scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
41f444a11b267285a41a22a996a86a249c99549c
OpenCellular/scripts/keygeneration/create_new_keys.sh
Gaurav Shah 41f444a11b Add a script to increment kernel subkey and data key. 
When we do perform firmware updates, we'd like to change the kernel subkey to ensure that new firmware and Chrome OS image stay in sync. This CL adds a scripts which makes it possible to do this revving in an automated manner.

The current versions rollback versions corresponding to the keyset are stored in key.versions. If we change the kernel subkey (to enforce firmware/Chrome OS lockstep), we must also update the firmware version. Similarly, since we modify the kernel subkey, we also generate a new set of kernel data keys. Thus, we also increment the kernel key version.

Change-Id: I364ab50bda115991dd4f69331d37291f66abbf36

BUG=chrome-os-partner:3274, chromium-os:8016
TEST=Manually tested using a newly generated keyset.

Review URL: http://codereview.chromium.org/6824059
2011-04-12 17:05:37 -07:00

46 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Generate .vbpubk and .vbprivk pairs for use by developer builds. These should
# be exactly like the real keys except that the private keys aren't secret.
# Load common constants and functions.
. "$(dirname "$0")/common.sh"
# Create the normal keypairs
make_pair root_key $ROOT_KEY_ALGOID
make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID
make_pair dev_firmware_data_key $DEV_FIRMWARE_DATAKEY_ALGOID
make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID
make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID
# Create the recovery and factory installer keypairs
make_pair recovery_key $RECOVERY_KEY_ALGOID
make_pair recovery_kernel_data_key $RECOVERY_KERNEL_ALGOID
make_pair installer_kernel_data_key $INSTALLER_KERNEL_ALGOID
# Create the firmware keyblock for use only in Normal mode. This is redundant,
# since it's never even checked during Recovery mode.
make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key
# Create the dev firmware keyblock for use only in Developer mode.
make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key root_key
# Create the recovery kernel keyblock for use only in Recovery mode.
make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_data_key recovery_key
# Create the normal kernel keyblock for use only in Normal mode.
make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey
# Create the installer keyblock for use in Developer + Recovery mode
# For use in Factory Install and Developer Mode install shims.
make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_data_key recovery_key
# CAUTION: The public parts of most of these blobs must be compiled into the
# firmware, which is built separately (and some of which can't be changed after
# manufacturing). If you update these keys, you must coordinate the changes
# with the BIOS people or you'll be unable to boot the resulting images.
Reference in New Issue View Git Blame Copy Permalink