Strona główna Odkrywaj Pomoc
Zaloguj się
seokj
/
vboot
Obserwuj 1
Polub 0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: a609478d1a
Gałęzie Tagi
vboot
/
scripts
/
keygeneration
/
add_loem_keys.sh

add_loem_keys.sh 2.2 KB
Historia Czysty

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. #!/bin/bash
    2. 

  2. # Copyright 2015 The Chromium OS Authors. All rights reserved.
    3. 

  3. # Use of this source code is governed by a BSD-style license that can be
    4. 

  4. # found in the LICENSE file.
    5. 

  5. 

  6. # Load common constants and functions.
    7. 

  7. . "$(dirname "$0")/common.sh"
    8. 

  8. 

  9. usage() {
    10. 

  10.   cat <<EOF
    11. 

  11. Usage: ${0##*/} <number of loem keys to add>
    12. 

  12. 

  13. If the existing keyset is not set up for loem usage, it will be converted.
    14. 

  14. 

  15. Note: Use 0 if you want to just convert an existing keyset.
    16. 

  16. EOF
    17. 

  17.   exit ${1:-0}
    18. 

  18. }
    19. 

  19. 

  20. convert_keyset_to_loem() {
    21. 

  21.   local f
    22. 

  22. 

  23.   printf "Converting to loem keyset; continue? (y/N) "
    24. 

  24.   read f
    25. 

  25.   [[ ${f} == [yY] ]]
    26. 

  26. 

  27.   for f in {firmware_data,root}_key.vb{pub,priv}k firmware.keyblock; do
    28. 

  28.     if [[ ${f} == "root_key.vbprivk" && ! -e ${f} ]]; then
    29. 

  29.       # For official keys, we won't have the private half of the root key.
    30. 

  30.       echo "Skipping ${f} for official keys"
    31. 

  31.       continue
    32. 

  32.     fi
    33. 

  33.     if [[ ${f} == *.vbprivk && ! -e ${f} ]]; then
    34. 

  34.       # For official keys, will be gpg wrapped.
    35. 

  35.       f+=".gpg"
    36. 

  36.     fi
    37. 

  37.     mv -i "${f}" "${f/./.loem1.}"
    38. 

  38.   done
    39. 

  39. 

  40.   echo "[loem]" > loem.ini
    41. 

  41. }
    42. 

  42. 

  43. main() {
    44. 

  44.   set -e -u
    45. 

  45. 

  46.   if [[ $# -ne 1 || $1 == -* ]]; then
    47. 

  47.     usage
    48. 

  48.   fi
    49. 

  49. 

  50.   # Keep `local` and assignment split so return values are checked.
    51. 

  51.   local firmware_key_version
    52. 

  52.   local num_keys highest_key k
    53. 

  53. 

  54.   if [[ ! -e ${VERSION_FILE} ]]; then
    55. 

  55.     echo "missing ${VERSION_FILE} in ${PWD}; please create one" >&2
    56. 

  56.     exit 1
    57. 

  57.   fi
    58. 

  58. 

  59.   firmware_key_version=$(get_version "firmware_key_version")
    60. 

  60. 

  61.   # See if we need to convert the keyset first.
    62. 

  62.   if [[ -e root_key.vbpubk ]]; then
    63. 

  63.     convert_keyset_to_loem
    64. 

  64.   fi
    65. 

  65. 

  66.   num_keys=$1
    67. 

  67.   highest_key=$(printf '%s\n' firmware.loem*.keyblock |
    68. 

  68.                 sed -r 's:firmware.loem(.*).keyblock:\1:' |
    69. 

  69.                 sort -n | tail -1)
    70. 

  70.   echo "There are ${highest_key} loem keys; ading ${num_keys} more"
    71. 

  71. 

  72.   for ((k = highest_key + 1; k < highest_key + 1 + num_keys; ++k)); do
    73. 

  73.     echo "Generating LOEM ${k}"
    74. 

  74.     make_pair root_key.loem${k} ${ROOT_KEY_ALGOID}
    75. 

  75.     make_pair firmware_data_key.loem${k} ${FIRMWARE_DATAKEY_ALGOID} \
    76. 

  76.       ${firmware_key_version}
    77. 

  77.     make_keyblock firmware.loem${k} ${FIRMWARE_KEYBLOCK_MODE} \
    78. 

  78.       firmware_data_key.loem${k} root_key.loem${k}
    79. 

  79.   done
    80. 

  80. 

  81.   echo
    82. 

  82.   echo "Don't forget to update loem.ini to allocate the keys!"
    83. 

  83. }
    84. 

  84. main "$@"
    85. 

  85.