create_new_keys: add a proper main funcstabilize-6752.B

While we do this, clean up:
 - use braces everywhere
 - convert local vars from $VAR to $var
 - parse all command line args properly
 - run in `set -e` mode

BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates sane keys
TEST=`./create_new_keys.sh --help` shows help output
TEST=`./create_new_keys.sh --asdfasdf` shows an error
TEST=`./create_new_keys.sh` outside chroot (w/out vboot binaries) aborts after first failure
BRANCH=None

Change-Id: I1ba0db0b24c0f2f10cf397b47115f0e98384d991
Reviewed-on: https://chromium-review.googlesource.com/245317
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>

1 files changed, 95 insertions, 61 deletions

diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh
index 780f7c97..68b79e18 100755
--- a/scripts/keygeneration/create_new_keys.sh
+++ b/scripts/keygeneration/create_new_keys.sh
@@ -9,64 +9,98 @@
 # Load common constants and functions.
 . "$(dirname "$0")/common.sh"
 
-# Flag to indicate whether we should be generating a developer keyblock flag.
-DEV_KEYBLOCK_FLAG=""
-if [ $# -eq 1 ] && [ $1 = "--devkeyblock" ]; then
-  echo "Will also generate developer firmware keyblock and data key."
-  DEV_KEYBLOCK_FLAG=1
-fi
-
-if [ ! -e "${VERSION_FILE}" ]; then
-  echo "No version file found. Creating default ${VERSION_FILE}."
-  printf '%s_version=1\n' {firmware,kernel}{_key,} > "${VERSION_FILE}"
-fi
-
-# Get the key versions for normal keypairs
-ECKEY_VERSION=$(get_version "ec_key_version")
-FKEY_VERSION=$(get_version "firmware_key_version")
-# Firmware version is the kernel subkey version.
-KSUBKEY_VERSION=$(get_version "firmware_version")
-# Kernel data key version is the kernel key version.
-KDATAKEY_VERSION=$(get_version "kernel_key_version")
-
-# Create the normal keypairs
-make_pair ec_root_key              $EC_ROOT_KEY_ALGOID
-make_pair ec_data_key              $EC_DATAKEY_ALGOID $ECKEY_VERSION
-make_pair root_key                 $ROOT_KEY_ALGOID
-make_pair firmware_data_key        $FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
-if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
-  make_pair dev_firmware_data_key    $DEV_FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
-fi
-make_pair kernel_subkey            $KERNEL_SUBKEY_ALGOID $KSUBKEY_VERSION
-make_pair kernel_data_key          $KERNEL_DATAKEY_ALGOID $KDATAKEY_VERSION
-
-# Create the recovery and factory installer keypairs
-make_pair recovery_key             $RECOVERY_KEY_ALGOID
-make_pair recovery_kernel_data_key $RECOVERY_KERNEL_ALGOID
-make_pair installer_kernel_data_key $INSTALLER_KERNEL_ALGOID
-
-# Create the firmware keyblock for use only in Normal mode. This is redundant,
-# since it's never even checked during Recovery mode.
-make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key
-# Ditto EC keyblock
-make_keyblock ec $EC_KEYBLOCK_MODE ec_data_key ec_root_key
-
-if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
-  # Create the dev firmware keyblock for use only in Developer mode.
-  make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key root_key
-fi
-
-# Create the recovery kernel keyblock for use only in Recovery mode.
-make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_data_key recovery_key
-
-# Create the normal kernel keyblock for use only in Normal mode.
-make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
-
-# Create the installer keyblock for use in Developer + Recovery mode
-# For use in Factory Install and Developer Mode install shims.
-make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_data_key recovery_key
-
-# CAUTION: The public parts of most of these blobs must be compiled into the
-# firmware, which is built separately (and some of which can't be changed after
-# manufacturing). If you update these keys, you must coordinate the changes
-# with the BIOS people or you'll be unable to boot the resulting images.
+usage() {
+  cat <<EOF
+Usage: $0 [--devkeyblock]
+
+Options:
+  --devkeyblock   Also generate developer firmware keyblock and data key
+EOF
+
+  if [[ $# -ne 0 ]]; then
+    echo "ERROR: unknown option $*" >&2
+    exit 1
+  else
+    exit 0
+  fi
+}
+
+main() {
+  set -e
+
+  # Flag to indicate whether we should be generating a developer keyblock flag.
+  local dev_keyblock="false"
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+    --devkeyblock)
+      echo "Will also generate developer firmware keyblock and data key."
+      dev_keyblock="true"
+      ;;
+    -h|--help)
+      usage
+      ;;
+    *)
+      usage "$1"
+      ;;
+    esac
+    shift
+  done
+
+  if [[ ! -e "${VERSION_FILE}" ]]; then
+    echo "No version file found. Creating default ${VERSION_FILE}."
+    printf '%s_version=1\n' {firmware,kernel}{_key,} > "${VERSION_FILE}"
+  fi
+
+  local eckey_version fkey_version ksubkey_version kdatakey_version
+
+  # Get the key versions for normal keypairs
+  eckey_version=$(get_version "ec_key_version")
+  fkey_version=$(get_version "firmware_key_version")
+  # Firmware version is the kernel subkey version.
+  ksubkey_version=$(get_version "firmware_version")
+  # Kernel data key version is the kernel key version.
+  kdatakey_version=$(get_version "kernel_key_version")
+
+  # Create the normal keypairs
+  make_pair ec_root_key              ${EC_ROOT_KEY_ALGOID}
+  make_pair ec_data_key              ${EC_DATAKEY_ALGOID} ${eckey_version}
+  make_pair root_key                 ${ROOT_KEY_ALGOID}
+  make_pair firmware_data_key        ${FIRMWARE_DATAKEY_ALGOID} ${fkey_version}
+  if [[ "${dev_keyblock}" == "true" ]]; then
+    make_pair dev_firmware_data_key    ${DEV_FIRMWARE_DATAKEY_ALGOID} ${fkey_version}
+  fi
+  make_pair kernel_subkey            ${KERNEL_SUBKEY_ALGOID} ${ksubkey_version}
+  make_pair kernel_data_key          ${KERNEL_DATAKEY_ALGOID} ${kdatakey_version}
+
+  # Create the recovery and factory installer keypairs
+  make_pair recovery_key             ${RECOVERY_KEY_ALGOID}
+  make_pair recovery_kernel_data_key ${RECOVERY_KERNEL_ALGOID}
+  make_pair installer_kernel_data_key ${INSTALLER_KERNEL_ALGOID}
+
+  # Create the firmware keyblock for use only in Normal mode. This is redundant,
+  # since it's never even checked during Recovery mode.
+  make_keyblock firmware ${FIRMWARE_KEYBLOCK_MODE} firmware_data_key root_key
+  # Ditto EC keyblock
+  make_keyblock ec ${EC_KEYBLOCK_MODE} ec_data_key ec_root_key
+
+  if [[ "${dev_keyblock}" == "true" ]]; then
+    # Create the dev firmware keyblock for use only in Developer mode.
+    make_keyblock dev_firmware ${DEV_FIRMWARE_KEYBLOCK_MODE} dev_firmware_data_key root_key
+  fi
+
+  # Create the recovery kernel keyblock for use only in Recovery mode.
+  make_keyblock recovery_kernel ${RECOVERY_KERNEL_KEYBLOCK_MODE} recovery_kernel_data_key recovery_key
+
+  # Create the normal kernel keyblock for use only in Normal mode.
+  make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey
+
+  # Create the installer keyblock for use in Developer + Recovery mode
+  # For use in Factory Install and Developer Mode install shims.
+  make_keyblock installer_kernel ${INSTALLER_KERNEL_KEYBLOCK_MODE} installer_kernel_data_key recovery_key
+
+  # CAUTION: The public parts of most of these blobs must be compiled into the
+  # firmware, which is built separately (and some of which can't be changed after
+  # manufacturing). If you update these keys, you must coordinate the changes
+  # with the BIOS people or you'll be unable to boot the resulting images.
+}
+main "$@"