diff options
Diffstat (limited to 'scripts/keygeneration/increment_kernel_subkey_and_key.sh')
-rwxr-xr-x | scripts/keygeneration/increment_kernel_subkey_and_key.sh | 90 |
1 files changed, 13 insertions, 77 deletions
diff --git a/scripts/keygeneration/increment_kernel_subkey_and_key.sh b/scripts/keygeneration/increment_kernel_subkey_and_key.sh index ed20db43..ac846605 100755 --- a/scripts/keygeneration/increment_kernel_subkey_and_key.sh +++ b/scripts/keygeneration/increment_kernel_subkey_and_key.sh @@ -24,90 +24,26 @@ fi KEY_DIR=$1 -# File to read current versions from. -VERSION_FILE="key.versions" - -# ARGS: <version_type> -get_version() { - local version_type=$1 - version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE}) - echo $version -} - -# Make backups of existing keys and keyblocks that will be revved. -# Backup format: -# for keys: <key_name>.v<version>.vb{pub|priv}k -# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock -# Args: SUBKEY_VERSION DATAKEY_VERSION -backup_existing_kernel_keys() { - subkey_version=$1 - datakey_version=$2 - # --no-clobber to prevent accidentally overwriting existing - # backups. - mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_version}.vbprivk"} - mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_version}.vbpubk"} - mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_version}.vbprivk"} - mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_version}.vbpubk"} - mv --no-clobber kernel.{keyblock,"v${datakey_version}.v${subkey_version}.keyblock"} -} - -# Write new key version file with the updated key versions. -# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION -write_updated_version_file() { - local firmware_key_version=$1 - local firmware_version=$2 - local kernel_key_version=$3 - local kernel_version=$4 - - cat > ${VERSION_FILE} <<EOF -firmware_key_version=${firmware_key_version} -firmware_version=${firmware_version} -kernel_key_version=${kernel_key_version} -kernel_version=${kernel_version} -EOF -} - - main() { - local key_dir=$1 - cd "${key_dir}" - current_fkey_version=$(get_version "firmware_key_version") - # Firmware version is the kernel subkey version. - current_ksubkey_version=$(get_version "firmware_version") - # Kernel data key version is the kernel key version. - current_kdatakey_version=$(get_version "kernel_key_version") - current_kernel_version=$(get_version "kernel_version") - - cat <<EOF -Current Firmware key version: ${current_fkey_version} -Current Firmware version: ${current_ksubkey_version} -Current Kernel key version: ${current_kdatakey_version} -Current Kernel version: ${current_kernel_version} -EOF - - backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version - - new_ksubkey_version=$(( current_ksubkey_version + 1 )) - new_kdatakey_version=$(( current_kdatakey_version + 1 )) + load_current_versions + new_kernkey_ver=$(increment_version "${KEY_DIR}" "kernel_key_version") + new_firm_ver=$(increment_version "${KEY_DIR}" "firmware_version") - if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ]; - then - echo "Version overflow!" - exit 1 - fi + backup_existing_kernel_subkeys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER} + backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER} cat <<EOF Generating new kernel subkey, data keys and new kernel keyblock. -New Firmware version (due to kernel subkey change): ${new_ksubkey_version}. -New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}. +New Firmware version (due to kernel subkey change): ${new_firm_ver}. +New Kernel key version (due to kernel datakey change): ${new_kernkey_ver}. EOF - make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version - make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version - make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey + make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${new_firm_ver} + make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${new_kernkey_ver} + make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey - write_updated_version_file $current_fkey_version $new_ksubkey_version \ - $new_kdatakey_version $current_kernel_version + write_updated_version_file ${CURR_FIRMKEY_VER} ${new_firm_ver} \ + ${new_kernkey_ver} ${CURR_KERN_VER} } -main $@ +main "$@" |