mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-09 00:51:29 +00:00
Add scripts to increment single fm/kernel keys.
For firmware and kernel key increment testing we need to be able to rev only particular keys and verify an autoupdate works. BUG=None TEST=Ran it BRANCH=None Change-Id: Ic814480b4bf8fbc994132fcd7ba519c3be9b0ccd Reviewed-on: https://gerrit.chromium.org/gerrit/32458 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Kris Rambish <krisr@chromium.org> Tested-by: Kris Rambish <krisr@chromium.org>
This commit is contained in:
Kris Rambish
@@ -114,4 +114,120 @@ function make_keyblock {
|
||||
--signpubkey "${signkey}.vbpubk"
|
||||
}
|
||||
|
||||
# File to read current versions from.
|
||||
VERSION_FILE="key.versions"
|
||||
|
||||
# ARGS: <VERSION_TYPE>
|
||||
get_version() {
|
||||
awk -F= '/^'$1'\>/ { print $NF }' ${2:-${VERSION_FILE}}
|
||||
}
|
||||
|
||||
# Loads the current versions prints them to stdout and sets the global version
|
||||
# variables: CURR_FIRMKEY_VER CURR_FIRM_VER CURR_KERNKEY_VER CURR_KERN_VER
|
||||
load_current_versions() {
|
||||
if [[ ! -f ${VERSION_FILE} ]]; then
|
||||
return 1
|
||||
fi
|
||||
CURR_FIRMKEY_VER=$(get_version "firmware_key_version")
|
||||
# Firmware version is the kernel subkey version.
|
||||
CURR_FIRM_VER=$(get_version "firmware_version")
|
||||
# Kernel data key version is the kernel key version.
|
||||
CURR_KERNKEY_VER=$(get_version "kernel_key_version")
|
||||
CURR_KERN_VER=$(get_version "kernel_version")
|
||||
|
||||
cat <<EOF
|
||||
Current Firmware key version: ${CURR_FIRMKEY_VER}
|
||||
Current Firmware version: ${CURR_FIRM_VER}
|
||||
Current Kernel key version: ${CURR_KERNKEY_VER}
|
||||
Current Kernel version: ${CURR_KERN_VER}
|
||||
EOF
|
||||
}
|
||||
|
||||
# Make backups of existing kernel subkeys and keyblocks that will be revved.
|
||||
# Backup format:
|
||||
# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
|
||||
# Args: SUBKEY_VERSION DATAKEY_VERSION
|
||||
backup_existing_kernel_keyblock() {
|
||||
if [[ ! -e kernel.keyblock ]]; then
|
||||
return
|
||||
fi
|
||||
mv --no-clobber kernel.{keyblock,"v$2.v$1.keyblock"}
|
||||
}
|
||||
|
||||
# Make backups of existing kernel subkeys and keyblocks that will be revved.
|
||||
# Backup format:
|
||||
# for keys: <key_name>.v<version>.vb{pub|priv}k
|
||||
# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
|
||||
# Args: SUBKEY_VERSION DATAKEY_VERSION
|
||||
backup_existing_kernel_subkeys() {
|
||||
local subkey_ver=$1
|
||||
local datakey_ver=$2
|
||||
# --no-clobber to prevent accidentally overwriting existing
|
||||
# backups.
|
||||
mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_ver}.vbprivk"}
|
||||
mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_ver}.vbpubk"}
|
||||
backup_existing_kernel_keyblock ${subkey_ver} ${datakey_ver}
|
||||
}
|
||||
|
||||
# Make backups of existing kernel data keys and keyblocks that will be revved.
|
||||
# Backup format:
|
||||
# for keys: <key_name>.v<version>.vb{pub|priv}k
|
||||
# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
|
||||
# Args: SUBKEY_VERSION DATAKEY_VERSION
|
||||
backup_existing_kernel_data_keys() {
|
||||
local subkey_ver=$1
|
||||
local datakey_ver=$2
|
||||
# --no-clobber to prevent accidentally overwriting existing
|
||||
# backups.
|
||||
mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_ver}.vbprivk"}
|
||||
mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_ver}.vbpubk"}
|
||||
backup_existing_kernel_keyblock ${subkey_ver} ${datakey_ver}
|
||||
}
|
||||
|
||||
# Make backups of existing firmware keys and keyblocks that will be revved.
|
||||
# Backup format:
|
||||
# for keys: <key_name>.v<version>.vb{pub|priv}k
|
||||
# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
|
||||
# Args: SUBKEY_VERSION DATAKEY_VERSION
|
||||
backup_existing_firmware_keys() {
|
||||
local subkey_ver=$1
|
||||
local datakey_ver=$2
|
||||
mv --no-clobber firmware_data_key.{vbprivk,"v${subkey_ver}.vbprivk"}
|
||||
mv --no-clobber firmware_data_key.{vbpubk,"v${subkey_ver}.vbpubk"}
|
||||
mv --no-clobber firmware.{keyblock,"v${datakey_ver}.v${subkey_ver}.keyblock"}
|
||||
}
|
||||
|
||||
|
||||
# Write new key version file with the updated key versions.
|
||||
# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION
|
||||
# KERNEL_VERSION
|
||||
write_updated_version_file() {
|
||||
local firmware_key_version=$1
|
||||
local firmware_version=$2
|
||||
local kernel_key_version=$3
|
||||
local kernel_version=$4
|
||||
|
||||
cat > ${VERSION_FILE} <<EOF
|
||||
firmware_key_version=${firmware_key_version}
|
||||
firmware_version=${firmware_version}
|
||||
kernel_key_version=${kernel_key_version}
|
||||
kernel_version=${kernel_version}
|
||||
EOF
|
||||
}
|
||||
|
||||
# Returns the incremented version number of the passed in key from the version
|
||||
# file. The options are "firmware_key_version", "firmware_version",
|
||||
# "kernel_key_version", or "kernel_version".
|
||||
# ARGS: KEY_DIR <key_name>
|
||||
increment_version() {
|
||||
local key_dir=$1
|
||||
local VERSION_FILE="${key_dir}/${VERSION_FILE}"
|
||||
local old_version=$(get_version $2)
|
||||
local new_version=$(( ${old_version} + 1 ))
|
||||
|
||||
if [[ ${new_version} -gt 0xffff ]]; then
|
||||
echo "Version overflow!" >&2
|
||||
return 1
|
||||
fi
|
||||
echo ${new_version}
|
||||
}
|
||||
|
||||
44
scripts/keygeneration/increment_firmware_data_key.sh
Executable file
44
scripts/keygeneration/increment_firmware_data_key.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style license that can be
|
||||
# found in the LICENSE file.
|
||||
|
||||
# Script to increment firmware version key for firmware updates.
|
||||
# Used when revving versions for a firmware update.
|
||||
|
||||
# Load common constants and variables.
|
||||
. "$(dirname "$0")/common.sh"
|
||||
|
||||
# Abort on errors.
|
||||
set -e
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
cat <<EOF
|
||||
Usage: $0 <keyset directory>
|
||||
|
||||
Increments the firmware version in the specified keyset.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KEY_DIR=$1
|
||||
|
||||
main() {
|
||||
load_current_versions
|
||||
new_firmkey_ver=$(increment_version "${KEY_DIR}" "firmware_key_version")
|
||||
|
||||
backup_existing_firmware_keys ${CURR_FIRM_VER} ${CURR_FIRMKEY_VER}
|
||||
|
||||
cat <<EOF
|
||||
Generating new firmware version key.
|
||||
|
||||
New Firmware key version (due to firmware key change): ${new_firmkey_ver}.
|
||||
EOF
|
||||
make_pair firmware_data_key ${FIRMWARE_DATAKEY_ALGOID} ${new_firmkey_ver}
|
||||
make_keyblock firmware ${FIRMWARE_KEYBLOCK_MODE} firmware_data_key root_key
|
||||
|
||||
write_updated_version_file ${new_firmkey_ver} ${CURR_FIRM_VER} \
|
||||
${CURR_KERNKEY_VER} ${CURR_KERN_VER}
|
||||
}
|
||||
|
||||
main "$@"
|
||||
44
scripts/keygeneration/increment_kernel_data_key.sh
Executable file
44
scripts/keygeneration/increment_kernel_data_key.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style license that can be
|
||||
# found in the LICENSE file.
|
||||
|
||||
# Script to increment kernel data key for firmware updates.
|
||||
# Used when revving versions for a firmware update.
|
||||
|
||||
# Load common constants and variables.
|
||||
. "$(dirname "$0")/common.sh"
|
||||
|
||||
# Abort on errors.
|
||||
set -e
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
cat <<EOF
|
||||
Usage: $0 <keyset directory>
|
||||
|
||||
Increments the kernel data key in the specified keyset.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KEY_DIR=$1
|
||||
|
||||
main() {
|
||||
load_current_versions
|
||||
new_kernkey_ver=$(increment_version "${KEY_DIR}" "kernel_key_version")
|
||||
|
||||
backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
|
||||
|
||||
cat <<EOF
|
||||
Generating new kernel data version, and new kernel keyblock.
|
||||
|
||||
New Kernel data key version: ${new_kernkey_ver}.
|
||||
EOF
|
||||
make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${new_kernkey_ver}
|
||||
make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey
|
||||
|
||||
write_updated_version_file ${CURR_FIRMKEY_VER} ${CURR_FIRM_VER} \
|
||||
${new_kernkey_ver} ${CURR_KERN_VER}
|
||||
}
|
||||
|
||||
main "$@"
|
||||
46
scripts/keygeneration/increment_kernel_subkey.sh
Executable file
46
scripts/keygeneration/increment_kernel_subkey.sh
Executable file
@@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style license that can be
|
||||
# found in the LICENSE file.
|
||||
|
||||
# Script to increment kernel subkey for firmware updates.
|
||||
# Used when revving versions for a firmware update.
|
||||
|
||||
# Load common constants and variables.
|
||||
. "$(dirname "$0")/common.sh"
|
||||
|
||||
# Abort on errors.
|
||||
set -e
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
cat <<EOF
|
||||
Usage: $0 <keyset directory>
|
||||
|
||||
Increments the kernel subkey in the specified keyset.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KEY_DIR=$1
|
||||
|
||||
main() {
|
||||
load_current_versions
|
||||
new_firm_ver=$(increment_version "${KEY_DIR}" "firmware_version")
|
||||
|
||||
backup_existing_kernel_subkeys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
|
||||
backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
|
||||
|
||||
cat <<EOF
|
||||
Generating new kernel subkey, data keys and new kernel keyblock.
|
||||
|
||||
New Firmware version (due to kernel subkey change): ${new_firm_ver}.
|
||||
EOF
|
||||
make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${new_firm_ver}
|
||||
make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${CURRENT_KDATAKEY_VERSION}
|
||||
make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
|
||||
|
||||
write_updated_version_file ${CURR_FIRMKEY_VER} ${new_firm_ver} \
|
||||
${CURR_KERNKEY_VER} ${CURR_KERN_VER}
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -24,90 +24,26 @@ fi
|
||||
|
||||
KEY_DIR=$1
|
||||
|
||||
# File to read current versions from.
|
||||
VERSION_FILE="key.versions"
|
||||
|
||||
# ARGS: <version_type>
|
||||
get_version() {
|
||||
local version_type=$1
|
||||
version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE})
|
||||
echo $version
|
||||
}
|
||||
|
||||
# Make backups of existing keys and keyblocks that will be revved.
|
||||
# Backup format:
|
||||
# for keys: <key_name>.v<version>.vb{pub|priv}k
|
||||
# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock
|
||||
# Args: SUBKEY_VERSION DATAKEY_VERSION
|
||||
backup_existing_kernel_keys() {
|
||||
subkey_version=$1
|
||||
datakey_version=$2
|
||||
# --no-clobber to prevent accidentally overwriting existing
|
||||
# backups.
|
||||
mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_version}.vbprivk"}
|
||||
mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_version}.vbpubk"}
|
||||
mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_version}.vbprivk"}
|
||||
mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_version}.vbpubk"}
|
||||
mv --no-clobber kernel.{keyblock,"v${datakey_version}.v${subkey_version}.keyblock"}
|
||||
}
|
||||
|
||||
# Write new key version file with the updated key versions.
|
||||
# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION
|
||||
write_updated_version_file() {
|
||||
local firmware_key_version=$1
|
||||
local firmware_version=$2
|
||||
local kernel_key_version=$3
|
||||
local kernel_version=$4
|
||||
|
||||
cat > ${VERSION_FILE} <<EOF
|
||||
firmware_key_version=${firmware_key_version}
|
||||
firmware_version=${firmware_version}
|
||||
kernel_key_version=${kernel_key_version}
|
||||
kernel_version=${kernel_version}
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
main() {
|
||||
local key_dir=$1
|
||||
cd "${key_dir}"
|
||||
current_fkey_version=$(get_version "firmware_key_version")
|
||||
# Firmware version is the kernel subkey version.
|
||||
current_ksubkey_version=$(get_version "firmware_version")
|
||||
# Kernel data key version is the kernel key version.
|
||||
current_kdatakey_version=$(get_version "kernel_key_version")
|
||||
current_kernel_version=$(get_version "kernel_version")
|
||||
load_current_versions
|
||||
new_kernkey_ver=$(increment_version "${KEY_DIR}" "kernel_key_version")
|
||||
new_firm_ver=$(increment_version "${KEY_DIR}" "firmware_version")
|
||||
|
||||
cat <<EOF
|
||||
Current Firmware key version: ${current_fkey_version}
|
||||
Current Firmware version: ${current_ksubkey_version}
|
||||
Current Kernel key version: ${current_kdatakey_version}
|
||||
Current Kernel version: ${current_kernel_version}
|
||||
EOF
|
||||
|
||||
backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version
|
||||
|
||||
new_ksubkey_version=$(( current_ksubkey_version + 1 ))
|
||||
new_kdatakey_version=$(( current_kdatakey_version + 1 ))
|
||||
|
||||
if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ];
|
||||
then
|
||||
echo "Version overflow!"
|
||||
exit 1
|
||||
fi
|
||||
backup_existing_kernel_subkeys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
|
||||
backup_existing_kernel_data_keys ${CURR_FIRM_VER} ${CURR_KERNKEY_VER}
|
||||
|
||||
cat <<EOF
|
||||
Generating new kernel subkey, data keys and new kernel keyblock.
|
||||
|
||||
New Firmware version (due to kernel subkey change): ${new_ksubkey_version}.
|
||||
New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}.
|
||||
New Firmware version (due to kernel subkey change): ${new_firm_ver}.
|
||||
New Kernel key version (due to kernel datakey change): ${new_kernkey_ver}.
|
||||
EOF
|
||||
make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version
|
||||
make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version
|
||||
make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
|
||||
make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${new_firm_ver}
|
||||
make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${new_kernkey_ver}
|
||||
make_keyblock kernel ${KERNEL_KEYBLOCK_MODE} kernel_data_key kernel_subkey
|
||||
|
||||
write_updated_version_file $current_fkey_version $new_ksubkey_version \
|
||||
$new_kdatakey_version $current_kernel_version
|
||||
write_updated_version_file ${CURR_FIRMKEY_VER} ${new_firm_ver} \
|
||||
${new_kernkey_ver} ${CURR_KERN_VER}
|
||||
}
|
||||
|
||||
main $@
|
||||
main "$@"
|
||||
|
||||
Reference in New Issue
Block a user