From fb3c262eb0b2eb5d963680660dbbc5b00c6982df Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Fri, 29 Sep 2017 01:13:49 -0400
Subject: keygeneration: keyset_version_check.sh: support loem keysets

BUG=None
TEST=ran against local devkeys
BRANCH=None

Change-Id: Ib1c88ae187f12aad4531e9c22da6cda2af1503e3
Reviewed-on: https://chromium-review.googlesource.com/691340
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
---
 scripts/keygeneration/keyset_version_check.sh | 44 ++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/scripts/keygeneration/keyset_version_check.sh b/scripts/keygeneration/keyset_version_check.sh
index 74c44ad7..f351b75b 100755
--- a/scripts/keygeneration/keyset_version_check.sh
+++ b/scripts/keygeneration/keyset_version_check.sh
@@ -51,6 +51,37 @@ check_versions() {
   return 0
 }
 
+# Check the key.versions against firmware.keyblock and firmware_data_key.vbpubk.
+check_firmware_keyblock() {
+  local fkey_keyblock="$1" fkey="$2"
+  local got_fkey_keyblock="$(keyblock_version "${fkey_keyblock}")"
+  local got_fkey="$(key_version "${fkey}")"
+
+  check_versions "${got_fkey_keyblock}" "${got_fkey}" \
+    "${fkey_keyblock##*/} keyblock key" "firmware key" || testfail=1
+  check_versions "${expected_fkey}" "${got_fkey}" "${fkey##*/} key" \
+    "firmware key" || testfail=1
+}
+
+# Validate the firmware keys in an loem keyset.
+check_loem_keyset() {
+  local line loem_index
+  while read line; do
+    loem_index=$(cut -d= -f1 <<<"${line}" | sed 's: *$::')
+
+    check_firmware_keyblock \
+      "${KEY_DIR}/firmware.loem${loem_index}.keyblock" \
+      "${KEY_DIR}/firmware_data_key.loem${loem_index}.vbpubk"
+  done < <(grep = "${KEY_DIR}"/loem.ini)
+}
+
+# Validate the firmware keys in a non-loem keyset.
+check_non_loem_keyset() {
+  check_firmware_keyblock \
+    "${KEY_DIR}/firmware.keyblock" \
+    "${KEY_DIR}/firmware_data_key.vbpubk"
+}
+
 main() {
   local testfail=0
 
@@ -62,21 +93,20 @@ main() {
   check_versions "${expected_firmware}" "${expected_kkey}" \
     "firmware" "kernel key" || testfail=1
 
-  local got_fkey_keyblock="$(keyblock_version ${KEY_DIR}/firmware.keyblock)"
-  local got_fkey="$(key_version ${KEY_DIR}/firmware_data_key.vbpubk)"
-
   local got_kkey_keyblock="$(keyblock_version ${KEY_DIR}/kernel.keyblock)"
   local got_ksubkey="$(key_version ${KEY_DIR}/kernel_subkey.vbpubk)"
   local got_kdatakey="$(key_version ${KEY_DIR}/kernel_data_key.vbpubk)"
 
-  check_versions "${got_fkey_keyblock}" "${got_fkey}" "firmware keyblock key" \
-    "firmware key" || testfail=1
+  if [[ -f "${KEY_DIR}"/loem.ini ]]; then
+    check_loem_keyset
+  else
+    check_non_loem_keyset
+  fi
+
   check_versions "${got_kkey_keyblock}" "${got_ksubkey}" "kernel keyblock key" \
     "kernel subkey" || testfail=1
   check_versions "${got_kdatakey}" "${got_ksubkey}" "kernel data key" \
     "kernel subkey" || testfail=1
-  check_versions "${expected_fkey}" "${got_fkey}" "key.versions firmware key" \
-    "firmware key" || testfail=1
   check_versions "${expected_kkey}" "${got_kdatakey}" "key.versions kernel key" \
     "kernel datakey" || testfail=1
   check_versions "${expected_kkey}" "${got_ksubkey}" "key.versions kernel key" \
-- 
cgit v1.2.1