diff options
Diffstat (limited to 'scripts/keygeneration/keyset_version_check.sh')
-rwxr-xr-x | scripts/keygeneration/keyset_version_check.sh | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/scripts/keygeneration/keyset_version_check.sh b/scripts/keygeneration/keyset_version_check.sh index 74c44ad7..f351b75b 100755 --- a/scripts/keygeneration/keyset_version_check.sh +++ b/scripts/keygeneration/keyset_version_check.sh @@ -51,6 +51,37 @@ check_versions() { return 0 } +# Check the key.versions against firmware.keyblock and firmware_data_key.vbpubk. +check_firmware_keyblock() { + local fkey_keyblock="$1" fkey="$2" + local got_fkey_keyblock="$(keyblock_version "${fkey_keyblock}")" + local got_fkey="$(key_version "${fkey}")" + + check_versions "${got_fkey_keyblock}" "${got_fkey}" \ + "${fkey_keyblock##*/} keyblock key" "firmware key" || testfail=1 + check_versions "${expected_fkey}" "${got_fkey}" "${fkey##*/} key" \ + "firmware key" || testfail=1 +} + +# Validate the firmware keys in an loem keyset. +check_loem_keyset() { + local line loem_index + while read line; do + loem_index=$(cut -d= -f1 <<<"${line}" | sed 's: *$::') + + check_firmware_keyblock \ + "${KEY_DIR}/firmware.loem${loem_index}.keyblock" \ + "${KEY_DIR}/firmware_data_key.loem${loem_index}.vbpubk" + done < <(grep = "${KEY_DIR}"/loem.ini) +} + +# Validate the firmware keys in a non-loem keyset. +check_non_loem_keyset() { + check_firmware_keyblock \ + "${KEY_DIR}/firmware.keyblock" \ + "${KEY_DIR}/firmware_data_key.vbpubk" +} + main() { local testfail=0 @@ -62,21 +93,20 @@ main() { check_versions "${expected_firmware}" "${expected_kkey}" \ "firmware" "kernel key" || testfail=1 - local got_fkey_keyblock="$(keyblock_version ${KEY_DIR}/firmware.keyblock)" - local got_fkey="$(key_version ${KEY_DIR}/firmware_data_key.vbpubk)" - local got_kkey_keyblock="$(keyblock_version ${KEY_DIR}/kernel.keyblock)" local got_ksubkey="$(key_version ${KEY_DIR}/kernel_subkey.vbpubk)" local got_kdatakey="$(key_version ${KEY_DIR}/kernel_data_key.vbpubk)" - check_versions "${got_fkey_keyblock}" "${got_fkey}" "firmware keyblock key" \ - "firmware key" || testfail=1 + if [[ -f "${KEY_DIR}"/loem.ini ]]; then + check_loem_keyset + else + check_non_loem_keyset + fi + check_versions "${got_kkey_keyblock}" "${got_ksubkey}" "kernel keyblock key" \ "kernel subkey" || testfail=1 check_versions "${got_kdatakey}" "${got_ksubkey}" "kernel data key" \ "kernel subkey" || testfail=1 - check_versions "${expected_fkey}" "${got_fkey}" "key.versions firmware key" \ - "firmware key" || testfail=1 check_versions "${expected_kkey}" "${got_kdatakey}" "key.versions kernel key" \ "kernel datakey" || testfail=1 check_versions "${expected_kkey}" "${got_ksubkey}" "key.versions kernel key" \ |