scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 19:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create vbutil_ec tool for signing EC firmware.

Browse Source 
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).

BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual

  make
  make runtests

Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This commit is contained in:
Bill Richardson
2012-05-03 08:40:44 -07:00
committed by Gerrit
parent f47291926a
commit 2448d3b3bc
20 changed files with 748 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/keygeneration/common.sh
View File

@@ -23,7 +23,10 @@ function alg_to_keylen {
echo $(( 1 << (10 + ($1 / 3)) ))
}
# Default alrogithms.
# Default algorithms.
EC_ROOT_KEY_ALGOID=7
EC_DATAKEY_ALGOID=7
ROOT_KEY_ALGOID=11
RECOVERY_KEY_ALGOID=11
@@ -37,13 +40,13 @@ KERNEL_DATAKEY_ALGOID=4
# Keyblock modes determine which boot modes a signing key is valid for use
# in verification.
FIRMWARE_KEYBLOCK_MODE=7
EC_KEYBLOCK_MODE=7 # Only allow RW EC firmware in non-recovery.
FIRMWARE_KEYBLOCK_MODE=7 # Only allow RW firmware in non-recovery.
DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode.
RECOVERY_KERNEL_KEYBLOCK_MODE=11
RECOVERY_KERNEL_KEYBLOCK_MODE=11 # Only in recovery mode.
KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery.
INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery.
# Emit .vbpubk and .vbprivk using given basename and algorithm
# NOTE: This function also appears in ../../utility/dev_make_keypair. Making
# the two implementations the same would require some common.sh, which is more

7
scripts/keygeneration/create_new_keys.sh
View File

@@ -32,6 +32,7 @@ if [ ! -e "${VERSION_FILE}" ]; then
fi
# Get the key versions for normal keypairs
ECKEY_VERSION=$(get_version "ec_key_version")
FKEY_VERSION=$(get_version "firmware_key_version")
# Firmware version is the kernel subkey version.
KSUBKEY_VERSION=$(get_version "firmware_version")
@@ -39,6 +40,8 @@ KSUBKEY_VERSION=$(get_version "firmware_version")
KDATAKEY_VERSION=$(get_version "kernel_key_version")
# Create the normal keypairs
make_pair ec_root_key $EC_ROOT_KEY_ALGOID
make_pair ec_data_key $EC_DATAKEY_ALGOID $ECKEY_VERSION
make_pair root_key $ROOT_KEY_ALGOID
make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
@@ -55,14 +58,14 @@ make_pair installer_kernel_data_key $INSTALLER_KERNEL_ALGOID
# Create the firmware keyblock for use only in Normal mode. This is redundant,
# since it's never even checked during Recovery mode.
make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key
# Ditto EC keyblock
make_keyblock ec $EC_KEYBLOCK_MODE ec_data_key ec_root_key
if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
# Create the dev firmware keyblock for use only in Developer mode.
make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key root_key
fi
# Create the recovery kernel keyblock for use only in Recovery mode.
make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_data_key recovery_key