keygeneration: drop board name from UEFI key generation scripts

Follow up the code review comments on CL:995174, which was merged as 7dff0105d66fa597741604cf1652a72c7a8463ac ("keygeneration: add support for UEFI key generation") BUG=b:62189155 TEST=See the following commit. BRANCH=none Change-Id: Id642029010e4eea51ec1f7d23240678f3f07e872 Reviewed-on: https://chromium-review.googlesource.com/1024917 Commit-Ready: Edward Jee <edjee@google.com> Tested-by: Edward Jee <edjee@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>
author: Edward Hyunkoo Jee <edjee@google.com> 2018-04-20 13:41:19 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2018-04-25 23:00:06 -0700
commit: 95fbc8f468a5ae0537b43a701fef09898577bacf (patch)
tree: 8b80076dd4c2cbc555e0b319f8f26e5025a330cc
parent: 392211f0358919d510179ad399d8f056180e652e (diff)
download: vboot-95fbc8f468a5ae0537b43a701fef09898577bacf.tar.gz
7 files changed, 25 insertions, 48 deletions
diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh
index 9b2cf880..a41140c8 100755
--- a/scripts/keygeneration/create_new_keys.sh
+++ b/scripts/keygeneration/create_new_keys.sh
@@ -14,7 +14,6 @@ usage() {
 Usage: ${PROG} [options]
 
 Options:
-  --board <name>         The board name (Optional. Used for UEFI keys)
   --devkeyblock          Also generate developer firmware keyblock and data key
   --android              Also generate android keys
   --uefi                 Also generate UEFI keys
@@ -37,7 +36,6 @@ EOF
 main() {
   set -e
 
-  local board=""
   # Flag to indicate whether we should be generating a developer keyblock flag.
   local dev_keyblock="false"
   local android_keys="false"
@@ -51,11 +49,6 @@ main() {
 
   while [[ $# -gt 0 ]]; do
     case $1 in
-    --board)
-      board="$2"
-      shift
-      ;;
-
     --devkeyblock)
       echo "Will also generate developer firmware keyblock and data key."
       dev_keyblock="true"
@@ -184,7 +177,7 @@ main() {
 
   if [[ "${uefi_keys}" == "true" ]]; then
     mkdir -p uefi
-    "${SCRIPT_DIR}"/uefi/create_new_uefi_keys.sh uefi "${board}"
+    "${SCRIPT_DIR}"/uefi/create_new_uefi_keys.sh uefi
   fi
 
   if [[ "${setperms}" == "true" ]]; then
diff --git a/scripts/keygeneration/uefi/create_new_uefi_keys.sh b/scripts/keygeneration/uefi/create_new_uefi_keys.sh
index 10be420e..6f86382d 100755
--- a/scripts/keygeneration/uefi/create_new_uefi_keys.sh
+++ b/scripts/keygeneration/uefi/create_new_uefi_keys.sh
@@ -9,7 +9,7 @@
 
 usage() {
   cat <<EOF
-Usage: ${PROG} OUTPUT_DIR BOARD_NAME(optional)
+Usage: ${PROG} <OUTPUT_DIR>
 
 Generate key pairs for UEFI secure boot.
 EOF
@@ -38,12 +38,11 @@ main() {
     esac
   done
 
-  if [[ $# -lt 1 ]]; then
+  if [[ $# -ne 1 ]]; then
     usage "Missing output directory"
   fi
 
   local dir="$1"
-  local board_name="$2"
 
   check_uefi_key_dir_name "${dir}"
   pushd "${dir}" > /dev/null
@@ -63,11 +62,10 @@ main() {
   db_key_version=$(get_uefi_version "db_key_version")
   db_child_key_version=$(get_uefi_version "db_child_key_version")
 
-  make_pk_keypair "${pk_key_version}" "${board_name}"
-  make_kek_keypair "${kek_key_version}" "${board_name}"
-  make_db_keypair "${db_key_version}" "${board_name}"
-  make_db_child_keypair "${db_key_version}" "${db_child_key_version}" \
-      "${board_name}"
+  make_pk_keypair "${pk_key_version}"
+  make_kek_keypair "${kek_key_version}"
+  make_db_keypair "${db_key_version}"
+  make_db_child_keypair "${db_key_version}" "${db_child_key_version}"
 
   popd > /dev/null
 }
diff --git a/scripts/keygeneration/uefi/increment_db_child_key.sh b/scripts/keygeneration/uefi/increment_db_child_key.sh
index 216aacde..b7cc53b1 100755
--- a/scripts/keygeneration/uefi/increment_db_child_key.sh
+++ b/scripts/keygeneration/uefi/increment_db_child_key.sh
@@ -11,9 +11,9 @@
 # Abort on errors.
 set -e
 
-if [ $# -lt 1 ]; then
+if [ $# -ne 1 ]; then
   cat <<EOF
-  Usage: $0 <keyset directory> [board name]
+  Usage: $0 <keyset directory>
 
   Increments the UEFI DB child key in the specified keyset.
 EOF
@@ -21,7 +21,6 @@ EOF
 fi
 
 KEY_DIR="$1"
-BOARD_NAME="$2"  # Optional.
 
 main() {
   check_uefi_key_dir_name "${KEY_DIR}"
@@ -38,8 +37,7 @@ Generating new UEFI DB child key version.
 
 New DB child key version: ${new_db_child_key_ver}.
 EOF
-  make_db_child_keypair "${CURR_DB_KEY_VER}" "${new_db_child_key_ver}" \
-      "${BOARD_NAME}"
+  make_db_child_keypair "${CURR_DB_KEY_VER}" "${new_db_child_key_ver}"
   write_updated_uefi_version_file "${CURR_PK_KEY_VER}" "${CURR_KEK_KEY_VER}" \
       "${CURR_DB_KEY_VER}" "${new_db_child_key_ver}"
 }
diff --git a/scripts/keygeneration/uefi/increment_db_key.sh b/scripts/keygeneration/uefi/increment_db_key.sh
index 1e48f4f4..a3f3e5fb 100755
--- a/scripts/keygeneration/uefi/increment_db_key.sh
+++ b/scripts/keygeneration/uefi/increment_db_key.sh
@@ -11,9 +11,9 @@
 # Abort on errors.
 set -e
 
-if [ $# -lt 1 ]; then
+if [ $# -ne 1 ]; then
   cat <<EOF
-  Usage: $0 <keyset directory> [board name]
+  Usage: $0 <keyset directory>
 
   Increments the UEFI DB key in the specified keyset.
 EOF
@@ -21,7 +21,6 @@ EOF
 fi
 
 KEY_DIR="$1"
-BOARD_NAME="$2"  # Optional.
 
 main() {
   check_uefi_key_dir_name "${KEY_DIR}"
@@ -38,9 +37,8 @@ Generating new UEFI DB key version.
 
 New DB key version: ${new_db_key_ver}.
 EOF
-  make_db_keypair "${new_db_key_ver}" "${BOARD_NAME}"
-  make_db_child_keypair "${new_db_key_ver}" "${new_db_child_key_ver}" \
-      "${BOARD_NAME}"
+  make_db_keypair "${new_db_key_ver}"
+  make_db_child_keypair "${new_db_key_ver}" "${new_db_child_key_ver}"
   write_updated_uefi_version_file "${CURR_PK_KEY_VER}" "${CURR_KEK_KEY_VER}" \
       "${new_db_key_ver}" "${new_db_child_key_ver}"
 }
diff --git a/scripts/keygeneration/uefi/increment_kek_key.sh b/scripts/keygeneration/uefi/increment_kek_key.sh
index 3b9879ad..e99fd70c 100755
--- a/scripts/keygeneration/uefi/increment_kek_key.sh
+++ b/scripts/keygeneration/uefi/increment_kek_key.sh
@@ -11,9 +11,9 @@
 # Abort on errors.
 set -e
 
-if [ $# -lt 1 ]; then
+if [ $# -ne 1 ]; then
   cat <<EOF
-  Usage: $0 <keyset directory> [board name]
+  Usage: $0 <keyset directory>
 
   Increments the UEFI Key Exchange Key (KEK) in the specified keyset.
 EOF
@@ -21,7 +21,6 @@ EOF
 fi
 
 KEY_DIR="$1"
-BOARD_NAME="$2"  # Optional.
 
 main() {
   check_uefi_key_dir_name "${KEY_DIR}"
@@ -37,7 +36,7 @@ Generating new UEFI Key Exchange Key (KEK) version.
 
 New Key Exchange Key version: ${new_kek_key_ver}.
 EOF
-  make_kek_keypair "${new_kek_key_ver}" "${BOARD_NAME}"
+  make_kek_keypair "${new_kek_key_ver}"
   write_updated_uefi_version_file "${CURR_PK_KEY_VER}" "${new_kek_key_ver}" \
       "${CURR_DB_KEY_VER}" "${CURR_DB_CHILD_KEY_VER}"
 }
diff --git a/scripts/keygeneration/uefi/increment_pk_key.sh b/scripts/keygeneration/uefi/increment_pk_key.sh
index a2940ef0..206b2ba0 100755
--- a/scripts/keygeneration/uefi/increment_pk_key.sh
+++ b/scripts/keygeneration/uefi/increment_pk_key.sh
@@ -11,9 +11,9 @@
 # Abort on errors.
 set -e
 
-if [ $# -lt 1 ]; then
+if [ $# -ne 1 ]; then
   cat <<EOF
-  Usage: $0 <keyset directory> [board name]
+  Usage: $0 <keyset directory>
 
   Increments the UEFI Platform Key (PK) in the specified keyset.
 EOF
@@ -21,7 +21,6 @@ EOF
 fi
 
 KEY_DIR="$1"
-BOARD_NAME="$2"  # Optional.
 
 main() {
   check_uefi_key_dir_name "${KEY_DIR}"
@@ -37,7 +36,7 @@ Generating new UEFI Platform Key (PK) version.
 
 New Platform Key version: ${new_pk_key_ver}.
 EOF
-  make_pk_keypair "${new_pk_key_ver}" "${BOARD_NAME}"
+  make_pk_keypair "${new_pk_key_ver}"
   write_updated_uefi_version_file "${new_pk_key_ver}" "${CURR_KEK_KEY_VER}" \
       "${CURR_DB_KEY_VER}" "${CURR_DB_CHILD_KEY_VER}"
 }
diff --git a/scripts/keygeneration/uefi/uefi_common.sh b/scripts/keygeneration/uefi/uefi_common.sh
index 5920a14a..e35a20f2 100644
--- a/scripts/keygeneration/uefi/uefi_common.sh
+++ b/scripts/keygeneration/uefi/uefi_common.sh
@@ -54,12 +54,8 @@ _CHROMIUM_OS_SUBJECT=\
 _get_subj() {
   local title="$1"
   local version="$2"
-  local board_name="$3"  # Optional.
 
-  if [[ ! -z "${board_name}" ]]; then
-    board_name="${board_name} "
-  fi
-  echo "${_CHROMIUM_OS_SUBJECT}/CN=${board_name}${title} v${version}"
+  echo "${_CHROMIUM_OS_SUBJECT}/CN=${title} v${version}"
 }
 
 # Generate a pair of a private key and a self-signed cert at the current
@@ -103,32 +99,28 @@ _make_child_pair() {
 
 make_pk_keypair() {
   local version="$1"
-  local board_name="$2"  # Optional.
   _make_self_signed_pair pk \
-      "$(_get_subj "UEFI Platform Key" "${version}" "${board_name}")"
+      "$(_get_subj "UEFI Platform Key" "${version}")"
 }
 
 make_kek_keypair() {
   local version="$1"
-  local board_name="$2"  # Optional.
   _make_self_signed_pair kek \
-      "$(_get_subj "UEFI Key Exchange Key" "${version}" "${board_name}")"
+      "$(_get_subj "UEFI Key Exchange Key" "${version}")"
 }
 
 make_db_keypair() {
   local version="$1"
-  local board_name="$2"  # Optional.
   _make_self_signed_pair db \
-      "$(_get_subj "UEFI DB Key" "${version}" "${board_name}")"
+      "$(_get_subj "UEFI DB Key" "${version}")"
 }
 
 make_db_child_keypair() {
   local db_key_version="$1"
   local child_key_version="$2"
-  local board_name="$3"  # Optional.
   _make_child_pair db db_child \
       "$(_get_subj "UEFI DB Child Key" \
-          "${db_key_version}.${child_key_version}" "${board_name}")"
+          "${db_key_version}.${child_key_version}")"
 }
 
 _backup_existing_self_signed_pair() {
author	Edward Hyunkoo Jee <edjee@google.com>	2018-04-20 13:41:19 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2018-04-25 23:00:06 -0700
commit	95fbc8f468a5ae0537b43a701fef09898577bacf (patch)
tree	8b80076dd4c2cbc555e0b319f8f26e5025a330cc
parent	392211f0358919d510179ad399d8f056180e652e (diff)
download	vboot-95fbc8f468a5ae0537b43a701fef09898577bacf.tar.gz