diff options
author | Mike Frysinger <vapier@chromium.org> | 2016-09-22 15:33:13 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@chromium.org> | 2016-09-22 19:58:27 +0000 |
commit | 6f2ea5b7319e3bf097cdf64770abfa61ed9cb8db (patch) | |
tree | 0cab2ccd8e37aeb965309ad427bb0829477ad461 | |
parent | df39d0ac27d5e0871977d45912c6aa57ba35663f (diff) | |
download | vboot-6f2ea5b7319e3bf097cdf64770abfa61ed9cb8db.tar.gz |
keygeneration: create_new_keys: add key-name/output options
We use these features on the signer, so move the logic here so it's
in the public code.
BUG=None
TEST=`./create_new_keys.sh --key-name hihya --output foo --android` worked
BRANCH=None
Change-Id: I85d6fdbafd99a1b94bc90e26cbc17ba801614914
Reviewed-on: https://chromium-review.googlesource.com/388673
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
-rw-r--r-- | scripts/keygeneration/common.sh | 2 | ||||
-rwxr-xr-x | scripts/keygeneration/create_new_keys.sh | 37 |
2 files changed, 37 insertions, 2 deletions
diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh index 07a7b2c6..2d24deea 100644 --- a/scripts/keygeneration/common.sh +++ b/scripts/keygeneration/common.sh @@ -5,7 +5,7 @@ # Common key generation functions. -SCRIPT_DIR="$(dirname "$0")" +SCRIPT_DIR="$(dirname "$(readlink -f -- "$0")")" # Algorithm ID mappings: RSA1024_SHA1_ALGOID=0 diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh index 6db6218b..5e6c9eee 100755 --- a/scripts/keygeneration/create_new_keys.sh +++ b/scripts/keygeneration/create_new_keys.sh @@ -21,6 +21,8 @@ Options: --4k-recovery Use 4k key size for the recovery key --4k-recovery-kernel Use 4k key size for the recovery kernel data --4k-installer-kernel Use 4k key size for the installer kernel data + --key-name <name> Name of the keyset (for key.versions) + --output <dir> Where to write the keys (default is cwd) EOF if [[ $# -ne 0 ]]; then @@ -41,6 +43,8 @@ main() { local recovery_key_algoid=${RECOVERY_KEY_ALGOID} local recovery_kernel_algoid=${RECOVERY_KERNEL_ALGOID} local installer_kernel_algoid=${INSTALLER_KERNEL_ALGOID} + local keyname + local output_dir="${PWD}" setperms="false" while [[ $# -gt 0 ]]; do case $1 in @@ -73,6 +77,21 @@ main() { installer_kernel_algoid=${RSA4096_SHA512_ALGOID} ;; + --key-name) + keyname="$2" + shift + ;; + + --output) + output_dir="$2" + setperms="true" + if [[ -d "${output_dir}" ]]; then + echo "ERROR: output dir (${output_dir}) already exists" >&2 + exit 1 + fi + shift + ;; + -h|--help) usage ;; @@ -83,9 +102,20 @@ main() { shift done + mkdir -p "${output_dir}" + cd "${output_dir}" + if [[ "${setperms}" == "true" ]]; then + chmod 700 . + fi + if [[ ! -e "${VERSION_FILE}" ]]; then echo "No version file found. Creating default ${VERSION_FILE}." - printf '%s_version=1\n' {firmware,kernel}{_key,} > "${VERSION_FILE}" + ( + if [[ -n "${keyname}" ]]; then + echo "name=${keyname}" + fi + printf '%s_version=1\n' {firmware,kernel}{_key,} + ) > "${VERSION_FILE}" fi local eckey_version fkey_version ksubkey_version kdatakey_version @@ -140,6 +170,11 @@ main() { "${SCRIPT_DIR}"/create_new_android_keys.sh android fi + if [[ "${setperms}" == "true" ]]; then + find -type f -exec chmod 400 {} + + find -type d -exec chmod 500 {} + + fi + # CAUTION: The public parts of most of these blobs must be compiled into the # firmware, which is built separately (and some of which can't be changed after # manufacturing). If you update these keys, you must coordinate the changes |