mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-25 18:55:24 +00:00
2e13d59080
This is largely geared for testing for quickly creating a set of loem keys. BUG=chromium:381862 TEST=`./add_loem_keys.sh 0` converted an existing keyset to a loem keyset TEST=`./add_loem_keys.sh 3` added three more keysets TEST=ran sign_official_build.sh with new keysets against a recovery.bin BRANCH=none Change-Id: I598b7a453b747a231df850657df50bede01768c2 Reviewed-on: https://chromium-review.googlesource.com/203940 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>
85 lines
2.2 KiB
Bash
Executable File
85 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Copyright 2015 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Load common constants and functions.
|
|
. "$(dirname "$0")/common.sh"
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: ${0##*/} <number of loem keys to add>
|
|
|
|
If the existing keyset is not set up for loem usage, it will be converted.
|
|
|
|
Note: Use 0 if you want to just convert an existing keyset.
|
|
EOF
|
|
exit ${1:-0}
|
|
}
|
|
|
|
convert_keyset_to_loem() {
|
|
local f
|
|
|
|
printf "Converting to loem keyset; continue? (y/N) "
|
|
read f
|
|
[[ ${f} == [yY] ]]
|
|
|
|
for f in {firmware_data,root}_key.vb{pub,priv}k firmware.keyblock; do
|
|
if [[ ${f} == "root_key.vbprivk" && ! -e ${f} ]]; then
|
|
# For official keys, we won't have the private half of the root key.
|
|
echo "Skipping ${f} for official keys"
|
|
continue
|
|
fi
|
|
if [[ ${f} == *.vbprivk && ! -e ${f} ]]; then
|
|
# For official keys, will be gpg wrapped.
|
|
f+=".gpg"
|
|
fi
|
|
mv -i "${f}" "${f/./.loem1.}"
|
|
done
|
|
|
|
echo "[loem]" > loem.ini
|
|
}
|
|
|
|
main() {
|
|
set -e -u
|
|
|
|
if [[ $# -ne 1 || $1 == -* ]]; then
|
|
usage
|
|
fi
|
|
|
|
# Keep `local` and assignment split so return values are checked.
|
|
local firmware_key_version
|
|
local num_keys highest_key k
|
|
|
|
if [[ ! -e ${VERSION_FILE} ]]; then
|
|
echo "missing ${VERSION_FILE} in ${PWD}; please create one" >&2
|
|
exit 1
|
|
fi
|
|
|
|
firmware_key_version=$(get_version "firmware_key_version")
|
|
|
|
# See if we need to convert the keyset first.
|
|
if [[ -e root_key.vbpubk ]]; then
|
|
convert_keyset_to_loem
|
|
fi
|
|
|
|
num_keys=$1
|
|
highest_key=$(printf '%s\n' firmware.loem*.keyblock |
|
|
sed -r 's:firmware.loem(.*).keyblock:\1:' |
|
|
sort -n | tail -1)
|
|
echo "There are ${highest_key} loem keys; ading ${num_keys} more"
|
|
|
|
for ((k = highest_key + 1; k < highest_key + 1 + num_keys; ++k)); do
|
|
echo "Generating LOEM ${k}"
|
|
make_pair root_key.loem${k} ${ROOT_KEY_ALGOID}
|
|
make_pair firmware_data_key.loem${k} ${FIRMWARE_DATAKEY_ALGOID} \
|
|
${firmware_key_version}
|
|
make_keyblock firmware.loem${k} ${FIRMWARE_KEYBLOCK_MODE} \
|
|
firmware_data_key.loem${k} root_key.loem${k}
|
|
done
|
|
|
|
echo
|
|
echo "Don't forget to update loem.ini to allocate the keys!"
|
|
}
|
|
main "$@"
|