diff options
| author | Mike Frysinger <vapier@chromium.org> | 2017-09-29 01:13:49 -0400 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-29 20:16:18 -0700 |
| commit | fb3c262eb0b2eb5d963680660dbbc5b00c6982df (patch) | |
| tree | 5204d5da0a71a2138d1e2ec25557b77b8548f46b | |
| parent | 60dd468de6576e254d08153f57168c887429d4fd (diff) | |
| download | vboot-stabilize-9998.B.tar.gz | |
keygeneration: keyset_version_check.sh: support loem keysetsstabilize-9998.B
BUG=None
TEST=ran against local devkeys
BRANCH=None
Change-Id: Ib1c88ae187f12aad4531e9c22da6cda2af1503e3
Reviewed-on: https://chromium-review.googlesource.com/691340
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
| -rwxr-xr-x | scripts/keygeneration/keyset_version_check.sh | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/scripts/keygeneration/keyset_version_check.sh b/scripts/keygeneration/keyset_version_check.sh index 74c44ad7..f351b75b 100755 --- a/scripts/keygeneration/keyset_version_check.sh +++ b/scripts/keygeneration/keyset_version_check.sh @@ -51,6 +51,37 @@ check_versions() { return 0 } +# Check the key.versions against firmware.keyblock and firmware_data_key.vbpubk. +check_firmware_keyblock() { + local fkey_keyblock="$1" fkey="$2" + local got_fkey_keyblock="$(keyblock_version "${fkey_keyblock}")" + local got_fkey="$(key_version "${fkey}")" + + check_versions "${got_fkey_keyblock}" "${got_fkey}" \ + "${fkey_keyblock##*/} keyblock key" "firmware key" || testfail=1 + check_versions "${expected_fkey}" "${got_fkey}" "${fkey##*/} key" \ + "firmware key" || testfail=1 +} + +# Validate the firmware keys in an loem keyset. +check_loem_keyset() { + local line loem_index + while read line; do + loem_index=$(cut -d= -f1 <<<"${line}" | sed 's: *$::') + + check_firmware_keyblock \ + "${KEY_DIR}/firmware.loem${loem_index}.keyblock" \ + "${KEY_DIR}/firmware_data_key.loem${loem_index}.vbpubk" + done < <(grep = "${KEY_DIR}"/loem.ini) +} + +# Validate the firmware keys in a non-loem keyset. +check_non_loem_keyset() { + check_firmware_keyblock \ + "${KEY_DIR}/firmware.keyblock" \ + "${KEY_DIR}/firmware_data_key.vbpubk" +} + main() { local testfail=0 @@ -62,21 +93,20 @@ main() { check_versions "${expected_firmware}" "${expected_kkey}" \ "firmware" "kernel key" || testfail=1 - local got_fkey_keyblock="$(keyblock_version ${KEY_DIR}/firmware.keyblock)" - local got_fkey="$(key_version ${KEY_DIR}/firmware_data_key.vbpubk)" - local got_kkey_keyblock="$(keyblock_version ${KEY_DIR}/kernel.keyblock)" local got_ksubkey="$(key_version ${KEY_DIR}/kernel_subkey.vbpubk)" local got_kdatakey="$(key_version ${KEY_DIR}/kernel_data_key.vbpubk)" - check_versions "${got_fkey_keyblock}" "${got_fkey}" "firmware keyblock key" \ - "firmware key" || testfail=1 + if [[ -f "${KEY_DIR}"/loem.ini ]]; then + check_loem_keyset + else + check_non_loem_keyset + fi + check_versions "${got_kkey_keyblock}" "${got_ksubkey}" "kernel keyblock key" \ "kernel subkey" || testfail=1 check_versions "${got_kdatakey}" "${got_ksubkey}" "kernel data key" \ "kernel subkey" || testfail=1 - check_versions "${expected_fkey}" "${got_fkey}" "key.versions firmware key" \ - "firmware key" || testfail=1 check_versions "${expected_kkey}" "${got_kdatakey}" "key.versions kernel key" \ "kernel datakey" || testfail=1 check_versions "${expected_kkey}" "${got_ksubkey}" "key.versions kernel key" \ |