directory -s SVN Security version number for Component
example:
python GenContainer.py replace -i ContainerImage.bin -od Out -n CMDL -f new_cmdline.txt
sign:
usage: GenContainer.py sign [-h] -f COMP_FILE [-o SIGN_FILE] [-c {lz4,lzma,dummy}] [-a {SHA2_256, SHA2_384, RSA2048_PKCS1_SHA2_256, RSA3072_PKCS1_SHA2_384, RSA2048_PSS_SHA2_256, RSA3072_PSS_SHA2_384, NONE}] [-k KEY_FILE] [-od OUT_DIR] [-td TOOL_DIR] optional arguments: -h, --help show this help message and exit -f COMP_FILE Component input file path -o SIGN_FILE Signed output image name -c {lz4,lzma,dummy} compression algorithm -a {SHA2_256, SHA2_384, RSA2048_PKCS1_SHA2_256, RSA3072_PKCS1_SHA2_384, RSA2048_PSS_SHA2_256, RSA3072_PSS_SHA2_384, NONE} Authentication algorithm -k KEY_FILE KEY_ID or Private key file path to sign component -od OUT_DIR Output directory -td TOOL_DIR Compression tool directory
example:
python GenContainer.py sign -f <ComponentImage/ContainerImage.bin> -c lz4 -td <path-to-Lz4Compress.exe>