Add a script to generate a keypair for signing Rose RW firmware.

Rose decided to leverage the key format of Hammer therefore this script calls Hammer's one to generate a key pair and renames them to key_rose*. BUG=b:37693819 TEST=None BRANCH=None Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403 Reviewed-on: https://chromium-review.googlesource.com/529504 Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
2025-12-07 16:35:44 +00:00 · 2017-06-09 23:45:36 +08:00
parent 4df2f6f4e2
commit 04b3835b69
1 changed files with 66 additions and 0 deletions
--- a/scripts/keygeneration/accessory/create_new_rose_keys.sh
+++ b/scripts/keygeneration/accessory/create_new_rose_keys.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Copyright 2017 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Load common constants and functions.
+. "$(dirname "$0")/../common.sh"
+
+usage() {
+  cat <<EOF
+Usage: ${PROG} DIR
+
+DIR: To generate a keypair from an RSA 3072 key (.pem file) for Rose at DIR
+
+EOF
+
+  if [[ $# -ne 0 ]]; then
+    die "$*"
+  else
+    exit 0
+  fi
+}
+
+# Generate a keypair from hammer's script at the given directory.
+generate_key() {
+  local dir=$1
+  TMP=$(mktemp -d --suffix=.create_rose_keys)
+
+  ./create_new_hammer_keys.sh "${TMP}"
+  if [[ $? -ne 0 ]]; then
+    die "Failed to call create_new_hammer_keys.sh."
+  fi
+
+  mv "${TMP}/key_hammer.vbprik2" "${dir}/key_rose.vbprik2"
+  mv "${TMP}/key_hammer.vbpubk2" "${dir}/key_rose.vbpubk2"
+}
+
+main() {
+  set -e
+
+  local dir
+
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+    -h|--help)
+      usage
+      ;;
+    -*)
+      usage "Unknown option: $1"
+      ;;
+    *)
+      break
+      ;;
+    esac
+  done
+
+  if [[ $# -ne 1 ]]; then
+    usage "Missing output directory"
+  fi
+  dir="$1"
+
+  generate_key "${dir}"
+}
+
+main "$@"