Create a protected binary in the binary module

src/cli/binary.js

@@ -12,5 +12,16 @@ module.exports = ({ commandProcessor, root }) => {
 		}
 	});
 
+	commandProcessor.createCommand(binary, 'enable-device-protection', 'Create a protected bootloader binary', {
+		params: '<filename>',
+		handler: (args) => {
+			const BinaryCommand = require('../cmd/binary');
+			return new BinaryCommand().createProtectedBinary({ file: args.params.filename, verbose: true });
+		},
+		examples: {
+			'$0 $command bootloader.bin': 'Provide bootloader binary to protect'
+		}
+	});
+
 	return binary;
 };

src/cli/device-protection.js

@@ -43,17 +43,6 @@ module.exports = ({ commandProcessor, root }) => {
 		}
 	});
 
-	commandProcessor.createCommand(deviceProtection, 'protect', 'Adds device-protection to your bootloader binary', {
-		params: '<file>',
-		handler: (args) => {
-			const DeviceProtectionCommands = require('../cmd/device-protection');
-			return new DeviceProtectionCommands().protectBinary({ file: args.params.file, verbose: true });
-		},
-		examples: {
-			'$0 $command myBootloader.bin': 'Adds device-protection to your bootloader binary'
-		}
-	});
-
 	return deviceProtection;
 };
 

src/cmd/binary.js

@@ -29,7 +29,7 @@ const fs = require('fs-extra');
 const path = require('path');
 const VError = require('verror');
 const chalk = require('chalk');
-const { HalModuleParser: Parser, unpackApplicationAndAssetBundle, isAssetValid } = require('binary-version-reader');
+const { HalModuleParser: Parser, unpackApplicationAndAssetBundle, isAssetValid, createProtectedModule } = require('binary-version-reader');
 const utilities = require('../lib/utilities');
 const ensureError = utilities.ensureError;
 
@@ -46,6 +46,25 @@ class BinaryCommand {
 		await this._verifyBundle(parsedAppInfo, assets);
 	}
 
+	async createProtectedBinary({ file, verbose=true }) {
+		await this._checkFile(file);
+
+		const fileName = path.basename(file);
+		const resBinaryName = fileName.replace('.bin', '-protected.bin');
+		const resBinaryPath = path.join(path.dirname(file), resBinaryName);
+
+		const binary = await fs.readFile(file);
+		const protectedBinary = await createProtectedModule(binary);
+		await fs.writeFile(resBinaryPath, protectedBinary);
+
+		if (verbose) {
+			console.log(`Protected binary saved at ${resBinaryPath}`);
+		}
+
+		return resBinaryPath;
+	}
+
+
 	async _checkFile(file) {
 		try {
 			await fs.access(file);

src/cmd/device-protection.js

@@ -12,6 +12,7 @@ const { downloadDeviceOsVersionBinaries } = require('../lib/device-os-version-ut
 const FlashCommand = require('./flash');
 const { platformForId } = require('../lib/platform');
 const chalk = require('chalk');
+const BinaryCommand = require('./binary');
 
 module.exports = class DeviceProtectionCommands extends CLICommandBase {
 	constructor({ ui } = {}) {
@@ -152,7 +153,7 @@ module.exports = class DeviceProtectionCommands extends CLICommandBase {
 	 * It then downloads the device OS version binaries and returns the path to the bootloader binary.
 	 *
 	 * @async
-	 * @returns {Promise<string>} The file path to the downloaded bootloader binary.
+	 * @returns {Promise<string>} The file path to the downloaded bootloader binary.protectBinary
 	 * @throws {Error} Throws an error if any of the async operations fail.
 	 */
 	async _downloadBootloader() {
@@ -208,7 +209,8 @@ module.exports = class DeviceProtectionCommands extends CLICommandBase {
 				if (!s.protected && !s.overridden && deviceProtectionActiveInProduct) {
 					if (!protectedBinary) {
 						const localBootloaderPath = await this._downloadBootloader();
-						protectedBinary = await this.protectBinary({ file: localBootloaderPath, verbose: false });
+						const binary = new BinaryCommand();
+						protectedBinary = await binary.createProtectedBinary({ file: localBootloaderPath, verbose: false });
 					}
 					await this._flashBootloader(protectedBinary, 'enable');
 					addToOutput.push(`${deviceStr} is now a protected device.${os.EOL}`);