blob: 7ceb3bba8368ba9edff92209ddf563ca5b610a89 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/bin/bash
# Copyright 2015 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Load common constants and functions.
. "$(dirname "$0")/common.sh"
usage() {
cat <<EOF
Usage: ${PROG} <number of loem keys to add>
If the existing keyset is not set up for loem usage, it will be converted.
Note: Use 0 if you want to just convert an existing keyset.
EOF
exit ${1:-0}
}
convert_keyset_to_loem() {
local f
printf "Converting to loem keyset; continue? (y/N) "
read f
[[ ${f} == [yY] ]]
for f in {firmware_data,root}_key.vb{pub,priv}k firmware.keyblock; do
if [[ ${f} == "root_key.vbprivk" && ! -e ${f} ]]; then
# For official keys, we won't have the private half of the root key.
echo "Skipping ${f} for official keys"
continue
fi
if [[ ${f} == *.vbprivk && ! -e ${f} ]]; then
# For official keys, will be gpg wrapped.
f+=".gpg"
fi
mv -i "${f}" "${f/./.loem1.}"
done
echo "[loem]" > loem.ini
}
main() {
set -e -u
if [[ $# -ne 1 || $1 == -* ]]; then
usage
fi
# Keep `local` and assignment split so return values are checked.
local firmware_key_version
local num_keys highest_key k
if [[ ! -e ${VERSION_FILE} ]]; then
die "missing ${VERSION_FILE} in ${PWD}; please create one"
fi
firmware_key_version=$(get_version "firmware_key_version")
# See if we need to convert the keyset first.
if [[ -e root_key.vbpubk ]]; then
convert_keyset_to_loem
fi
num_keys=$1
highest_key=$(printf '%s\n' firmware.loem*.keyblock |
sed -r 's:firmware.loem(.*).keyblock:\1:' |
sort -n | tail -1)
echo "There are ${highest_key} loem keys; adding ${num_keys} more"
for ((k = highest_key + 1; k < highest_key + 1 + num_keys; ++k)); do
echo "Generating LOEM ${k}"
make_pair root_key.loem${k} ${ROOT_KEY_ALGOID}
make_pair firmware_data_key.loem${k} ${FIRMWARE_DATAKEY_ALGOID} \
${firmware_key_version}
make_keyblock firmware.loem${k} ${FIRMWARE_KEYBLOCK_MODE} \
firmware_data_key.loem${k} root_key.loem${k}
done
echo
echo "Don't forget to update loem.ini to allocate the keys!"
}
main "$@"
|
