diff options
| author | Gaurav Shah <gauravsh@google.com> | 2012-09-06 12:04:53 -0700 |
|---|---|---|
| committer | Gaurav Shah <gauravsh@chromium.org> | 2012-09-06 16:29:24 -0700 |
| commit | 7b3e34a23645749f6e3ea9deb7427be21f2d181e (patch) | |
| tree | 376bdbf888bd20a82ef864aefd24af93a302cecd | |
| parent | 3ae4dd70522d06dda08db8e7dd0b5df41bea273e (diff) | |
| download | vboot-7b3e34a23645749f6e3ea9deb7427be21f2d181e.tar.gz | |
Key increment script: Preserve extension and take the target keyset directory
First, preserve extensions for the backed up keys (and keyblocks). Useful since
our wrapping scripts look at the extension in deciding what needs wrapping.
Second, instead of having to run the script from within a keyset directory,
take the keyset path as an argument and increment the versions for
the keys in there.
BUG=chrome-os-partner:13748
TEST=ran on devkeys
BRANCH=none
Change-Id: I9e8c3e58149e5cb4cd5557521e047e25c06b0cd6
Reviewed-on: https://gerrit.chromium.org/gerrit/32417
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
| -rwxr-xr-x | scripts/keygeneration/increment_kernel_subkey_and_key.sh | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/scripts/keygeneration/increment_kernel_subkey_and_key.sh b/scripts/keygeneration/increment_kernel_subkey_and_key.sh index 36d30c8c..ed20db43 100755 --- a/scripts/keygeneration/increment_kernel_subkey_and_key.sh +++ b/scripts/keygeneration/increment_kernel_subkey_and_key.sh @@ -7,11 +7,23 @@ # Used when revving versions for a firmware update. # Load common constants and variables. -. "$(dirname "$0")/common.sh" +. "${0%/*}"/common.sh # Abort on errors. set -e +if [ $# -ne 1 ]; then + cat <<EOF +Usage: $0 <keyset directory> + +Increments the kernel subkey, data key and firmware version in the +specified keyset. +EOF + exit 1 +fi + +KEY_DIR=$1 + # File to read current versions from. VERSION_FILE="key.versions" @@ -24,19 +36,19 @@ get_version() { # Make backups of existing keys and keyblocks that will be revved. # Backup format: -# for keys: <key_name>.v<version> -# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version> +# for keys: <key_name>.v<version>.vb{pub|priv}k +# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock # Args: SUBKEY_VERSION DATAKEY_VERSION backup_existing_kernel_keys() { subkey_version=$1 datakey_version=$2 # --no-clobber to prevent accidentally overwriting existing # backups. - mv --no-clobber kernel_subkey.vbprivk{,".v${subkey_version}"} - mv --no-clobber kernel_subkey.vbpubk{,".v${subkey_version}"} - mv --no-clobber kernel_data_key.vbprivk{,".v${datakey_version}"} - mv --no-clobber kernel_data_key.vbpubk{,".v${datakey_version}"} - mv --no-clobber kernel.keyblock{,".v${datakey_version}.v${subkey_version}"} + mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_version}.vbprivk"} + mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_version}.vbpubk"} + mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_version}.vbprivk"} + mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_version}.vbpubk"} + mv --no-clobber kernel.{keyblock,"v${datakey_version}.v${subkey_version}.keyblock"} } # Write new key version file with the updated key versions. @@ -57,6 +69,8 @@ EOF main() { + local key_dir=$1 + cd "${key_dir}" current_fkey_version=$(get_version "firmware_key_version") # Firmware version is the kernel subkey version. current_ksubkey_version=$(get_version "firmware_version") |