mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 02:05:01 +00:00
c8054eae60
This reverts commitd90b07bd4d, which revertedd7e1e4f0be, which didn't actually have anything wrong with it. BUG=chromium:466433 BRANCH=one TEST=None Change-Id: I68a60c38eba1fce1c9332601a57ea8fee72139a3 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/259650 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Prathmesh Prabhu <pprabhu@chromium.org>
111 lines
2.6 KiB
Bash
Executable File
111 lines
2.6 KiB
Bash
Executable File
#!/bin/bash -eux
|
|
# Copyright 2014 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
me=${0##*/}
|
|
TMP="$me.tmp"
|
|
|
|
# Work in scratch directory
|
|
cd "$OUTDIR"
|
|
|
|
# some stuff we'll need
|
|
DEVKEYS=${SRCDIR}/tests/devkeys
|
|
TESTKEYS=${SRCDIR}/tests/testkeys
|
|
SIGNER=${SRCDIR}/tests/external_rsa_signer.sh
|
|
|
|
|
|
# Create a copy of an existing keyblock, using the old way
|
|
${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock0 \
|
|
--datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
|
|
--flags 7 \
|
|
--signprivate ${DEVKEYS}/root_key.vbprivk
|
|
|
|
# Check it.
|
|
${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock0 \
|
|
--signpubkey ${DEVKEYS}/root_key.vbpubk
|
|
|
|
# It should be the same as the dev-key firmware keyblock
|
|
cmp ${DEVKEYS}/firmware.keyblock ${TMP}.keyblock0
|
|
|
|
|
|
# Now create it the new way
|
|
${FUTILITY} --debug sign \
|
|
--datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
|
|
--flags 7 \
|
|
--signprivate ${DEVKEYS}/root_key.vbprivk \
|
|
--outfile ${TMP}.keyblock1
|
|
|
|
# It should be the same too.
|
|
cmp ${DEVKEYS}/firmware.keyblock ${TMP}.keyblock1
|
|
|
|
|
|
# Create a keyblock without signing it.
|
|
|
|
# old way
|
|
${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock0 \
|
|
--datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
|
|
--flags 14
|
|
|
|
# new way
|
|
${FUTILITY} --debug sign \
|
|
--flags 14 \
|
|
${DEVKEYS}/firmware_data_key.vbpubk \
|
|
${TMP}.keyblock1
|
|
|
|
cmp ${TMP}.keyblock0 ${TMP}.keyblock1
|
|
|
|
|
|
# Create one using PEM args
|
|
|
|
# old way
|
|
${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock2 \
|
|
--datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
|
|
--signprivate_pem ${TESTKEYS}/key_rsa4096.pem \
|
|
--pem_algorithm 8 \
|
|
--flags 9
|
|
|
|
# verify it
|
|
${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock2 \
|
|
--signpubkey ${TESTKEYS}/key_rsa4096.sha512.vbpubk
|
|
|
|
# new way
|
|
${FUTILITY} --debug sign \
|
|
--pem_signpriv ${TESTKEYS}/key_rsa4096.pem \
|
|
--pem_algo 8 \
|
|
--flags 9 \
|
|
${DEVKEYS}/firmware_data_key.vbpubk \
|
|
${TMP}.keyblock3
|
|
|
|
cmp ${TMP}.keyblock2 ${TMP}.keyblock3
|
|
|
|
# Try it with an external signer
|
|
|
|
# old way
|
|
${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock4 \
|
|
--datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
|
|
--signprivate_pem ${TESTKEYS}/key_rsa4096.pem \
|
|
--pem_algorithm 8 \
|
|
--flags 19 \
|
|
--externalsigner ${SIGNER}
|
|
|
|
# verify it
|
|
${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock4 \
|
|
--signpubkey ${TESTKEYS}/key_rsa4096.sha512.vbpubk
|
|
|
|
# new way
|
|
${FUTILITY} --debug sign \
|
|
--pem_signpriv ${TESTKEYS}/key_rsa4096.pem \
|
|
--pem_algo 8 \
|
|
--pem_external ${SIGNER} \
|
|
--flags 19 \
|
|
${DEVKEYS}/firmware_data_key.vbpubk \
|
|
${TMP}.keyblock5
|
|
|
|
cmp ${TMP}.keyblock4 ${TMP}.keyblock5
|
|
|
|
|
|
# cleanup
|
|
rm -rf ${TMP}*
|
|
exit 0
|