From 40d8651bb36048c9b5f07be97ff17b2cf503015e Mon Sep 17 00:00:00 2001
From: Kris Rambish <krisr@chromium.org>
Date: Thu, 6 Sep 2012 15:58:37 -0700
Subject: Add scripts to increment single fm/kernel keys.

For firmware and kernel key increment testing we need to be able to
rev only particular keys and verify an autoupdate works.

BUG=None
TEST=Ran it
BRANCH=None

Change-Id: Ic814480b4bf8fbc994132fcd7ba519c3be9b0ccd
Reviewed-on: https://gerrit.chromium.org/gerrit/32458
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Kris Rambish <krisr@chromium.org>
Tested-by: Kris Rambish <krisr@chromium.org>
---
 scripts/keygeneration/common.sh                    | 116 +++++++++++++++++++++
 .../keygeneration/increment_firmware_data_key.sh   |  44 ++++++++
 scripts/keygeneration/increment_kernel_data_key.sh |  44 ++++++++
 scripts/keygeneration/increment_kernel_subkey.sh   |  46 ++++++++
 .../increment_kernel_subkey_and_key.sh             |  90 +++-------------
 5 files changed, 263 insertions(+), 77 deletions(-)
 create mode 100755 scripts/keygeneration/increment_firmware_data_key.sh
 create mode 100755 scripts/keygeneration/increment_kernel_data_key.sh
 create mode 100755 scripts/keygeneration/increment_kernel_subkey.sh

diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh
index b6e20c61..b7725add 100755
--- a/scripts/keygeneration/common.sh
+++ b/scripts/keygeneration/common.sh
@@ -114,4 +114,120 @@ function make_keyblock {
     --signpubkey "${signkey}.vbpubk"
 }
 
+# File to read current versions from.
+VERSION_FILE="key.versions"
 
+# ARGS: <VERSION_TYPE>
+get_version() {
+  awk -F= '/^'$1'\>/ { print $NF }' ${2:-${VERSION_FILE}}
+}
+
+# Loads the current versions prints them to stdout and sets the global version
+# variables: CURR_FIRMKEY_VER CURR_FIRM_VER CURR_KERNKEY_VER CURR_KERN_VER
+load_current_versions() {
+  if [[ ! -f ${VERSION_FILE} ]]; then
+    return 1
+  fi
+  CURR_FIRMKEY_VER=$(get_version "firmware_key_version")
+  # Firmware version is the kernel subkey version.
+  CURR_FIRM_VER=$(get_version "firmware_version")
+  # Kernel data key version is the kernel key version.
+  CURR_KERNKEY_VER=$(get_version "kernel_key_version")
+  CURR_KERN_VER=$(get_version "kernel_version")
+
+  cat <<EOF
+Current Firmware key version: ${CURR_FIRMKEY_VER}
+Current Firmware version: ${CURR_FIRM_VER}
+Current Kernel key version: ${CURR_KERNKEY_VER}
+Current Kernel version: ${CURR_KERN_VER}
+EOF
+}
+
+# Make backups of existing kernel subkeys and keyblocks that will be revved.
+# Backup format:
+# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
+# Args: SUBKEY_VERSION DATAKEY_VERSION
+backup_existing_kernel_keyblock() {
+  if [[ ! -e kernel.keyblock ]]; then
+    return
+  fi
+  mv --no-clobber kernel.{keyblock,"v$2.v$1.keyblock"}
+}
+
+# Make backups of existing kernel subkeys and keyblocks that will be revved.
+# Backup format:
+# for keys: <key_name>.v<version>.vb{pub|priv}k
+# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
+# Args: SUBKEY_VERSION DATAKEY_VERSION
+backup_existing_kernel_subkeys() {
+  local subkey_ver=$1
+  local datakey_ver=$2
+  # --no-clobber to prevent accidentally overwriting existing
+  # backups.
+  mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_ver}.vbprivk"}
+  mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_ver}.vbpubk"}
+  backup_existing_kernel_keyblock ${subkey_ver} ${datakey_ver}
+}
+
+# Make backups of existing kernel data keys and keyblocks that will be revved.
+# Backup format:
+# for keys: <key_name>.v<version>.vb{pub|priv}k
+# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
+# Args: SUBKEY_VERSION DATAKEY_VERSION
+backup_existing_kernel_data_keys() {
+  local subkey_ver=$1
+  local datakey_ver=$2
+  # --no-clobber to prevent accidentally overwriting existing
+  # backups.
+  mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_ver}.vbprivk"}
+  mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_ver}.vbpubk"}
+  backup_existing_kernel_keyblock ${subkey_ver} ${datakey_ver}
+}
+
+# Make backups of existing firmware keys and keyblocks that will be revved.
+# Backup format:
+# for keys: <key_name>.v<version>.vb{pub|priv}k
+# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
+# Args: SUBKEY_VERSION DATAKEY_VERSION
+backup_existing_firmware_keys() {
+  local subkey_ver=$1
+  local datakey_ver=$2
+  mv --no-clobber firmware_data_key.{vbprivk,"v${subkey_ver}.vbprivk"}
+  mv --no-clobber firmware_data_key.{vbpubk,"v${subkey_ver}.vbpubk"}
+  mv --no-clobber firmware.{keyblock,"v${datakey_ver}.v${subkey_ver}.keyblock"}
+}
+
+
+# Write new key version file with the updated key versions.
+# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION
+#       KERNEL_VERSION
+write_updated_version_file() {
+  local firmware_key_version=$1
+  local firmware_version=$2
+  local kernel_key_version=$3
+  local kernel_version=$4
+
+  cat > ${VERSION_FILE} <<EOF
+firmware_key_version=${firmware_key_version}
+firmware_version=${firmware_version}
+kernel_key_version=${kernel_key_version}
+kernel_version=${kernel_version}
+EOF
+}
+
+# Returns the incremented version number of the passed in key from the version
+# file.  The options are "firmware_key_version", "firmware_version",
+# "kernel_key_version", or "kernel_version".
+# ARGS: KEY_DIR <key_name>
+increment_version() {
+  local key_dir=$1
+  local VERSION_FILE="${key_dir}/${VERSION_FILE}"
+  local old_version=$(get_version $2)
+  local new_version=$(( ${old_version} + 1 ))
+
+  if [[ ${new_version} -gt 0xffff ]]; then
+    echo "Version overflow!" >&2
+    return 1
+  fi
+  echo ${new_version}
+}
diff --git a/scripts/keygeneration/increment_firmware_data_key.sh b/scripts/keygeneration/increment_firmware_data_key.sh
new file mode 100755
index 00000000..facd776d
--- /dev/null
+++ b/scripts/keygeneration/increment_firmware_data_key.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Script to increment firmware version key for firmware updates.
+# Used when revving versions for a firmware update.
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+# Abort on errors.
+set -e
+
+if [ $# -ne 1 ]; then
+  cat <<EOF
+  Usage: $0 <keyset directory>
+
+  Increments the firmware version in the specified keyset.
+EOF
+  exit 1
+fi
+
+KEY_DIR=$1
+
+main() {
+  load_current_versions
+  new_firmkey_ver=$(increment_version "${KEY_DIR}" "firmware_key_version")
+
+  backup_existing_firmware_keys ${CURR_FIRM_VER} ${CURR_FIRMKEY_VER}
+
+  cat <<EOF
+Generating new firmware version key.
+
+New Firmware key version (due to firmware key change): ${new_firmkey_ver}.
+EOF
+  make_pair firmware_data_key ${FIRMWARE_DATAKEY_ALGOID} ${new_firmkey_ver}
+  make_keyblock firmware ${FIRMWARE_KEYBLOCK_MODE} firmware_data_key root_key
+
+  write_updated_version_file ${new_firmkey_ver} ${CURR_FIRM_VER} \
+    ${CURR_KERNKEY_VER} ${CURR_KERN_VER}
+}
+
+main "$@"
diff --git a/scripts/keygeneration/increment_kernel_data_key.sh b/scripts/keygeneration/increment_kernel_data_key.sh
new file mode 100755
index 00000000..193df2ae
--- /dev/null
+++ b/scripts/keygeneration/increment_kernel_data_key.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Script to increment kernel data key for firmware updates.
+# Used when revving versions for a firmware update.
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+# Abort on errors.
+set -e
+
+if [ $# -ne 1 ]; then
+  cat <<EOF
+  Usage: $0 <keyset directory>
+
+  Increments the kernel data key in the specified keyset.
+EOF
+  exit 1
+fi
+
+KEY_DIR=$1
+
+main() {
+  load_current_versions
+  new_kernkey_ver=$(increment_version "${KEY_DIR}" "kernel_key_version")
+
+  backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
+
+  cat <<EOF
+Generating new kernel data version, and new kernel keyblock.
+
+New Kernel data key version: ${new_kernkey_ver}.
+EOF
+  make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${new_kernkey_ver}
+  make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey
+
+  write_updated_version_file ${CURR_FIRMKEY_VER} ${CURR_FIRM_VER} \
+    ${new_kernkey_ver} ${CURR_KERN_VER}
+}
+
+main "$@"
diff --git a/scripts/keygeneration/increment_kernel_subkey.sh b/scripts/keygeneration/increment_kernel_subkey.sh
new file mode 100755
index 00000000..26af3fa4
--- /dev/null
+++ b/scripts/keygeneration/increment_kernel_subkey.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Script to increment kernel subkey for firmware updates.
+# Used when revving versions for a firmware update.
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+# Abort on errors.
+set -e
+
+if [ $# -ne 1 ]; then
+  cat <<EOF
+  Usage: $0 <keyset directory>
+
+  Increments the kernel subkey in the specified keyset.
+EOF
+  exit 1
+fi
+
+KEY_DIR=$1
+
+main() {
+  load_current_versions
+  new_firm_ver=$(increment_version "${KEY_DIR}" "firmware_version")
+
+  backup_existing_kernel_subkeys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
+  backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
+
+  cat <<EOF
+Generating new kernel subkey, data keys and new kernel keyblock.
+
+New Firmware version (due to kernel subkey change): ${new_firm_ver}.
+EOF
+  make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${new_firm_ver}
+  make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${CURRENT_KDATAKEY_VERSION}
+  make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
+
+  write_updated_version_file ${CURR_FIRMKEY_VER} ${new_firm_ver} \
+    ${CURR_KERNKEY_VER} ${CURR_KERN_VER}
+}
+
+main "$@"
diff --git a/scripts/keygeneration/increment_kernel_subkey_and_key.sh b/scripts/keygeneration/increment_kernel_subkey_and_key.sh
index ed20db43..ac846605 100755
--- a/scripts/keygeneration/increment_kernel_subkey_and_key.sh
+++ b/scripts/keygeneration/increment_kernel_subkey_and_key.sh
@@ -24,90 +24,26 @@ fi
 
 KEY_DIR=$1
 
-# File to read current versions from.
-VERSION_FILE="key.versions"
-
-# ARGS: <version_type>
-get_version() {
-  local version_type=$1
-  version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE})
-  echo $version
-}
-
-# Make backups of existing keys and keyblocks that will be revved.
-# Backup format:
-# for keys: <key_name>.v<version>.vb{pub|priv}k
-# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
-# Args: SUBKEY_VERSION DATAKEY_VERSION
-backup_existing_kernel_keys() {
-  subkey_version=$1
-  datakey_version=$2
-  # --no-clobber to prevent accidentally overwriting existing
-  # backups.
-  mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_version}.vbprivk"}
-  mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_version}.vbpubk"}
-  mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_version}.vbprivk"}
-  mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_version}.vbpubk"}
-  mv --no-clobber kernel.{keyblock,"v${datakey_version}.v${subkey_version}.keyblock"}
-}
-
-# Write new key version file with the updated key versions.
-# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION
-write_updated_version_file() {
-  local firmware_key_version=$1
-  local firmware_version=$2
-  local kernel_key_version=$3
-  local kernel_version=$4
-
-  cat > ${VERSION_FILE} <<EOF
-firmware_key_version=${firmware_key_version}
-firmware_version=${firmware_version}
-kernel_key_version=${kernel_key_version}
-kernel_version=${kernel_version}
-EOF
-}
-  
-
 main() {
-  local key_dir=$1
-  cd "${key_dir}"
-  current_fkey_version=$(get_version "firmware_key_version")
-  # Firmware version is the kernel subkey version.
-  current_ksubkey_version=$(get_version "firmware_version")
-  # Kernel data key version is the kernel key version.
-  current_kdatakey_version=$(get_version "kernel_key_version")
-  current_kernel_version=$(get_version "kernel_version")
-
-  cat <<EOF
-Current Firmware key version: ${current_fkey_version}
-Current Firmware version: ${current_ksubkey_version}
-Current Kernel key version: ${current_kdatakey_version}
-Current Kernel version: ${current_kernel_version}
-EOF
-
-  backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version
-
-  new_ksubkey_version=$(( current_ksubkey_version + 1 ))
-  new_kdatakey_version=$(( current_kdatakey_version + 1 ))
+  load_current_versions
+  new_kernkey_ver=$(increment_version "${KEY_DIR}" "kernel_key_version")
+  new_firm_ver=$(increment_version "${KEY_DIR}" "firmware_version")
 
-  if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ];
-  then
-    echo "Version overflow!"
-    exit 1
-  fi
+  backup_existing_kernel_subkeys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
+  backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
 
   cat <<EOF 
 Generating new kernel subkey, data keys and new kernel keyblock.
 
-New Firmware version (due to kernel subkey change): ${new_ksubkey_version}.
-New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}.
+New Firmware version (due to kernel subkey change): ${new_firm_ver}.
+New Kernel key version (due to kernel datakey change): ${new_kernkey_ver}.
 EOF
-  make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version
-  make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version
-  make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
+  make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${new_firm_ver}
+  make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${new_kernkey_ver}
+  make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey
 
-  write_updated_version_file $current_fkey_version $new_ksubkey_version \
-    $new_kdatakey_version $current_kernel_version
+  write_updated_version_file ${CURR_FIRMKEY_VER} ${new_firm_ver} \
+    ${new_kernkey_ver} ${CURR_KERN_VER}
 }
 
-main $@
+main "$@"
-- 
cgit v1.2.1