diff options
| -rw-r--r-- | scripts/keygeneration/common.sh | 8 | ||||
| -rwxr-xr-x | scripts/keygeneration/create_new_keys.sh | 29 |
2 files changed, 28 insertions, 9 deletions
diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh index 9acffcc9..7482dfcd 100644 --- a/scripts/keygeneration/common.sh +++ b/scripts/keygeneration/common.sh @@ -51,14 +51,14 @@ alg_to_keylen() { EC_ROOT_KEY_ALGOID=${RSA4096_SHA256_ALGOID} EC_DATAKEY_ALGOID=${RSA4096_SHA256_ALGOID} -ROOT_KEY_ALGOID=${RSA8192_SHA512_ALGOID} -RECOVERY_KEY_ALGOID=${RSA8192_SHA512_ALGOID} +ROOT_KEY_ALGOID=${RSA4096_SHA512_ALGOID} +RECOVERY_KEY_ALGOID=${RSA4096_SHA512_ALGOID} FIRMWARE_DATAKEY_ALGOID=${RSA4096_SHA256_ALGOID} DEV_FIRMWARE_DATAKEY_ALGOID=${RSA4096_SHA256_ALGOID} -RECOVERY_KERNEL_ALGOID=${RSA8192_SHA512_ALGOID} -INSTALLER_KERNEL_ALGOID=${RSA8192_SHA512_ALGOID} +RECOVERY_KERNEL_ALGOID=${RSA4096_SHA512_ALGOID} +INSTALLER_KERNEL_ALGOID=${RSA4096_SHA512_ALGOID} KERNEL_SUBKEY_ALGOID=${RSA4096_SHA256_ALGOID} KERNEL_DATAKEY_ALGOID=${RSA2048_SHA256_ALGOID} diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh index 7a68fe9f..40cccbc5 100755 --- a/scripts/keygeneration/create_new_keys.sh +++ b/scripts/keygeneration/create_new_keys.sh @@ -17,11 +17,11 @@ Options: --devkeyblock Also generate developer firmware keyblock and data key --android Also generate android keys --uefi Also generate UEFI keys - --4k Use 4k keys instead of 8k (enables options below) - --4k-root Use 4k key size for the root key - --4k-recovery Use 4k key size for the recovery key - --4k-recovery-kernel Use 4k key size for the recovery kernel data - --4k-installer-kernel Use 4k key size for the installer kernel data + --8k Use 8k keys instead of 4k (enables options below) + --8k-root Use 8k key size for the root key + --8k-recovery Use 8k key size for the recovery key + --8k-recovery-kernel Use 8k key size for the recovery kernel data + --8k-installer-kernel Use 8k key size for the installer kernel data --key-name <name> Name of the keyset (for key.versions) --output <dir> Where to write the keys (default is cwd) EOF @@ -64,6 +64,25 @@ main() { uefi_keys="true" ;; + --8k) + root_key_algoid=${RSA8192_SHA512_ALGOID} + recovery_key_algoid=${RSA8192_SHA512_ALGOID} + recovery_kernel_algoid=${RSA8192_SHA512_ALGOID} + installer_kernel_algoid=${RSA8192_SHA512_ALGOID} + ;; + --8k-root) + root_key_algoid=${RSA8192_SHA512_ALGOID} + ;; + --8k-recovery) + recovery_key_algoid=${RSA8192_SHA512_ALGOID} + ;; + --8k-recovery-kernel) + recovery_kernel_algoid=${RSA8192_SHA512_ALGOID} + ;; + --8k-installer-kernel) + installer_kernel_algoid=${RSA8192_SHA512_ALGOID} + ;; + --4k) root_key_algoid=${RSA4096_SHA512_ALGOID} recovery_key_algoid=${RSA4096_SHA512_ALGOID} |