diff options
| author | Marco Chen <marcochen@chromium.org> | 2017-06-09 23:45:36 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-12 06:47:41 -0700 |
| commit | 04b3835b69606429f6e47234e1f730b62bd5ee75 (patch) | |
| tree | 507a3bc6a63a17ebbcb981f20a08c4bf2691f066 | |
| parent | 4df2f6f4e2079445277bb16c325e5421028c76d5 (diff) | |
| download | vboot-04b3835b69606429f6e47234e1f730b62bd5ee75.tar.gz | |
Add a script to generate a keypair for signing Rose RW firmware.
Rose decided to leverage the key format of Hammer therefore this script calls
Hammer's one to generate a key pair and renames them to key_rose*.
BUG=b:37693819
TEST=None
BRANCH=None
Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403
Reviewed-on: https://chromium-review.googlesource.com/529504
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
| -rwxr-xr-x | scripts/keygeneration/accessory/create_new_rose_keys.sh | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/scripts/keygeneration/accessory/create_new_rose_keys.sh b/scripts/keygeneration/accessory/create_new_rose_keys.sh new file mode 100755 index 00000000..c3be31ba --- /dev/null +++ b/scripts/keygeneration/accessory/create_new_rose_keys.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Copyright 2017 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Load common constants and functions. +. "$(dirname "$0")/../common.sh" + +usage() { + cat <<EOF +Usage: ${PROG} DIR + +DIR: To generate a keypair from an RSA 3072 key (.pem file) for Rose at DIR + +EOF + + if [[ $# -ne 0 ]]; then + die "$*" + else + exit 0 + fi +} + +# Generate a keypair from hammer's script at the given directory. +generate_key() { + local dir=$1 + TMP=$(mktemp -d --suffix=.create_rose_keys) + + ./create_new_hammer_keys.sh "${TMP}" + if [[ $? -ne 0 ]]; then + die "Failed to call create_new_hammer_keys.sh." + fi + + mv "${TMP}/key_hammer.vbprik2" "${dir}/key_rose.vbprik2" + mv "${TMP}/key_hammer.vbpubk2" "${dir}/key_rose.vbpubk2" +} + +main() { + set -e + + local dir + + while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + usage + ;; + -*) + usage "Unknown option: $1" + ;; + *) + break + ;; + esac + done + + if [[ $# -ne 1 ]]; then + usage "Missing output directory" + fi + dir="$1" + + generate_key "${dir}" +} + +main "$@" |