From 662219ed70ca73b2eb38eb98b1b75e6767bff4d9 Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Wed, 4 May 2011 12:46:54 -0700
Subject: create_new_keys.sh uses key versions file

BUG=chromium-os:14904
TEST=manual:
  ./create_new_keys.sh
  verify that keys are created
  edit key.versions to change versions to 10 20 30 40
  ./create_new_keys.sh
  verify that keys are created with versions from the file

(cherry picked from commit 1fb83158560de5eaec4f04d021afe0594e03cc5d)

Change-Id: Ibccbdb18d376663647ce9f164e680a9a1710c907
Reviewed-on: http://gerrit.chromium.org/gerrit/1054
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
---
 scripts/keygeneration/create_new_keys.sh | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh
index cf6ee97e..a33e2a7f 100755
--- a/scripts/keygeneration/create_new_keys.sh
+++ b/scripts/keygeneration/create_new_keys.sh
@@ -9,12 +9,29 @@
 # Load common constants and functions.
 . "$(dirname "$0")/common.sh"
 
+# File to read current versions from.
+VERSION_FILE="key.versions"
+
+# ARGS: <version_type>
+get_version() {
+  local version_type=$1
+  version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE})
+  echo $version
+}
+
+# Get the key versions for normal keypairs
+FKEY_VERSION=$(get_version "firmware_key_version")
+# Firmware version is the kernel subkey version.
+KSUBKEY_VERSION=$(get_version "firmware_version")
+# Kernel data key version is the kernel key version.
+KDATAKEY_VERSION=$(get_version "kernel_key_version")
+
 # Create the normal keypairs
 make_pair root_key                 $ROOT_KEY_ALGOID
-make_pair firmware_data_key        $FIRMWARE_DATAKEY_ALGOID
-make_pair dev_firmware_data_key    $DEV_FIRMWARE_DATAKEY_ALGOID
-make_pair kernel_subkey            $KERNEL_SUBKEY_ALGOID
-make_pair kernel_data_key          $KERNEL_DATAKEY_ALGOID
+make_pair firmware_data_key        $FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
+make_pair dev_firmware_data_key    $DEV_FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
+make_pair kernel_subkey            $KERNEL_SUBKEY_ALGOID $KSUBKEY_VERSION
+make_pair kernel_data_key          $KERNEL_DATAKEY_ALGOID $KDATAKEY_VERSION
 
 # Create the recovery and factory installer keypairs
 make_pair recovery_key             $RECOVERY_KEY_ALGOID
@@ -42,4 +59,3 @@ make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_
 # firmware, which is built separately (and some of which can't be changed after
 # manufacturing). If you update these keys, you must coordinate the changes
 # with the BIOS people or you'll be unable to boot the resulting images.
-
-- 
cgit v1.2.1