#!/bin/bash

# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Script that just takes in a kernel partition and outputs a new vblock
# signed with the specific keys. For use on signing servers.

# vbutil_kernel must be in the system path.

SCRIPT_DIR=$(dirname $0)

# Abort on error
set -e

# Check arguments
if [ $# -lt 4 ] || [ $# -gt 5 ]; then
  echo "usage: $0 src_kpart dst_vblock kernel_datakey kernel_keyblock [version]"
  exit 1
fi

# Make sure the tools we need are available.
type -P vbutil_kernel &>/dev/null || \
  ( echo "vbutil_kernel tool not found."; exit 1; )

SRC_KPART=$1
DST_VBLOCK=$2
KERNEL_DATAKEY=$3
KERNEL_KEYBLOCK=$4
VERSION=$5

if [ -z $VERSION ]; then
  VERSION=1
fi
echo "Using kernel version: $VERSION"

vbutil_kernel --repack "${DST_VBLOCK}" \
  --vblockonly \
  --keyblock "${KERNEL_KEYBLOCK}" \
  --signprivate "${KERNEL_DATAKEY}" \
  --version "${VERSION}" \
  --oldblob "${SRC_KPART}"

echo "New kernel vblock was output to ${DST_VBLOCK}"