scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,653 Commits 52 Branches 2 Tags
5a9f498182586f64865b51c874619d674f5d842c
Commit Graph

21 Commits

Author SHA1 Message Date
Mike Frysinger
6f2ea5b731 keygeneration: create_new_keys: add key-name/output options 
We use these features on the signer, so move the logic here so it's
in the public code.

BUG=None
TEST=`./create_new_keys.sh --key-name hihya --output foo --android` worked
BRANCH=None

Change-Id: I85d6fdbafd99a1b94bc90e26cbc17ba801614914
Reviewed-on: https://chromium-review.googlesource.com/388673
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2016-09-22 19:58:27 +00:00
Mike Frysinger
df39d0ac27 keygeneration: add --android option to generate keys 
BUG=b:29915721
TEST=`./create_new_keys.sh --android` includes android keys
BRANCH=None

Change-Id: Ibb00b87921435ac5b70a297324ddf60563dc08d8
Reviewed-on: https://chromium-review.googlesource.com/386905
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2016-09-20 20:48:21 +00:00
Victor Hsieh
7573ff7efb Add script to sign Android image 
sign_android_image.sh is the main script that signs the image. It makes
similar changes to an image like the Android official signing tool
(sign_target_files_apks.py) does, but more Chrome OS specific.

TEST=./sign_official_build.sh recovery recovery_image.bin \
         ../../tests/devkeys/ out_img
TEST=Same above but with a recovery image without Android image.
     Android signing was skipping.
TEST=Same above but with a M53 image.  Android signing was skipped.
TEST=Unpack the image and diff the before and after.  Looks correct.
BUG=b:29915721

Change-Id: I0ae5f0ad8d2b05e485d60262558517ea563bf527
Reviewed-on: https://chromium-review.googlesource.com/366794
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
 2016-08-15 15:19:52 -07:00
Mike Frysinger
907bc34086 keygeneration: fix some portability aspects 
The "function" keyword is not portable -- use the normal function style.

The awk command uses a non-portable regex (the word anchor \>).  Rework
it to avoid regexes entirely.

BUG=chromium:475101
TEST=keyset_version_check.sh works on a POSIX system
BRANCH=None

Change-Id: I5446f63aa9181d06da1898aafb8fab17f5042989
Reviewed-on: https://chromium-review.googlesource.com/296562
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
 2015-09-08 18:43:42 -07:00
Mike Frysinger
2e13d59080 add_loem_keys: new helper for quickly creating loem keys 
This is largely geared for testing for quickly creating a set of loem keys.

BUG=chromium:381862
TEST=`./add_loem_keys.sh 0` converted an existing keyset to a loem keyset
TEST=`./add_loem_keys.sh 3` added three more keysets
TEST=ran sign_official_build.sh with new keysets against a recovery.bin
BRANCH=none

Change-Id: I598b7a453b747a231df850657df50bede01768c2
Reviewed-on: https://chromium-review.googlesource.com/203940
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
 2015-04-15 04:51:00 +00:00
Mike Frysinger
d7d9d3b669 keygeneration: fix typos in previous commit 
Forgot to update the bitsizes in the variable constants.

BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates 8k keys
TEST=`./create_new_keys.sh --4k` now generates 4k keys
BRANCH=None

Change-Id: Ie285649f4d58ad2e2cba71f4cab737cc2235e3ab
Reviewed-on: https://chromium-review.googlesource.com/245890
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2015-02-03 22:46:06 +00:00
Mike Frysinger
79add75aa3 create_new_keys: add options for generating 4k keys 
BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates 8k keys
TEST=`./create_new_keys.sh --4k` now generates 4k keys
BRANCH=None

Change-Id: I2203536880b9320959fd741c4bbcf814aded603c
Reviewed-on: https://chromium-review.googlesource.com/245318
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2015-02-03 22:03:34 +00:00
Mike Frysinger
37b6afe030 create_new_keys: add a proper main func 
While we do this, clean up:
 - use braces everywhere
 - convert local vars from $VAR to $var
 - parse all command line args properly
 - run in `set -e` mode

BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates sane keys
TEST=`./create_new_keys.sh --help` shows help output
TEST=`./create_new_keys.sh --asdfasdf` shows an error
TEST=`./create_new_keys.sh` outside chroot (w/out vboot binaries) aborts after first failure
BRANCH=None

Change-Id: I1ba0db0b24c0f2f10cf397b47115f0e98384d991
Reviewed-on: https://chromium-review.googlesource.com/245317
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2015-02-03 07:06:32 +00:00
Gaurav Shah
fcefaedf62 keygeneration: Add a script to sanity check versions for a keyset 
Add a script that runs sanity checks on the versions in a keyset.
In particular, tests whether the actual key versions match those
in key.versions. Also runs consistency checks (for example: firmware
version should match kernel subkey version).

BUG=none
TEST=run on all of our keysets
BRANCH=none

Change-Id: I5b509ba33127364f6b63252ad167646eb7dce710
Reviewed-on: https://chromium-review.googlesource.com/190790
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
 2014-08-26 02:25:59 +00:00
Mike Frysinger
51ca0b82a6 create_new_keys: drop redundant settings 
The common.sh file already defines these variables/funcs, so drop them.

BUG=chromium:381862
TEST=`./create_new_keys.sh` created new keys correctly
BRANCH=none

Change-Id: Ie7f0f683d4971c188d4629b520938b4b65bb0a9f
Reviewed-on: https://chromium-review.googlesource.com/203685
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2014-06-17 05:21:07 +00:00
Bill Richardson
9a8e79cc26 Remove +x permissions from source files. 
There's no need to give execute permissions to files that aren't supposed to
executed.

BUG=none
BRANCH=none
TEST=manual

make runtests

Change-Id: I2480b97b39124e98c2f639d56be54cadfdc17f9b
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42648
Reviewed-by: Randall Spangler <rspangler@chromium.org>
 2013-02-05 14:36:53 -08:00
Mike Frysinger
8b42ac8e26 Key increment scripts: fix incrementing keys not in $PWD 
Part of the recent rewrite dropped changing of the active dir to
${KEY_DIR}.  Meant the scripts needed to be run inside of the key
dir since not all functions take the key dir as an argument but
instead assume they're in ${PWD}.

BUG=None
TEST=Ran increment_kernel_subkey_and_key_mp.sh and saw it work
BRANCH=None

Change-Id: Icbc02f123e999d186d9c40fd16528a134397699e
Reviewed-on: https://gerrit.chromium.org/gerrit/35803
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
 2012-10-16 23:25:29 -07:00
Kris Rambish
40bc7b7802 Do not create the kernel data keys. 
BUG=None
TEST=Ran it
BRANCH=None

Change-Id: Ib494c64d81c4ee80991a01b2172c7c47b60d5658
Reviewed-on: https://gerrit.chromium.org/gerrit/33659
Tested-by: Kris Rambish <krisr@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
 2012-09-19 18:45:21 -07:00
Kris Rambish
40d8651bb3 Add scripts to increment single fm/kernel keys. 
For firmware and kernel key increment testing we need to be able to
rev only particular keys and verify an autoupdate works.

BUG=None
TEST=Ran it
BRANCH=None

Change-Id: Ic814480b4bf8fbc994132fcd7ba519c3be9b0ccd
Reviewed-on: https://gerrit.chromium.org/gerrit/32458
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Kris Rambish <krisr@chromium.org>
Tested-by: Kris Rambish <krisr@chromium.org>
 2012-09-18 16:05:00 -07:00
Gaurav Shah
7b3e34a236 Key increment script: Preserve extension and take the target keyset directory 
First, preserve extensions for the backed up keys (and keyblocks). Useful since
our wrapping scripts look at the extension in deciding what needs wrapping.

Second, instead of having to run the script from within a keyset directory,
take the keyset path as an argument and increment the versions for
the keys in there.

BUG=chrome-os-partner:13748
TEST=ran on devkeys
BRANCH=none

Change-Id: I9e8c3e58149e5cb4cd5557521e047e25c06b0cd6
Reviewed-on: https://gerrit.chromium.org/gerrit/32417
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
 2012-09-06 16:29:24 -07:00
Bill Richardson
2448d3b3bc Create vbutil_ec tool for signing EC firmware. 
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).

BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual

  make
  make runtests

Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
 2012-05-04 12:16:45 -07:00
Gaurav Shah
cd10a96926 Create default key.versions file if none exist 
Also remove the default checked in key.versions.

BUG=none
TEST='rm key.versions && ./create_new_keys.sh; ./create_new_keys.sh'

Change-Id: Ia46d411904cb67bcefdbf73524f506e5b2336875
Reviewed-on: https://gerrit.chromium.org/gerrit/20253
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
 2012-04-16 14:57:56 -07:00
Gaurav Shah
a24e30cdc2 Make dev firmware keyblock/data key generation and use optional 
For key generation, only generate dev firmware keyblocks, if the
--devkeyblock option is passed. For signing, re-use normal firmware
keyblock and data key if no dev keyblocks or data key are found in
the keyset directory.

BUG=chrome-os-partner:6942
TEST=manual
     - tested key generation with/without the new flag
     - tested signing with or without the presence of dev keyblock

Change-Id: Ic4bf72cb194461e07fcc0f6de39d4e16d1c979a6
Reviewed-on: https://gerrit.chromium.org/gerrit/12038
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
 2011-11-22 20:22:07 -08:00
Randall Spangler
1fb8315856 create_new_keys.sh uses key versions file 
BUG=chromium-os:14904
TEST=manual:
  ./create_new_keys.sh
  verify that keys are created
  edit key.versions to change versions to 10 20 30 40
  ./create_new_keys.sh
  verify that keys are created with versions from the file

Change-Id: I459018267883557237ab4cc0de9b443242739346
 2011-05-04 12:50:52 -07:00
Gaurav Shah
41f444a11b Add a script to increment kernel subkey and data key. 
When we do perform firmware updates, we'd like to change the kernel subkey to ensure that new firmware and Chrome OS image stay in sync. This CL adds a scripts which makes it possible to do this revving in an automated manner.

The current versions rollback versions corresponding to the keyset are stored in key.versions. If we change the kernel subkey (to enforce firmware/Chrome OS lockstep), we must also update the firmware version. Similarly, since we modify the kernel subkey, we also generate a new set of kernel data keys. Thus, we also increment the kernel key version.

Change-Id: I364ab50bda115991dd4f69331d37291f66abbf36

BUG=chrome-os-partner:3274, chromium-os:8016
TEST=Manually tested using a newly generated keyset.

Review URL: http://codereview.chromium.org/6824059
 2011-04-12 17:05:37 -07:00
Gaurav Shah
5746845500 Add support for using separate developer firmware keyblock while signing. 
Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case).

Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance.

BUG=chrome-os-partner:2218
TEST=manually tried the following:
1) Generating an entire new keyset.
2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets)
3) Firmware signing via sign_official_build.sh of an image with a firmware payload/

Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda

Review URL: http://codereview.chromium.org/6594131
 2011-03-02 14:50:46 -08:00