diff options
Diffstat (limited to 'scripts/keygeneration/increment_kernel_subkey_and_key.sh')
-rwxr-xr-x | scripts/keygeneration/increment_kernel_subkey_and_key.sh | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/scripts/keygeneration/increment_kernel_subkey_and_key.sh b/scripts/keygeneration/increment_kernel_subkey_and_key.sh new file mode 100755 index 00000000..36d30c8c --- /dev/null +++ b/scripts/keygeneration/increment_kernel_subkey_and_key.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Script to increment kernel subkey and datakey for firmware updates. +# Used when revving versions for a firmware update. + +# Load common constants and variables. +. "$(dirname "$0")/common.sh" + +# Abort on errors. +set -e + +# File to read current versions from. +VERSION_FILE="key.versions" + +# ARGS: <version_type> +get_version() { + local version_type=$1 + version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE}) + echo $version +} + +# Make backups of existing keys and keyblocks that will be revved. +# Backup format: +# for keys: <key_name>.v<version> +# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version> +# Args: SUBKEY_VERSION DATAKEY_VERSION +backup_existing_kernel_keys() { + subkey_version=$1 + datakey_version=$2 + # --no-clobber to prevent accidentally overwriting existing + # backups. + mv --no-clobber kernel_subkey.vbprivk{,".v${subkey_version}"} + mv --no-clobber kernel_subkey.vbpubk{,".v${subkey_version}"} + mv --no-clobber kernel_data_key.vbprivk{,".v${datakey_version}"} + mv --no-clobber kernel_data_key.vbpubk{,".v${datakey_version}"} + mv --no-clobber kernel.keyblock{,".v${datakey_version}.v${subkey_version}"} +} + +# Write new key version file with the updated key versions. +# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION +write_updated_version_file() { + local firmware_key_version=$1 + local firmware_version=$2 + local kernel_key_version=$3 + local kernel_version=$4 + + cat > ${VERSION_FILE} <<EOF +firmware_key_version=${firmware_key_version} +firmware_version=${firmware_version} +kernel_key_version=${kernel_key_version} +kernel_version=${kernel_version} +EOF +} + + +main() { + current_fkey_version=$(get_version "firmware_key_version") + # Firmware version is the kernel subkey version. + current_ksubkey_version=$(get_version "firmware_version") + # Kernel data key version is the kernel key version. + current_kdatakey_version=$(get_version "kernel_key_version") + current_kernel_version=$(get_version "kernel_version") + + cat <<EOF +Current Firmware key version: ${current_fkey_version} +Current Firmware version: ${current_ksubkey_version} +Current Kernel key version: ${current_kdatakey_version} +Current Kernel version: ${current_kernel_version} +EOF + + backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version + + new_ksubkey_version=$(( current_ksubkey_version + 1 )) + new_kdatakey_version=$(( current_kdatakey_version + 1 )) + + if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ]; + then + echo "Version overflow!" + exit 1 + fi + + cat <<EOF +Generating new kernel subkey, data keys and new kernel keyblock. + +New Firmware version (due to kernel subkey change): ${new_ksubkey_version}. +New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}. +EOF + make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version + make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version + make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey + + write_updated_version_file $current_fkey_version $new_ksubkey_version \ + $new_kdatakey_version $current_kernel_version +} + +main $@ |